289 files changed, 16607 insertions, 0 deletions

diff --git a/devdocs/docker/compose%2Fcli-command-compatibility%2Findex.html b/devdocs/docker/compose%2Fcli-command-compatibility%2Findex.html
new file mode 100644
index 00000000..202dd1a9
--- /dev/null
+++ b/devdocs/docker/compose%2Fcli-command-compatibility%2Findex.html
@@ -0,0 +1,37 @@
+<h1>Compose command compatibility with docker-compose</h1>
+
+<p>The <code class="language-plaintext highlighter-rouge">compose</code> command in the Docker CLI supports most of the <code class="language-plaintext highlighter-rouge">docker-compose</code> commands and flags. It is expected to be a drop-in replacement for <code class="language-plaintext highlighter-rouge">docker-compose</code>.</p> <p>If you see any Compose functionality that is not available in the <code class="language-plaintext highlighter-rouge">compose</code> command, create an issue in the <a href="https://github.com/docker/compose/issues" target="_blank" rel="noopener" class="_">Compose</a> GitHub repository, so we can prioritize it.</p> <h2 id="commands-or-flags-not-yet-implemented">Commands or flags not yet implemented</h2> <p>The following commands have not been implemented yet, and may be implemented at a later time. Let us know if these commands are a higher priority for your use cases.</p> <p><code class="language-plaintext highlighter-rouge">compose build --memory</code>: This option is not yet supported by buildkit. The flag is currently supported, but is hidden to avoid breaking existing Compose usage. It does not have any effect.</p> <h2 id="flags-that-will-not-be-implemented">Flags that will not be implemented</h2> <p>The list below includes the flags that we are not planning to support in Compose in the Docker CLI, either because they are already deprecated in <code class="language-plaintext highlighter-rouge">docker-compose</code>, or because they are not relevant for Compose in the Docker CLI.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">compose ps --filter KEY-VALUE</code> Not relevant due to its complicated usage with the <code class="language-plaintext highlighter-rouge">service</code> command and also because it is not documented properly in <code class="language-plaintext highlighter-rouge">docker-compose</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">compose rm --all</code> Deprecated in docker-compose.</li> <li>
+<code class="language-plaintext highlighter-rouge">compose scale</code> Deprecated in docker-compose (use <code class="language-plaintext highlighter-rouge">compose up --scale</code> instead)</li> </ul> <p>Global flags:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">--compatibility</code> has been resignified Docker Compose V2. This now means that in the command running V2 will behave as V1 used to do. <ul> <li>One difference is in the word separator on container names. V1 used to use <code class="language-plaintext highlighter-rouge">_</code> as separator while V2 uses <code class="language-plaintext highlighter-rouge">-</code> to keep the names more hostname friendly. So when using <code class="language-plaintext highlighter-rouge">--compatibility</code> Docker Compose should use <code class="language-plaintext highlighter-rouge">_</code> again. Just make sure to stick to one of them otherwise Docker Compose will not be able to recognize the container as an instance of the service.</li> </ul> </li> </ul> <h2 id="config-command">Config command</h2> <p>The config command is intended to show the configuration used by Docker Compose to run the actual project. As we know, at some parts of the Compose file have a short and a long format. For example, the <code class="language-plaintext highlighter-rouge">ports</code> entry. In the example below we can see the config command expanding the <code class="language-plaintext highlighter-rouge">ports</code> section:</p> <p>docker-compose.yml:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    image: nginx
+    ports:
+      - 80:80
+</pre></div> <p>With <code class="language-plaintext highlighter-rouge">$ docker compose config</code> the output turns into:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    image: nginx
+    networks:
+      default: null
+    ports:
+    - mode: ingress
+      target: 80
+      published: 80
+      protocol: tcp
+networks:
+  default:
+    name: workspace_default
+</pre></div> <p>The result above is a full size configuration of what will be used by Docker Compose to run the project.</p> <h2 id="new-commands-introduced-in-compose-v2">New commands introduced in Compose v2</h2> <h3 id="copy">Copy</h3> <p>The <code class="language-plaintext highlighter-rouge">cp</code> command is intended to copy files or folders between service containers and the local filesystem.<br> This command is a bidirectional command, we can copy <strong>from</strong> or <strong>to</strong> the service containers.</p> <p>Copy a file from a service container to the local filesystem:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker compose cp my-service:~/path/to/myfile ~/local/path/to/copied/file
+</pre></div> <p>We can also copy from the local filesystem to all the running containers of a service:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker compose cp --all ~/local/path/to/source/file my-service:~/path/to/copied/file
+</pre></div> <h3 id="list">List</h3> <p>The ls command is intended to list the Compose projects. By default, the command only lists the running projects, we can use flags to display the stopped projects, to filter by conditions and change the output to <code class="language-plaintext highlighter-rouge">json</code> format for example.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker compose ls --all --format json
+[{"Name":"dockergithubio","Status":"exited(1)","ConfigFiles":"/path/to/docker.github.io/docker-compose.yml"}]
+</pre></div> <h2 id="use---project-name-with-compose-commands">Use <code class="language-plaintext highlighter-rouge">--project-name</code> with Compose commands</h2> <p>With the GA version of Compose, you can run some commands:</p> <ul> <li>outside of directory containing the project compose file</li> <li>or without specifying the path of the Compose with the <code class="language-plaintext highlighter-rouge">--file</code> flag</li> <li>or without specifying the project directory with the <code class="language-plaintext highlighter-rouge">--project-directory</code> flag</li> </ul> <p>When a compose project has been loaded once, we can just use the <code class="language-plaintext highlighter-rouge">-p</code> or <code class="language-plaintext highlighter-rouge">--project-name</code> to reference it:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker compose -p my-loaded-project restart my-service
+</pre></div> <p>This option works with the <code class="language-plaintext highlighter-rouge">start</code>, <code class="language-plaintext highlighter-rouge">stop</code>, <code class="language-plaintext highlighter-rouge">restart</code> and <code class="language-plaintext highlighter-rouge">down</code> commands.</p> 
+<p><a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=containers">containers</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/cli-command-compatibility/" class="_attribution-link">https://docs.docker.com/compose/cli-command-compatibility/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fcompose-file%2Fbuild%2Findex.html b/devdocs/docker/compose%2Fcompose-file%2Fbuild%2Findex.html
new file mode 100644
index 00000000..43a38b63
--- /dev/null
+++ b/devdocs/docker/compose%2Fcompose-file%2Fbuild%2Findex.html
@@ -0,0 +1,97 @@
+<h1>Compose file build reference</h1>
+
+<p>Compose specification is a platform-neutral way to define multi-container applications. A Compose implementation focusing on development use-case to run application on local machine will obviously also support (re)building application from sources. The Compose Build specification allows to define the build process within a Compose file in a portable way.</p> <h2 id="definitions">Definitions</h2> <p>Compose Specification is extended to support an OPTIONAL <code class="language-plaintext highlighter-rouge">build</code> subsection on services. This section define the build requirements for service container image. Only a subset of Compose file services MAY define such a Build subsection, others being created based on <code class="language-plaintext highlighter-rouge">Image</code> attribute. When a Build subsection is present for a service, it is <em>valid</em> for a Compose file to miss an <code class="language-plaintext highlighter-rouge">Image</code> attribute for corresponding service, as Compose implementation can build image from source.</p> <p>Build can be either specified as a single string defining a context path, or as a detailed build definition.</p> <p>In the former case, the whole path is used as a Docker context to execute a docker build, looking for a canonical <code class="language-plaintext highlighter-rouge">Dockerfile</code> at context root. Context path can be absolute or relative, and if so relative path MUST be resolved from Compose file parent folder. As an absolute path prevent the Compose file to be portable, Compose implementation SHOULD warn user accordingly.</p> <p>In the later case, build arguments can be specified, including an alternate <code class="language-plaintext highlighter-rouge">Dockerfile</code> location. This one can be absolute or relative path. If Dockerfile path is relative, it MUST be resolved from context path. As an absolute path prevent the Compose file to be portable, Compose implementation SHOULD warn user if an absolute alternate Dockerfile path is used.</p> <h2 id="consistency-with-image">Consistency with Image</h2> <p>When service definition do include both <code class="language-plaintext highlighter-rouge">Image</code> attribute and a <code class="language-plaintext highlighter-rouge">Build</code> section, Compose implementation can’t guarantee a pulled image is strictly equivalent to building the same image from sources. Without any explicit user directives, Compose implementation with Build support MUST first try to pull Image, then build from source if image was not found on registry. Compose implementation MAY offer options to customize this behaviour by user request.</p> <h2 id="publishing-built-images">Publishing built images</h2> <p>Compose implementation with Build support SHOULD offer an option to push built images to a registry. Doing so, it MUST NOT try to push service images without an <code class="language-plaintext highlighter-rouge">Image</code> attribute. Compose implementation SHOULD warn user about missing <code class="language-plaintext highlighter-rouge">Image</code> attribute which prevent image being pushed.</p> <p>Compose implementation MAY offer a mechanism to compute an <code class="language-plaintext highlighter-rouge">Image</code> attribute for service when not explicitly declared in yaml file. In such a case, the resulting Compose configuration is considered to have a valid <code class="language-plaintext highlighter-rouge">Image</code> attribute, whenever the actual raw yaml file doesn’t explicitly declare one.</p> <h2 id="illustrative-sample">Illustrative sample</h2> <p>The following sample illustrates Compose specification concepts with a concrete sample application. The sample is non-normative.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    build: ./webapp
+
+  backend:
+    image: awesome/database
+    build:
+      context: backend
+      dockerfile: ../backend.Dockerfile
+
+  custom:
+    build: ~/custom
+</pre></div> <p>When used to build service images from source, such a Compose file will create three docker images:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">awesome/webapp</code> docker image is build using <code class="language-plaintext highlighter-rouge">webapp</code> sub-directory within Compose file parent folder as docker build context. Lack of a <code class="language-plaintext highlighter-rouge">Dockerfile</code> within this folder will throw an error.</li> <li>
+<code class="language-plaintext highlighter-rouge">awesome/database</code> docker image is build using <code class="language-plaintext highlighter-rouge">backend</code> sub-directory within Compose file parent folder. <code class="language-plaintext highlighter-rouge">backend.Dockerfile</code> file is used to define build steps, this file is searched relative to context path, which means for this sample <code class="language-plaintext highlighter-rouge">..</code> will resolve to Compose file parent folder, so <code class="language-plaintext highlighter-rouge">backend.Dockerfile</code> is a sibling file.</li> <li>a docker image is build using <code class="language-plaintext highlighter-rouge">custom</code> directory within user’s HOME as docker context. Compose implementation warn user about non-portable path used to build image.</li> </ul> <p>On push, both <code class="language-plaintext highlighter-rouge">awesome/webapp</code> and <code class="language-plaintext highlighter-rouge">awesome/database</code> docker images are pushed to (default) registry. <code class="language-plaintext highlighter-rouge">custom</code> service image is skipped as no <code class="language-plaintext highlighter-rouge">Image</code> attribute is set and user is warned about this missing attribute.</p> <h2 id="build-definition">Build definition</h2> <p>The <code class="language-plaintext highlighter-rouge">build</code> element define configuration options that are applied by Compose implementations to build Docker image from source. <code class="language-plaintext highlighter-rouge">build</code> can be specified either as a string containing a path to the build context or a detailed structure:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  webapp:
+    build: ./dir
+</pre></div> <p>Using this string syntax, only the build context can be configured as a relative path to the Compose file’s parent folder. This path MUST be a directory and contain a <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <p>Alternatively <code class="language-plaintext highlighter-rouge">build</code> can be an object with fields defined as follow</p> <h3 id="context-required">context (REQUIRED)</h3> <p><code class="language-plaintext highlighter-rouge">context</code> defines either a path to a directory containing a Dockerfile, or a url to a git repository.</p> <p>When the value supplied is a relative path, it MUST be interpreted as relative to the location of the Compose file. Compose implementations MUST warn user about absolute path used to define build context as those prevent Compose file for being portable.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: ./dir
+</pre></div> <h3 id="dockerfile">dockerfile</h3> <p><code class="language-plaintext highlighter-rouge">dockerfile</code> allows to set an alternate Dockerfile. A relative path MUST be resolved from the build context. Compose implementations MUST warn user about absolute path used to define Dockerfile as those prevent Compose file for being portable.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  dockerfile: webapp.Dockerfile
+</pre></div> <h3 id="args">args</h3> <p><code class="language-plaintext highlighter-rouge">args</code> define build arguments, i.e. Dockerfile <code class="language-plaintext highlighter-rouge">ARG</code> values.</p> <p>Using following Dockerfile:</p> <div class="highlight"><pre class="highlight" data-language="">ARG GIT_COMMIT
+RUN echo "Based on commit: $GIT_COMMIT"
+</pre></div> <p><code class="language-plaintext highlighter-rouge">args</code> can be set in Compose file under the <code class="language-plaintext highlighter-rouge">build</code> key to define <code class="language-plaintext highlighter-rouge">GIT_COMMIT</code>. <code class="language-plaintext highlighter-rouge">args</code> can be set a mapping or a list:</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  args:
+    GIT_COMMIT: cdc3b19
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  args:
+    - GIT_COMMIT=cdc3b19
+</pre></div> <p>Value can be omitted when specifying a build argument, in which case its value at build time MUST be obtained by user interaction, otherwise build arg won’t be set when building the Docker image.</p> <div class="highlight"><pre class="highlight" data-language="">args:
+  - GIT_COMMIT
+</pre></div> <h3 id="ssh">ssh</h3> <p><code class="language-plaintext highlighter-rouge">ssh</code> defines SSH authentications that the image builder SHOULD use during image build (e.g., cloning private repository)</p> <p><code class="language-plaintext highlighter-rouge">ssh</code> property syntax can be either:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">default</code> - let the builder connect to the ssh-agent.</li> <li>
+<code class="language-plaintext highlighter-rouge">ID=path</code> - a key/value definition of an ID and the associated path. Can be either a <a href="https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail">PEM</a> file, or path to ssh-agent socket</li> </ul> <p>Simple <code class="language-plaintext highlighter-rouge">default</code> sample</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  ssh: 
+    - default   # mount the default ssh agent
+</pre></div> <p>or</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  ssh: ["default"]   # mount the default ssh agent
+</pre></div> <p>Using a custom id <code class="language-plaintext highlighter-rouge">myproject</code> with path to a local SSH key:</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  ssh: 
+    - myproject=~/.ssh/myproject.pem
+</pre></div> <p>Image builder can then rely on this to mount SSH key during build. For illustration, <a href="#">BuildKit extended syntax</a> can be used to mount ssh key set by ID and access a secured resource:</p> <p><code class="language-plaintext highlighter-rouge">RUN --mount=type=ssh,id=myproject git clone ...</code></p> <h3 id="cache_from">cache_from</h3> <p><code class="language-plaintext highlighter-rouge">cache_from</code> defines a list of sources the Image builder SHOULD use for cache resolution.</p> <p>Cache location syntax MUST follow the global format <code class="language-plaintext highlighter-rouge">[NAME|type=TYPE[,KEY=VALUE]]</code>. Simple <code class="language-plaintext highlighter-rouge">NAME</code> is actually a shortcut notation for <code class="language-plaintext highlighter-rouge">type=registry,ref=NAME</code>.</p> <p>Compose Builder implementations MAY support custom types, the Compose Specification defines canonical types which MUST be supported:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">registry</code> to retrieve build cache from an OCI image set by key <code class="language-plaintext highlighter-rouge">ref</code>
+</li> </ul> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  cache_from:
+    - alpine:latest
+    - type=local,src=path/to/cache
+    - type=gha
+</pre></div> <p>Unsupported caches MUST be ignored and not prevent user from building image.</p> <h3 id="cache_to">cache_to</h3> <p><code class="language-plaintext highlighter-rouge">cache_to</code> defines a list of export locations to be used to share build cache with future builds.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  cache_to: 
+   - user/app:cache
+   - type=local,dest=path/to/cache
+</pre></div> <p>Cache target is defined using the same <code class="language-plaintext highlighter-rouge">type=TYPE[,KEY=VALUE]</code> syntax defined by <a href="#cache_from"><code class="language-plaintext highlighter-rouge">cache_from</code></a>.</p> <p>Unsupported cache target MUST be ignored and not prevent user from building image.</p> <h3 id="extra_hosts">extra_hosts</h3> <p><code class="language-plaintext highlighter-rouge">extra_hosts</code> adds hostname mappings at build-time. Use the same syntax as <a href="../index#extra_hosts">extra_hosts</a>.</p> <div class="highlight"><pre class="highlight" data-language="">extra_hosts:
+  - "somehost:162.242.195.82"
+  - "otherhost:50.31.209.229"
+</pre></div> <p>Compose implementations MUST create matching entry with the IP address and hostname in the container’s network configuration, which means for Linux <code class="language-plaintext highlighter-rouge">/etc/hosts</code> will get extra lines:</p> <div class="highlight"><pre class="highlight" data-language="">162.242.195.82  somehost
+50.31.209.229   otherhost
+</pre></div> <h3 id="isolation">isolation</h3> <p><code class="language-plaintext highlighter-rouge">isolation</code> specifies a build’s container isolation technology. Like <a href="../index#isolation">isolation</a> supported values are platform-specific.</p> <h3 id="labels">labels</h3> <p><code class="language-plaintext highlighter-rouge">labels</code> add metadata to the resulting image. <code class="language-plaintext highlighter-rouge">labels</code> can be set either as an array or a map.</p> <p>reverse-DNS notation SHOULD be used to prevent labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  labels:
+    com.example.description: "Accounting webapp"
+    com.example.department: "Finance"
+    com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  labels:
+    - "com.example.description=Accounting webapp"
+    - "com.example.department=Finance"
+    - "com.example.label-with-empty-value"
+</pre></div> <h3 id="shm_size">shm_size</h3> <p><code class="language-plaintext highlighter-rouge">shm_size</code> set the size of the shared memory (<code class="language-plaintext highlighter-rouge">/dev/shm</code> partition on Linux) allocated for building Docker image. Specify as an integer value representing the number of bytes or as a string expressing a <a href="../index#specifying-byte-values">byte value</a>.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  shm_size: '2gb'
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  shm_size: 10000000
+</pre></div> <h3 id="target">target</h3> <p><code class="language-plaintext highlighter-rouge">target</code> defines the stage to build as defined inside a multi-stage <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  target: prod
+</pre></div> <h2 id="implementations">Implementations</h2> <ul> <li><a href="../../index">docker-compose</a></li> <li><a href="https://docs.docker.com/buildx/working-with-buildx/">buildX bake</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/compose-file/build/" class="_attribution-link">https://docs.docker.com/compose/compose-file/build/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fcompose-file%2Fcompose-file-v2%2Findex.html b/devdocs/docker/compose%2Fcompose-file%2Fcompose-file-v2%2Findex.html
new file mode 100644
index 00000000..affc1ef1
--- /dev/null
+++ b/devdocs/docker/compose%2Fcompose-file%2Fcompose-file-v2%2Findex.html
@@ -0,0 +1,679 @@
+<h1>Compose file version 2 reference</h1>
+
+<h2 id="reference-and-guidelines">Reference and guidelines</h2> <p>These topics describe version 2 of the Compose file format.</p> <h2 id="compose-and-docker-compatibility-matrix">Compose and Docker compatibility matrix</h2> <p>There are several versions of the Compose file format – 1, 2, 2.x, and 3.x. The table below is a quick look. For full details on what each version includes and how to upgrade, see <strong><a href="../compose-versioning/index">About versions and upgrading</a></strong>.</p> <p>This table shows which Compose file versions support specific Docker releases.</p> <table> <thead> <tr> <th><strong>Compose file format</strong></th> <th><strong>Docker Engine release</strong></th> </tr> </thead> <tbody> <tr> <td>Compose specification</td> <td>19.03.0+</td> </tr> <tr> <td>3.8</td> <td>19.03.0+</td> </tr> <tr> <td>3.7</td> <td>18.06.0+</td> </tr> <tr> <td>3.6</td> <td>18.02.0+</td> </tr> <tr> <td>3.5</td> <td>17.12.0+</td> </tr> <tr> <td>3.4</td> <td>17.09.0+</td> </tr> <tr> <td>3.3</td> <td>17.06.0+</td> </tr> <tr> <td>3.2</td> <td>17.04.0+</td> </tr> <tr> <td>3.1</td> <td>1.13.1+</td> </tr> <tr> <td>3.0</td> <td>1.13.0+</td> </tr> <tr> <td>2.4</td> <td>17.12.0+</td> </tr> <tr> <td>2.3</td> <td>17.06.0+</td> </tr> <tr> <td>2.2</td> <td>1.13.0+</td> </tr> <tr> <td>2.1</td> <td>1.12.0+</td> </tr> <tr> <td>2.0</td> <td>1.10.0+</td> </tr> </tbody> </table> <p>In addition to Compose file format versions shown in the table, the Compose itself is on a release schedule, as shown in <a href="https://github.com/docker/compose/releases/">Compose releases</a>, but file format versions do not necessarily increment with each release. For example, Compose file format 3.0 was first introduced in <a href="https://github.com/docker/compose/releases/tag/1.10.0">Compose release 1.10.0</a>, and versioned gradually in subsequent releases.</p> <p>The latest Compose file format is defined by the <a href="https://github.com/compose-spec/compose-spec/blob/master/spec/" target="_blank" rel="noopener" class="_">Compose Specification</a> and is implemented by Docker Compose <strong>1.27.0+</strong>.</p> <h2 id="service-configuration-reference">Service configuration reference</h2> <p>The Compose file is a <a href="https://yaml.org">YAML</a> file defining <a href="#service-configuration-reference">services</a>, <a href="#network-configuration-reference">networks</a> and <a href="#volume-configuration-reference">volumes</a>. The default path for a Compose file is <code class="language-plaintext highlighter-rouge">./docker-compose.yml</code>.</p> <blockquote> <p><strong>Tip</strong>: You can use either a <code class="language-plaintext highlighter-rouge">.yml</code> or <code class="language-plaintext highlighter-rouge">.yaml</code> extension for this file. They both work.</p> </blockquote> <p>A service definition contains configuration that is applied to each container started for that service, much like passing command-line parameters to <code class="language-plaintext highlighter-rouge">docker run</code>. Likewise, network and volume definitions are analogous to <code class="language-plaintext highlighter-rouge">docker network create</code> and <code class="language-plaintext highlighter-rouge">docker volume create</code>.</p> <p>As with <code class="language-plaintext highlighter-rouge">docker run</code>, options specified in the Dockerfile, such as <code class="language-plaintext highlighter-rouge">CMD</code>, <code class="language-plaintext highlighter-rouge">EXPOSE</code>, <code class="language-plaintext highlighter-rouge">VOLUME</code>, <code class="language-plaintext highlighter-rouge">ENV</code>, are respected by default - you don’t need to specify them again in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code>.</p> <p>You can use environment variables in configuration values with a Bash-like <code class="language-plaintext highlighter-rouge">${VARIABLE}</code> syntax - see <a href="#variable-substitution">variable substitution</a> for full details.</p> <p>This section contains a list of all configuration options supported by a service definition in version 2.</p> <h3 id="blkio_config">blkio_config</h3> <p>A set of configuration options to set block IO limits for this service.</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  foo:
+    image: busybox
+    blkio_config:
+      weight: 300
+      weight_device:
+        - path: /dev/sda
+          weight: 400
+      device_read_bps:
+        - path: /dev/sdb
+          rate: '12mb'
+      device_read_iops:
+        - path: /dev/sdb
+          rate: 120
+      device_write_bps:
+        - path: /dev/sdb
+          rate: '1024k'
+      device_write_iops:
+        - path: /dev/sdb
+          rate: 30
+</pre></div> <h4 id="device_read_bps-device_write_bps">device_read_bps, device_write_bps</h4> <p>Set a limit in bytes per second for read / write operations on a given device. Each item in the list must have two keys:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">path</code>, defining the symbolic path to the affected device</li> <li>
+<code class="language-plaintext highlighter-rouge">rate</code>, either as an integer value representing the number of bytes or as a string expressing a <a href="#specifying-byte-values">byte value</a>.</li> </ul> <h4 id="device_read_iops-device_write_iops">device_read_iops, device_write_iops</h4> <p>Set a limit in operations per second for read / write operations on a given device. Each item in the list must have two keys:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">path</code>, defining the symbolic path to the affected device</li> <li>
+<code class="language-plaintext highlighter-rouge">rate</code>, as an integer value representing the permitted number of operations per second.</li> </ul> <h4 id="weight">weight</h4> <p>Modify the proportion of bandwidth allocated to this service relative to other services. Takes an integer value between 10 and 1000, with 500 being the default.</p> <h4 id="weight_device">weight_device</h4> <p>Fine-tune bandwidth allocation by device. Each item in the list must have two keys:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">path</code>, defining the symbolic path to the affected device</li> <li>
+<code class="language-plaintext highlighter-rouge">weight</code>, an integer value between 10 and 1000</li> </ul> <h3 id="build">build</h3> <p>Configuration options that are applied at build time.</p> <p><code class="language-plaintext highlighter-rouge">build</code> can be specified either as a string containing a path to the build context:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  webapp:
+    build: ./dir
+</pre></div> <p>Or, as an object with the path specified under <a href="#context">context</a> and optionally <a href="#dockerfile">Dockerfile</a> and <a href="#args">args</a>:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  webapp:
+    build:
+      context: ./dir
+      dockerfile: Dockerfile-alternate
+      args:
+        buildno: 1
+</pre></div> <p>If you specify <code class="language-plaintext highlighter-rouge">image</code> as well as <code class="language-plaintext highlighter-rouge">build</code>, then Compose names the built image with the <code class="language-plaintext highlighter-rouge">webapp</code> and optional <code class="language-plaintext highlighter-rouge">tag</code> specified in <code class="language-plaintext highlighter-rouge">image</code>:</p> <div class="highlight"><pre class="highlight" data-language="">build: ./dir
+image: webapp:tag
+</pre></div> <p>This results in an image named <code class="language-plaintext highlighter-rouge">webapp</code> and tagged <code class="language-plaintext highlighter-rouge">tag</code>, built from <code class="language-plaintext highlighter-rouge">./dir</code>.</p> <h4 id="context">context</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-2">version 2.0</a> file format.</p> </blockquote> <p>Either a path to a directory containing a Dockerfile, or a url to a git repository.</p> <p>When the value supplied is a relative path, it is interpreted as relative to the location of the Compose file. This directory is also the build context that is sent to the Docker daemon.</p> <p>Compose builds and tags it with a generated name, and uses that image thereafter.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: ./dir
+</pre></div> <h4 id="dockerfile">dockerfile</h4> <p>Alternate Dockerfile.</p> <p>Compose uses an alternate file to build with. A build path must also be specified.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  dockerfile: Dockerfile-alternate
+</pre></div> <h4 id="args">args</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-2">version 2.0</a> file format.</p> </blockquote> <p>Add build arguments, which are environment variables accessible only during the build process.</p> <p>First, specify the arguments in your Dockerfile:</p> <div class="highlight"><pre class="highlight" data-language=""># syntax=docker/dockerfile:1
+
+ARG buildno
+ARG gitcommithash
+
+RUN echo "Build number: $buildno"
+RUN echo "Based on commit: $gitcommithash"
+</pre></div> <p>Then specify the arguments under the <code class="language-plaintext highlighter-rouge">build</code> key. You can pass a mapping or a list:</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  args:
+    buildno: 1
+    gitcommithash: cdc3b19
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  args:
+    - buildno=1
+    - gitcommithash=cdc3b19
+</pre></div> <blockquote> <p>Scope of build-args</p> <p>In your Dockerfile, if you specify <code class="language-plaintext highlighter-rouge">ARG</code> before the <code class="language-plaintext highlighter-rouge">FROM</code> instruction, <code class="language-plaintext highlighter-rouge">ARG</code> is not available in the build instructions under <code class="language-plaintext highlighter-rouge">FROM</code>. If you need an argument to be available in both places, also specify it under the <code class="language-plaintext highlighter-rouge">FROM</code> instruction. Refer to the <a href="../../../engine/reference/builder/index#understand-how-arg-and-from-interact">understand how ARGS and FROM interact</a> section in the documentation for usage details.</p> </blockquote> <p>You can omit the value when specifying a build argument, in which case its value at build time is the value in the environment where Compose is running.</p> <div class="highlight"><pre class="highlight" data-language="">args:
+  - buildno
+  - gitcommithash
+</pre></div> <blockquote> <p>Tip when using boolean values</p> <p>YAML boolean values (<code class="language-plaintext highlighter-rouge">"true"</code>, <code class="language-plaintext highlighter-rouge">"false"</code>, <code class="language-plaintext highlighter-rouge">"yes"</code>, <code class="language-plaintext highlighter-rouge">"no"</code>, <code class="language-plaintext highlighter-rouge">"on"</code>, <code class="language-plaintext highlighter-rouge">"off"</code>) must be enclosed in quotes, so that the parser interprets them as strings.</p> </blockquote> <h4 id="cache_from">cache_from</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-22">version 2.2</a> file format</p> </blockquote> <p>A list of images that the engine uses for cache resolution.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  cache_from:
+    - alpine:latest
+    - corp/web_app:3.14
+</pre></div> <h4 id="extra_hosts">extra_hosts</h4> <p>Add hostname mappings at build-time. Use the same values as the docker client <code class="language-plaintext highlighter-rouge">--add-host</code> parameter.</p> <div class="highlight"><pre class="highlight" data-language="">extra_hosts:
+  - "somehost:162.242.195.82"
+  - "otherhost:50.31.209.229"
+</pre></div> <p>An entry with the ip address and hostname is created in <code class="language-plaintext highlighter-rouge">/etc/hosts</code> inside containers for this build, e.g:</p> <div class="highlight"><pre class="highlight" data-language="">162.242.195.82  somehost
+50.31.209.229   otherhost
+</pre></div> <h4 id="isolation">isolation</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Specify a build’s container isolation technology. On Linux, the only supported value is <code class="language-plaintext highlighter-rouge">default</code>. On Windows, acceptable values are <code class="language-plaintext highlighter-rouge">default</code>, <code class="language-plaintext highlighter-rouge">process</code> and <code class="language-plaintext highlighter-rouge">hyperv</code>. Refer to the <a href="../../../engine/reference/commandline/run/index#specify-isolation-technology-for-container---isolation">Docker Engine docs</a> for details.</p> <p>If unspecified, Compose will use the <code class="language-plaintext highlighter-rouge">isolation</code> value found in the service’s definition to determine the value to use for builds.</p> <h4 id="labels">labels</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format</p> </blockquote> <p>Add metadata to the resulting image using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  labels:
+    com.example.description: "Accounting webapp"
+    com.example.department: "Finance"
+    com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  labels:
+    - "com.example.description=Accounting webapp"
+    - "com.example.department=Finance"
+    - "com.example.label-with-empty-value"
+</pre></div> <h4 id="network">network</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-22">version 2.2</a> file format</p> </blockquote> <p>Set the network containers connect to for the <code class="language-plaintext highlighter-rouge">RUN</code> instructions during build.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  network: host
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  network: custom_network_1
+</pre></div> <p>Use <code class="language-plaintext highlighter-rouge">none</code> to disable networking during build:</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  network: none
+</pre></div> <h4 id="shm_size">shm_size</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-23">version 2.3</a> file format</p> </blockquote> <p>Set the size of the <code class="language-plaintext highlighter-rouge">/dev/shm</code> partition for this build’s containers. Specify as an integer value representing the number of bytes or as a string expressing a <a href="#specifying-byte-values">byte value</a>.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  shm_size: '2gb'
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  shm_size: 10000000
+</pre></div> <h4 id="target">target</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-23">version 2.3</a> file format</p> </blockquote> <p>Build the specified stage as defined inside the <code class="language-plaintext highlighter-rouge">Dockerfile</code>. See the <a href="https://docs.docker.com/develop/develop-images/multistage-build/">multi-stage build docs</a> for details.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  target: prod
+</pre></div> <h3 id="cap_add-cap_drop">cap_add, cap_drop</h3> <p>Add or drop container capabilities. See <code class="language-plaintext highlighter-rouge">man 7 capabilities</code> for a full list.</p> <div class="highlight"><pre class="highlight" data-language="">cap_add:
+  - ALL
+
+cap_drop:
+  - NET_ADMIN
+  - SYS_ADMIN
+</pre></div> <h3 id="cgroup_parent">cgroup_parent</h3> <p>Specify an optional parent cgroup for the container.</p> <div class="highlight"><pre class="highlight" data-language="">cgroup_parent: m-executor-abcd
+</pre></div> <h3 id="command">command</h3> <p>Override the default command.</p> <div class="highlight"><pre class="highlight" data-language="">command: bundle exec thin -p 3000
+</pre></div> <p>The command can also be a list, in a manner similar to <a href="../../../engine/reference/builder/index#cmd">dockerfile</a>:</p> <div class="highlight"><pre class="highlight" data-language="">command: ["bundle", "exec", "thin", "-p", "3000"]
+</pre></div> <h3 id="container_name">container_name</h3> <p>Specify a custom container name, rather than a generated default name.</p> <div class="highlight"><pre class="highlight" data-language="">container_name: my-web-container
+</pre></div> <p>Because Docker container names must be unique, you cannot scale a service beyond 1 container if you have specified a custom name. Attempting to do so results in an error.</p> <h3 id="cpu_rt_runtime-cpu_rt_period">cpu_rt_runtime, cpu_rt_period</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-22">version 2.2</a> file format</p> </blockquote> <p>Configure CPU allocation parameters using the Docker daemon realtime scheduler.</p> <div class="highlight"><pre class="highlight" data-language="">cpu_rt_runtime: '400ms'
+cpu_rt_period: '1400us'
+</pre></div> <p>Integer values will use microseconds as units:</p> <div class="highlight"><pre class="highlight" data-language="">cpu_rt_runtime: 95000
+cpu_rt_period: 11000
+</pre></div> <h3 id="device_cgroup_rules">device_cgroup_rules</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-23">version 2.3</a> file format.</p> </blockquote> <p>Add rules to the cgroup allowed devices list.</p> <div class="highlight"><pre class="highlight" data-language="">device_cgroup_rules:
+  - 'c 1:3 mr'
+  - 'a 7:* rmw'
+</pre></div> <h3 id="devices">devices</h3> <p>List of device mappings. Uses the same format as the <code class="language-plaintext highlighter-rouge">--device</code> docker client create option.</p> <div class="highlight"><pre class="highlight" data-language="">devices:
+  - "/dev/ttyUSB0:/dev/ttyUSB0"
+</pre></div> <h3 id="depends_on">depends_on</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-2">version 2.0</a> file format.</p> </blockquote> <p>Express dependency between services. Service dependencies cause the following behaviors:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">docker-compose up</code> starts services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code> are started before <code class="language-plaintext highlighter-rouge">web</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">docker-compose up SERVICE</code> automatically includes <code class="language-plaintext highlighter-rouge">SERVICE</code>’s dependencies. In the example below, <code class="language-plaintext highlighter-rouge">docker-compose up web</code> also creates and starts <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">docker-compose stop</code> stops services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">web</code> is stopped before <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code>.</li> </ul> <p>Simple example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  web:
+    build: .
+    depends_on:
+      - db
+      - redis
+  redis:
+    image: redis
+  db:
+    image: postgres
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p><code class="language-plaintext highlighter-rouge">depends_on</code> does not wait for <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code> to be “ready” before starting <code class="language-plaintext highlighter-rouge">web</code> - only until they have been started. If you need to wait for a service to be ready, see <a href="../../startup-order/index">Controlling startup order</a> for more on this problem and strategies for solving it.</p> </blockquote> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>A healthcheck indicates that you want a dependency to wait for another container to be “healthy” (as indicated by a successful state from the healthcheck) before starting.</p> <p>Example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  web:
+    build: .
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
+  redis:
+    image: redis
+  db:
+    image: postgres
+    healthcheck:
+      test: "exit 0"
+</pre></div> <p>In the above example, Compose waits for the <code class="language-plaintext highlighter-rouge">redis</code> service to be started (legacy behavior) and the <code class="language-plaintext highlighter-rouge">db</code> service to be healthy before starting <code class="language-plaintext highlighter-rouge">web</code>.</p> <p>See the <a href="#healthcheck">healthcheck section</a> for complementary information.</p> <h3 id="dns">dns</h3> <p>Custom DNS servers. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">dns: 8.8.8.8
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">dns:
+  - 8.8.8.8
+  - 9.9.9.9
+</pre></div> <h3 id="dns_opt">dns_opt</h3> <p>List of custom DNS options to be added to the container’s <code class="language-plaintext highlighter-rouge">resolv.conf</code> file.</p> <div class="highlight"><pre class="highlight" data-language="">dns_opt:
+  - use-vc
+  - no-tld-query
+</pre></div> <h3 id="dns_search">dns_search</h3> <p>Custom DNS search domains. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">dns_search: example.com
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">dns_search:
+  - dc1.example.com
+  - dc2.example.com
+</pre></div> <h3 id="entrypoint">entrypoint</h3> <p>Override the default entrypoint.</p> <div class="highlight"><pre class="highlight" data-language="">entrypoint: /code/entrypoint.sh
+</pre></div> <p>The entrypoint can also be a list, in a manner similar to <a href="../../../engine/reference/builder/index#entrypoint">dockerfile</a>:</p> <div class="highlight"><pre class="highlight" data-language="">entrypoint: ["php", "-d", "memory_limit=-1", "vendor/bin/phpunit"]
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Setting <code class="language-plaintext highlighter-rouge">entrypoint</code> both overrides any default entrypoint set on the service’s image with the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> Dockerfile instruction, <em>and</em> clears out any default command on the image - meaning that if there’s a <code class="language-plaintext highlighter-rouge">CMD</code> instruction in the Dockerfile, it is ignored.</p> </blockquote> <h3 id="env_file">env_file</h3> <p>Add environment variables from a file. Can be a single value or a list.</p> <p>If you have specified a Compose file with <code class="language-plaintext highlighter-rouge">docker-compose -f FILE</code>, paths in <code class="language-plaintext highlighter-rouge">env_file</code> are relative to the directory that file is in.</p> <p>Environment variables declared in the <a href="#environment">environment</a> section <em>override</em> these values – this holds true even if those values are empty or undefined.</p> <div class="highlight"><pre class="highlight" data-language="">env_file: .env
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">env_file:
+  - ./common.env
+  - ./apps/web.env
+  - /opt/runtime_opts.env
+</pre></div> <p>Compose expects each line in an env file to be in <code class="language-plaintext highlighter-rouge">VAR=VAL</code> format. Lines beginning with <code class="language-plaintext highlighter-rouge">#</code> are treated as comments and are ignored. Blank lines are also ignored.</p> <div class="highlight"><pre class="highlight" data-language=""># Set Rails/Rack environment
+RACK_ENV=development
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If your service specifies a <a href="#build">build</a> option, variables defined in environment files are <em>not</em> automatically visible during the build. Use the <a href="#args">args</a> sub-option of <code class="language-plaintext highlighter-rouge">build</code> to define build-time environment variables.</p> </blockquote> <p>The value of <code class="language-plaintext highlighter-rouge">VAL</code> is used as is and not modified at all. For example if the value is surrounded by quotes (as is often the case of shell variables), the quotes are included in the value passed to Compose.</p> <p>Keep in mind that <em>the order of files in the list is significant in determining the value assigned to a variable that shows up more than once</em>. The files in the list are processed from the top down. For the same variable specified in file <code class="language-plaintext highlighter-rouge">a.env</code> and assigned a different value in file <code class="language-plaintext highlighter-rouge">b.env</code>, if <code class="language-plaintext highlighter-rouge">b.env</code> is listed below (after), then the value from <code class="language-plaintext highlighter-rouge">b.env</code> stands. For example, given the following declaration in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code>:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  some-service:
+    env_file:
+      - a.env
+      - b.env
+</pre></div> <p>And the following files:</p> <div class="highlight"><pre class="highlight" data-language=""># a.env
+VAR=1
+</pre></div> <p>and</p> <div class="highlight"><pre class="highlight" data-language=""># b.env
+VAR=hello
+</pre></div> <p><code class="language-plaintext highlighter-rouge">$VAR</code> is <code class="language-plaintext highlighter-rouge">hello</code>.</p> <h3 id="environment">environment</h3> <p>Add environment variables. You can use either an array or a dictionary. Any boolean values (true, false, yes, no) need to be enclosed in quotes to ensure they are not converted to True or False by the YML parser.</p> <p>Environment variables with only a key are resolved to their values on the machine Compose is running on, which can be helpful for secret or host-specific values.</p> <div class="highlight"><pre class="highlight" data-language="">environment:
+  RACK_ENV: development
+  SHOW: 'true'
+  SESSION_SECRET:
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">environment:
+  - RACK_ENV=development
+  - SHOW=true
+  - SESSION_SECRET
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If your service specifies a <a href="#build">build</a> option, variables defined in <code class="language-plaintext highlighter-rouge">environment</code> are <em>not</em> automatically visible during the build. Use the <a href="#args">args</a> sub-option of <code class="language-plaintext highlighter-rouge">build</code> to define build-time environment variables.</p> </blockquote> <h3 id="expose">expose</h3> <p>Expose ports without publishing them to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified.</p> <div class="highlight"><pre class="highlight" data-language="">expose:
+  - "3000"
+  - "8000"
+</pre></div> <h3 id="extends">extends</h3> <p>Extend another service, in the current file or another, optionally overriding configuration.</p> <p>You can use <code class="language-plaintext highlighter-rouge">extends</code> on any service together with other configuration keys. The <code class="language-plaintext highlighter-rouge">extends</code> value must be a dictionary defined with a required <code class="language-plaintext highlighter-rouge">service</code> and an optional <code class="language-plaintext highlighter-rouge">file</code> key.</p> <div class="highlight"><pre class="highlight" data-language="">extends:
+  file: common.yml
+  service: webapp
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">service</code> is the name of the service being extended, for example <code class="language-plaintext highlighter-rouge">web</code> or <code class="language-plaintext highlighter-rouge">database</code>. The <code class="language-plaintext highlighter-rouge">file</code> is the location of a Compose configuration file defining that service.</p> <p>If you omit the <code class="language-plaintext highlighter-rouge">file</code> Compose looks for the service configuration in the current file. The <code class="language-plaintext highlighter-rouge">file</code> value can be an absolute or relative path. If you specify a relative path, Compose treats it as relative to the location of the current file.</p> <p>You can extend a service that itself extends another. You can extend indefinitely. Compose does not support circular references and <code class="language-plaintext highlighter-rouge">docker-compose</code> returns an error if it encounters one.</p> <p>For more on <code class="language-plaintext highlighter-rouge">extends</code>, see the <a href="../../extends/index#extending-services">the extends documentation</a>.</p> <h3 id="external_links">external_links</h3> <p>Link to containers started outside this <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> or even outside of Compose, especially for containers that provide shared or common services. <code class="language-plaintext highlighter-rouge">external_links</code> follow semantics similar to the legacy option <code class="language-plaintext highlighter-rouge">links</code> when specifying both the container name and the link alias (<code class="language-plaintext highlighter-rouge">CONTAINER:ALIAS</code>).</p> <div class="highlight"><pre class="highlight" data-language="">external_links:
+  - redis_1
+  - project_db_1:mysql
+  - project_db_1:postgresql
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If you’re using the <a href="../compose-versioning/index#version-2">version 2 or above file format</a>, the externally-created containers must be connected to at least one of the same networks as the service that is linking to them. <a href="index#links">Links</a> are a legacy option. We recommend using <a href="#networks">networks</a> instead.</p> </blockquote> <h3 id="extra_hosts-1">extra_hosts</h3> <p>Add hostname mappings. Use the same values as the docker client <code class="language-plaintext highlighter-rouge">--add-host</code> parameter.</p> <div class="highlight"><pre class="highlight" data-language="">extra_hosts:
+  - "somehost:162.242.195.82"
+  - "otherhost:50.31.209.229"
+</pre></div> <p>An entry with the ip address and hostname is created in <code class="language-plaintext highlighter-rouge">/etc/hosts</code> inside containers for this service, e.g:</p> <div class="highlight"><pre class="highlight" data-language="">162.242.195.82  somehost
+50.31.209.229   otherhost
+</pre></div> <h3 id="group_add">group_add</h3> <p>Specify additional groups (by name or number) which the user inside the container should be a member of. Groups must exist in both the container and the host system to be added. An example of where this is useful is when multiple containers (running as different users) need to all read or write the same file on the host system. That file can be owned by a group shared by all the containers, and specified in <code class="language-plaintext highlighter-rouge">group_add</code>. See the <a href="../../../engine/reference/run/index#additional-groups">Docker documentation</a> for more details.</p> <p>A full example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  myservice:
+    image: alpine
+    group_add:
+      - mail
+</pre></div> <p>Running <code class="language-plaintext highlighter-rouge">id</code> inside the created container shows that the user belongs to the <code class="language-plaintext highlighter-rouge">mail</code> group, which would not have been the case if <code class="language-plaintext highlighter-rouge">group_add</code> were not used.</p> <h3 id="healthcheck">healthcheck</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Configure a check that’s run to determine whether or not containers for this service are “healthy”. See the docs for the <a href="../../../engine/reference/builder/index#healthcheck">HEALTHCHECK Dockerfile instruction</a> for details on how healthchecks work.</p> <div class="highlight"><pre class="highlight" data-language="">healthcheck:
+  test: ["CMD", "curl", "-f", "http://localhost"]
+  interval: 1m30s
+  timeout: 10s
+  retries: 3
+  start_period: 40s
+</pre></div> <p><code class="language-plaintext highlighter-rouge">interval</code>, <code class="language-plaintext highlighter-rouge">timeout</code> and <code class="language-plaintext highlighter-rouge">start_period</code> are specified as <a href="#specifying-durations">durations</a>.</p> <blockquote> <p>Added in <a href="../compose-versioning/index#version-23">version 2.3</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">start_period</code> option was added in file format 2.3.</p> </blockquote> <p><code class="language-plaintext highlighter-rouge">test</code> must be either a string or a list. If it’s a list, the first item must be either <code class="language-plaintext highlighter-rouge">NONE</code>, <code class="language-plaintext highlighter-rouge">CMD</code> or <code class="language-plaintext highlighter-rouge">CMD-SHELL</code>. If it’s a string, it’s equivalent to specifying <code class="language-plaintext highlighter-rouge">CMD-SHELL</code> followed by that string.</p> <div class="highlight"><pre class="highlight" data-language=""># Hit the local web app
+test: ["CMD", "curl", "-f", "http://localhost"]
+</pre></div> <p>As above, but wrapped in <code class="language-plaintext highlighter-rouge">/bin/sh</code>. Both forms below are equivalent.</p> <div class="highlight"><pre class="highlight" data-language="">test: ["CMD-SHELL", "curl -f http://localhost || exit 1"]
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">test: curl -f https://localhost || exit 1
+</pre></div> <p>To disable any default healthcheck set by the image, you can use <code class="language-plaintext highlighter-rouge">disable: true</code>. This is equivalent to specifying <code class="language-plaintext highlighter-rouge">test: ["NONE"]</code>.</p> <div class="highlight"><pre class="highlight" data-language="">healthcheck:
+  disable: true
+</pre></div> <h3 id="image">image</h3> <p>Specify the image to start the container from. Can either be a repository/tag or a partial image ID.</p> <div class="highlight"><pre class="highlight" data-language="">image: redis
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: ubuntu:18.04
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: tutum/influxdb
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: example-registry.com:4000/postgresql
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: a4bc65fd
+</pre></div> <p>If the image does not exist, Compose attempts to pull it, unless you have also specified <a href="#build">build</a>, in which case it builds it using the specified options and tags it with the specified tag.</p> <h3 id="init">init</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-22">version 2.2</a> file format.</p> </blockquote> <p>Run an init inside the container that forwards signals and reaps processes. Set this option to <code class="language-plaintext highlighter-rouge">true</code> to enable this feature for the service.</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  web:
+    image: alpine:latest
+    init: true
+</pre></div> <blockquote> <p>The default init binary that is used is <a href="https://github.com/krallin/tini">Tini</a>, and is installed in <code class="language-plaintext highlighter-rouge">/usr/libexec/docker-init</code> on the daemon host. You can configure the daemon to use a custom init binary through the <a href="../../../engine/reference/commandline/dockerd/index#daemon-configuration-file"><code class="language-plaintext highlighter-rouge">init-path</code> configuration option</a>.</p> </blockquote> <h3 id="isolation-1">isolation</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Specify a container’s isolation technology. On Linux, the only supported value is <code class="language-plaintext highlighter-rouge">default</code>. On Windows, acceptable values are <code class="language-plaintext highlighter-rouge">default</code>, <code class="language-plaintext highlighter-rouge">process</code> and <code class="language-plaintext highlighter-rouge">hyperv</code>. Refer to the <a href="../../../engine/reference/commandline/run/index#specify-isolation-technology-for-container---isolation">Docker Engine docs</a> for details.</p> <h3 id="labels-1">labels</h3> <p>Add metadata to containers using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
+  com.example.description: "Accounting webapp"
+  com.example.department: "Finance"
+  com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
+  - "com.example.description=Accounting webapp"
+  - "com.example.department=Finance"
+  - "com.example.label-with-empty-value"
+</pre></div> <h3 id="links">links</h3> <p>Link to containers in another service. Either specify both the service name and a link alias (<code class="language-plaintext highlighter-rouge">"SERVICE:ALIAS"</code>), or just the service name.</p> <blockquote> <p>Links are a legacy option. We recommend using <a href="#networks">networks</a> instead.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">web:
+  links:
+    - "db"
+    - "db:database"
+    - "redis"
+</pre></div> <p>Containers for the linked service are reachable at a hostname identical to the alias, or the service name if no alias was specified.</p> <p>Links are not required to enable services to communicate - by default, any service can reach any other service at that service’s name. (See also, the <a href="../../networking/index#links">Links topic in Networking in Compose</a>.)</p> <p>Links also express dependency between services in the same way as <a href="#depends_on">depends_on</a>, so they determine the order of service startup.</p> <blockquote> <p><strong>Note</strong></p> <p>If you define both links and <a href="#networks">networks</a>, services with links between them must share at least one network in common to communicate. We recommend using networks instead.</p> </blockquote> <h3 id="logging">logging</h3> <p>Logging configuration for the service.</p> <div class="highlight"><pre class="highlight" data-language="">logging:
+  driver: syslog
+  options:
+    syslog-address: "tcp://192.168.0.42:123"
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">driver</code> name specifies a logging driver for the service’s containers, as with the <code class="language-plaintext highlighter-rouge">--log-driver</code> option for docker run (<a href="https://docs.docker.com/config/containers/logging/configure/">documented here</a>).</p> <p>The default value is json-file.</p> <div class="highlight"><pre class="highlight" data-language="">driver: "json-file"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">driver: "syslog"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">driver: "none"
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Only the <code class="language-plaintext highlighter-rouge">json-file</code> and <code class="language-plaintext highlighter-rouge">journald</code> drivers make the logs available directly from <code class="language-plaintext highlighter-rouge">docker-compose up</code> and <code class="language-plaintext highlighter-rouge">docker-compose logs</code>. Using any other driver does not print any logs.</p> </blockquote> <p>Specify logging options for the logging driver with the <code class="language-plaintext highlighter-rouge">options</code> key, as with the <code class="language-plaintext highlighter-rouge">--log-opt</code> option for <code class="language-plaintext highlighter-rouge">docker run</code>.</p> <p>Logging options are key-value pairs. An example of <code class="language-plaintext highlighter-rouge">syslog</code> options:</p> <div class="highlight"><pre class="highlight" data-language="">driver: "syslog"
+options:
+  syslog-address: "tcp://192.168.0.42:123"
+</pre></div> <h3 id="network_mode">network_mode</h3> <blockquote> <p>Changed in <a href="../compose-versioning/index#version-2">version 2</a> file format.</p> </blockquote> <p>Network mode. Use the same values as the docker client <code class="language-plaintext highlighter-rouge">--network</code> parameter, plus the special form <code class="language-plaintext highlighter-rouge">service:[service name]</code>.</p> <div class="highlight"><pre class="highlight" data-language="">network_mode: "bridge"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "host"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "none"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "service:[service name]"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "container:[container name/id]"
+</pre></div> <h3 id="networks">networks</h3> <blockquote> <p>Changed in <a href="../compose-versioning/index#version-2">version 2</a> file format.</p> </blockquote> <p>Networks to join, referencing entries under the <a href="#network-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">networks</code> key</a>.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  some-service:
+    networks:
+     - some-network
+     - other-network
+</pre></div> <h4 id="aliases">aliases</h4> <p>Aliases (alternative hostnames) for this service on the network. Other containers on the same network can use either the service name or this alias to connect to one of the service’s containers.</p> <p>Since <code class="language-plaintext highlighter-rouge">aliases</code> is network-scoped, the same service can have different aliases on different networks.</p> <blockquote> <p><strong>Note</strong></p> <p>A network-wide alias can be shared by multiple containers, and even by multiple services. If it is, then exactly which container the name resolves to is not guaranteed.</p> </blockquote> <p>The general format is shown here.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  some-service:
+    networks:
+      some-network:
+        aliases:
+          - alias1
+          - alias3
+      other-network:
+        aliases:
+          - alias2
+</pre></div> <p>In the example below, three services are provided (<code class="language-plaintext highlighter-rouge">web</code>, <code class="language-plaintext highlighter-rouge">worker</code>, and <code class="language-plaintext highlighter-rouge">db</code>), along with two networks (<code class="language-plaintext highlighter-rouge">new</code> and <code class="language-plaintext highlighter-rouge">legacy</code>). The <code class="language-plaintext highlighter-rouge">db</code> service is reachable at the hostname <code class="language-plaintext highlighter-rouge">db</code> or <code class="language-plaintext highlighter-rouge">database</code> on the <code class="language-plaintext highlighter-rouge">new</code> network, and at <code class="language-plaintext highlighter-rouge">db</code> or <code class="language-plaintext highlighter-rouge">mysql</code> on the <code class="language-plaintext highlighter-rouge">legacy</code> network.</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+
+services:
+  web:
+    image: "nginx:alpine"
+    networks:
+      - new
+
+  worker:
+    image: "my-worker-image:latest"
+    networks:
+      - legacy
+
+  db:
+    image: mysql
+    networks:
+      new:
+        aliases:
+          - database
+      legacy:
+        aliases:
+          - mysql
+
+networks:
+  new:
+  legacy:
+</pre></div> <h4 id="ipv4_address-ipv6_address">ipv4_address, ipv6_address</h4> <p>Specify a static IP address for containers for this service when joining the network.</p> <p>The corresponding network configuration in the <a href="#network-configuration-reference">top-level networks section</a> must have an <code class="language-plaintext highlighter-rouge">ipam</code> block with subnet and gateway configurations covering each static address.</p> <blockquote> <p>If IPv6 addressing is desired, the <a href="#enable_ipv6"><code class="language-plaintext highlighter-rouge">enable_ipv6</code></a> option must be set.</p> </blockquote> <p>An example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+
+services:
+  app:
+    image: busybox
+    command: ifconfig
+    networks:
+      app_net:
+        ipv4_address: 172.16.238.10
+        ipv6_address: 2001:3984:3989::10
+
+networks:
+  app_net:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.16.238.0/24
+          gateway: 172.16.238.1
+        - subnet: 2001:3984:3989::/64
+          gateway: 2001:3984:3989::1
+</pre></div> <h4 id="link_local_ips">link_local_ips</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Specify a list of link-local IPs. Link-local IPs are special IPs which belong to a well known subnet and are purely managed by the operator, usually dependent on the architecture where they are deployed. Therefore they are not managed by docker (IPAM driver).</p> <p>Example usage:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  app:
+    image: busybox
+    command: top
+    networks:
+      app_net:
+        link_local_ips:
+          - 57.123.22.11
+          - 57.123.22.13
+networks:
+  app_net:
+    driver: bridge
+</pre></div> <h4 id="priority">priority</h4> <p>Specify a priority to indicate in which order Compose should connect the service’s containers to its networks. If unspecified, the default value is <code class="language-plaintext highlighter-rouge">0</code>.</p> <p>In the following example, the <code class="language-plaintext highlighter-rouge">app</code> service connects to <code class="language-plaintext highlighter-rouge">app_net_1</code> first as it has the highest priority. It then connects to <code class="language-plaintext highlighter-rouge">app_net_3</code>, then <code class="language-plaintext highlighter-rouge">app_net_2</code>, which uses the default priority value of <code class="language-plaintext highlighter-rouge">0</code>.</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  app:
+    image: busybox
+    command: top
+    networks:
+      app_net_1:
+        priority: 1000
+      app_net_2:
+
+      app_net_3:
+        priority: 100
+networks:
+  app_net_1:
+  app_net_2:
+  app_net_3:
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If multiple networks have the same priority, the connection order is undefined.</p> </blockquote> <h3 id="pid">pid</h3> <div class="highlight"><pre class="highlight" data-language="">pid: "host"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">pid: "container:custom_container_1"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">pid: "service:foobar"
+</pre></div> <p>If set to one of the following forms: <code class="language-plaintext highlighter-rouge">container:&lt;container_name&gt;</code>, <code class="language-plaintext highlighter-rouge">service:&lt;service_name&gt;</code>, the service shares the PID address space of the designated container or service.</p> <p>If set to “host”, the service’s PID mode is the host PID mode. This turns on sharing between container and the host operating system the PID address space. Containers launched with this flag can access and manipulate other containers in the bare-metal machine’s namespace and vice versa.</p> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">service:</code> and <code class="language-plaintext highlighter-rouge">container:</code> forms require <a href="../compose-versioning/index#version-21">version 2.1</a> or above</p> </blockquote> <h3 id="pids_limit">pids_limit</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Tunes a container’s PIDs limit. Set to <code class="language-plaintext highlighter-rouge">-1</code> for unlimited PIDs.</p> <div class="highlight"><pre class="highlight" data-language="">pids_limit: 10
+</pre></div> <h3 id="platform">platform</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-24">version 2.4</a> file format.</p> </blockquote> <p>Target platform containers for this service will run on, using the <code class="language-plaintext highlighter-rouge">os[/arch[/variant]]</code> syntax, e.g.</p> <div class="highlight"><pre class="highlight" data-language="">platform: osx
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">platform: windows/amd64
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">platform: linux/arm64/v8
+</pre></div> <p>This parameter determines which version of the image will be pulled and/or on which platform the service’s build will be performed.</p> <h3 id="ports">ports</h3> <p>Expose ports. Either specify both ports (<code class="language-plaintext highlighter-rouge">HOST:CONTAINER</code>), or just the container port (an ephemeral host port is chosen).</p> <blockquote> <p><strong>Note</strong></p> <p>When mapping ports in the <code class="language-plaintext highlighter-rouge">HOST:CONTAINER</code> format, you may experience erroneous results when using a container port lower than 60, because YAML parses numbers in the format <code class="language-plaintext highlighter-rouge">xx:yy</code> as a base-60 value. For this reason, we recommend always explicitly specifying your port mappings as strings.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">ports:
+  - "3000"
+  - "3000-3005"
+  - "8000:8000"
+  - "9090-9091:8080-8081"
+  - "49100:22"
+  - "127.0.0.1:8001:8001"
+  - "127.0.0.1:5000-5010:5000-5010"
+  - "6060:6060/udp"
+  - "12400-12500:1240"
+</pre></div> <h3 id="runtime">runtime</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-23">version 2.3</a> file format.</p> </blockquote> <p>Specify which runtime to use for the service’s containers. Default runtime and available runtimes are listed in the output of <code class="language-plaintext highlighter-rouge">docker info</code>.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  image: busybox:latest
+  command: true
+  runtime: runc
+</pre></div> <h3 id="scale">scale</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-22">version 2.2</a> file format.</p> </blockquote> <p>Specify the default number of containers to deploy for this service. Whenever you run <code class="language-plaintext highlighter-rouge">docker-compose up</code>, Compose creates or removes containers to match the specified number. This value can be overridden using the <a href="../../reference/up/index"><code class="language-plaintext highlighter-rouge">--scale</code></a> flag.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  image: busybox:latest
+  command: echo 'scaled'
+  scale: 3
+</pre></div> <h3 id="security_opt">security_opt</h3> <p>Override the default labeling scheme for each container.</p> <div class="highlight"><pre class="highlight" data-language="">security_opt:
+  - label:user:USER
+  - label:role:ROLE
+</pre></div> <h3 id="stop_grace_period">stop_grace_period</h3> <p>Specify how long to wait when attempting to stop a container if it doesn’t handle SIGTERM (or whatever stop signal has been specified with <a href="#stop_signal"><code class="language-plaintext highlighter-rouge">stop_signal</code></a>), before sending SIGKILL. Specified as a <a href="#specifying-durations">duration</a>.</p> <div class="highlight"><pre class="highlight" data-language="">stop_grace_period: 1s
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">stop_grace_period: 1m30s
+</pre></div> <p>By default, <code class="language-plaintext highlighter-rouge">stop</code> waits 10 seconds for the container to exit before sending SIGKILL.</p> <h3 id="stop_signal">stop_signal</h3> <p>Sets an alternative signal to stop the container. By default <code class="language-plaintext highlighter-rouge">stop</code> uses SIGTERM. Setting an alternative signal using <code class="language-plaintext highlighter-rouge">stop_signal</code> causes <code class="language-plaintext highlighter-rouge">stop</code> to send that signal instead.</p> <div class="highlight"><pre class="highlight" data-language="">stop_signal: SIGUSR1
+</pre></div> <h3 id="storage_opt">storage_opt</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Set storage driver options for this service.</p> <div class="highlight"><pre class="highlight" data-language="">storage_opt:
+  size: '1G'
+</pre></div> <h3 id="sysctls">sysctls</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Kernel parameters to set in the container. You can use either an array or a dictionary.</p> <div class="highlight"><pre class="highlight" data-language="">sysctls:
+  net.core.somaxconn: 1024
+  net.ipv4.tcp_syncookies: 0
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">sysctls:
+  - net.core.somaxconn=1024
+  - net.ipv4.tcp_syncookies=0
+</pre></div> <h3 id="tmpfs">tmpfs</h3> <p>Mount a temporary file system inside the container. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">tmpfs: /run
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">tmpfs:
+  - /run
+  - /tmp
+</pre></div> <h3 id="ulimits">ulimits</h3> <p>Override the default ulimits for a container. You can either specify a single limit as an integer or soft/hard limits as a mapping.</p> <div class="highlight"><pre class="highlight" data-language="">ulimits:
+  nproc: 65535
+  nofile:
+    soft: 20000
+    hard: 40000
+</pre></div> <h3 id="userns_mode">userns_mode</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">userns_mode: "host"
+</pre></div> <p>Disables the user namespace for this service, if Docker daemon is configured with user namespaces. See <a href="../../../engine/security/userns-remap/index#disable-namespace-remapping-for-a-container">dockerd</a> for more information.</p> <h3 id="volumes">volumes</h3> <p>Mount host paths or named volumes. Named volumes need to be specified with the <a href="#volume-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">volumes</code> key</a>.</p> <h4 id="short-syntax">Short syntax</h4> <p>The short syntax uses the generic <code class="language-plaintext highlighter-rouge">[SOURCE:]TARGET[:MODE]</code> format, where <code class="language-plaintext highlighter-rouge">SOURCE</code> can be either a host path or volume name. <code class="language-plaintext highlighter-rouge">TARGET</code> is the container path where the volume is mounted. Standard modes are <code class="language-plaintext highlighter-rouge">ro</code> for read-only and <code class="language-plaintext highlighter-rouge">rw</code> for read-write (default).</p> <p>You can mount a relative path on the host, which expands relative to the directory of the Compose configuration file being used. Relative paths should always begin with <code class="language-plaintext highlighter-rouge">.</code> or <code class="language-plaintext highlighter-rouge">..</code>.</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  # Just specify a path and let the Engine create a volume
+  - /var/lib/mysql
+
+  # Specify an absolute path mapping
+  - /opt/data:/var/lib/mysql
+
+  # Path on the host, relative to the Compose file
+  - ./cache:/tmp/cache
+
+  # User-relative path
+  - ~/configs:/etc/configs/:ro
+
+  # Named volume
+  - datavolume:/var/lib/mysql
+</pre></div> <h4 id="long-syntax">Long syntax</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-23">version 2.3</a> file format.</p> </blockquote> <p>The long form syntax allows the configuration of additional fields that can’t be expressed in the short form.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">type</code>: the mount type <code class="language-plaintext highlighter-rouge">volume</code>, <code class="language-plaintext highlighter-rouge">bind</code>, <code class="language-plaintext highlighter-rouge">tmpfs</code> or <code class="language-plaintext highlighter-rouge">npipe</code>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">source</code>: the source of the mount, a path on the host for a bind mount, or the name of a volume defined in the <a href="#volume-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">volumes</code> key</a>. Not applicable for a tmpfs mount.</li> <li>
+<code class="language-plaintext highlighter-rouge">target</code>: the path in the container where the volume is mounted</li> <li>
+<code class="language-plaintext highlighter-rouge">read_only</code>: flag to set the volume as read-only</li> <li>
+<code class="language-plaintext highlighter-rouge">bind</code>: configure additional bind options <ul> <li>
+<code class="language-plaintext highlighter-rouge">propagation</code>: the propagation mode used for the bind</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">volume</code>: configure additional volume options <ul> <li>
+<code class="language-plaintext highlighter-rouge">nocopy</code>: flag to disable copying of data from a container when a volume is created</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">tmpfs</code>: configure additional tmpfs options <ul> <li>
+<code class="language-plaintext highlighter-rouge">size</code>: the size for the tmpfs mount in bytes</li> </ul> </li> </ul> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  web:
+    image: nginx:alpine
+    ports:
+      - "80:80"
+    volumes:
+      - type: volume
+        source: mydata
+        target: /data
+        volume:
+          nocopy: true
+      - type: bind
+        source: ./static
+        target: /opt/app/static
+
+networks:
+  webnet:
+
+volumes:
+  mydata:
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>When creating bind mounts, using the long syntax requires the referenced folder to be created beforehand. Using the short syntax creates the folder on the fly if it doesn’t exist. See the <a href="https://docs.docker.com/storage/bind-mounts/#differences-between--v-and---mount-behavior">bind mounts documentation</a> for more information.</p> </blockquote> <h3 id="volume_driver">volume_driver</h3> <p>Specify a default volume driver to be used for all declared volumes on this service.</p> <div class="highlight"><pre class="highlight" data-language="">volume_driver: mydriver
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>In <a href="../compose-versioning/index#version-2">version 2 files</a>, this option only applies to anonymous volumes (those specified in the image, or specified under <code class="language-plaintext highlighter-rouge">volumes</code> without an explicit named volume or host path). To configure the driver for a named volume, use the <code class="language-plaintext highlighter-rouge">driver</code> key under the entry in the <a href="#volume-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">volumes</code> option</a>.</p> </blockquote> <p>See <a href="https://docs.docker.com/storage/volumes/">Docker Volumes</a> and <a href="../../../engine/extend/plugins_volume/index">Volume Plugins</a> for more information.</p> <h3 id="volumes_from">volumes_from</h3> <p>Mount all of the volumes from another service or container, optionally specifying read-only access (<code class="language-plaintext highlighter-rouge">ro</code>) or read-write (<code class="language-plaintext highlighter-rouge">rw</code>). If no access level is specified, then read-write is used.</p> <div class="highlight"><pre class="highlight" data-language="">volumes_from:
+  - service_name
+  - service_name:ro
+  - container:container_name
+  - container:container_name:rw
+</pre></div> <blockquote> <p>Changed in <a href="../compose-versioning/index#version-2">version 2</a> file format.</p> </blockquote> <h3 id="restart">restart</h3> <p><code class="language-plaintext highlighter-rouge">no</code> is the default restart policy, and it doesn’t restart a container under any circumstance. When <code class="language-plaintext highlighter-rouge">always</code> is specified, the container always restarts. The <code class="language-plaintext highlighter-rouge">on-failure</code> policy restarts a container if the exit code indicates an on-failure error.</p> <div class="highlight"><pre class="highlight" data-language="">restart: "no"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">restart: "always"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">restart: "on-failure"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">restart: "unless-stopped"
+</pre></div> <h3 id="cpu-and-other-resources">cpu_count, cpu_percent, cpu_shares, cpu_period, cpu_quota, cpus, cpuset, domainname, hostname, ipc, mac_address, mem_limit, memswap_limit, mem_swappiness, mem_reservation, oom_kill_disable, oom_score_adj, privileged, read_only, shm_size, stdin_open, tty, user, working_dir</h3> <p>Each of these is a single value, analogous to its <a href="../../../engine/reference/run/index#runtime-constraints-on-resources">docker run</a> counterpart.</p> <blockquote> <p>Added in <a href="../compose-versioning/index#version-22">version 2.2</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">cpu_count</code>, <code class="language-plaintext highlighter-rouge">cpu_percent</code>, and <code class="language-plaintext highlighter-rouge">cpus</code> options were added in <a href="../compose-versioning/index#version-22">version 2.2</a>.</p> </blockquote> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">oom_kill_disable</code> and <code class="language-plaintext highlighter-rouge">cpu_period</code> options were added in <a href="../compose-versioning/index#version-21">version 2.1</a>.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">cpu_count: 2
+cpu_percent: 50
+cpus: 0.5
+cpu_shares: 73
+cpu_quota: 50000
+cpu_period: 20ms
+cpuset: 0,1
+
+user: postgresql
+working_dir: /code
+
+domainname: foo.com
+hostname: foo
+ipc: host
+mac_address: 02:42:ac:11:65:43
+
+mem_limit: 1000000000
+memswap_limit: 2000000000
+mem_reservation: 512m
+privileged: true
+
+oom_score_adj: 500
+oom_kill_disable: true
+
+read_only: true
+shm_size: 64M
+stdin_open: true
+tty: true
+</pre></div>  <h2 id="specifying-durations">Specifying durations</h2> <p>Some configuration options, such as the <code class="language-plaintext highlighter-rouge">interval</code> and <code class="language-plaintext highlighter-rouge">timeout</code> sub-options for <a href="#healthcheck"><code class="language-plaintext highlighter-rouge">healthcheck</code></a>, accept a duration as a string in a format that looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">2.5s
+10s
+1m30s
+2h32m
+5h34m56s
+</pre></div> <p>The supported units are <code class="language-plaintext highlighter-rouge">us</code>, <code class="language-plaintext highlighter-rouge">ms</code>, <code class="language-plaintext highlighter-rouge">s</code>, <code class="language-plaintext highlighter-rouge">m</code> and <code class="language-plaintext highlighter-rouge">h</code>.</p> <h2 id="specifying-byte-values">Specifying byte values</h2> <p>Some configuration options, such as the <code class="language-plaintext highlighter-rouge">device_read_bps</code> sub-option for <a href="#blkio_config"><code class="language-plaintext highlighter-rouge">blkio_config</code></a>, accept a byte value as a string in a format that looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">2b
+1024kb
+2048k
+300m
+1gb
+</pre></div> <p>The supported units are <code class="language-plaintext highlighter-rouge">b</code>, <code class="language-plaintext highlighter-rouge">k</code>, <code class="language-plaintext highlighter-rouge">m</code> and <code class="language-plaintext highlighter-rouge">g</code>, and their alternative notation <code class="language-plaintext highlighter-rouge">kb</code>, <code class="language-plaintext highlighter-rouge">mb</code> and <code class="language-plaintext highlighter-rouge">gb</code>. Decimal values are not supported at this time.</p> <h2 id="volume-configuration-reference">Volume configuration reference</h2> <p>While it is possible to declare <a href="#volumes">volumes</a> on the fly as part of the service declaration, this section allows you to create named volumes that can be reused across multiple services (without relying on <code class="language-plaintext highlighter-rouge">volumes_from</code>), and are easily retrieved and inspected using the docker command line or API. See the <a href="../../../engine/reference/commandline/volume_create/index">docker volume</a> subcommand documentation for more information.</p> <p>See <a href="https://docs.docker.com/storage/volumes/">use volumes</a> and <a href="../../../engine/extend/plugins_volume/index">volume plugins</a> for general information on volumes.</p> <p>Here’s an example of a two-service setup where a database’s data directory is shared with another service as a volume so that it can be periodically backed up:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+
+services:
+  db:
+    image: db
+    volumes:
+      - data-volume:/var/lib/db
+  backup:
+    image: backup-service
+    volumes:
+      - data-volume:/var/lib/backup/data
+
+volumes:
+  data-volume:
+</pre></div> <p>An entry under the top-level <code class="language-plaintext highlighter-rouge">volumes</code> key can be empty, in which case it uses the default driver configured by the Engine (in most cases, this is the <code class="language-plaintext highlighter-rouge">local</code> driver). Optionally, you can configure it with the following keys:</p> <h3 id="driver">driver</h3> <p>Specify which volume driver should be used for this volume. Defaults to whatever driver the Docker Engine has been configured to use, which in most cases is <code class="language-plaintext highlighter-rouge">local</code>. If the driver is not available, the Engine returns an error when <code class="language-plaintext highlighter-rouge">docker-compose up</code> tries to create the volume.</p> <div class="highlight"><pre class="highlight" data-language="">driver: foobar
+</pre></div> <h3 id="driver_opts">driver_opts</h3> <p>Specify a list of options as key-value pairs to pass to the driver for this volume. Those options are driver-dependent - consult the driver’s documentation for more information. Optional.</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  example:
+    driver_opts:
+      type: "nfs"
+      o: "addr=10.40.0.199,nolock,soft,rw"
+      device: ":/docker/example"
+</pre></div> <h3 id="external">external</h3> <p>If set to <code class="language-plaintext highlighter-rouge">true</code>, specifies that this volume has been created outside of Compose. <code class="language-plaintext highlighter-rouge">docker-compose up</code> does not attempt to create it, and raises an error if it doesn’t exist.</p> <p>For version 2.0 of the format, <code class="language-plaintext highlighter-rouge">external</code> cannot be used in conjunction with other volume configuration keys (<code class="language-plaintext highlighter-rouge">driver</code>, <code class="language-plaintext highlighter-rouge">driver_opts</code>, <code class="language-plaintext highlighter-rouge">labels</code>). This limitation no longer exists for <a href="../compose-versioning/index#version-21">version 2.1</a> and above.</p> <p>In the example below, instead of attempting to create a volume called <code class="language-plaintext highlighter-rouge">[projectname]_data</code>, Compose looks for an existing volume simply called <code class="language-plaintext highlighter-rouge">data</code> and mount it into the <code class="language-plaintext highlighter-rouge">db</code> service’s containers.</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+
+services:
+  db:
+    image: postgres
+    volumes:
+      - data:/var/lib/postgresql/data
+
+volumes:
+  data:
+    external: true
+</pre></div> <p>You can also specify the name of the volume separately from the name used to refer to it within the Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  data:
+    external:
+      name: actual-name-of-volume
+</pre></div> <blockquote class="important"> <p>Deprecated in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> <p>external.name was deprecated in version 2.1 file format use <code class="language-plaintext highlighter-rouge">name</code> instead.</p> </blockquote> <h3 id="labels-2">labels</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Add metadata to containers using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
+  com.example.description: "Database volume"
+  com.example.department: "IT/Ops"
+  com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
+  - "com.example.description=Database volume"
+  - "com.example.department=IT/Ops"
+  - "com.example.label-with-empty-value"
+</pre></div> <h3 id="name">name</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Set a custom name for this volume. The name field can be used to reference volumes that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name.</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+volumes:
+  data:
+    name: my-app-data
+</pre></div> <p>It can also be used in conjunction with the <code class="language-plaintext highlighter-rouge">external</code> property:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+volumes:
+  data:
+    external: true
+    name: my-app-data
+</pre></div> <h2 id="network-configuration-reference">Network configuration reference</h2> <p>The top-level <code class="language-plaintext highlighter-rouge">networks</code> key lets you specify networks to be created. For a full explanation of Compose’s use of Docker networking features, see the <a href="../../networking/index">Networking guide</a>.</p> <h3 id="driver-1">driver</h3> <p>Specify which driver should be used for this network.</p> <p>The default driver depends on how the Docker Engine you’re using is configured, but in most instances it is <code class="language-plaintext highlighter-rouge">bridge</code> on a single host and <code class="language-plaintext highlighter-rouge">overlay</code> on a Swarm.</p> <p>The Docker Engine returns an error if the driver is not available.</p> <div class="highlight"><pre class="highlight" data-language="">driver: overlay
+</pre></div> <blockquote> <p>Changed in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> <p>Starting with Compose file format 2.1, overlay networks are always created as <code class="language-plaintext highlighter-rouge">attachable</code>, and this is not configurable. This means that standalone containers can connect to overlay networks.</p> </blockquote> <h3 id="driver_opts-1">driver_opts</h3> <p>Specify a list of options as key-value pairs to pass to the driver for this network. Those options are driver-dependent - consult the driver’s documentation for more information. Optional.</p> <div class="highlight"><pre class="highlight" data-language="">driver_opts:
+  foo: "bar"
+  baz: 1
+</pre></div> <h3 id="enable_ipv6">enable_ipv6</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Enable IPv6 networking on this network.</p> <h3 id="ipam">ipam</h3> <p>Specify custom IPAM config. This is an object with several properties, each of which is optional:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">driver</code>: Custom IPAM driver, instead of the default.</li> <li>
+<code class="language-plaintext highlighter-rouge">config</code>: A list with zero or more config blocks, each containing any of the following keys: <ul> <li>
+<code class="language-plaintext highlighter-rouge">subnet</code>: Subnet in CIDR format that represents a network segment</li> <li>
+<code class="language-plaintext highlighter-rouge">ip_range</code>: Range of IPs from which to allocate container IPs</li> <li>
+<code class="language-plaintext highlighter-rouge">gateway</code>: IPv4 or IPv6 gateway for the master subnet</li> <li>
+<code class="language-plaintext highlighter-rouge">aux_addresses</code>: Auxiliary IPv4 or IPv6 addresses used by Network driver, as a mapping from hostname to IP</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">options</code>: Driver-specific options as a key-value mapping.</li> </ul> <p>A full example:</p> <div class="highlight"><pre class="highlight" data-language="">ipam:
+  driver: default
+  config:
+    - subnet: 172.28.0.0/16
+      ip_range: 172.28.5.0/24
+      gateway: 172.28.5.254
+      aux_addresses:
+        host1: 172.28.1.5
+        host2: 172.28.1.6
+        host3: 172.28.1.7
+  options:
+    foo: bar
+    baz: "0"
+</pre></div> <h3 id="internal">internal</h3> <p>By default, Docker also connects a bridge network to it to provide external connectivity. If you want to create an externally isolated overlay network, you can set this option to <code class="language-plaintext highlighter-rouge">true</code>.</p> <h3 id="labels-3">labels</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Add metadata to containers using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
+  com.example.description: "Financial transaction network"
+  com.example.department: "Finance"
+  com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
+  - "com.example.description=Financial transaction network"
+  - "com.example.department=Finance"
+  - "com.example.label-with-empty-value"
+</pre></div> <h3 id="external-1">external</h3> <p>If set to <code class="language-plaintext highlighter-rouge">true</code>, specifies that this network has been created outside of Compose. <code class="language-plaintext highlighter-rouge">docker-compose up</code> does not attempt to create it, and raises an error if it doesn’t exist.</p> <p>For version 2.0 of the format, <code class="language-plaintext highlighter-rouge">external</code> cannot be used in conjunction with other network configuration keys (<code class="language-plaintext highlighter-rouge">driver</code>, <code class="language-plaintext highlighter-rouge">driver_opts</code>, <code class="language-plaintext highlighter-rouge">ipam</code>, <code class="language-plaintext highlighter-rouge">internal</code>). This limitation no longer exists for <a href="../compose-versioning/index#version-21">version 2.1</a> and above.</p> <p>In the example below, <code class="language-plaintext highlighter-rouge">proxy</code> is the gateway to the outside world. Instead of attempting to create a network called <code class="language-plaintext highlighter-rouge">[projectname]_outside</code>, Compose looks for an existing network simply called <code class="language-plaintext highlighter-rouge">outside</code> and connect the <code class="language-plaintext highlighter-rouge">proxy</code> service’s containers to it.</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+
+services:
+  proxy:
+    build: ./proxy
+    networks:
+      - outside
+      - default
+  app:
+    build: ./app
+    networks:
+      - default
+
+networks:
+  outside:
+    external: true
+</pre></div> <p>You can also specify the name of the network separately from the name used to refer to it within the Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+networks:
+  outside:
+    external:
+      name: actual-name-of-network
+</pre></div> <p>Not supported for version 2 <code class="language-plaintext highlighter-rouge">docker-compose</code> files. Use <a href="#network_mode">network_mode</a> instead.</p> <h3 id="name-1">name</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>Set a custom name for this network. The name field can be used to reference networks which contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name.</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+networks:
+  network1:
+    name: my-app-net
+</pre></div> <p>It can also be used in conjunction with the <code class="language-plaintext highlighter-rouge">external</code> property:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+networks:
+  network1:
+    external: true
+    name: my-app-net
+</pre></div> <h2 id="variable-substitution">Variable substitution</h2> <p>Your configuration options can contain environment variables. Compose uses the variable values from the shell environment in which <code class="language-plaintext highlighter-rouge">docker-compose</code> is run. For example, suppose the shell contains <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION=9.3</code> and you supply this configuration:</p> <div class="highlight"><pre class="highlight" data-language="">db:
+  image: "postgres:${POSTGRES_VERSION}"
+</pre></div> <p>When you run <code class="language-plaintext highlighter-rouge">docker-compose up</code> with this configuration, Compose looks for the <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION</code> environment variable in the shell and substitutes its value in. For this example, Compose resolves the <code class="language-plaintext highlighter-rouge">image</code> to <code class="language-plaintext highlighter-rouge">postgres:9.3</code> before running the configuration.</p> <p>If an environment variable is not set, Compose substitutes with an empty string. In the example above, if <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION</code> is not set, the value for the <code class="language-plaintext highlighter-rouge">image</code> option is <code class="language-plaintext highlighter-rouge">postgres:</code>.</p> <p>You can set default values for environment variables using a <a href="../../env-file/index"><code class="language-plaintext highlighter-rouge">.env</code> file</a>, which Compose automatically looks for in project directory (parent folder of your Compose file). Values set in the shell environment override those set in the <code class="language-plaintext highlighter-rouge">.env</code> file.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">.env file</code> feature only works when you use the <code class="language-plaintext highlighter-rouge">docker-compose up</code> command and does not work with <code class="language-plaintext highlighter-rouge">docker stack deploy</code>.</p> </blockquote> <p>Both <code class="language-plaintext highlighter-rouge">$VARIABLE</code> and <code class="language-plaintext highlighter-rouge">${VARIABLE}</code> syntax are supported. Additionally when using the <a href="../compose-versioning/index#version-21">2.1 file format</a>, it is possible to provide inline default values using typical shell syntax:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE:-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> only if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Similarly, the following syntax allows you to specify mandatory variables:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE:?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Other extended shell-style features, such as <code class="language-plaintext highlighter-rouge">${VARIABLE/foo/bar}</code>, are not supported.</p> <p>You can use a <code class="language-plaintext highlighter-rouge">$$</code> (double-dollar sign) when your configuration needs a literal dollar sign. This also prevents Compose from interpolating a value, so a <code class="language-plaintext highlighter-rouge">$$</code> allows you to refer to environment variables that you don’t want processed by Compose.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  build: .
+  command: "$$VAR_NOT_INTERPOLATED_BY_COMPOSE"
+</pre></div> <p>If you forget and use a single dollar sign (<code class="language-plaintext highlighter-rouge">$</code>), Compose interprets the value as an environment variable and warns you:</p> <div class="highlight"><pre class="highlight" data-language="">The VAR_NOT_INTERPOLATED_BY_COMPOSE is not set. Substituting an empty string.
+</pre></div> <h2 id="extension-fields">Extension fields</h2> <blockquote> <p>Added in <a href="../compose-versioning/index#version-21">version 2.1</a> file format.</p> </blockquote> <p>It is possible to re-use configuration fragments using extension fields. Those special fields can be of any format as long as they are located at the root of your Compose file and their name start with the <code class="language-plaintext highlighter-rouge">x-</code> character sequence.</p> <blockquote> <p><strong>Note</strong></p> <p>Starting with the 3.7 format (for the 3.x series) and 2.4 format (for the 2.x series), extension fields are also allowed at the root of service, volume, network, config and secret definitions.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+x-custom:
+  items:
+    - a
+    - b
+  options:
+    max-size: '12m'
+  name: "custom"
+</pre></div> <p>The contents of those fields are ignored by Compose, but they can be inserted in your resource definitions using <a href="https://yaml.org/spec/1.2/spec.html#id2765878">YAML anchors</a>. For example, if you want several of your services to use the same logging configuration:</p> <div class="highlight"><pre class="highlight" data-language="">logging:
+  options:
+    max-size: '12m'
+    max-file: '5'
+  driver: json-file
+</pre></div> <p>You may write your Compose file as follows:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+x-logging:
+  &amp;default-logging
+  options:
+    max-size: '12m'
+    max-file: '5'
+  driver: json-file
+
+services:
+  web:
+    image: myapp/web:latest
+    logging: *default-logging
+  db:
+    image: mysql:latest
+    logging: *default-logging
+</pre></div> <p>It is also possible to partially override values in extension fields using the <a href="https://yaml.org/type/merge.html">YAML merge type</a>. For example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+x-volumes:
+  &amp;default-volume
+  driver: foobar-storage
+
+services:
+  web:
+    image: myapp/web:latest
+    volumes: ["vol1", "vol2", "vol3"]
+volumes:
+  vol1: *default-volume
+  vol2:
+    &lt;&lt; : *default-volume
+    name: volume02
+  vol3:
+    &lt;&lt; : *default-volume
+    driver: default
+    name: volume-local
+</pre></div> <h2 id="compose-documentation">Compose documentation</h2> <ul> <li><a href="../../index">User guide</a></li> <li><a href="../../install/index">Installing Compose</a></li> <li><a href="../compose-versioning/index">Compose file versions and upgrading</a></li> <li><a href="../../samples-for-compose/index">Sample apps with Compose</a></li> <li><a href="../../reference/index">Command line reference</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose%20version%202">compose version 2</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/compose-file/compose-file-v2/" class="_attribution-link">https://docs.docker.com/compose/compose-file/compose-file-v2/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fcompose-file%2Fcompose-file-v3%2Findex.html b/devdocs/docker/compose%2Fcompose-file%2Fcompose-file-v3%2Findex.html
new file mode 100644
index 00000000..de60a581
--- /dev/null
+++ b/devdocs/docker/compose%2Fcompose-file%2Fcompose-file-v3%2Findex.html
@@ -0,0 +1,996 @@
+<h1>Compose file version 3 reference</h1>
+
+<h2 id="reference-and-guidelines">Reference and guidelines</h2> <p>These topics describe version 3 of the Compose file format. This is the newest version.</p> <h2 id="compose-and-docker-compatibility-matrix">Compose and Docker compatibility matrix</h2> <p>There are several versions of the Compose file format – 1, 2, 2.x, and 3.x. The table below is a quick look. For full details on what each version includes and how to upgrade, see <strong><a href="../compose-versioning/index">About versions and upgrading</a></strong>.</p> <p>This table shows which Compose file versions support specific Docker releases.</p> <table> <thead> <tr> <th><strong>Compose file format</strong></th> <th><strong>Docker Engine release</strong></th> </tr> </thead> <tbody> <tr> <td>Compose specification</td> <td>19.03.0+</td> </tr> <tr> <td>3.8</td> <td>19.03.0+</td> </tr> <tr> <td>3.7</td> <td>18.06.0+</td> </tr> <tr> <td>3.6</td> <td>18.02.0+</td> </tr> <tr> <td>3.5</td> <td>17.12.0+</td> </tr> <tr> <td>3.4</td> <td>17.09.0+</td> </tr> <tr> <td>3.3</td> <td>17.06.0+</td> </tr> <tr> <td>3.2</td> <td>17.04.0+</td> </tr> <tr> <td>3.1</td> <td>1.13.1+</td> </tr> <tr> <td>3.0</td> <td>1.13.0+</td> </tr> <tr> <td>2.4</td> <td>17.12.0+</td> </tr> <tr> <td>2.3</td> <td>17.06.0+</td> </tr> <tr> <td>2.2</td> <td>1.13.0+</td> </tr> <tr> <td>2.1</td> <td>1.12.0+</td> </tr> <tr> <td>2.0</td> <td>1.10.0+</td> </tr> </tbody> </table> <p>In addition to Compose file format versions shown in the table, the Compose itself is on a release schedule, as shown in <a href="https://github.com/docker/compose/releases/">Compose releases</a>, but file format versions do not necessarily increment with each release. For example, Compose file format 3.0 was first introduced in <a href="https://github.com/docker/compose/releases/tag/1.10.0">Compose release 1.10.0</a>, and versioned gradually in subsequent releases.</p> <p>The latest Compose file format is defined by the <a href="https://github.com/compose-spec/compose-spec/blob/master/spec/" target="_blank" rel="noopener" class="_">Compose Specification</a> and is implemented by Docker Compose <strong>1.27.0+</strong>.</p> <h2 id="compose-file-structure-and-examples">Compose file structure and examples</h2> <p>Here is a sample Compose file from the voting app sample used in the <a href="https://github.com/docker/labs/tree/master/beginner/">Docker for Beginners lab</a> topic on <a href="https://github.com/docker/labs/blob/master/beginner/chapters/votingapp/">Deploying an app to a Swarm</a>:</p> <div class="panel panel-default"> <div class="panel-heading collapsed" data-toggle="collapse" data-target="#collapseSample1" style="cursor: pointer"> Example Compose file version 3  </div> <div class="collapse block" id="collapseSample1"> <div class="highlight"><pre class="highlight" data-language="">
+version: "3.9"
+services:
+
+  redis:
+    image: redis:alpine
+    ports:
+      - "6379"
+    networks:
+      - frontend
+    deploy:
+      replicas: 2
+      update_config:
+        parallelism: 2
+        delay: 10s
+      restart_policy:
+        condition: on-failure
+
+  db:
+    image: postgres:9.4
+    volumes:
+      - db-data:/var/lib/postgresql/data
+    networks:
+      - backend
+    deploy:
+      placement:
+        max_replicas_per_node: 1
+        constraints:
+          - "node.role==manager"
+
+  vote:
+    image: dockersamples/examplevotingapp_vote:before
+    ports:
+      - "5000:80"
+    networks:
+      - frontend
+    depends_on:
+      - redis
+    deploy:
+      replicas: 2
+      update_config:
+        parallelism: 2
+      restart_policy:
+        condition: on-failure
+
+  result:
+    image: dockersamples/examplevotingapp_result:before
+    ports:
+      - "5001:80"
+    networks:
+      - backend
+    depends_on:
+      - db
+    deploy:
+      replicas: 1
+      update_config:
+        parallelism: 2
+        delay: 10s
+      restart_policy:
+        condition: on-failure
+
+  worker:
+    image: dockersamples/examplevotingapp_worker
+    networks:
+      - frontend
+      - backend
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels: [APP=VOTING]
+      restart_policy:
+        condition: on-failure
+        delay: 10s
+        max_attempts: 3
+        window: 120s
+      placement:
+        constraints:
+          - "node.role==manager"
+
+  visualizer:
+    image: dockersamples/visualizer:stable
+    ports:
+      - "8080:8080"
+    stop_grace_period: 1m30s
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    deploy:
+      placement:
+        constraints:
+          - "node.role==manager"
+
+networks:
+  frontend:
+  backend:
+
+volumes:
+  db-data:
+</pre></div>  </div> </div> <p>The topics on this reference page are organized alphabetically by top-level key to reflect the structure of the Compose file itself. Top-level keys that define a section in the configuration file such as <code class="language-plaintext highlighter-rouge">build</code>, <code class="language-plaintext highlighter-rouge">deploy</code>, <code class="language-plaintext highlighter-rouge">depends_on</code>, <code class="language-plaintext highlighter-rouge">networks</code>, and so on, are listed with the options that support them as sub-topics. This maps to the <code class="language-plaintext highlighter-rouge">&lt;key&gt;: &lt;option&gt;: &lt;value&gt;</code> indent structure of the Compose file.</p> <h2 id="service-configuration-reference">Service configuration reference</h2> <p>The Compose file is a <a href="https://yaml.org">YAML</a> file defining <a href="#service-configuration-reference">services</a>, <a href="#network-configuration-reference">networks</a> and <a href="#volume-configuration-reference">volumes</a>. The default path for a Compose file is <code class="language-plaintext highlighter-rouge">./docker-compose.yml</code>.</p> <blockquote> <p><strong>Tip</strong>: You can use either a <code class="language-plaintext highlighter-rouge">.yml</code> or <code class="language-plaintext highlighter-rouge">.yaml</code> extension for this file. They both work.</p> </blockquote> <p>A service definition contains configuration that is applied to each container started for that service, much like passing command-line parameters to <code class="language-plaintext highlighter-rouge">docker run</code>. Likewise, network and volume definitions are analogous to <code class="language-plaintext highlighter-rouge">docker network create</code> and <code class="language-plaintext highlighter-rouge">docker volume create</code>.</p> <p>As with <code class="language-plaintext highlighter-rouge">docker run</code>, options specified in the Dockerfile, such as <code class="language-plaintext highlighter-rouge">CMD</code>, <code class="language-plaintext highlighter-rouge">EXPOSE</code>, <code class="language-plaintext highlighter-rouge">VOLUME</code>, <code class="language-plaintext highlighter-rouge">ENV</code>, are respected by default - you don’t need to specify them again in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code>.</p> <p>You can use environment variables in configuration values with a Bash-like <code class="language-plaintext highlighter-rouge">${VARIABLE}</code> syntax - see <a href="#variable-substitution">variable substitution</a> for full details.</p> <p>This section contains a list of all configuration options supported by a service definition in version 3.</p> <h3 id="build">build</h3> <p>Configuration options that are applied at build time.</p> <p><code class="language-plaintext highlighter-rouge">build</code> can be specified either as a string containing a path to the build context:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  webapp:
+    build: ./dir
+</pre></div> <p>Or, as an object with the path specified under <a href="#context">context</a> and optionally <a href="#dockerfile">Dockerfile</a> and <a href="#args">args</a>:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  webapp:
+    build:
+      context: ./dir
+      dockerfile: Dockerfile-alternate
+      args:
+        buildno: 1
+</pre></div> <p>If you specify <code class="language-plaintext highlighter-rouge">image</code> as well as <code class="language-plaintext highlighter-rouge">build</code>, then Compose names the built image with the <code class="language-plaintext highlighter-rouge">webapp</code> and optional <code class="language-plaintext highlighter-rouge">tag</code> specified in <code class="language-plaintext highlighter-rouge">image</code>:</p> <div class="highlight"><pre class="highlight" data-language="">build: ./dir
+image: webapp:tag
+</pre></div> <p>This results in an image named <code class="language-plaintext highlighter-rouge">webapp</code> and tagged <code class="language-plaintext highlighter-rouge">tag</code>, built from <code class="language-plaintext highlighter-rouge">./dir</code>.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">build</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a> The <code class="language-plaintext highlighter-rouge">docker stack</code> command does not build images before deploying.</p> </blockquote> <h4 id="context">context</h4> <p>Either a path to a directory containing a Dockerfile, or a url to a git repository.</p> <p>When the value supplied is a relative path, it is interpreted as relative to the location of the Compose file. This directory is also the build context that is sent to the Docker daemon.</p> <p>Compose builds and tags it with a generated name, and uses that image thereafter.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: ./dir
+</pre></div> <h4 id="dockerfile">dockerfile</h4> <p>Alternate Dockerfile.</p> <p>Compose uses an alternate file to build with. A build path must also be specified.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  dockerfile: Dockerfile-alternate
+</pre></div> <h4 id="args">args</h4> <p>Add build arguments, which are environment variables accessible only during the build process.</p> <p>First, specify the arguments in your Dockerfile:</p> <div class="highlight"><pre class="highlight" data-language=""># syntax=docker/dockerfile:1
+
+ARG buildno
+ARG gitcommithash
+
+RUN echo "Build number: $buildno"
+RUN echo "Based on commit: $gitcommithash"
+</pre></div> <p>Then specify the arguments under the <code class="language-plaintext highlighter-rouge">build</code> key. You can pass a mapping or a list:</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  args:
+    buildno: 1
+    gitcommithash: cdc3b19
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  args:
+    - buildno=1
+    - gitcommithash=cdc3b19
+</pre></div> <blockquote> <p>Scope of build-args</p> <p>In your Dockerfile, if you specify <code class="language-plaintext highlighter-rouge">ARG</code> before the <code class="language-plaintext highlighter-rouge">FROM</code> instruction, <code class="language-plaintext highlighter-rouge">ARG</code> is not available in the build instructions under <code class="language-plaintext highlighter-rouge">FROM</code>. If you need an argument to be available in both places, also specify it under the <code class="language-plaintext highlighter-rouge">FROM</code> instruction. Refer to the <a href="../../../engine/reference/builder/index#understand-how-arg-and-from-interact">understand how ARGS and FROM interact</a> section in the documentation for usage details.</p> </blockquote> <p>You can omit the value when specifying a build argument, in which case its value at build time is the value in the environment where Compose is running.</p> <div class="highlight"><pre class="highlight" data-language="">args:
+  - buildno
+  - gitcommithash
+</pre></div> <blockquote> <p>Tip when using boolean values</p> <p>YAML boolean values (<code class="language-plaintext highlighter-rouge">"true"</code>, <code class="language-plaintext highlighter-rouge">"false"</code>, <code class="language-plaintext highlighter-rouge">"yes"</code>, <code class="language-plaintext highlighter-rouge">"no"</code>, <code class="language-plaintext highlighter-rouge">"on"</code>, <code class="language-plaintext highlighter-rouge">"off"</code>) must be enclosed in quotes, so that the parser interprets them as strings.</p> </blockquote> <h4 id="cache_from">cache_from</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format</p> </blockquote> <p>A list of images that the engine uses for cache resolution.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  cache_from:
+    - alpine:latest
+    - corp/web_app:3.14
+</pre></div> <h4 id="labels">labels</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-33">version 3.3</a> file format</p> </blockquote> <p>Add metadata to the resulting image using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  labels:
+    com.example.description: "Accounting webapp"
+    com.example.department: "Finance"
+    com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  labels:
+    - "com.example.description=Accounting webapp"
+    - "com.example.department=Finance"
+    - "com.example.label-with-empty-value"
+</pre></div> <h4 id="network">network</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format</p> </blockquote> <p>Set the network containers connect to for the <code class="language-plaintext highlighter-rouge">RUN</code> instructions during build.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  network: host
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  network: custom_network_1
+</pre></div> <p>Use <code class="language-plaintext highlighter-rouge">none</code> to disable networking during build:</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  network: none
+</pre></div> <h4 id="shm_size">shm_size</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-35">version 3.5</a> file format</p> </blockquote> <p>Set the size of the <code class="language-plaintext highlighter-rouge">/dev/shm</code> partition for this build’s containers. Specify as an integer value representing the number of bytes or as a string expressing a <a href="#specifying-byte-values">byte value</a>.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  shm_size: '2gb'
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  shm_size: 10000000
+</pre></div> <h4 id="target">target</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format</p> </blockquote> <p>Build the specified stage as defined inside the <code class="language-plaintext highlighter-rouge">Dockerfile</code>. See the <a href="https://docs.docker.com/develop/develop-images/multistage-build/">multi-stage build docs</a> for details.</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  target: prod
+</pre></div> <h3 id="cap_add-cap_drop">cap_add, cap_drop</h3> <p>Add or drop container capabilities. See <code class="language-plaintext highlighter-rouge">man 7 capabilities</code> for a full list.</p> <div class="highlight"><pre class="highlight" data-language="">cap_add:
+  - ALL
+
+cap_drop:
+  - NET_ADMIN
+  - SYS_ADMIN
+</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">cap_add</code> and <code class="language-plaintext highlighter-rouge">cap_drop</code> options are ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="cgroup_parent">cgroup_parent</h3> <p>Specify an optional parent cgroup for the container.</p> <div class="highlight"><pre class="highlight" data-language="">cgroup_parent: m-executor-abcd
+</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">cgroup_parent</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="command">command</h3> <p>Override the default command.</p> <div class="highlight"><pre class="highlight" data-language="">command: bundle exec thin -p 3000
+</pre></div> <p>The command can also be a list, in a manner similar to <a href="../../../engine/reference/builder/index#cmd">dockerfile</a>:</p> <div class="highlight"><pre class="highlight" data-language="">command: ["bundle", "exec", "thin", "-p", "3000"]
+</pre></div> <h3 id="configs">configs</h3> <p>Grant access to configs on a per-service basis using the per-service <code class="language-plaintext highlighter-rouge">configs</code> configuration. Two different syntax variants are supported.</p> <blockquote> <p><strong>Note</strong>: The config must already exist or be <a href="#configs-configuration-reference">defined in the top-level <code class="language-plaintext highlighter-rouge">configs</code> configuration</a> of this stack file, or stack deployment fails.</p> </blockquote> <p>For more information on configs, see <a href="../../../engine/swarm/configs/index">configs</a>.</p> <h4 id="short-syntax">Short syntax</h4> <p>The short syntax variant only specifies the config name. This grants the container access to the config and mounts it at <code class="language-plaintext highlighter-rouge">/&lt;config_name&gt;</code> within the container. The source name and destination mountpoint are both set to the config name.</p> <p>The following example uses the short syntax to grant the <code class="language-plaintext highlighter-rouge">redis</code> service access to the <code class="language-plaintext highlighter-rouge">my_config</code> and <code class="language-plaintext highlighter-rouge">my_other_config</code> configs. The value of <code class="language-plaintext highlighter-rouge">my_config</code> is set to the contents of the file <code class="language-plaintext highlighter-rouge">./my_config.txt</code>, and <code class="language-plaintext highlighter-rouge">my_other_config</code> is defined as an external resource, which means that it has already been defined in Docker, either by running the <code class="language-plaintext highlighter-rouge">docker config create</code> command or by another stack deployment. If the external config does not exist, the stack deployment fails with a <code class="language-plaintext highlighter-rouge">config not found</code> error.</p> <blockquote> <p>Added in <a href="../compose-versioning/index#version-33">version 3.3</a> file format.</p> <p><code class="language-plaintext highlighter-rouge">config</code> definitions are only supported in version 3.3 and higher of the compose file format.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  redis:
+    image: redis:latest
+    deploy:
+      replicas: 1
+    configs:
+      - my_config
+      - my_other_config
+configs:
+  my_config:
+    file: ./my_config.txt
+  my_other_config:
+    external: true
+</pre></div> <h4 id="long-syntax">Long syntax</h4> <p>The long syntax provides more granularity in how the config is created within the service’s task containers.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">source</code>: The identifier of the config as it is defined in this configuration.</li> <li>
+<code class="language-plaintext highlighter-rouge">target</code>: The path and name of the file to be mounted in the service’s task containers. Defaults to <code class="language-plaintext highlighter-rouge">/&lt;source&gt;</code> if not specified.</li> <li>
+<code class="language-plaintext highlighter-rouge">uid</code> and <code class="language-plaintext highlighter-rouge">gid</code>: The numeric UID or GID that owns the mounted config file within in the service’s task containers. Both default to <code class="language-plaintext highlighter-rouge">0</code> on Linux if not specified. Not supported on Windows.</li> <li>
+<code class="language-plaintext highlighter-rouge">mode</code>: The permissions for the file that is mounted within the service’s task containers, in octal notation. For instance, <code class="language-plaintext highlighter-rouge">0444</code> represents world-readable. The default is <code class="language-plaintext highlighter-rouge">0444</code>. Configs cannot be writable because they are mounted in a temporary filesystem, so if you set the writable bit, it is ignored. The executable bit can be set. If you aren’t familiar with UNIX file permission modes, you may find this <a href="http://permissions-calculator.org/" target="_blank" rel="noopener" class="_">permissions calculator</a> useful.</li> </ul> <p>The following example sets the name of <code class="language-plaintext highlighter-rouge">my_config</code> to <code class="language-plaintext highlighter-rouge">redis_config</code> within the container, sets the mode to <code class="language-plaintext highlighter-rouge">0440</code> (group-readable) and sets the user and group to <code class="language-plaintext highlighter-rouge">103</code>. The <code class="language-plaintext highlighter-rouge">redis</code> service does not have access to the <code class="language-plaintext highlighter-rouge">my_other_config</code> config.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  redis:
+    image: redis:latest
+    deploy:
+      replicas: 1
+    configs:
+      - source: my_config
+        target: /redis_config
+        uid: '103'
+        gid: '103'
+        mode: 0440
+configs:
+  my_config:
+    file: ./my_config.txt
+  my_other_config:
+    external: true
+</pre></div> <p>You can grant a service access to multiple configs and you can mix long and short syntax. Defining a config does not imply granting a service access to it.</p> <h3 id="container_name">container_name</h3> <p>Specify a custom container name, rather than a generated default name.</p> <div class="highlight"><pre class="highlight" data-language="">container_name: my-web-container
+</pre></div> <p>Because Docker container names must be unique, you cannot scale a service beyond 1 container if you have specified a custom name. Attempting to do so results in an error.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">container_name</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="credential_spec">credential_spec</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-33">version 3.3</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">credential_spec</code> option was added in v3.3. Using group Managed Service Account (gMSA) configurations with compose files is supported in file format version 3.8 or up.</p> </blockquote> <p>Configure the credential spec for managed service account. This option is only used for services using Windows containers. The <code class="language-plaintext highlighter-rouge">credential_spec</code> must be in the format <code class="language-plaintext highlighter-rouge">file://&lt;filename&gt;</code> or <code class="language-plaintext highlighter-rouge">registry://&lt;value-name&gt;</code>.</p> <p>When using <code class="language-plaintext highlighter-rouge">file:</code>, the referenced file must be present in the <code class="language-plaintext highlighter-rouge">CredentialSpecs</code> subdirectory in the Docker data directory, which defaults to <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\</code> on Windows. The following example loads the credential spec from a file named <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\CredentialSpecs\my-credential-spec.json</code>.</p> <div class="highlight"><pre class="highlight" data-language="">credential_spec:
+  file: my-credential-spec.json
+</pre></div> <p>When using <code class="language-plaintext highlighter-rouge">registry:</code>, the credential spec is read from the Windows registry on the daemon’s host. A registry value with the given name must be located in:</p> <div class="highlight"><pre class="highlight" data-language="">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs
+</pre></div> <p>The following example load the credential spec from a value named <code class="language-plaintext highlighter-rouge">my-credential-spec</code> in the registry:</p> <div class="highlight"><pre class="highlight" data-language="">credential_spec:
+  registry: my-credential-spec
+</pre></div> <h4 id="example-gmsa-configuration">Example gMSA configuration</h4> <p>When configuring a gMSA credential spec for a service, you only need to specify a credential spec with <code class="language-plaintext highlighter-rouge">config</code>, as shown in the following example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  myservice:
+    image: myimage:latest
+    credential_spec:
+      config: my_credential_spec
+
+configs:
+  my_credentials_spec:
+    file: ./my-credential-spec.json|
+</pre></div> <h3 id="depends_on">depends_on</h3> <p>Express dependency between services. Service dependencies cause the following behaviors:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">docker-compose up</code> starts services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code> are started before <code class="language-plaintext highlighter-rouge">web</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">docker-compose up SERVICE</code> automatically includes <code class="language-plaintext highlighter-rouge">SERVICE</code>’s dependencies. In the example below, <code class="language-plaintext highlighter-rouge">docker-compose up web</code> also creates and starts <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">docker-compose stop</code> stops services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">web</code> is stopped before <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code>.</li> </ul> <p>Simple example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    build: .
+    depends_on:
+      - db
+      - redis
+  redis:
+    image: redis
+  db:
+    image: postgres
+</pre></div> <blockquote> <p>There are several things to be aware of when using <code class="language-plaintext highlighter-rouge">depends_on</code>:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">depends_on</code> does not wait for <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code> to be “ready” before starting <code class="language-plaintext highlighter-rouge">web</code> - only until they have been started. If you need to wait for a service to be ready, see <a href="../../startup-order/index">Controlling startup order</a> for more on this problem and strategies for solving it.</li> <li>The <code class="language-plaintext highlighter-rouge">depends_on</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a> with a version 3 Compose file.</li> </ul> </blockquote> <h3 id="deploy">deploy</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-3">version 3</a> file format.</p> </blockquote> <p>Specify configuration related to the deployment and running of services. The following<br> sub-options only takes effect when deploying to a <a href="../../../engine/swarm/index">swarm</a> with <a href="../../../engine/reference/commandline/stack_deploy/index">docker stack deploy</a>, and is ignored by <code class="language-plaintext highlighter-rouge">docker-compose up</code> and <code class="language-plaintext highlighter-rouge">docker-compose run</code>, except for <code class="language-plaintext highlighter-rouge">resources</code>.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  redis:
+    image: redis:alpine
+    deploy:
+      replicas: 6
+      placement:
+        max_replicas_per_node: 1
+      update_config:
+        parallelism: 2
+        delay: 10s
+      restart_policy:
+        condition: on-failure
+</pre></div> <p>Several sub-options are available:</p> <h4 id="endpoint_mode">endpoint_mode</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format.</p> </blockquote> <p>Specify a service discovery method for external clients connecting to a swarm.</p> <ul> <li> <p><code class="language-plaintext highlighter-rouge">endpoint_mode: vip</code> - Docker assigns the service a virtual IP (VIP) that acts as the front end for clients to reach the service on a network. Docker routes requests between the client and available worker nodes for the service, without client knowledge of how many nodes are participating in the service or their IP addresses or ports. (This is the default.)</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">endpoint_mode: dnsrr</code> - DNS round-robin (DNSRR) service discovery does not use a single virtual IP. Docker sets up DNS entries for the service such that a DNS query for the service name returns a list of IP addresses, and the client connects directly to one of these. DNS round-robin is useful in cases where you want to use your own load balancer, or for Hybrid Windows and Linux applications.</p> </li> </ul> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+
+services:
+  wordpress:
+    image: wordpress
+    ports:
+      - "8080:80"
+    networks:
+      - overlay
+    deploy:
+      mode: replicated
+      replicas: 2
+      endpoint_mode: vip
+
+  mysql:
+    image: mysql
+    volumes:
+       - db-data:/var/lib/mysql/data
+    networks:
+       - overlay
+    deploy:
+      mode: replicated
+      replicas: 2
+      endpoint_mode: dnsrr
+
+volumes:
+  db-data:
+
+networks:
+  overlay:
+</pre></div> <p>The options for <code class="language-plaintext highlighter-rouge">endpoint_mode</code> also work as flags on the swarm mode CLI command <a href="../../../engine/reference/commandline/service_create/index">docker service create</a>. For a quick list of all swarm related <code class="language-plaintext highlighter-rouge">docker</code> commands, see <a href="../../../engine/swarm/index#swarm-mode-key-concepts-and-tutorial">Swarm mode CLI commands</a>.</p> <p>To learn more about service discovery and networking in swarm mode, see <a href="https://docs.docker.com/network/overlay#configure-service-discovery">Configure service discovery</a> in the swarm mode topics.</p> <h4 id="labels-1">labels</h4> <p>Specify labels for the service. These labels are <em>only</em> set on the service, and <em>not</em> on any containers for the service.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    image: web
+    deploy:
+      labels:
+        com.example.description: "This label will appear on the web service"
+</pre></div> <p>To set labels on containers instead, use the <code class="language-plaintext highlighter-rouge">labels</code> key outside of <code class="language-plaintext highlighter-rouge">deploy</code>:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    image: web
+    labels:
+      com.example.description: "This label will appear on all containers for the web service"
+</pre></div> <h4 id="mode">mode</h4> <p>Either <code class="language-plaintext highlighter-rouge">global</code> (exactly one container per swarm node) or <code class="language-plaintext highlighter-rouge">replicated</code> (a specified number of containers). The default is <code class="language-plaintext highlighter-rouge">replicated</code>. (To learn more, see <a href="../../../engine/swarm/how-swarm-mode-works/services/index#replicated-and-global-services">Replicated and global services</a> in the <a href="../../../engine/swarm/index">swarm</a> topics.)</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  worker:
+    image: dockersamples/examplevotingapp_worker
+    deploy:
+      mode: global
+</pre></div> <h4 id="placement">placement</h4> <p>Specify placement of constraints and preferences. See the docker service create documentation for a full description of the syntax and available types of <a href="../../../engine/reference/commandline/service_create/index#specify-service-constraints---constraint">constraints</a>, <a href="../../../engine/reference/commandline/service_create/index#specify-service-placement-preferences---placement-pref">preferences</a>, and <a href="../../../engine/reference/commandline/service_create/index#specify-maximum-replicas-per-node---replicas-max-per-node">specifying the maximum replicas per node</a></p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  db:
+    image: postgres
+    deploy:
+      placement:
+        constraints:
+          - "node.role==manager"
+          - "engine.labels.operatingsystem==ubuntu 18.04"
+        preferences:
+          - spread: node.labels.zone
+</pre></div> <h4 id="max_replicas_per_node">max_replicas_per_node</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-38">version 3.8</a> file format.</p> </blockquote> <p>If the service is <code class="language-plaintext highlighter-rouge">replicated</code> (which is the default), <a href="../../../engine/reference/commandline/service_create/index#specify-maximum-replicas-per-node---replicas-max-per-node">limit the number of replicas</a> that can run on a node at any time.</p> <p>When there are more tasks requested than running nodes, an error <code class="language-plaintext highlighter-rouge">no suitable node (max replicas per node limit exceed)</code> is raised.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  worker:
+    image: dockersamples/examplevotingapp_worker
+    networks:
+      - frontend
+      - backend
+    deploy:
+      mode: replicated
+      replicas: 6
+      placement:
+        max_replicas_per_node: 1
+</pre></div> <h4 id="replicas">replicas</h4> <p>If the service is <code class="language-plaintext highlighter-rouge">replicated</code> (which is the default), specify the number of containers that should be running at any given time.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  worker:
+    image: dockersamples/examplevotingapp_worker
+    networks:
+      - frontend
+      - backend
+    deploy:
+      mode: replicated
+      replicas: 6
+</pre></div> <h4 id="resources">resources</h4> <p>Configures resource constraints.</p> <blockquote> <p>Changed in compose-file version 3</p> <p>The <code class="language-plaintext highlighter-rouge">resources</code> section replaces the <a href="../compose-file-v2/index#cpu-and-other-resources">older resource constraint options</a> in Compose files prior to version 3 (<code class="language-plaintext highlighter-rouge">cpu_shares</code>, <code class="language-plaintext highlighter-rouge">cpu_quota</code>, <code class="language-plaintext highlighter-rouge">cpuset</code>, <code class="language-plaintext highlighter-rouge">mem_limit</code>, <code class="language-plaintext highlighter-rouge">memswap_limit</code>, <code class="language-plaintext highlighter-rouge">mem_swappiness</code>). Refer to <a href="../compose-versioning/index#upgrading">Upgrading version 2.x to 3.x</a> to learn about differences between version 2 and 3 of the compose-file format.</p> </blockquote> <p>Each of these is a single value, analogous to its <a href="../../../engine/reference/commandline/service_create/index">docker service create</a> counterpart.</p> <p>In this general example, the <code class="language-plaintext highlighter-rouge">redis</code> service is constrained to use no more than 50M of memory and <code class="language-plaintext highlighter-rouge">0.50</code> (50% of a single core) of available processing time (CPU), and has <code class="language-plaintext highlighter-rouge">20M</code> of memory and <code class="language-plaintext highlighter-rouge">0.25</code> CPU time reserved (as always available to it).</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  redis:
+    image: redis:alpine
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 50M
+        reservations:
+          cpus: '0.25'
+          memory: 20M
+</pre></div> <p>The topics below describe available options to set resource constraints on services or containers in a swarm.</p> <blockquote class="important"> <p>Looking for options to set resources on non swarm mode containers?</p> <p>The options described here are specific to the <code class="language-plaintext highlighter-rouge">deploy</code> key and swarm mode. If you want to set resource constraints on non swarm deployments, use <a href="../compose-file-v2/index#cpu-and-other-resources">Compose file format version 2 CPU, memory, and other resource options</a>. If you have further questions, refer to the discussion on the GitHub issue <a href="https://github.com/docker/compose/issues/4513" target="_blank" rel="noopener" class="_">docker/compose/4513</a>.</p> </blockquote> <h5 id="out-of-memory-exceptions-oome">Out Of Memory Exceptions (OOME)</h5> <p>If your services or containers attempt to use more memory than the system has available, you may experience an Out Of Memory Exception (OOME) and a container, or the Docker daemon, might be killed by the kernel OOM killer. To prevent this from happening, ensure that your application runs on hosts with adequate memory and see <a href="https://docs.docker.com/config/containers/resource_constraints/#understand-the-risks-of-running-out-of-memory">Understand the risks of running out of memory</a>.</p> <h4 id="restart_policy">restart_policy</h4> <p>Configures if and how to restart containers when they exit. Replaces <a href="../compose-file-v2/index#orig-resources"><code class="language-plaintext highlighter-rouge">restart</code></a>.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">condition</code>: One of <code class="language-plaintext highlighter-rouge">none</code>, <code class="language-plaintext highlighter-rouge">on-failure</code> or <code class="language-plaintext highlighter-rouge">any</code> (default: <code class="language-plaintext highlighter-rouge">any</code>).</li> <li>
+<code class="language-plaintext highlighter-rouge">delay</code>: How long to wait between restart attempts, specified as a <a href="#specifying-durations">duration</a> (default: 5s).</li> <li>
+<code class="language-plaintext highlighter-rouge">max_attempts</code>: How many times to attempt to restart a container before giving up (default: never give up). If the restart does not succeed within the configured <code class="language-plaintext highlighter-rouge">window</code>, this attempt doesn’t count toward the configured <code class="language-plaintext highlighter-rouge">max_attempts</code> value. For example, if <code class="language-plaintext highlighter-rouge">max_attempts</code> is set to ‘2’, and the restart fails on the first attempt, more than two restarts may be attempted.</li> <li>
+<code class="language-plaintext highlighter-rouge">window</code>: How long to wait before deciding if a restart has succeeded, specified as a <a href="#specifying-durations">duration</a> (default: decide immediately).</li> </ul> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  redis:
+    image: redis:alpine
+    deploy:
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 3
+        window: 120s
+</pre></div> <h4 id="rollback_config">rollback_config</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-37">version 3.7</a> file format.</p> </blockquote> <p>Configures how the service should be rollbacked in case of a failing update.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">parallelism</code>: The number of containers to rollback at a time. If set to 0, all containers rollback simultaneously.</li> <li>
+<code class="language-plaintext highlighter-rouge">delay</code>: The time to wait between each container group’s rollback (default 0s).</li> <li>
+<code class="language-plaintext highlighter-rouge">failure_action</code>: What to do if a rollback fails. One of <code class="language-plaintext highlighter-rouge">continue</code> or <code class="language-plaintext highlighter-rouge">pause</code> (default <code class="language-plaintext highlighter-rouge">pause</code>)</li> <li>
+<code class="language-plaintext highlighter-rouge">monitor</code>: Duration after each task update to monitor for failure <code class="language-plaintext highlighter-rouge">(ns|us|ms|s|m|h)</code> (default 5s) <strong>Note</strong>: Setting to 0 will use the default 5s.</li> <li>
+<code class="language-plaintext highlighter-rouge">max_failure_ratio</code>: Failure rate to tolerate during a rollback (default 0).</li> <li>
+<code class="language-plaintext highlighter-rouge">order</code>: Order of operations during rollbacks. One of <code class="language-plaintext highlighter-rouge">stop-first</code> (old task is stopped before starting new one), or <code class="language-plaintext highlighter-rouge">start-first</code> (new task is started first, and the running tasks briefly overlap) (default <code class="language-plaintext highlighter-rouge">stop-first</code>).</li> </ul> <h4 id="update_config">update_config</h4> <p>Configures how the service should be updated. Useful for configuring rolling updates.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">parallelism</code>: The number of containers to update at a time.</li> <li>
+<code class="language-plaintext highlighter-rouge">delay</code>: The time to wait between updating a group of containers.</li> <li>
+<code class="language-plaintext highlighter-rouge">failure_action</code>: What to do if an update fails. One of <code class="language-plaintext highlighter-rouge">continue</code>, <code class="language-plaintext highlighter-rouge">rollback</code>, or <code class="language-plaintext highlighter-rouge">pause</code> (default: <code class="language-plaintext highlighter-rouge">pause</code>).</li> <li>
+<code class="language-plaintext highlighter-rouge">monitor</code>: Duration after each task update to monitor for failure <code class="language-plaintext highlighter-rouge">(ns|us|ms|s|m|h)</code> (default 5s) <strong>Note</strong>: Setting to 0 will use the default 5s.</li> <li>
+<code class="language-plaintext highlighter-rouge">max_failure_ratio</code>: Failure rate to tolerate during an update.</li> <li>
+<code class="language-plaintext highlighter-rouge">order</code>: Order of operations during updates. One of <code class="language-plaintext highlighter-rouge">stop-first</code> (old task is stopped before starting new one), or <code class="language-plaintext highlighter-rouge">start-first</code> (new task is started first, and the running tasks briefly overlap) (default <code class="language-plaintext highlighter-rouge">stop-first</code>) <strong>Note</strong>: Only supported for v3.4 and higher.</li> </ul> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">order</code> option is only supported by v3.4 and higher of the compose file format.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  vote:
+    image: dockersamples/examplevotingapp_vote:before
+    depends_on:
+      - redis
+    deploy:
+      replicas: 2
+      update_config:
+        parallelism: 2
+        delay: 10s
+        order: stop-first
+</pre></div> <h4 id="not-supported-for-docker-stack-deploy">Not supported for <code class="language-plaintext highlighter-rouge">docker stack deploy</code>
+</h4> <p>The following sub-options (supported for <code class="language-plaintext highlighter-rouge">docker-compose up</code> and <code class="language-plaintext highlighter-rouge">docker-compose run</code>) are <em>not supported</em> for <code class="language-plaintext highlighter-rouge">docker stack deploy</code> or the <code class="language-plaintext highlighter-rouge">deploy</code> key.</p> <ul> <li><a href="#build">build</a></li> <li><a href="#cgroup_parent">cgroup_parent</a></li> <li><a href="#container_name">container_name</a></li> <li><a href="#devices">devices</a></li> <li><a href="#tmpfs">tmpfs</a></li> <li><a href="#external_links">external_links</a></li> <li><a href="#links">links</a></li> <li><a href="#network_mode">network_mode</a></li> <li><a href="#restart">restart</a></li> <li><a href="#security_opt">security_opt</a></li> <li><a href="#userns_mode">userns_mode</a></li> </ul> <blockquote> <p>Tip</p> <p>See the section on <a href="#volumes-for-services-swarms-and-stack-files">how to configure volumes for services, swarms, and docker-stack.yml files</a>. Volumes <em>are</em> supported but to work with swarms and services, they must be configured as named volumes or associated with services that are constrained to nodes with access to the requisite volumes.</p> </blockquote> <h3 id="devices">devices</h3> <p>List of device mappings. Uses the same format as the <code class="language-plaintext highlighter-rouge">--device</code> docker client create option.</p> <div class="highlight"><pre class="highlight" data-language="">devices:
+  - "/dev/ttyUSB0:/dev/ttyUSB0"
+</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">devices</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="dns">dns</h3> <p>Custom DNS servers. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">dns: 8.8.8.8
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">dns:
+  - 8.8.8.8
+  - 9.9.9.9
+</pre></div> <h3 id="dns_search">dns_search</h3> <p>Custom DNS search domains. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">dns_search: example.com
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">dns_search:
+  - dc1.example.com
+  - dc2.example.com
+</pre></div> <h3 id="entrypoint">entrypoint</h3> <p>Override the default entrypoint.</p> <div class="highlight"><pre class="highlight" data-language="">entrypoint: /code/entrypoint.sh
+</pre></div> <p>The entrypoint can also be a list, in a manner similar to <a href="../../../engine/reference/builder/index#entrypoint">dockerfile</a>:</p> <div class="highlight"><pre class="highlight" data-language="">entrypoint: ["php", "-d", "memory_limit=-1", "vendor/bin/phpunit"]
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Setting <code class="language-plaintext highlighter-rouge">entrypoint</code> both overrides any default entrypoint set on the service’s image with the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> Dockerfile instruction, <em>and</em> clears out any default command on the image - meaning that if there’s a <code class="language-plaintext highlighter-rouge">CMD</code> instruction in the Dockerfile, it is ignored.</p> </blockquote> <h3 id="env_file">env_file</h3> <p>Add environment variables from a file. Can be a single value or a list.</p> <p>If you have specified a Compose file with <code class="language-plaintext highlighter-rouge">docker-compose -f FILE</code>, paths in <code class="language-plaintext highlighter-rouge">env_file</code> are relative to the directory that file is in.</p> <p>Environment variables declared in the <a href="#environment">environment</a> section <em>override</em> these values – this holds true even if those values are empty or undefined.</p> <div class="highlight"><pre class="highlight" data-language="">env_file: .env
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">env_file:
+  - ./common.env
+  - ./apps/web.env
+  - /opt/runtime_opts.env
+</pre></div> <p>Compose expects each line in an env file to be in <code class="language-plaintext highlighter-rouge">VAR=VAL</code> format. Lines beginning with <code class="language-plaintext highlighter-rouge">#</code> are treated as comments and are ignored. Blank lines are also ignored.</p> <div class="highlight"><pre class="highlight" data-language=""># Set Rails/Rack environment
+RACK_ENV=development
+</pre></div> <p>Compose also recognizes inline comments, like in:</p> <div class="highlight"><pre class="highlight" data-language="">MY_VAR = value # this is a comment
+</pre></div> <p>To avoid interpreting “#” as an inline comment, use the quotation marks:</p> <div class="highlight"><pre class="highlight" data-language="">MY_VAR = "All the # inside are taken as part of the value"
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If your service specifies a <a href="#build">build</a> option, variables defined in environment files are <em>not</em> automatically visible during the build. Use the <a href="#args">args</a> sub-option of <code class="language-plaintext highlighter-rouge">build</code> to define build-time environment variables.</p> </blockquote> <p>The value of <code class="language-plaintext highlighter-rouge">VAL</code> is used as is and not modified at all. For example if the value is surrounded by quotes (as is often the case of shell variables), the quotes are included in the value passed to Compose.</p> <p>Keep in mind that <em>the order of files in the list is significant in determining the value assigned to a variable that shows up more than once</em>. The files in the list are processed from the top down. For the same variable specified in file <code class="language-plaintext highlighter-rouge">a.env</code> and assigned a different value in file <code class="language-plaintext highlighter-rouge">b.env</code>, if <code class="language-plaintext highlighter-rouge">b.env</code> is listed below (after), then the value from <code class="language-plaintext highlighter-rouge">b.env</code> stands. For example, given the following declaration in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code>:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  some-service:
+    env_file:
+      - a.env
+      - b.env
+</pre></div> <p>And the following files:</p> <div class="highlight"><pre class="highlight" data-language=""># a.env
+VAR=1
+</pre></div> <p>and</p> <div class="highlight"><pre class="highlight" data-language=""># b.env
+VAR=hello
+</pre></div> <p><code class="language-plaintext highlighter-rouge">$VAR</code> is <code class="language-plaintext highlighter-rouge">hello</code>.</p> <h3 id="environment">environment</h3> <p>Add environment variables. You can use either an array or a dictionary. Any boolean values (true, false, yes, no) need to be enclosed in quotes to ensure they are not converted to True or False by the YML parser.</p> <p>Environment variables with only a key are resolved to their values on the machine Compose is running on, which can be helpful for secret or host-specific values.</p> <div class="highlight"><pre class="highlight" data-language="">environment:
+  RACK_ENV: development
+  SHOW: 'true'
+  SESSION_SECRET:
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">environment:
+  - RACK_ENV=development
+  - SHOW=true
+  - SESSION_SECRET
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If your service specifies a <a href="#build">build</a> option, variables defined in <code class="language-plaintext highlighter-rouge">environment</code> are <em>not</em> automatically visible during the build. Use the <a href="#args">args</a> sub-option of <code class="language-plaintext highlighter-rouge">build</code> to define build-time environment variables.</p> </blockquote> <h3 id="expose">expose</h3> <p>Expose ports without publishing them to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified.</p> <div class="highlight"><pre class="highlight" data-language="">expose:
+  - "3000"
+  - "8000"
+</pre></div> <h3 id="external_links">external_links</h3> <p>Link to containers started outside this <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> or even outside of Compose, especially for containers that provide shared or common services. <code class="language-plaintext highlighter-rouge">external_links</code> follow semantics similar to the legacy option <code class="language-plaintext highlighter-rouge">links</code> when specifying both the container name and the link alias (<code class="language-plaintext highlighter-rouge">CONTAINER:ALIAS</code>).</p> <div class="highlight"><pre class="highlight" data-language="">external_links:
+  - redis_1
+  - project_db_1:mysql
+  - project_db_1:postgresql
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>The externally-created containers must be connected to at least one of the same networks as the service that is linking to them. <a href="../compose-file-v2/index#links">Links</a> are a legacy option. We recommend using <a href="#networks">networks</a> instead.</p> </blockquote> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">external_links</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="extra_hosts">extra_hosts</h3> <p>Add hostname mappings. Use the same values as the docker client <code class="language-plaintext highlighter-rouge">--add-host</code> parameter.</p> <div class="highlight"><pre class="highlight" data-language="">extra_hosts:
+  - "somehost:162.242.195.82"
+  - "otherhost:50.31.209.229"
+</pre></div> <p>An entry with the ip address and hostname is created in <code class="language-plaintext highlighter-rouge">/etc/hosts</code> inside containers for this service, e.g:</p> <div class="highlight"><pre class="highlight" data-language="">162.242.195.82  somehost
+50.31.209.229   otherhost
+</pre></div> <h3 id="healthcheck">healthcheck</h3> <p>Configure a check that’s run to determine whether or not containers for this service are “healthy”. See the docs for the <a href="../../../engine/reference/builder/index#healthcheck">HEALTHCHECK Dockerfile instruction</a> for details on how healthchecks work.</p> <div class="highlight"><pre class="highlight" data-language="">healthcheck:
+  test: ["CMD", "curl", "-f", "http://localhost"]
+  interval: 1m30s
+  timeout: 10s
+  retries: 3
+  start_period: 40s
+</pre></div> <p><code class="language-plaintext highlighter-rouge">interval</code>, <code class="language-plaintext highlighter-rouge">timeout</code> and <code class="language-plaintext highlighter-rouge">start_period</code> are specified as <a href="#specifying-durations">durations</a>.</p> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">start_period</code> option was added in file format 3.4.</p> </blockquote> <p><code class="language-plaintext highlighter-rouge">test</code> must be either a string or a list. If it’s a list, the first item must be either <code class="language-plaintext highlighter-rouge">NONE</code>, <code class="language-plaintext highlighter-rouge">CMD</code> or <code class="language-plaintext highlighter-rouge">CMD-SHELL</code>. If it’s a string, it’s equivalent to specifying <code class="language-plaintext highlighter-rouge">CMD-SHELL</code> followed by that string.</p> <div class="highlight"><pre class="highlight" data-language=""># Hit the local web app
+test: ["CMD", "curl", "-f", "http://localhost"]
+</pre></div> <p>As above, but wrapped in <code class="language-plaintext highlighter-rouge">/bin/sh</code>. Both forms below are equivalent.</p> <div class="highlight"><pre class="highlight" data-language="">test: ["CMD-SHELL", "curl -f http://localhost || exit 1"]
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">test: curl -f https://localhost || exit 1
+</pre></div> <p>To disable any default healthcheck set by the image, you can use <code class="language-plaintext highlighter-rouge">disable: true</code>. This is equivalent to specifying <code class="language-plaintext highlighter-rouge">test: ["NONE"]</code>.</p> <div class="highlight"><pre class="highlight" data-language="">healthcheck:
+  disable: true
+</pre></div> <h3 id="image">image</h3> <p>Specify the image to start the container from. Can either be a repository/tag or a partial image ID.</p> <div class="highlight"><pre class="highlight" data-language="">image: redis
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: ubuntu:18.04
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: tutum/influxdb
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: example-registry.com:4000/postgresql
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: a4bc65fd
+</pre></div> <p>If the image does not exist, Compose attempts to pull it, unless you have also specified <a href="#build">build</a>, in which case it builds it using the specified options and tags it with the specified tag.</p> <h3 id="init">init</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-37">version 3.7</a> file format.</p> </blockquote> <p>Run an init inside the container that forwards signals and reaps processes. Set this option to <code class="language-plaintext highlighter-rouge">true</code> to enable this feature for the service.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    image: alpine:latest
+    init: true
+</pre></div> <blockquote> <p>The default init binary that is used is <a href="https://github.com/krallin/tini">Tini</a>, and is installed in <code class="language-plaintext highlighter-rouge">/usr/libexec/docker-init</code> on the daemon host. You can configure the daemon to use a custom init binary through the <a href="../../../engine/reference/commandline/dockerd/index#daemon-configuration-file"><code class="language-plaintext highlighter-rouge">init-path</code> configuration option</a>.</p> </blockquote> <h3 id="isolation">isolation</h3> <p>Specify a container’s isolation technology. On Linux, the only supported value is <code class="language-plaintext highlighter-rouge">default</code>. On Windows, acceptable values are <code class="language-plaintext highlighter-rouge">default</code>, <code class="language-plaintext highlighter-rouge">process</code> and <code class="language-plaintext highlighter-rouge">hyperv</code>. Refer to the <a href="../../../engine/reference/commandline/run/index#specify-isolation-technology-for-container---isolation">Docker Engine docs</a> for details.</p> <h3 id="labels-2">labels</h3> <p>Add metadata to containers using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
+  com.example.description: "Accounting webapp"
+  com.example.department: "Finance"
+  com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
+  - "com.example.description=Accounting webapp"
+  - "com.example.department=Finance"
+  - "com.example.label-with-empty-value"
+</pre></div> <h3 id="links">links</h3> <blockquote class="warning"> <p><strong>Warning</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--link</code> flag is a legacy feature of Docker. It may eventually be removed. Unless you absolutely need to continue using it, we recommend that you use <a href="../../networking/index">user-defined networks</a> to facilitate communication between two containers instead of using <code class="language-plaintext highlighter-rouge">--link</code>.</p> <p>One feature that user-defined networks do not support that you can do with <code class="language-plaintext highlighter-rouge">--link</code> is sharing environmental variables between containers. However, you can use other mechanisms such as volumes to share environment variables between containers in a more controlled way.</p> </blockquote> <p>Link to containers in another service. Either specify both the service name and a link alias (<code class="language-plaintext highlighter-rouge">"SERVICE:ALIAS"</code>), or just the service name.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  links:
+    - "db"
+    - "db:database"
+    - "redis"
+</pre></div> <p>Containers for the linked service are reachable at a hostname identical to the alias, or the service name if no alias was specified.</p> <p>Links are not required to enable services to communicate - by default, any service can reach any other service at that service’s name. (See also, the <a href="../../networking/index#links">Links topic in Networking in Compose</a>.)</p> <p>Links also express dependency between services in the same way as <a href="#depends_on">depends_on</a>, so they determine the order of service startup.</p> <blockquote> <p><strong>Note</strong></p> <p>If you define both links and <a href="#networks">networks</a>, services with links between them must share at least one network in common to communicate.</p> </blockquote> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">links</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="logging">logging</h3> <p>Logging configuration for the service.</p> <div class="highlight"><pre class="highlight" data-language="">logging:
+  driver: syslog
+  options:
+    syslog-address: "tcp://192.168.0.42:123"
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">driver</code> name specifies a logging driver for the service’s containers, as with the <code class="language-plaintext highlighter-rouge">--log-driver</code> option for docker run (<a href="https://docs.docker.com/config/containers/logging/configure/">documented here</a>).</p> <p>The default value is json-file.</p> <div class="highlight"><pre class="highlight" data-language="">driver: "json-file"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">driver: "syslog"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">driver: "none"
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Only the <code class="language-plaintext highlighter-rouge">json-file</code> and <code class="language-plaintext highlighter-rouge">journald</code> drivers make the logs available directly from <code class="language-plaintext highlighter-rouge">docker-compose up</code> and <code class="language-plaintext highlighter-rouge">docker-compose logs</code>. Using any other driver does not print any logs.</p> </blockquote> <p>Specify logging options for the logging driver with the <code class="language-plaintext highlighter-rouge">options</code> key, as with the <code class="language-plaintext highlighter-rouge">--log-opt</code> option for <code class="language-plaintext highlighter-rouge">docker run</code>.</p> <p>Logging options are key-value pairs. An example of <code class="language-plaintext highlighter-rouge">syslog</code> options:</p> <div class="highlight"><pre class="highlight" data-language="">driver: "syslog"
+options:
+  syslog-address: "tcp://192.168.0.42:123"
+</pre></div> <p>The default driver <a href="https://docs.docker.com/config/containers/logging/json-file/">json-file</a>, has options to limit the amount of logs stored. To do this, use a key-value pair for maximum storage size and maximum number of files:</p> <div class="highlight"><pre class="highlight" data-language="">options:
+  max-size: "200k"
+  max-file: "10"
+</pre></div> <p>The example shown above would store log files until they reach a <code class="language-plaintext highlighter-rouge">max-size</code> of 200kB, and then rotate them. The amount of individual log files stored is specified by the <code class="language-plaintext highlighter-rouge">max-file</code> value. As logs grow beyond the max limits, older log files are removed to allow storage of new logs.</p> <p>Here is an example <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file that limits logging storage:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  some-service:
+    image: some-service
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "200k"
+        max-file: "10"
+</pre></div> <blockquote> <p>Logging options available depend on which logging driver you use</p> <p>The above example for controlling log files and sizes uses options specific to the <a href="https://docs.docker.com/config/containers/logging/json-file/">json-file driver</a>. These particular options are not available on other logging drivers. For a full list of supported logging drivers and their options, refer to the <a href="https://docs.docker.com/config/containers/logging/configure/">logging drivers</a> documentation.</p> </blockquote> <h3 id="network_mode">network_mode</h3> <p>Network mode. Use the same values as the docker client <code class="language-plaintext highlighter-rouge">--network</code> parameter, plus the special form <code class="language-plaintext highlighter-rouge">service:[service name]</code>.</p> <div class="highlight"><pre class="highlight" data-language="">network_mode: "bridge"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "host"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "none"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "service:[service name]"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "container:[container name/id]"
+</pre></div> <blockquote class="important"> <p><strong>Note</strong></p> <ul> <li>This option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</li> <li>
+<code class="language-plaintext highlighter-rouge">network_mode: "host"</code> cannot be mixed with <a href="#links">links</a>.</li> </ul> </blockquote> <h3 id="networks">networks</h3> <p>Networks to join, referencing entries under the <a href="#network-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">networks</code> key</a>.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  some-service:
+    networks:
+     - some-network
+     - other-network
+</pre></div> <h4 id="aliases">aliases</h4> <p>Aliases (alternative hostnames) for this service on the network. Other containers on the same network can use either the service name or this alias to connect to one of the service’s containers.</p> <p>Since <code class="language-plaintext highlighter-rouge">aliases</code> is network-scoped, the same service can have different aliases on different networks.</p> <blockquote> <p><strong>Note</strong></p> <p>A network-wide alias can be shared by multiple containers, and even by multiple services. If it is, then exactly which container the name resolves to is not guaranteed.</p> </blockquote> <p>The general format is shown here.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  some-service:
+    networks:
+      some-network:
+        aliases:
+          - alias1
+          - alias3
+      other-network:
+        aliases:
+          - alias2
+</pre></div> <p>In the example below, three services are provided (<code class="language-plaintext highlighter-rouge">web</code>, <code class="language-plaintext highlighter-rouge">worker</code>, and <code class="language-plaintext highlighter-rouge">db</code>), along with two networks (<code class="language-plaintext highlighter-rouge">new</code> and <code class="language-plaintext highlighter-rouge">legacy</code>). The <code class="language-plaintext highlighter-rouge">db</code> service is reachable at the hostname <code class="language-plaintext highlighter-rouge">db</code> or <code class="language-plaintext highlighter-rouge">database</code> on the <code class="language-plaintext highlighter-rouge">new</code> network, and at <code class="language-plaintext highlighter-rouge">db</code> or <code class="language-plaintext highlighter-rouge">mysql</code> on the <code class="language-plaintext highlighter-rouge">legacy</code> network.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+
+services:
+  web:
+    image: "nginx:alpine"
+    networks:
+      - new
+
+  worker:
+    image: "my-worker-image:latest"
+    networks:
+      - legacy
+
+  db:
+    image: mysql
+    networks:
+      new:
+        aliases:
+          - database
+      legacy:
+        aliases:
+          - mysql
+
+networks:
+  new:
+  legacy:
+</pre></div> <h4 id="ipv4_address-ipv6_address">ipv4_address, ipv6_address</h4> <p>Specify a static IP address for containers for this service when joining the network.</p> <p>The corresponding network configuration in the <a href="#network-configuration-reference">top-level networks section</a> must have an <code class="language-plaintext highlighter-rouge">ipam</code> block with subnet configurations covering each static address.</p> <p>If you’d like to use IPv6, you must first ensure that the Docker daemon is configured to support IPv6. See <a href="https://docs.docker.com/config/daemon/ipv6/">Enable IPv6</a> for detailed instructions. You can then access IPv6 addressing in a version 3.x Compose file by editing the <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code> to contain: <code class="language-plaintext highlighter-rouge">{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64"}</code></p> <p>Then, reload the docker daemon and edit docker-compose.yml to contain the following under the service:</p> <div class="highlight"><pre class="highlight" data-language="">    sysctls:
+      - net.ipv6.conf.all.disable_ipv6=0
+</pre></div> <blockquote> <p>The <a href="../compose-file-v2/index#enable_ipv6"><code class="language-plaintext highlighter-rouge">enable_ipv6</code></a> option is only available in a <a href="../compose-file-v2/index#ipv4_address-ipv6_address">version 2.x Compose file</a>. <em>IPv6 options do not currently work in swarm mode</em>.</p> </blockquote> <p>An example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+
+services:
+  app:
+    image: nginx:alpine
+    networks:
+      app_net:
+        ipv4_address: 172.16.238.10
+        ipv6_address: 2001:3984:3989::10
+
+networks:
+  app_net:
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.16.238.0/24"
+        - subnet: "2001:3984:3989::/64"
+</pre></div> <h3 id="pid">pid</h3> <div class="highlight"><pre class="highlight" data-language="">pid: "host"
+</pre></div> <p>Sets the PID mode to the host PID mode. This turns on sharing between container and the host operating system the PID address space. Containers launched with this flag can access and manipulate other containers in the bare-metal machine’s namespace and vice versa.</p> <h3 id="ports">ports</h3> <p>Expose ports.</p> <blockquote> <p><strong>Note</strong></p> <p>Port mapping is incompatible with <code class="language-plaintext highlighter-rouge">network_mode: host</code></p> </blockquote> <blockquote> <p><strong>Note</strong></p> <p><code class="language-plaintext highlighter-rouge">docker-compose run</code> ignores <code class="language-plaintext highlighter-rouge">ports</code> unless you include <code class="language-plaintext highlighter-rouge">--service-ports</code>.</p> </blockquote> <h4 id="short-syntax-1">Short syntax</h4> <p>There are three options:</p> <ul> <li>Specify both ports (<code class="language-plaintext highlighter-rouge">HOST:CONTAINER</code>)</li> <li>Specify just the container port (an ephemeral host port is chosen for the host port).</li> <li>Specify the host IP address to bind to AND both ports (the default is 0.0.0.0, meaning all interfaces): (<code class="language-plaintext highlighter-rouge">IPADDR:HOSTPORT:CONTAINERPORT</code>). If HOSTPORT is empty (for example <code class="language-plaintext highlighter-rouge">127.0.0.1::80</code>), an ephemeral port is chosen to bind to on the host.</li> </ul> <blockquote> <p><strong>Note</strong></p> <p>When mapping ports in the <code class="language-plaintext highlighter-rouge">HOST:CONTAINER</code> format, you may experience erroneous results when using a container port lower than 60, because YAML parses numbers in the format <code class="language-plaintext highlighter-rouge">xx:yy</code> as a base-60 value. For this reason, we recommend always explicitly specifying your port mappings as strings.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">ports:
+  - "3000"
+  - "3000-3005"
+  - "8000:8000"
+  - "9090-9091:8080-8081"
+  - "49100:22"
+  - "127.0.0.1:8001:8001"
+  - "127.0.0.1:5000-5010:5000-5010"
+  - "127.0.0.1::5000"
+  - "6060:6060/udp"
+  - "12400-12500:1240"
+</pre></div> <h4 id="long-syntax-1">Long syntax</h4> <p>The long form syntax allows the configuration of additional fields that can’t be expressed in the short form.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">target</code>: the port inside the container</li> <li>
+<code class="language-plaintext highlighter-rouge">published</code>: the publicly exposed port</li> <li>
+<code class="language-plaintext highlighter-rouge">protocol</code>: the port protocol (<code class="language-plaintext highlighter-rouge">tcp</code> or <code class="language-plaintext highlighter-rouge">udp</code>)</li> <li>
+<code class="language-plaintext highlighter-rouge">mode</code>: <code class="language-plaintext highlighter-rouge">host</code> for publishing a host port on each node, or <code class="language-plaintext highlighter-rouge">ingress</code> for a swarm mode port to be load balanced.</li> </ul> <div class="highlight"><pre class="highlight" data-language="">ports:
+  - target: 80
+    published: 8080
+    protocol: tcp
+    mode: host
+</pre></div> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format.</p> <p>The long syntax is new in the v3.2 file format.</p> </blockquote> <h3 id="profiles">profiles</h3> <div class="highlight"><pre class="highlight" data-language="">profiles: ["frontend", "debug"]
+profiles:
+  - frontend
+  - debug
+</pre></div> <p><code class="language-plaintext highlighter-rouge">profiles</code> defines a list of named profiles for the service to be enabled under. When not set, the service is <em>always</em> enabled. For the services that make up your core application you should omit <code class="language-plaintext highlighter-rouge">profiles</code> so they will always be started.</p> <p>Valid profile names follow the regex format <code class="language-plaintext highlighter-rouge">[a-zA-Z0-9][a-zA-Z0-9_.-]+</code>.</p> <p>See also <a href="../../profiles/index"><em>Using profiles with Compose</em></a> to learn more about profiles.</p> <h3 id="restart">restart</h3> <p><code class="language-plaintext highlighter-rouge">no</code> is the default <a href="https://docs.docker.com/config/containers/start-containers-automatically/#use-a-restart-policy">restart policy</a>, and it does not restart a container under any circumstance. When <code class="language-plaintext highlighter-rouge">always</code> is specified, the container always restarts. The <code class="language-plaintext highlighter-rouge">on-failure</code> policy restarts a container if the exit code indicates an on-failure error. <code class="language-plaintext highlighter-rouge">unless-stopped</code> always restarts a container, except when the container is stopped (manually or otherwise).</p> <div class="highlight"><pre class="highlight" data-language="">restart: "no"
+restart: always
+restart: on-failure
+restart: unless-stopped
+</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">restart</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</p> </blockquote> <h3 id="secrets">secrets</h3> <p>Grant access to secrets on a per-service basis using the per-service <code class="language-plaintext highlighter-rouge">secrets</code> configuration. Two different syntax variants are supported.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The secret must already exist or be <a href="#secrets-configuration-reference">defined in the top-level <code class="language-plaintext highlighter-rouge">secrets</code> configuration</a> of the compose file, or stack deployment fails.</p> </blockquote> <p>For more information on secrets, see <a href="../../../engine/swarm/secrets/index">secrets</a>.</p> <h4 id="short-syntax-2">Short syntax</h4> <p>The short syntax variant only specifies the secret name. This grants the container access to the secret and mounts it at <code class="language-plaintext highlighter-rouge">/run/secrets/&lt;secret_name&gt;</code> within the container. The source name and destination mountpoint are both set to the secret name.</p> <p>The following example uses the short syntax to grant the <code class="language-plaintext highlighter-rouge">redis</code> service access to the <code class="language-plaintext highlighter-rouge">my_secret</code> and <code class="language-plaintext highlighter-rouge">my_other_secret</code> secrets. The value of <code class="language-plaintext highlighter-rouge">my_secret</code> is set to the contents of the file <code class="language-plaintext highlighter-rouge">./my_secret.txt</code>, and <code class="language-plaintext highlighter-rouge">my_other_secret</code> is defined as an external resource, which means that it has already been defined in Docker, either by running the <code class="language-plaintext highlighter-rouge">docker secret create</code> command or by another stack deployment. If the external secret does not exist, the stack deployment fails with a <code class="language-plaintext highlighter-rouge">secret not found</code> error.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  redis:
+    image: redis:latest
+    deploy:
+      replicas: 1
+    secrets:
+      - my_secret
+      - my_other_secret
+secrets:
+  my_secret:
+    file: ./my_secret.txt
+  my_other_secret:
+    external: true
+</pre></div> <h4 id="long-syntax-2">Long syntax</h4> <p>The long syntax provides more granularity in how the secret is created within the service’s task containers.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">source</code>: The identifier of the secret as it is defined in this configuration.</li> <li>
+<code class="language-plaintext highlighter-rouge">target</code>: The name of the file to be mounted in <code class="language-plaintext highlighter-rouge">/run/secrets/</code> in the service’s task containers. Defaults to <code class="language-plaintext highlighter-rouge">source</code> if not specified.</li> <li>
+<code class="language-plaintext highlighter-rouge">uid</code> and <code class="language-plaintext highlighter-rouge">gid</code>: The numeric UID or GID that owns the file within <code class="language-plaintext highlighter-rouge">/run/secrets/</code> in the service’s task containers. Both default to <code class="language-plaintext highlighter-rouge">0</code> if not specified.</li> <li>
+<code class="language-plaintext highlighter-rouge">mode</code>: The permissions for the file to be mounted in <code class="language-plaintext highlighter-rouge">/run/secrets/</code> in the service’s task containers, in octal notation. For instance, <code class="language-plaintext highlighter-rouge">0444</code> represents world-readable. The default in Docker 1.13.1 is <code class="language-plaintext highlighter-rouge">0000</code>, but it is <code class="language-plaintext highlighter-rouge">0444</code> in newer versions. Secrets cannot be writable because they are mounted in a temporary filesystem, so if you set the writable bit, it is ignored. The executable bit can be set. If you aren’t familiar with UNIX file permission modes, you may find this <a href="http://permissions-calculator.org/" target="_blank" rel="noopener" class="_">permissions calculator</a> useful.</li> </ul> <p>The following example sets name of the <code class="language-plaintext highlighter-rouge">my_secret</code> to <code class="language-plaintext highlighter-rouge">redis_secret</code> within the container, sets the mode to <code class="language-plaintext highlighter-rouge">0440</code> (group-readable) and sets the user and group to <code class="language-plaintext highlighter-rouge">103</code>. The <code class="language-plaintext highlighter-rouge">redis</code> service does not have access to the <code class="language-plaintext highlighter-rouge">my_other_secret</code> secret.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  redis:
+    image: redis:latest
+    deploy:
+      replicas: 1
+    secrets:
+      - source: my_secret
+        target: redis_secret
+        uid: '103'
+        gid: '103'
+        mode: 0440
+secrets:
+  my_secret:
+    file: ./my_secret.txt
+  my_other_secret:
+    external: true
+</pre></div> <p>You can grant a service access to multiple secrets and you can mix long and short syntax. Defining a secret does not imply granting a service access to it.</p> <h3 id="security_opt">security_opt</h3> <p>Override the default labeling scheme for each container.</p> <div class="highlight"><pre class="highlight" data-language="">security_opt:
+  - label:user:USER
+  - label:role:ROLE
+</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">security_opt</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</p> </blockquote> <h3 id="stop_grace_period">stop_grace_period</h3> <p>Specify how long to wait when attempting to stop a container if it doesn’t handle SIGTERM (or whatever stop signal has been specified with <a href="#stop_signal"><code class="language-plaintext highlighter-rouge">stop_signal</code></a>), before sending SIGKILL. Specified as a <a href="#specifying-durations">duration</a>.</p> <div class="highlight"><pre class="highlight" data-language="">stop_grace_period: 1s
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">stop_grace_period: 1m30s
+</pre></div> <p>By default, <code class="language-plaintext highlighter-rouge">stop</code> waits 10 seconds for the container to exit before sending SIGKILL.</p> <h3 id="stop_signal">stop_signal</h3> <p>Sets an alternative signal to stop the container. By default <code class="language-plaintext highlighter-rouge">stop</code> uses SIGTERM. Setting an alternative signal using <code class="language-plaintext highlighter-rouge">stop_signal</code> causes <code class="language-plaintext highlighter-rouge">stop</code> to send that signal instead.</p> <div class="highlight"><pre class="highlight" data-language="">stop_signal: SIGUSR1
+</pre></div> <h3 id="sysctls">sysctls</h3> <p>Kernel parameters to set in the container. You can use either an array or a dictionary.</p> <div class="highlight"><pre class="highlight" data-language="">sysctls:
+  net.core.somaxconn: 1024
+  net.ipv4.tcp_syncookies: 0
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">sysctls:
+  - net.core.somaxconn=1024
+  - net.ipv4.tcp_syncookies=0
+</pre></div> <p>You can only use sysctls that are namespaced in the kernel. Docker does not support changing sysctls inside a container that also modify the host system. For an overview of supported sysctls, refer to <a href="../../../engine/reference/commandline/run/index#configure-namespaced-kernel-parameters-sysctls-at-runtime">configure namespaced kernel parameters (sysctls) at runtime</a>.</p> <blockquote> <p>Note when using docker stack deploy</p> <p>This option requires Docker Engine 19.03 or up when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</p> </blockquote> <h3 id="tmpfs">tmpfs</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-36">version 3.6</a> file format.</p> </blockquote> <p>Mount a temporary file system inside the container. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">tmpfs: /run
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">tmpfs:
+  - /run
+  - /tmp
+</pre></div> <blockquote> <p>Note when using docker stack deploy</p> <p>This option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a> with a (version 3-3.5) Compose file.</p> </blockquote> <p>Mount a temporary file system inside the container. Size parameter specifies the size of the tmpfs mount in bytes. Unlimited by default.</p> <div class="highlight"><pre class="highlight" data-language="">- type: tmpfs
+  target: /app
+  tmpfs:
+    size: 1000
+</pre></div> <h3 id="ulimits">ulimits</h3> <p>Override the default ulimits for a container. You can either specify a single limit as an integer or soft/hard limits as a mapping.</p> <div class="highlight"><pre class="highlight" data-language="">ulimits:
+  nproc: 65535
+  nofile:
+    soft: 20000
+    hard: 40000
+</pre></div> <h3 id="userns_mode">userns_mode</h3> <div class="highlight"><pre class="highlight" data-language="">userns_mode: "host"
+</pre></div> <p>Disables the user namespace for this service, if Docker daemon is configured with user namespaces. See <a href="../../../engine/security/userns-remap/index#disable-namespace-remapping-for-a-container">dockerd</a> for more information.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">userns_mode</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</p> </blockquote> <h3 id="volumes">volumes</h3> <p>Mount host paths or named volumes, specified as sub-options to a service.</p> <p>You can mount a host path as part of a definition for a single service, and there is no need to define it in the top level <code class="language-plaintext highlighter-rouge">volumes</code> key.</p> <p>But, if you want to reuse a volume across multiple services, then define a named volume in the <a href="#volume-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">volumes</code> key</a>. Use named volumes with <a href="#volumes-for-services-swarms-and-stack-files">services, swarms, and stack files</a>.</p> <blockquote> <p>Changed in <a href="../compose-versioning/index#version-3">version 3</a> file format.</p> <p>The top-level <a href="#volume-configuration-reference">volumes</a> key defines a named volume and references it from each service’s <code class="language-plaintext highlighter-rouge">volumes</code> list. This replaces <code class="language-plaintext highlighter-rouge">volumes_from</code> in earlier versions of the Compose file format.</p> </blockquote> <p>This example shows a named volume (<code class="language-plaintext highlighter-rouge">mydata</code>) being used by the <code class="language-plaintext highlighter-rouge">web</code> service, and a bind mount defined for a single service (first path under <code class="language-plaintext highlighter-rouge">db</code> service <code class="language-plaintext highlighter-rouge">volumes</code>). The <code class="language-plaintext highlighter-rouge">db</code> service also uses a named volume called <code class="language-plaintext highlighter-rouge">dbdata</code> (second path under <code class="language-plaintext highlighter-rouge">db</code> service <code class="language-plaintext highlighter-rouge">volumes</code>), but defines it using the old string format for mounting a named volume. Named volumes must be listed under the top-level <code class="language-plaintext highlighter-rouge">volumes</code> key, as shown.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    image: nginx:alpine
+    volumes:
+      - type: volume
+        source: mydata
+        target: /data
+        volume:
+          nocopy: true
+      - type: bind
+        source: ./static
+        target: /opt/app/static
+
+  db:
+    image: postgres:latest
+    volumes:
+      - "/var/run/postgres/postgres.sock:/var/run/postgres/postgres.sock"
+      - "dbdata:/var/lib/postgresql/data"
+
+volumes:
+  mydata:
+  dbdata:
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>For general information on volumes, refer to the <a href="https://docs.docker.com/storage/volumes/">use volumes</a> and <a href="../../../engine/extend/plugins_volume/index">volume plugins</a> sections in the documentation.</p> </blockquote> <h4 id="short-syntax-3">Short syntax</h4> <p>The short syntax uses the generic <code class="language-plaintext highlighter-rouge">[SOURCE:]TARGET[:MODE]</code> format, where <code class="language-plaintext highlighter-rouge">SOURCE</code> can be either a host path or volume name. <code class="language-plaintext highlighter-rouge">TARGET</code> is the container path where the volume is mounted. Standard modes are <code class="language-plaintext highlighter-rouge">ro</code> for read-only and <code class="language-plaintext highlighter-rouge">rw</code> for read-write (default).</p> <p>You can mount a relative path on the host, which expands relative to the directory of the Compose configuration file being used. Relative paths should always begin with <code class="language-plaintext highlighter-rouge">.</code> or <code class="language-plaintext highlighter-rouge">..</code>.</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  # Just specify a path and let the Engine create a volume
+  - /var/lib/mysql
+
+  # Specify an absolute path mapping
+  - /opt/data:/var/lib/mysql
+
+  # Path on the host, relative to the Compose file
+  - ./cache:/tmp/cache
+
+  # User-relative path
+  - ~/configs:/etc/configs/:ro
+
+  # Named volume
+  - datavolume:/var/lib/mysql
+</pre></div> <h4 id="long-syntax-3">Long syntax</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format.</p> </blockquote> <p>The long form syntax allows the configuration of additional fields that can’t be expressed in the short form.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">type</code>: the mount type <code class="language-plaintext highlighter-rouge">volume</code>, <code class="language-plaintext highlighter-rouge">bind</code>, <code class="language-plaintext highlighter-rouge">tmpfs</code> or <code class="language-plaintext highlighter-rouge">npipe</code>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">source</code>: the source of the mount, a path on the host for a bind mount, or the name of a volume defined in the <a href="#volume-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">volumes</code> key</a>. Not applicable for a tmpfs mount.</li> <li>
+<code class="language-plaintext highlighter-rouge">target</code>: the path in the container where the volume is mounted</li> <li>
+<code class="language-plaintext highlighter-rouge">read_only</code>: flag to set the volume as read-only</li> <li>
+<code class="language-plaintext highlighter-rouge">bind</code>: configure additional bind options <ul> <li>
+<code class="language-plaintext highlighter-rouge">propagation</code>: the propagation mode used for the bind</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">volume</code>: configure additional volume options <ul> <li>
+<code class="language-plaintext highlighter-rouge">nocopy</code>: flag to disable copying of data from a container when a volume is created</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">tmpfs</code>: configure additional tmpfs options <ul> <li>
+<code class="language-plaintext highlighter-rouge">size</code>: the size for the tmpfs mount in bytes</li> </ul> </li> </ul> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    image: nginx:alpine
+    ports:
+      - "80:80"
+    volumes:
+      - type: volume
+        source: mydata
+        target: /data
+        volume:
+          nocopy: true
+      - type: bind
+        source: ./static
+        target: /opt/app/static
+
+networks:
+  webnet:
+
+volumes:
+  mydata:
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>When creating bind mounts, using the long syntax requires the referenced folder to be created beforehand. Using the short syntax creates the folder on the fly if it doesn’t exist. See the <a href="https://docs.docker.com/storage/bind-mounts/#differences-between--v-and---mount-behavior">bind mounts documentation</a> for more information.</p> </blockquote> <h4 id="volumes-for-services-swarms-and-stack-files">Volumes for services, swarms, and stack files</h4> <blockquote> <p>Note when using docker stack deploy</p> <p>When working with services, swarms, and <code class="language-plaintext highlighter-rouge">docker-stack.yml</code> files, keep in mind that the tasks (containers) backing a service can be deployed on any node in a swarm, and this may be a different node each time the service is updated.</p> </blockquote> <p>In the absence of having named volumes with specified sources, Docker creates an anonymous volume for each task backing a service. Anonymous volumes do not persist after the associated containers are removed.</p> <p>If you want your data to persist, use a named volume and a volume driver that is multi-host aware, so that the data is accessible from any node. Or, set constraints on the service so that its tasks are deployed on a node that has the volume present.</p> <p>As an example, the <code class="language-plaintext highlighter-rouge">docker-stack.yml</code> file for the <a href="https://github.com/docker/labs/blob/master/beginner/chapters/votingapp/">votingapp sample in Docker Labs</a> defines a service called <code class="language-plaintext highlighter-rouge">db</code> that runs a <code class="language-plaintext highlighter-rouge">postgres</code> database. It is configured as a named volume to persist the data on the swarm, <em>and</em> is constrained to run only on <code class="language-plaintext highlighter-rouge">manager</code> nodes. Here is the relevant snip-it from that file:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  db:
+    image: postgres:9.4
+    volumes:
+      - db-data:/var/lib/postgresql/data
+    networks:
+      - backend
+    deploy:
+      placement:
+        constraints: [node.role == manager]
+</pre></div> <h3 id="domainname-hostname-ipc-mac_address-privileged-read_only-shm_size-stdin_open-tty-user-working_dir">domainname, hostname, ipc, mac_address, privileged, read_only, shm_size, stdin_open, tty, user, working_dir</h3> <p>Each of these is a single value, analogous to its <a href="../../../engine/reference/run/index">docker run</a> counterpart. Note that <code class="language-plaintext highlighter-rouge">mac_address</code> is a legacy option.</p> <div class="highlight"><pre class="highlight" data-language="">user: postgresql
+working_dir: /code
+
+domainname: foo.com
+hostname: foo
+ipc: host
+mac_address: 02:42:ac:11:65:43
+
+privileged: true
+
+
+read_only: true
+shm_size: 64M
+stdin_open: true
+tty: true
+</pre></div> <h2 id="specifying-durations">Specifying durations</h2> <p>Some configuration options, such as the <code class="language-plaintext highlighter-rouge">interval</code> and <code class="language-plaintext highlighter-rouge">timeout</code> sub-options for <a href="#healthcheck"><code class="language-plaintext highlighter-rouge">check</code></a>, accept a duration as a string in a format that looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">2.5s
+10s
+1m30s
+2h32m
+5h34m56s
+</pre></div> <p>The supported units are <code class="language-plaintext highlighter-rouge">us</code>, <code class="language-plaintext highlighter-rouge">ms</code>, <code class="language-plaintext highlighter-rouge">s</code>, <code class="language-plaintext highlighter-rouge">m</code> and <code class="language-plaintext highlighter-rouge">h</code>.</p> <h2 id="specifying-byte-values">Specifying byte values</h2> <p>Some configuration options, such as the <code class="language-plaintext highlighter-rouge">shm_size</code> sub-option for <a href="#build"><code class="language-plaintext highlighter-rouge">build</code></a>, accept a byte value as a string in a format that looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">2b
+1024kb
+2048k
+300m
+1gb
+</pre></div> <p>The supported units are <code class="language-plaintext highlighter-rouge">b</code>, <code class="language-plaintext highlighter-rouge">k</code>, <code class="language-plaintext highlighter-rouge">m</code> and <code class="language-plaintext highlighter-rouge">g</code>, and their alternative notation <code class="language-plaintext highlighter-rouge">kb</code>, <code class="language-plaintext highlighter-rouge">mb</code> and <code class="language-plaintext highlighter-rouge">gb</code>. Decimal values are not supported at this time.</p> <h2 id="volume-configuration-reference">Volume configuration reference</h2> <p>While it is possible to declare <a href="#volumes">volumes</a> on the fly as part of the service declaration, this section allows you to create named volumes that can be reused across multiple services (without relying on <code class="language-plaintext highlighter-rouge">volumes_from</code>), and are easily retrieved and inspected using the docker command line or API. See the <a href="../../../engine/reference/commandline/volume_create/index">docker volume</a> subcommand documentation for more information.</p> <p>See <a href="https://docs.docker.com/storage/volumes/">use volumes</a> and <a href="../../../engine/extend/plugins_volume/index">volume plugins</a> for general information on volumes.</p> <p>Here’s an example of a two-service setup where a database’s data directory is shared with another service as a volume so that it can be periodically backed up:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+
+services:
+  db:
+    image: db
+    volumes:
+      - data-volume:/var/lib/db
+  backup:
+    image: backup-service
+    volumes:
+      - data-volume:/var/lib/backup/data
+
+volumes:
+  data-volume:
+</pre></div> <p>An entry under the top-level <code class="language-plaintext highlighter-rouge">volumes</code> key can be empty, in which case it uses the default driver configured by the Engine (in most cases, this is the <code class="language-plaintext highlighter-rouge">local</code> driver). Optionally, you can configure it with the following keys:</p> <h3 id="driver">driver</h3> <p>Specify which volume driver should be used for this volume. Defaults to whatever driver the Docker Engine has been configured to use, which in most cases is <code class="language-plaintext highlighter-rouge">local</code>. If the driver is not available, the Engine returns an error when <code class="language-plaintext highlighter-rouge">docker-compose up</code> tries to create the volume.</p> <div class="highlight"><pre class="highlight" data-language="">driver: foobar
+</pre></div> <h3 id="driver_opts">driver_opts</h3> <p>Specify a list of options as key-value pairs to pass to the driver for this volume. Those options are driver-dependent - consult the driver’s documentation for more information. Optional.</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  example:
+    driver_opts:
+      type: "nfs"
+      o: "addr=10.40.0.199,nolock,soft,rw"
+      device: ":/docker/example"
+</pre></div> <h3 id="external">external</h3> <p>If set to <code class="language-plaintext highlighter-rouge">true</code>, specifies that this volume has been created outside of Compose. <code class="language-plaintext highlighter-rouge">docker-compose up</code> does not attempt to create it, and raises an error if it doesn’t exist.</p> <p>For version 3.3 and below of the format, <code class="language-plaintext highlighter-rouge">external</code> cannot be used in conjunction with other volume configuration keys (<code class="language-plaintext highlighter-rouge">driver</code>, <code class="language-plaintext highlighter-rouge">driver_opts</code>, <code class="language-plaintext highlighter-rouge">labels</code>). This limitation no longer exists for <a href="../compose-versioning/index#version-34">version 3.4</a> and above.</p> <p>In the example below, instead of attempting to create a volume called <code class="language-plaintext highlighter-rouge">[projectname]_data</code>, Compose looks for an existing volume simply called <code class="language-plaintext highlighter-rouge">data</code> and mount it into the <code class="language-plaintext highlighter-rouge">db</code> service’s containers.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+
+services:
+  db:
+    image: postgres
+    volumes:
+      - data:/var/lib/postgresql/data
+
+volumes:
+  data:
+    external: true
+</pre></div> <blockquote class="important"> <p>Deprecated in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> <p>external.name was deprecated in version 3.4 file format use <code class="language-plaintext highlighter-rouge">name</code> instead.</p> </blockquote> <p>You can also specify the name of the volume separately from the name used to refer to it within the Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  data:
+    external:
+      name: actual-name-of-volume
+</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>External volumes that do not exist <em>are created</em> if you use <a href="#deploy">docker stack deploy</a> to launch the app in <a href="../../../engine/swarm/index">swarm mode</a> (instead of <a href="../../reference/up/index">docker compose up</a>). In swarm mode, a volume is automatically created when it is defined by a service. As service tasks are scheduled on new nodes, <a href="https://github.com/docker/swarmkit/blob/master/README/">swarmkit</a> creates the volume on the local node. To learn more, see <a href="https://github.com/moby/moby/issues/29976">moby/moby#29976</a>.</p> </blockquote> <h3 id="labels-3">labels</h3> <p>Add metadata to containers using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
+  com.example.description: "Database volume"
+  com.example.department: "IT/Ops"
+  com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
+  - "com.example.description=Database volume"
+  - "com.example.department=IT/Ops"
+  - "com.example.label-with-empty-value"
+</pre></div> <h3 id="name">name</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> </blockquote> <p>Set a custom name for this volume. The name field can be used to reference volumes that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+volumes:
+  data:
+    name: my-app-data
+</pre></div> <p>It can also be used in conjunction with the <code class="language-plaintext highlighter-rouge">external</code> property:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+volumes:
+  data:
+    external: true
+    name: my-app-data
+</pre></div> <h2 id="network-configuration-reference">Network configuration reference</h2> <p>The top-level <code class="language-plaintext highlighter-rouge">networks</code> key lets you specify networks to be created.</p> <ul> <li>For a full explanation of Compose’s use of Docker networking features and all network driver options, see the <a href="../../networking/index">Networking guide</a>.</li> <li>For <a href="https://github.com/docker/labs/blob/master/README/">Docker Labs</a> tutorials on networking, start with <a href="https://github.com/docker/labs/blob/master/networking/README/">Designing Scalable, Portable Docker Container Networks</a>
+</li> </ul> <h3 id="driver-1">driver</h3> <p>Specify which driver should be used for this network.</p> <p>The default driver depends on how the Docker Engine you’re using is configured, but in most instances it is <code class="language-plaintext highlighter-rouge">bridge</code> on a single host and <code class="language-plaintext highlighter-rouge">overlay</code> on a Swarm.</p> <p>The Docker Engine returns an error if the driver is not available.</p> <div class="highlight"><pre class="highlight" data-language="">driver: overlay
+</pre></div> <h4 id="bridge">bridge</h4> <p>Docker defaults to using a <code class="language-plaintext highlighter-rouge">bridge</code> network on a single host. For examples of how to work with bridge networks, see the Docker Labs tutorial on <a href="https://github.com/docker/labs/blob/master/networking/A2-bridge-networking/">Bridge networking</a>.</p> <h4 id="overlay">overlay</h4> <p>The <code class="language-plaintext highlighter-rouge">overlay</code> driver creates a named network across multiple nodes in a <a href="../../../engine/swarm/index">swarm</a>.</p> <ul> <li> <p>For a working example of how to build and use an <code class="language-plaintext highlighter-rouge">overlay</code> network with a service in swarm mode, see the Docker Labs tutorial on <a href="https://github.com/docker/labs/blob/master/networking/A3-overlay-networking/">Overlay networking and service discovery</a>.</p> </li> <li> <p>For an in-depth look at how it works under the hood, see the networking concepts lab on the <a href="https://github.com/docker/labs/blob/master/networking/concepts/06-overlay-networks/">Overlay Driver Network Architecture</a>.</p> </li> </ul> <h4 id="host-or-none">host or none</h4> <p>Use the host’s networking stack, or no networking. Equivalent to <code class="language-plaintext highlighter-rouge">docker run --net=host</code> or <code class="language-plaintext highlighter-rouge">docker run --net=none</code>. Only used if you use <code class="language-plaintext highlighter-rouge">docker stack</code> commands. If you use the <code class="language-plaintext highlighter-rouge">docker-compose</code> command, use <a href="#network_mode">network_mode</a> instead.</p> <p>If you want to use a particular network on a common build, use [network] as mentioned in the second yaml file example.</p> <p>The syntax for using built-in networks such as <code class="language-plaintext highlighter-rouge">host</code> and <code class="language-plaintext highlighter-rouge">none</code> is a little different. Define an external network with the name <code class="language-plaintext highlighter-rouge">host</code> or <code class="language-plaintext highlighter-rouge">none</code> (that Docker has already created automatically) and an alias that Compose can use (<code class="language-plaintext highlighter-rouge">hostnet</code> or <code class="language-plaintext highlighter-rouge">nonet</code> in the following examples), then grant the service access to that network using the alias.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    networks:
+      hostnet: {}
+
+networks:
+  hostnet:
+    external: true
+    name: host
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    ...
+    build:
+      ...
+      network: host
+      context: .
+      ...
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    ...
+    networks:
+      nonet: {}
+
+networks:
+  nonet:
+    external: true
+    name: none
+</pre></div> <h3 id="driver_opts-1">driver_opts</h3> <p>Specify a list of options as key-value pairs to pass to the driver for this network. Those options are driver-dependent - consult the driver’s documentation for more information. Optional.</p> <div class="highlight"><pre class="highlight" data-language="">driver_opts:
+  foo: "bar"
+  baz: 1
+</pre></div> <h3 id="attachable">attachable</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format.</p> </blockquote> <p>Only used when the <code class="language-plaintext highlighter-rouge">driver</code> is set to <code class="language-plaintext highlighter-rouge">overlay</code>. If set to <code class="language-plaintext highlighter-rouge">true</code>, then standalone containers can attach to this network, in addition to services. If a standalone container attaches to an overlay network, it can communicate with services and standalone containers that are also attached to the overlay network from other Docker daemons.</p> <div class="highlight"><pre class="highlight" data-language="">networks:
+  mynet1:
+    driver: overlay
+    attachable: true
+</pre></div> <h3 id="enable_ipv6">enable_ipv6</h3> <p>Enable IPv6 networking on this network.</p> <blockquote class="warning"> <p>Not supported in Compose File version 3</p> <p><code class="language-plaintext highlighter-rouge">enable_ipv6</code> requires you to use a version 2 Compose file, as this directive is not yet supported in Swarm mode.</p> </blockquote> <h3 id="ipam">ipam</h3> <p>Specify custom IPAM config. This is an object with several properties, each of which is optional:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">driver</code>: Custom IPAM driver, instead of the default.</li> <li>
+<code class="language-plaintext highlighter-rouge">config</code>: A list with zero or more config blocks, each containing any of the following keys: <ul> <li>
+<code class="language-plaintext highlighter-rouge">subnet</code>: Subnet in CIDR format that represents a network segment</li> </ul> </li> </ul> <p>A full example:</p> <div class="highlight"><pre class="highlight" data-language="">ipam:
+  driver: default
+  config:
+    - subnet: 172.28.0.0/16
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Additional IPAM configurations, such as <code class="language-plaintext highlighter-rouge">gateway</code>, are only honored for version 2 at the moment.</p> </blockquote> <h3 id="internal">internal</h3> <p>By default, Docker also connects a bridge network to it to provide external connectivity. If you want to create an externally isolated overlay network, you can set this option to <code class="language-plaintext highlighter-rouge">true</code>.</p> <h3 id="labels-4">labels</h3> <p>Add metadata to containers using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
+  com.example.description: "Financial transaction network"
+  com.example.department: "Finance"
+  com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
+  - "com.example.description=Financial transaction network"
+  - "com.example.department=Finance"
+  - "com.example.label-with-empty-value"
+</pre></div> <h3 id="external-1">external</h3> <p>If set to <code class="language-plaintext highlighter-rouge">true</code>, specifies that this network has been created outside of Compose. <code class="language-plaintext highlighter-rouge">docker-compose up</code> does not attempt to create it, and raises an error if it doesn’t exist.</p> <p>For version 3.3 and below of the format, <code class="language-plaintext highlighter-rouge">external</code> cannot be used in conjunction with other network configuration keys (<code class="language-plaintext highlighter-rouge">driver</code>, <code class="language-plaintext highlighter-rouge">driver_opts</code>, <code class="language-plaintext highlighter-rouge">ipam</code>, <code class="language-plaintext highlighter-rouge">internal</code>). This limitation no longer exists for <a href="../compose-versioning/index#version-34">version 3.4</a> and above.</p> <p>In the example below, <code class="language-plaintext highlighter-rouge">proxy</code> is the gateway to the outside world. Instead of attempting to create a network called <code class="language-plaintext highlighter-rouge">[projectname]_outside</code>, Compose looks for an existing network simply called <code class="language-plaintext highlighter-rouge">outside</code> and connect the <code class="language-plaintext highlighter-rouge">proxy</code> service’s containers to it.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+
+services:
+  proxy:
+    build: ./proxy
+    networks:
+      - outside
+      - default
+  app:
+    build: ./app
+    networks:
+      - default
+
+networks:
+  outside:
+    external: true
+</pre></div> <blockquote class="important"> <p>Deprecated in <a href="../compose-versioning/index#version-35">version 3.5</a> file format.</p> <p>external.name was deprecated in version 3.5 file format use <code class="language-plaintext highlighter-rouge">name</code> instead.</p> </blockquote> <p>You can also specify the name of the network separately from the name used to refer to it within the Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+networks:
+  outside:
+    external:
+      name: actual-name-of-network
+</pre></div> <h3 id="name-1">name</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-35">version 3.5</a> file format.</p> </blockquote> <p>Set a custom name for this network. The name field can be used to reference networks which contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+networks:
+  network1:
+    name: my-app-net
+</pre></div> <p>It can also be used in conjunction with the <code class="language-plaintext highlighter-rouge">external</code> property:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+networks:
+  network1:
+    external: true
+    name: my-app-net
+</pre></div> <h2 id="configs-configuration-reference">configs configuration reference</h2> <p>The top-level <code class="language-plaintext highlighter-rouge">configs</code> declaration defines or references <a href="../../../engine/swarm/configs/index">configs</a> that can be granted to the services in this stack. The source of the config is either <code class="language-plaintext highlighter-rouge">file</code> or <code class="language-plaintext highlighter-rouge">external</code>.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">file</code>: The config is created with the contents of the file at the specified path.</li> <li>
+<code class="language-plaintext highlighter-rouge">external</code>: If set to true, specifies that this config has already been created. Docker does not attempt to create it, and if it does not exist, a <code class="language-plaintext highlighter-rouge">config not found</code> error occurs.</li> <li>
+<code class="language-plaintext highlighter-rouge">name</code>: The name of the config object in Docker. This field can be used to reference configs that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name. Introduced in version 3.5 file format.</li> <li>
+<code class="language-plaintext highlighter-rouge">driver</code> and <code class="language-plaintext highlighter-rouge">driver_opts</code>: The name of a custom secret driver, and driver-specific options passed as key/value pairs. Introduced in version 3.8 file format, and only supported when using <code class="language-plaintext highlighter-rouge">docker stack</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">template_driver</code>: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported is <code class="language-plaintext highlighter-rouge">golang</code>, which uses a <code class="language-plaintext highlighter-rouge">golang</code>. Introduced in version 3.8 file format, and only supported when using <code class="language-plaintext highlighter-rouge">docker stack</code>. Refer to <a href="../../../engine/swarm/configs/index#example-use-a-templated-config">use a templated config</a> for a examples of templated configs.</li> </ul> <p>In this example, <code class="language-plaintext highlighter-rouge">my_first_config</code> is created (as <code class="language-plaintext highlighter-rouge">&lt;stack_name&gt;_my_first_config)</code>when the stack is deployed, and <code class="language-plaintext highlighter-rouge">my_second_config</code> already exists in Docker.</p> <div class="highlight"><pre class="highlight" data-language="">configs:
+  my_first_config:
+    file: ./config_data
+  my_second_config:
+    external: true
+</pre></div> <p>Another variant for external configs is when the name of the config in Docker is different from the name that exists within the service. The following example modifies the previous one to use the external config called <code class="language-plaintext highlighter-rouge">redis_config</code>.</p> <div class="highlight"><pre class="highlight" data-language="">configs:
+  my_first_config:
+    file: ./config_data
+  my_second_config:
+    external:
+      name: redis_config
+</pre></div> <p>You still need to <a href="#configs">grant access to the config</a> to each service in the stack.</p> <h2 id="secrets-configuration-reference">secrets configuration reference</h2> <p>The top-level <code class="language-plaintext highlighter-rouge">secrets</code> declaration defines or references <a href="../../../engine/swarm/secrets/index">secrets</a> that can be granted to the services in this stack. The source of the secret is either <code class="language-plaintext highlighter-rouge">file</code> or <code class="language-plaintext highlighter-rouge">external</code>.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">file</code>: The secret is created with the contents of the file at the specified path.</li> <li>
+<code class="language-plaintext highlighter-rouge">external</code>: If set to true, specifies that this secret has already been created. Docker does not attempt to create it, and if it does not exist, a <code class="language-plaintext highlighter-rouge">secret not found</code> error occurs.</li> <li>
+<code class="language-plaintext highlighter-rouge">name</code>: The name of the secret object in Docker. This field can be used to reference secrets that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name. Introduced in version 3.5 file format.</li> <li>
+<code class="language-plaintext highlighter-rouge">template_driver</code>: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported is <code class="language-plaintext highlighter-rouge">golang</code>, which uses a <code class="language-plaintext highlighter-rouge">golang</code>. Introduced in version 3.8 file format, and only supported when using <code class="language-plaintext highlighter-rouge">docker stack</code>.</li> </ul> <p>In this example, <code class="language-plaintext highlighter-rouge">my_first_secret</code> is created as <code class="language-plaintext highlighter-rouge">&lt;stack_name&gt;_my_first_secret</code>when the stack is deployed, and <code class="language-plaintext highlighter-rouge">my_second_secret</code> already exists in Docker.</p> <div class="highlight"><pre class="highlight" data-language="">secrets:
+  my_first_secret:
+    file: ./secret_data
+  my_second_secret:
+    external: true
+</pre></div> <p>Another variant for external secrets is when the name of the secret in Docker is different from the name that exists within the service. The following example modifies the previous one to use the external secret called <code class="language-plaintext highlighter-rouge">redis_secret</code>.</p> <h3 id="compose-file-v35-and-above">Compose File v3.5 and above</h3> <div class="highlight"><pre class="highlight" data-language="">secrets:
+  my_first_secret:
+    file: ./secret_data
+  my_second_secret:
+    external: true
+    name: redis_secret
+</pre></div> <h3 id="compose-file-v34-and-under">Compose File v3.4 and under</h3> <div class="highlight"><pre class="highlight" data-language="">  my_second_secret:
+    external:
+      name: redis_secret
+</pre></div> <p>You still need to <a href="#secrets">grant access to the secrets</a> to each service in the stack.</p> <h2 id="variable-substitution">Variable substitution</h2> <p>Your configuration options can contain environment variables. Compose uses the variable values from the shell environment in which <code class="language-plaintext highlighter-rouge">docker-compose</code> is run. For example, suppose the shell contains <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION=9.3</code> and you supply this configuration:</p> <div class="highlight"><pre class="highlight" data-language="">db:
+  image: "postgres:${POSTGRES_VERSION}"
+</pre></div> <p>When you run <code class="language-plaintext highlighter-rouge">docker-compose up</code> with this configuration, Compose looks for the <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION</code> environment variable in the shell and substitutes its value in. For this example, Compose resolves the <code class="language-plaintext highlighter-rouge">image</code> to <code class="language-plaintext highlighter-rouge">postgres:9.3</code> before running the configuration.</p> <p>If an environment variable is not set, Compose substitutes with an empty string. In the example above, if <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION</code> is not set, the value for the <code class="language-plaintext highlighter-rouge">image</code> option is <code class="language-plaintext highlighter-rouge">postgres:</code>.</p> <p>You can set default values for environment variables using a <a href="../../env-file/index"><code class="language-plaintext highlighter-rouge">.env</code> file</a>, which Compose automatically looks for in project directory (parent folder of your Compose file). Values set in the shell environment override those set in the <code class="language-plaintext highlighter-rouge">.env</code> file.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">.env file</code> feature only works when you use the <code class="language-plaintext highlighter-rouge">docker-compose up</code> command and does not work with <code class="language-plaintext highlighter-rouge">docker stack deploy</code>.</p> </blockquote> <p>Both <code class="language-plaintext highlighter-rouge">$VARIABLE</code> and <code class="language-plaintext highlighter-rouge">${VARIABLE}</code> syntax are supported. Additionally when using the <a href="../compose-versioning/index#version-21">2.1 file format</a>, it is possible to provide inline default values using typical shell syntax:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE:-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> only if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Similarly, the following syntax allows you to specify mandatory variables:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE:?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Other extended shell-style features, such as <code class="language-plaintext highlighter-rouge">${VARIABLE/foo/bar}</code>, are not supported.</p> <p>You can use a <code class="language-plaintext highlighter-rouge">$$</code> (double-dollar sign) when your configuration needs a literal dollar sign. This also prevents Compose from interpolating a value, so a <code class="language-plaintext highlighter-rouge">$$</code> allows you to refer to environment variables that you don’t want processed by Compose.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  build: .
+  command: "$$VAR_NOT_INTERPOLATED_BY_COMPOSE"
+</pre></div> <p>If you forget and use a single dollar sign (<code class="language-plaintext highlighter-rouge">$</code>), Compose interprets the value as an environment variable and warns you:</p> <div class="highlight"><pre class="highlight" data-language="">The VAR_NOT_INTERPOLATED_BY_COMPOSE is not set. Substituting an empty string.
+</pre></div> <h2 id="extension-fields">Extension fields</h2> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> </blockquote> <p>It is possible to re-use configuration fragments using extension fields. Those special fields can be of any format as long as they are located at the root of your Compose file and their name start with the <code class="language-plaintext highlighter-rouge">x-</code> character sequence.</p> <blockquote> <p><strong>Note</strong></p> <p>Starting with the 3.7 format (for the 3.x series) and 2.4 format (for the 2.x series), extension fields are also allowed at the root of service, volume, network, config and secret definitions.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+x-custom:
+  items:
+    - a
+    - b
+  options:
+    max-size: '12m'
+  name: "custom"
+</pre></div> <p>The contents of those fields are ignored by Compose, but they can be inserted in your resource definitions using <a href="https://yaml.org/spec/1.2/spec.html#id2765878">YAML anchors</a>. For example, if you want several of your services to use the same logging configuration:</p> <div class="highlight"><pre class="highlight" data-language="">logging:
+  options:
+    max-size: '12m'
+    max-file: '5'
+  driver: json-file
+</pre></div> <p>You may write your Compose file as follows:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+x-logging:
+  &amp;default-logging
+  options:
+    max-size: '12m'
+    max-file: '5'
+  driver: json-file
+
+services:
+  web:
+    image: myapp/web:latest
+    logging: *default-logging
+  db:
+    image: mysql:latest
+    logging: *default-logging
+</pre></div> <p>It is also possible to partially override values in extension fields using the <a href="https://yaml.org/type/merge.html">YAML merge type</a>. For example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+x-volumes:
+  &amp;default-volume
+  driver: foobar-storage
+
+services:
+  web:
+    image: myapp/web:latest
+    volumes: ["vol1", "vol2", "vol3"]
+volumes:
+  vol1: *default-volume
+  vol2:
+    &lt;&lt; : *default-volume
+    name: volume02
+  vol3:
+    &lt;&lt; : *default-volume
+    driver: default
+    name: volume-local
+</pre></div> <h2 id="compose-documentation">Compose documentation</h2> <ul> <li><a href="../../index">User guide</a></li> <li><a href="../../install/index">Installing Compose</a></li> <li><a href="../compose-versioning/index">Compose file versions and upgrading</a></li> <li><a href="../../samples-for-compose/index">Sample apps with Compose</a></li> <li><a href="../../reference/index">Command line reference</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose%20version%203">compose version 3</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/compose-file/compose-file-v3/" class="_attribution-link">https://docs.docker.com/compose/compose-file/compose-file-v3/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fcompose-file%2Fcompose-versioning%2Findex.html b/devdocs/docker/compose%2Fcompose-file%2Fcompose-versioning%2Findex.html
new file mode 100644
index 00000000..2a8d7ac1
--- /dev/null
+++ b/devdocs/docker/compose%2Fcompose-file%2Fcompose-versioning%2Findex.html
@@ -0,0 +1,151 @@
+<h1>Compose file versions and upgrading</h1>
+
+<p>The Compose file is a <a href="https://yaml.org">YAML</a> file defining services, networks, and volumes for a Docker application.</p> <p>The Compose file formats are now described in these references, specific to each version.</p> <table> <thead> <tr> <th style="text-align: left"><strong>Reference file</strong></th> <th style="text-align: left"><strong>What changed in this version</strong></th> </tr> </thead> <tbody> <tr> <td style="text-align: left">
+<a href="../index">Compose Specification</a> (most current, and recommended)</td> <td style="text-align: left"><a href="index#versioning">Versioning</a></td> </tr> <tr> <td style="text-align: left"><a href="../compose-file-v3/index">Version 3</a></td> <td style="text-align: left"><a href="#version-3">Version 3 updates</a></td> </tr> <tr> <td style="text-align: left"><a href="../compose-file-v2/index">Version 2</a></td> <td style="text-align: left"><a href="#version-2">Version 2 updates</a></td> </tr> <tr> <td style="text-align: left">Version 1 (Deprecated)</td> <td style="text-align: left"><a href="#version-1-deprecated">Version 1 updates</a></td> </tr> </tbody> </table> <p>The topics below explain the differences among the versions, Docker Engine compatibility, and <a href="#upgrading">how to upgrade</a>.</p> <h2 id="compatibility-matrix">Compatibility matrix</h2> <p>There are several versions of the Compose file format – 1, 2, 2.x, and 3.x</p> <p>This table shows which Compose file versions support specific Docker releases.</p> <table> <thead> <tr> <th><strong>Compose file format</strong></th> <th><strong>Docker Engine release</strong></th> </tr> </thead> <tbody> <tr> <td>Compose specification</td> <td>19.03.0+</td> </tr> <tr> <td>3.8</td> <td>19.03.0+</td> </tr> <tr> <td>3.7</td> <td>18.06.0+</td> </tr> <tr> <td>3.6</td> <td>18.02.0+</td> </tr> <tr> <td>3.5</td> <td>17.12.0+</td> </tr> <tr> <td>3.4</td> <td>17.09.0+</td> </tr> <tr> <td>3.3</td> <td>17.06.0+</td> </tr> <tr> <td>3.2</td> <td>17.04.0+</td> </tr> <tr> <td>3.1</td> <td>1.13.1+</td> </tr> <tr> <td>3.0</td> <td>1.13.0+</td> </tr> <tr> <td>2.4</td> <td>17.12.0+</td> </tr> <tr> <td>2.3</td> <td>17.06.0+</td> </tr> <tr> <td>2.2</td> <td>1.13.0+</td> </tr> <tr> <td>2.1</td> <td>1.12.0+</td> </tr> <tr> <td>2.0</td> <td>1.10.0+</td> </tr> </tbody> </table> <p>In addition to Compose file format versions shown in the table, the Compose itself is on a release schedule, as shown in <a href="https://github.com/docker/compose/releases/">Compose releases</a>, but file format versions do not necessarily increment with each release. For example, Compose file format 3.0 was first introduced in <a href="https://github.com/docker/compose/releases/tag/1.10.0">Compose release 1.10.0</a>, and versioned gradually in subsequent releases.</p> <p>The latest Compose file format is defined by the <a href="https://github.com/compose-spec/compose-spec/blob/master/spec/" target="_blank" rel="noopener" class="_">Compose Specification</a> and is implemented by Docker Compose <strong>1.27.0+</strong>.</p> <blockquote> <p>Looking for more detail on Docker and Compose compatibility?</p> <p>We recommend keeping up-to-date with newer releases as much as possible. However, if you are using an older version of Docker and want to determine which Compose release is compatible, refer to the <a href="https://github.com/docker/compose/releases/">Compose release notes</a>. Each set of release notes gives details on which versions of Docker Engine are supported, along with compatible Compose file format versions. (See also, the discussion in <a href="https://github.com/docker/docker.github.io/issues/3404">issue #3404</a>.)</p> </blockquote> <p>For details on versions and how to upgrade, see <a href="index#versioning">Versioning</a> and <a href="index#upgrading">Upgrading</a>.</p> <h2 id="versioning">Versioning</h2> <p>There are three legacy versions of the Compose file format:</p> <ul> <li> <p>Version 1. This is specified by omitting a <code class="language-plaintext highlighter-rouge">version</code> key at the root of the YAML.</p> </li> <li> <p>Version 2.x. This is specified with a <code class="language-plaintext highlighter-rouge">version: '2'</code> or <code class="language-plaintext highlighter-rouge">version: '2.1'</code>, etc., entry at the root of the YAML.</p> </li> <li> <p>Version 3.x, designed to be cross-compatible between Compose and the Docker Engine’s <a href="../../../engine/swarm/index">swarm mode</a>. This is specified with a <code class="language-plaintext highlighter-rouge">version: '3'</code> or <code class="language-plaintext highlighter-rouge">version: '3.1'</code>, etc., entry at the root of the YAML.</p> </li> </ul> <p>The latest and recommended version of the Compose file format is defined by the <a href="https://github.com/compose-spec/compose-spec/blob/master/spec/">Compose Specification</a>. This format merges the 2.x and 3.x versions and is implemented by <strong>Compose 1.27.0+</strong>.</p> <blockquote> <h3 id="v2-and-v3-declaration">v2 and v3 Declaration</h3> <p><strong>Note</strong>: When specifying the Compose file version to use, make sure to specify both the <em>major</em> and <em>minor</em> numbers. If no minor version is given, <code class="language-plaintext highlighter-rouge">0</code> is used by default and not the latest minor version.</p> </blockquote> <p>The <a href="#compatibility-matrix">Compatibility Matrix</a> shows Compose file versions mapped to Docker Engine releases.</p> <p>To move your project to a later version, see the <a href="#upgrading">Upgrading</a> section.</p> <blockquote> <p><strong>Note</strong>: If you’re using <a href="../../extends/index#multiple-compose-files">multiple Compose files</a> or <a href="../../extends/index#extending-services">extending services</a>, each file must be of the same version - you cannot, for example, mix version 1 and 2 in a single project.</p> </blockquote> <p>Several things differ depending on which version you use:</p> <ul> <li>The structure and permitted configuration keys</li> <li>The minimum Docker Engine version you must be running</li> <li>Compose’s behaviour with regards to networking</li> </ul> <p>These differences are explained below.</p> <h3 id="version-1-deprecated">Version 1 (Deprecated)</h3> <p>Compose files that do not declare a version are considered “version 1”. In those files, all the <a href="../compose-file-v3/index#service-configuration-reference">services</a> are declared at the root of the document.</p> <p>Version 1 is supported by <strong>Compose up to 1.6.x</strong>. It will be deprecated in a future Compose release.</p> <p>Version 1 files cannot declare named <a href="../compose-file-v3/index#volume-configuration-reference">volumes</a>, <a href="../compose-file-v3/index#network-configuration-reference">networks</a> or <a href="../compose-file-v3/index#args">build arguments</a>.</p> <p>Compose does not take advantage of <a href="../../networking/index">networking</a> when you use version 1: every container is placed on the default <code class="language-plaintext highlighter-rouge">bridge</code> network and is reachable from every other container at its IP address. You need to use <code class="language-plaintext highlighter-rouge">links</code> to enable discovery between containers.</p> <p>Example:</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  build: .
+  ports:
+   - "8000:5000"
+  volumes:
+   - .:/code
+  links:
+   - redis
+redis:
+  image: redis
+</pre></div> <h3 id="version-2">Version 2</h3> <p>Compose files using the version 2 syntax must indicate the version number at the root of the document. All <a href="../compose-file-v2/index#service-configuration-reference">services</a> must be declared under the <code class="language-plaintext highlighter-rouge">services</code> key.</p> <p>Version 2 files are supported by <strong>Compose 1.6.0+</strong> and require a Docker Engine of version <strong>1.10.0+</strong>.</p> <p>Named <a href="../compose-file-v2/index#volume-configuration-reference">volumes</a> can be declared under the <code class="language-plaintext highlighter-rouge">volumes</code> key, and <a href="../compose-file-v2/index#network-configuration-reference">networks</a> can be declared under the <code class="language-plaintext highlighter-rouge">networks</code> key.</p> <p>By default, every container joins an application-wide default network, and is discoverable at a hostname that’s the same as the service name. This means <a href="../compose-file-v2/index#links">links</a> are largely unnecessary. For more details, see <a href="../../networking/index">Networking in Compose</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>When specifying the Compose file version to use, make sure to specify both the <em>major</em> and <em>minor</em> numbers. If no minor version is given, <code class="language-plaintext highlighter-rouge">0</code> is used by default and not the latest minor version. As a result, features added in later versions will not be supported. For example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2"
+</pre></div>  <p>is equivalent to:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.0"
+</pre></div>  </blockquote> <p>Simple example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  web:
+    build: .
+    ports:
+     - "8000:5000"
+    volumes:
+     - .:/code
+  redis:
+    image: redis
+</pre></div> <p>A more extended example, defining volumes and networks:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  web:
+    build: .
+    ports:
+     - "8000:5000"
+    volumes:
+     - .:/code
+    networks:
+      - front-tier
+      - back-tier
+  redis:
+    image: redis
+    volumes:
+      - redis-data:/var/lib/redis
+    networks:
+      - back-tier
+volumes:
+  redis-data:
+    driver: local
+networks:
+  front-tier:
+    driver: bridge
+  back-tier:
+    driver: bridge
+</pre></div> <p>Several other options were added to support networking, such as:</p> <ul> <li> <p><a href="../compose-file-v2/index#aliases"><code class="language-plaintext highlighter-rouge">aliases</code></a></p> </li> <li> <p>The <a href="../compose-file-v2/index#depends_on"><code class="language-plaintext highlighter-rouge">depends_on</code></a> option can be used in place of links to indicate dependencies between services and startup order.</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  web:
+    build: .
+    depends_on:
+      - db
+      - redis
+  redis:
+    image: redis
+  db:
+    image: postgres
+</pre></div>  </li> <li> <p><a href="../compose-file-v2/index#ipv4_address-ipv6_address"><code class="language-plaintext highlighter-rouge">ipv4_address</code>, <code class="language-plaintext highlighter-rouge">ipv6_address</code></a></p> </li> </ul> <p><a href="../compose-file-v2/index#variable-substitution">Variable substitution</a> also was added in Version 2.</p> <h3 id="version-21">Version 2.1</h3> <p>An upgrade of <a href="#version-2">version 2</a> that introduces new parameters only available with Docker Engine version <strong>1.12.0+</strong>. Version 2.1 files are supported by <strong>Compose 1.9.0+</strong>.</p> <p>Introduces the following additional parameters:</p> <ul> <li><a href="../compose-file-v2/index#link_local_ips"><code class="language-plaintext highlighter-rouge">link_local_ips</code></a></li> <li>
+<a href="../compose-file-v2/index#isolation-1"><code class="language-plaintext highlighter-rouge">isolation</code></a> in build configurations and service definitions</li> <li>
+<code class="language-plaintext highlighter-rouge">labels</code> for <a href="../compose-file-v2/index#volume-configuration-reference">volumes</a>, <a href="../compose-file-v2/index#network-configuration-reference">networks</a>, and <a href="../compose-file-v3/index#build">build</a>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">name</code> for <a href="../compose-file-v2/index#volume-configuration-reference">volumes</a>
+</li> <li><a href="../compose-file-v2/index#userns_mode"><code class="language-plaintext highlighter-rouge">userns_mode</code></a></li> <li><a href="../compose-file-v2/index#healthcheck"><code class="language-plaintext highlighter-rouge">healthcheck</code></a></li> <li><a href="../compose-file-v2/index#sysctls"><code class="language-plaintext highlighter-rouge">sysctls</code></a></li> <li><a href="../compose-file-v2/index#pids_limit"><code class="language-plaintext highlighter-rouge">pids_limit</code></a></li> <li><a href="../compose-file-v2/index#cpu-and-other-resources"><code class="language-plaintext highlighter-rouge">oom_kill_disable</code></a></li> <li><a href="../compose-file-v2/index#cpu-and-other-resources"><code class="language-plaintext highlighter-rouge">cpu_period</code></a></li> </ul> <h3 id="version-22">Version 2.2</h3> <p>An upgrade of <a href="#version-21">version 2.1</a> that introduces new parameters only available with Docker Engine version <strong>1.13.0+</strong>. Version 2.2 files are supported by <strong>Compose 1.13.0+</strong>. This version also allows you to specify default scale numbers inside the service’s configuration.</p> <p>Introduces the following additional parameters:</p> <ul> <li><a href="../compose-file-v2/index#init"><code class="language-plaintext highlighter-rouge">init</code></a></li> <li><a href="../compose-file-v2/index#scale"><code class="language-plaintext highlighter-rouge">scale</code></a></li> <li><a href="../compose-file-v2/index#cpu_rt_runtime-cpu_rt_period"><code class="language-plaintext highlighter-rouge">cpu_rt_runtime</code> and <code class="language-plaintext highlighter-rouge">cpu_rt_period</code></a></li> <li>
+<a href="../compose-file-v2/index#network"><code class="language-plaintext highlighter-rouge">network</code></a> for <a href="../compose-file-v2/index#build">build configurations</a>
+</li> </ul> <h3 id="version-23">Version 2.3</h3> <p>An upgrade of <a href="#version-22">version 2.2</a> that introduces new parameters only available with Docker Engine version <strong>17.06.0+</strong>. Version 2.3 files are supported by <strong>Compose 1.16.0+</strong>.</p> <p>Introduces the following additional parameters:</p> <ul> <li>
+<a href="../compose-file-v2/index#target"><code class="language-plaintext highlighter-rouge">target</code></a>, <a href="../compose-file-v2/index#extra_hosts-1"><code class="language-plaintext highlighter-rouge">extra_hosts</code></a> and <a href="../compose-file-v2/index#shm_size"><code class="language-plaintext highlighter-rouge">shm_size</code></a> for <a href="../compose-file-v2/index#build">build configurations</a>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">start_period</code> for <a href="../compose-file-v2/index#healthcheck"><code class="language-plaintext highlighter-rouge">healthchecks</code></a>
+</li> <li><a href="../compose-file-v2/index#long-syntax">“Long syntax” for volumes</a></li> <li>
+<a href="../compose-file-v2/index#runtime"><code class="language-plaintext highlighter-rouge">runtime</code></a> for service definitions</li> <li><a href="../compose-file-v2/index#device_cgroup_rules"><code class="language-plaintext highlighter-rouge">device_cgroup_rules</code></a></li> </ul> <h3 id="version-24">Version 2.4</h3> <p>An upgrade of <a href="#version-23">version 2.3</a> that introduces new parameters only available with Docker Engine version <strong>17.12.0+</strong>. Version 2.4 files are supported by <strong>Compose 1.21.0+</strong>.</p> <p>Introduces the following additional parameters:</p> <ul> <li>
+<a href="../compose-file-v2/index#platform"><code class="language-plaintext highlighter-rouge">platform</code></a> for service definitions</li> <li>Support for extension fields at the root of service, network, and volume definitions</li> </ul> <h3 id="version-3">Version 3</h3> <p>Designed to be cross-compatible between Compose and the Docker Engine’s <a href="../../../engine/swarm/index">swarm mode</a>, version 3 removes several options and adds several more.</p> <ul> <li> <p>Removed: <code class="language-plaintext highlighter-rouge">volume_driver</code>, <code class="language-plaintext highlighter-rouge">volumes_from</code>, <code class="language-plaintext highlighter-rouge">cpu_shares</code>, <code class="language-plaintext highlighter-rouge">cpu_quota</code>, <code class="language-plaintext highlighter-rouge">cpuset</code>, <code class="language-plaintext highlighter-rouge">mem_limit</code>, <code class="language-plaintext highlighter-rouge">memswap_limit</code>, <code class="language-plaintext highlighter-rouge">extends</code>, <code class="language-plaintext highlighter-rouge">group_add</code>. See the <a href="#upgrading">upgrading</a> guide for how to migrate away from these. (For more information on <code class="language-plaintext highlighter-rouge">extends</code>, see <a href="../../extends/index#extending-services">Extending services</a>.)</p> </li> <li> <p>Added: <a href="../compose-file-v3/index#deploy">deploy</a></p> </li> </ul> <blockquote> <p><strong>Note</strong>: When specifying the Compose file version to use, make sure to specify both the <em>major</em> and <em>minor</em> numbers. If no minor version is given, <code class="language-plaintext highlighter-rouge">0</code> is used by default and not the latest minor version. As a result, features added in later versions will not be supported. For example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3"
+</pre></div>  <p>is equivalent to:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.0"
+</pre></div>  </blockquote> <h3 id="version-31">Version 3.1</h3> <p>An upgrade of <a href="#version-3">version 3</a> that introduces new parameters only available with Docker Engine version <strong>1.13.1+</strong>, and higher.</p> <p>Introduces the following additional parameters:</p> <ul> <li><a href="../compose-file-v3/index#secrets"><code class="language-plaintext highlighter-rouge">secrets</code></a></li> </ul> <h3 id="version-32">Version 3.2</h3> <p>An upgrade of <a href="#version-3">version 3</a> that introduces new parameters only available with Docker Engine version <strong>17.04.0+</strong>, and higher.</p> <p>Introduces the following additional parameters:</p> <ul> <li>
+<a href="../compose-file-v3/index#cache_from"><code class="language-plaintext highlighter-rouge">cache_from</code></a> in <a href="../compose-file-v3/index#build">build configurations</a>
+</li> <li>Long syntax for <a href="../compose-file-v3/index#ports">ports</a> and <a href="../compose-file-v3/index#volumes">volume mounts</a>
+</li> <li>
+<a href="../compose-file-v3/index#attachable"><code class="language-plaintext highlighter-rouge">attachable</code></a> network driver option</li> <li><a href="../compose-file-v3/index#endpoint_mode">deploy <code class="language-plaintext highlighter-rouge">endpoint_mode</code></a></li> <li><a href="../compose-file-v3/index#placement">deploy placement <code class="language-plaintext highlighter-rouge">preference</code></a></li> </ul> <h3 id="version-33">Version 3.3</h3> <p>An upgrade of <a href="#version-3">version 3</a> that introduces new parameters only available with Docker Engine version <strong>17.06.0+</strong>, and higher.</p> <p>Introduces the following additional parameters:</p> <ul> <li><a href="../compose-file-v3/index#build">build <code class="language-plaintext highlighter-rouge">labels</code></a></li> <li><a href="../compose-file-v3/index#credential_spec"><code class="language-plaintext highlighter-rouge">credential_spec</code></a></li> <li><a href="../compose-file-v3/index#configs"><code class="language-plaintext highlighter-rouge">configs</code></a></li> </ul> <h3 id="version-34">Version 3.4</h3> <p>An upgrade of <a href="#version-3">version 3</a> that introduces new parameters. It is only available with Docker Engine version <strong>17.09.0</strong> and higher.</p> <p>Introduces the following additional parameters:</p> <ul> <li>
+<a href="../compose-file-v3/index#target"><code class="language-plaintext highlighter-rouge">target</code></a> and <a href="../compose-file-v3/index#network"><code class="language-plaintext highlighter-rouge">network</code></a> in <a href="../compose-file-v3/index#build">build configurations</a>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">start_period</code> for <a href="../compose-file-v3/index#healthcheck"><code class="language-plaintext highlighter-rouge">healthchecks</code></a>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">order</code> for <a href="../compose-file-v3/index#update_config">update configurations</a>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">name</code> for <a href="../compose-file-v3/index#volume-configuration-reference">volumes</a>
+</li> </ul> <h3 id="version-35">Version 3.5</h3> <p>An upgrade of <a href="#version-3">version 3</a> that introduces new parameters. It is only available with Docker Engine version <strong>17.12.0</strong> and higher.</p> <p>Introduces the following additional parameters:</p> <ul> <li>
+<a href="../compose-file-v3/index#isolation"><code class="language-plaintext highlighter-rouge">isolation</code></a> in service definitions</li> <li>
+<code class="language-plaintext highlighter-rouge">name</code> for networks, secrets and configs</li> <li>
+<code class="language-plaintext highlighter-rouge">shm_size</code> in <a href="../compose-file-v3/index#build">build configurations</a>
+</li> </ul> <h3 id="version-36">Version 3.6</h3> <p>An upgrade of <a href="#version-3">version 3</a> that introduces new parameters. It is only available with Docker Engine version <strong>18.02.0</strong> and higher.</p> <p>Introduces the following additional parameters:</p> <ul> <li>
+<a href="../compose-file-v3/index#long-syntax-3"><code class="language-plaintext highlighter-rouge">tmpfs</code> size</a> for <code class="language-plaintext highlighter-rouge">tmpfs</code>-type mounts</li> </ul> <h3 id="version-37">Version 3.7</h3> <p>An upgrade of <a href="#version-3">version 3</a> that introduces new parameters. It is only available with Docker Engine version <strong>18.06.0</strong> and higher.</p> <p>Introduces the following additional parameters:</p> <ul> <li>
+<a href="../compose-file-v3/index#init"><code class="language-plaintext highlighter-rouge">init</code></a> in service definitions</li> <li>
+<a href="../compose-file-v3/index#rollback_config"><code class="language-plaintext highlighter-rouge">rollback_config</code></a> in deploy configurations</li> <li>Support for extension fields at the root of service, network, volume, secret and config definitions</li> </ul> <h3 id="version-38">Version 3.8</h3> <p>An upgrade of <a href="#version-3">version 3</a> that introduces new parameters. It is only available with Docker Engine version <strong>19.03.0</strong> and higher.</p> <p>Introduces the following additional parameters:</p> <ul> <li>
+<a href="../compose-file-v3/index#max_replicas_per_node"><code class="language-plaintext highlighter-rouge">max_replicas_per_node</code></a> in placement configurations</li> <li>
+<code class="language-plaintext highlighter-rouge">template_driver</code> option for <a href="../compose-file-v3/index#configs-configuration-reference">config</a> and <a href="../compose-file-v3/index#secrets-configuration-reference">secret</a> configurations. This option is only supported when deploying swarm services using <code class="language-plaintext highlighter-rouge">docker stack deploy</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">driver</code> and <code class="language-plaintext highlighter-rouge">driver_opts</code> option for <a href="../compose-file-v3/index#secrets-configuration-reference">secret</a> configurations. This option is only supported when deploying swarm services using <code class="language-plaintext highlighter-rouge">docker stack deploy</code>.</li> </ul> <h2 id="upgrading">Upgrading</h2> <h3 id="version-2x-to-3x">Version 2.x to 3.x</h3> <p>Between versions 2.x and 3.x, the structure of the Compose file is the same, but several options have been removed:</p> <ul> <li> <p><code class="language-plaintext highlighter-rouge">volume_driver</code>: Instead of setting the volume driver on the service, define a volume using the <a href="../compose-file-v3/index#volume-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">volumes</code> option</a> and specify the driver there.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  db:
+    image: postgres
+    volumes:
+      - data:/var/lib/postgresql/data
+volumes:
+  data:
+    driver: mydriver
+</pre></div>  </li> <li> <p><code class="language-plaintext highlighter-rouge">volumes_from</code>: To share a volume between services, define it using the <a href="../compose-file-v3/index#volume-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">volumes</code> option</a> and reference it from each service that shares it using the <a href="../compose-file-v3/index#driver">service-level <code class="language-plaintext highlighter-rouge">volumes</code> option</a>.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">cpu_shares</code>, <code class="language-plaintext highlighter-rouge">cpu_quota</code>, <code class="language-plaintext highlighter-rouge">cpuset</code>, <code class="language-plaintext highlighter-rouge">mem_limit</code>, <code class="language-plaintext highlighter-rouge">memswap_limit</code>: These have been replaced by the <a href="../compose-file-v3/index#resources">resources</a> key under <code class="language-plaintext highlighter-rouge">deploy</code>. <code class="language-plaintext highlighter-rouge">deploy</code> configuration only takes effect when using <code class="language-plaintext highlighter-rouge">docker stack deploy</code>, and is ignored by <code class="language-plaintext highlighter-rouge">docker-compose</code>.</p> </li> <li>
+<code class="language-plaintext highlighter-rouge">extends</code>: This option has been removed for <code class="language-plaintext highlighter-rouge">version: "3.x"</code> Compose files. (For more information, see <a href="../../extends/index#extending-services">Extending services</a>.)</li> <li>
+<code class="language-plaintext highlighter-rouge">group_add</code>: This option has been removed for <code class="language-plaintext highlighter-rouge">version: "3.x"</code> Compose files.</li> <li>
+<code class="language-plaintext highlighter-rouge">pids_limit</code>: This option has not been introduced in <code class="language-plaintext highlighter-rouge">version: "3.x"</code> Compose files.</li> <li>
+<code class="language-plaintext highlighter-rouge">link_local_ips</code> in <code class="language-plaintext highlighter-rouge">networks</code>: This option has not been introduced in <code class="language-plaintext highlighter-rouge">version: "3.x"</code> Compose files.</li> </ul> <h3 id="version-1-to-2x">Version 1 to 2.x</h3> <p>In the majority of cases, moving from version 1 to 2 is a very simple process:</p> <ol> <li>Indent the whole file by one level and put a <code class="language-plaintext highlighter-rouge">services:</code> key at the top.</li> <li>Add a <code class="language-plaintext highlighter-rouge">version: '2'</code> line at the top of the file.</li> </ol> <p>It’s more complicated if you’re using particular configuration features:</p> <ul> <li> <p><code class="language-plaintext highlighter-rouge">dockerfile</code>: This now lives under the <code class="language-plaintext highlighter-rouge">build</code> key:</p> <div class="highlight"><pre class="highlight" data-language="">build:
+  context: .
+  dockerfile: Dockerfile-alternate
+</pre></div>  </li> <li> <p><code class="language-plaintext highlighter-rouge">log_driver</code>, <code class="language-plaintext highlighter-rouge">log_opt</code>: These now live under the <code class="language-plaintext highlighter-rouge">logging</code> key:</p> <div class="highlight"><pre class="highlight" data-language="">logging:
+  driver: syslog
+  options:
+    syslog-address: "tcp://192.168.0.42:123"
+</pre></div>  </li> <li> <p><code class="language-plaintext highlighter-rouge">links</code> with environment variables: environment variables created by links, such as <code class="language-plaintext highlighter-rouge">CONTAINERNAME_PORT</code>, ` have been deprecated for some time. In the new Docker network system, they have been removed. You should either connect directly to the appropriate hostname or set the relevant environment variable yourself, using the link hostname:</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  links:
+    - db
+  environment:
+    - DB_PORT=tcp://db:5432
+</pre></div>  </li> <li> <p><code class="language-plaintext highlighter-rouge">external_links</code>: Compose uses Docker networks when running version 2 projects, so links behave slightly differently. In particular, two containers must be connected to at least one network in common in order to communicate, even if explicitly linked together.</p> <p>Either connect the external container to your app’s <a href="../../networking/index">default network</a>, or connect both the external container and your service’s containers to an <a href="../../networking/index#use-a-pre-existing-network">external network</a>.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">net</code>: This is now replaced by <a href="../compose-file-v3/index#network_mode">network_mode</a>:</p> <div class="highlight"><pre class="highlight" data-language="">net: host    -&gt;  network_mode: host
+net: bridge  -&gt;  network_mode: bridge
+net: none    -&gt;  network_mode: none
+</pre></div>  <p>If you’re using <code class="language-plaintext highlighter-rouge">net: "container:[service name]"</code>, you must now use <code class="language-plaintext highlighter-rouge">network_mode: "service:[service name]"</code> instead.</p> <div class="highlight"><pre class="highlight" data-language="">net: "container:web"  -&gt;  network_mode: "service:web"
+</pre></div>  <p>If you’re using <code class="language-plaintext highlighter-rouge">net: "container:[container name/id]"</code>, the value does not need to change.</p> <div class="highlight"><pre class="highlight" data-language="">net: "container:cont-name"  -&gt;  network_mode: "container:cont-name"
+net: "container:abc12345"   -&gt;  network_mode: "container:abc12345"
+</pre></div>  </li> <li> <p><code class="language-plaintext highlighter-rouge">volumes</code> with named volumes: these must now be explicitly declared in a top-level <code class="language-plaintext highlighter-rouge">volumes</code> section of your Compose file. If a service mounts a named volume called <code class="language-plaintext highlighter-rouge">data</code>, you must declare a <code class="language-plaintext highlighter-rouge">data</code> volume in your top-level <code class="language-plaintext highlighter-rouge">volumes</code> section. The whole file might look like this:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2.4"
+services:
+  db:
+    image: postgres
+    volumes:
+      - data:/var/lib/postgresql/data
+volumes:
+  data: {}
+</pre></div>  <p>By default, Compose creates a volume whose name is prefixed with your project name. If you want it to just be called <code class="language-plaintext highlighter-rouge">data</code>, declare it as external:</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  data:
+    external: true
+</pre></div>  </li> </ul> <h2 id="compatibility-mode">Compatibility mode</h2> <p><code class="language-plaintext highlighter-rouge">docker-compose</code> 1.20.0 introduces a new <code class="language-plaintext highlighter-rouge">--compatibility</code> flag designed to help developers transition to version 3 more easily. When enabled, <code class="language-plaintext highlighter-rouge">docker-compose</code> reads the <code class="language-plaintext highlighter-rouge">deploy</code> section of each service’s definition and attempts to translate it into the equivalent version 2 parameter. Currently, the following deploy keys are translated:</p> <ul> <li>
+<a href="../compose-file-v3/index#resources">resources</a> limits and memory reservations</li> <li><a href="../compose-file-v3/index#replicas">replicas</a></li> <li>
+<a href="../compose-file-v3/index#restart_policy">restart_policy</a> <code class="language-plaintext highlighter-rouge">condition</code> and <code class="language-plaintext highlighter-rouge">max_attempts</code>
+</li> </ul> <p>All other keys are ignored and produce a warning if present. You can review the configuration that will be used to deploy by using the <code class="language-plaintext highlighter-rouge">--compatibility</code> flag with the <code class="language-plaintext highlighter-rouge">config</code> command.</p> <blockquote> <p>Do not use this in production!</p> <p>We recommend against using <code class="language-plaintext highlighter-rouge">--compatibility</code> mode in production. Because the resulting configuration is only an approximate using non-Swarm mode properties, it may produce unexpected results.</p> </blockquote> <h2 id="compose-file-format-references">Compose file format references</h2> <ul> <li><a href="../index">Compose Specification</a></li> <li><a href="../compose-file-v3/index">Compose file version 3</a></li> <li><a href="../compose-file-v2/index">Compose file version 2</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=versions">versions</a>, <a href="https://docs.docker.com/search/?q=upgrading">upgrading</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/compose-file/compose-versioning/" class="_attribution-link">https://docs.docker.com/compose/compose-file/compose-versioning/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fcompose-file%2Fdeploy%2Findex.html b/devdocs/docker/compose%2Fcompose-file%2Fdeploy%2Findex.html
new file mode 100644
index 00000000..ac3b0330
--- /dev/null
+++ b/devdocs/docker/compose%2Fcompose-file%2Fdeploy%2Findex.html
@@ -0,0 +1,126 @@
+<h1>Compose file deploy reference</h1>
+
+<p>Compose specification is a platform-neutral way to define multi-container applications. A Compose implementation supporting deployment of application model MAY require some additional metadata as the Compose application model is way too abstract to reflect actual infrastructure needs per service, or lifecycle constraints.</p> <p>Compose Specification Deployment allows users to declare additional metadata on services so Compose implementations get relevant data to allocate adequate resources on platform and configure them to match user’s needs.</p> <h2 id="definitions">Definitions</h2> <p>Compose Specification is extended to support an OPTIONAL <code class="language-plaintext highlighter-rouge">deploy</code> subsection on services. This section define runtime requirements for a service.</p> <h3 id="endpoint_mode">endpoint_mode</h3> <p><code class="language-plaintext highlighter-rouge">endpoint_mode</code> specifies a service discovery method for external clients connecting to a service. Default and available values are platform specific, anyway the Compose specification define two canonical values:</p> <ul> <li> <p><code class="language-plaintext highlighter-rouge">endpoint_mode: vip</code>: Assigns the service a virtual IP (VIP) that acts as the front end for clients to reach the service on a network. Platform routes requests between the client and nodes running the service, without client knowledge of how many nodes are participating in the service or their IP addresses or ports.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">endpoint_mode: dnsrr</code>: Platform sets up DNS entries for the service such that a DNS query for the service name returns a list of IP addresses (DNS round-robin), and the client connects directly to one of these.</p> </li> </ul> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    ports:
+      - "8080:80"
+    deploy:
+      mode: replicated
+      replicas: 2
+      endpoint_mode: vip
+</pre></div> <h3 id="labels">labels</h3> <p><code class="language-plaintext highlighter-rouge">labels</code> specifies metadata for the service. These labels MUST <em>only</em> be set on the service and <em>not</em> on any containers for the service. This assumes the platform has some native concept of “service” that can match Compose application model.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    deploy:
+      labels:
+        com.example.description: "This label will appear on the web service"
+</pre></div> <h3 id="mode">mode</h3> <p><code class="language-plaintext highlighter-rouge">mode</code> define the replication model used to run the service on platform. Either <code class="language-plaintext highlighter-rouge">global</code> (exactly one container per physical node) or <code class="language-plaintext highlighter-rouge">replicated</code> (a specified number of containers). The default is <code class="language-plaintext highlighter-rouge">replicated</code>.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    deploy:
+      mode: global
+</pre></div> <h3 id="placement">placement</h3> <p><code class="language-plaintext highlighter-rouge">placement</code> specifies constraints and preferences for platform to select a physical node to run service containers.</p> <h4 id="constraints">constraints</h4> <p><code class="language-plaintext highlighter-rouge">constraints</code> defines a REQUIRED property the platform’s node MUST fulfill to run service container. Can be set either by a list or a map with string values.</p> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  placement:
+    constraints:
+      - disktype=ssd
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  placement:
+    constraints:
+      disktype: ssd
+</pre></div> <h4 id="preferences">preferences</h4> <p><code class="language-plaintext highlighter-rouge">preferences</code> defines a property the platform’s node SHOULD fulfill to run service container. Can be set either by a list or a map with string values.</p> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  placement:
+    preferences:
+      - datacenter=us-east
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  placement:
+    preferences:
+      datacenter: us-east
+</pre></div> <h3 id="replicas">replicas</h3> <p>If the service is <code class="language-plaintext highlighter-rouge">replicated</code> (which is the default), <code class="language-plaintext highlighter-rouge">replicas</code> specifies the number of containers that SHOULD be running at any given time.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    deploy:
+      mode: replicated
+      replicas: 6
+</pre></div> <h3 id="resources">resources</h3> <p><code class="language-plaintext highlighter-rouge">resources</code> configures physical resource constraints for container to run on platform. Those constraints can be configured as a:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">limits</code>: The platform MUST prevent container to allocate more</li> <li>
+<code class="language-plaintext highlighter-rouge">reservations</code>: The platform MUST guarantee container can allocate at least the configured amount</li> </ul> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 50M
+          pids: 1
+        reservations:
+          cpus: '0.25'
+          memory: 20M
+</pre></div> <h4 id="cpus">cpus</h4> <p><code class="language-plaintext highlighter-rouge">cpus</code> configures a limit or reservation for how much of the available CPU resources (as number of cores) a container can use.</p> <h4 id="memory">memory</h4> <p><code class="language-plaintext highlighter-rouge">memory</code> configures a limit or reservation on the amount of memory a container can allocate, set as a string expressing a <a href="../index#specifying-byte-values">byte value</a>.</p> <h4 id="pids">pids</h4> <p><code class="language-plaintext highlighter-rouge">pids</code> tunes a container’s PIDs limit, set as an integer.</p> <h4 id="devices">devices</h4> <p><code class="language-plaintext highlighter-rouge">devices</code> configures reservations of the devices a container can use. It contains a list of reservations, each set as an object with the following parameters: <code class="language-plaintext highlighter-rouge">capabilities</code>, <code class="language-plaintext highlighter-rouge">driver</code>, <code class="language-plaintext highlighter-rouge">count</code>, <code class="language-plaintext highlighter-rouge">device_ids</code> and <code class="language-plaintext highlighter-rouge">options</code>.</p> <p>Devices are reserved using a list of capabilities, making <code class="language-plaintext highlighter-rouge">capabilities</code> the only required field. A device MUST satisfy all the requested capabilities for a successful reservation.</p> <h5 id="capabilities">capabilities</h5> <p><code class="language-plaintext highlighter-rouge">capabilities</code> are set as a list of strings, expressing both generic and driver specific capabilities. The following generic capabilities are recognized today:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">gpu</code>: Graphics accelerator</li> <li>
+<code class="language-plaintext highlighter-rouge">tpu</code>: AI accelerator</li> </ul> <p>To avoid name clashes, driver specific capabilities MUST be prefixed with the driver name. For example, reserving an nVidia CUDA-enabled accelerator might look like this:</p> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  resources:
+    reservations:
+      devices:
+        - capabilities: ["nvidia-compute"]
+</pre></div> <h5 id="driver">driver</h5> <p>A different driver for the reserved device(s) can be requested using <code class="language-plaintext highlighter-rouge">driver</code> field. The value is specified as a string.</p> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  resources:
+    reservations:
+      devices:
+        - capabilities: ["nvidia-compute"]
+          driver: nvidia
+</pre></div> <h5 id="count">count</h5> <p>If <code class="language-plaintext highlighter-rouge">count</code> is set to <code class="language-plaintext highlighter-rouge">all</code> or not specified, Compose implementations MUST reserve all devices that satisfy the requested capabilities. Otherwise, Compose implementations MUST reserve at least the number of devices specified. The value is specified as an integer.</p> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  resources:
+    reservations:
+      devices:
+        - capabilities: ["tpu"]
+          count: 2
+</pre></div> <p><code class="language-plaintext highlighter-rouge">count</code> and <code class="language-plaintext highlighter-rouge">device_ids</code> fields are exclusive. Compose implementations MUST return an error if both are specified.</p> <h5 id="device_ids">device_ids</h5> <p>If <code class="language-plaintext highlighter-rouge">device_ids</code> is set, Compose implementations MUST reserve devices with the specified IDs providing they satisfy the requested capabilities. The value is specified as a list of strings.</p> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  resources:
+    reservations:
+      devices:
+        - capabilities: ["gpu"]
+          device_ids: ["GPU-f123d1c9-26bb-df9b-1c23-4a731f61d8c7"]
+</pre></div> <p><code class="language-plaintext highlighter-rouge">count</code> and <code class="language-plaintext highlighter-rouge">device_ids</code> fields are exclusive. Compose implementations MUST return an error if both are specified.</p> <h5 id="options">options</h5> <p>Driver specific options can be set with <code class="language-plaintext highlighter-rouge">options</code> as key-value pairs.</p> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  resources:
+    reservations:
+      devices:
+        - capabilities: ["gpu"]
+          driver: gpuvendor
+          options:
+            virtualization: false
+</pre></div> <h3 id="restart_policy">restart_policy</h3> <p><code class="language-plaintext highlighter-rouge">restart_policy</code> configures if and how to restart containers when they exit. If <code class="language-plaintext highlighter-rouge">restart_policy</code> is not set, Compose implementations MUST consider <code class="language-plaintext highlighter-rouge">restart</code> field set by service configuration.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">condition</code>: One of <code class="language-plaintext highlighter-rouge">none</code>, <code class="language-plaintext highlighter-rouge">on-failure</code> or <code class="language-plaintext highlighter-rouge">any</code> (default: <code class="language-plaintext highlighter-rouge">any</code>).</li> <li>
+<code class="language-plaintext highlighter-rouge">delay</code>: How long to wait between restart attempts, specified as a <a href="../index#specifying-durations">duration</a> (default: 0).</li> <li>
+<code class="language-plaintext highlighter-rouge">max_attempts</code>: How many times to attempt to restart a container before giving up (default: never give up). If the restart does not succeed within the configured <code class="language-plaintext highlighter-rouge">window</code>, this attempt doesn’t count toward the configured <code class="language-plaintext highlighter-rouge">max_attempts</code> value. For example, if <code class="language-plaintext highlighter-rouge">max_attempts</code> is set to ‘2’, and the restart fails on the first attempt, more than two restarts MUST be attempted.</li> <li>
+<code class="language-plaintext highlighter-rouge">window</code>: How long to wait before deciding if a restart has succeeded, specified as a <a href="../index#specifying-durations">duration</a> (default: decide immediately).</li> </ul> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  restart_policy:
+    condition: on-failure
+    delay: 5s
+    max_attempts: 3
+    window: 120s
+</pre></div> <h3 id="rollback_config">rollback_config</h3> <p><code class="language-plaintext highlighter-rouge">rollback_config</code> configures how the service should be rollbacked in case of a failing update.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">parallelism</code>: The number of containers to rollback at a time. If set to 0, all containers rollback simultaneously.</li> <li>
+<code class="language-plaintext highlighter-rouge">delay</code>: The time to wait between each container group’s rollback (default 0s).</li> <li>
+<code class="language-plaintext highlighter-rouge">failure_action</code>: What to do if a rollback fails. One of <code class="language-plaintext highlighter-rouge">continue</code> or <code class="language-plaintext highlighter-rouge">pause</code> (default <code class="language-plaintext highlighter-rouge">pause</code>)</li> <li>
+<code class="language-plaintext highlighter-rouge">monitor</code>: Duration after each task update to monitor for failure <code class="language-plaintext highlighter-rouge">(ns|us|ms|s|m|h)</code> (default 0s).</li> <li>
+<code class="language-plaintext highlighter-rouge">max_failure_ratio</code>: Failure rate to tolerate during a rollback (default 0).</li> <li>
+<code class="language-plaintext highlighter-rouge">order</code>: Order of operations during rollbacks. One of <code class="language-plaintext highlighter-rouge">stop-first</code> (old task is stopped before starting new one), or <code class="language-plaintext highlighter-rouge">start-first</code> (new task is started first, and the running tasks briefly overlap) (default <code class="language-plaintext highlighter-rouge">stop-first</code>).</li> </ul> <h3 id="update_config">update_config</h3> <p><code class="language-plaintext highlighter-rouge">update_config</code> configures how the service should be updated. Useful for configuring rolling updates.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">parallelism</code>: The number of containers to update at a time.</li> <li>
+<code class="language-plaintext highlighter-rouge">delay</code>: The time to wait between updating a group of containers.</li> <li>
+<code class="language-plaintext highlighter-rouge">failure_action</code>: What to do if an update fails. One of <code class="language-plaintext highlighter-rouge">continue</code>, <code class="language-plaintext highlighter-rouge">rollback</code>, or <code class="language-plaintext highlighter-rouge">pause</code> (default: <code class="language-plaintext highlighter-rouge">pause</code>).</li> <li>
+<code class="language-plaintext highlighter-rouge">monitor</code>: Duration after each task update to monitor for failure <code class="language-plaintext highlighter-rouge">(ns|us|ms|s|m|h)</code> (default 0s).</li> <li>
+<code class="language-plaintext highlighter-rouge">max_failure_ratio</code>: Failure rate to tolerate during an update.</li> <li>
+<code class="language-plaintext highlighter-rouge">order</code>: Order of operations during updates. One of <code class="language-plaintext highlighter-rouge">stop-first</code> (old task is stopped before starting new one), or <code class="language-plaintext highlighter-rouge">start-first</code> (new task is started first, and the running tasks briefly overlap) (default <code class="language-plaintext highlighter-rouge">stop-first</code>).</li> </ul> <div class="highlight"><pre class="highlight" data-language="">deploy:
+  update_config:
+    parallelism: 2
+    delay: 10s
+    order: stop-first
+</pre></div> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/compose-file/deploy/" class="_attribution-link">https://docs.docker.com/compose/compose-file/deploy/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fcompose-file%2Findex.html b/devdocs/docker/compose%2Fcompose-file%2Findex.html
new file mode 100644
index 00000000..31fed1f0
--- /dev/null
+++ b/devdocs/docker/compose%2Fcompose-file%2Findex.html
@@ -0,0 +1,812 @@
+<h1>Compose specification</h1>
+
+<p>The Compose file is a <a href="https://yaml.org" target="_blank" rel="noopener" class="_">YAML</a> file defining services, networks, and volumes for a Docker application. The latest and recommended version of the Compose file format is defined by the <a href="https://github.com/compose-spec/compose-spec/blob/master/spec/" target="_blank" rel="noopener" class="_">Compose Specification</a>. The Compose spec merges the legacy 2.x and 3.x versions, aggregating properties across these formats and is implemented by <strong>Compose 1.27.0+</strong>.</p> <h2 id="status-of-this-document">Status of this document</h2> <p>This document specifies the Compose file format used to define multi-containers applications. Distribution of this document is unlimited.</p> <p>The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in <a href="https://tools.ietf.org/html/rfc2119" target="_blank" rel="noopener" class="_">RFC 2119</a>.</p> <h3 id="requirements-and-optional-attributes">Requirements and optional attributes</h3> <p>The Compose specification includes properties designed to target a local <a href="https://opencontainers.org/" target="_blank" rel="noopener" class="_">OCI</a> container runtime, exposing Linux kernel specific configuration options, but also some Windows container specific properties, as well as cloud platform features related to resource placement on a cluster, replicated application distribution and scalability.</p> <p>We acknowledge that no Compose implementation is expected to support <strong>all</strong> attributes, and that support for some properties is Platform dependent and can only be confirmed at runtime. The definition of a versioned schema to control the supported properties in a Compose file, established by the <a href="https://github.com/docker/compose" target="_blank" rel="noopener" class="_">docker-compose</a> tool where the Compose file format was designed, doesn’t offer any guarantee to the end-user attributes will be actually implemented.</p> <p>The specification defines the expected configuration syntax and behavior, but - until noted - supporting any of those is OPTIONAL.</p> <p>A Compose implementation to parse a Compose file using unsupported attributes SHOULD warn user. We recommend implementors to support those running modes:</p> <ul> <li>default: warn user about unsupported attributes, but ignore them</li> <li>strict: warn user about unsupported attributes and reject the compose file</li> <li>loose: ignore unsupported attributes AND unknown attributes (that were not defined by the spec by the time implementation was created)</li> </ul> <h2 id="the-compose-application-model">The Compose application model</h2> <p>The Compose specification allows one to define a platform-agnostic container based application. Such an application is designed as a set of containers which have to both run together with adequate shared resources and communication channels.</p> <p>Computing components of an application are defined as <a href="#services-top-level-element">Services</a>. A Service is an abstract concept implemented on platforms by running the same container image (and configuration) one or more times.</p> <p>Services communicate with each other through <a href="#networks-top-level-element">Networks</a>. In this specification, a Network is a platform capability abstraction to establish an IP route between containers within services connected together. Low-level, platform-specific networking options are grouped into the Network definition and MAY be partially implemented on some platforms.</p> <p>Services store and share persistent data into <a href="#volumes-top-level-element">Volumes</a>. The specification describes such a persistent data as a high-level filesystem mount with global options. Actual platform-specific implementation details are grouped into the Volumes definition and MAY be partially implemented on some platforms.</p> <p>Some services require configuration data that is dependent on the runtime or platform. For this, the specification defines a dedicated concept: <a href="#configs-top-level-element">Configs</a>. From a Service container point of view, Configs are comparable to Volumes, in that they are files mounted into the container. But the actual definition involves distinct platform resources and services, which are abstracted by this type.</p> <p>A <a href="#secrets-top-level-element">Secret</a> is a specific flavor of configuration data for sensitive data that SHOULD NOT be exposed without security considerations. Secrets are made available to services as files mounted into their containers, but the platform-specific resources to provide sensitive data are specific enough to deserve a distinct concept and definition within the Compose specification.</p> <p>Distinction within Volumes, Configs and Secret allows implementations to offer a comparable abstraction at service level, but cover the specific configuration of adequate platform resources for well identified data usages.</p> <p>A <strong>Project</strong> is an individual deployment of an application specification on a platform. A project’s name is used to group resources together and isolate them from other applications or other installation of the same Compose specified application with distinct parameters. A Compose implementation creating resources on a platform MUST prefix resource names by project and set the label <code class="language-plaintext highlighter-rouge">com.docker.compose.project</code>.</p> <p>Project name can be set explicitly by top-level <code class="language-plaintext highlighter-rouge">name</code> attribute. Compose implementation MUST offer a way for user to set a custom project name and override this name, so that the same <code class="language-plaintext highlighter-rouge">compose.yaml</code> file can be deployed twice on the same infrastructure, without changes, by just passing a distinct name.</p> <h3 id="illustrative-example">Illustrative example</h3> <p>The following example illustrates Compose specification concepts with a concrete example application. The example is non-normative.</p> <p>Consider an application split into a frontend web application and a backend service.</p> <p>The frontend is configured at runtime with an HTTP configuration file managed by infrastructure, providing an external domain name, and an HTTPS server certificate injected by the platform’s secured secret store.</p> <p>The backend stores data in a persistent volume.</p> <p>Both services communicate with each other on an isolated back-tier network, while frontend is also connected to a front-tier network and exposes port 443 for external usage.</p> <div class="highlight"><pre class="highlight" data-language="">(External user) --&gt; 443 [frontend network]
+                            |
+                  +--------------------+
+                  |  frontend service  |...ro...&lt;HTTP configuration&gt;
+                  |      "webapp"      |...ro...&lt;server certificate&gt; #secured
+                  +--------------------+
+                            |
+                        [backend network]
+                            |
+                  +--------------------+
+                  |  backend service   |  r+w   ___________________
+                  |     "database"     |=======( persistent volume )
+                  +--------------------+        \_________________/
+</pre></div> <p>The example application is composed of the following parts:</p> <ul> <li>2 services, backed by Docker images: <code class="language-plaintext highlighter-rouge">webapp</code> and <code class="language-plaintext highlighter-rouge">database</code>
+</li> <li>1 secret (HTTPS certificate), injected into the frontend</li> <li>1 configuration (HTTP), injected into the frontend</li> <li>1 persistent volume, attached to the backend</li> <li>2 networks</li> </ul> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    ports:
+      - "443:8043"
+    networks:
+      - front-tier
+      - back-tier
+    configs:
+      - httpd-config
+    secrets:
+      - server-certificate
+
+  backend:
+    image: awesome/database
+    volumes:
+      - db-data:/etc/data
+    networks:
+      - back-tier
+
+volumes:
+  db-data:
+    driver: flocker
+    driver_opts:
+      size: "10GiB"
+
+configs:
+  httpd-config:
+    external: true
+
+secrets:
+  server-certificate:
+    external: true
+
+networks:
+  # The presence of these objects is sufficient to define them
+  front-tier: {}
+  back-tier: {}
+</pre></div> <p>This example illustrates the distinction between volumes, configs and secrets. While all of them are all exposed to service containers as mounted files or directories, only a volume can be configured for read+write access. Secrets and configs are read-only. The volume configuration allows you to select a volume driver and pass driver options to tweak volume management according to the actual infrastructure. Configs and Secrets rely on platform services, and are declared <code class="language-plaintext highlighter-rouge">external</code> as they are not managed as part of the application lifecycle: the Compose implementation will use a platform-specific lookup mechanism to retrieve runtime values.</p> <h2 id="compose-file">Compose file</h2> <p>The Compose file is a <a href="http://yaml.org/">YAML</a> file defining <a href="#version-top-level-element">version</a> (DEPRECATED), <a href="#services-top-level-element">services</a> (REQUIRED), <a href="#networks-top-level-element">networks</a>, <a href="#volumes-top-level-element">volumes</a>, <a href="#configs-top-level-element">configs</a> and <a href="#secrets-top-level-element">secrets</a>. The default path for a Compose file is <code class="language-plaintext highlighter-rouge">compose.yaml</code> (preferred) or <code class="language-plaintext highlighter-rouge">compose.yml</code> in working directory. Compose implementations SHOULD also support <code class="language-plaintext highlighter-rouge">docker-compose.yaml</code> and <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> for backward compatibility. If both files exist, Compose implementations MUST prefer canonical <code class="language-plaintext highlighter-rouge">compose.yaml</code> one.</p> <p>Multiple Compose files can be combined together to define the application model. The combination of YAML files MUST be implemented by appending/overriding YAML elements based on Compose file order set by the user. Simple attributes and maps get overridden by the highest order Compose file, lists get merged by appending. Relative paths MUST be resolved based on the <strong>first</strong> Compose file’s parent folder, whenever complimentary files being merged are hosted in other folders.</p> <p>As some Compose file elements can both be expressed as single strings or complex objects, merges MUST apply to the expanded form.</p> <h3 id="profiles">Profiles</h3> <p>Profiles allow to adjust the Compose application model for various usages and environments. A Compose implementation SHOULD allow the user to define a set of active profiles. The exact mechanism is implementation specific and MAY include command line flags, environment variables, etc.</p> <p>The Services top-level element supports a <code class="language-plaintext highlighter-rouge">profiles</code> attribute to define a list of named profiles. Services without a <code class="language-plaintext highlighter-rouge">profiles</code> attribute set MUST always be enabled. A service MUST be ignored by the Compose implementation when none of the listed <code class="language-plaintext highlighter-rouge">profiles</code> match the active ones, unless the service is explicitly targeted by a command. In that case its <code class="language-plaintext highlighter-rouge">profiles</code> MUST be added to the set of active profiles. All other top-level elements are not affected by <code class="language-plaintext highlighter-rouge">profiles</code> and are always active.</p> <p>References to other services (by <code class="language-plaintext highlighter-rouge">links</code>, <code class="language-plaintext highlighter-rouge">extends</code> or shared resource syntax <code class="language-plaintext highlighter-rouge">service:xxx</code>) MUST not automatically enable a component that would otherwise have been ignored by active profiles. Instead the Compose implementation MUST return an error.</p> <h4 id="illustrative-example-1">Illustrative example</h4> <div class="highlight"><pre class="highlight" data-language="">services:
+  foo:
+    image: foo
+  bar:
+    image: bar
+    profiles:
+      - test
+  baz:
+    image: baz
+    depends_on:
+      - bar
+    profiles:
+      - test
+  zot:
+    image: zot
+    depends_on:
+      - bar
+    profiles:
+      - debug
+</pre></div> <ul> <li>Compose application model parsed with no profile enabled only contains the <code class="language-plaintext highlighter-rouge">foo</code> service.</li> <li>If profile <code class="language-plaintext highlighter-rouge">test</code> is enabled, model contains the services <code class="language-plaintext highlighter-rouge">bar</code> and <code class="language-plaintext highlighter-rouge">baz</code> which are enabled by the <code class="language-plaintext highlighter-rouge">test</code> profile and service <code class="language-plaintext highlighter-rouge">foo</code> which is always enabled.</li> <li>If profile <code class="language-plaintext highlighter-rouge">debug</code> is enabled, model contains both <code class="language-plaintext highlighter-rouge">foo</code> and <code class="language-plaintext highlighter-rouge">zot</code> services, but not <code class="language-plaintext highlighter-rouge">bar</code> and <code class="language-plaintext highlighter-rouge">baz</code> and as such the model is invalid regarding the <code class="language-plaintext highlighter-rouge">depends_on</code> constraint of <code class="language-plaintext highlighter-rouge">zot</code>.</li> <li>If profiles <code class="language-plaintext highlighter-rouge">debug</code> and <code class="language-plaintext highlighter-rouge">test</code> are enabled, model contains all services: <code class="language-plaintext highlighter-rouge">foo</code>, <code class="language-plaintext highlighter-rouge">bar</code>, <code class="language-plaintext highlighter-rouge">baz</code> and <code class="language-plaintext highlighter-rouge">zot</code>.</li> <li>If Compose implementation is executed with <code class="language-plaintext highlighter-rouge">bar</code> as explicit service to run, it and the <code class="language-plaintext highlighter-rouge">test</code> profile will be active even if <code class="language-plaintext highlighter-rouge">test</code> profile is not enabled <em>by the user</em>.</li> <li>If Compose implementation is executed with <code class="language-plaintext highlighter-rouge">baz</code> as explicit service to run, the service <code class="language-plaintext highlighter-rouge">baz</code> and the profile <code class="language-plaintext highlighter-rouge">test</code> will be active and <code class="language-plaintext highlighter-rouge">bar</code> will be pulled in by the <code class="language-plaintext highlighter-rouge">depends_on</code> constraint.</li> <li>If Compose implementation is executed with <code class="language-plaintext highlighter-rouge">zot</code> as explicit service to run, again the model will be invalid regarding the <code class="language-plaintext highlighter-rouge">depends_on</code> constraint of <code class="language-plaintext highlighter-rouge">zot</code> since <code class="language-plaintext highlighter-rouge">zot</code> and <code class="language-plaintext highlighter-rouge">bar</code> have no common <code class="language-plaintext highlighter-rouge">profiles</code> listed.</li> <li>If Compose implementation is executed with <code class="language-plaintext highlighter-rouge">zot</code> as explicit service to run and profile <code class="language-plaintext highlighter-rouge">test</code> enabled, profile <code class="language-plaintext highlighter-rouge">debug</code> is automatically enabled and service <code class="language-plaintext highlighter-rouge">bar</code> is pulled in as a dependency starting both services <code class="language-plaintext highlighter-rouge">zot</code> and <code class="language-plaintext highlighter-rouge">bar</code>.</li> </ul> <h2 id="version-top-level-element">Version top-level element</h2> <p>Top-level <code class="language-plaintext highlighter-rouge">version</code> property is defined by the specification for backward compatibility but is only informative.</p> <p>A Compose implementation SHOULD NOT use this version to select an exact schema to validate the Compose file, but prefer the most recent schema at the time it has been designed.</p> <p>Compose implementations SHOULD validate whether they can fully parse the Compose file. If some fields are unknown, typically because the Compose file was written with fields defined by a newer version of the specification, Compose implementations SHOULD warn the user. Compose implementations MAY offer options to ignore unknown fields (as defined by <a href="#requirements-and-optional-attributes">“loose”</a> mode).</p> <h2 id="name-top-level-element">Name top-level element</h2> <p>Top-level <code class="language-plaintext highlighter-rouge">name</code> property is defined by the specification as project name to be used if user doesn’t set one explicitly. Compose implementations MUST offer a way for user to override this name, and SHOULD define a mechanism to compute a default project name, to be used if the top-level <code class="language-plaintext highlighter-rouge">name</code> element is not set.</p> <p>Whenever project name is defined by top-level <code class="language-plaintext highlighter-rouge">name</code> or by some custom mechanism, it MUST be exposed for <a href="#interpolation">interpolation</a> and environment variable resolution as <code class="language-plaintext highlighter-rouge">COMPOSE_PROJECT_NAME</code></p> <div class="highlight"><pre class="highlight" data-language="">services:
+  foo:
+    image: busybox
+    environment:
+      - COMPOSE_PROJECT_NAME
+    command: echo "I'm running ${COMPOSE_PROJECT_NAME}"
+</pre></div> <h2 id="services-top-level-element">Services top-level element</h2> <p>A Service is an abstract definition of a computing resource within an application which can be scaled/replaced independently from other components. Services are backed by a set of containers, run by the platform according to replication requirements and placement constraints. Being backed by containers, Services are defined by a Docker image and set of runtime arguments. All containers within a service are identically created with these arguments.</p> <p>A Compose file MUST declare a <code class="language-plaintext highlighter-rouge">services</code> root element as a map whose keys are string representations of service names, and whose values are service definitions. A service definition contains the configuration that is applied to each container started for that service.</p> <p>Each service MAY also include a Build section, which defines how to create the Docker image for the service. Compose implementations MAY support building docker images using this service definition. If not implemented the Build section SHOULD be ignored and the Compose file MUST still be considered valid.</p> <p>Build support is an OPTIONAL aspect of the Compose specification, and is described in detail in the <a href="build/index">Build support</a> documentation.</p> <p>Each Service defines runtime constraints and requirements to run its containers. The <code class="language-plaintext highlighter-rouge">deploy</code> section groups these constraints and allows the platform to adjust the deployment strategy to best match containers’ needs with available resources.</p> <p>Deploy support is an OPTIONAL aspect of the Compose specification, and is described in detail in the <a href="deploy/index">Deployment support</a> documentation. not implemented the Deploy section SHOULD be ignored and the Compose file MUST still be considered valid.</p> <h3 id="build">build</h3> <p><code class="language-plaintext highlighter-rouge">build</code> specifies the build configuration for creating container image from source, as defined in the <a href="build/index">Build support</a> documentation.</p> <h3 id="blkio_config">blkio_config</h3> <p><code class="language-plaintext highlighter-rouge">blkio_config</code> defines a set of configuration options to set block IO limits for this service.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  foo:
+    image: busybox
+    blkio_config:
+       weight: 300
+       weight_device:
+         - path: /dev/sda
+           weight: 400
+       device_read_bps:
+         - path: /dev/sdb
+           rate: '12mb'
+       device_read_iops:
+         - path: /dev/sdb
+           rate: 120
+       device_write_bps:
+         - path: /dev/sdb
+           rate: '1024k'
+       device_write_iops:
+         - path: /dev/sdb
+           rate: 30
+</pre></div> <h4 id="device_read_bps-device_write_bps">device_read_bps, device_write_bps</h4> <p>Set a limit in bytes per second for read / write operations on a given device. Each item in the list MUST have two keys:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">path</code>: defining the symbolic path to the affected device.</li> <li>
+<code class="language-plaintext highlighter-rouge">rate</code>: either as an integer value representing the number of bytes or as a string expressing a byte value.</li> </ul> <h4 id="device_read_iops-device_write_iops">device_read_iops, device_write_iops</h4> <p>Set a limit in operations per second for read / write operations on a given device. Each item in the list MUST have two keys:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">path</code>: defining the symbolic path to the affected device.</li> <li>
+<code class="language-plaintext highlighter-rouge">rate</code>: as an integer value representing the permitted number of operations per second.</li> </ul> <h4 id="weight">weight</h4> <p>Modify the proportion of bandwidth allocated to this service relative to other services. Takes an integer value between 10 and 1000, with 500 being the default.</p> <h4 id="weight_device">weight_device</h4> <p>Fine-tune bandwidth allocation by device. Each item in the list must have two keys:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">path</code>: defining the symbolic path to the affected device.</li> <li>
+<code class="language-plaintext highlighter-rouge">weight</code>: an integer value between 10 and 1000.</li> </ul> <h3 id="cpu_count">cpu_count</h3> <p><code class="language-plaintext highlighter-rouge">cpu_count</code> defines the number of usable CPUs for service container.</p> <h3 id="cpu_percent">cpu_percent</h3> <p><code class="language-plaintext highlighter-rouge">cpu_percent</code> defines the usable percentage of the available CPUs.</p> <h3 id="cpu_shares">cpu_shares</h3> <p><code class="language-plaintext highlighter-rouge">cpu_shares</code> defines (as integer value) service container relative CPU weight versus other containers.</p> <h3 id="cpu_period">cpu_period</h3> <p><code class="language-plaintext highlighter-rouge">cpu_period</code> allow Compose implementations to configure CPU CFS (Completely Fair Scheduler) period when platform is based on Linux kernel.</p> <h3 id="cpu_quota">cpu_quota</h3> <p><code class="language-plaintext highlighter-rouge">cpu_quota</code> allow Compose implementations to configure CPU CFS (Completely Fair Scheduler) quota when platform is based on Linux kernel.</p> <h3 id="cpu_rt_runtime">cpu_rt_runtime</h3> <p><code class="language-plaintext highlighter-rouge">cpu_rt_runtime</code> configures CPU allocation parameters for platform with support for realtime scheduler. Can be either an integer value using microseconds as unit or a <a href="#specifying-durations">duration</a>.</p> <div class="highlight"><pre class="highlight" data-language=""> cpu_rt_runtime: '400ms'
+ cpu_rt_runtime: 95000`
+</pre></div> <h3 id="cpu_rt_period">cpu_rt_period</h3> <p><code class="language-plaintext highlighter-rouge">cpu_rt_period</code> configures CPU allocation parameters for platform with support for realtime scheduler. Can be either an integer value using microseconds as unit or a <a href="#specifying-durations">duration</a>.</p> <div class="highlight"><pre class="highlight" data-language=""> cpu_rt_period: '1400us'
+ cpu_rt_period: 11000`
+</pre></div> <h3 id="cpus">cpus</h3> <p><em>DEPRECATED: use <a href="deploy/index#cpus">deploy.reservations.cpus</a></em></p> <p><code class="language-plaintext highlighter-rouge">cpus</code> define the number of (potentially virtual) CPUs to allocate to service containers. This is a fractional number. <code class="language-plaintext highlighter-rouge">0.000</code> means no limit.</p> <h3 id="cpuset">cpuset</h3> <p><code class="language-plaintext highlighter-rouge">cpuset</code> defines the explicit CPUs in which to allow execution. Can be a range <code class="language-plaintext highlighter-rouge">0-3</code> or a list <code class="language-plaintext highlighter-rouge">0,1</code></p> <h3 id="cap_add">cap_add</h3> <p><code class="language-plaintext highlighter-rouge">cap_add</code> specifies additional container <a href="http://man7.org/linux/man-pages/man7/capabilities.7.html">capabilities</a> as strings.</p> <div class="highlight"><pre class="highlight" data-language="">cap_add:
+  - ALL
+</pre></div> <h3 id="cap_drop">cap_drop</h3> <p><code class="language-plaintext highlighter-rouge">cap_drop</code> specifies container <a href="http://man7.org/linux/man-pages/man7/capabilities.7.html">capabilities</a> to drop as strings.</p> <div class="highlight"><pre class="highlight" data-language="">cap_drop:
+  - NET_ADMIN
+  - SYS_ADMIN
+</pre></div> <h3 id="cgroup_parent">cgroup_parent</h3> <p><code class="language-plaintext highlighter-rouge">cgroup_parent</code> specifies an OPTIONAL parent <a href="http://man7.org/linux/man-pages/man7/cgroups.7.html">cgroup</a> for the container.</p> <div class="highlight"><pre class="highlight" data-language="">cgroup_parent: m-executor-abcd
+</pre></div> <h3 id="command">command</h3> <p><code class="language-plaintext highlighter-rouge">command</code> overrides the the default command declared by the container image (i.e. by Dockerfile’s <code class="language-plaintext highlighter-rouge">CMD</code>).</p> <div class="highlight"><pre class="highlight" data-language="">command: bundle exec thin -p 3000
+</pre></div> <p>The command can also be a list, in a manner similar to <a href="../../engine/reference/builder/index#cmd">Dockerfile</a>:</p> <div class="highlight"><pre class="highlight" data-language="">command: [ "bundle", "exec", "thin", "-p", "3000" ]
+</pre></div> <h3 id="configs">configs</h3> <p><code class="language-plaintext highlighter-rouge">configs</code> grant access to configs on a per-service basis using the per-service <code class="language-plaintext highlighter-rouge">configs</code> configuration. Two different syntax variants are supported.</p> <p>Compose implementations MUST report an error if config doesn’t exist on platform or isn’t defined in the <a href="#configs-top-level-element"><code class="language-plaintext highlighter-rouge">configs</code></a> section of this Compose file.</p> <p>There are two syntaxes defined for configs. To remain compliant to this specification, an implementation MUST support both syntaxes. Implementations MUST allow use of both short and long syntaxes within the same document.</p> <h4 id="short-syntax">Short syntax</h4> <p>The short syntax variant only specifies the config name. This grants the container access to the config and mounts it at <code class="language-plaintext highlighter-rouge">/&lt;config_name&gt;</code> within the container. The source name and destination mount point are both set to the config name.</p> <p>The following example uses the short syntax to grant the <code class="language-plaintext highlighter-rouge">redis</code> service access to the <code class="language-plaintext highlighter-rouge">my_config</code> and <code class="language-plaintext highlighter-rouge">my_other_config</code> configs. The value of <code class="language-plaintext highlighter-rouge">my_config</code> is set to the contents of the file <code class="language-plaintext highlighter-rouge">./my_config.txt</code>, and <code class="language-plaintext highlighter-rouge">my_other_config</code> is defined as an external resource, which means that it has already been defined in the platform. If the external config does not exist, the deployment MUST fail.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  redis:
+    image: redis:latest
+    configs:
+      - my_config
+configs:
+  my_config:
+    file: ./my_config.txt
+  my_other_config:
+    external: true
+</pre></div> <h4 id="long-syntax">Long syntax</h4> <p>The long syntax provides more granularity in how the config is created within the service’s task containers.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">source</code>: The name of the config as it exists in the platform.</li> <li>
+<code class="language-plaintext highlighter-rouge">target</code>: The path and name of the file to be mounted in the service’s task containers. Defaults to <code class="language-plaintext highlighter-rouge">/&lt;source&gt;</code> if not specified.</li> <li>
+<code class="language-plaintext highlighter-rouge">uid</code> and <code class="language-plaintext highlighter-rouge">gid</code>: The numeric UID or GID that owns the mounted config file within the service’s task containers. Default value when not specified is USER running container.</li> <li>
+<code class="language-plaintext highlighter-rouge">mode</code>: The <a href="http://permissions-calculator.org/">permissions</a> for the file that is mounted within the service’s task containers, in octal notation. Default value is world-readable (<code class="language-plaintext highlighter-rouge">0444</code>). Writable bit MUST be ignored. The executable bit can be set.</li> </ul> <p>The following example sets the name of <code class="language-plaintext highlighter-rouge">my_config</code> to <code class="language-plaintext highlighter-rouge">redis_config</code> within the container, sets the mode to <code class="language-plaintext highlighter-rouge">0440</code> (group-readable) and sets the user and group to <code class="language-plaintext highlighter-rouge">103</code>. The <code class="language-plaintext highlighter-rouge">redis</code> service does not have access to the <code class="language-plaintext highlighter-rouge">my_other_config</code> config.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  redis:
+    image: redis:latest
+    configs:
+      - source: my_config
+        target: /redis_config
+        uid: "103"
+        gid: "103"
+        mode: 0440
+configs:
+  my_config:
+    external: true
+  my_other_config:
+    external: true
+</pre></div> <p>You can grant a service access to multiple configs, and you can mix long and short syntax.</p> <h3 id="container_name">container_name</h3> <p><code class="language-plaintext highlighter-rouge">container_name</code> is a string that specifies a custom container name, rather than a generated default name.</p> <div class="highlight"><pre class="highlight" data-language="">container_name: my-web-container
+</pre></div> <p>Compose implementation MUST NOT scale a service beyond one container if the Compose file specifies a <code class="language-plaintext highlighter-rouge">container_name</code>. Attempting to do so MUST result in an error.</p> <p>If present, <code class="language-plaintext highlighter-rouge">container_name</code> SHOULD follow the regex format of <code class="language-plaintext highlighter-rouge">[a-zA-Z0-9][a-zA-Z0-9_.-]+</code></p> <h3 id="credential_spec">credential_spec</h3> <p><code class="language-plaintext highlighter-rouge">credential_spec</code> configures the credential spec for a managed service account.</p> <p>Compose implementations that support services using Windows containers MUST support <code class="language-plaintext highlighter-rouge">file:</code> and <code class="language-plaintext highlighter-rouge">registry:</code> protocols for credential_spec. Compose implementations MAY also support additional protocols for custom use-cases.</p> <p>The <code class="language-plaintext highlighter-rouge">credential_spec</code> must be in the format <code class="language-plaintext highlighter-rouge">file://&lt;filename&gt;</code> or <code class="language-plaintext highlighter-rouge">registry://&lt;value-name&gt;</code>.</p> <div class="highlight"><pre class="highlight" data-language="">credential_spec:
+  file: my-credential-spec.json
+</pre></div> <p>When using <code class="language-plaintext highlighter-rouge">registry:</code>, the credential spec is read from the Windows registry on the daemon’s host. A registry value with the given name must be located in:</p> <div class="highlight"><pre class="highlight" data-language="">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs
+</pre></div> <p>The following example loads the credential spec from a value named <code class="language-plaintext highlighter-rouge">my-credential-spec</code> in the registry:</p> <div class="highlight"><pre class="highlight" data-language="">credential_spec:
+  registry: my-credential-spec
+</pre></div> <h4 id="example-gmsa-configuration">Example gMSA configuration</h4> <p>When configuring a gMSA credential spec for a service, you only need to specify a credential spec with <code class="language-plaintext highlighter-rouge">config</code>, as shown in the following example:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    image: myimage:latest
+    credential_spec:
+      config: my_credential_spec
+
+configs:
+  my_credentials_spec:
+    file: ./my-credential-spec.json|
+</pre></div> <h3 id="depends_on">depends_on</h3> <p><code class="language-plaintext highlighter-rouge">depends_on</code> expresses startup and shutdown dependencies between services.</p> <h4 id="short-syntax-1">Short syntax</h4> <p>The short syntax variant only specifies service names of the dependencies. Service dependencies cause the following behaviors:</p> <ul> <li> <p>Compose implementations MUST create services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code> are created before <code class="language-plaintext highlighter-rouge">web</code>.</p> </li> <li> <p>Compose implementations MUST remove services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">web</code> is removed before <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code>.</p> </li> </ul> <p>Simple example:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    build: .
+    depends_on:
+      - db
+      - redis
+  redis:
+    image: redis
+  db:
+    image: postgres
+</pre></div> <p>Compose implementations MUST guarantee dependency services have been started before starting a dependent service. Compose implementations MAY wait for dependency services to be “ready” before starting a dependent service.</p> <h4 id="long-syntax-1">Long syntax</h4> <p>The long form syntax enables the configuration of additional fields that can’t be expressed in the short form.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">condition</code>: condition under which dependency is considered satisfied <ul> <li>
+<code class="language-plaintext highlighter-rouge">service_started</code>: is an equivalent of the short syntax described above</li> <li>
+<code class="language-plaintext highlighter-rouge">service_healthy</code>: specifies that a dependency is expected to be “healthy” (as indicated by <a href="#healthcheck">healthcheck</a>) before starting a dependent service.</li> <li>
+<code class="language-plaintext highlighter-rouge">service_completed_successfully</code>: specifies that a dependency is expected to run to successful completion before starting a dependent service.</li> </ul> </li> </ul> <p>Service dependencies cause the following behaviors:</p> <ul> <li> <p>Compose implementations MUST create services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code> are created before <code class="language-plaintext highlighter-rouge">web</code>.</p> </li> <li> <p>Compose implementations MUST wait for healthchecks to pass on dependencies marked with <code class="language-plaintext highlighter-rouge">service_healthy</code>. In the following example, <code class="language-plaintext highlighter-rouge">db</code> is expected to be “healthy” before <code class="language-plaintext highlighter-rouge">web</code> is created.</p> </li> <li> <p>Compose implementations MUST remove services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">web</code> is removed before <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code>.</p> </li> </ul> <p>Simple example:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    build: .
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
+  redis:
+    image: redis
+  db:
+    image: postgres
+</pre></div> <p>Compose implementations MUST guarantee dependency services have been started before starting a dependent service. Compose implementations MUST guarantee dependency services marked with <code class="language-plaintext highlighter-rouge">service_healthy</code> are “healthy” before starting a dependent service.</p> <h3 id="deploy">deploy</h3> <p><code class="language-plaintext highlighter-rouge">deploy</code> specifies the configuration for the deployment and lifecycle of services, as defined <a href="deploy/index">here</a>.</p> <h3 id="device_cgroup_rules">device_cgroup_rules</h3> <p><code class="language-plaintext highlighter-rouge">device_cgroup_rules</code> defines a list of device cgroup rules for this container. The format is the same format the Linux kernel specifies in the <a href="https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/devices.html" target="_blank" rel="noopener" class="_">Control Groups Device Whitelist Controller</a>.</p> <div class="highlight"><pre class="highlight" data-language="">device_cgroup_rules:
+  - 'c 1:3 mr'
+  - 'a 7:* rmw'
+</pre></div> <h3 id="devices">devices</h3> <p><code class="language-plaintext highlighter-rouge">devices</code> defines a list of device mappings for created containers in the form of <code class="language-plaintext highlighter-rouge">HOST_PATH:CONTAINER_PATH[:CGROUP_PERMISSIONS]</code>.</p> <div class="highlight"><pre class="highlight" data-language="">devices:
+  - "/dev/ttyUSB0:/dev/ttyUSB0"
+  - "/dev/sda:/dev/xvda:rwm"
+</pre></div> <h3 id="dns">dns</h3> <p><code class="language-plaintext highlighter-rouge">dns</code> defines custom DNS servers to set on the container network interface configuration. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">dns: 8.8.8.8
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">dns:
+  - 8.8.8.8
+  - 9.9.9.9
+</pre></div> <h3 id="dns_opt">dns_opt</h3> <p><code class="language-plaintext highlighter-rouge">dns_opt</code> list custom DNS options to be passed to the container’s DNS resolver (<code class="language-plaintext highlighter-rouge">/etc/resolv.conf</code> file on Linux).</p> <div class="highlight"><pre class="highlight" data-language="">dns_opt:
+  - use-vc
+  - no-tld-query
+</pre></div> <h3 id="dns_search">dns_search</h3> <p><code class="language-plaintext highlighter-rouge">dns</code> defines custom DNS search domains to set on container network interface configuration. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">dns_search: example.com
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">dns_search:
+  - dc1.example.com
+  - dc2.example.com
+</pre></div> <h3 id="domainname">domainname</h3> <p><code class="language-plaintext highlighter-rouge">domainname</code> declares a custom domain name to use for the service container. MUST be a valid RFC 1123 hostname.</p> <h3 id="entrypoint">entrypoint</h3> <p><code class="language-plaintext highlighter-rouge">entrypoint</code> overrides the default entrypoint for the Docker image (i.e. <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> set by Dockerfile). Compose implementations MUST clear out any default command on the Docker image - both <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> and <code class="language-plaintext highlighter-rouge">CMD</code> instruction in the Dockerfile - when <code class="language-plaintext highlighter-rouge">entrypoint</code> is configured by a Compose file. If <a href="#command"><code class="language-plaintext highlighter-rouge">command</code></a> is also set, it is used as parameter to <code class="language-plaintext highlighter-rouge">entrypoint</code> as a replacement for Docker image’s <code class="language-plaintext highlighter-rouge">CMD</code></p> <div class="highlight"><pre class="highlight" data-language="">entrypoint: /code/entrypoint.sh
+</pre></div> <p>The entrypoint can also be a list, in a manner similar to <a href="../../engine/reference/builder/index#cmd">Dockerfile</a>:</p> <div class="highlight"><pre class="highlight" data-language="">entrypoint:
+  - php
+  - -d
+  - zend_extension=/usr/local/lib/php/extensions/no-debug-non-zts-20100525/xdebug.so
+  - -d
+  - memory_limit=-1
+  - vendor/bin/phpunit
+</pre></div> <h3 id="env_file">env_file</h3> <p><code class="language-plaintext highlighter-rouge">env_file</code> adds environment variables to the container based on file content.</p> <div class="highlight"><pre class="highlight" data-language="">env_file: .env
+</pre></div> <p><code class="language-plaintext highlighter-rouge">env_file</code> can also be a list. The files in the list MUST be processed from the top down. For the same variable specified in two env files, the value from the last file in the list MUST stand.</p> <div class="highlight"><pre class="highlight" data-language="">env_file:
+  - ./a.env
+  - ./b.env
+</pre></div> <p>Relative path MUST be resolved from the Compose file’s parent folder. As absolute paths prevent the Compose file from being portable, Compose implementations SHOULD warn users when such a path is used to set <code class="language-plaintext highlighter-rouge">env_file</code>.</p> <p>Environment variables declared in the <a href="#environment">environment</a> section MUST override these values – this holds true even if those values are empty or undefined.</p> <h4 id="env_file-format">Env_file format</h4> <p>Each line in an env file MUST be in <code class="language-plaintext highlighter-rouge">VAR[=[VAL]]</code> format. Lines beginning with <code class="language-plaintext highlighter-rouge">#</code> MUST be ignored. Blank lines MUST also be ignored.</p> <p>The value of <code class="language-plaintext highlighter-rouge">VAL</code> is used as a raw string and not modified at all. If the value is surrounded by quotes (as is often the case for shell variables), the quotes MUST be <strong>included</strong> in the value passed to containers created by the Compose implementation.</p> <p><code class="language-plaintext highlighter-rouge">VAL</code> MAY be omitted, in such cases the variable value is empty string. <code class="language-plaintext highlighter-rouge">=VAL</code> MAY be omitted, in such cases the variable is <strong>unset</strong>.</p> <div class="highlight"><pre class="highlight" data-language=""># Set Rails/Rack environment
+RACK_ENV=development
+VAR="quoted"
+</pre></div> <h3 id="environment">environment</h3> <p><code class="language-plaintext highlighter-rouge">environment</code> defines environment variables set in the container. <code class="language-plaintext highlighter-rouge">environment</code> can use either an array or a map. Any boolean values; true, false, yes, no, SHOULD be enclosed in quotes to ensure they are not converted to True or False by the YAML parser.</p> <p>Environment variables MAY be declared by a single key (no value to equals sign). In such a case Compose implementations SHOULD rely on some user interaction to resolve the value. If they do not, the variable is unset and will be removed from the service container environment.</p> <p>Map syntax:</p> <div class="highlight"><pre class="highlight" data-language="">environment:
+  RACK_ENV: development
+  SHOW: "true"
+  USER_INPUT:
+</pre></div> <p>Array syntax:</p> <div class="highlight"><pre class="highlight" data-language="">environment:
+  - RACK_ENV=development
+  - SHOW=true
+  - USER_INPUT
+</pre></div> <p>When both <code class="language-plaintext highlighter-rouge">env_file</code> and <code class="language-plaintext highlighter-rouge">environment</code> are set for a service, values set by <code class="language-plaintext highlighter-rouge">environment</code> have precedence.</p> <h3 id="expose">expose</h3> <p><code class="language-plaintext highlighter-rouge">expose</code> defines the ports that Compose implementations MUST expose from container. These ports MUST be accessible to linked services and SHOULD NOT be published to the host machine. Only the internal container ports can be specified.</p> <div class="highlight"><pre class="highlight" data-language="">expose:
+  - "3000"
+  - "8000"
+</pre></div> <h3 id="extends">extends</h3> <p>Extend another service, in the current file or another, optionally overriding configuration. You can use <code class="language-plaintext highlighter-rouge">extends</code> on any service together with other configuration keys. The <code class="language-plaintext highlighter-rouge">extends</code> value MUST be a mapping defined with a required <code class="language-plaintext highlighter-rouge">service</code> and an optional <code class="language-plaintext highlighter-rouge">file</code> key.</p> <div class="highlight"><pre class="highlight" data-language="">extends:
+  file: common.yml
+  service: webapp
+</pre></div> <p>If supported Compose implementations MUST process <code class="language-plaintext highlighter-rouge">extends</code> in the following way:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">service</code> defines the name of the service being referenced as a base, for example <code class="language-plaintext highlighter-rouge">web</code> or <code class="language-plaintext highlighter-rouge">database</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">file</code> is the location of a Compose configuration file defining that service.</li> </ul> <h4 id="restrictions">Restrictions</h4> <p>The following restrictions apply to the service being referenced:</p> <ul> <li>Services that have dependencies on other services cannot be used as a base. Therefore, any key that introduces a dependency on another service is incompatible with <code class="language-plaintext highlighter-rouge">extends</code>. The non-exhaustive list of such keys is: <code class="language-plaintext highlighter-rouge">links</code>, <code class="language-plaintext highlighter-rouge">volumes_from</code>, <code class="language-plaintext highlighter-rouge">container</code> mode (in <code class="language-plaintext highlighter-rouge">ipc</code>, <code class="language-plaintext highlighter-rouge">pid</code>, <code class="language-plaintext highlighter-rouge">network_mode</code> and <code class="language-plaintext highlighter-rouge">net</code>), <code class="language-plaintext highlighter-rouge">service</code> mode (in <code class="language-plaintext highlighter-rouge">ipc</code>, <code class="language-plaintext highlighter-rouge">pid</code> and <code class="language-plaintext highlighter-rouge">network_mode</code>), <code class="language-plaintext highlighter-rouge">depends_on</code>.</li> <li>Services cannot have circular references with <code class="language-plaintext highlighter-rouge">extends</code>
+</li> </ul> <p>Compose implementations MUST return an error in all of these cases.</p> <h4 id="finding-referenced-service">Finding referenced service</h4> <p><code class="language-plaintext highlighter-rouge">file</code> value can be:</p> <ul> <li>Not present. This indicates that another service within the same Compose file is being referenced.</li> <li>File path, which can be either: <ul> <li>Relative path. This path is considered as relative to the location of the main Compose file.</li> <li>Absolute path.</li> </ul> </li> </ul> <p>Service denoted by <code class="language-plaintext highlighter-rouge">service</code> MUST be present in the identified referenced Compose file. Compose implementations MUST return an error if:</p> <ul> <li>Service denoted by <code class="language-plaintext highlighter-rouge">service</code> was not found</li> <li>Compose file denoted by <code class="language-plaintext highlighter-rouge">file</code> was not found</li> </ul> <h4 id="merging-service-definitions">Merging service definitions</h4> <p>Two service definitions (<em>main</em> one in the current Compose file and <em>referenced</em> one specified by <code class="language-plaintext highlighter-rouge">extends</code>) MUST be merged in the following way:</p> <ul> <li>Mappings: keys in mappings of <em>main</em> service definition override keys in mappings of <em>referenced</em> service definition. Keys that aren’t overridden are included as is.</li> <li>Sequences: items are combined together into an new sequence. Order of elements is preserved with the <em>referenced</em> items coming first and <em>main</em> items after.</li> <li>Scalars: keys in <em>main</em> service definition take precedence over keys in the <em>referenced</em> one.</li> </ul> <h5 id="mappings">Mappings</h5> <p>The following keys should be treated as mappings: <code class="language-plaintext highlighter-rouge">build.args</code>, <code class="language-plaintext highlighter-rouge">build.labels</code>, <code class="language-plaintext highlighter-rouge">build.extra_hosts</code>, <code class="language-plaintext highlighter-rouge">deploy.labels</code>, <code class="language-plaintext highlighter-rouge">deploy.update_config</code>, <code class="language-plaintext highlighter-rouge">deploy.rollback_config</code>, <code class="language-plaintext highlighter-rouge">deploy.restart_policy</code>, <code class="language-plaintext highlighter-rouge">deploy.resources.limits</code>, <code class="language-plaintext highlighter-rouge">environment</code>, <code class="language-plaintext highlighter-rouge">healthcheck</code>, <code class="language-plaintext highlighter-rouge">labels</code>, <code class="language-plaintext highlighter-rouge">logging.options</code>, <code class="language-plaintext highlighter-rouge">sysctls</code>, <code class="language-plaintext highlighter-rouge">storage_opt</code>, <code class="language-plaintext highlighter-rouge">extra_hosts</code>, <code class="language-plaintext highlighter-rouge">ulimits</code>.</p> <p>One exception that applies to <code class="language-plaintext highlighter-rouge">healthcheck</code> is that <em>main</em> mapping cannot specify <code class="language-plaintext highlighter-rouge">disable: true</code> unless <em>referenced</em> mapping also specifies <code class="language-plaintext highlighter-rouge">disable: true</code>. Compose implementations MUST return an error in this case.</p> <p>For example, the input below:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  common:
+    image: busybox
+    environment:
+      TZ: utc
+      PORT: 80
+  cli:
+    extends:
+      service: common
+    environment:
+      PORT: 8080
+</pre></div> <p>Produces the following configuration for the <code class="language-plaintext highlighter-rouge">cli</code> service. The same output is produced if array syntax is used.</p> <div class="highlight"><pre class="highlight" data-language="">environment:
+  PORT: 8080
+  TZ: utc
+image: busybox
+</pre></div> <p>Items under <code class="language-plaintext highlighter-rouge">blkio_config.device_read_bps</code>, <code class="language-plaintext highlighter-rouge">blkio_config.device_read_iops</code>, <code class="language-plaintext highlighter-rouge">blkio_config.device_write_bps</code>, <code class="language-plaintext highlighter-rouge">blkio_config.device_write_iops</code>, <code class="language-plaintext highlighter-rouge">devices</code> and <code class="language-plaintext highlighter-rouge">volumes</code> are also treated as mappings where key is the target path inside the container.</p> <p>For example, the input below:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  common:
+    image: busybox
+    volumes:
+      - common-volume:/var/lib/backup/data:rw
+  cli:
+    extends:
+      service: common
+    volumes:
+      - cli-volume:/var/lib/backup/data:ro
+</pre></div> <p>Produces the following configuration for the <code class="language-plaintext highlighter-rouge">cli</code> service. Note that mounted path now points to the new volume name and <code class="language-plaintext highlighter-rouge">ro</code> flag was applied.</p> <div class="highlight"><pre class="highlight" data-language="">image: busybox
+volumes:
+- cli-volume:/var/lib/backup/data:ro
+</pre></div> <p>If <em>referenced</em> service definition contains <code class="language-plaintext highlighter-rouge">extends</code> mapping, the items under it are simply copied into the new <em>merged</em> definition. Merging process is then kicked off again until no <code class="language-plaintext highlighter-rouge">extends</code> keys are remaining.</p> <p>For example, the input below:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  base:
+    image: busybox
+    user: root
+  common:
+    image: busybox
+    extends:
+      service: base
+  cli:
+    extends:
+      service: common
+</pre></div> <p>Produces the following configuration for the <code class="language-plaintext highlighter-rouge">cli</code> service. Here, <code class="language-plaintext highlighter-rouge">cli</code> services gets <code class="language-plaintext highlighter-rouge">user</code> key from <code class="language-plaintext highlighter-rouge">common</code> service, which in turn gets this key from <code class="language-plaintext highlighter-rouge">base</code> service.</p> <div class="highlight"><pre class="highlight" data-language="">image: busybox
+user: root
+</pre></div> <h5 id="sequences">Sequences</h5> <p>The following keys should be treated as sequences: <code class="language-plaintext highlighter-rouge">cap_add</code>, <code class="language-plaintext highlighter-rouge">cap_drop</code>, <code class="language-plaintext highlighter-rouge">configs</code>, <code class="language-plaintext highlighter-rouge">deploy.placement.constraints</code>, <code class="language-plaintext highlighter-rouge">deploy.placement.preferences</code>, <code class="language-plaintext highlighter-rouge">deploy.reservations.generic_resources</code>, <code class="language-plaintext highlighter-rouge">device_cgroup_rules</code>, <code class="language-plaintext highlighter-rouge">expose</code>, <code class="language-plaintext highlighter-rouge">external_links</code>, <code class="language-plaintext highlighter-rouge">ports</code>, <code class="language-plaintext highlighter-rouge">secrets</code>, <code class="language-plaintext highlighter-rouge">security_opt</code>. Any duplicates resulting from the merge are removed so that the sequence only contains unique elements.</p> <p>For example, the input below:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  common:
+    image: busybox
+    security_opt:
+      - label:role:ROLE
+  cli:
+    extends:
+      service: common
+    security_opt:
+      - label:user:USER
+</pre></div> <p>Produces the following configuration for the <code class="language-plaintext highlighter-rouge">cli</code> service.</p> <div class="highlight"><pre class="highlight" data-language="">image: busybox
+security_opt:
+- label:role:ROLE
+- label:user:USER
+</pre></div> <p>In case list syntax is used, the following keys should also be treated as sequences: <code class="language-plaintext highlighter-rouge">dns</code>, <code class="language-plaintext highlighter-rouge">dns_search</code>, <code class="language-plaintext highlighter-rouge">env_file</code>, <code class="language-plaintext highlighter-rouge">tmpfs</code>. Unlike sequence fields mentioned above, duplicates resulting from the merge are not removed.</p> <h5 id="scalars">Scalars</h5> <p>Any other allowed keys in the service definition should be treated as scalars.</p> <h3 id="external_links">external_links</h3> <p><code class="language-plaintext highlighter-rouge">external_links</code> link service containers to services managed outside this Compose application. <code class="language-plaintext highlighter-rouge">external_links</code> define the name of an existing service to retrieve using the platform lookup mechanism. An alias of the form <code class="language-plaintext highlighter-rouge">SERVICE:ALIAS</code> can be specified.</p> <div class="highlight"><pre class="highlight" data-language="">external_links:
+  - redis
+  - database:mysql
+  - database:postgresql
+</pre></div> <h3 id="extra_hosts">extra_hosts</h3> <p><code class="language-plaintext highlighter-rouge">extra_hosts</code> adds hostname mappings to the container network interface configuration (<code class="language-plaintext highlighter-rouge">/etc/hosts</code> for Linux). Values MUST set hostname and IP address for additional hosts in the form of <code class="language-plaintext highlighter-rouge">HOSTNAME:IP</code>.</p> <div class="highlight"><pre class="highlight" data-language="">extra_hosts:
+  - "somehost:162.242.195.82"
+  - "otherhost:50.31.209.229"
+</pre></div> <p>Compose implementations MUST create matching entry with the IP address and hostname in the container’s network configuration, which means for Linux <code class="language-plaintext highlighter-rouge">/etc/hosts</code> will get extra lines:</p> <div class="highlight"><pre class="highlight" data-language="">162.242.195.82  somehost
+50.31.209.229   otherhost
+</pre></div> <h3 id="group_add">group_add</h3> <p><code class="language-plaintext highlighter-rouge">group_add</code> specifies additional groups (by name or number) which the user inside the container MUST be a member of.</p> <p>An example of where this is useful is when multiple containers (running as different users) need to all read or write the same file on a shared volume. That file can be owned by a group shared by all the containers, and specified in <code class="language-plaintext highlighter-rouge">group_add</code>.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    image: alpine
+    group_add:
+      - mail
+</pre></div> <p>Running <code class="language-plaintext highlighter-rouge">id</code> inside the created container MUST show that the user belongs to the <code class="language-plaintext highlighter-rouge">mail</code> group, which would not have been the case if <code class="language-plaintext highlighter-rouge">group_add</code> were not declared.</p> <h3 id="healthcheck">healthcheck</h3> <p><code class="language-plaintext highlighter-rouge">healthcheck</code> declares a check that’s run to determine whether or not containers for this service are “healthy”. This overrides <a href="../../engine/reference/builder/index#healthcheck">HEALTHCHECK Dockerfile instruction</a> set by the service’s Docker image.</p> <div class="highlight"><pre class="highlight" data-language="">healthcheck:
+  test: ["CMD", "curl", "-f", "http://localhost"]
+  interval: 1m30s
+  timeout: 10s
+  retries: 3
+  start_period: 40s
+</pre></div> <p><code class="language-plaintext highlighter-rouge">interval</code>, <code class="language-plaintext highlighter-rouge">timeout</code> and <code class="language-plaintext highlighter-rouge">start_period</code> are <a href="#specifying-durations">specified as durations</a>.</p> <p><code class="language-plaintext highlighter-rouge">test</code> defines the command the Compose implementation will run to check container health. It can be either a string or a list. If it’s a list, the first item must be either <code class="language-plaintext highlighter-rouge">NONE</code>, <code class="language-plaintext highlighter-rouge">CMD</code> or <code class="language-plaintext highlighter-rouge">CMD-SHELL</code>. If it’s a string, it’s equivalent to specifying <code class="language-plaintext highlighter-rouge">CMD-SHELL</code> followed by that string.</p> <div class="highlight"><pre class="highlight" data-language=""># Hit the local web app
+test: ["CMD", "curl", "-f", "http://localhost"]
+</pre></div> <p>Using <code class="language-plaintext highlighter-rouge">CMD-SHELL</code> will run the command configured as a string using the container’s default shell (<code class="language-plaintext highlighter-rouge">/bin/sh</code> for Linux). Both forms below are equivalent:</p> <div class="highlight"><pre class="highlight" data-language="">test: ["CMD-SHELL", "curl -f http://localhost || exit 1"]
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">test: curl -f https://localhost || exit 1
+</pre></div> <p><code class="language-plaintext highlighter-rouge">NONE</code> disable the healthcheck, and is mostly useful to disable Healthcheck set by image. Alternatively the healthcheck set by the image can be disabled by setting <code class="language-plaintext highlighter-rouge">disable: true</code>:</p> <div class="highlight"><pre class="highlight" data-language="">healthcheck:
+  disable: true
+</pre></div> <h3 id="hostname">hostname</h3> <p><code class="language-plaintext highlighter-rouge">hostname</code> declares a custom host name to use for the service container. MUST be a valid RFC 1123 hostname.</p> <h3 id="image">image</h3> <p><code class="language-plaintext highlighter-rouge">image</code> specifies the image to start the container from. Image MUST follow the Open Container Specification <a href="https://github.com/opencontainers/org/blob/master/docs/docs/introduction/digests/">addressable image format</a>, as <code class="language-plaintext highlighter-rouge">[&lt;registry&gt;/][&lt;project&gt;/]&lt;image&gt;[:&lt;tag&gt;|@&lt;digest&gt;]</code>.</p> <div class="highlight"><pre class="highlight" data-language="">    image: redis
+    image: redis:5
+    image: redis@sha256:0ed5d5928d4737458944eb604cc8509e245c3e19d02ad83935398bc4b991aac7
+    image: library/redis
+    image: docker.io/library/redis
+    image: my_private.registry:5000/redis
+</pre></div> <p>If the image does not exist on the platform, Compose implementations MUST attempt to pull it based on the <code class="language-plaintext highlighter-rouge">pull_policy</code>. Compose implementations with build support MAY offer alternative options for the end user to control precedence of pull over building the image from source, however pulling the image MUST be the default behavior.</p> <p><code class="language-plaintext highlighter-rouge">image</code> MAY be omitted from a Compose file as long as a <code class="language-plaintext highlighter-rouge">build</code> section is declared. Compose implementations without build support MUST fail when <code class="language-plaintext highlighter-rouge">image</code> is missing from the Compose file.</p> <h3 id="init">init</h3> <p><code class="language-plaintext highlighter-rouge">init</code> run an init process (PID 1) inside the container that forwards signals and reaps processes. Set this option to <code class="language-plaintext highlighter-rouge">true</code> to enable this feature for the service.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    image: alpine:latest
+    init: true
+</pre></div> <p>The init binary that is used is platform specific.</p> <h3 id="ipc">ipc</h3> <p><code class="language-plaintext highlighter-rouge">ipc</code> configures the IPC isolation mode set by service container. Available values are platform specific, but Compose specification defines specific values which MUST be implemented as described if supported:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">shareable</code> which gives the container own private IPC namespace, with a possibility to share it with other containers.</li> <li>
+<code class="language-plaintext highlighter-rouge">service:{name}</code> which makes the container join another (<code class="language-plaintext highlighter-rouge">shareable</code>) container’s IPC namespace.</li> </ul> <div class="highlight"><pre class="highlight" data-language="">    ipc: "shareable"
+    ipc: "service:[service name]"
+</pre></div> <h3 id="isolation">isolation</h3> <p><code class="language-plaintext highlighter-rouge">isolation</code> specifies a container’s isolation technology. Supported values are platform-specific.</p> <h3 id="labels">labels</h3> <p><code class="language-plaintext highlighter-rouge">labels</code> add metadata to containers. You can use either an array or a map.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
+  com.example.description: "Accounting webapp"
+  com.example.department: "Finance"
+  com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
+  - "com.example.description=Accounting webapp"
+  - "com.example.department=Finance"
+  - "com.example.label-with-empty-value"
+</pre></div> <p>Compose implementations MUST create containers with canonical labels:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">com.docker.compose.project</code> set on all resources created by Compose implementation to the user project name</li> <li>
+<code class="language-plaintext highlighter-rouge">com.docker.compose.service</code> set on service containers with service name as defined in the Compose file</li> </ul> <p>The <code class="language-plaintext highlighter-rouge">com.docker.compose</code> label prefix is reserved. Specifying labels with this prefix in the Compose file MUST result in a runtime error.</p> <h3 id="links">links</h3> <p><code class="language-plaintext highlighter-rouge">links</code> defines a network link to containers in another service. Either specify both the service name and a link alias (<code class="language-plaintext highlighter-rouge">SERVICE:ALIAS</code>), or just the service name.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  links:
+    - db
+    - db:database
+    - redis
+</pre></div> <p>Containers for the linked service MUST be reachable at a hostname identical to the alias, or the service name if no alias was specified.</p> <p>Links are not required to enable services to communicate - when no specific network configuration is set, any service MUST be able to reach any other service at that service’s name on the <code class="language-plaintext highlighter-rouge">default</code> network. If services do declare networks they are attached to, <code class="language-plaintext highlighter-rouge">links</code> SHOULD NOT override the network configuration and services not attached to a shared network SHOULD NOT be able to communicate. Compose implementations MAY NOT warn the user about this configuration mismatch.</p> <p>Links also express implicit dependency between services in the same way as <a href="#depends_on">depends_on</a>, so they determine the order of service startup.</p> <h3 id="logging">logging</h3> <p><code class="language-plaintext highlighter-rouge">logging</code> defines the logging configuration for the service.</p> <div class="highlight"><pre class="highlight" data-language="">logging:
+  driver: syslog
+  options:
+    syslog-address: "tcp://192.168.0.42:123"
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">driver</code> name specifies a logging driver for the service’s containers. The default and available values are platform specific. Driver specific options can be set with <code class="language-plaintext highlighter-rouge">options</code> as key-value pairs.</p> <h3 id="network_mode">network_mode</h3> <p><code class="language-plaintext highlighter-rouge">network_mode</code> set service containers network mode. Available values are platform specific, but Compose specification define specific values which MUST be implemented as described if supported:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">none</code> which disable all container networking</li> <li>
+<code class="language-plaintext highlighter-rouge">host</code> which gives the container raw access to host’s network interface</li> <li>
+<code class="language-plaintext highlighter-rouge">service:{name}</code> which gives the containers access to the specified service only</li> </ul> <div class="highlight"><pre class="highlight" data-language="">    network_mode: "host"
+    network_mode: "none"
+    network_mode: "service:[service name]"
+</pre></div> <h3 id="networks">networks</h3> <p><code class="language-plaintext highlighter-rouge">networks</code> defines the networks that service containers are attached to, referencing entries under the <a href="#networks-top-level-element">top-level <code class="language-plaintext highlighter-rouge">networks</code> key</a>.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  some-service:
+    networks:
+      - some-network
+      - other-network
+</pre></div> <h4 id="aliases">aliases</h4> <p><code class="language-plaintext highlighter-rouge">aliases</code> declares alternative hostnames for this service on the network. Other containers on the same network can use either the service name or this alias to connect to one of the service’s containers.</p> <p>Since <code class="language-plaintext highlighter-rouge">aliases</code> are network-scoped, the same service can have different aliases on different networks.</p> <blockquote> <p><strong>Note</strong>: A network-wide alias can be shared by multiple containers, and even by multiple services. If it is, then exactly which container the name resolves to is not guaranteed.</p> </blockquote> <p>The general format is shown here:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  some-service:
+    networks:
+      some-network:
+        aliases:
+          - alias1
+          - alias3
+      other-network:
+        aliases:
+          - alias2
+</pre></div> <p>In the example below, service <code class="language-plaintext highlighter-rouge">frontend</code> will be able to reach the <code class="language-plaintext highlighter-rouge">backend</code> service at the hostname <code class="language-plaintext highlighter-rouge">backend</code> or <code class="language-plaintext highlighter-rouge">database</code> on the <code class="language-plaintext highlighter-rouge">back-tier</code> network, and service <code class="language-plaintext highlighter-rouge">monitoring</code> will be able to reach same <code class="language-plaintext highlighter-rouge">backend</code> service at <code class="language-plaintext highlighter-rouge">db</code> or <code class="language-plaintext highlighter-rouge">mysql</code> on the <code class="language-plaintext highlighter-rouge">admin</code> network.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    networks:
+      - front-tier
+      - back-tier
+
+  monitoring:
+    image: awesome/monitoring
+    networks:
+      - admin
+
+  backend:
+    image: awesome/backend
+    networks:
+      back-tier:
+        aliases:
+          - database
+      admin:
+        aliases:
+          - mysql
+
+networks:
+  front-tier:
+  back-tier:
+  admin:
+</pre></div> <h4 id="ipv4_address-ipv6_address">ipv4_address, ipv6_address</h4> <p>Specify a static IP address for containers for this service when joining the network.</p> <p>The corresponding network configuration in the <a href="#networks">top-level networks section</a> MUST have an <code class="language-plaintext highlighter-rouge">ipam</code> block with subnet configurations covering each static address.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    networks:
+      front-tier:
+        ipv4_address: 172.16.238.10
+        ipv6_address: 2001:3984:3989::10
+
+networks:
+  front-tier:
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.16.238.0/24"
+        - subnet: "2001:3984:3989::/64"
+</pre></div> <h4 id="link_local_ips">link_local_ips</h4> <p><code class="language-plaintext highlighter-rouge">link_local_ips</code> specifies a list of link-local IPs. Link-local IPs are special IPs which belong to a well known subnet and are purely managed by the operator, usually dependent on the architecture where they are deployed. Implementation is Platform specific.</p> <p>Example:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  app:
+    image: busybox
+    command: top
+    networks:
+      app_net:
+        link_local_ips:
+          - 57.123.22.11
+          - 57.123.22.13
+networks:
+  app_net:
+    driver: bridge
+</pre></div> <h4 id="priority">priority</h4> <p><code class="language-plaintext highlighter-rouge">priority</code> indicates in which order Compose implementation SHOULD connect the service’s containers to its networks. If unspecified, the default value is 0.</p> <p>In the following example, the app service connects to app_net_1 first as it has the highest priority. It then connects to app_net_3, then app_net_2, which uses the default priority value of 0.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  app:
+    image: busybox
+    command: top
+    networks:
+      app_net_1:
+        priority: 1000
+      app_net_2:
+
+      app_net_3:
+        priority: 100
+networks:
+  app_net_1:
+  app_net_2:
+  app_net_3:
+</pre></div> <h3 id="mac_address">mac_address</h3> <p><code class="language-plaintext highlighter-rouge">mac_address</code> sets a MAC address for service container.</p> <h3 id="mem_limit">mem_limit</h3> <p><em>DEPRECATED: use <a href="deploy/index#memory">deploy.limits.memory</a></em></p> <h3 id="mem_reservation">mem_reservation</h3> <p><em>DEPRECATED: use <a href="deploy/index#memory">deploy.reservations.memory</a></em></p> <h3 id="mem_swappiness">mem_swappiness</h3> <p><code class="language-plaintext highlighter-rouge">mem_swappiness</code> defines as a percentage (a value between 0 and 100) for the host kernel to swap out anonymous memory pages used by a container.</p> <ul> <li>a value of 0 turns off anonymous page swapping.</li> <li>a value of 100 sets all anonymous pages as swappable.</li> </ul> <p>Default value is platform specific.</p> <h3 id="memswap_limit">memswap_limit</h3> <p><code class="language-plaintext highlighter-rouge">memswap_limit</code> defines the amount of memory container is allowed to swap to disk. This is a modifier attribute that only has meaning if <code class="language-plaintext highlighter-rouge">memory</code> is also set. Using swap allows the container to write excess memory requirements to disk when the container has exhausted all the memory that is available to it. There is a performance penalty for applications that swap memory to disk often.</p> <ul> <li>If <code class="language-plaintext highlighter-rouge">memswap_limit</code> is set to a positive integer, then both <code class="language-plaintext highlighter-rouge">memory</code> and <code class="language-plaintext highlighter-rouge">memswap_limit</code> MUST be set. <code class="language-plaintext highlighter-rouge">memswap_limit</code> represents the total amount of memory and swap that can be used, and <code class="language-plaintext highlighter-rouge">memory</code> controls the amount used by non-swap memory. So if <code class="language-plaintext highlighter-rouge">memory</code>=”300m” and <code class="language-plaintext highlighter-rouge">memswap_limit</code>=”1g”, the container can use 300m of memory and 700m (1g - 300m) swap.</li> <li>If <code class="language-plaintext highlighter-rouge">memswap_limit</code> is set to 0, the setting MUST be ignored, and the value is treated as unset.</li> <li>If <code class="language-plaintext highlighter-rouge">memswap_limit</code> is set to the same value as <code class="language-plaintext highlighter-rouge">memory</code>, and <code class="language-plaintext highlighter-rouge">memory</code> is set to a positive integer, the container does not have access to swap. See Prevent a container from using swap.</li> <li>If <code class="language-plaintext highlighter-rouge">memswap_limit</code> is unset, and <code class="language-plaintext highlighter-rouge">memory</code> is set, the container can use as much swap as the <code class="language-plaintext highlighter-rouge">memory</code> setting, if the host container has swap memory configured. For instance, if <code class="language-plaintext highlighter-rouge">memory</code>=”300m” and <code class="language-plaintext highlighter-rouge">memswap_limit</code> is not set, the container can use 600m in total of memory and swap.</li> <li>If <code class="language-plaintext highlighter-rouge">memswap_limit</code> is explicitly set to -1, the container is allowed to use unlimited swap, up to the amount available on the host system.</li> </ul> <h3 id="oom_kill_disable">oom_kill_disable</h3> <p>If <code class="language-plaintext highlighter-rouge">oom_kill_disable</code> is set Compose implementation MUST configure the platform so it won’t kill the container in case of memory starvation.</p> <h3 id="oom_score_adj">oom_score_adj</h3> <p><code class="language-plaintext highlighter-rouge">oom_score_adj</code> tunes the preference for containers to be killed by platform in case of memory starvation. Value MUST be within [-1000,1000] range.</p> <h3 id="pid">pid</h3> <p><code class="language-plaintext highlighter-rouge">pid</code> sets the PID mode for container created by the Compose implementation. Supported values are platform specific.</p> <h3 id="pids_limit">pids_limit</h3> <p><em>DEPRECATED: use <a href="deploy/index#pids">deploy.reservations.pids</a></em></p> <p><code class="language-plaintext highlighter-rouge">pids_limit</code> tunes a container’s PIDs limit. Set to -1 for unlimited PIDs.</p> <div class="highlight"><pre class="highlight" data-language="">pids_limit: 10
+</pre></div> <h3 id="platform">platform</h3> <p><code class="language-plaintext highlighter-rouge">platform</code> defines the target platform containers for this service will run on, using the <code class="language-plaintext highlighter-rouge">os[/arch[/variant]]</code> syntax. Compose implementation MUST use this attribute when declared to determine which version of the image will be pulled and/or on which platform the service’s build will be performed.</p> <div class="highlight"><pre class="highlight" data-language="">platform: osx
+platform: windows/amd64
+platform: linux/arm64/v8
+</pre></div> <h3 id="ports">ports</h3> <p>Exposes container ports. Port mapping MUST NOT be used with <code class="language-plaintext highlighter-rouge">network_mode: host</code> and doing so MUST result in a runtime error.</p> <h4 id="short-syntax-2">Short syntax</h4> <p>The short syntax is a colon-separated string to set host IP, host port and container port in the form:</p> <p><code class="language-plaintext highlighter-rouge">[HOST:]CONTAINER[/PROTOCOL]</code> where:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">HOST</code> is <code class="language-plaintext highlighter-rouge">[IP:](port | range)</code>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">CONTAINER</code> is <code class="language-plaintext highlighter-rouge">port | range</code>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">PROTOCOL</code> to restrict port to specified protocol. <code class="language-plaintext highlighter-rouge">tcp</code> and <code class="language-plaintext highlighter-rouge">udp</code> values are defined by the specification, Compose implementations MAY offer support for platform-specific protocol names.</li> </ul> <p>Host IP, if not set, MUST bind to all network interfaces. Port can be either a single value or a range. Host and container MUST use equivalent ranges.</p> <p>Either specify both ports (<code class="language-plaintext highlighter-rouge">HOST:CONTAINER</code>), or just the container port. In the latter case, the Compose implementation SHOULD automatically allocate any unassigned host port.</p> <p><code class="language-plaintext highlighter-rouge">HOST:CONTAINER</code> SHOULD always be specified as a (quoted) string, to avoid conflicts with <a href="https://yaml.org/type/float.html" target="_blank" rel="noopener" class="_">yaml base-60 float</a>.</p> <p>Samples:</p> <div class="highlight"><pre class="highlight" data-language="">ports:
+  - "3000"
+  - "3000-3005"
+  - "8000:8000"
+  - "9090-9091:8080-8081"
+  - "49100:22"
+  - "127.0.0.1:8001:8001"
+  - "127.0.0.1:5000-5010:5000-5010"
+  - "6060:6060/udp"
+</pre></div> <blockquote> <p><strong>Note</strong>: Host IP mapping MAY not be supported on the platform, in such case Compose implementations SHOULD reject the Compose file and MUST inform the user they will ignore the specified host IP.</p> </blockquote> <h4 id="long-syntax-2">Long syntax</h4> <p>The long form syntax allows the configuration of additional fields that can’t be expressed in the short form.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">target</code>: the container port</li> <li>
+<code class="language-plaintext highlighter-rouge">published</code>: the publicly exposed port. Can be set as a range using syntax <code class="language-plaintext highlighter-rouge">start-end</code>, then actual port SHOULD be assigned within this range based on available ports.</li> <li>
+<code class="language-plaintext highlighter-rouge">host_ip</code>: the Host IP mapping, unspecified means all network interfaces (<code class="language-plaintext highlighter-rouge">0.0.0.0</code>)</li> <li>
+<code class="language-plaintext highlighter-rouge">protocol</code>: the port protocol (<code class="language-plaintext highlighter-rouge">tcp</code> or <code class="language-plaintext highlighter-rouge">udp</code>), unspecified means any protocol</li> <li>
+<code class="language-plaintext highlighter-rouge">mode</code>: <code class="language-plaintext highlighter-rouge">host</code> for publishing a host port on each node, or <code class="language-plaintext highlighter-rouge">ingress</code> for a port to be load balanced.</li> </ul> <div class="highlight"><pre class="highlight" data-language="">ports:
+  - target: 80
+    host_ip: 127.0.0.1
+    published: 8080
+    protocol: tcp
+    mode: host
+
+  - target: 80
+    host_ip: 127.0.0.1
+    published: 8000-9000
+    protocol: tcp
+    mode: host
+</pre></div> <h3 id="privileged">privileged</h3> <p><code class="language-plaintext highlighter-rouge">privileged</code> configures the service container to run with elevated privileges. Support and actual impacts are platform-specific.</p> <h3 id="profiles-1">profiles</h3> <p><code class="language-plaintext highlighter-rouge">profiles</code> defines a list of named profiles for the service to be enabled under. When not set, service is always enabled.</p> <p>If present, <code class="language-plaintext highlighter-rouge">profiles</code> SHOULD follow the regex format of <code class="language-plaintext highlighter-rouge">[a-zA-Z0-9][a-zA-Z0-9_.-]+</code>.</p> <h3 id="pull_policy">pull_policy</h3> <p><code class="language-plaintext highlighter-rouge">pull_policy</code> defines the decisions Compose implementations will make when it starts to pull images. Possible values are:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">always</code>: Compose implementations SHOULD always pull the image from the registry.</li> <li>
+<code class="language-plaintext highlighter-rouge">never</code>: Compose implementations SHOULD NOT pull the image from a registry and SHOULD rely on the platform cached image. If there is no cached image, a failure MUST be reported.</li> <li>
+<code class="language-plaintext highlighter-rouge">missing</code>: Compose implementations SHOULD pull the image only if it’s not available in the platform cache. This SHOULD be the default option for Compose implementations without build support. <code class="language-plaintext highlighter-rouge">if_not_present</code> SHOULD be considered an alias for this value for backward compatibility</li> <li>
+<code class="language-plaintext highlighter-rouge">build</code>: Compose implementations SHOULD build the image. Compose implementations SHOULD rebuild the image if already present.</li> </ul> <p>If <code class="language-plaintext highlighter-rouge">pull_policy</code> and <code class="language-plaintext highlighter-rouge">build</code> both presents, Compose implementations SHOULD build the image by default. Compose implementations MAY override this behavior in the toolchain.</p> <h3 id="read_only">read_only</h3> <p><code class="language-plaintext highlighter-rouge">read_only</code> configures service container to be created with a read-only filesystem.</p> <h3 id="restart">restart</h3> <p><code class="language-plaintext highlighter-rouge">restart</code> defines the policy that the platform will apply on container termination.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">no</code>: The default restart policy. Does not restart a container under any circumstances.</li> <li>
+<code class="language-plaintext highlighter-rouge">always</code>: The policy always restarts the container until its removal.</li> <li>
+<code class="language-plaintext highlighter-rouge">on-failure</code>: The policy restarts a container if the exit code indicates an error.</li> <li>
+<code class="language-plaintext highlighter-rouge">unless-stopped</code>: The policy restarts a container irrespective of the exit code but will stop restarting when the service is stopped or removed.</li> </ul> <div class="highlight"><pre class="highlight" data-language="">    restart: "no"
+    restart: always
+    restart: on-failure
+    restart: unless-stopped
+</pre></div> <h3 id="runtime">runtime</h3> <p><code class="language-plaintext highlighter-rouge">runtime</code> specifies which runtime to use for the service’s containers.</p> <p>The value of <code class="language-plaintext highlighter-rouge">runtime</code> is specific to implementation. For example, <code class="language-plaintext highlighter-rouge">runtime</code> can be the name of <a href="https://github.com/opencontainers/runtime-spec/blob/master/implementations/" target="_blank" rel="noopener" class="_">an implementation of OCI Runtime Spec</a>, such as “runc”.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  image: busybox:latest
+  command: true
+  runtime: runc
+</pre></div> <h3 id="scale">scale</h3> <p><em>DEPRECATED: use <a href="deploy/index#replicas">deploy/replicas</a></em></p> <p><code class="language-plaintext highlighter-rouge">scale</code> specifies the default number of containers to deploy for this service.</p> <h3 id="secrets">secrets</h3> <p><code class="language-plaintext highlighter-rouge">secrets</code> grants access to sensitive data defined by <a href="#secrets">secrets</a> on a per-service basis. Two different syntax variants are supported: the short syntax and the long syntax.</p> <p>Compose implementations MUST report an error if the secret doesn’t exist on the platform or isn’t defined in the <a href="#secrets-top-level-element"><code class="language-plaintext highlighter-rouge">secrets</code></a> section of this Compose file.</p> <h4 id="short-syntax-3">Short syntax</h4> <p>The short syntax variant only specifies the secret name. This grants the container access to the secret and mounts it as read-only to <code class="language-plaintext highlighter-rouge">/run/secrets/&lt;secret_name&gt;</code> within the container. The source name and destination mountpoint are both set to the secret name.</p> <p>The following example uses the short syntax to grant the <code class="language-plaintext highlighter-rouge">frontend</code> service access to the <code class="language-plaintext highlighter-rouge">server-certificate</code> secret. The value of <code class="language-plaintext highlighter-rouge">server-certificate</code> is set to the contents of the file <code class="language-plaintext highlighter-rouge">./server.cert</code>.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    secrets:
+      - server-certificate
+secrets:
+  server-certificate:
+    file: ./server.cert
+</pre></div> <h4 id="long-syntax-3">Long syntax</h4> <p>The long syntax provides more granularity in how the secret is created within the service’s containers.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">source</code>: The name of the secret as it exists on the platform.</li> <li>
+<code class="language-plaintext highlighter-rouge">target</code>: The name of the file to be mounted in <code class="language-plaintext highlighter-rouge">/run/secrets/</code> in the service’s task containers. Defaults to <code class="language-plaintext highlighter-rouge">source</code> if not specified.</li> <li>
+<code class="language-plaintext highlighter-rouge">uid</code> and <code class="language-plaintext highlighter-rouge">gid</code>: The numeric UID or GID that owns the file within <code class="language-plaintext highlighter-rouge">/run/secrets/</code> in the service’s task containers. Default value is USER running container.</li> <li>
+<code class="language-plaintext highlighter-rouge">mode</code>: The <a href="http://permissions-calculator.org/">permissions</a> for the file to be mounted in <code class="language-plaintext highlighter-rouge">/run/secrets/</code> in the service’s task containers, in octal notation. Default value is world-readable permissions (mode <code class="language-plaintext highlighter-rouge">0444</code>). The writable bit MUST be ignored if set. The executable bit MAY be set.</li> </ul> <p>The following example sets the name of the <code class="language-plaintext highlighter-rouge">server-certificate</code> secret file to <code class="language-plaintext highlighter-rouge">server.crt</code> within the container, sets the mode to <code class="language-plaintext highlighter-rouge">0440</code> (group-readable) and sets the user and group to <code class="language-plaintext highlighter-rouge">103</code>. The value of <code class="language-plaintext highlighter-rouge">server-certificate</code> secret is provided by the platform through a lookup and the secret lifecycle not directly managed by the Compose implementation.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    secrets:
+      - source: server-certificate
+        target: server.cert
+        uid: "103"
+        gid: "103"
+        mode: 0440
+secrets:
+  server-certificate:
+    external: true
+</pre></div> <p>Services MAY be granted access to multiple secrets. Long and short syntax for secrets MAY be used in the same Compose file. Defining a secret in the top-level <code class="language-plaintext highlighter-rouge">secrets</code> MUST NOT imply granting any service access to it. Such grant must be explicit within service specification as <a href="#secrets">secrets</a> service element.</p> <h3 id="security_opt">security_opt</h3> <p><code class="language-plaintext highlighter-rouge">security_opt</code> overrides the default labeling scheme for each container.</p> <div class="highlight"><pre class="highlight" data-language="">security_opt:
+  - label:user:USER
+  - label:role:ROLE
+</pre></div> <h3 id="shm_size">shm_size</h3> <p><code class="language-plaintext highlighter-rouge">shm_size</code> configures the size of the shared memory (<code class="language-plaintext highlighter-rouge">/dev/shm</code> partition on Linux) allowed by the service container. Specified as a <a href="#specifying-byte-values">byte value</a>.</p> <h3 id="stdin_open">stdin_open</h3> <p><code class="language-plaintext highlighter-rouge">stdin_open</code> configures service containers to run with an allocated stdin.</p> <h3 id="stop_grace_period">stop_grace_period</h3> <p><code class="language-plaintext highlighter-rouge">stop_grace_period</code> specifies how long the Compose implementation MUST wait when attempting to stop a container if it doesn’t handle SIGTERM (or whichever stop signal has been specified with <a href="#stop_signal"><code class="language-plaintext highlighter-rouge">stop_signal</code></a>), before sending SIGKILL. Specified as a <a href="#specifying-durations">duration</a>.</p> <div class="highlight"><pre class="highlight" data-language="">    stop_grace_period: 1s
+    stop_grace_period: 1m30s
+</pre></div> <p>Default value is 10 seconds for the container to exit before sending SIGKILL.</p> <h3 id="stop_signal">stop_signal</h3> <p><code class="language-plaintext highlighter-rouge">stop_signal</code> defines the signal that the Compose implementation MUST use to stop the service containers. If unset containers are stopped by the Compose Implementation by sending <code class="language-plaintext highlighter-rouge">SIGTERM</code>.</p> <div class="highlight"><pre class="highlight" data-language="">stop_signal: SIGUSR1
+</pre></div> <h3 id="storage_opt">storage_opt</h3> <p><code class="language-plaintext highlighter-rouge">storage_opt</code> defines storage driver options for a service.</p> <div class="highlight"><pre class="highlight" data-language="">storage_opt:
+  size: '1G'
+</pre></div> <h3 id="sysctls">sysctls</h3> <p><code class="language-plaintext highlighter-rouge">sysctls</code> defines kernel parameters to set in the container. <code class="language-plaintext highlighter-rouge">sysctls</code> can use either an array or a map.</p> <div class="highlight"><pre class="highlight" data-language="">sysctls:
+  net.core.somaxconn: 1024
+  net.ipv4.tcp_syncookies: 0
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">sysctls:
+  - net.core.somaxconn=1024
+  - net.ipv4.tcp_syncookies=0
+</pre></div> <p>You can only use sysctls that are namespaced in the kernel. Docker does not support changing sysctls inside a container that also modify the host system. For an overview of supported sysctls, refer to <a href="../../engine/reference/commandline/run/index#configure-namespaced-kernel-parameters-sysctls-at-runtime">configure namespaced kernel parameters (sysctls) at runtime</a>.</p> <h3 id="tmpfs">tmpfs</h3> <p><code class="language-plaintext highlighter-rouge">tmpfs</code> mounts a temporary file system inside the container. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">tmpfs: /run
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">tmpfs:
+  - /run
+  - /tmp
+</pre></div> <h3 id="tty">tty</h3> <p><code class="language-plaintext highlighter-rouge">tty</code> configure service container to run with a TTY.</p> <h3 id="ulimits">ulimits</h3> <p><code class="language-plaintext highlighter-rouge">ulimits</code> overrides the default ulimits for a container. Either specifies as a single limit as an integer or soft/hard limits as a mapping.</p> <div class="highlight"><pre class="highlight" data-language="">ulimits:
+  nproc: 65535
+  nofile:
+    soft: 20000
+    hard: 40000
+</pre></div> <h3 id="user">user</h3> <p><code class="language-plaintext highlighter-rouge">user</code> overrides the user used to run the container process. Default is that set by image (i.e. Dockerfile <code class="language-plaintext highlighter-rouge">USER</code>), if not set, <code class="language-plaintext highlighter-rouge">root</code>.</p> <h3 id="userns_mode">userns_mode</h3> <p><code class="language-plaintext highlighter-rouge">userns_mode</code> sets the user namespace for the service. Supported values are platform specific and MAY depend on platform configuration</p> <div class="highlight"><pre class="highlight" data-language="">userns_mode: "host"
+</pre></div> <h3 id="volumes">volumes</h3> <p><code class="language-plaintext highlighter-rouge">volumes</code> defines mount host paths or named volumes that MUST be accessible by service containers.</p> <p>If the mount is a host path and only used by a single service, it MAY be declared as part of the service definition instead of the top-level <code class="language-plaintext highlighter-rouge">volumes</code> key.</p> <p>To reuse a volume across multiple services, a named volume MUST be declared in the <a href="#volumes-top-level-element">top-level <code class="language-plaintext highlighter-rouge">volumes</code> key</a>.</p> <p>This example shows a named volume (<code class="language-plaintext highlighter-rouge">db-data</code>) being used by the <code class="language-plaintext highlighter-rouge">backend</code> service, and a bind mount defined for a single service</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  backend:
+    image: awesome/backend
+    volumes:
+      - type: volume
+        source: db-data
+        target: /data
+        volume:
+          nocopy: true
+      - type: bind
+        source: /var/run/postgres/postgres.sock
+        target: /var/run/postgres/postgres.sock
+
+volumes:
+  db-data:
+</pre></div> <h4 id="short-syntax-4">Short syntax</h4> <p>The short syntax uses a single string with colon-separated values to specify a volume mount (<code class="language-plaintext highlighter-rouge">VOLUME:CONTAINER_PATH</code>), or an access mode (<code class="language-plaintext highlighter-rouge">VOLUME:CONTAINER_PATH:ACCESS_MODE</code>).</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">VOLUME</code>: MAY be either a host path on the platform hosting containers (bind mount) or a volume name</li> <li>
+<code class="language-plaintext highlighter-rouge">CONTAINER_PATH</code>: the path in the container where the volume is mounted</li> <li>
+<code class="language-plaintext highlighter-rouge">ACCESS_MODE</code>: is a comma-separated <code class="language-plaintext highlighter-rouge">,</code> list of options and MAY be set to: <ul> <li>
+<code class="language-plaintext highlighter-rouge">rw</code>: read and write access (default)</li> <li>
+<code class="language-plaintext highlighter-rouge">ro</code>: read-only access</li> <li>
+<code class="language-plaintext highlighter-rouge">z</code>: SELinux option indicates that the bind mount host content is shared among multiple containers</li> <li>
+<code class="language-plaintext highlighter-rouge">Z</code>: SELinux option indicates that the bind mount host content is private and unshared for other containers</li> </ul> </li> </ul> <blockquote> <p><strong>Note</strong>: The SELinux re-labeling bind mount option is ignored on platforms without SELinux.</p> </blockquote> <blockquote> <p><strong>Note</strong>: Relative host paths MUST only be supported by Compose implementations that deploy to a local container runtime. This is because the relative path is resolved from the Compose file’s parent directory which is only applicable in the local case. Compose Implementations deploying to a non-local platform MUST reject Compose files which use relative host paths with an error. To avoid ambiguities with named volumes, relative paths SHOULD always begin with <code class="language-plaintext highlighter-rouge">.</code> or <code class="language-plaintext highlighter-rouge">..</code>.</p> </blockquote> <h4 id="long-syntax-4">Long syntax</h4> <p>The long form syntax allows the configuration of additional fields that can’t be expressed in the short form.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">type</code>: the mount type <code class="language-plaintext highlighter-rouge">volume</code>, <code class="language-plaintext highlighter-rouge">bind</code>, <code class="language-plaintext highlighter-rouge">tmpfs</code> or <code class="language-plaintext highlighter-rouge">npipe</code>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">source</code>: the source of the mount, a path on the host for a bind mount, or the name of a volume defined in the <a href="#volumes-top-level-element">top-level <code class="language-plaintext highlighter-rouge">volumes</code> key</a>. Not applicable for a tmpfs mount.</li> <li>
+<code class="language-plaintext highlighter-rouge">target</code>: the path in the container where the volume is mounted</li> <li>
+<code class="language-plaintext highlighter-rouge">read_only</code>: flag to set the volume as read-only</li> <li>
+<code class="language-plaintext highlighter-rouge">bind</code>: configure additional bind options <ul> <li>
+<code class="language-plaintext highlighter-rouge">propagation</code>: the propagation mode used for the bind</li> <li>
+<code class="language-plaintext highlighter-rouge">create_host_path</code>: create a directory at the source path on host if there is nothing present. Do nothing if there is something present at the path. This is automatically implied by short syntax for backward compatibility with docker-compose legacy.</li> <li>
+<code class="language-plaintext highlighter-rouge">selinux</code>: the SELinux re-labeling option <code class="language-plaintext highlighter-rouge">z</code> (shared) or <code class="language-plaintext highlighter-rouge">Z</code> (private)</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">volume</code>: configure additional volume options <ul> <li>
+<code class="language-plaintext highlighter-rouge">nocopy</code>: flag to disable copying of data from a container when a volume is created</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">tmpfs</code>: configure additional tmpfs options <ul> <li>
+<code class="language-plaintext highlighter-rouge">size</code>: the size for the tmpfs mount in bytes (either numeric or as bytes unit)</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">consistency</code>: the consistency requirements of the mount. Available values are platform specific</li> </ul> <h3 id="volumes_from">volumes_from</h3> <p><code class="language-plaintext highlighter-rouge">volumes_from</code> mounts all of the volumes from another service or container, optionally specifying read-only access (ro) or read-write (rw). If no access level is specified, then read-write MUST be used.</p> <p>String value defines another service in the Compose application model to mount volumes from. The <code class="language-plaintext highlighter-rouge">container:</code> prefix, if supported, allows to mount volumes from a container that is not managed by the Compose implementation.</p> <div class="highlight"><pre class="highlight" data-language="">volumes_from:
+  - service_name
+  - service_name:ro
+  - container:container_name
+  - container:container_name:rw
+</pre></div> <h3 id="working_dir">working_dir</h3> <p><code class="language-plaintext highlighter-rouge">working_dir</code> overrides the container’s working directory from that specified by image (i.e. Dockerfile <code class="language-plaintext highlighter-rouge">WORKDIR</code>).</p> <h2 id="networks-top-level-element">Networks top-level element</h2> <p>Networks are the layer that allow services to communicate with each other. The networking model exposed to a service is limited to a simple IP connection with target services and external resources, while the Network definition allows fine-tuning the actual implementation provided by the platform.</p> <p>Networks can be created by specifying the network name under a top-level <code class="language-plaintext highlighter-rouge">networks</code> section. Services can connect to networks by specifying the network name under the service <a href="#networks"><code class="language-plaintext highlighter-rouge">networks</code></a> subsection</p> <p>In the following example, at runtime, networks <code class="language-plaintext highlighter-rouge">front-tier</code> and <code class="language-plaintext highlighter-rouge">back-tier</code> will be created and the <code class="language-plaintext highlighter-rouge">frontend</code> service connected to the <code class="language-plaintext highlighter-rouge">front-tier</code> network and the <code class="language-plaintext highlighter-rouge">back-tier</code> network.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  frontend:
+    image: awesome/webapp
+    networks:
+      - front-tier
+      - back-tier
+
+networks:
+  front-tier:
+  back-tier:
+</pre></div> <h3 id="driver">driver</h3> <p><code class="language-plaintext highlighter-rouge">driver</code> specifies which driver should be used for this network. Compose implementations MUST return an error if the driver is not available on the platform.</p> <div class="highlight"><pre class="highlight" data-language="">driver: overlay
+</pre></div> <p>Default and available values are platform specific. Compose specification MUST support the following specific drivers: <code class="language-plaintext highlighter-rouge">none</code> and <code class="language-plaintext highlighter-rouge">host</code></p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">host</code> use the host’s networking stack</li> <li>
+<code class="language-plaintext highlighter-rouge">none</code> disable networking</li> </ul> <h4 id="host-or-none">host or none</h4> <p>The syntax for using built-in networks such as <code class="language-plaintext highlighter-rouge">host</code> and <code class="language-plaintext highlighter-rouge">none</code> is different, as such networks implicitly exists outside the scope of the Compose implementation. To use them one MUST define an external network with the name <code class="language-plaintext highlighter-rouge">host</code> or <code class="language-plaintext highlighter-rouge">none</code> and an alias that the Compose implementation can use (<code class="language-plaintext highlighter-rouge">hostnet</code> or <code class="language-plaintext highlighter-rouge">nonet</code> in the following examples), then grant the service access to that network using its alias.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    networks:
+      hostnet: {}
+
+networks:
+  hostnet:
+    external: true
+    name: host
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    ...
+    networks:
+      nonet: {}
+
+networks:
+  nonet:
+    external: true
+    name: none
+</pre></div> <h3 id="driver_opts">driver_opts</h3> <p><code class="language-plaintext highlighter-rouge">driver_opts</code> specifies a list of options as key-value pairs to pass to the driver for this network. These options are driver-dependent - consult the driver’s documentation for more information. Optional.</p> <div class="highlight"><pre class="highlight" data-language="">driver_opts:
+  foo: "bar"
+  baz: 1
+</pre></div> <h3 id="attachable">attachable</h3> <p>If <code class="language-plaintext highlighter-rouge">attachable</code> is set to <code class="language-plaintext highlighter-rouge">true</code>, then standalone containers SHOULD be able attach to this network, in addition to services. If a standalone container attaches to the network, it can communicate with services and other standalone containers that are also attached to the network.</p> <div class="highlight"><pre class="highlight" data-language="">networks:
+  mynet1:
+    driver: overlay
+    attachable: true
+</pre></div> <h3 id="enable_ipv6">enable_ipv6</h3> <p><code class="language-plaintext highlighter-rouge">enable_ipv6</code> enable IPv6 networking on this network.</p> <h3 id="ipam">ipam</h3> <p><code class="language-plaintext highlighter-rouge">ipam</code> specifies custom a IPAM configuration. This is an object with several properties, each of which is optional:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">driver</code>: Custom IPAM driver, instead of the default.</li> <li>
+<code class="language-plaintext highlighter-rouge">config</code>: A list with zero or more configuration elements, each containing: <ul> <li>
+<code class="language-plaintext highlighter-rouge">subnet</code>: Subnet in CIDR format that represents a network segment</li> <li>
+<code class="language-plaintext highlighter-rouge">ip_range</code>: Range of IPs from which to allocate container IPs</li> <li>
+<code class="language-plaintext highlighter-rouge">gateway</code>: IPv4 or IPv6 gateway for the master subnet</li> <li>
+<code class="language-plaintext highlighter-rouge">aux_addresses</code>: Auxiliary IPv4 or IPv6 addresses used by Network driver, as a mapping from hostname to IP</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">options</code>: Driver-specific options as a key-value mapping.</li> </ul> <p>A full example:</p> <div class="highlight"><pre class="highlight" data-language="">ipam:
+  driver: default
+  config:
+    - subnet: 172.28.0.0/16
+      ip_range: 172.28.5.0/24
+      gateway: 172.28.5.254
+      aux_addresses:
+        host1: 172.28.1.5
+        host2: 172.28.1.6
+        host3: 172.28.1.7
+  options:
+    foo: bar
+    baz: "0"
+</pre></div> <h3 id="internal">internal</h3> <p>By default, Compose implementations MUST provides external connectivity to networks. <code class="language-plaintext highlighter-rouge">internal</code> when set to <code class="language-plaintext highlighter-rouge">true</code> allow to create an externally isolated network.</p> <h3 id="labels-1">labels</h3> <p>Add metadata to containers using Labels. Can use either an array or a dictionary.</p> <p>Users SHOULD use reverse-DNS notation to prevent labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
+  com.example.description: "Financial transaction network"
+  com.example.department: "Finance"
+  com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
+  - "com.example.description=Financial transaction network"
+  - "com.example.department=Finance"
+  - "com.example.label-with-empty-value"
+</pre></div> <p>Compose implementations MUST set <code class="language-plaintext highlighter-rouge">com.docker.compose.project</code> and <code class="language-plaintext highlighter-rouge">com.docker.compose.network</code> labels.</p> <h3 id="external">external</h3> <p>If set to <code class="language-plaintext highlighter-rouge">true</code>, <code class="language-plaintext highlighter-rouge">external</code> specifies that this network’s lifecycle is maintained outside of that of the application. Compose Implementations SHOULD NOT attempt to create these networks, and raises an error if one doesn’t exist.</p> <p>In the example below, <code class="language-plaintext highlighter-rouge">proxy</code> is the gateway to the outside world. Instead of attempting to create a network, Compose implementations SHOULD interrogate the platform for an existing network simply called <code class="language-plaintext highlighter-rouge">outside</code> and connect the <code class="language-plaintext highlighter-rouge">proxy</code> service’s containers to it.</p> <div class="highlight"><pre class="highlight" data-language="">
+services:
+  proxy:
+    image: awesome/proxy
+    networks:
+      - outside
+      - default
+  app:
+    image: awesome/app
+    networks:
+      - default
+
+networks:
+  outside:
+    external: true
+</pre></div> <h3 id="name">name</h3> <p><code class="language-plaintext highlighter-rouge">name</code> sets a custom name for this network. The name field can be used to reference networks which contain special characters. The name is used as is and will <strong>not</strong> be scoped with the project name.</p> <div class="highlight"><pre class="highlight" data-language="">networks:
+  network1:
+    name: my-app-net
+</pre></div> <p>It can also be used in conjunction with the <code class="language-plaintext highlighter-rouge">external</code> property to define the platform network that the Compose implementation should retrieve, typically by using a parameter so the Compose file doesn’t need to hard-code runtime specific values:</p> <div class="highlight"><pre class="highlight" data-language="">networks:
+  network1:
+    external: true
+    name: "${NETWORK_ID}"
+</pre></div> <h2 id="volumes-top-level-element">Volumes top-level element</h2> <p>Volumes are persistent data stores implemented by the platform. The Compose specification offers a neutral abstraction for services to mount volumes, and configuration parameters to allocate them on infrastructure.</p> <p>The <code class="language-plaintext highlighter-rouge">volumes</code> section allows the configuration of named volumes that can be reused across multiple services. Here’s an example of a two-service setup where a database’s data directory is shared with another service as a volume named <code class="language-plaintext highlighter-rouge">db-data</code> so that it can be periodically backed up:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  backend:
+    image: awesome/database
+    volumes:
+      - db-data:/etc/data
+
+  backup:
+    image: backup-service
+    volumes:
+      - db-data:/var/lib/backup/data
+
+volumes:
+  db-data:
+</pre></div> <p>An entry under the top-level <code class="language-plaintext highlighter-rouge">volumes</code> key can be empty, in which case it uses the platform’s default configuration for creating a volume. Optionally, you can configure it with the following keys:</p> <h3 id="driver-1">driver</h3> <p>Specify which volume driver should be used for this volume. Default and available values are platform specific. If the driver is not available, the Compose implementation MUST return an error and stop application deployment.</p> <div class="highlight"><pre class="highlight" data-language="">driver: foobar
+</pre></div> <h3 id="driver_opts-1">driver_opts</h3> <p><code class="language-plaintext highlighter-rouge">driver_opts</code> specifies a list of options as key-value pairs to pass to the driver for this volume. Those options are driver-dependent.</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  example:
+    driver_opts:
+      type: "nfs"
+      o: "addr=10.40.0.199,nolock,soft,rw"
+      device: ":/docker/example"
+</pre></div> <h3 id="external-1">external</h3> <p>If set to <code class="language-plaintext highlighter-rouge">true</code>, <code class="language-plaintext highlighter-rouge">external</code> specifies that this volume already exist on the platform and its lifecycle is managed outside of that of the application. Compose implementations MUST NOT attempt to create these volumes, and MUST return an error if they do not exist.</p> <p>In the example below, instead of attempting to create a volume called <code class="language-plaintext highlighter-rouge">{project_name}_db-data</code>, Compose looks for an existing volume simply called <code class="language-plaintext highlighter-rouge">db-data</code> and mounts it into the <code class="language-plaintext highlighter-rouge">backend</code> service’s containers.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  backend:
+    image: awesome/database
+    volumes:
+      - db-data:/etc/data
+
+volumes:
+  db-data:
+    external: true
+</pre></div> <h3 id="labels-2">labels</h3> <p><code class="language-plaintext highlighter-rouge">labels</code> are used to add metadata to volumes. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
+  com.example.description: "Database volume"
+  com.example.department: "IT/Ops"
+  com.example.label-with-empty-value: ""
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
+  - "com.example.description=Database volume"
+  - "com.example.department=IT/Ops"
+  - "com.example.label-with-empty-value"
+</pre></div> <p>Compose implementation MUST set <code class="language-plaintext highlighter-rouge">com.docker.compose.project</code> and <code class="language-plaintext highlighter-rouge">com.docker.compose.volume</code> labels.</p> <h3 id="name-1">name</h3> <p><code class="language-plaintext highlighter-rouge">name</code> set a custom name for this volume. The name field can be used to reference volumes that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name.</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  data:
+    name: "my-app-data"
+</pre></div> <p>It can also be used in conjunction with the <code class="language-plaintext highlighter-rouge">external</code> property. Doing so the name of the volume used to lookup for actual volume on platform is set separately from the name used to refer to it within the Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  db-data:
+    external:
+      name: actual-name-of-volume
+</pre></div> <p>This make it possible to make this lookup name a parameter of a Compose file, so that the model ID for volume is hard-coded but the actual volume ID on platform is set at runtime during deployment:</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  db-data:
+    external:
+      name: ${DATABASE_VOLUME}
+</pre></div> <h2 id="configs-top-level-element">Configs top-level element</h2> <p>Configs allow services to adapt their behaviour without the need to rebuild a Docker image. Configs are comparable to Volumes from a service point of view as they are mounted into service’s containers filesystem. The actual implementation detail to get configuration provided by the platform can be set from the Configuration definition.</p> <p>When granted access to a config, the config content is mounted as a file in the container. The location of the mount point within the container defaults to <code class="language-plaintext highlighter-rouge">/&lt;config-name&gt;</code> in Linux containers and <code class="language-plaintext highlighter-rouge">C:\&lt;config-name&gt;</code> in Windows containers.</p> <p>By default, the config MUST be owned by the user running the container command but can be overridden by service configuration. By default, the config MUST have world-readable permissions (mode 0444), unless service is configured to override this.</p> <p>Services can only access configs when explicitly granted by a <a href="#configs"><code class="language-plaintext highlighter-rouge">configs</code></a> subsection.</p> <p>The top-level <code class="language-plaintext highlighter-rouge">configs</code> declaration defines or references configuration data that can be granted to the services in this application. The source of the config is either <code class="language-plaintext highlighter-rouge">file</code> or <code class="language-plaintext highlighter-rouge">external</code>.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">file</code>: The config is created with the contents of the file at the specified path.</li> <li>
+<code class="language-plaintext highlighter-rouge">external</code>: If set to true, specifies that this config has already been created. Compose implementation does not attempt to create it, and if it does not exist, an error occurs.</li> <li>
+<code class="language-plaintext highlighter-rouge">name</code>: The name of config object on Platform to lookup. This field can be used to reference configs that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the project name.</li> </ul> <p>In this example, <code class="language-plaintext highlighter-rouge">http_config</code> is created (as <code class="language-plaintext highlighter-rouge">&lt;project_name&gt;_http_config</code>) when the application is deployed, and <code class="language-plaintext highlighter-rouge">my_second_config</code> MUST already exist on Platform and value will be obtained by lookup.</p> <p>In this example, <code class="language-plaintext highlighter-rouge">server-http_config</code> is created as <code class="language-plaintext highlighter-rouge">&lt;project_name&gt;_http_config</code> when the application is deployed, by registering content of the <code class="language-plaintext highlighter-rouge">httpd.conf</code> as configuration data.</p> <div class="highlight"><pre class="highlight" data-language="">configs:
+  http_config:
+    file: ./httpd.conf
+</pre></div> <p>Alternatively, <code class="language-plaintext highlighter-rouge">http_config</code> can be declared as external, doing so Compose implementation will lookup <code class="language-plaintext highlighter-rouge">http_config</code> to expose configuration data to relevant services.</p> <div class="highlight"><pre class="highlight" data-language="">configs:
+  http_config:
+    external: true
+</pre></div> <p>External configs lookup can also use a distinct key by specifying a <code class="language-plaintext highlighter-rouge">name</code>. The following example modifies the previous one to lookup for config using a parameter <code class="language-plaintext highlighter-rouge">HTTP_CONFIG_KEY</code>. Doing so the actual lookup key will be set at deployment time by <a href="#interpolation">interpolation</a> of variables, but exposed to containers as hard-coded ID <code class="language-plaintext highlighter-rouge">http_config</code>.</p> <div class="highlight"><pre class="highlight" data-language="">configs:
+  http_config:
+    external: true
+    name: "${HTTP_CONFIG_KEY}"
+</pre></div> <p>Compose file need to explicitly grant access to the configs to relevant services in the application.</p> <h2 id="secrets-top-level-element">Secrets top-level element</h2> <p>Secrets are a flavour of Configs focussing on sensitive data, with specific constraint for this usage. As the platform implementation may significantly differ from Configs, dedicated Secrets section allows to configure the related resources.</p> <p>The top-level <code class="language-plaintext highlighter-rouge">secrets</code> declaration defines or references sensitive data that can be granted to the services in this application. The source of the secret is either <code class="language-plaintext highlighter-rouge">file</code> or <code class="language-plaintext highlighter-rouge">external</code>.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">file</code>: The secret is created with the contents of the file at the specified path.</li> <li>
+<code class="language-plaintext highlighter-rouge">external</code>: If set to true, specifies that this secret has already been created. Compose implementation does not attempt to create it, and if it does not exist, an error occurs.</li> <li>
+<code class="language-plaintext highlighter-rouge">name</code>: The name of the secret object in Docker. This field can be used to reference secrets that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the project name.</li> </ul> <p>In this example, <code class="language-plaintext highlighter-rouge">server-certificate</code> is created as <code class="language-plaintext highlighter-rouge">&lt;project_name&gt;_server-certificate</code> when the application is deployed, by registering content of the <code class="language-plaintext highlighter-rouge">server.cert</code> as a platform secret.</p> <div class="highlight"><pre class="highlight" data-language="">secrets:
+  server-certificate:
+    file: ./server.cert
+</pre></div> <p>Alternatively, <code class="language-plaintext highlighter-rouge">server-certificate</code> can be declared as external, doing so Compose implementation will lookup <code class="language-plaintext highlighter-rouge">server-certificate</code> to expose secret to relevant services.</p> <div class="highlight"><pre class="highlight" data-language="">secrets:
+  server-certificate:
+    external: true
+</pre></div> <p>External secrets lookup can also use a distinct key by specifying a <code class="language-plaintext highlighter-rouge">name</code>. The following example modifies the previous one to look up for secret using a parameter <code class="language-plaintext highlighter-rouge">CERTIFICATE_KEY</code>. Doing so the actual lookup key will be set at deployment time by <a href="#interpolation">interpolation</a> of variables, but exposed to containers as hard-coded ID <code class="language-plaintext highlighter-rouge">server-certificate</code>.</p> <div class="highlight"><pre class="highlight" data-language="">secrets:
+  server-certificate:
+    external: true
+    name: "${CERTIFICATE_KEY}"
+</pre></div> <p>Compose file need to explicitly grant access to the secrets to relevant services in the application.</p> <h2 id="fragments">Fragments</h2> <p>It is possible to re-use configuration fragments using <a href="http://www.yaml.org/spec/1.2/spec.html#id2765878">YAML anchors</a>.</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
+  db-data: &amp;default-volume
+    driver: default
+  metrics: *default-volume
+</pre></div> <p>In previous sample, an <em>anchor</em> is created as <code class="language-plaintext highlighter-rouge">default-volume</code> based on <code class="language-plaintext highlighter-rouge">db-data</code> volume specification. It is later reused by <em>alias</em> <code class="language-plaintext highlighter-rouge">*default-volume</code> to define <code class="language-plaintext highlighter-rouge">metrics</code> volume. Same logic can apply to any element in a Compose file. Anchor resolution MUST take place before <a href="#interpolation">variables interpolation</a>, so variables can’t be used to set anchors or aliases.</p> <p>It is also possible to partially override values set by anchor reference using the <a href="http://yaml.org/type/merge.html">YAML merge type</a>. In following example, <code class="language-plaintext highlighter-rouge">metrics</code> volume specification uses alias to avoid repetition but override <code class="language-plaintext highlighter-rouge">name</code> attribute:</p> <div class="highlight"><pre class="highlight" data-language="">
+services:
+  backend:
+    image: awesome/database
+    volumes:
+      - db-data
+      - metrics
+volumes:
+  db-data: &amp;default-volume
+    driver: default
+    name: "data"
+  metrics:
+    &lt;&lt;: *default-volume
+    name: "metrics"
+</pre></div> <h2 id="extension">Extension</h2> <p>Special extension fields can be of any format as long as their name starts with the <code class="language-plaintext highlighter-rouge">x-</code> character sequence. They can be used within any structure in a Compose file. This is the sole exception for Compose implementations to silently ignore unrecognized field.</p> <div class="highlight"><pre class="highlight" data-language="">x-custom:
+  foo:
+    - bar
+    - zot
+
+services:
+  webapp:
+    image: awesome/webapp
+    x-foo: bar
+</pre></div> <p>The contents of such fields are unspecified by Compose specification, and can be used to enable custom features. Compose implementation to encounter an unknown extension field MUST NOT fail, but COULD warn about unknown field.</p> <p>For platform extensions, it is highly recommended to prefix extension by platform/vendor name, the same way browsers add support for <a href="https://www.w3.org/TR/2011/REC-CSS2-20110607/syndata.html#vendor-keywords" target="_blank" rel="noopener" class="_">custom CSS features</a>.</p> <div class="highlight"><pre class="highlight" data-language="">service:
+  backend:
+    deploy:
+      placement:
+        x-aws-role: "arn:aws:iam::XXXXXXXXXXXX:role/foo"
+        x-aws-region: "eu-west-3"
+        x-azure-region: "france-central"
+</pre></div> <h3 id="informative-historical-notes">Informative Historical Notes</h3> <p>This section is informative. At the time of writing, the following prefixes are known to exist:</p> <table> <thead> <tr> <th>prefix</th> <th>vendor/organization</th> </tr> </thead> <tbody> <tr> <td>docker</td> <td>Docker</td> </tr> <tr> <td>kubernetes</td> <td>Kubernetes</td> </tr> </tbody> </table> <h3 id="using-extensions-as-fragments">Using extensions as fragments</h3> <p>With the support for extension fields, Compose file can be written as follows to improve readability of reused fragments:</p> <div class="highlight"><pre class="highlight" data-language="">x-logging: &amp;default-logging
+  options:
+    max-size: "12m"
+    max-file: "5"
+  driver: json-file
+
+services:
+  frontend:
+    image: awesome/webapp
+    logging: *default-logging
+  backend:
+    image: awesome/database
+    logging: *default-logging
+</pre></div> <h3 id="specifying-byte-values">specifying byte values</h3> <p>Value express a byte value as a string in <code class="language-plaintext highlighter-rouge">{amount}{byte unit}</code> format: The supported units are <code class="language-plaintext highlighter-rouge">b</code> (bytes), <code class="language-plaintext highlighter-rouge">k</code> or <code class="language-plaintext highlighter-rouge">kb</code> (kilo bytes), <code class="language-plaintext highlighter-rouge">m</code> or <code class="language-plaintext highlighter-rouge">mb</code> (mega bytes) and <code class="language-plaintext highlighter-rouge">g</code> or <code class="language-plaintext highlighter-rouge">gb</code> (giga bytes).</p> <div class="highlight"><pre class="highlight" data-language="">    2b
+    1024kb
+    2048k
+    300m
+    1gb
+</pre></div> <h3 id="specifying-durations">specifying durations</h3> <p>Value express a duration as a string in the in the form of <code class="language-plaintext highlighter-rouge">{value}{unit}</code>. The supported units are <code class="language-plaintext highlighter-rouge">us</code> (microseconds), <code class="language-plaintext highlighter-rouge">ms</code> (milliseconds), <code class="language-plaintext highlighter-rouge">s</code> (seconds), <code class="language-plaintext highlighter-rouge">m</code> (minutes) and <code class="language-plaintext highlighter-rouge">h</code> (hours). Value can can combine multiple values and using without separator.</p> <div class="highlight"><pre class="highlight" data-language="">  10ms
+  40s
+  1m30s
+  1h5m30s20ms
+</pre></div> <h2 id="interpolation">Interpolation</h2> <p>Values in a Compose file can be set by variables, and interpolated at runtime. Compose files use a Bash-like syntax <code class="language-plaintext highlighter-rouge">${VARIABLE}</code></p> <p>Both <code class="language-plaintext highlighter-rouge">$VARIABLE</code> and <code class="language-plaintext highlighter-rouge">${VARIABLE}</code> syntax are supported. Default values can be defined inline using typical shell syntax: latest</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE:-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> only if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Similarly, the following syntax allows you to specify mandatory variables:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE:?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Interpolation can also be nested:</p> <ul> <li><code class="language-plaintext highlighter-rouge">${VARIABLE:-${FOO}}</code></li> <li><code class="language-plaintext highlighter-rouge">${VARIABLE?$FOO}</code></li> <li><code class="language-plaintext highlighter-rouge">${VARIABLE:-${FOO:-default}}</code></li> </ul> <p>Other extended shell-style features, such as <code class="language-plaintext highlighter-rouge">${VARIABLE/foo/bar}</code>, are not supported by the Compose specification.</p> <p>You can use a <code class="language-plaintext highlighter-rouge">$$</code> (double-dollar sign) when your configuration needs a literal dollar sign. This also prevents Compose from interpolating a value, so a <code class="language-plaintext highlighter-rouge">$$</code> allows you to refer to environment variables that you don’t want processed by Compose.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  build: .
+  command: "$$VAR_NOT_INTERPOLATED_BY_COMPOSE"
+</pre></div> <p>If the Compose implementation can’t resolve a substituted variable and no default value is defined, it MUST warn the user and substitute the variable with an empty string.</p> <p>As any values in a Compose file can be interpolated with variable substitution, including compact string notation for complex elements, interpolation MUST be applied <em>before</em> merge on a per-file-basis.</p> <h2 id="compose-documentation">Compose documentation</h2> <ul> <li><a href="../index">User guide</a></li> <li><a href="../install/index">Installing Compose</a></li> <li><a href="compose-versioning/index">Compose file versions and upgrading</a></li> <li><a href="../samples-for-compose/index">Sample apps with Compose</a></li> <li><a href="../gpu-support/index">Enabling GPU access with Compose</a></li> <li><a href="../reference/index">Command line reference</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/compose-file/" class="_attribution-link">https://docs.docker.com/compose/compose-file/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fenv-file%2Findex.html b/devdocs/docker/compose%2Fenv-file%2Findex.html
new file mode 100644
index 00000000..c0abc37d
--- /dev/null
+++ b/devdocs/docker/compose%2Fenv-file%2Findex.html
@@ -0,0 +1,11 @@
+<h1>Declare default environment variables in file</h1>
+
+<p>Compose supports declaring default environment variables in an environment file named <code class="language-plaintext highlighter-rouge">.env</code> placed in the project directory. Docker Compose versions earlier than <code class="language-plaintext highlighter-rouge">1.28</code>, load the <code class="language-plaintext highlighter-rouge">.env</code> file from the current working directory, where the command is executed, or from the project directory if this is explicitly set with the <code class="language-plaintext highlighter-rouge">--project-directory</code> option. This inconsistency has been addressed starting with <code class="language-plaintext highlighter-rouge">+v1.28</code> by limiting the default <code class="language-plaintext highlighter-rouge">.env</code> file path to the project directory. You can use the <code class="language-plaintext highlighter-rouge">--env-file</code> commandline option to override the default <code class="language-plaintext highlighter-rouge">.env</code> and specify the path to a custom environment file.</p> <p>The project directory is specified by the order of precedence:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">--project-directory</code> flag</li> <li>Folder of the first <code class="language-plaintext highlighter-rouge">--file</code> flag</li> <li>Current directory</li> </ul> <h2 id="syntax-rules">Syntax rules</h2> <p>The following syntax rules apply to the <code class="language-plaintext highlighter-rouge">.env</code> file:</p> <ul> <li>Compose expects each line in an <code class="language-plaintext highlighter-rouge">env</code> file to be in <code class="language-plaintext highlighter-rouge">VAR=VAL</code> format.</li> <li>Lines beginning with <code class="language-plaintext highlighter-rouge">#</code> are processed as comments and ignored.</li> <li>Blank lines are ignored.</li> <li>There is no special handling of quotation marks. This means that <strong>they are part of the VAL</strong>.</li> </ul> <h2 id="compose-file-and-cli-variables">Compose file and CLI variables</h2> <p>The environment variables you define here are used for <a href="../compose-file/compose-file-v3/index#variable-substitution">variable substitution</a> in your Compose file, and can also be used to define the following <a href="../reference/envvars/index">CLI variables</a>:</p> <ul> <li><code class="language-plaintext highlighter-rouge">COMPOSE_API_VERSION</code></li> <li><code class="language-plaintext highlighter-rouge">COMPOSE_CONVERT_WINDOWS_PATHS</code></li> <li><code class="language-plaintext highlighter-rouge">COMPOSE_FILE</code></li> <li><code class="language-plaintext highlighter-rouge">COMPOSE_HTTP_TIMEOUT</code></li> <li><code class="language-plaintext highlighter-rouge">COMPOSE_PROFILES</code></li> <li><code class="language-plaintext highlighter-rouge">COMPOSE_PROJECT_NAME</code></li> <li><code class="language-plaintext highlighter-rouge">COMPOSE_TLS_VERSION</code></li> <li><code class="language-plaintext highlighter-rouge">DOCKER_CERT_PATH</code></li> <li><code class="language-plaintext highlighter-rouge">DOCKER_HOST</code></li> <li><code class="language-plaintext highlighter-rouge">DOCKER_TLS_VERIFY</code></li> </ul> <blockquote> <p><strong>Notes</strong></p> <ul> <li>Values present in the environment at runtime always override those defined inside the <code class="language-plaintext highlighter-rouge">.env</code> file. Similarly, values passed via command-line arguments take precedence as well.</li> <li>Environment variables defined in the <code class="language-plaintext highlighter-rouge">.env</code> file are not automatically visible inside containers. To set container-applicable environment variables, follow the guidelines in the topic <a href="../environment-variables/index">Environment variables in Compose</a>, which describes how to pass shell environment variables through to containers, define environment variables in Compose files, and more.</li> </ul> </blockquote> <h2 id="more-compose-documentation">More Compose documentation</h2> <ul> <li><a href="../index">User guide</a></li> <li><a href="../install/index">Installing Compose</a></li> <li><a href="../gettingstarted/index">Getting Started</a></li> <li><a href="../reference/index">Command line reference</a></li> <li><a href="../compose-file/index">Compose file reference</a></li> <li><a href="../samples-for-compose/index">Sample apps with Compose</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=environment">environment</a>, <a href="https://docs.docker.com/search/?q=env%20file">env file</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/env-file/" class="_attribution-link">https://docs.docker.com/compose/env-file/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fenvironment-variables%2Findex.html b/devdocs/docker/compose%2Fenvironment-variables%2Findex.html
new file mode 100644
index 00000000..48734964
--- /dev/null
+++ b/devdocs/docker/compose%2Fenvironment-variables%2Findex.html
@@ -0,0 +1,95 @@
+<h1>Environment variables in Compose</h1>
+
+<p>There are multiple parts of Compose that deal with environment variables in one sense or another. This page should help you find the information you need.</p> <h2 id="substitute-environment-variables-in-compose-files">Substitute environment variables in Compose files</h2> <p>It’s possible to use environment variables in your shell to populate values inside a Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  image: "webapp:${TAG}"
+</pre></div> <p>If you have multiple environment variables, you can substitute them by adding them to a default environment variable file named <code class="language-plaintext highlighter-rouge">.env</code> or by providing a path to your environment variables file using the <code class="language-plaintext highlighter-rouge">--env-file</code> command line option.</p> <p>Your configuration options can contain environment variables. Compose uses the variable values from the shell environment in which <code class="language-plaintext highlighter-rouge">docker-compose</code> is run. For example, suppose the shell contains <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION=9.3</code> and you supply this configuration:</p> <div class="highlight"><pre class="highlight" data-language="">db:
+  image: "postgres:${POSTGRES_VERSION}"
+</pre></div> <p>When you run <code class="language-plaintext highlighter-rouge">docker-compose up</code> with this configuration, Compose looks for the <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION</code> environment variable in the shell and substitutes its value in. For this example, Compose resolves the <code class="language-plaintext highlighter-rouge">image</code> to <code class="language-plaintext highlighter-rouge">postgres:9.3</code> before running the configuration.</p> <p>If an environment variable is not set, Compose substitutes with an empty string. In the example above, if <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION</code> is not set, the value for the <code class="language-plaintext highlighter-rouge">image</code> option is <code class="language-plaintext highlighter-rouge">postgres:</code>.</p> <p>You can set default values for environment variables using a <a href="../env-file/index"><code class="language-plaintext highlighter-rouge">.env</code> file</a>, which Compose automatically looks for in project directory (parent folder of your Compose file). Values set in the shell environment override those set in the <code class="language-plaintext highlighter-rouge">.env</code> file.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">.env file</code> feature only works when you use the <code class="language-plaintext highlighter-rouge">docker-compose up</code> command and does not work with <code class="language-plaintext highlighter-rouge">docker stack deploy</code>.</p> </blockquote> <p>Both <code class="language-plaintext highlighter-rouge">$VARIABLE</code> and <code class="language-plaintext highlighter-rouge">${VARIABLE}</code> syntax are supported. Additionally when using the <a href="../compose-file/compose-versioning/index#version-21">2.1 file format</a>, it is possible to provide inline default values using typical shell syntax:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE:-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> only if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Similarly, the following syntax allows you to specify mandatory variables:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE:?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
+<code class="language-plaintext highlighter-rouge">${VARIABLE?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Other extended shell-style features, such as <code class="language-plaintext highlighter-rouge">${VARIABLE/foo/bar}</code>, are not supported.</p> <p>You can use a <code class="language-plaintext highlighter-rouge">$$</code> (double-dollar sign) when your configuration needs a literal dollar sign. This also prevents Compose from interpolating a value, so a <code class="language-plaintext highlighter-rouge">$$</code> allows you to refer to environment variables that you don’t want processed by Compose.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  build: .
+  command: "$$VAR_NOT_INTERPOLATED_BY_COMPOSE"
+</pre></div> <p>If you forget and use a single dollar sign (<code class="language-plaintext highlighter-rouge">$</code>), Compose interprets the value as an environment variable and warns you:</p> <div class="highlight"><pre class="highlight" data-language="">The VAR_NOT_INTERPOLATED_BY_COMPOSE is not set. Substituting an empty string.
+</pre></div> <h3 id="the-env-file">The “.env” file</h3> <p>You can set default values for any environment variables referenced in the Compose file, or used to configure Compose, in an <a href="../env-file/index">environment file</a> named <code class="language-plaintext highlighter-rouge">.env</code>. The <code class="language-plaintext highlighter-rouge">.env</code> file path is as follows:</p> <ul> <li>Starting with <code class="language-plaintext highlighter-rouge">+v1.28</code>, <code class="language-plaintext highlighter-rouge">.env</code> file is placed at the base of the project directory</li> <li>Project directory can be explicitly defined with the <code class="language-plaintext highlighter-rouge">--file</code> option or <code class="language-plaintext highlighter-rouge">COMPOSE_FILE</code> environment variable. Otherwise, it is the current working directory where the <code class="language-plaintext highlighter-rouge">docker compose</code> command is executed (<code class="language-plaintext highlighter-rouge">+1.28</code>).</li> <li>For previous versions, it might have trouble resolving <code class="language-plaintext highlighter-rouge">.env</code> file with <code class="language-plaintext highlighter-rouge">--file</code> or <code class="language-plaintext highlighter-rouge">COMPOSE_FILE</code>. To work around it, it is recommended to use <code class="language-plaintext highlighter-rouge">--project-directory</code>, which overrides the path for the <code class="language-plaintext highlighter-rouge">.env</code> file. This inconsistency is addressed in <code class="language-plaintext highlighter-rouge">+v1.28</code> by limiting the filepath to the project directory.</li> </ul> <div class="highlight"><pre class="highlight" data-language="">$ cat .env
+TAG=v1.5
+
+$ cat docker-compose.yml
+version: '3'
+services:
+  web:
+    image: "webapp:${TAG}"
+</pre></div> <p>When you run <code class="language-plaintext highlighter-rouge">docker-compose up</code>, the <code class="language-plaintext highlighter-rouge">web</code> service defined above uses the image <code class="language-plaintext highlighter-rouge">webapp:v1.5</code>. You can verify this with the <a href="../reference/config/index">config command</a>, which prints your resolved application config to the terminal:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose config
+
+version: '3'
+services:
+  web:
+    image: 'webapp:v1.5'
+</pre></div> <p>Values in the shell take precedence over those specified in the <code class="language-plaintext highlighter-rouge">.env</code> file.</p> <p>If you set <code class="language-plaintext highlighter-rouge">TAG</code> to a different value in your shell, the substitution in <code class="language-plaintext highlighter-rouge">image</code> uses that instead:</p> <div class="highlight"><pre class="highlight" data-language="">$ export TAG=v2.0
+$ docker-compose config
+
+version: '3'
+services:
+  web:
+    image: 'webapp:v2.0'
+</pre></div> <p>You can override the environment file path using a command line argument <code class="language-plaintext highlighter-rouge">--env-file</code>.</p> <h3 id="using-the---env-file--option">Using the “--env-file” option</h3> <p>By passing the file as an argument, you can store it anywhere and name it appropriately, for example, <code class="language-plaintext highlighter-rouge">.env.ci</code>, <code class="language-plaintext highlighter-rouge">.env.dev</code>, <code class="language-plaintext highlighter-rouge">.env.prod</code>. Passing the file path is done using the <code class="language-plaintext highlighter-rouge">--env-file</code> option:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose --env-file ./config/.env.dev up 
+</pre></div> <p>This file path is relative to the current working directory where the Docker Compose command is executed.</p> <div class="highlight"><pre class="highlight" data-language="">$ cat .env
+TAG=v1.5
+
+$ cat ./config/.env.dev
+TAG=v1.6
+
+
+$ cat docker-compose.yml
+version: '3'
+services:
+  web:
+    image: "webapp:${TAG}"
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">.env</code> file is loaded by default:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose config 
+version: '3'
+services:
+  web:
+    image: 'webapp:v1.5'
+</pre></div> <p>Passing the <code class="language-plaintext highlighter-rouge">--env-file</code> argument overrides the default file path:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose --env-file ./config/.env.dev config 
+version: '3'
+services:
+  web:
+    image: 'webapp:v1.6'
+</pre></div> <p>When an invalid file path is being passed as <code class="language-plaintext highlighter-rouge">--env-file</code> argument, Compose returns an error:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose --env-file ./doesnotexist/.env.dev  config
+ERROR: Couldn't find env file: /home/user/./doesnotexist/.env.dev
+</pre></div> <p>For more information, see the <a href="../compose-file/compose-file-v3/index#variable-substitution">Variable substitution</a> section in the Compose file reference.</p> <h2 id="set-environment-variables-in-containers">Set environment variables in containers</h2> <p>You can set environment variables in a service’s containers with the <a href="../compose-file/compose-file-v3/index#environment">‘environment’ key</a>, just like with <code class="language-plaintext highlighter-rouge">docker run -e VARIABLE=VALUE ...</code>:</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  environment:
+    - DEBUG=1
+</pre></div> <h2 id="pass-environment-variables-to-containers">Pass environment variables to containers</h2> <p>You can pass environment variables from your shell straight through to a service’s containers with the <a href="../compose-file/compose-file-v3/index#environment">‘environment’ key</a> by not giving them a value, just like with <code class="language-plaintext highlighter-rouge">docker run -e VARIABLE ...</code>:</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  environment:
+    - DEBUG
+</pre></div> <p>The value of the <code class="language-plaintext highlighter-rouge">DEBUG</code> variable in the container is taken from the value for the same variable in the shell in which Compose is run.</p> <h2 id="the-env_file-configuration-option">The “env_file” configuration option</h2> <p>You can pass multiple environment variables from an external file through to a service’s containers with the <a href="../compose-file/compose-file-v3/index#env_file">‘env_file’ option</a>, just like with <code class="language-plaintext highlighter-rouge">docker run --env-file=FILE ...</code>:</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  env_file:
+    - web-variables.env
+</pre></div> <h2 id="set-environment-variables-with-docker-compose-run">Set environment variables with ‘docker-compose run’</h2> <p>Similar to <code class="language-plaintext highlighter-rouge">docker run -e</code>, you can set environment variables on a one-off container with <code class="language-plaintext highlighter-rouge">docker-compose run -e</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose run -e DEBUG=1 web python console.py
+</pre></div> <p>You can also pass a variable from the shell by not giving it a value:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose run -e DEBUG web python console.py
+</pre></div> <p>The value of the <code class="language-plaintext highlighter-rouge">DEBUG</code> variable in the container is taken from the value for the same variable in the shell in which Compose is run.</p> <p>When you set the same environment variable in multiple files, here’s the priority used by Compose to choose which value to use:</p> <ol> <li>Compose file</li> <li>Shell environment variables</li> <li>Environment file</li> <li>Dockerfile</li> <li>Variable is not defined</li> </ol> <p>In the example below, we set the same environment variable on an Environment file, and the Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">$ cat ./Docker/api/api.env
+NODE_ENV=test
+
+$ cat docker-compose.yml
+version: '3'
+services:
+  api:
+    image: 'node:6-alpine'
+    env_file:
+     - ./Docker/api/api.env
+    environment:
+     - NODE_ENV=production
+</pre></div> <p>When you run the container, the environment variable defined in the Compose file takes precedence.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose exec api node
+
+&gt; process.env.NODE_ENV
+'production'
+</pre></div> <p>Having any <code class="language-plaintext highlighter-rouge">ARG</code> or <code class="language-plaintext highlighter-rouge">ENV</code> setting in a <code class="language-plaintext highlighter-rouge">Dockerfile</code> evaluates only if there is no Docker Compose entry for <code class="language-plaintext highlighter-rouge">environment</code> or <code class="language-plaintext highlighter-rouge">env_file</code>.</p> <blockquote> <p>Specifics for NodeJS containers</p> <p>If you have a <code class="language-plaintext highlighter-rouge">package.json</code> entry for <code class="language-plaintext highlighter-rouge">script:start</code> like <code class="language-plaintext highlighter-rouge">NODE_ENV=test node server.js</code>, then this overrules any setting in your <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file.</p> </blockquote> <h2 id="configure-compose-using-environment-variables">Configure Compose using environment variables</h2> <p>Several environment variables are available for you to configure the Docker Compose command-line behavior. They begin with <code class="language-plaintext highlighter-rouge">COMPOSE_</code> or <code class="language-plaintext highlighter-rouge">DOCKER_</code>, and are documented in <a href="../reference/envvars/index">CLI Environment Variables</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=environment">environment</a>, <a href="https://docs.docker.com/search/?q=env%20file">env file</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/environment-variables/" class="_attribution-link">https://docs.docker.com/compose/environment-variables/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fextends%2Findex.html b/devdocs/docker/compose%2Fextends%2Findex.html
new file mode 100644
index 00000000..fa8c4154
--- /dev/null
+++ b/devdocs/docker/compose%2Fextends%2Findex.html
@@ -0,0 +1,192 @@
+<h1>Share Compose configurations between files and projects</h1>
+
+<p>Compose supports two methods of sharing common configuration:</p> <ol> <li>Extending an entire Compose file by <a href="index#multiple-compose-files">using multiple Compose files</a>
+</li> <li>Extending individual services with <a href="index#extending-services">the <code class="language-plaintext highlighter-rouge">extends</code> field</a> (for Compose file versions up to 2.1)</li> </ol> <h2 id="multiple-compose-files">Multiple Compose files</h2> <p>Using multiple Compose files enables you to customize a Compose application for different environments or different workflows.</p> <h3 id="understanding-multiple-compose-files">Understanding multiple Compose files</h3> <p>By default, Compose reads two files, a <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> and an optional <code class="language-plaintext highlighter-rouge">docker-compose.override.yml</code> file. By convention, the <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> contains your base configuration. The override file, as its name implies, can contain configuration overrides for existing services or entirely new services.</p> <p>If a service is defined in both files, Compose merges the configurations using the rules described in <a href="index#adding-and-overriding-configuration">Adding and overriding configuration</a>.</p> <p>To use multiple override files, or an override file with a different name, you can use the <code class="language-plaintext highlighter-rouge">-f</code> option to specify the list of files. Compose merges files in the order they’re specified on the command line. See the <a href="../reference/index"><code class="language-plaintext highlighter-rouge">docker-compose</code> command reference</a> for more information about using <code class="language-plaintext highlighter-rouge">-f</code>.</p> <p>When you use multiple configuration files, you must make sure all paths in the files are relative to the base Compose file (the first Compose file specified with <code class="language-plaintext highlighter-rouge">-f</code>). This is required because override files need not be valid Compose files. Override files can contain small fragments of configuration. Tracking which fragment of a service is relative to which path is difficult and confusing, so to keep paths easier to understand, all paths must be defined relative to the base file.</p> <h3 id="example-use-case">Example use case</h3> <p>In this section, there are two common use cases for multiple Compose files: changing a Compose app for different environments, and running administrative tasks against a Compose app.</p> <h4 id="different-environments">Different environments</h4> <p>A common use case for multiple files is changing a development Compose app for a production-like environment (which may be production, staging or CI). To support these differences, you can split your Compose configuration into a few different files:</p> <p>Start with a base file that defines the canonical configuration for the services.</p> <p><strong>docker-compose.yml</strong></p> <div class="highlight"><pre class="highlight" data-language="">web:
+  image: example/my_web_app:latest
+  depends_on:
+    - db
+    - cache
+
+db:
+  image: postgres:latest
+
+cache:
+  image: redis:latest
+</pre></div> <p>In this example the development configuration exposes some ports to the host, mounts our code as a volume, and builds the web image.</p> <p><strong>docker-compose.override.yml</strong></p> <div class="highlight"><pre class="highlight" data-language="">web:
+  build: .
+  volumes:
+    - '.:/code'
+  ports:
+    - 8883:80
+  environment:
+    DEBUG: 'true'
+
+db:
+  command: '-d'
+  ports:
+    - 5432:5432
+
+cache:
+  ports:
+    - 6379:6379
+</pre></div> <p>When you run <code class="language-plaintext highlighter-rouge">docker-compose up</code> it reads the overrides automatically.</p> <p>Now, it would be nice to use this Compose app in a production environment. So, create another override file (which might be stored in a different git repo or managed by a different team).</p> <p><strong>docker-compose.prod.yml</strong></p> <div class="highlight"><pre class="highlight" data-language="">web:
+  ports:
+    - 80:80
+  environment:
+    PRODUCTION: 'true'
+
+cache:
+  environment:
+    TTL: '500'
+</pre></div> <p>To deploy with this production Compose file you can run</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
+</pre></div> <p>This deploys all three services using the configuration in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> and <code class="language-plaintext highlighter-rouge">docker-compose.prod.yml</code> (but not the dev configuration in <code class="language-plaintext highlighter-rouge">docker-compose.override.yml</code>).</p> <p>See <a href="../production/index">production</a> for more information about Compose in production.</p> <h4 id="administrative-tasks">Administrative tasks</h4> <p>Another common use case is running adhoc or administrative tasks against one or more services in a Compose app. This example demonstrates running a database backup.</p> <p>Start with a <strong>docker-compose.yml</strong>.</p> <div class="highlight"><pre class="highlight" data-language="">web:
+  image: example/my_web_app:latest
+  depends_on:
+    - db
+
+db:
+  image: postgres:latest
+</pre></div> <p>In a <strong>docker-compose.admin.yml</strong> add a new service to run the database export or backup.</p> <div class="highlight"><pre class="highlight" data-language="">    dbadmin:
+      build: database_admin/
+      depends_on:
+        - db
+</pre></div> <p>To start a normal environment run <code class="language-plaintext highlighter-rouge">docker-compose up -d</code>. To run a database backup, include the <code class="language-plaintext highlighter-rouge">docker-compose.admin.yml</code> as well.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose -f docker-compose.yml -f docker-compose.admin.yml \
+  run dbadmin db-backup
+</pre></div> <h2 id="extending-services">Extending services</h2> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">extends</code> keyword is supported in earlier Compose file formats up to Compose file version 2.1 (see <a href="../compose-file/compose-file-v2/index#extends">extends in v2</a>), but is not supported in Compose version 3.x. See the <a href="../compose-file/compose-versioning/index#version-3">Version 3 summary</a> of keys added and removed, along with information on <a href="../compose-file/compose-versioning/index#upgrading">how to upgrade</a>. See <a href="https://github.com/moby/moby/issues/31101">moby/moby#31101</a> to follow the discussion thread on the possibility of adding support for <code class="language-plaintext highlighter-rouge">extends</code> in some form in future versions. The <code class="language-plaintext highlighter-rouge">extends</code> keyword has been included in docker-compose versions 1.27 and higher.</p> </blockquote> <p>Docker Compose’s <code class="language-plaintext highlighter-rouge">extends</code> keyword enables the sharing of common configurations among different files, or even different projects entirely. Extending services is useful if you have several services that reuse a common set of configuration options. Using <code class="language-plaintext highlighter-rouge">extends</code> you can define a common set of service options in one place and refer to it from anywhere.</p> <p>Keep in mind that <code class="language-plaintext highlighter-rouge">volumes_from</code> and <code class="language-plaintext highlighter-rouge">depends_on</code> are never shared between services using <code class="language-plaintext highlighter-rouge">extends</code>. These exceptions exist to avoid implicit dependencies; you always define <code class="language-plaintext highlighter-rouge">volumes_from</code> locally. This ensures dependencies between services are clearly visible when reading the current file. Defining these locally also ensures that changes to the referenced file don’t break anything.</p> <h3 id="understand-the-extends-configuration">Understand the extends configuration</h3> <p>When defining any service in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code>, you can declare that you are extending another service like this:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    extends:
+      file: common-services.yml
+      service: webapp
+</pre></div> <p>This instructs Compose to re-use the configuration for the <code class="language-plaintext highlighter-rouge">webapp</code> service defined in the <code class="language-plaintext highlighter-rouge">common-services.yml</code> file. Suppose that <code class="language-plaintext highlighter-rouge">common-services.yml</code> looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  webapp:
+    build: .
+    ports:
+      - "8000:8000"
+    volumes:
+      - "/data"
+</pre></div> <p>In this case, you get exactly the same result as if you wrote <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> with the same <code class="language-plaintext highlighter-rouge">build</code>, <code class="language-plaintext highlighter-rouge">ports</code> and <code class="language-plaintext highlighter-rouge">volumes</code> configuration values defined directly under <code class="language-plaintext highlighter-rouge">web</code>.</p> <p>You can go further and define (or re-define) configuration locally in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code>:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    extends:
+      file: common-services.yml
+      service: webapp
+    environment:
+      - DEBUG=1
+    cpu_shares: 5
+
+  important_web:
+    extends: web
+    cpu_shares: 10
+</pre></div> <p>You can also write other services and link your <code class="language-plaintext highlighter-rouge">web</code> service to them:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    extends:
+      file: common-services.yml
+      service: webapp
+    environment:
+      - DEBUG=1
+    cpu_shares: 5
+    depends_on:
+      - db
+  db:
+    image: postgres
+</pre></div> <h3 id="example-use-case-1">Example use case</h3> <p>Extending an individual service is useful when you have multiple services that have a common configuration. The example below is a Compose app with two services: a web application and a queue worker. Both services use the same codebase and share many configuration options.</p> <p>In a <strong>common.yml</strong> we define the common configuration:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  app:
+    build: .
+    environment:
+      CONFIG_FILE_PATH: /code/config
+      API_KEY: xxxyyy
+    cpu_shares: 5
+</pre></div> <p>In a <strong>docker-compose.yml</strong> we define the concrete services which use the common configuration:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  webapp:
+    extends:
+      file: common.yml
+      service: app
+    command: /code/run_web_app
+    ports:
+      - 8080:8080
+    depends_on:
+      - queue
+      - db
+
+  queue_worker:
+    extends:
+      file: common.yml
+      service: app
+    command: /code/run_worker
+    depends_on:
+      - queue
+</pre></div> <h2 id="adding-and-overriding-configuration">Adding and overriding configuration</h2> <p>Compose copies configurations from the original service over to the local one. If a configuration option is defined in both the original service and the local service, the local value <em>replaces</em> or <em>extends</em> the original value.</p> <p>For single-value options like <code class="language-plaintext highlighter-rouge">image</code>, <code class="language-plaintext highlighter-rouge">command</code> or <code class="language-plaintext highlighter-rouge">mem_limit</code>, the new value replaces the old value.</p> <p>original service:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    command: python app.py
+</pre></div> <p>local service:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    command: python otherapp.py
+</pre></div> <p>result:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    command: python otherapp.py
+</pre></div> <p>For the <strong>multi-value options</strong> <code class="language-plaintext highlighter-rouge">ports</code>, <code class="language-plaintext highlighter-rouge">expose</code>, <code class="language-plaintext highlighter-rouge">external_links</code>, <code class="language-plaintext highlighter-rouge">dns</code>, <code class="language-plaintext highlighter-rouge">dns_search</code>, and <code class="language-plaintext highlighter-rouge">tmpfs</code>, Compose concatenates both sets of values:</p> <p>original service:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    expose:
+      - "3000"
+</pre></div> <p>local service:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    expose:
+      - "4000"
+      - "5000"
+</pre></div> <p>result:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    expose:
+      - "3000"
+      - "4000"
+      - "5000"
+</pre></div> <p>In the case of <code class="language-plaintext highlighter-rouge">environment</code>, <code class="language-plaintext highlighter-rouge">labels</code>, <code class="language-plaintext highlighter-rouge">volumes</code>, and <code class="language-plaintext highlighter-rouge">devices</code>, Compose “merges” entries together with locally-defined values taking precedence. For <code class="language-plaintext highlighter-rouge">environment</code> and <code class="language-plaintext highlighter-rouge">labels</code>, the environment variable or label name determines which value is used:</p> <p>original service:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    environment:
+      - FOO=original
+      - BAR=original
+</pre></div> <p>local service:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    environment:
+      - BAR=local
+      - BAZ=local
+</pre></div> <p>result</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    environment:
+      - FOO=original
+      - BAR=local
+      - BAZ=local
+</pre></div> <p>Entries for <code class="language-plaintext highlighter-rouge">volumes</code> and <code class="language-plaintext highlighter-rouge">devices</code> are merged using the mount path in the container:</p> <p>original service:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    volumes:
+      - ./original:/foo
+      - ./original:/bar
+</pre></div> <p>local service:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    volumes:
+      - ./local:/bar
+      - ./local:/baz
+</pre></div> <p>result:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  myservice:
+    # ...
+    volumes:
+      - ./original:/foo
+      - ./local:/bar
+      - ./local:/baz
+</pre></div> <h2 id="compose-documentation">Compose documentation</h2> <ul> <li><a href="../index">User guide</a></li> <li><a href="../install/index">Installing Compose</a></li> <li><a href="../gettingstarted/index">Getting Started</a></li> <li><a href="../reference/index">Command line reference</a></li> <li><a href="../compose-file/index">Compose file reference</a></li> <li><a href="../samples-for-compose/index">Sample apps with Compose</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/extends/" class="_attribution-link">https://docs.docker.com/compose/extends/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Ffaq%2Findex.html b/devdocs/docker/compose%2Ffaq%2Findex.html
new file mode 100644
index 00000000..dd913ed2
--- /dev/null
+++ b/devdocs/docker/compose%2Ffaq%2Findex.html
@@ -0,0 +1,15 @@
+<h1>Frequently asked questions</h1>
+
+<p>If you don’t see your question here, feel free to drop by <a href="https://dockercommunity.slack.com/archives/C2X82D9PA">#docker-compose</a> on the <a href="https://dockr.ly/slack">Docker Community Slack</a>.</p> <h2 id="can-i-control-service-startup-order">Can I control service startup order?</h2> <p>Yes - see <a href="../startup-order/index">Controlling startup order</a>.</p> <h2 id="why-do-my-services-take-10-seconds-to-recreate-or-stop">Why do my services take 10 seconds to recreate or stop?</h2> <p>Compose stop attempts to stop a container by sending a <code class="language-plaintext highlighter-rouge">SIGTERM</code>. It then waits for a <a href="../reference/stop/index">default timeout of 10 seconds</a>. After the timeout, a <code class="language-plaintext highlighter-rouge">SIGKILL</code> is sent to the container to forcefully kill it. If you are waiting for this timeout, it means that your containers aren’t shutting down when they receive the <code class="language-plaintext highlighter-rouge">SIGTERM</code> signal.</p> <p>There has already been a lot written about this problem of <a href="https://medium.com/@gchudnov/trapping-signals-in-docker-containers-7a57fdda7d86">processes handling signals</a> in containers.</p> <p>To fix this problem, try the following:</p> <ul> <li> <p>Make sure you’re using the exec form of <code class="language-plaintext highlighter-rouge">CMD</code> and <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> in your Dockerfile.</p> <p>For example use <code class="language-plaintext highlighter-rouge">["program", "arg1", "arg2"]</code> not <code class="language-plaintext highlighter-rouge">"program arg1 arg2"</code>. Using the string form causes Docker to run your process using <code class="language-plaintext highlighter-rouge">bash</code> which doesn’t handle signals properly. Compose always uses the JSON form, so don’t worry if you override the command or entrypoint in your Compose file.</p> </li> <li> <p>If you are able, modify the application that you’re running to add an explicit signal handler for <code class="language-plaintext highlighter-rouge">SIGTERM</code>.</p> </li> <li> <p>Set the <code class="language-plaintext highlighter-rouge">stop_signal</code> to a signal which the application knows how to handle:</p> </li> </ul> <div class="highlight"><pre class="highlight" data-language="">services:
+  web:
+    build: .
+    stop_signal: SIGINT
+</pre></div> <ul> <li>If you can’t modify the application, wrap the application in a lightweight init system (like <a href="https://skarnet.org/software/s6/">s6</a>) or a signal proxy (like <a href="https://github.com/Yelp/dumb-init">dumb-init</a> or <a href="https://github.com/krallin/tini">tini</a>). Either of these wrappers takes care of handling <code class="language-plaintext highlighter-rouge">SIGTERM</code> properly.</li> </ul> <h2 id="how-do-i-run-multiple-copies-of-a-compose-file-on-the-same-host">How do I run multiple copies of a Compose file on the same host?</h2> <p>Compose uses the project name to create unique identifiers for all of a project’s containers and other resources. To run multiple copies of a project, set a custom project name using the <a href="../reference/index"><code class="language-plaintext highlighter-rouge">-p</code> command line option</a> or the <a href="../reference/envvars/index#compose_project_name"><code class="language-plaintext highlighter-rouge">COMPOSE_PROJECT_NAME</code> environment variable</a>.</p> <h2 id="whats-the-difference-between-up-run-and-start">What’s the difference between <code class="language-plaintext highlighter-rouge">up</code>, <code class="language-plaintext highlighter-rouge">run</code>, and <code class="language-plaintext highlighter-rouge">start</code>?</h2> <p>Typically, you want <code class="language-plaintext highlighter-rouge">docker-compose up</code>. Use <code class="language-plaintext highlighter-rouge">up</code> to start or restart all the services defined in a <code class="language-plaintext highlighter-rouge">docker-compose.yml</code>. In the default “attached” mode, you see all the logs from all the containers. In “detached” mode (<code class="language-plaintext highlighter-rouge">-d</code>), Compose exits after starting the containers, but the containers continue to run in the background.</p> <p>The <code class="language-plaintext highlighter-rouge">docker-compose run</code> command is for running “one-off” or “adhoc” tasks. It requires the service name you want to run and only starts containers for services that the running service depends on. Use <code class="language-plaintext highlighter-rouge">run</code> to run tests or perform an administrative task such as removing or adding data to a data volume container. The <code class="language-plaintext highlighter-rouge">run</code> command acts like <code class="language-plaintext highlighter-rouge">docker run -ti</code> in that it opens an interactive terminal to the container and returns an exit status matching the exit status of the process in the container.</p> <p>The <code class="language-plaintext highlighter-rouge">docker-compose start</code> command is useful only to restart containers that were previously created, but were stopped. It never creates new containers.</p> <h2 id="can-i-use-json-instead-of-yaml-for-my-compose-file">Can I use json instead of yaml for my Compose file?</h2> <p>Yes. <a href="https://stackoverflow.com/a/1729545/444646">Yaml is a superset of json</a> so any JSON file should be valid Yaml. To use a JSON file with Compose, specify the filename to use, for example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose -f docker-compose.json up
+</pre></div> <h2 id="should-i-include-my-code-with-copyadd-or-a-volume">Should I include my code with <code class="language-plaintext highlighter-rouge">COPY</code>/<code class="language-plaintext highlighter-rouge">ADD</code> or a volume?</h2> <p>You can add your code to the image using <code class="language-plaintext highlighter-rouge">COPY</code> or <code class="language-plaintext highlighter-rouge">ADD</code> directive in a <code class="language-plaintext highlighter-rouge">Dockerfile</code>. This is useful if you need to relocate your code along with the Docker image, for example when you’re sending code to another environment (production, CI, etc).</p> <p>You should use a <code class="language-plaintext highlighter-rouge">volume</code> if you want to make changes to your code and see them reflected immediately, for example when you’re developing code and your server supports hot code reloading or live-reload.</p> <p>There may be cases where you want to use both. You can have the image include the code using a <code class="language-plaintext highlighter-rouge">COPY</code>, and use a <code class="language-plaintext highlighter-rouge">volume</code> in your Compose file to include the code from the host during development. The volume overrides the directory contents of the image.</p> <h2 id="where-can-i-find-example-compose-files">Where can I find example compose files?</h2> <p>There are <a href="https://github.com/search?q=in%3Apath+docker-compose.yml+extension%3Ayml&amp;type=Code">many examples of Compose files on GitHub</a>.</p> <h2 id="compose-documentation">Compose documentation</h2> <ul> <li><a href="../index">User guide</a></li> <li><a href="../install/index">Installing Compose</a></li> <li><a href="../gettingstarted/index">Getting Started</a></li> <li><a href="../reference/index">Command line reference</a></li> <li><a href="../compose-file/index">Compose file reference</a></li> <li><a href="../samples-for-compose/index">Sample apps with Compose</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=faq">faq</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/faq/" class="_attribution-link">https://docs.docker.com/compose/faq/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fgettingstarted%2Findex.html b/devdocs/docker/compose%2Fgettingstarted%2Findex.html
new file mode 100644
index 00000000..75ab44ae
--- /dev/null
+++ b/devdocs/docker/compose%2Fgettingstarted%2Findex.html
@@ -0,0 +1,123 @@
+<h1>Get started with Docker Compose</h1>
+
+<p>On this page you build a simple Python web application running on Docker Compose. The application uses the Flask framework and maintains a hit counter in Redis. While the sample uses Python, the concepts demonstrated here should be understandable even if you’re not familiar with it.</p> <h2 id="prerequisites">Prerequisites</h2> <p>Make sure you have already installed both <a href="https://docs.docker.com/get-docker/">Docker Engine</a> and <a href="../install/index">Docker Compose</a>. You don’t need to install Python or Redis, as both are provided by Docker images.</p> <h2 id="step-1-setup">Step 1: Setup</h2> <p>Define the application dependencies.</p> <ol> <li> <p>Create a directory for the project:</p> <div class="highlight"><pre class="highlight" data-language="">$ mkdir composetest
+$ cd composetest
+</pre></div>  </li> <li> <p>Create a file called <code class="language-plaintext highlighter-rouge">app.py</code> in your project directory and paste this in:</p> <div class="highlight"><pre class="highlight" data-language="">import time
+
+import redis
+from flask import Flask
+
+app = Flask(__name__)
+cache = redis.Redis(host='redis', port=6379)
+
+def get_hit_count():
+    retries = 5
+    while True:
+        try:
+            return cache.incr('hits')
+        except redis.exceptions.ConnectionError as exc:
+            if retries == 0:
+                raise exc
+            retries -= 1
+            time.sleep(0.5)
+
+@app.route('/')
+def hello():
+    count = get_hit_count()
+    return 'Hello World! I have been seen {} times.\n'.format(count)
+</pre></div>  <p>In this example, <code class="language-plaintext highlighter-rouge">redis</code> is the hostname of the redis container on the application’s network. We use the default port for Redis, <code class="language-plaintext highlighter-rouge">6379</code>.</p> <blockquote> <p>Handling transient errors</p> <p>Note the way the <code class="language-plaintext highlighter-rouge">get_hit_count</code> function is written. This basic retry loop lets us attempt our request multiple times if the redis service is not available. This is useful at startup while the application comes online, but also makes our application more resilient if the Redis service needs to be restarted anytime during the app’s lifetime. In a cluster, this also helps handling momentary connection drops between nodes.</p> </blockquote> </li> <li> <p>Create another file called <code class="language-plaintext highlighter-rouge">requirements.txt</code> in your project directory and paste this in:</p> <div class="highlight"><pre class="highlight" data-language="">flask
+redis
+</pre></div>  </li> </ol> <h2 id="step-2-create-a-dockerfile">Step 2: Create a Dockerfile</h2> <p>In this step, you write a Dockerfile that builds a Docker image. The image contains all the dependencies the Python application requires, including Python itself.</p> <p>In your project directory, create a file named <code class="language-plaintext highlighter-rouge">Dockerfile</code> and paste the following:</p> <div class="highlight"><pre class="highlight" data-language=""># syntax=docker/dockerfile:1
+FROM python:3.7-alpine
+WORKDIR /code
+ENV FLASK_APP=app.py
+ENV FLASK_RUN_HOST=0.0.0.0
+RUN apk add --no-cache gcc musl-dev linux-headers
+COPY requirements.txt requirements.txt
+RUN pip install -r requirements.txt
+EXPOSE 5000
+COPY . .
+CMD ["flask", "run"]
+</pre></div> <p>This tells Docker to:</p> <ul> <li>Build an image starting with the Python 3.7 image.</li> <li>Set the working directory to <code class="language-plaintext highlighter-rouge">/code</code>.</li> <li>Set environment variables used by the <code class="language-plaintext highlighter-rouge">flask</code> command.</li> <li>Install gcc and other dependencies</li> <li>Copy <code class="language-plaintext highlighter-rouge">requirements.txt</code> and install the Python dependencies.</li> <li>Add metadata to the image to describe that the container is listening on port 5000</li> <li>Copy the current directory <code class="language-plaintext highlighter-rouge">.</code> in the project to the workdir <code class="language-plaintext highlighter-rouge">.</code> in the image.</li> <li>Set the default command for the container to <code class="language-plaintext highlighter-rouge">flask run</code>.</li> </ul> <p>For more information on how to write Dockerfiles, see the <a href="https://docs.docker.com/develop/">Docker user guide</a> and the <a href="../../engine/reference/builder/index">Dockerfile reference</a>.</p> <h2 id="step-3-define-services-in-a-compose-file">Step 3: Define services in a Compose file</h2> <p>Create a file called <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> in your project directory and paste the following:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    build: .
+    ports:
+      - "8000:5000"
+  redis:
+    image: "redis:alpine"
+</pre></div> <p>This Compose file defines two services: <code class="language-plaintext highlighter-rouge">web</code> and <code class="language-plaintext highlighter-rouge">redis</code>.</p> <h3 id="web-service">Web service</h3> <p>The <code class="language-plaintext highlighter-rouge">web</code> service uses an image that’s built from the <code class="language-plaintext highlighter-rouge">Dockerfile</code> in the current directory. It then binds the container and the host machine to the exposed port, <code class="language-plaintext highlighter-rouge">8000</code>. This example service uses the default port for the Flask web server, <code class="language-plaintext highlighter-rouge">5000</code>.</p> <h3 id="redis-service">Redis service</h3> <p>The <code class="language-plaintext highlighter-rouge">redis</code> service uses a public <a href="https://registry.hub.docker.com/_/redis/">Redis</a> image pulled from the Docker Hub registry.</p> <h2 id="step-4-build-and-run-your-app-with-compose">Step 4: Build and run your app with Compose</h2> <ol> <li> <p>From your project directory, start up your application by running <code class="language-plaintext highlighter-rouge">docker-compose up</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose up
+
+Creating network "composetest_default" with the default driver
+Creating composetest_web_1 ...
+Creating composetest_redis_1 ...
+Creating composetest_web_1
+Creating composetest_redis_1 ... done
+Attaching to composetest_web_1, composetest_redis_1
+web_1    |  * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
+redis_1  | 1:C 17 Aug 22:11:10.480 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
+redis_1  | 1:C 17 Aug 22:11:10.480 # Redis version=4.0.1, bits=64, commit=00000000, modified=0, pid=1, just started
+redis_1  | 1:C 17 Aug 22:11:10.480 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
+web_1    |  * Restarting with stat
+redis_1  | 1:M 17 Aug 22:11:10.483 * Running mode=standalone, port=6379.
+redis_1  | 1:M 17 Aug 22:11:10.483 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
+web_1    |  * Debugger is active!
+redis_1  | 1:M 17 Aug 22:11:10.483 # Server initialized
+redis_1  | 1:M 17 Aug 22:11:10.483 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never &gt; /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
+web_1    |  * Debugger PIN: 330-787-903
+redis_1  | 1:M 17 Aug 22:11:10.483 * Ready to accept connections
+</pre></div>  <p>Compose pulls a Redis image, builds an image for your code, and starts the services you defined. In this case, the code is statically copied into the image at build time.</p> </li> <li> <p>Enter http://localhost:8000/ in a browser to see the application running.</p> <p>If you’re using Docker natively on Linux, Docker Desktop for Mac, or Docker Desktop for Windows, then the web app should now be listening on port 8000 on your Docker daemon host. Point your web browser to http://localhost:8000 to find the <code class="language-plaintext highlighter-rouge">Hello World</code> message. If this doesn’t resolve, you can also try http://127.0.0.1:8000.</p> <p>You should see a message in your browser saying:</p> <div class="highlight"><pre class="highlight" data-language="">Hello World! I have been seen 1 times.
+</pre></div>  <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA6gAAAJuCAMAAACKWd8HAAAACXBIWXMAAA7EAAAOxAGVKw4bAAACqVBMVEVHcEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5P0UvNDk2PEL////e4ebx8/QxNjs4PUMzOT46QEY5P0UyNzw3PEI2O0EzOD00Oj87QUfa3OA1O0BfY2jv8fJ8f4K7vb/29vb6/f3o6evIyMpLT1evsrXDxcfj5OZlaW1iY2RrbG7t//+PkpTz8dSZm56pq63//9TMzs///uP9y0D///PR1ti6+///5J+SXFJFSU6ipqhwwvwPnVij2fSM0P6PSCzf4OL/znvaRDY+ie1TnOVRVlpLERDC6viEh4l5Kwj/9L5zd3mHio3b/v8oQnBscXba29o6aa4IG18qBgpWXWTa8Pk+g81IRkZYj8/13LNjs/C4hldwWEQHCi6a4//rzqaybEPBax+YxeR9rtcVVKijgGgKR5wJLX4aZ791bJjM/v+0yeKAg4enTgzx8+fonkBFWpdfR3tLMiZigqVeRj3uxYS6lHv7r1YqCTqjXCk5J1jw68bJQTXps3HUiV4HAw3bjTjxzZd5mrePbXkkJSvTpXGSPwgHEUVsm8/h2MYqUUOWdGYSlVQdi1A7X37bt0BtS198SiH1vWlaJTeNh0DZWzrbspIncEo5pm/a7+JmvZSpvowfui4CAAAAU3RSTlMAAwUKBA4RAQIGDA8HCBQJCxclMDooIDUWLUcbGjNLI0A3RD0dWiIqUxgeEiskHxxPTlIvXlZfdnJjZlhtYWp5dYV+iIGMnDtCOUFXWZp/lOqp1QnXkisAACAASURBVHja7NzbbxrZHQfw7eaybTbNxk64OL7GtmzFieNN+SMSvyUPFWMEBYYBaRgDshAIVTwMihSaLJIlLMGDpbz4oe921Rf3zY3Ux1aJ+tLVVv1Pem5z5py5BbBzAf++2vXADDAzzHzyO+cM8M03EAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBCe7yCQSxXQCYGAWQAKgUw6WDgUEMjXDRbefQjk69Y60Gb9GgK5VPnKtAJPCOQ8ZL+sUjg6EMigXr+MUjgiEMiwWj8zUzgQEMhoWD+X04E28VcQyMRnRK1fnOkg+3YVAhmznNfsJ6c6MFLACAHEgV4/JdWBmAYD/RYCmcAEgx2I6mdk6inUf+d+A4GMcQZiG6j1U1D9KFOXUSAJudx8XVo/A9WPMHUgBaAQACtr9bN6sVIDmUpKA4jehEAmOAFcA61eoNQgp26lfjp/C4FMcPzMuq1+Kqn+TF1K3UTtHfkBApnguMg6sfpbvRipvk4Fpg6lIlFrP65AIBMdh1gHVtuqB9WLkBrs1K2UG/X3eRsCmZD4i+Va3VY/hVQ/pxJTl1InUXvHbkAgExZvthZWl1VPqueVGuTUwdQTaQDOaxDIxERCG4RVpHqBUodhypR6E4VDCbk8ZEWuttWBqZ6nnvo4lZhypaJRcR++F3MdAhnjSCezn1bRqkT1I0X1IqBavVPO1K1UJhro8iEEMmYJlCtr9bNKqTp6qiND9aynNlPuVGBKlLpwwrGFXC7DHK1t1aIqtX8dRXVEqX71VC6nhClVyuqogFTai1sQyITGg6tdYJFWZlWm6pJ6Xqi+TgWmTKmN1MtnlGYKApmIRMXIYmWszKpINVDqRdVTu3NKmN6+YTMVldo8pd17AIFMRLzU2lq5VavHyqje5FQvoqYO4JT2TdnoEVfKhVKf4n7Nkcw6swWBjEVcp+6cEG5X9CpZxf3VHyjVj0o9B1Tq9FvJKWPKi6ldRQWjDKdjp1chkLGNh2CBK9NK28I21RuMqtz8laQODdXTqd09lZiSaiqVUgsp4cl2bYPkMU0YAhnzsFOZntfcLzrlrdIqFVZvqryjOrJUf6iSU7vRaytlVZQbpTy9d3YNAhn7MLaWV6yVlVfbqlhVJakXBNWz3Ss6Ja1ezpRWUoYUAxU4LgrZFDMNgYxFpNNWPJ8FsxisjRVVVms0+LrdVXXWVLH1OxpUuZ6KTulYr8iUNXjnkFHayLWIcppwpCGT6lf0GqYNYqSVWEWNYIkqGf91SXXW1NGgutq9zCnrnHKmqJTySkqI2jpDjqxDIGMf62y2zTKuVmUlXVaLKuuqOqXKrd9hoPo1fG2nt7lTUk6jU6TFS4spU7op6kT79EjODAQy7rFOZhEt5sqs0rI6S1rAUamo4uavKHXExq8Dqn89peU0ip1iplSpVUgpUMllDOUOBDIhibFwtxQsL63EKqU6FY1aRZVI9a+pQ0P16qDaTnH31Gr14kHeLdIxJUpZJUVIGU++Y/NeiUAg4xb79JXUYq2suCKs2CrprkpUXVJ9uqlDQ5UKqsspqaZzs7jNi4spU7pOiigpn0Em70MgYxovtoTrDNeKraKyilvAQvtXlurfTR0Nquj0Cu+eWuWUMUUtXqLUqqMST7J32yR3IZCxzzaLIJdppbWVWt3cFKhyqXhI6YosdWSoXk5vejrd2lhDDtEmP326srK09AxnefkezgLLE5YfrfwOAhnj8BPZOrOtM30Bn/bLOM+eLS2trKw8JZYjaxtbnlJv+kodEqrQ8HU7pYNIG5EXzzMQCMQ3z19EWE/VU6rXeNIoUJ0dVNHp6sbaix0IBBKYF2us+cv7qc5u6nmh4oLq7KBev86c4sHeyHM4DBBIcJ5H8PAvk0qv0kjdVFJSh4fq7qHihi8uqNecTsPbCQgE8pFsh11Sb5OvkvPGr9xLHXbI1274yk6j1Gk4vAhQIRBn3p6ivBVm3F0Mh6nUqFOq3fgdYuDXAVUeSbI6qLdu3Xrw4MHW6sbj8OLm07iVRK/e1PVmvZeIQyCXN4nTV2dnZ6/Pzl6dcgorm4vhxxurWwgO/uSv0E0VxpNGhSr2UOnPI1lOUcN3ljoNrVhb1ylpLKUOHCzIZVUajx+dvWY5O9qxoIao1Fn63Tcilf6Qkl8v9bthLqI6C6rd8GX1NBRaYltSKWs85QocMMglzc4r7hTlFZO6FArxmhqNssavo6QOcynVeW1GGklCBZU6nXowR51Oh9afJUk6glMktZOEQC5h4vHTMxHq66M4mf9sfX2aSp2bm2JSKVRb6jBXaJwtX1dBffiQOMUDSYuLyOkMhRpH7d4ia/uWiuj/OBwz3+RLPgvqNf9ln2UbOloCDs/5kjkiUH9+9+5nmlMye3kGSV1cpANKU1F2NdWvpA4NlXxrRhhJIt9sQ05nyYDvdCg0E1tO4exhoJkCdlrIYLB7KYhf8iWfBfWa37KuSadZ9NY2UqlMvVxuJdHb3tQbuVSqU9D7eedKimW9WR10GxLVpl4uGYaWgMNzniSTv7x/haS+Kx4fN/7+V5z/JPGC5dhMKDRNhn5n8TWah7Sk2lK/JSV1FKh2y5d/Jon82iDqoM5uYaeb2CmDWqdEC+yPptXhoF0g1HjWoDd0M5GIp1K1kmk29lOm3k2cZBOpYi2TKx/KL9XvmpnD3IDbkCw0KxmjmwSow8R+e3P8zU98ePnLX87eHf/05s1Px3/7I8q/3+L592JY6iaWujWLuqnk1wmlzyeJbd8hoV4VoeIvt1kFdQt/9xQ5fTQTu3NPxWlinL9HSJlTralC/JIvqWquVM5Wk2ha1NtdtVdsZ6uqWq+hZbV2u4UW5BvlRk9VD4vt9i7qWGT7xu6uaur0FfpoSbeh5ov4re8ZuqmqrZq4ioreoTfSfEVsetAv1+snZBvMQjl7QB7V0w0y7ej5frlgqkaz0m+q5m67XEd3+vtZvY42tHEoPgdSaVfojb12zpr3r/cv3x+dFZFTJPWfBOoRnn/vTmzmEZKKv6O6ZZXUa+TzSTbUq6NDlT/kS3qo5MpMeI10UGN3Igtk+3TaPS3s7FCnmg7HMQiqWc6nOs19JO8kY5hqp6MeIisYqpZPmYhupX2YquiHaulAzRyqGQ1BOjhAkLLlYoXe7ehqrY5ebbfa66PJfkFcRcu6x1fEpj30unmNQi214p12T3y4odV3MoWWauilTgYtz2TQvw6G1koY5WYnhR9lPwdiSeVgKdSXH/58/Ibk+E9YKoG6EEFS11Hjdy1MrtHQXqpcUs8NlX0o6Rr5iSRcUFdRQcVOZ+7MRxbSOG6oaYhf8qV0voGmJw38n5V+Ll2vpfN9dHO3im+iaS3dKuXQjR3NoA8y4zsnumFqZjptaJlWC82q17r4RfJFcRXomelOu91OWiuypuR1myd4Gzr4VVp18vAWfZqB17NfQNMOWQF6ES1DZhbQ8/aa4nMg6B1pV9LpCv7DQqC+zMtQ8YKFyDyVikrqKiupD3FJtT+eNCxU8WO+/NoM+VkHsaBuTocexWLz8/cp1KbGOqm86QtHMQhqdRcf5iydptPdQrGoVwjUIoVaOEDTWj2d2m8WczZUnGJexXc7mlqtkwdXMO79El6G3nz8xHQLvW7cqGhJaUVoSl63QKDmNCS5vGs9nEKNk80j01wZzUloBrmDn4fWIzwHkiZIRafpNIH632Ox6XuK5z+5H5mPxR6F8G+f2SWV/tgDv0JzVeqlDvajZhJUcg2VtnxJQeUN3/nI9hMFp+UcTGopEL/kS0q+gaYnJeUET5Wcfqgo7YpSr+Flyh92q8puDc0nf9J5fSeuGfbTG12luaco3abSLaK7za6pZ9ARkN7xbtlEfzta0lqRNSUv2TjB6+noCf5w3SRTQ0uSzSNTVFHxS8TJncKBolT64nMgOBVNq4j31Q8I6sv/0cGkf9DBJDz/ybZVUlHj1yqp1x2fI7zqGE7y1uoH1fp627Xv8bdQrYIaCpGG7/bdH63tlS/PVOAYBkFFXUbVaOYVQ88nTaOXTSp7GoeqIKioj5qulDtKLoFwZJRyT0nv7yuHuXjioG0qVTzqW1V2yv9n7+x/msrSOJ7VdRNHRUGmlPLaFtwOsyJ0KaMyTvwNBH674vDiVPH2lZa+CFQYHAFHl03WDBFcmEQEX+KaMf6yOzFORv1lo8mYTOKu62gmZp1k/5I95znn3t7bF8rtCzD2+RJ76L3ctPaeT5/zPOc5z5k97gyc7HaN9F4NiMqXOOEaDZ78NOj4THohqZ3vv9Q97wBQu4kPesIH3wCnBsifT4qEzc84qKQl53tP+iPsCQdVcQ2K9fyYnv72S0Yq0f8op5+/gcPWYkpqaSnEk8Ck0pWp27bIK8gzAXWTDKoylEQ8VG5QycD3iNlqp+qOTXjotqOSyTlot18dCJydIx9ScNQ7PX/cvzAw4hLtkRE4Z48MkT86GxgN2u1T09NnZ+32mf5pXyRiF0cD065LdvvxqUBg6hS5ms6j2u0+l3fhW/Vr0IlR74K/W34hqR1amI64voXXmfQHAvRyopMjC96Ay+5znIK3By093z91kj1xzZFXW1Bdg0qgYzD2JaPfX355+QpAfQjHreYjdPDLTGo9JBKqTWqiCZrVgcomZ6SYL4x8aTZ+ueyhEoNqbDVb2BuMTSHEW6ZRffDQx772TvDnq7tKswZm4w5183+oTO8jJ/XL/7z5nIWS4LDF3Gqkg1/JSy0vh4Wpqrhv3ASNNlClwg40zVdf+EFZncKgFpurbX1MojIpX+xDbUgdmxRP2ee9k/hJ5EzdbxmpzKC+OcWO2qrNxQqTWldGK/1CdlJ07JsOqGoXlY98C1iyA4SSmIdqNrdJoPYpl7nh7dqo8g2Qoes8fg45/C7sBpsKBvWVxGmfrc1s5l4qzKXu47Ue1GPfqJOqBVSW58u2WISsJDCo++p1VUVFskE1dRyT1BecogvHp4J9x1Co/FV399uXL1++evXqzUMZhRaTbFKLiqp09fuoSS3gaYR0hobl+6YPKtsLlWU7FBQW0rkZmo3PPFRiUE2deGNQqFj9e+nWw08Vz2tNxKRKXmqVjs7QFBbyqVS2Z2qaoP5W4aLKMd9CSMeHLF8KKjGobYZavCkoVAL1KUeWtYY2YlIZqDBDQ01qbNxXUZBFE6hStsN7POarZ6BCKIkZ1HYTgopCpVatwdTOTCqEk2ANDYx9YctUea1bBqBujqYPFrJJVDo3w0JJ1W0mQxPeBBQqlZoMJmJSIZwEMzQwlcrHvrAqVSOoivqDfBZVNfItB4NaBMtmSlrN1SZDJYKKQqVUc6XBVG1uLYFFNEVgUtVphNGZ1FSFk+LyB2UXdQvL84USLPW6vWwStcTYWt1uMFQ2401AoVYBqqG9ulWaSt2rq4eSLAzULbtUM6m/yQBUaXKmBkD9AzWoEEoyNB46qpC3y+0R3nF53F3eoyiUJh1oNLBwUgnLTtLV10QnaDIEdevWrcraDqxWkm5PEQW1AkAlI18VqA4hT+TAnofSCCqMfQmoFRTUoj06XjtJUechUV5+6jXjDFRYiiqvcCsrq+MlzdjIl4DacCD6ZtxC3siNXQ+lCdQGAiod+xoreJmzujLVBM3OnTti6nBnAipzUQmoJRDzNahAdQh5JLSpKC062FBZaYC4bwmAupclJ2UJVGUsqQBA1UEsibioxiMw8m2wHpT9UyGvhH4qSguo1gYY+x4xEieVFuPW6QDUgphokmZQNyWIJZWX1dBaSRBLMhab29WgduUXqF3Y+VDaQK00tdN8X0hOIk5qTVl5gmjSpnRBlRN99awIi+yimtsoqJaDeeihopeK0gqqhYLaZmYTNAzUfeUf6PXRdN90QaVr3HhZM17cQZk/CC5qZaMC1PziVPBg50OtXp9YGhq5k6rMItTrFU6qXOUhDVAVZc30UC2piuUPGjmoVlu+gipg50NpANVm5aAaWRZhFdT3VYC6OUug6vVyukOpwkW1fYKgolCrABUmaMBJLZVTHrIL6rZtPJZUV8/KD1ZUyC5qR1JQHXNBUQzOORBUFOrjDoWTyooR1tfxaJK0rVvaoG7fvlNZLomD+nsCKlszXllptXR8nARUF8F0fpag6sonUINB7JOoxKBaAVQzT/dVgArbulFQt2sEVVHegYMKu6LSvaGq9rKMfDaLSlzUziSgukTRLwgLIpGC1DMTFxN2enI82alfF6g9PdgnUYlA7QQn1QTRJAC1iu4WVSgXDY1m+6qKPKQBKi+XRLdwq5ASfa222sSgOkTRKwiReQpq0JEBqNe/gmb8Zk9Pz1+/EK5PLF2964lpcq9LM/Rx5lJKUHsRVFRCUGslUIspqBBNorlJWQJ1cyyofNF4NJaUBNQ5ak+nRaa59EEdv3metXegHZt4fvr669vqZg1AHeohpM70DKFFRaUPqhRNqpCiScr5mc107XiGoPJtUXnQt5QGfVsZqJaOJKAGRfKw4HQGwaSqQL38YtL3/aJA2qXJZc8PoUnf89MA6tCtpZ8uCNL5sceXJq9eeLo06SOnbnCMz333hSA8XVY3azHOnemZmemZEdCiotIFlUaTKKitNDepVF7pxjdKTQ9UubJZdKPxGFDN5naDobHB0lK7PyGo4jxrRyinohLUsYnl02M3rxE2Sbso/PMr4dzr2wDqg8XxHx9ckc7/+cHfheHFMWpJxx5/c2bCR0a55OAVQXjy9SNVc3pNSO2N4TQO1GCPLIwooWK0v7bF0tBoMEDhpESg7pJBVVVjyRjUagDVlhRUqlm/4IiMjM6rQAUzSB6gVYx7z0ycjx6n7eu7hEAAlXqh90+P/+3WjZ8plU++fqJq1gbUnt7UoPbyHwQVFQ+qDUCtzi6om2RQFeUd6giobJtxI6vuYLV1JgE1yLzTQYBWNfQFo3j59W1ohfH/hsWQ76LkoxJApfPC9Re+Z1fGmG/K9PTao/WyqKsd+qKPikoCKg37QpUHI9t8nIBapy7yICX7Zg6qbk8UVB70bdqfJJgEmiK/+tXBJLVFffTdBdmiXlRZVHJyeGJZDeryevmoqw4moY+KSgxqkxz2NRoZqLTIQ+agbt0qg8ryHXgdFpqSvzs6jZoMVAdg6jorCN6Y6ZmxO1Efdfzoz8QoPlJZVOn88KIwfnN5/M6yh/ioF4b/QYa+r8nFNM4b02yk6Rm0qKhUoB4p2Q1p+awaC894kEBl1VgyA3UfgCqV9IWgb1JQacKDOAr2NDbhYfieIup75t4l8dkLJajS+XO3oPnhlu/8mYkblyeWln76xkMv8t2NbTZQwgNaVFRSUC0NUsYDzM+wraKyCipfjVovg1rMQe1ICiqkEM7OZ5hCuJFLGia8H5hCiEoGagcHtVgGtZ6B+mGGoG6PB7VKBrU9FaiYlI9CxYPaLoNaxUDVK0Ddnh6oO5KBaoyC2pwUVFzmhkLJoDZHQTUmA3VHuqDuTAAq3cFYkZiEoKJQmkBtNfL9jKFavgLUnVkCtUYJKluN2tIkgxrIN1AD2PtQGkBtapFXpFZAxgMBtSa3oPLKZo1WJajefAMV64WiVq/DFFRro4EtHc8+qIrSZgTUPTKo1QCqTQGqI99AdWDvQ2kC1QagVsug7lGC+t6uDEHdogL1fQlUk4GBeugwfyeefAMVyxCiNIB6iIFqMEmgvp9rUP+YENS8M6hoUlEbDFTCqQrUiiionRKoXiEPhV4qSgOonVFQK9Sgfvi7HIEKGYQM1AOH89Seok1FadBHB2RQWdWk3IBaoI8HtZKDGvA63EKeyu1Aq4rSAGplAlALsgoq3SEqFlQLgCqgUKgUAlAtcaCW8TqEWQW1Lg7UjtqmAx/hTUChVgFqbUccqHW5AVVXhaCiUNkCle46niNQ1eW3EVQUKk1QaQnu3IK6eyOA6nG7u1CorMvt9qwFqLvXBtTidQbVgx0KlTt5cgxq8RqD2rBOoCKmqF8dqgzUhnUCtaW2ee1BRU5R60Sqe3DIKYrOoUF3GqA20xLceQQqcopaH1Ld/jDfTEkM+90IKnKK2oikup2iQk43grqisAehciKvNyb8G8spM6dDg4NDzKi63wVQ3U7nyu97YGAFf93tp57AFPkkRlY0qN6IMxRyRrzYy1AZy+VSP3d4EtlTP/3dn4ZN3Zigkv9VKlBdyUkd5K5AeHBEXMmgusKhoUhkKBRWfsTDf/pLsltBT61wGpXXmp2NPaLqeAzOMHsSjkIbJ3/i4xsSVMppiq8bT3JSB0VxZFoQpumOjeIKBtUVck7TdtoZGswYVMeTa/y3H8NEd8lfPw7PP1uMb1HvpEZDodEVvFQ+8J1jz+ZWGPzGd9oNC+oqOF2BVPKRDEY/jtiTinFv2EkeQyHy4Ax7MwX1/h0OquPx8/7+fm/X/cffn/3XvbuO2Ba79LupEadz5P/s3ftPWlkCwPE/8i7NJvvLNKLFVmd5iEiutZFoNWNkwIGKDKyIiIKPauNjUFsfsdhWqo2JiTYx6Z+y59wXYGH70O706vfzwxyp14tO+HrOfaiO5kepnfoib0x/NFbztwrtO6N+VafNS+1oMQ5MG82oNaF2u4fMUIfc3fWhdi2Ujs4KYsyWjuIDjvy0eBg2Qt2cPrq3mbK2WauUxONPs0dHR4muhRMRZEHbz/67AYcjvxy+OvKSvn16e3q63W1t7o6ent4mofqMk73yzylpf1dJO7Fk62PUr+y0aamtLUPVTluaH6K2+qpv+1rrQl2bjRfGs3sDcuxpSzkyHfc/nKeNUPeKQ5XSlLXN9l7x14cvHGu7adlu0dm18GxsTCxxtSZFnVdHXta3jTh0En5vb/9djvrh1GcHqdalmY7x8Q7rEo2tQ62/2tToNFKNh43W+F93cUafRbUZVcyudaH2fZySb6S10VisHs6n9FATTlHlpLXN9l7B4XTqoWrfRj/03n94+jb1RobZdVq4OvLCvn0XZlrNFVm3u7W98dmkloZsvfT9CULd3pMT32xCHx2Oy+l/3TsyQxUrY1mluc1aViyAa0LViOmTUO/SAarbXzNcL1TbnEy6qaWv3JWv40tLXz3UK0vfK6HmP06mqjPqlVCdjg8LpUSqPtQGS16WvreY0+cWM2m729f0+ow+/Xj8Pe2K0t7p9zRf+t69k0nyMNX/XSeTMsayVhsdjoP4Y4dz9kqo5jbaBuJw9uqMysmkOzWljjl6ehxj/qZnfbWTSf4H1SnE/ieTbu7yTGdLS/t3XZ5xZuMvzJNJvW3h7b1Bx2XpSqjmNpmO+79m42HHbDz8D3kyab+jd+jD6YnTWZGXYz4feVHfRq0+v9vtr1mYNbo8U9elr9nlGTvdmXQjNzyM+xv8n/jKGx60yzIF/RJMfGAte+/exstEfajmNvmtI23TzNZR4pM86/tyzDNWTHHDw506neR2e7q7PW533d2oV2946K99JfY3u+HBTncmXfMWwh7rFsIGe64t1byFsLPpsYecAL/ld7Y49Q+pedx4xK3S6faJ7/lDvrqbkx58dgthZ/0M2/gWQhvdmXQjN+V7/mj4I3/clI+b12Z8q+9sazKhGjfl99fMp80WjbaaUX8gfqcZ/i8a/pibp398aGi833NrfsyNHxyHzfGD45QKG3bKr2KhVNihU365GaXiJzs+/RG/LvTuhUqq+BumU0L9rlT5kxb4IZPpD/uTFnczVMBWCBUgVEIFCBUgVEIFCNUK9T6AL2BGBZhRCRUgVIBQCRUgVEIFCBUgVEIFCBUAoQKESqjAXQs182Te27Ww9/grvxj18vw37Y389PMG7w5k92b+9w6CLz+Gbvr/sDo37+V1htsTav5pOV5wdWWTx29Txj/tv1/0Bmcn6kLNnJfnw+I/SwOKWhlNpGqbyI9qoboyERHqxY6e5b65x+D68ZdCPdi5fqjBSvU7y5BotDLp4nWGWzSjDien5OtcxGn905x4+1V9qGIzUWPfqJwzA3+t1M+ZEX1GVVfFe9fLIfNf5/VUhne+EKrY7bVDVfO71iccWI7xEsMdDVVsEBMpLolGhyeV5qG+yg3+HaEqLusTVueWCBW3OtRLz1Z8oCbUbY/7l6Kx3XpuRjSQE0m9HlQCC56tjZQ4Kk1kd0JaqNEnnj9Lz2uyrAm18LSc8Iot/r2ViInlc9obzMbD5pNpoRaf5jbCYoH9bvqfRXPInycORo/17NXKs2nx/MGXnpLYTh8yT+JtkdyI+XVYoW6Xci1FeZy9fxrvPM+lu3bLiyvmToMLz0pLK7wCYedQxVSpzZlmqMPxFXHMGTKnvbQSnRZr38C7FXV3RJtiM5GJ/tMBGWrgaUiJyoVxn3moWA01mQgf7Awqc/MuOXX2jYrnOwhZT6bt+qwjm5z3Rpe94vvBoDHsRyaKXe/1c0J9G1719YzyWjxJ5LlLH9bmjt9+mrMm/uoS4FDMqPI4u2tXbHCY23zxZnREMXb6Ki0/f16BsGGocbeQXPSqu2c+3/SjsBmqtpS11sTB1aXYxYkIQxSmTZsXuZC6KmOUob4SyWnbR/+KNVj6RkWdlaI2iI/xBmXrxpOZS9/D45n1uM93+p+QMWi7O9SXscM7Rdd+Kvpx0/fH9Ma+PsQOxXNW19X1oWpfw7rYQO47+D6tmPueGFA+sDKGnWfUQCRUd4waiKTlAyMAlzj6zM5cJENi5bt+/Fjm9ZvWkgxVlR+iPQose5uEqkRfjsnh1fFM34liPZkZ6vBOaC6tP326esh7qM+5wd2yWCYbs7U5aX9DqM/NnWYi5Y0wL0DYO1R5Ukj1mqFG5eUW5XBixczpbNkbjZwtxxTtikt0dKQa6qp2qknOwG1Kk1C3H4WjEdlrZESsYq0nq4Y6o137VB3GUBuqvCaUC/Vpy/AHxuD6tlD1nSqB2eQEpcLOoaqr8rV++bi69NVe8c+NC5LqanlEPCynjY/p+zhoharMiXT1R0qTUOVWWqhijt6U06/xZGaoYvF8KE9VvRk0MxiakwAAFllJREFUhtpQM2F5VBodFbUF/fv64P2mUI2d5lcUecQK2DPUgDwUvUhOvH0y6bJOJl2Id0W3Bq3zqnIe1cqQx6vKesJrhpoWe1lMZSKLYWV7b6ZhqCOByGJvNpl+YT6j+WRaqFNK8OmUGHObCxsxY6gNdTgh5vm0OleO+6enjKHp0lcch774LFRjp6/lM4XU2QT3LcFWoVp3JuXepuT6MhETU85xMXNenowpB6U/3QXrs5YnTo27CaK7v7g3Y+ql2NKlVpJLA8qB+NDzswHrziTrXqfobjlxP5tcDFeSE4X3cbHsDD55bCxmEzFjXVt61CIvA70pleUG2qBuj04U8pHciVc/4zW2vKIEZ5M50bY+ZMT79sXO9buk8ue5TWNJ21eaCOtfQ+5kfLacCFfEnox9r+fOPCfe4C43GMJmM2rVT3bPnes627h+3q8LhMpPzwCEChAqoQKESqgAoQKESqgAoQIgVIBQCRUgVIBQCRUgVEIFCBUgVEIFCJVQAUIFCJVQAUIFQKgAoRIqQKgAoRIqQKiEChAqQKiEChAqAEIFCJVQAUIFCJVQAUIlVIBQAUIlVIBQCRUgVIBQCRUgVACEChAqoQKEChAqoQKESqgAoQKESqgAoQIgVIBQCRUgVIBQCRUgVEIFCBUgVEIFCJVQAUIFCJVQAUIFQKgAoRIqQKgAoRIqQKiEChAqQKiEChAqAEIFCJVQAUIFCJVQAUIlVIBQAUIlVIBQCRUgVIBQCRUgVACEChAqoQKEChAqoQKESqgAoQKESqgAoQIgVIBQCRUgVIBQCRUgVEIFCBUgVEIFCJVQAUIFCJVQAUIFQKgAoRIqQKgAoRIqQKiEChAqQKiEChAqAEIFCJVQAUIFCJVQAUIlVIBQAUIlVIBQCRUgVIBQCRUgVACEChAqoQKEChAqoQKESqgAoQKESqgAoQIgVIBQCRUgVACEChAqoQKEChAqoQKESqgAoQKESqgAoQIgVIBQCRUgVIBQCRUgVEIFCBX/Ze9etKI4EgAMb2L0KF6BgCiXiDACRoHADHJVIGQFZdn3f5vtqurq7gGSGWDIhnO+n0egv1OXrq4RqKBKoEoCVQIVVAlUSaBKoIIqgSqBCqoEKqgSqBKooEqgSgJVAhVUCVQJVFAlUEGVQJVABVUCVRKoEqigSqBKAlUCFVQJVAlUUCVQQZVAlUAFVQJVEqgSqKBKoEqggiqBCqoEqgQqqBKokkCVQAVVAlUSqBKooEqgSqCCKoEKqgSqBCqoEqiSQJVABVUCVQIVVAlUUCVQJVBBlUCVBKoEKqgSqJJAlUAFVQJVAhVUCVRQJVAlUEGVQJUEqgQqqBKoEqigSqCCKoEqgQqqBKp/ggSqBCqoEqiSQJVABVUCVQIVVAlUUCVQJVBBlUCVBKoEKqgSqBKooEqggiqBKoEKqgQqqBKoEqigSqBKAlUCFVQJVAlUUCVQQZVAlUAFVQJVEqgSqKBKoEqggiqBCqoEqgQqqBKooEqgSqCCKoEqCVQJVFAlUCVQQZVABVUCVQIVVAlUSaBKoIIqgSqBCqoEKqgSqBKooEqggiqBKoEKqgSqJFAlUEGVQJVABVUCFVQJVAlUUCVQJYEqgQqqBKoEKqgSqKBKoEqggiqBCqoEqgQqqBKokkCVQAVVAlUCFVQJVFAlUCVQQZVAlQSqBCqoEqgSqKBKoIIqgSqBCqoEKqgSqBKooEqgSgJVAhVUCVQJVFAlUEGVQJVABVUCVdI/E+r3VhtUqR+o7db3/xPU30CVrgL1t78Z6gmo0nWhnvw9UNdBlW4Gdf2Wof4yNgaqdHOoY2O/3BrU5XegSoOC+m75dqDOX4DaOW1v7fsnSH1APe1cgDo/eKgTS1MXoK6BKvUPde0C1KmpiYFCLaRegPoaVOlqUF9fAvXX24M6+7WCugeq1LP9vQrq19lbgvr4QTfU0RrqDqhSf1B3aqij3VAfPL4NqK9Alf5xUIe6oI5kqMdvE9SNTf8EqSfUjQT17XGGOjJQqPdeNEfU8QrqXIS6CKrUL9TFCHWugjrehPri3uChTieo4Ts3UKU+2gxQV2dmItTp24W60oT6rfzODVSpH6jlV27fItRXCerKgKA+vQTqhwD1Z1Cl60H9OUD9UEJdakB9el2oT/4M6ssaahtUqTfUdg315Z9BfXI9qI8uQn1XQX0DqnR1qG8qqO8S1GcNqI9uCPVBgvq+gnpSQu2AKvUHtVNCPamgvk9QHwwY6mSEuvBqdLQ+lQ+q1CfU6kz+aLjgIUCdvDnUH3+soN6PUIeXAtR4xcPoy1lQpetBnZ0djRc8BKhLwxHq/QpqAW8AUJfHa6jH6VR+C1SpN9RWOpN/XEB9maCOLw8A6k8V1KGhAPXXZwXU+QJqeTRp7s23AupqZwdUqR+oO53VAuq3EurYSAF1voAa9pLSxzMl1J8GC3WugBqv4N71T5B6tZuu3379bW6QUH/4oYJ673Ko+WhSB1SpH6id6mDSpVDvVVALfteEWr5InVyJUBtHk8JuEqhSP1DjXlJ9MKmAujJZnXe4IdTn56HGo0nr1V35oEpXgRrPO6zng0mT1XmHofKo7wCgDk+tvF+ur+Cei1AXTz/7J0g9oZ4uRqhz9fXby+9XyjsIrwv1YYb6JEN9UN3s+3Fk4dWr6bibVEhdW+yAKvWG2llcm5l5G/eSAtSRj9WtvuG8w1CA+iRDfXhFqI8C1BcF1MdNqGMF1PpDN1Cl3n1u7CVNh4/cGlAfP46bvs/jkfybQI1z34mJvO37IWz7VotUUKU+oOYl6uzLvJc039hLGhzUsJs0/7760O0knE2aKea+2/4JUq+2w8w3nEs6qT5yez9IqF3Xm02uNH55Md/GAqrUB9Qw8z2e+9r4zcWVLqjPrwu13PZ9EU/7ll+kzodj+enIQ36TCqrUG2r1FjXdFfrx3fh8/mw8nPR9kTd9rw21cSx/ajJBjYvU/KXbln+C1B/UYuZ7EpeoEWre9L1f35h0dajxk9QKatj2DYcIV8bDIjW8SZ3NNxGCKvVsK99AOBteziwUS9TxlXCA8Fmc+dZQw0nfq0N99PR512X5cZE6Eua+09XcF1SpN9Rq5ht/d2bkkiXq00eDgxrmvgXUD+tp7hu+Sd3zT5B6Q43fop6EJWox8x0JM99BQC1vY3laHiK8n29jmR8Pb1IX1ken48fjxZDa9k+QerUR9nzD7Q7To+sL4S1qWKIu5SVqPEBYQv3hylDP7ybFRepyXqTm7SRQpb6gxq2keNC3PJEfl6jde0k3hfo4fZI6NRmhhrlvHlJb/glSr1r1gPohLlGXJ6emhssT+deGWl6blC/Lz0cehsubCMPcN/6ccdhOAlXqB2o657u+vrAwUt5AmKEO5Wvy6wuTekHtuo0lX5Y/lH52vICaPx5PZx7ikAqq1BtqGlDTaYfyo/EEtXA6lK/JP3cPy5WglrtJXUPqWLmdFIbUGf8EqVd5QB0tBtSx8wNq+hj1+lCrRWr33Lc5pM4dv/VPkHr19niuOaBemPk+v+xms36g1pc8NI77Dud93/Tri/Fjt+O3M62Nra3t7c+7u5ubn758OTw8Ozo6OPi96I/Qf+v+c7F/S3eqrse3frbjs1488wcHR0dnh4dfvnza3Nzd/fx5e2trozUTJr7hsEP8vcW851vOfONB30uvd7gK1PgBzYv0JvXXiXJIHSmH1HI/KRz5Xet8P2219xLYQuz+p8JsgfbwKHQQ+r3qD+lOl5/k+GDHR/ww4Pzy6dN+8BmB7rXbp987a+GQb5r45gF1pBxQJ/JNofHTmetDbfyacTX3TZeGxjc0cUg9KSa/x1lqq9XeCFLj2FpSDVbPzo5qrk2w0t3sIBee67OzpDQxTePo9tZGu91KTuP3beFQUvwSNf3UeB5QmzPf5nGHfqE+7HqT2rg4aWlqvrFKLSe/r2eqMXVjr6a6uV9jPSyx5g6kO116joPRjDQozUz39tqt09ppnPg2VqjzU0v5uqR4U2jjLerD60J92rzmIbyhqYbU9TT5DVKLMXV1bbETpMYFazkBLqgWVpPWyLUYXc/OzpmV7lJnR/EhPsxEv4QnfH8/DaYF07gs3SicdhbXVrPTcuJbD6jntpJuADXf8tA19w2/FRV+J/VjeTwpfu6WpM4EqTutOKjGUTVYLQfWWmtNVrqj1U9ybTQgjUoLpnsF09ZOcDrTcFoeSgq/4raSfh3q/Mz3x3PHkvqFWi9S86vUZ/ENzXza+C13fmupvxVSi0G1GlW3k9WINWtNXhtopbvVpyy0MhqRJqVpNA3DaSdc5NvtNO4kxQF1qv4UtZr5XjyRfzWoT7rmvmGVulKuUsvJ7+xcIfU4Sg2Dalipttsl1TywllpLsdIdr3qcdzPSzLTdjqvTctobnYY3qHniG1aoK1NTw13XmsXTDv1CzVovgfq8PEaYhtS0Sk1SX9VS00J1da3T+R4mwMUMeC+Pq5XWbrLSHa3xOH+uke7t7QWmO987nbXVtDy94LRaoeYv3NJL1Eug/uuvOr+d9Kg881B/QjPRPfldnw4vab5mqYHqYjGq7pxGqxFrGlqz2MQ2/El3rvjoNkpPdvGQF0rTYFowXVyMTEunX09mZ6en17snvnlAjR/ONGa+f30evwfUejspD6lh8tsttVyoJqpr0WqrlbAmrRXXbrLSHax6krdKoxFpqxWVrpVM07T3a/gItXYad5LKAbVrz/dmUGupQ0PnhtS4TB37sP6/9u5GKcobCuM4UBwQqlMFZbFrUVyXDwELjM50vAC7TO//eprzlZzkzX4vOlmf/xXYIb85Sd5AWer7w7D9fTCqt3dE9QsdVz/y3RJr5fg/LEOLUFv9E+Ml/ZVvjz7SwfQLMb27NaYPwekh3SMFp2HfywdUHaj2m6h7yeniUDc9VBup/DyJ/jc0SSp/pQlSdf+r10pq9dt/IRmu1FevFqE2Y5xSEBr6Zkp5mBJTHqfi9MA5vaRfGJf/fXExULem/854/bfH41/3jZ9S4/Mk2vze8K+Qm1Td/r57ODWqtAW+ow82QWviGsUi1HYfjSgZ/RKM0pY3Mn14x9te7/TlMDjljW98lJTufP1f9J0fqo5UL/VTlPrapF6JVHr4G6iGqSpWb28JK2s9Pzew0n/OLULNxAtXF7ECPT8Xo3/TeiekQWmYpjROmelbue9lp3pAjTdJ/tuM2/nODXUzQY3fUuk+SY6pUerZ8fGBUD3kqRqs2hZYJitrZa5GFqGWs7V8J0Z1kialNE3ldHpwcHx8dmZO9cbX3yQlqJsLQh0/UuWYyjOV736DVLr9fUuP9ANV2QHLXGWsxJW9mtnUOUJNlK9bW823SpSRklLZ8zJTuUVipy9fnsg85QPq8ykDdVaofu/LX2j0HWFdKl0pnV0FqTxVw1lVxuoDjVXTal7VLEKN95frjRk9pYteHqYjZnoQdr3HV+T02pxeFE719WD2l7d3d+aEGv8gSxqp+hvkYfNrUuWNUjioeqo6V0utGViEGk/XtBAlozJLD0ejoyNmSk5fyXukOE/5ywy/SSoGavH3B+eCantfe55kN79RKn1PHV7LUA1U5axKrwpHPFj5dukh9K+Kld4g1HCnrgA0xER5lI7oBonPpkGpjtPr4fD1zUCd9vTLTDyhPq3vfCdD9c993R/iTvdJhVS5UgpDVfe/OlblEpisMlYerg8G1jpFqNFo/cqKfqdGP3zPlQpTukQK294hXSONcZpOqB7qxvTGnVL9MdVJ5Q+qJzxU5VaJqIrVgJW5klcjy2gRarwPqe+82VWkrFSY0l0vjdMT+XxacWpvHSon1Lmhus0vH1MLqRdB6iCjyodVsyrbYOYavcY+INRutIRV6IjvjpJSvUJKTMO2l76fZk7/cE6zgbowVH+fJCPVS5WhemP3v0w1s8pahet7Q0tsEWqxkY8X9JEYTUojU9r03ug4vbB7JHIab3zTTdJSULOR2pGatr8DpSqHVbXKe+CoVcEeFWoRajRbzW/VqO54RSkdTZXpwLa9gWnNaeWEOjvUqtRnXan8nLBCVbAKV6ogi9A6pDzv75XolYzSLlN5jlQ6fTbW6YJQO1L3ktTnvV5BlawqVtHKt8Eq1tAi1HD3LiUajCpSUpoz7fUmO10BVBupekztSKWhmk/V3CppVa5RrO8eodZKy1eW9Zka9UrzacpMO07lgJoP1Hmh1u6TSqk51Ys+PVVSq7QHJqymVcUmsgg13pn2KhqlS96AVJTyQ6T+RcZ03x4kRafVm6SFoJLUzbpUGqpx/ytU6bHS4PLyUrQOebgyWO0VQmuSW9bXMkbFaFj+A36GZEx116vjtOt0s7PxnQlqpLo7aabqlVIcqkRVx6pZJazClbwGsBlZhBqPVvSJCY2DlJUK0xc8Tf04le+nY+fp7jxMO1D9MTWT6oaqULWxGrFGrgpWO0Go4YZFr5WoQxqHqTKVcdp1Wj2gzgm1s/lNUm3766k6q4Y1aBWuwetNJJs1RKi9dPXysr5UooPPhtSUytnUMZVtb8fpYhvfBLWYqdulVB2qJVXZAzPWoDVwJa8K1neDUGN1V/GAhQaiarQvTwXjMM2Ylk63q/N0BVBzqWn/S1SjVYf1Qv/xf3KfpQFCjadLWdZ1vx+NGlKn1A6nwrScp0tBrUtNu98KVbH6KVplrEGrcI1g+xlchFqs342JqtGo9FNUaodTx7S7753faQWqSt3OpArVPU9VrQpW0Upck9iyPkJtJgtYVncvGVWkbpiGabqnTL3T7cLpMlAnSHVDtbBqWFXr857vBUJrUa8sGWWkaZiGaerG6XSns0OdPFPTUFWqvyWqwWqONXmtqEWo9WRZu+WuSFVpPJsy02zbu/Q8nTpTRWpBla3mWDOuNbUINVt3beuiT0jTMM2YTna6PFQnNadasUpYTWsVLELrUlrn+w5pprRg2nW6KFQntZipxVD1VKPVPfu37u/nYLPwE0btmsySdf7kiUMalUamnXFanadzOq1DjUM1Ua1YVayJayK7P1EuQk2ULeYnRXuCtK5UmZbjdAmoY3a/XmpONVllrFFr7hWh9c2MKlJVmjOd4nRjYwmos1A1q4a1w9WHHylaL54lUUZqSmdnuhDUiVJLqmOwmtcJaBFqt7S6/ZqvIM2ZrtTpeKk51a5Vxppz7bJFqO1q61tW/rOq0jrTFTidJpWpFlYZq2g1r3WxCK1PttJ14f+eIU1KhenqnU6Q6qmWVgVr5OrEIrSOpZWuS/9pTWmN6Yqc5lILql2rHmvkmpNFaP1ySz0jsDVFacZ0KaeTpSrVzGqOtWsWobWrtua3ukpLpqt0WkjtUM2tRq1Vrgj9Cm1lRscqzZku7bSU2qVqViPWqBVg0S8I1Bk1pF2lBdMVOJ2FarTqtGZei/BDRWtCssgt/2Ri98cwnY1qpjXzOpUtQu3WXeneQV3KYzHtSh1DtdBaBYvQelYs/bFEdh7RaYXqBKxdr9Xwo0WNY6w2yUVX0cbqm4/qXGYRaruZKPwQplWpM2tF6JeubmfjsdrZAVaEVoH0EZlOtAqtCM1q9LGVTrMKrwhNFvqjlM5iFWQReP58pXNpRQj9NKPQilArRgEWoVaAAixCDQGFWQSdCCGEEEIIIYQQQgghhBBCCCGEEEIo9j+4dZHiGlf06wAAAABJRU5ErkJggg==" alt="hello world in browser"></p> </li> <li> <p>Refresh the page.</p> <p>The number should increment.</p> <div class="highlight"><pre class="highlight" data-language="">Hello World! I have been seen 2 times.
+</pre></div>  <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA6gAAAJuCAMAAACKWd8HAAAACXBIWXMAAA7EAAAOxAGVKw4bAAACuFBMVEVHcEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5P0UvNDkKCgr////e4ebx8/QxNjs5P0U6QEY4PUMyNzw3PEI2O0EzOD00Oj8zOT41O0Da3OA7QUc4PkRfY2jv8fLFx8j39/h9gIRLT1VpbHCnqqvy//+usbS6vL7n6eqFiItiY2VCRkvj5OVkaGw8QEPMzc///9Xx8tV7fYD///Pg4eKUmJr+5KBxdXng/////uP+y0BywviPkZLZQzacnqK+wcIPnVjT1dfw06SOSSuM0P4+ie0nEzT3y4e5+f9VWV2f0fEGDjcWZLzM/v+KNwgKSaBHEBKQWFLa29lek9DF7PmZ4f0+hM5uVEEqBwrCbibb8flSneEHBA8mQW/+zXWTcHUILX4IHV6pXCL/+rvr7O3gkTlcsfWzhVtoJAd5q9b058P/68vx8+e0yuJVR0SUv94yYqqjg2/XqXGlTQleR3tCVG1+nMJKLS+1trpHWpKnaE4XkFKNb1ZDc7et6P3vuHKtdD/Jh0+9l3o3J1vo1sD4slp6apFsiqzro0Pgu5JzbWbG3uRtbqLCQDPYiGRuS2IqUUMoUJHrv0BXkvPZWzpsMS9ZOiJBZ5pdg5rPr0MncEo5pm92mVs+KE1mvZTf+7s+UT9fb28doj/DAAAAUnRSTlMAAwUKBA4SAQIGDAcQCBQJCxclUjooIDUWLRsaQEsjN15EPR1aMCIqMxgeEysxJFgfSBxHT04vYXZjZm1qcnl1VoV+iIGMnA87QlQ5cH+W6qk1q2LcaQAAIABJREFUeNrsnM1v28gZh7f52jZRvYm7kvwVB7YRO7ETI3Ea/wsbw4dkL7YglaJkURBFyBQkRYAhQ0BhSxaCoNBVF996co/OoSejufSYi4Ngd3votugf0nlnhuQMKSqS7HxIfh/EpswPkRT55PfOkNQ33yAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiA23yLIhQLtRBB0FgVFkGEXFg8FgnzdwuKnjyBft61dbdZvEeRC8ZXZinoiyFmU/bKW4tFBkG59/TKW4hFBkF5t/cya4oFAkP5k/VyedrWJv0GQoadPW7+4pt3s2xUEGTDO6uwnV7VrSVFGBCXu6OunVLUrTTsLeglBhpDOwnal6mfUtK2h/jv3OwQZYLrStqOtn0LVj2rqcRSVRC62vh5bP4OqH9HUJSkKiqCwsq1+rp6vqR01lSztoOgNBBliOuja0dVzNLWTp15L/ez8PYIMMX7Oel39VKb6a+qx1KuosyPfIcgQ41HWLau/q+djqq+ngqYuS0VFrf24jCBDjctYl6yOq21UPQ9TO3vqtdR21N/PmwgyJPgba9vqdfVTmOrnqaSpx1K3os6OXUeQIaO9tpasHlfbqnpWUzt56tK0raQd5LyKIEODJG0nWUVVz9HUXjTllrZXFA8lcnGUFXV1XO1a1bPkqY+nkqa2paKj4j78IBJAkAFGOpn9bBVdlVT9SKieh6hW69TW1GuprGhHL68hyGAjmyvb6ucqU9XVUu1b1LZ56mhqeypoSi31yMl2aAlBhhZZXFtax1VLVan+dYVqn6b65akcp1RTZinPUUFSSdARBBlS3MJasvJotVyVVfWYelZRfT0VNOWWOpLaigq7M8a4hSBDwZiIYKxHVu6qqGpHU88rT53GKdX05nVHU26p4KjHzfsIMhS0s9aylcvqqEpdBVVv2KqeR6Z24Slrm/LeI9tSkNQS1GXlJGXCzQqCDASeU3dSwHbX8dXlKrRXv2OqftTUM4jKPL0keco1tcP0mp2igqNcTtdOzyHIwNLGYEFXbiuthQVVr3NV5fJXMrVnUdt66jRPJU1pmkpRaklK9eS7tkh5xAghyIDDT2V2Xtv+klPeilYhWKmrbVS1G6p9m+ovquSpU/Reu2ZZylPUdpTp2X5n5xFk4OHaWr6CrTxeLVdJCSykqmTqOYnatu4VPaVVr60pS1IuKQgq6DgtsCwyiiADgXTaiuez4CwI68hKknVkxFGVN1XdmSpWv/2JKuep6Cnr6xU15QXvJHGUFbmWoraaeKSRYfVX9DXECmJiK3WVFMGSqrT/12OqO1P7E9VT93JPWePU0ZREqZ2kVFHHzqCLBQQZeKyz2XGW62olK22yulR1mypXv72I6lf4Op7etD2lXUhjt2jFy8KUW7os2kn26YHMOIIMOtbJLEoLunJXWaxO0Ap4jHUr8VCF8lc0tc/i1yWqf56yOB0DT0FTZqkVpExQyctVwl0EGRJWOba3TFg7WqmrTNVb0K0EHcDcVP9M7VnUdg1Ux1NonlpVL3TyrtCGKbWUJymRlOtJdumhxT0PYQQZNJzTl53W3FqwlYcrkRVcpc1VSVWPqT7N1J5FlQLV4ylN08kJqHkhTLmlCzRESXzKfrp39w6CDCjttCXCsnh9wJN1GWIVKmCn/nWZ6t9M7U9U0dPLdvPUilOuKal4qaU8Ry1BBSnXKd8jyMCzzhHMZbbybGWuLi8LqtqmQpfSZdnUvkVt5+mNtp6uLM4TD8kmP3s2Ozs1tQbMzDx58vjx49ucp5w/WvwBQQYY+0S2zmzrTCcn/ZMnM8Da2tTU7OzsM+pyeH5xxTY1IJh6w9fUHkUVCl+vp6wTafHHF8+TCIL48vzFj7yl2tbUdv1J/YjqbqCKns4tzr/YRBCkIy/mefnLTfU2U88qKgSqu4EaCHBPobM3/BwPA4J05nkYun+5qYGAp5lKI7V3Ub0tVCh8IVCvuj0NrW8gCPIR1kMeU2/SR8nt4ldupfba5esUvrKnY8zTUGgaRUUQFy8LbwgFYcz306EQM3XMbapT/PbQ8esSVe5JshqoIyMj9+/fX5lbfBSaXn62ZbGRNRqm2TCyG1sIcnHZePPq9HR///T01Rtbhdnl6dCjxbkVIg7Rh11OZc1UoT+pX1HFFir7eiTLU1L4TjBPg7MRTjOtcdLNCIJcVF4e7tscvuQjZ4PM1An27BvtUGJfpOTXSv22l4uo7kB1Cl+ep8HgFN+SUlGzKZbwcCEX1dNX+wKvuKlTwaCdqWNjvPh1RWovl1Ld12akniQSqAEIVLjRgXk6GlxYi1Ka3NMjZmoziiAXkc1/nYqi7h9G6Oi1hYVRZurkJNz3CzfoM1EdU3u5QuOufD2Bem2JegodSdPTxNNxJmqE1L1lXvumy+QngofMl0zaZ4Kx6z/ts2yDrm3g4TkbHw6hfbr/y/v3vzDeMFHHianT06xD6dYYv5rqF6k9i0qfmhF6kuiTbcTTCdrhOxoMjq+uxYAsCFqog6fbBRA2G0P8yKR9JuR2/aZVC2yYIB9tORZLGsViLUo+9oZZTsViet1sZTwrKZqNvW63YWOvYRbrOhEVD8+Z2Pr17Ssi6vvy8XH573979+7dT/+MwviZ1fFgcJR2/U7ANZolFqmOqZdopPYjqlP52vckgadLpIE6sQKeLoOnqzN0+wymKDG1znQ18Jj1LqrhJ2okobMXR4WtrUgsVksX9HI+VjCrG5nEVixdS6aKTfmtWtVCIZXqchui241sQa+SRN3Cw9M1zsfrvNp6e/Dr6en7459fv/75+C9/Jvyb/h/7ZBVMXQZTVyZIM5V+PaF0f5JY+/Yo6hVRVHi4LRBYooG6As+eEk8fjK8+fKwCDVr0Ekm5p1pDRfzIpFU1lS4m9qIwNCtVNVuuJPZU1dhVM/VapWKQCTuNYrmqKql0pZIjDYtES8/l1MIRe4dWVlV2ymqmDB99VT8qkGVr4iqyps5eKM6K2DDfKhpGnm6DflJM5OlMVTZ7VD/aaRW3dVVvlFoNVc9VikZB1Vv5hGmkyma5KSyDqKlKln/alRQfFf3w9uDt4WmaeEpMbYGoPx3ChMcPV8cfEFPhGdUVGqlLgcBVen+SI+qV/kWVb/KlLVR6ZSY0Txuoqw/Dt+kGmqx5Wt/crLMuJROPYydRC8WdmN7Iq7qZT+oFtdlUm0c6FVXLxPREVS1VUrGs2VTreTXZVJMaESlPZj9KFNNZ9mfTVGsGebeTvWyLDPLb4ipqJ/yFtSJrmK00YzsaEzVdi+jsXDP47LpmbCa3a2Q9aT2ppo1k4eQERm7oxYYeM7bFZRBykErCgPLh4ODg7T+OX1OO/2qLejtMTF0gxe98iF6jGaNPvMmRemZR+U1JV+lXJEGgzpFABU/H794L31YAk3X4WqJqmqkgfuykSRwqSixTVsg/i0RJMXaVnRZ5mdtTjBoMa4qRTpEXm5quKGpMUfTIy4ypF7QCeaklazCTUauW2Zs6xMiSSrNSqUStFVlDmKA08jC7Du9iGApbEUWH9eTrZNhU2PSmVqAjt3cVJdsQl0HIJ1IpKUoJfnFUkqgHB/+VRYUJt8P37o6DqSRS53ikQu0r3J7Uq6jibb72tRn6tQ5ioC6P0sI3fIeJ6i198Sh2EnXvBA5zgg0VpVpPp4+YqOBbblep58lwN6fE8g2iKhUViJOfdEY90kEhddegM5fgwyZ6EbY1DRZUjJyiRPSSFpVWRIb0fesZWE9KIyYXc3T2E0vUiKJk6myYKpIxG5pO/9gmy2Vb4jKIQiUVPVUUKup/jqXSF8Y/vUMidfVBEL77zIlU9mUP9hWaK1IrtbsvNZNEpddQSeVrBapd+N4Lrz+NAwb31OlMiiN+7KTjmTIZZvgwnjKb8XilFDd2YVr8T7ndeK5GxpNhPK7smJsRTXcWL1fjjWw8Xm3Eq2TmOLRRk+QI1MRVVIsF8rupRaUVkSF9y3IG1qMfbdizmwU61LUomavOhiQ94S0i9I/tfDxeaonLIHBwSppWkkaAqAf/EzuTXsL4p+vhe3bxa0VqwHUf4RVXd1J7W/1EtR5vu/oDPIVqBWow+H/2zvapqSuP47O6MuOKKISGAIlAQJdGhYSAaB9G3wnBV1d0xcaIc5OQhDyQBCgPBlYGxXXG4kxfKHadcWdfbaeOyy5bO7Wzq7ZqpzM77Yva8U237b7Yv2PP75xzb+4NeSBPgOb3nZFDcgM35t4Pv4fzO79DHN+DNX3VnfT9rZ6ewYuYDlQSMp73LAw5PMGJs2FPbPAs+QRlUIGm6NTiuSjhVzztWCQcBr2Oc6GQQxTPnA5NhR1zrnB4bM7xu0js7FDkgiMwf1qMiKr75fJY9MIZr/M96UTSGBv0kFNRUB0kBj3noX8BzrvGouGwSNh8j4NKRnL89IV/+tkDDqriZ1BU0aj68c9XGKlEPuD0988c58jTmuq+moPE+aX5JGpSYWXq8W3yCvJ8QN0ig8pSSfv3s+JBs5xJaugzauxUBE4XL3i4PEb+OeyoVJpw2R2LrshCiHxI0bHgVOysf9A1HYjafdNwzD7gnyYvWoiMee32+amphZjdHhqc8vh8dpG8OrBot5/1RSK+8+SnYR7VbvdcDg4Oqc9xZnrh4+Atv8POTySfcG5wynd5iJ4n7I/QHye6MH/r48hlu8dJfukQH+H4oO8CexAIkbPdUv0MKolOUd+XeL+//PL4J+r5rtDnNca+BjmfZKaFhGqTmmyCZm2gsskZKedLPV+oxq+XI9SDBNQeo429QY+i1NfpjHjwkqXXuXQHB06t4TcMDGR1IuUJXTG8AMXSwA9XmB7/lxrUJ+yDtxl7CKgHa6Uotb6eLkxV5X1XTdBkB6rU2AHK8XWVb9aZFAa12qi3DVDZxUi81jciDqA2p8LieXss6MEPokg6JTm/V5hBfXaePW/TG6sVJtVUB51+oTRf4fvmAqo6ROWebwUrdqCpJBahGo29NukteuLL3PA+2LTyuCLEpcbPoYioDlDvlxrUl084pwPHeo1GHqXSudQO3utB7fvGg9RsQGV1vmyLRVqVRA1qh1m7p6pKNqi97ackDUTZwvHowCnUphZeoOLqh58fP3788uVPz1bkT7q9VzapVVV7tOYOMKkVtDqJbcXI6n1zB5XthcqqHSoqK2FuBqrxD4BBbSAGtakFrwsKtYrV/91ZGVU8bmkiJrUBTOoBWpvf3FFfCaX5tOZhN695yAXUXytCVLl8sJKW49MqX5hDBYNqRVBRqIx+S6MVTCrMpbKKXyjNr1SVEe5QNWTJClSp2oFOopaXMc/XpKWpJGZQ9U3WRrwiKFQmNVqb9NykQjqJrqGphPXjdMtUea1bHqBulcoHy6BTEkyi0rmZva01fcSgNlkQVBQqM6iWJmJS+6Dil87Q0KnUygq21g1MapagKvoP8llUledbTw0qSyXV9IDna0BQUajMoBrA9+2pkdNJfLFbmZT3jc+kZmqctKp+UA5Rt1HPdz9twWLWtkmTqD16vdWCoKJQmdVtsFj1+h5pKrVNa6YtWViQum23aib1V3mAWs5D1GYK6oFaYlBpKsnS1X1SoWC/W3jt5e4PnkShslJ3l4Wlk2pYdZLW3MyD1PK8Qd2+fbuytwPrlaTdV1UFOV8KapPVoALVKZSInHjnobIE1QDpJAAVFrtV7dPy3kmKPg/J6vIzrxlnoNKlqNvkyZk6E29p1ko93yaLofNI/M24hZKRG289VDY60mmwNIHv29DK25yZ6uqUQequXTsT+nDnAyoLUQmoNTTna1WB6hRKSGhTUdnoLQKqleZ9ayiobaw4KT6TmheoylxSBQVVy3JJe2GBG+R8OzVvyfGpUFLCOBWVDaiaTpr37Wuo2Qstftu0WgpqRUI2KWtQtyTJJdXXNUOvJJpLgjpf8HzjoPaXFqj9ePOhsgPV0sTqfaEdIQlSm+vqk2STtuQKKi/0JaCyJizU86UrUXvVoLpLC1SMUlFZg9prZBM0DNSO+jd1ujK53DdXUGGNG29rxvuExusHWVmS1dDVaZNBFUpMePOh1q53bJ1dzPeF4iS5ilCnU2ST5C4POYC6NZ5L0tFuSWzlTCsNUS2GLg2CikKtBVRNl8FCg9RWvoIGOifpdIq6/MKAqtMpyx3oUlTwfI+9g6CiUBlBPQa+b2+vFKTykofCgnr8OM8lmcys/aAiRG1PCaoz5BVFb8iJoKJQb7crglTWjNBs4tkkaVu3nEHdsWOX1C5JAepvKaiwZtxg0Nja304BaiAqirGYKEYDpQRqNIr3JCopqDaNwcBXj0PLfAWodFs3AHVHlqAq2jtwUMsoqB0m8542VpHPc0kaW0sKUAOi6BeEWyKRgtTxm9eS3vTk+VSHXi1QR0fxnkQlA7UFglSWTaJ1+W17YLcoCVRWRJikyUO2oLKkr5nlkg7x5g4E1GMpQHVGxaAg+GIAatSZB6jf3KbD5PPR0dE/fyD89Un44T+GE4biazEEX0OLCCoqV1CPcVCra1oPsWwS1CbppCLC/EDdmggqXzTewCryO1OCGgJ7OiUyhXIHdfLeJTY+ouPso6Xhqy8+Ug/rAOrcKPk/hEbnEFRU7qB2srp8nvZlRYTy/MxWWDueJ6h8n3Ge9K2FAsIeDmp7y4mkoEZF8uXWxEQUQPWqQF1+4vH8+65AxpXw0vC333k894cpqNN3wg9vCNLx2a9XyMPvVzwecugTjvHFzz8QhOdL6mE9/NzQaCg0GkLXF5WjTrS0c1B7oIiwVl7pBha1PFdQ5c5m8Y3GlaCydklWS1enLRWoYoyN0+D6ikpQwQzO3vtyePzR0szsXWH5tnDxxVcU1B/vTn7244x0/Pq/PhTevzsLlnT2wY3xm57ww/vkyRlBePqlehheH1ITOF0FanRUFmaUUKtBtXV2Wax6nk1SgiptPZ6sv1neoOozgAqK+QWnb34spgKVmkHyhY4Kv3f85iV4/kP5+Iv7M+DrMtdX+Nvw5NU7l55+Cmh+qh5mEFTUKwOqvrCgbpFBVbR3MBFQeRsW1t1BY2tJ6fpSuSi0KtcXLKXwlxcf0VGY/Pa7kRHPNSlGJaBKx4VvHni+mJFBBX3/xw2zqOj6ovIDtRHSvnSlG2/HQkA1qZs8SMW++YOq3acElc7ONJ5IkUyimiff+tXJJLVFvf75V7JFvaayqAJEq0sJoG5UjIrJJFQhQKVp34YGBio0ecgf1O3bZVBZvQPvw8Ja+vbJszMpQHWCSZ0PLAhCMGF6Ro5Rby4NT558Suzn9RUlqNLx5bvC5POlyWdLw8Ls1zeW/05c3xfXWJ43YcDpGdSm17uN8vxMH2/uy7qxSBOpHFTWjSU/UDsoqAc4qHx2pvHdpKBCwYM4Ru1pYsHD8gNF1nf83qL4xSMlqNLxi3fCnv/cFq7e8Vwav/kJvBimTJefQE4pYcCCB9QrASpL+/bxjS3YVlEAalmhQOWrUc0yqNXy7EwqUKGEMIolhCiUBKo0P1Mtg2ouDKg74qDu56DSwiS26wyAaksDKhblo1AqUG0SqK0HpdKkenn9jNQsPxdQd6YCVerDYmtvTA0qLnNDoeKgNgKorBtLKlB35grqriSg1gKoPQgqgorKDdQeALWWg1qvAHVXgUBtVoLay0HtlkCNlBqoEbz7UGsHtZuD2qsEtbm4oPJl410aJajBUgMV+4Wi1q6jAKqmS7F0vLCgKlqbEVD3yaDqV4HqLDVQsQU3KhdQ9TKo+5Sg/mZ3nqBuU4H6hgyqlYN6tERDVAxSUTmAapVBfaPYoB5KCqqz9EBFk4rKFdRDxQC1vCwVqMdaJFCDQgkKo1RUFqBCDWEKUMuLBGqfMQFUp1CSQpuKWqMOx0FlXZOKA2qFLhHUJl6T3300EnS6hRKV24lWFZUFqFKxrxLUioKCCjtEJQdVQKFQGZQC1Pg+UQUE1bQK1HYC6mG8CCjUWkBtXwWqqTigavcgqChUoUCFXceLBGq8/TaCikLlASq04C4uqGzPxY0G1e3uR6EKLrd7PUClOy+uA6jVGwyqu9+JtxSqaLAWGdTqdQXVwho8bACoaEtRRVaxQOULUjcC1COHkVPU66YUBTxu1/SQKA5Nu7K3uYePlByoeBuhik9qEhTdfi/fTEn0+t0IagZhdIraEO/XPSQqNORGUNGeotZfwWB6Ut3MnM65XHPMqLpfB1DdQ0Pp37crnZvv9kMk4COvmE8boAZ9EyMjE74g3mWovBUIpM39cnvqh+/9OdjUzQkq+V9lAjWQmlQXDwW8rnkxnUENeEfmfL65Ea/yI37/D39KdSngUJrDqJJWLJbW+WVw8l2UvHFoV8mf/PlNCSpwmuHPjTs1qS5RnJ8ShKl5+DDSGNTAyMQUjFMTI678Qf3s/+ydW0+aWxqA/+O38WJuJt0ROgGsZZp4wAME4k7RDW7xVKWIClWgVkBbFEepzfaMtR7SHS/UTjLNzvyNWes7ICioM7aTgs9z0ZfAci2l38P7rgMQNm5YBWnReveoe23qeoS6pMXhaLkhpeqFr/4tSk9vKH6vX7Q/rKh38PSGnCqeEsvl01Fd1GZru/jX4RD/tFub7yvq4rYuqnl37dGjR82mxd2D48Jy2nw1cknXJ53t7Z03iGrRijz9W3+7S76rsHYz6t08rZpTmxr1iektGdXm6DBE7XDYykVtm8/7Vwe0GNs0HU7k/eshXdQvL/wNB1PFNou7eX/DxrNtv9+/1La8JoTMqv1kZsTP+z6GrkYu6frjeUuLzfHkiaOppeV5FVG9+mKv/Dol9XuV1IWlmp6j3tHTqqb+rbHj0tPG6lPUdu/lbW97maiL27Hs2PzegIwt76dMhabjQm9YF3Uv3ZHLe4ptAl+zzyxZ02JCZNQ2kTHblru7ZYmrOinsvBq5rOsNMXUSPG1ufiqjNp26Nkktbs00jY01FbdoalrU8t2mSiVvCZZKNf7dNme0LKpmVJFdy0TtEiKKG2E16uwsTWmibphVK402ga+qe6qoKoXnjyzLB1O+EyFmmxD0SuTCrr+NmXajIrM52psrryY1VqSmS98fQNTA3ktxa3JJiyZR+v6locEQdVqz0mizON+wnjWXiCrxfdxE1Ic0QXV0loT7iVozi0nfqvSVWnY23Vb6aqJeKX01CbcNUX358anLjFom6vaS2VRYzm9MlYlqrlDyUvrWM16HyKTNDm/V/Rkt/Vh7Wl4rymtLj7V66fvwFpPkNLWnuqg3LCZ1nWllrU8rfbdi/Sbz9hVRjTZqg72XVzNqiMWkB5VSu00tLabuzqqrvupiUk/xnsfe2l9MuqOpj2/fnrE0Nr7+n7ZnzDuxt8Zi0vP3ocBXj+kwf0VUo02h6fjZTixkmjw9/kkuJmWanncUZtbM5pzcjrkeuajrkXZvp8PRWVKYVdqeKfPSW217ppZOJpm+xYGHsZ5Kz0SJKDcceFC3XrIifpDbM2Ia2rC+e0VUo41vwq82FXFJW/U9shoHHKyVItThcpLDYbXZrA5Hc5XKVz3wYCu9w1btwEMtnUy65xHCluIRwpvP5BePEFpu/F8w/3ePlh5+MpsrR6gvLA6veM3v8JYfTrp2hNBSnmErHyGsoZNJ3+RQvvVp5bf8larCoXz4JjzRX+otT6p5qh3Kt5Xk02pFY01lVN7mBjVPpbe5WW1jHR1jNmvdvM0NU6G+POWN43xkEvx4mBU+ioUPY4Hay6f6XoVXfqSBlw83o/qFH9fTe31c6EMUlfIXviff5QO4H6SoCl9pAd9J0u/1lRYPVVSAWgJRARAVUQEQFQBRERUAUYuiPgKAWyCjApBRERUAUQEQFVEBEBVRARAVAFERFQBRAQBRARAVUQEemqiFF6f2hfm9/jv+Mc7Ds1/VG76JjQoPt85/fXlzB+7dvOdbP8POyREX1xnUj6i+3mgsK7yMBNem9LsywyN292S8TFTfcPQ0JNrODijO3OhSqNQJ36gqqjOTGlSULb+mZbFH9z+Dt4ma899b1NYPkeCGoWaHXVFy43auM6ijjPoq8kbKMlySgSZH7Mp+uahKICJs7BodlFL8MVQuybCWUZ0r4tG5qC5da2pEU+WV/xZRRbf3FdW5fWHrjQ5qA7Z+JJlC/Ypqv1FU1WTnyqxwNDCuVBd1P9hn3Pt/FDW5ZlecifiQVvXOIirUtaiHR+exgRJRD61Hf0/r7eZEBeucDAqlPvcprcvWdxchMStd2vF7VFEzL6y/yXz7yr95TdRsb3TJpSy8+Pe7JVdmOBp2uXdim8ZgqqjpXlFZiwJ7ZuKvaSOIKW9uVNfembNOiPHdu0d50U4Lmd9PfzkPTl8+q59mVVEPz4ONWTnPznyIWc6i4bZE9HTI6NS93H0+O8QVCLUs6qtxkZbEZWyIGtgbEnNOj5H2wkpyQrjY+nHImZhW3CsjrkIqbpsZkKK29nqUpBS1y1iEuhQ1cnG87++TvcrU2TUqxtvyFAdTu15tmo+MuJInLuVTsE8PmeF4uk3vpGvd5dx5qXwWg6QG7VpYnAwe/FQ6lZ4M6y8pIqPKeXZbInhwvBP88tY3Oq3one6HldYZRIVaFDXmcDh+i4zYnYl1r/doddMQ1ZkYLJm8uldmXVvjiXi/qHwDsprdD3pEsWvXSl+ZzdTSN/kPV4XSNynszKXVIH/GPTNUHMwofeeCm3Mxr/f3dx49aFNerYwN+NP2hVDy7IvXO3HxpxZcc2LMkro6+Uf/pajq3yAbyL7dw2HF6Ds+oBSojKGWM2rrmadsjppMyRRVzFkiH82/3Ip4dvqUT/K+rtFfVZekqM6E+BFN1BN7JVFTYpCF5X/JbLoffNk1rhQHM0R95ffoKVEPuqhq+nMnoqJM1rO1kbTLRXV+NjosivqpKOqg0WkmFb0IcQFCLYuaTMlFIaf9UlSp4Vx8yNDp4sSVTJ1+dKnzVZEepy9FXVGXmmQGfq9UETWwGlJ9TaamP8t79MEMUUWWlrYrTpPek/RAAAAW6klEQVQeSkWVe0JBT5dahj/Wg71c1ENjMl1ZVL1TpXU7Et/kCoQaFtW5oi4g9RdL3xX1itc3PYSHUdFyMhrWf6Yr31cUVeTdTU3UkrXgclFlK1VU0fZEWq0PZoi6Pzs0J5eqAn16KBU1E1IWhgeTKfFy4O75Uwvlpa8vLUZ7XF1UvdPCkBIYneYKhBoVtVVORfcj8YPfw8WMqj6UPOszWu7LVKSaIearU8qnJbshalgJRE5DXamRkBLYM1Z9U1dETY0cz0fCb+WWrBzRGEwV9Y3i7n0jYvDL8rpLD6WiBjbEbxV2TkZjnRMePZSVvoH19788mX+j1ejx47dX5qiDRt+f5Uge5/YGxyGgpkS9PJl0MCXqS7mPcpgKZjO90XGXksuvOrLF31qdfmqnCRZ6f3acTDkPR4NpuzMXmR1QtkaDF73rA8r+1ZNJC4noxvGO8DgXiWd7Y2KC6H7RrxWzcjCtrs2vNspxfOfR2KYeROfxrC8VlJlSrnh1nwwp7u1IcNyuB/HYeEZ0LgcJRKICvabtOo9vir8hXRgOjo9tR5eOc6PxAb3vuejq0bjdneCAIdRYRgUARAVAVEQFQFQAREVUAERFVABEBUBURAVAVEQFQFQAREVUAEQFAEQFQFREBUBUAERFVABERVQARAVAVEQFQFQAQFQAREVUAEQFQFREBUBURAVAVABERVQAREVUAEQFQFREBUBUAEBUAERFVABEBUBURAVAVEQFQFQAREVUAEQFAEQFQFREBUBUAERFVABERVQARAVAVEQFQFREBUBUAERFVABEBQBEBUBURAVAVABERVQAREVUAEQFQFREBUBUAEBUAERFVABEBUBURAVAVEQFQFQAREVUAERFVABEBUBURAVAVABAVABERVQARAVAVEQFQFREBUBUAERFVABEBQBEBUBURAVAVABAVABERVQARAVAVEQFQFREBUBUAERFVABEBQBEBUBURAVAVABERVQAREVUAEQFQFREBUBUAEBUAERFVABEBQBEBUBURAVAVPgPe3e+1ES2AHC4RmcsRUUkIyqYYQsCbmwCbiggMwjKff/HuX22Tge1EkKYW976fn/wAs1XZ+nTJwIVVAlUUCVQJVBBlUCVBKoEKqgSqBKooEqggiqBKoEKqgSqJFAlUEGVQJUEqgQqqBKoEqigSqCCKoEqgQqqBKokUCVQQZVAlUAFVQIVVAlUCVRQJVAlgSqBCqoEqiRQJVBBlUCVQAVVAhVUCVQJVFAlUCWBKoEKqgSqBCqoEqigSqBKoIIqgSoJVAlUUCVQJYEqgQqqBKoEKqgSqKBKoEqggiqBKglUCVRQJVAlUEGVQAVVAlUCFVQJVA9BAlUCFVQJVEmgSqCCKoEqgQqqBCqoEqgSqKBKoEoCVQIVVAlUCVRQJVBBlUCVQAVVAhVUCVQJVFAlUCWBKoEKqgSqBCqoEqigSqBKoIIqgSoJVAlUUCVQJVBBlUAFVQJVAhVUCVRQJVAlUEGVQJUEqgQqqBKoEqigSqCCKoEqgQqqBKokUCVQQZVAlUAFVQIVVAlUCVRQJVBBlUCVQAVVAlUSqBKooEqgSqCCKoEKqgSqBCqoEqiSQJVABVUCVQIVVAlUUCVQJVBBlUAFVQJVAhVUCVRJoEqggiqBKoEKqgQqqBKoEqigSqBKAlUCFVQJVAlUUCVQQZVAlUAFVQIVVAlUCVRQJVAlgSqBCqoEqgQqqBKooEqgSqCCKoEqCVQJVFAlUCVQQZVABVUCVQIVVAlUUCVQJVBBlUCVBKoEKqgSqBKooEqggiqBKoEKqgSqJFAlUEGVQJVABVUCFVQJVAlUUCVQQZVAlUAFVQJVEqgSqKBKoEqggiqBCqoEqgQqqBKokkCVQAVVAlUCFVQJVFAlUCVQQZVATVB3QZX6Q939X0Hdam+DKl0E6nZ761+F+hVUaVioX/8dqDsvQZUuA/XlzhVD/evBA1Cly0N98OCvK4O6/hRUaVRQn65fDdTF76DuV1A/eQjSIFD3v4O6OHqoj1ZnQJVGC3Vm5tFIoT4fPw/1ZGsDVOliUDe2Tr6D+vzqoM5+AVW6QJ+6UL/MXhHU4zs/g3q6Bqo0GNS1059CPb4KqI9BlS4H9fHooY71QJ2soc5nqHsegjQo1Pka6uRIoV6faI6oUzXUBVClYaAu1FCnmlAnro8e6kqC2n4NqjRQewFq+HgmQF25WqibTahPMtQ5UKX+UOcy1CdNqJsjgnr3B1BfBKh/gioNB/XPAPVFhrragHp3WKi3fwY1f5BaQe2AKg0CtROg5s9RfwL19nBQb3Wh3shQnwaoSy8L1Bao0qBQWwXqy6UA9WmCOn6jC/XWJaHeSVCf1VC/Zqj7oEqDQd3PUL/WUJ9dDdTpCHU5Qz3Jp/K/eQjSQFC32/mob7jgIUCdTlDvXALqtWs11D8i1PurAWq+4mE2Qz0FVRqgb3Od0wx1djZd8BCgrpav3ArUCt4IoK5PNaGGEw+dDqjSgFDjxzOz+SaWqfURQP29hjo2FqA+H6+gLlZQ89GkhSdPKqhh2xdUqT/UsOlbQX0SoYbXqBXUxQrqeP3xTIb6+2ihLlRQ26BKg0NtV1AXRgn1t99qqNd/AHXpYTyalLZ933sIUr/e15u+X2YfLvVCvROgXq+hVvyGhJpPPExvRqgvHi+lo0lpNwlUaQCop+X67dmV+Hamgro5Hc87hE3fS0K9dx5qPJq0E48mnYAqXQzqSTyYtFMOJlVQx2uo90YBNd5DuPlsvXsF90KG+sFDkAaFutC9fnv92Wa+g3BYqDcL1NsF6p36Zt9Xk8tlN2l+o91q7YMq9Ye632rFI/lpL2l58lXjVt/jP8YC1NsF6s0LQr0VoE5UUI+bUMun4+kH3UCV+vdhv1U+csubvl2ox8dx0/dePJJ/GahxkfroUdn2fRGg1otUUKX+UOslaoD6omz6Ni5iGRXUsJu0+CztJtWnfdut03cegtSvd6etdvekb9xLejZKqD3Xm01vll9erKDm21haoEr9obbyPSz5SH74Kbfm25mJ6/eGhZq3fSfiad/8RepiOJafFqnlTSqo0gBQy1vUdFfoq6dTi/Gz8XzSd6Js+g4NtXEsf2Y6QX0RziaVL93eegjSQFDDzPfrwzDzjVC7vxBV35h0cajxk9Qaatj2DYcIN6fCInX58c7KbLmJEFSpb2/LDYSzKzuPl5erJerUZjhAOB6XqF2o4aTvxaHeunuv57L8uEidDHPflbTvu9He3vUQpL5Qt9sbJydh5rsSZr6T3SVquX373t1bo4Ma5r6TD9ILmvyTbqBKfdvNP+SWXs6E6x0Wp8/tJQ0FNd/GcjcfIqwWqfEiwgpqeJO6/HhpJX48Xs195zwEqV9zYeYbbndYidewvJoKS9Rw0jd8OpMOEGaov10Y6vndpLhIXS+L1LKdBKo0ANS8lRSWqOVEflyi9u4lXRbqcfokdWY6Qk2X+6YhFVSpP9QyoKaZbwV1emYmfjV+fAmo+dqkcll+OfJwP99EOJkvTvoShlRQpf5Qt07Sz0Pt7CwvT+YbCO+P10vUdE1+98KkflB7bmMpl+WPpZ8dr6CWj8fTmYc4pHY8BKlfnTSgptMO+aPxCmq6hmWsXJN/7h6WC0HNu0k9Q+qDvJ0UhtS2hyD1ayMNqGErqb7St8x8x9LHqMNDrRep5ePxBLU5pC6czHsIUr/mTxaaA2qGeqN7Iv9HN5sNArV7yUPjuO/9su8brzjLH7vNt+fmdt++e/fh/fu9vTcfPx4enh0dHRx8rvo79Z/e/pH+D+r5p07/6dX//MHB0dHZ4eHHj2/29t6///Dh3du3c3Pt+fyBW7zWrOz53h/vHvT94fUOF4EaP6CZiG9Sbzx/lIfUyTyk5v2kjfZ2q7W/3+kUsN++7X16U5mt0B4ehQ5Cke7nv9Nf6RftcwSZiv/Ylcyjo8OA8+ObN5/29r4loLtzc521/VZru72RdpLKgDqZB9RH5abQ+OnM8FAbv2Zc7/umS0PTG5qleDxp4eQ7qU2qwerZ2VGXawIr/codlML/9dlZUtpk+p3TeChpqbybWYwD6vPemW/zuMOgUG/2vEltXJy0OrPYWKXmye9WO0g9XVurpDao7n3qYj3MWEsH0i9d+j8ORgvSSmmX6e5cp7N2Gpy2t/LEt7FCXZxZbd5r1nyLenNYqHeb1zyENzT1kLpTJr/zG9WY+rp1GsbURDVNgKthNVhNWiPXanQ9OztnVvqVOjuK/8SHhejH8B/+KTD9FpmGZWkYTjv7p63X1XgajzrEie9OY0Bd7R1QLwG13PLQs+8bfisq/E7qq3rym6RWs9/262r6uxapvo2jara616O1S1b6Rev+J9dGK6RZaWEapr2v29W8t3aaJr7hV9w2pxsDanfme+3csaRBoXYXqeVV6nh8Q7OYNn7D5HelKTVMf6tBtVBNU+BzWpPXBlrp1+pNEVqMxpE0K01Mw3Aal6cNpyt5JykOqDPdT1Hrme/3J/IvBvV2z9w3rFI38yo1T37DHb9xRylOf+NKtUyA88CatCawQaz03/bufqnJI4rjOFiLlqqtrS+xaVGIQKAiVAHHmXam/yGm93893fO2e3afzZOEBJ2Nv+8V2GE/c3Y3m7Tx/pH+E6OENGN6+pm3vXyP9Dt/gmobXzqhvhsOH7tvuOlrh3mhmtYK1J/0GaGMVDmlitQXSSoN1YtzOqnqBvhDnKumNYJN/YNQO7mVayv6b4f0AzM9PQ3j9JyOp+93d6PTF+I0nlD1Q1T5KmoN6kZf5XXSD/rmIX2FZpBvfi9p9zv5ZFKFapiqbFWwymg1sRlbhNrrb5es7LDIPzJSGqZhmn4+l3HKTj9NXr4cjy8vs42v/bYDf3HG7Xz73+PPgJquk2yk0uY3lyoHVaOqY5WxqtbINSeLUIPFlfwxGQ1IaZjSpleY8vE0OJ08d075JkkHanbnuxzUJHV7uxipfEzlcyrdKD0J299I9eLXX9kq3SxFrBL/h2VoEWqrjzFe0ob0ddjx/ksr/8KYktMndI8UnIZ9Lx9QdaDqF9z0tx30zvemUDc9VBup/DyJ/jc0Ser+eMxSZf/7/i+5VlKrp6e8DxavrzK0CDXaqxQPIz6XslIepsSUx6k43XdOj+kL4/L/GS8G6p3Z3xmvf3s8/rpv/Cg1Pk+ize8Zf4VcbpToSom3vzpVeayeC9bPGVcvFqGGe21EyaggPb+ITAOFPT6ePj+Re6Sn9HXxM9n4xs9Q052v/0XfxaHqSPVSZfMrx1SVSi8f6OnDZI/3v9e7YvXigrCaVvYqYLXXCLVYXMG0omlls9FzWu+qNExTGqfCdD851QNqvEnyn824ne/CUDcT1PhZKt0nyTE1Sj2k77zJSVWnatwCy2QVrcK16F+E2suWr8xRmaR/OKU0TeV0Sk4PD82p3vj6m6QEdfOGUKeNVLr5Jak8U/nuN0ilO6UxPdIPVMUqzVXFSlzZazSLUNPZar4QooKUlMqel5nKLRI7/eWXHZmnfEBVp1MH6rxQ/d6XP6HRd4Rp8+ul0pXSYTioXtL+l86qbqzuqlbzqmYRary0nml1q9FduujlYTp5KbvewPQNOX1rTunbbY/cxldfD2a/vH3/3oJQ4w+ypJEq75PoQsmkyhslOqiGoWpUba46rR2wCLWcAjWj19fXNkufTCaBQcBA41Sue3eexXlK+155k1QM1OL3BxeCantfe55kN79RKn2eevBWhmqg+uKEzqr0qnDCg3VPuDLY693Ye4Qabtd1zTFRHqUTukGis+lJ4KDj9O3BwbOzkTodbPmNrw3U7s63H6p/7ut+iDvdJ6nUP1WqXCmFoar7X9kBj8djs8pYVauCtXYRarS0in9Xo3ufvNJ9GqaBKV0ihW3vAV0jqdM/C6fphOqhbsxu2inVH1OdVP5AdYeHqtwqBapqNWBlruTVyDq0CDXbXuoTb3YVKSsVpnTXS+N0Rz4+rTi1tw6VE+rCUN3ml4+pxe73KEgdZVT5sGpWZRvMXKPX2B5C7UZLWIVO+O4oKdUrpMQ0bHvp89Ns3/uzc5oN1BtD9fdJMlK9VBmqZ3b/y1SjVcZKWoXrS0NLbBFqsYmPF/RzMZqURqa06T3TcXpk90jkNN74ppukpaBmI7UjNW1/R0pVDqtqlfbASauCfV6oRajRbDWP1ajueEUpHU2V6ci2vfSxTMVp5YQ6P9Sq1IddqfycsEJVsApXSsRyY4TWpJMT5nl5qUTfyCjtMuXnSB2nD6c6vSHUjtTtJPXRYFBQJauKVbTybbCKFbT7+04uQq1ka/fSpUSDUUVKSnOmg0G/0xVAtZGqx9RSKg/VfKrmVkmrco1ifZcItVZavrKsD9WoV5pPU2FaOpUDaj5QF4Vau08qpcpQNapHQ3qqpFZpD0xYTauKTWQRarxD7Wk0Spe8Aako5YdIwyNlKuP0yh4kRafVm6QbQSWpm3WpNFTj/leo0mOl0fHxsWg94OHKYLWnCK1Jblm/lTEqRsPyH/EzJGOaj9Ou083OxncuqJHq/b6ZqldKcf9LVHWsmlXCKlzJawCbkUWo8WhF75jQOEhZqTB9zNPUmOq2t2+e3l+EaQeqP6ZmUtNQVao2ViPWyFXBajsINdxB0TMl6pDGYapMZZx2nVYPqAtC7Wx+k1Tb/nqqzqphDVqFa/B6FslmHSDUXrp6eVkfK9HRO0NqSvVsmpjKtrfj9GYb3wS1mKl3S6k6VEuqsgdmrEFr4EpeFazvDKHG6q7iEQsNRNXoUJ4KyjAtmZZO71bn6Qqg5lLT/peoRqsO65H+43/j3kkjhBpPl7Ks6+EwGjWkUSkxvXJMy3m6FNS61LT7rVAVq1vRKmMNWoVrBDvM4CLUYsNuTFSNOqV2hWSHU8e0u+9d3GkFqkq9m0kVqtueKls1rKKVuCaxZUOE2kwWsKzuQTIakcZhGqbptjL1Tu8WTpeB2iPVDdXCqmFVrY8GvscIrUWDMjaakKZhGqapG6eznc4PtX+mpqGqVL9LVINVh5W0Rq8VtQi1nixrXuhbW26UqtJ4NmWm2bZ36Xk6c6aK1IIqW82xGlcT21GLULPFJb3le+CRpmGaMe13ujxUJzWnWrFKWE2rB4vQmvZAjEakmdKCadfpTaE6qcVMLYaqpxqtbtu/9eoqB5uFvy1aA5wG1BGV6yNVGpl2xml1ni7otA41DtVEtWJVsSauiexVr1yEmihbzN8XbQvSulJlWo7TJaBO2f16qTnVZJWxRq25V4TWNzOqSFVpznSG042NJaDOQ9WsGtYOVx/+pGi9eJZEGakpnZ/pjaD2Si2pTsFqXnvQItRuaXX7NV9BmjNdqdPpUnOqXauMNefaZYtQ29XWt6z8h1WldaYrcDpLKlMtrDJW0Wpe62IRWp9spevC/zFDmpQK09U77ZHqqZZWBWvk6sQitI6lla5L/4ea0hrTFTnNpRZUu1Y91sg1J4vQ+uWWekbgzgylGdOlnPZLVaqZ1Rxr1yxCa1dtzd/pKi2ZrtJpIbVDNbcatVa5IvQtdCczOlVpznRpp6XULlWzGrFGrQCLvkGgzqgh7SotmK7A6TxUo1WnNfNahD8qWhOSRW75JxP3vwzT+ahmWjOvM9ki1G7dle4d1KXcFtOu1ClUC61VsAitZ8XSn0rk3i06rVDtwdr1Wg1/WtQ4xmp9LrqKNlbfYlQXMotQ281F4YswrUqdWytC33R1Oxu31b17wIrQKpDeItNeq9CK0LxGb1vpLKvwilC/0C+ldB6rIIvA8+srXUgrQuirGYVWhFoxCrAItQIUYBFqCCjMIuhECCGEEEIIIYQQQgghhBBCCCGEEEKx/wEwjCI0AYwpNQAAAABJRU5ErkJggg==" alt="hello world in browser"></p> </li> <li> <p>Switch to another terminal window, and type <code class="language-plaintext highlighter-rouge">docker image ls</code> to list local images.</p> <p>Listing images at this point should return <code class="language-plaintext highlighter-rouge">redis</code> and <code class="language-plaintext highlighter-rouge">web</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image ls
+
+REPOSITORY        TAG           IMAGE ID      CREATED        SIZE
+composetest_web   latest        e2c21aa48cc1  4 minutes ago  93.8MB
+python            3.4-alpine    84e6077c7ab6  7 days ago     82.5MB
+redis             alpine        9d8fa9aa0e5b  3 weeks ago    27.5MB
+</pre></div>  <p>You can inspect images with <code class="language-plaintext highlighter-rouge">docker inspect &lt;tag or id&gt;</code>.</p> </li> <li> <p>Stop the application, either by running <code class="language-plaintext highlighter-rouge">docker-compose down</code> from within your project directory in the second terminal, or by hitting CTRL+C in the original terminal where you started the app.</p> </li> </ol> <h2 id="step-5-edit-the-compose-file-to-add-a-bind-mount">Step 5: Edit the Compose file to add a bind mount</h2> <p>Edit <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> in your project directory to add a <a href="https://docs.docker.com/storage/bind-mounts/">bind mount</a> for the <code class="language-plaintext highlighter-rouge">web</code> service:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    build: .
+    ports:
+      - "8000:5000"
+    volumes:
+      - .:/code
+    environment:
+      FLASK_ENV: development
+  redis:
+    image: "redis:alpine"
+</pre></div> <p>The new <code class="language-plaintext highlighter-rouge">volumes</code> key mounts the project directory (current directory) on the host to <code class="language-plaintext highlighter-rouge">/code</code> inside the container, allowing you to modify the code on the fly, without having to rebuild the image. The <code class="language-plaintext highlighter-rouge">environment</code> key sets the <code class="language-plaintext highlighter-rouge">FLASK_ENV</code> environment variable, which tells <code class="language-plaintext highlighter-rouge">flask run</code> to run in development mode and reload the code on change. This mode should only be used in development.</p> <h2 id="step-6-re-build-and-run-the-app-with-compose">Step 6: Re-build and run the app with Compose</h2> <p>From your project directory, type <code class="language-plaintext highlighter-rouge">docker-compose up</code> to build the app with the updated Compose file, and run it.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose up
+
+Creating network "composetest_default" with the default driver
+Creating composetest_web_1 ...
+Creating composetest_redis_1 ...
+Creating composetest_web_1
+Creating composetest_redis_1 ... done
+Attaching to composetest_web_1, composetest_redis_1
+web_1    |  * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
+...
+</pre></div> <p>Check the <code class="language-plaintext highlighter-rouge">Hello World</code> message in a web browser again, and refresh to see the count increment.</p> <blockquote class="important"> <p>Shared folders, volumes, and bind mounts</p> <ul> <li> <p>If your project is outside of the <code class="language-plaintext highlighter-rouge">Users</code> directory (<code class="language-plaintext highlighter-rouge">cd ~</code>), then you need to share the drive or location of the Dockerfile and volume you are using. If you get runtime errors indicating an application file is not found, a volume mount is denied, or a service cannot start, try enabling file or drive sharing. Volume mounting requires shared drives for projects that live outside of <code class="language-plaintext highlighter-rouge">C:\Users</code> (Windows) or <code class="language-plaintext highlighter-rouge">/Users</code> (Mac), and is required for <em>any</em> project on Docker Desktop for Windows that uses <a href="https://docs.docker.com/desktop/windows/#switch-between-windows-and-linux-containers">Linux containers</a>. For more information, see <a href="https://docs.docker.com/desktop/mac/#file-sharing">File sharing</a> on Docker for Mac, and the general examples on how to <a href="https://docs.docker.com/storage/volumes/">Manage data in containers</a>.</p> </li> <li> <p>If you are using Oracle VirtualBox on an older Windows OS, you might encounter an issue with shared folders as described in this <a href="https://www.virtualbox.org/ticket/14920">VB trouble ticket</a>. Newer Windows systems meet the requirements for <a href="https://docs.docker.com/desktop/windows/install/">Docker Desktop for Windows</a> and do not need VirtualBox.</p> </li> </ul> </blockquote> <h2 id="step-7-update-the-application">Step 7: Update the application</h2> <p>Because the application code is now mounted into the container using a volume, you can make changes to its code and see the changes instantly, without having to rebuild the image.</p> <p>Change the greeting in <code class="language-plaintext highlighter-rouge">app.py</code> and save it. For example, change the <code class="language-plaintext highlighter-rouge">Hello World!</code> message to <code class="language-plaintext highlighter-rouge">Hello from Docker!</code>:</p> <div class="highlight"><pre class="highlight" data-language="">return 'Hello from Docker! I have been seen {} times.\n'.format(count)
+</pre></div> <p>Refresh the app in your browser. The greeting should be updated, and the counter should still be incrementing.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA6gAAAJuCAMAAACKWd8HAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAC7lBMVEVHcEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABARUsAAAAAAAAAAAAvKjwvNTkzOT4KCgouNDn////e4ebx8/QxNjs5P0U6QEYyNzw2O0EzOD00Oj8zOT41O0Da3OA7QUc4PkM4PkQ4PUM3PUI3PEJfY2jv8PHDxcd7foD29vf+/fbo6utrbW+5u71KTlRkaW3j5ebz//9iY2XIysymqKo8QEKvsbR9gIT//+QRm1jX1tVxdXlOm+VRVVnA/v/g4eL/5KD+y0D//tX+0YCdnqO9wMLO0NKOSSuEh4lwwPig0vLaRDbG6/j/+7mQlJaM0P+WdHEoBgrx89PikzqRWVOOj5Cqra8IBBNdXGGfbUya4f757cqHio3c3NkOSZ/p///u0KCWmptEDg5TMCze+/9Zsvmt6f5uLRAHFV8/a6xDXpQHKHFChfTU/v89htK48/9cFgf7sVgMEi7y2LOtf2JbkdAqCTobXrJgRndNRkVwnNDx79qPPAmrUxEID0XQnXNrWUTy8+dOhMEiRHSqxt7JQTV3mLTosnGhXy22cEEHM4q2k3rBbiLShTdtfKfi8vUea8P65MAXM1f6xnDPjFl5sdy8hVDvxoQ3JlpEWW+50OZ4bZPloEzZuI9lR0jtuTyPwuhBSG+XtMoki1HJ3eQhaEl5Zk11RDrZWzr18+/TyMIxNHWdSQ4rTEREK1DOskFaf5bUoZpXtom5zp/F/c94pEnEe3rjAAAAVnRSTlMAAwUKBA4SAQIGDAcQEwgVCSMLHBZSOhkzIioaQCZLNSAtRCg9MB4rLxgfSEdPWCVOXlZaWzFfdjg3Y2FmbXJ5dYVqfoiBjJwPO0JwaP5/lov6qb81qghIJGoAACAASURBVHja7JxLb9tWGoY7uXUmccZ17Pru2LEdW25SJJsAyT9oDGgTdDYyNBQl30QJoEwJkGLBUgkhqKQIKOBNJ4IHcBbe5w94MWgWMQazngIDZDFZBEWKAEWBWc/5zjkkzyFFRZKdi+TvQSNavFPk0/c7h5Q++wxBEARBEARBEARBEARBEARBEARBEARBEASx+RxBThVoJ4KgsygogvS6sHgqEOTTFhY/fQT5tG1tabf+iCCnik/MVtQTQY6j7Me1FM8OgrTq68exFM8IgrRr6wfWFE8EgnQm64fytKVd/AOC9Dwd2vrRNW3l2M4hSJdxXGffu6otS4oyIihxU1/fp6otadpc0DMI0oM0F7YlVT+gpg0N9T+4PyFIF9OStk1tfR+qvlNTj6OoJHK69fXY+gFUfYemLklRUASFlW31c/VkTW2qqWRpE0UvIUgP00TXpq6eoKnNPPVa6mfnnxGkh/Fz1uvq+zLVX1OPpV5FnQP5AkF6GI+ybln9XT0ZU309FTR1WSoqah3HWQTpaVzGumR1XG2g6kmY2txTr6W2o/5+XkGQHsHfWNtWr6vvw1Q/TyVNPZa6FXUO7CKC9BiNtbVk9bjaUNXjmtrMU5emDSVtIud5BOkZJGmbySqqeoKmtqMpt7SxongqkdOjrKir42rLqh4nT308lTS1LRUdFY/hG5E+BOlipIvZz1bRVUnVd4TqSYhqtU5tTb2Wyoo29fICgnQ3srmyrX6uMlVdLdWORW2Yp46mtqeCptRSj5zsgC4jSM8ii2tL67hqqSrVv65Q7dBUvzyV45RqyizlOSpI2ljQfgTpLdzCWrLyaLVclVX1mHpcUX09FTTlljqSyoqywxlCkB7EY6xHVu6qqGpTU08qT53GKdX0ykVHU26pYKjnuJYQpCfwUVaU1VGVugqqXrJVPYlMbcFT1jblvUe2pVxSS1B2RCOUicYMIkhX4HMBs6tbdJf76nIV2qtfMFXfaeoxRGWenpE85ZraYSpJaimKPiKnw2BLVzFdBVUvclXl8lcytW1RG3rqNE8lTWmauqKUOSrquUD5ijGDIF0Ov5QXRKiyzFYpWKmrDVS1G6odm+ovquSpXfTyviOwdMmqch1DfdUcQ5Cuh2sr2Urr4SXLVaKHkKqSqSckasO6V/SUVr2OplatywzlfrLDGfDjFoJ0H+IlLDjLhOXRSrJVUpU3Vd2ZKla/nYkq56noKevrFTUdYmE6wctcKqlsqHiYUwjSxTTU1rKVpyuxlcXqEO8GtkP17FmPqe5M7UxUT93LPXVrOjHhJClXVJRyTmAcQboe62p25OW6WslKm6wuVd2mytVvO6L6Fb6Op1ccT5mmpOblli5YlnJDLS0XZa4hSLdjXcyitOArd9UqgqEC5qryUIXyVzS1w+LXJap/nrIbMjRNQVNmKQtS5qjtJzuwAOE6gvQIAY7tLQjLwxWilbrKVGWpeuFCHzfVP1PbFrVRA9XxFJqnNE6hoxe6j2jDlJa7t1iMEkm5nuSQ7liMephGkG7DuXzZZc2tBVt5uE4xV60KeIJ1AdNQdZnq00xtW1QpUD2eQtXLPaVhyiwdpyFK4lP203249xCkS2mkLRGWxSuzFVwlsQqqgqlLPFQlU/2bqZ2JKnp6VmieOnHKNaWWshy1BLWlvMsZRpAe4e5dwVxmK89W6iptsNqq2qZCl9JZ2dSORW3k6SXB0z7b08GFMeIh2en79+fnJyeXgdnZmzdv3LhxlXOb87XFlwjSxdgXsnVlW1c6uehv3pwFlpcnJ+fn5+8TMYjFY1D/clP7BFMv+ZrapqhC4dvAU9qJtPDtg2AMQRBfgg++XWCdSg1NbdSf1Imo7gaq7OnYgxUEQZoQW/nLGJS/jqneZupxRYVAdTdQ+/qgu5d4Cq3T6SCeCARpTnCadv+OwEOFlqliM5VGavuieluoUPhCoJ53ezo2HEIQ5B3cG/OYeoV+ldwufuVWartdvk7hK3l6mXs6MzOAoiKIi9jD/xIOhTHDA9D929BUp/hto+PXJarck8QaqHBjpn9pZGRwcOGrsYGB+2sWoVSuoOuFXCq0hiCnl9Dh4yPK3w5tFeYHBuDxh8GRkaX+/n52O5U1U4X+pE5FFVuo7OeReEdS/xB8UYZ6OjW/ygiZCY2TMFcR5JQSevjm6AfO0ZuHfOz8FDN1YmQEnlGikcp+SMmvlfp5OzdR3YFqNVDtPJ2am1xnpDOaTSa9jiCnk4ePbU8Jjx+ysZNzc3am2sWvK1LbuZXqvjcj9SSRQIUH8fuHhmiezoCn48sbFFPwlJhqbiDIaST85kgU9Yc3q3T08vg4ydQZmqnw3C88oM9EdUxt5w6Nu/L1BOoFeCCJdSRRTxeXN4F1Uvdmee2byJJ/65uIH/mEz4T6gf+0D7IPphbC03M8fntORf31559/ZRzS0bOLzFTaoQSPKDWN1LZFpd+aEXqSWKAuTUzQDt+pubnFwGwYSIGgwQp4WgmCsKkw4kc+4TOhfuA3rRhkwyj5aKvhcKyeyZQ3yMde1avxcNis6NG8eyPZjF7YbXUfQk+qeqZiEFHx9ByL0C87j4mpP7198eLtP3/88dWrV3/fhPGzgcW5uSna9QsPE9IfKPzG+hY5mHqGRmonojqVr/1MEv0GKrszM0MDdTHARc0xRSv8RdNyeM5OUNT1qMH+0I21tfVw+CARNKq1cDBTDOWja+FsORbP7MmrKhSN4F68xX3Y3CqkgkaRJOoanp6WcT7euP3hr77eef2Po59efvfs2Xcv//Po1aNHvx/C+JsBMHUATB1kTygRU6Xnk8Tat01Rz4miwpfb+KMOtMN3DDy9FrhzQwUKGjeVe6oVVMSPfEJV9xKZ6O6mqsazeqmoprKl6BNVrR+QaeVSKUcmJKuZahHmK5W2VxNa9KlR31aDOltDNKWqxayaz8JHXzT1oKrmyuIm0rrJ/ghbG7KG+9FMLlej+2BsZaL7MJNS1A06t6EloyRYVaOQLhRUY7uUqQdV42ktmqnHs5nqnrAMoqRLaf5pl+J8XPi3nZ3Xz4/eEk+JqYVHhFfPYcKNO4FrYCp8R3WQRuplEBWeT3JEPde5qPJDvhecQB0buDU3Tjydvkp3UGfN08rKCvNU0/FENhM1mEmGzUJNNTK1mBFUTVPd0wwqqpYPG9EiOfd74bS+pyb21dieGiMT1f191dSimUSavTV19aBO1rb9JAX/V6xtiZsoW++sDVnDFFlvUmOiJsqrZikFc+X47IaWW4ltlVVDT5gxNZGLBbe2YWTIyBTMMMzlLIOo3FRbWAIRdef1v148o7z8ty3q1Wli6vjcLVb8jrDiV37k9/ii8oeSzrNbqCRQB0mgEk8XA9dHp68qgFdUBfEjmVCSWTLMZ+E/IEz+ReNK/UBJRsmf27tKvQzDspJL7JE/VjSDzvdXY2Mlr5tBLagohhYrk5lIlBarsNKsuAmypGKWSqVNa0PWkK63UIN9MGEtuRydnb4qxEmynVqFrNuEDZDpZCY6snKgKKmCuAyihImiikJfOFTUnaQsKky4Oj16PbBITCWROihGqvN4Uruiio/52vdm6M86OIHKCt9AYHT0HhPVW/riaWwm6u4WGaaibKgoxUo2q6epqAnytr6rVPbJ8KCuhGuFbNwWlZLNq/DW1NTdHLU6DR820YuwpWmwoJLbVpRVI61tSBsiQ7reChU1rhGTM9t0drYbxM1VonOCDeMZMiakmfTNFlku/VRcBlGopKKnikJF3Xkplb4w/va96VFopk6R4teJVPZjD/YdmnNSK7W1HzWTRKX3UEnlawUqKXynpqDwHZ0evh0BvJ1JEcSPZCKSz5JhPhGpwTAS1/cikVI6Uj+AaZFIfTdSL5Ph9gF5UZL6yqpmOItni5FCKhIpViNFWLpaNPQYOQPSJ17MBMmrqW1aG7KGdVhltgbbMfWQPbsepEND26Rz0SFJT3hZpW+29iOR9FNxGQRIa1pafK+8BlH/R019+T2I+vshjL89PD0Kxe8U9Pzakep6jvCcqzupsa1+olpfb2OiCoF6jRS+w8NfW/sr355J4zlsJippMqpGIR8x9ORG0ChGNyIpTRL1/+ydXUxTaRrHs7qSOLIKjmVROm2BoiyFAhUQdGYymSupw+0RXaZWnGTmtJSWthRaWLssLiKLxkUzQQIDhjExk4zJrBdKInqhYzYaY6Ix40fcZMeduJrMxWaS2ezdvp+n57Q9QL+Qoc//ghd6gELP++vz8T7v86IY9ZDPP2AXDyI4Wux+j/3Q6Kh9Uvzk4Mxgi/2cs8Xbc87+e3/40z7/EfuJ4YOTflExX06M+I584nN8zJ+Ij+H2AfRUBFQ7ikEPeck7wOGeEV9Li4gA/ZiBikZ0/eCR0AT9goEq+xkQnflRM/0VMak//x3pv5jTP0+RhzUFiNSy4mKSTyImFZcn7V0n7SBPBdQ1Eqh0EZXumsERan41NqjI8S0wamxY9uiCB7sNpKYOp8026fQfnUEvkg9nfT8LtTsvdIm2iQvkmm1iDH3TUX+Pz2YbHhwcCdtso+2DA729NnHEP9g1YLN91uv39x5GP43XUW02L15HVT7Hp2N4g0TILj0RH8+1D06c6CPP0xLy+/GPIx0ZPu/2n7B5HeiX9jnpiK+39x6hX3TNoGc7r/gZUBy1Ud8Xofrzy5+I5ztPHtcYC7Dzi0xqdT6OUonv+5vciEmNt0CzNFDp4gzP+XLPVxah1tfrG5sZqLboEkK4ZWkQe7c7RKdA9JRI/vf2hBN5elBCpL5ipP7hf8Sgvj7EQG1uxM5vJErdwkxqJO8bs0CTGKi8sUNuLq3yxcX4JOVLDKrW0kYlyovyxTbQipS9ZfKwLez2wiuRKR3gpFKDOnWYPmzRUpO6gyzRVNCKX1xHKPN9kwFVGaLSRVRe7GCIRKhGo5WD2ibf5gb3a6XK60Suqwdeh0y+Gb6SDOqL14zTNovVaGRR6ju0POl3SpMaFaQmAiqt86VHLNKqJFKOTyNUblBLLAe42ny9I273SK+v7QBoRQtuUGb1n1cvX7588eKnqXnplTaXSCaVRqm8NJ8fxUjrfZMHlZ6FSqsdkOeL12YMCFRS69CIDGqJGe4LCBTDavDWraDsHXFnCTKpjaTqAYOKV2io74trHjazmodkQP21LETl5YPU8+WpJOz5aq2VdXBTQKDFVFdp1RoLaDqJrNC8XRRVRrhB0ZAlIVB5tQNdRM0hnfERqCSVhAxqEzaoACoItBRQsUlFvm8ZTScRULcwUN+S9rqlACo7FSo3J2eTtIjKU0laa4mpFm4CCLSYak0l1KSWFe8ora7mS6l0rxs2qQmCKus/yFZRebUD93wNNJVUr9c3G7UllToAFQRaVA26yhKtsVmvr6fpJAP3fXnNQ2QldbHGSTH1g1KIuo57vjjna2BVSfqmZq220qRrgJsAAi0OqglFqc28OqnawPK+xPddt1mxkvqrFEDFvR0kUEuJQSWpJFPNnv0yuVtdwqqXq9W9HwRKSHtqTDSdhE1qqRzU3JRBXb9+vaK3A+mVZNhajXO+hQRU5PkqQHUIWSIHzDxQgqAS3xeBWojLCKu3GkjvJEWfh3h1+YvvGaegkq2o66QQtYiEqATURuT5lph0Vbsjf4xLyBq5YOqBEtHuKh1OJ+GCX7xAg4PUIkWQmpe3MaoPd1KgklVU6vm+U1paXM49XzmoDiGLBDYVlIjerdJx37e8GPcjpL5vZCU1JVAVuSQCKmkSuq28TN9EPd8qzbtSfCpklSBOBSUCqqaK+r5N+rJy3OJ3q4GAuikqm5QwqGvi5JKKEKg0RK3XNxYYrdjzjYDaml2gtsLkAyUGKvJ9jQWNJJtUWo1BLYqTTVqTLKis0DeHN2GpLmUhajSoruwCFaJUUAL6iIEqBam8IUuOVO6bLKh4jxtra6Yod6D1gyRE1dVUaT7if4qQZYLJB1q6PtRU1ehYvS+tIowuecjLk7o8JAHqWmUuaTvfiopDVKtJV6OxAKgg0OKgWjQ1OhMGtYlUEaIglbZ5kNXlpwdUvhcVg0pDVCv2fC0fAqgg0BJAjQSpFFR5bVJ6QN1LQS0iXVgwqIWFUoiqDqpjxieKvhkHgAoCvWeRBam0GWHFdpZN4se6JQ3qhg15vF2SDNRtJJeEt7jpdBqN5T0VULsQpuEwQrUrm0D1+WBOguKCatHodGz3OK7Ll4FKjnXDoG5IEFRZewcGKrWob2+vyM8vJRX5rH5QYzGrgNoliiFBOCoiyUgdGj8Td9Kjx9Uu/bJADQZhToLigWrGQSqtIsR1+aX5+fi0KA4qLSKM0+QhUVBJpS+ryFeAujM+qA5RdAtCbxiD6nOkAOqV02TofBoMBn+4LDwan3/+pDtqyLwGRvHH0QEAFZQkqDsVoO7Aad8Kedo3NVDXSqBukoFKkr5WUpekBuoMtqeDItVM8qB2Pj1Jxv57ZOyfut59ZfIL5bAMoI4FEamjwTEAFZQ8qLg2ycrTvnQDjRzUtSmDmisDFdcllembmiVQ98UF1SeiD+c7OnzEpCpAnT7r9T64KKBxvmWu+9lrr/d6NwF17PX881MCv95/f8D7/NTjee8AuvSEYXzs2p8E4fGcclgOP3c0ODoaHAXXF5Sk9kmgNuMiwh2s2peCmpssqFJns8hB45siqzPl9aRdUqWppkpjVgFVDNPxAuZUlIPaPzU323/19uwQHh8K06cRfV8RUC9903nz0kV+/filb4QbD/unkCXtv39qaNyLvdzjlxDhd79+phhml4fUKE5jQPUFJUFGCRQDqllThfek4sZJrGG+VJbPjh6P198sBVCL8TKqEXd3qKmymOtUQMUKhwTHxHBPWAHqsWuXsWW8TEaZ3zs0fpJYTOn65JNZ7OtS11f4sbvzyq2T32Eq7359VzEAqKCVD2qd2VJFN4/jat/idIG6RgJV1t6Brs7gY8YbaXcHjSqoPhqdOgm0CtcXW0rhr9e+IKPQ+U9PIOA9w2NUBCq/Llw5671zUQIV6/HtZ2/KooLrC0oZVI0MVLY+o2jywIt9UwfVIAOVJX1r96kkk4iG0achZTJJaVGP//CVZFHPKCwqujg9NRcF6puKUSGZBEoR1Fop7SuBakgHqOvXS6DSegfeh2VbcVm9bHVGBVQHwfTEUUFwRy3PsBi0e2h8brZz/3fIfj77Xg4qv37jtND/dK7z3lw3jlGn/zHb+eXkGZLn/T5qgOUZ0C8J1AJ9fRlucMa6sWyiC6kMVNqNJUlQc3IIqPh4qEhLX5b0VQEVFzyIPcSeRhc8TF+lWd9HOOs7dHVAvDMlB5VfP3arxfvgtPDlLe/JofEn0+PzLc//1S08mqILqIoBCh5AK13v17K0b6S5Lz8qKodU+6YT1IpYUOvUQIUSQhBIDmpdLKgV6QF1QwRUtoxKm+STU2esHNT3VUCFonwQSAGqhVU86AvrSWnS1grZATS8WX4yoG6MBZVscqOFSWTvTF2DKqiwzQ0EkkBtIKCaaGlSZKObAtSNyYKaJwP1t3JQmwFUABWUHKjNGFTlQureSNek9IFaLgPVXCuB6s82UP0w+0AJgFpr1kRAjSpNyhCorLNZjUYOqjvbQIV+oaCl6wMMqqaGbR1PP6iRM4yVoGoJqBYZqI5sAxVacIMSA9VCQNXGB/WtzSmCGt+iaktoBWHtng+yNESFIBWUCKh7KKiVJRzU0gyDWhwfVEf2gQomFZQ0qMUZADU3CtTCOKC6hSwURKmg5EAtjAI1N0OgksIkOagOISsFNhW0RO2KgEqbsWQI1C2xoOoYqH63wyVkqVwOsKqgBEDVxYLKTrVIG6hFaqAKIBBoEamBKp0TlUZQt8eCurN2zy64CSDQEkDdGQvq9syAasgHUEGgdIFKTh3PEKhR7bcBVBAoKVC3ZRzUshUBqsvVCgKlXS7XsoBalh2gAqSgTMK6qkA10U4sbwDUTphKoMyS2pkhUPH2mTcBqrmuYfcu4BS02qRSwONyjvWJYt+YM3Gbu2t3Q505u0B1wDwCvQn31xXysMOURE/IBaAuIphDoOVQLKd9okx9LgAVOAUtv9zuhU2qi5rTMadzjBpV12oA1dXXt/Df3dOzwP/pCuFIoBd9x/CC+V73REcg0DHhhlkGSlldXQs6v8yehvDnoSRs6soEFf1Xi4HapU6qk4UCHuewuJBB7fIEzvX2ngt45C/x53/5o9qtwJcWuAzKaoXDC4JK4fTQLzwRaGMUiv/4igQVc7rI241LnVSnKA4PCsLgMH4xFsj4dgU6BvE42BFwpgyq4+5t9tlND9KT1tYb9z3hOw9jR9Cq1EggMBL1UGes48tOUZpZwPmNnbQrFtQlcIqQUyMVvSTOyMuh7vm6PR3oYyCAPnR43KmC+u29v9FPfrx5vb293d/67c0H/z569nrMCFqduvB/9s61p60jDcC/cL+e2tJKXfXTcqkxSuxlWQtIQMBCQSbgEMcFGjCY2BjEzebSAgGCEZcAJdxJAiuCUFBCihKlH3fmXIxtbKAhiTA8j5Qc+zDMzIF5/L4zZ2yys1vPCKlZWpKn/9Xfwpi/VZi+EfVCnqaOqfkZ+sQ0WUSNETXPXmyIWmzPixd1dMBnflGtHV/7Td5Js7nTqYs69cZsnlqOlnk64QuZp27Ph0Kh4dEBIeTCnlpPU534fu8rZ+KRIX39KKioeGjPzbXnV1QUpBD1nr7YWyGf5OpP7qX1HPWCnqY09T8ZxSeeZqSeoma7Tx67s+NEfTofmX60uV0tjvvvcpdN4f2D8GGPLurqRvGErypaZut4o/jdtOnpXI90d0T8KywsnHFqTgo7E48M6+uGmDoJfsrJ+UketenUqTs00Vsz+QUF+dFbNGktavzdpmTLSDH8K1mOf7GbM1oUVSOqiK5xopYIEcWDHvWoszS8rIkazFStNMpsHasRVBVV5VHFD+/qZpa9vwsx79ftJR4Z2Nfvxky2/aGRpWXH3kKIn3kmIa1T34uK+t+vJ+rWdqN4ND+sHU2m3cm/m82GqEWalUaZ0U3zi+nMGFEl3ld+RL1JE1R7a8zhcqKmzWLSl0p9ZYl7+eelvpqoCalvgqhe3+DySURNEDXTtDLgCy7Hi7pyOuUl9b3OuO0ikubY3aZUomrhx1pekaMoOVnl1tSp781bTJLT1PLPWkwK62ltWEt9Z496TW/nE0Q1yqgFthsTI6qTxaQbFVILTRUVpsLWlKu+6mJS+Y8nIST9F5MuaOqP59+eycrIyPms2zNvN6OLSdMFuU45Dd31JYhqlAnvH9xeP3Ka5iMH340ujJia8iuK39WNLL/VbsecOjKoryPZ7la7vTUmMUt2eybOy3upbs+k086kL7LhoaA82U8i5ud4xoYH9baMmE7eb/CFIv6nA2Zz50IwXlSjjPfQHJJFw4dDQbnqe3+h0Fq4r21wsM44Tx/hGi4n2e3WvDyr3Z6TIvNVNzzkxZ7IS7XhIZ12Jl1yC2FFdAvh2Z/tILcQPnzotluzzv41vP0rv7PM6H/yNTXFEa4XWXa3eM0vdsdtTjq9hTArPsIm30KYRjuTvsimfOsvSd/yF78pP09uys9jUz5cjlz9pT4rN0VA1Tfl58XE01RJY1pFVD4uCdKdpG9zs+YVFBcX5FmvzdvceEMqpDm8cZyPTIIrT6bCR7HwoUmQfvGUDzcj+4U08fRSHxd6E0VlRQm+5ToSol7GVWSFryHp1/qTFjdVVIB0AlEBEBVRARAVAFERFQBRo6L+AADnQEQFIKIiKgCiAiAqogIgKqICICoAoiIqAKICAKICICqiAtw0UcMPmm1NA9t3E05763wR5+ddb7jhqPsCxUoXjhvPLrFyuluXxrLY3MKQhCsuqrfSE5kWXrrGZ9r1U/fHmm2j8x0JRpT8encl8PiMi3J8DHhW7/z2fac/iQtdSfxaG9K0DM95uvZtsoad8XNEfbrUcWlRHfOu0JRNf/JIPJgdtDEk4apH1DWXtM8xFhNWFpttSn+iETvPzg2KS+PC0ZWxUNWpr9QnE7XeoxcsaevRHpQNnSPq6W79dSZm3s0ZLZe+6mY0QlqIWmaIajtb1Ppn7eddVr0UVWkKdPReSNT+UK0hatG3E9XynaLU9D3WI/0zRIX0E3XX6lutjhF1y/rmbxtavjjgC2WMeCeDm0NVlgnr5Otqpanh6NOhZ+r+nKf5bqyoyo6nSNHLqMdOpxS1dCyy3+JYsPo6nY6F44eB5va1If8pUfcrPcEWpenBrf8F21cCnqkWx/qR3+iXKuqnQGiqJdrVcN3kPzYsu76iTVekV+9poU+8LDTVTZpFOa3BFdHVQKgoes01v2pltwKhjD05JfdWDu/6Qhth0WL0x6BXBIh61URdG1QsT8TYNEQtO7orJpJ6lrj0rN0SDqzu11XvDNssSx3+0bnxmYOl0IeXXsMzXdQy17Cil1GWemw1fc+lqGVBEZHXq5SawPDouie48HtLibEwdCKqK3gwO1QrO1DSViXOi67NVkX7pUbhD7lz4oVAP1XzqkXZCVV72yLT3j6tkv4epbSu21HXq5SJavUGF8dnbi9Gg7FjviqaJnSLXL3ZtiIubPT9+IxTtq7XrVXEYEXUqyJq5GdBW7PN8qTT7X7z2m+IannyPGbyKkQV43fYJgb+Y21aKfNZ6ZNj7HmcqCVtzUaZGl+tYtmtFkU/dYoxX+P74HZPdnaXDdWqca07Seor09LZDfUgm3PUdUf7pae+jvfPuvVT9RG3u+63KlnY8V7rRb0IhgXtZdu/iC8MGg3Wd3VH165EKuAyptFSVHm5oiWt7pq2x0ZzWkUMVkS9ahG1NFAVN0ctDcg1HiMQaaIKGcqEm0rp2LBtJ4WoZa7nRhlj0lkfUl0s2e6NmYvW/G5LIarStFAoo2n/eGPJiBLtlzFHre/4Uz+1qK1CaVZrvRAJs8i1+7WXF6NBKWTMBHgloE+4DVGVqKh9DgAN9wAAF0ZJREFUj43mtIoAUa+eqHLYW2yGqDJnFYJ2JYoqv8FxhqhijmqUKVMTZ4uIqA3jtVJE+fStTXPGkaukEHXrtVP1taavaKJRifYrKmrXn/qpJ3JmbTHFiqqUzrs6/DvqglZmid5ggqjKjn5RyUXVm1MrYrAi6lUT1fK+S4zuj70nqa86jIdt8aIKf8UgHitSUohaGui6a5Sp6RPf7Si3CbXGRGU1fSLQOcpbElZ3E0WVlWsLs4urwRYl2i9D1MVh41S9zGG9tbGihrvl5HTNJWxb2TcaTBR1TV/jTiaqUbdWEYMVUa/SfdRSORXtd63ONExFI6r6pabDWmMxqVtRp3LK0nijus50ao6q3kdtqpSxUy9jWfR05h1WyaIlbc9t4mmkdbJKd2br2J9C1EDzwbpr6qVMs2XnjH4pajKslBw3GqdK+kIfBjq7Y0XdEdPVyqrSMU+n+47faHDpZI7q+OhUSh/oF7XT8fJl/BxV1KTXrVVkmQ+yHQJRr9DOpNBMu2WizRNsV7x94xsrlZ6pdmXW98K+pxaz7PaFZg5228Y3RITc/D6j0K+EA6HBR/OezoOJttVpRduZ9MfPk//+ICd2ehnF0eBa3VC8gdDI6Jgn6JS7ggZtK3Pq7O/UzqSmOU/wYNPV7Nxxre6/l7dbHA9kHNX7pWq2+c87t6pPTnl9nojfse6KvNxt61C7Wu95YR2xKeICVve0bUiDNtHVEVl5uxrwPX/cqjZieV+XX17ubl/HXrgyNPVItq7XrVXkeMIGQ0RlU/63g7gIiAqAqIgKgKgAgKgAiIqoAIgKgKiICoCoiAqAqACIiqgAiIqoAIgKgKiICoCoAICoAIiKqACICoCoiAqAqIgKgKgAiIqoAIgKAIgKgKiICoCoAIiKqACIiqgAiAqAqIgKgKiICoCoAIiKqACICgCICoCoiAqAqACIiqgAiIqoAIgKgKiICoCoAICoAIiKqACICoCoiAqAqIgKgKgAiIqoAIiKqACICoCoiAqAqACAqACIiqgAiAqAqIgKgKiICoCoAIiKqACICgCICoCoiAqAqACIiqgAiIqoAIgKgKiICoCoiAqAqACIiqgAiAoAiAqAqIgKgKgAiIqoAIiKqACICoCoiAqAqACAqACIiqgAiAqAqIgKgKj/Z+9OmJpYEgCOl8+npajIIcrxCCDhvpOIhPuQXR5YLN//0+x0z5EJWJsQwm659ft9hZl/9UxPd49QQaggVKGCUIUKQgWhChWECggVhCpUECoIVaggVKGCUEGoQgWhAkIFoQoVhAoIFYQqVBAqCFWoIFShglBBqEIFoQJCBaEKFYQKQhUqCFWoIFQQqlBBqIBQQahCBaECQgWhChWECkIVKghVqCBUEKpQQaiAUEGoQgWhglCFCkIVKggVhCpUECogVBCqUEGogFBBqEIFoYJQhQpCFSoIFYQqVBAqIFQQqlBBqCBUoYJQhQpCBaEKFYQKCBWEKlQQKiBUEKpQQaggVKGCUIUKQgWhChWECggVhCpUECoIVaggVKGCUEGoQgWhAkIFoQoVhAoIFYQqVBAqCFWoIFShglBBqEIFoQJCBaEKFYQKQhUqCFWoIFQQqlBBqC4CCBWEKlQQKiBUEKpQQaggVKGCUIUKQgWhChWECggVhCpUECoIVaggVKGCUEGoQgWhChWECkIVKggVECoIVaggVBCqUEGoQgWhglCFCkIFhApCFSoIFYQqVBCqUEGoIFShglCFCkIFoQoVhAoIFYQqVBAqCFWoIFShglBBqEIFoQJCBaEKFYQKQhUqCFWoIFQQqlBBqEIFoYJQhQpCBYQKQhUqCBWEKlQQqlBBqCBUoYJQAaGCUIUKQgWhChWEKlQQKghVqCBUoYJQQahCBaECQgWhChWECkIVKghVqCBUEKpQQaiAUEGoQgWhglCFCkIVKggVhCpUEKpQQaggVKGCUAGhglCFCkIFoQoVhCpUECoIVaggVECoIFShglBBqEIFoQoVhApCFSoIVaggVBCqUEGogFBBqEIFoYJQhQpCFSoIFYQqVBAqIFQQqlBBqCBUoYJQ/2OotfrOgVChc6gHO/Xa/yTU9cq2UOExoW5X1oUKQi2FuixUeFqoy88d6vS8UOHpoc4/Y6irE0KFfoU6sfo8oY4+DHVz5+DURYAuQt18GOroM4T6RajQ71C/fPr0sZ+hfnwY6ppQ4XGhrj0M9eOH5wt172+hwiOctkL9e++ZQr26F+o3ocJTQv12L9SrZwh1Sajw1FCX+h7qwK9Dvf6ahrp77CJAx1B301C/XuehTvc11Jcjvx5RqzHUMaFCt6GOxVCrvw515GX/Qx1vxlDDPjehQheOQ6hh80wSanP8vxLqXCnUWkOo0E2ojVqtFercXF9DHSyFulIO9bNQobdQP4dQ8xF1pRTqYK+hvnsY6lYMdSaEuh5D3REqdA51J4a6HkKdiaFuPQz1XW+hvm2F+vpDDHV2IoRabEiNod64CNBNqGMbre2oSagTs2mor1uhvu1PqIsPQ60LFboJtf4w1MU+h/r+fQx1KoQ6PTm38K28z02o0NFNeZfbt4W5yekQ6lQa6vsnhPrHH0Wor2Kon76EUIeTUMOHVKFCb6HGFYST08Mh1C/5Lrc81CS8PoS6Wgr1Ol1D2BAqdA61ka4gvC6FutqHUP8sQh0YiKGWVuXPxVD/SkLdECp0G+pGKdS2z6jp5pks1D/7FWpYQ9isVpMRNSxNqgsVOodajwuT1q+r1eaDFYQ9h/riRRHqyyLU+H0mhrowE5cmpdO+Ry4CdHKUTfqGhUkzCzHU2fwz6vsQ6ssi1CS/HkO9KoWafp9ppisetoUK3Ya6na53aKZfZ7ZaoV49OdShItQPpVDbziEUKnQdanYQS1iYdD/UoX6EGs8hHF1cHY7TviHUagx1bPPcRYCOoYZNbkmo1ez47enh4dXF0ewMwl5DfZOH+i4P9X3pZN/JpSTUMJv0da0yNlYTKnQOtTY2FpfkV5tJqEvZ15ki1IEQ6rs81DePDPVtCHUkCfWq7Qjupbnx0kY3oUJH57ViN+rMeLbJLQ/16ipO+g7FJflPCfXVVelk37h/ZqZZvKQKFboJNXtFbc7EvTNb2am+xUEs/Qo1fkhdnBhuLcu/Xq8kz76HLgJ08jN58q2E5Q75kvzhicXFthOTnhZqdrxZ/n0m/aHbUgg1f/YVKnQRavbkG0JdSn/lVp70HXk51Guo2bTvSFzt+/p1DHV0dmJ4Pj3fLP+SKlTo6DD/ilqcFTo7mm1yiyt9R/JJ355DLS3Ln5oKoYbZpIWZvXwDzb6LAN2F+lcINTz5xlBbf4gqTkx6fKhxS2oRavGSOhsWEYYvqc297NlXqNDRfvbku9cMX1HjJre40vdjfEVthRpW+j4+1LeDQ/cOy18Moc6HL6nh2fd6rbJ94CJAx1C304PNwn9nkgF1Or6itp2+PTT4tg+hZrNJ4dl3K9tA8zndkypU6Ogg3eL2Od06E85hGZ26N5fUU6jZaSyD2SLC5CU1rvbNn32XF8bj5vHk2XfHRYBOdsOAGvaiji8sT86nT75ZqK+yBYRZqC8eHer92aR0S2pYlx9XEWbTSUKFLkLNppLC+sFsRX76ito+l/TUUPOX1KkQavpfi2xIbbgI0EkjH1DTJ98k1KnWK2rPoWbHJuWH5Zd2uqUnESbPvvF3xtXr63WhQudQ19PfQ40vL0+2TiD8ULyipsfktw5M6hRq22ks+WH5A9lvxz+t5Mt90+mkOKTWXQTopB4H1HwqKV3ou5J9RR0YyI/Jv3cOy6NCzWaT8v9aFEPqQjakVlwE6CT732KYSiod6Zt9nEk3o/YeavGSmv7NOD+FO35KDWcRJkNq9fqriwCdhJ2ocUCdm59Pj/SdigNqsSL/VyebdRNq65CH1nLfbKtbOp0UttDshW+pXyuN3YP9w5/nR0c3x99PTi4ubi8vz85+/Phxd/eP6F/t/gn/B9pu6nCf390lN/3Z2eXl7cXFycn34+Ojo/Ofh/v7u41KePANU74LYStqPudbrB+MX1F/cbzDY0KNG2hGBvLlvumQupW9pWbzSWvhTJZabbOxkwd7c3z6PWk2ifbiMjgLfgR3od+7PGH43cTb90cm3thJmZeXFyHOk+/fT4+Pb9JAD3Yam5u1cALLWjaTVLyhpgNq/ooaQ33Xe6ilvxmnz77JS+q9IbX5uVoqtd7Y2d0/PDwvpxpavb29bOWaBQu/sbNcuK9vb9NKW5meHx7u7+406rVWp2FRUtyJWnxEbduLWvwa9ZGhvmn7klo6OCluSs0W/IYhNT78rleKMTU8BeepHp+2Yr3IYs2dwW8tvY9Do3mkSaVFpget8TRsb4sPvumAGt9QF/MBNTsptPQV9U2voQ62HfOwUhpSs4ffsOwhGVM3xsZiqfGFNX0ATobV0Gpaa8w1GV1vb+81C7+T28t4E1/kiZ6EO/w0ZHoTH3rja2kynm4m4+lGMp7GpQ7pg29pQF1pH1CfEGp+ykPx7JtOJ6X/SU2XJy2Mx+1uYUxdq1RiqfV6GFTjqJq1etxWaytZ+E217uSi0STSOJiG0XT/YHenXg/D6Ubl3+3c7VZTSRaHcWActRFkGJcspM3QoCDarWBL7KSd6Q98Atr7v56p/Va1q07lJCFBV8X/cwW6qN/au05OwnsvOaXFN95Qn/mBmjbfjeK1pFmhpktq/lGqjlR5kdBJlfWXbqqfiep/v5LVQqt4dWgRaqs/TKgZ5UlKSsMw1Wn6Sa+n3qksvjJQ6UNU/Spq3Hy7b+TPB/VJ3H237HES3VLj8kufpr7kJ0qy/gaqHz/KXTWswLwEi1YBS2IRary/pL/FKI1SUkpMw+Enprz2qlP6BNUWXxmo8ijJDdQ5oJrWCtR/6WuEW+6WKlKPklQaqhfv3wepPFUD1S9/RqyiNYJN/YVQO7mTayf66urKZumXL18+hmn6gW+n7/lxb8dpvKHqF2fkq6g1qGt9lY+TftJ3HtxXaPLl92yfPqS5MalMlabqh0uyylhJq4C9sv6HULPFY3z1lSOjpDQM08vLD5GpOb3ZG4/398/yxTf74ozbfPvfx58CNT1OiiNVl1+VOhrdyEU1UpXLqmAVrcpVR+xXzxahlrIDLLuuGGWkOkyNqay9N/RGUnLKi68O1OyZ72JQk9RNvaVu20jNpe6F9TdSvXjOVAlr0EpWSSvH/7GEFqHm+jPGR/ozPT26/MQX09/p5F8YU3K6N4pO+YKqA1W/4Ka/7aDPfO8Kdd1DdSOVvkB+6qTypzRBquy/v/2qj5XUKiXDlfrs1SLUZoSTu2Sin3iUslIepsSUx2lwyp/LJKenP9tLSeVA3Zj+nfH6t8fjr/vGj1Lj60m0/L775cW5Sh3SI6U9Wn9fvjw2qrICM1bHNYpFqN3kJCvRDzZKw8rrmPLaO+bPZZxTXnzjZ6jpma//Rd/5oepIdVL1eZJcU1Uqv/lwOB7zUKWpKlYvLggra83Bap8QarF4guVMq9H3dN5VqTB9zUzpPQdzqhfU+CTJfzbjNt+5oa4nqPGz1K345DdKPXhzdDLkdx90qt7GFVgma9TqyCLUfM/VKE/S/zil8hCJmA5Pjo4ODsypfGsme5KUoK7fEWp9pG7Zt2hE6q5KPTrbD1P1kKnKBkxzVbESV/ZamkWozew0XwhRQUpKdZjSs95DforETgfnuzJP+YKqTicO1Fmh+t2XP6HR9wjj8utn6u6uST2hq2q4q7qxalrNq5pFqPHSeabTrUaP6UEvD9Ow9NLl9CQwfUNOd80pz1O3+Orbg9kvbz9+NCfU+IMsaaTK+0n0QMlmqryjFC6qgeqQqY5GezZXndYOWIRaToGa0dtb2XhJqUzT4ZDGqVxP3TzlH2Dhd5KKgVr8/uBcUG33tdeT7Mnvwx2VSp+n2lANVI+GdFeltwpHsgQLVwZ7exz7DaGGO3bdckxUkYZZSnfTYVAaxyl9fqpOdx76xdcGanfz7YfqX/d1P8Sdnie5B0ok1dbf88GA91/ZgOm6qlYZq2pVsNYxQo2WTvFLNfr6xis9OROm9DbSOTmlx0jidLtwmm6oHura9CbdUt01NZf6jqTy/vvqQKiqVcYqi/CNkXVoEWq21ykWuhcOOiFlpcKUnvWGrZfWXvr4tOLU3nWo3FDnhuqWX76m5tvvW15/leqAqfJl1azaGuy9xl4j1G50hPeU6GjMSE2pPkKin13ZZaZ8PX2b773/dk6zgXpnqP55koxUkbqtUmmo6lVVqUarjJW0Hob/yci3h1C72TEej5XoIR10U5qY0uVUx+lbe45ETuMT3/QkaSGo2UjtSt229TdS9VZpB05aFeyhqrVGCDXRuMxO874a1Y1XlA54mDLTuPZu151WbqizQ61KfdqVumNDNVE9HwwG8hRYuVIilttHaEUaDpnn2ZkSfSOjlJ8gZUzt49Pc6dOJTu8ItSN1M0mtUDWrrw5EKz8NVrGC9uTEyUWolezsnrmUaDAqSFlpl2mf0yVAtZGq19RSqgzVjKpaNaxBq3KNYn1nCLVWOr5yrA/UKI9SVZox1XFaOpULaj5Q54Vae55UStWhKlT1sZJadVjVK4tNZBFqvAPtlRolpLzxZkqVqYzTa3shKTqtPkm6E1SSul6XSkM17r9KNczVoPVUtIrXANbEDjK5CDWcHebzcxujYvSUIqWRaTZOu07XO4vvTFAj1cd9M1UfKdn+y1M1bMDeKmEVruJVyHIDhJrt3LVrQuMgjUp553VMde3tm6eP52HageqvqZnUNFQTVRmrhjVyVbDaLkIN96Lol0hUkdowTUxlnHadVi+oc0LtLL9Jqq2/BVWzmrAq1+D1XSSb9QKh9tLTy8f61HpmSJ3SnKmsvR2nd1t8E9Ripj4opepQdVRlrHqsytXA+t4h1Fin1Z4Z0YS0zrR0+qA6T5cANZea9l+iGq1GrE6rJ4vQipQdbzKakKpSYnrtmJbzdCGodalp+61QFasPo1XFqlwLsAitUHS+I1FBakrtEZJdTh3T7t47v9MKVJX6IJMqVDc9VbbKWL1WFatos/B3Ru14zJIT7c/4ToY0DtMwTTeVqXf6oHC6CNQeqW6oFlYdVtKacUVoFdsxowlpGqZhmrpxOt3p7FD7Z2oaqkr1H4lqsOqwqtZIFmrRqtmMQqNRGaWqNN5NmWm29i48T6fOVJFaUGWrOVbjmotFaKV66NvySNMwzZj2O10cqpOaU61YJaym1YNFaEXbEqMRaaa0YNp1eleoTmoxU4uh6qlGq5v2b72+zsFm4W+LVgCnAXVE5fGRKo1MO+O0Ok/ndFqHGodqolqxqlgT10T2ulcuQk2UHeZ/Fm0K0rpSZVqO0wWgTth+vdScarLKWKPW3CtCq5sZVaSqNGc6xena2gJQZ6FqVg1rh6sPf1K0WjxLoozUlM7O9E5Qe6WWVCdgNa89aBFqt3S6/ZmvIM2ZLtXpZKk51a5Vxppz7bJFqO1q51tO/tOq0jrTJTidJpWpFlYZq2g1r3WxCK1OdtL14D/JkCalwnT5TnukeqqlVcEauTqxCK1i6aTr0f+pprTGdElOc6kF1a5VjzVyzckitHq5o54R2JiiNGO6kNN+qUo1s5pj7ZpFaOWqnfmNrtKS6TKdFlI7VHOrUWuVK0I/QhuZ0YlKc6YLOy2ldqma1Yg1agVY9AMCdUYNaVdpwXQJTmehGq06rZnXIvxR0YqQLHLHP5l4/G2YzkY105p5ncoWoXbrnnTvoC7lvph2pU6gWmitgkVoNSuO/kQij+7RaYVqD9au12r406LGMVbrc9FVtLb85qM6l1mE2m4mCt+EaVXqzFoR+qGr21m7rx49AlaEloH0Hpn2WoVWhGY1et9Kp1mFV4T6hX4rpbNYBVkEnt9f6VxaEULfzSi0ItSKUYBFqBWgAItQQ0BhFkEnQgghhBBCCCGEEEIIIYQQQgghhBCK/R++bxeSSBwofAAAAABJRU5ErkJggg==" alt="hello world in browser"></p> <h2 id="step-8-experiment-with-some-other-commands">Step 8: Experiment with some other commands</h2> <p>If you want to run your services in the background, you can pass the <code class="language-plaintext highlighter-rouge">-d</code> flag (for “detached” mode) to <code class="language-plaintext highlighter-rouge">docker-compose up</code> and use <code class="language-plaintext highlighter-rouge">docker-compose ps</code> to see what is currently running:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose up -d
+
+Starting composetest_redis_1...
+Starting composetest_web_1...
+
+$ docker-compose ps
+
+       Name                      Command               State           Ports         
+-------------------------------------------------------------------------------------
+composetest_redis_1   docker-entrypoint.sh redis ...   Up      6379/tcp              
+composetest_web_1     flask run                        Up      0.0.0.0:8000-&gt;5000/tcp
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">docker-compose run</code> command allows you to run one-off commands for your services. For example, to see what environment variables are available to the <code class="language-plaintext highlighter-rouge">web</code> service:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose run web env
+</pre></div> <p>See <code class="language-plaintext highlighter-rouge">docker-compose --help</code> to see other available commands.</p> <p>If you started Compose with <code class="language-plaintext highlighter-rouge">docker-compose up -d</code>, stop your services once you’ve finished with them:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose stop
+</pre></div> <p>You can bring everything down, removing the containers entirely, with the <code class="language-plaintext highlighter-rouge">down</code> command. Pass <code class="language-plaintext highlighter-rouge">--volumes</code> to also remove the data volume used by the Redis container:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose down --volumes
+</pre></div> <p>At this point, you have seen the basics of how Compose works.</p> <h2 id="where-to-go-next">Where to go next</h2> <ul> <li>Next, try the <a href="../samples-for-compose/index">Sample apps with Compose</a>
+</li> <li><a href="../reference/index">Explore the full list of Compose commands</a></li> <li><a href="../compose-file/index">Compose configuration file reference</a></li> <li>To learn more about volumes and bind mounts, see <a href="https://docs.docker.com/storage/">Manage data in Docker</a>
+</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=containers">containers</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/gettingstarted/" class="_attribution-link">https://docs.docker.com/compose/gettingstarted/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fgpu-support%2Findex.html b/devdocs/docker/compose%2Fgpu-support%2Findex.html
new file mode 100644
index 00000000..02d3394f
--- /dev/null
+++ b/devdocs/docker/compose%2Fgpu-support%2Findex.html
@@ -0,0 +1,119 @@
+<h1>Enabling GPU access with Compose</h1>
+
+<p>Compose services can define GPU device reservations if the Docker host contains such devices and the Docker Daemon is set accordingly. For this, make sure to install the <a href="https://docs.docker.com/config/containers/resource_constraints/#gpu">prerequisites</a> if you have not already done so.</p> <p>The examples in the following sections focus specifically on providing service containers access to GPU devices with Docker Compose. You can use either <code class="language-plaintext highlighter-rouge">docker-compose</code> or <code class="language-plaintext highlighter-rouge">docker compose</code> commands.</p> <h3 id="use-of-service-runtime-property-from-compose-v23-format-legacy">Use of service <code class="language-plaintext highlighter-rouge">runtime</code> property from Compose v2.3 format (legacy)</h3> <p>Docker Compose v1.27.0+ switched to using the Compose Specification schema which is a combination of all properties from 2.x and 3.x versions. This re-enabled the use of service properties as <a href="../compose-file/compose-file-v2/index#runtime">runtime</a> to provide GPU access to service containers. However, this does not allow to have control over specific properties of the GPU devices.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  test:
+    image: nvidia/cuda:10.2-base
+    command: nvidia-smi
+    runtime: nvidia
+
+</pre></div> <h3 id="enabling-gpu-access-to-service-containers">Enabling GPU access to service containers</h3> <p>Docker Compose v1.28.0+ allows to define GPU reservations using the <a href="https://github.com/compose-spec/compose-spec/blob/master/deploy/#devices">device</a> structure defined in the Compose Specification. This provides more granular control over a GPU reservation as custom values can be set for the following device properties:</p> <ul> <li>
+<a href="https://github.com/compose-spec/compose-spec/blob/master/deploy/#capabilities" target="_blank" rel="noopener" class="_">capabilities</a> - value specifies as a list of strings (eg. <code class="language-plaintext highlighter-rouge">capabilities: [gpu]</code>). You must set this field in the Compose file. Otherwise, it returns an error on service deployment.</li> <li>
+<a href="https://github.com/compose-spec/compose-spec/blob/master/deploy/#count" target="_blank" rel="noopener" class="_">count</a> - value specified as an int or the value <code class="language-plaintext highlighter-rouge">all</code> representing the number of GPU devices that should be reserved ( providing the host holds that number of GPUs).</li> <li>
+<a href="https://github.com/compose-spec/compose-spec/blob/master/deploy/#device_ids" target="_blank" rel="noopener" class="_">device_ids</a> - value specified as a list of strings representing GPU device IDs from the host. You can find the device ID in the output of <code class="language-plaintext highlighter-rouge">nvidia-smi</code> on the host.</li> <li>
+<a href="https://github.com/compose-spec/compose-spec/blob/master/deploy/#driver" target="_blank" rel="noopener" class="_">driver</a> - value specified as a string (eg. <code class="language-plaintext highlighter-rouge">driver: 'nvidia'</code>)</li> <li>
+<a href="https://github.com/compose-spec/compose-spec/blob/master/deploy/#options" target="_blank" rel="noopener" class="_">options</a> - key-value pairs representing driver specific options.</li> </ul> <blockquote> <p><strong>Note</strong></p> <p>You must set the <code class="language-plaintext highlighter-rouge">capabilities</code> field. Otherwise, it returns an error on service deployment.</p> <p><code class="language-plaintext highlighter-rouge">count</code> and <code class="language-plaintext highlighter-rouge">device_ids</code> are mutually exclusive. You must only define one field at a time.</p> </blockquote> <p>For more information on these properties, see the <code class="language-plaintext highlighter-rouge">deploy</code> section in the <a href="https://github.com/compose-spec/compose-spec/blob/master/deploy/#devices" target="_blank" rel="noopener" class="_">Compose Specification</a>.</p> <p>Example of a Compose file for running a service with access to 1 GPU device:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  test:
+    image: nvidia/cuda:10.2-base
+    command: nvidia-smi
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities: [gpu]
+</pre></div> <p>Run with Docker Compose:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose up
+Creating network "gpu_default" with the default driver
+Creating gpu_test_1 ... done
+Attaching to gpu_test_1    
+test_1  | +-----------------------------------------------------------------------------+
+test_1  | | NVIDIA-SMI 450.80.02    Driver Version: 450.80.02    CUDA Version: 11.1     |
+test_1  | |-------------------------------+----------------------+----------------------+
+test_1  | | GPU  Name        Persistence-M| Bus-Id        Disp.A | Volatile Uncorr. ECC |
+test_1  | | Fan  Temp  Perf  Pwr:Usage/Cap|         Memory-Usage | GPU-Util  Compute M. |
+test_1  | |                               |                      |               MIG M. |
+test_1  | |===============================+======================+======================|
+test_1  | |   0  Tesla T4            On   | 00000000:00:1E.0 Off |                    0 |
+test_1  | | N/A   23C    P8     9W /  70W |      0MiB / 15109MiB |      0%      Default |
+test_1  | |                               |                      |                  N/A |
+test_1  | +-------------------------------+----------------------+----------------------+
+test_1  |                                                                                
+test_1  | +-----------------------------------------------------------------------------+
+test_1  | | Processes:                                                                  |
+test_1  | |  GPU   GI   CI        PID   Type   Process name                  GPU Memory |
+test_1  | |        ID   ID                                                   Usage      |
+test_1  | |=============================================================================|
+test_1  | |  No running processes found                                                 |
+test_1  | +-----------------------------------------------------------------------------+
+gpu_test_1 exited with code 0
+
+</pre></div> <p>If no <code class="language-plaintext highlighter-rouge">count</code> or <code class="language-plaintext highlighter-rouge">device_ids</code> are set, all GPUs available on the host are going to be used by default.</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  test:
+    image: tensorflow/tensorflow:latest-gpu
+    command: python -c "import tensorflow as tf;tf.test.gpu_device_name()"
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - capabilities: [gpu]
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose up
+Creating network "gpu_default" with the default driver
+Creating gpu_test_1 ... done
+Attaching to gpu_test_1
+test_1  | I tensorflow/stream_executor/platform/default/dso_loader.cc:48] Successfully opened dynamic library libcudart.so.10.1
+.....
+test_1  | I tensorflow/core/common_runtime/gpu/gpu_device.cc:1402]
+Created TensorFlow device (/device:GPU:0 with 13970 MB memory) -&gt; physical GPU (device: 0, name: Tesla T4, pci bus id: 0000:00:1e.0, compute capability: 7.5)
+test_1  | /device:GPU:0
+gpu_test_1 exited with code 0
+</pre></div> <p>On machines hosting multiple GPUs, <code class="language-plaintext highlighter-rouge">device_ids</code> field can be set to target specific GPU devices and <code class="language-plaintext highlighter-rouge">count</code> can be used to limit the number of GPU devices assigned to a service container. If <code class="language-plaintext highlighter-rouge">count</code> exceeds the number of available GPUs on the host, the deployment will error out.</p> <div class="highlight"><pre class="highlight" data-language="">$ nvidia-smi   
++-----------------------------------------------------------------------------+
+| NVIDIA-SMI 450.80.02    Driver Version: 450.80.02    CUDA Version: 11.0     |
+|-------------------------------+----------------------+----------------------+
+| GPU  Name        Persistence-M| Bus-Id        Disp.A | Volatile Uncorr. ECC |
+| Fan  Temp  Perf  Pwr:Usage/Cap|         Memory-Usage | GPU-Util  Compute M. |
+|                               |                      |               MIG M. |
+|===============================+======================+======================|
+|   0  Tesla T4            On   | 00000000:00:1B.0 Off |                    0 |
+| N/A   72C    P8    12W /  70W |      0MiB / 15109MiB |      0%      Default |
+|                               |                      |                  N/A |
++-------------------------------+----------------------+----------------------+
+|   1  Tesla T4            On   | 00000000:00:1C.0 Off |                    0 |
+| N/A   67C    P8    11W /  70W |      0MiB / 15109MiB |      0%      Default |
+|                               |                      |                  N/A |
++-------------------------------+----------------------+----------------------+
+|   2  Tesla T4            On   | 00000000:00:1D.0 Off |                    0 |
+| N/A   74C    P8    12W /  70W |      0MiB / 15109MiB |      0%      Default |
+|                               |                      |                  N/A |
++-------------------------------+----------------------+----------------------+
+|   3  Tesla T4            On   | 00000000:00:1E.0 Off |                    0 |
+| N/A   62C    P8    11W /  70W |      0MiB / 15109MiB |      0%      Default |
+|                               |                      |                  N/A |
++-------------------------------+----------------------+----------------------+
+</pre></div> <p>To enable access only to GPU-0 and GPU-3 devices:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  test:
+    image: tensorflow/tensorflow:latest-gpu
+    command: python -c "import tensorflow as tf;tf.test.gpu_device_name()"
+    deploy:
+      resources:
+        reservations:
+          devices:
+          - driver: nvidia
+            device_ids: ['0', '3']
+            capabilities: [gpu]
+
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose up
+...
+Created TensorFlow device (/device:GPU:0 with 13970 MB memory -&gt; physical GPU (device: 0, name: Tesla T4, pci bus id: 0000:00:1b.0, compute capability: 7.5)
+...
+Created TensorFlow device (/device:GPU:1 with 13970 MB memory) -&gt; physical GPU (device: 1, name: Tesla T4, pci bus id: 0000:00:1e.0, compute capability: 7.5)
+...
+gpu_test_1 exited with code 0
+</pre></div> 
+<p><a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=GPU%20access">GPU access</a>, <a href="https://docs.docker.com/search/?q=NVIDIA">NVIDIA</a>, <a href="https://docs.docker.com/search/?q=samples">samples</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/gpu-support/" class="_attribution-link">https://docs.docker.com/compose/gpu-support/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Findex.html b/devdocs/docker/compose%2Findex.html
new file mode 100644
index 00000000..b0e61d85
--- /dev/null
+++ b/devdocs/docker/compose%2Findex.html
@@ -0,0 +1,28 @@
+<h1>Overview of Docker Compose</h1>
+
+<blockquote> <p><strong>Looking for Compose file reference?</strong> <a href="compose-file/index">Find the latest version here</a>.</p> </blockquote> <p>Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration. To learn more about all the features of Compose, see <a href="#features">the list of features</a>.</p> <p>Compose works in all environments: production, staging, development, testing, as well as CI workflows. You can learn more about each case in <a href="#common-use-cases">Common Use Cases</a>.</p> <p>Using Compose is basically a three-step process:</p> <ol> <li> <p>Define your app’s environment with a <code class="language-plaintext highlighter-rouge">Dockerfile</code> so it can be reproduced anywhere.</p> </li> <li> <p>Define the services that make up your app in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> so they can be run together in an isolated environment.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker compose up</code> and the <a href="#compose-v2-and-the-new-docker-compose-command">Docker compose command</a> starts and runs your entire app. You can alternatively run <code class="language-plaintext highlighter-rouge">docker-compose up</code> using the docker-compose binary.</p> </li> </ol> <p>A <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"  # optional since v1.27.0
+services:
+  web:
+    build: .
+    ports:
+      - "8000:5000"
+    volumes:
+      - .:/code
+      - logvolume01:/var/log
+    links:
+      - redis
+  redis:
+    image: redis
+volumes:
+  logvolume01: {}
+</pre></div> <p>For more information about the Compose file, see the <a href="compose-file/index">Compose file reference</a>.</p> <p>Compose has commands for managing the whole lifecycle of your application:</p> <ul> <li>Start, stop, and rebuild services</li> <li>View the status of running services</li> <li>Stream the log output of running services</li> <li>Run a one-off command on a service</li> </ul> <h2 id="compose-v2-and-the-new-docker-compose-command">Compose V2 and the new <code class="language-plaintext highlighter-rouge">docker compose</code> command</h2> <blockquote class="important"> <p>Important</p> <p>The new Compose V2, which supports the <code class="language-plaintext highlighter-rouge">compose</code> command as part of the Docker CLI, is now available.</p> <p>Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous <code class="language-plaintext highlighter-rouge">docker-compose</code> features and flags. You can run Compose V2 by replacing the hyphen (<code class="language-plaintext highlighter-rouge">-</code>) with a space, using <code class="language-plaintext highlighter-rouge">docker compose</code>, instead of <code class="language-plaintext highlighter-rouge">docker-compose</code>.</p> </blockquote> <p>If you rely on using Docker Compose as <code class="language-plaintext highlighter-rouge">docker-compose</code> (with a hyphen), you can set up Compose V2 to act as a drop-in replacement of the previous <code class="language-plaintext highlighter-rouge">docker-compose</code>. Refer to the <a href="install/index">Installing Compose</a> section for detailed instructions.</p> <h2 id="context-of-docker-compose-evolution">Context of Docker Compose evolution</h2> <p>Introduction of the <a href="https://github.com/compose-spec/compose-spec" target="_blank" rel="noopener" class="_">Compose specification</a> makes a clean distinction between the Compose YAML file model and the <code class="language-plaintext highlighter-rouge">docker-compose</code> implementation. Making this change has enabled a number of enhancements, including adding the <code class="language-plaintext highlighter-rouge">compose</code> command directly into the Docker CLI, being able to “up” a Compose application on cloud platforms by simply switching the Docker context, and launching of <a href="https://docs.docker.com/cloud/ecs-integration/">Amazon ECS</a> and <a href="https://docs.docker.com/cloud/aci-integration/">Microsoft ACI</a>. As the Compose specification evolves, new features land faster in the Docker CLI.</p> <p>Compose V2 relies directly on the compose-go bindings which are maintained as part of the specification. This allows us to include community proposals, experimental implementations by the Docker CLI and/or Engine, and deliver features faster to users. Compose V2 also supports some of the newer additions to the specification, such as <a href="profiles/index">profiles</a> and <a href="gpu-support/index">GPU</a> devices.</p> <p>Compose V2 has been re-written in <a href="https://go.dev">Go</a>, which improves integration with other Docker command-line features, and allows it to run natively on <a href="https://docs.docker.com/desktop/mac/apple-silicon/">macOS on Apple silicon</a>, Windows, and Linux, without dependencies such as Python.</p> <p>For more information about compatibility with the compose v1 command-line, see the <a href="cli-command-compatibility/index">docker-compose compatibility list</a>.</p> <h2 id="features">Features</h2> <p>The features of Compose that make it effective are:</p> <ul> <li><a href="#multiple-isolated-environments-on-a-single-host">Multiple isolated environments on a single host</a></li> <li><a href="#preserve-volume-data-when-containers-are-created">Preserve volume data when containers are created</a></li> <li><a href="#only-recreate-containers-that-have-changed">Only recreate containers that have changed</a></li> <li><a href="#variables-and-moving-a-composition-between-environments">Variables and moving a composition between environments</a></li> </ul> <h3 id="multiple-isolated-environments-on-a-single-host">Multiple isolated environments on a single host</h3> <p>Compose uses a project name to isolate environments from each other. You can make use of this project name in several different contexts:</p> <ul> <li>on a dev host, to create multiple copies of a single environment, such as when you want to run a stable copy for each feature branch of a project</li> <li>on a CI server, to keep builds from interfering with each other, you can set the project name to a unique build number</li> <li>on a shared host or dev host, to prevent different projects, which may use the same service names, from interfering with each other</li> </ul> <p>The default project name is the basename of the project directory. You can set a custom project name by using the <a href="reference/index"><code class="language-plaintext highlighter-rouge">-p</code> command line option</a> or the <a href="reference/envvars/index#compose_project_name"><code class="language-plaintext highlighter-rouge">COMPOSE_PROJECT_NAME</code> environment variable</a>.</p> <p>The default project directory is the base directory of the Compose file. A custom value for it can be defined with the <code class="language-plaintext highlighter-rouge">--project-directory</code> command line option.</p> <h3 id="preserve-volume-data-when-containers-are-created">Preserve volume data when containers are created</h3> <p>Compose preserves all volumes used by your services. When <code class="language-plaintext highlighter-rouge">docker-compose up</code> runs, if it finds any containers from previous runs, it copies the volumes from the old container to the new container. This process ensures that any data you’ve created in volumes isn’t lost.</p> <p>If you use <code class="language-plaintext highlighter-rouge">docker-compose</code> on a Windows machine, see <a href="reference/envvars/index">Environment variables</a> and adjust the necessary environment variables for your specific needs.</p> <h3 id="only-recreate-containers-that-have-changed">Only recreate containers that have changed</h3> <p>Compose caches the configuration used to create a container. When you restart a service that has not changed, Compose re-uses the existing containers. Re-using containers means that you can make changes to your environment very quickly.</p> <h3 id="variables-and-moving-a-composition-between-environments">Variables and moving a composition between environments</h3> <p>Compose supports variables in the Compose file. You can use these variables to customize your composition for different environments, or different users. See <a href="compose-file/compose-file-v3/index#variable-substitution">Variable substitution</a> for more details.</p> <p>You can extend a Compose file using the <code class="language-plaintext highlighter-rouge">extends</code> field or by creating multiple Compose files. See <a href="extends/index">extends</a> for more details.</p> <h2 id="common-use-cases">Common use cases</h2> <p>Compose can be used in many different ways. Some common use cases are outlined below.</p> <h3 id="development-environments">Development environments</h3> <p>When you’re developing software, the ability to run an application in an isolated environment and interact with it is crucial. The Compose command line tool can be used to create the environment and interact with it.</p> <p>The <a href="compose-file/index">Compose file</a> provides a way to document and configure all of the application’s service dependencies (databases, queues, caches, web service APIs, etc). Using the Compose command line tool you can create and start one or more containers for each dependency with a single command (<code class="language-plaintext highlighter-rouge">docker-compose up</code>).</p> <p>Together, these features provide a convenient way for developers to get started on a project. Compose can reduce a multi-page “developer getting started guide” to a single machine readable Compose file and a few commands.</p> <h3 id="automated-testing-environments">Automated testing environments</h3> <p>An important part of any Continuous Deployment or Continuous Integration process is the automated test suite. Automated end-to-end testing requires an environment in which to run tests. Compose provides a convenient way to create and destroy isolated testing environments for your test suite. By defining the full environment in a <a href="compose-file/index">Compose file</a>, you can create and destroy these environments in just a few commands:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose up -d
+$ ./run_tests
+$ docker-compose down
+</pre></div> <h3 id="single-host-deployments">Single host deployments</h3> <p>Compose has traditionally been focused on development and testing workflows, but with each release we’re making progress on more production-oriented features.</p> <p>For details on using production-oriented features, see <a href="production/index">compose in production</a> in this documentation.</p> <h2 id="release-notes">Release notes</h2> <p>To see a detailed list of changes for past and current releases of Docker Compose, refer to the <a href="https://github.com/docker/compose/blob/master/CHANGELOG/">CHANGELOG</a>.</p> <h2 id="getting-help">Getting help</h2> <p>Docker Compose is under active development. If you need help, would like to contribute, or simply want to talk about the project with like-minded individuals, we have a number of open channels for communication.</p> <ul> <li> <p>To report bugs or file feature requests: use the <a href="https://github.com/docker/compose/issues">issue tracker on Github</a>.</p> </li> <li> <p>To talk about the project with people in real time: join the <code class="language-plaintext highlighter-rouge">#docker-compose</code> channel on the Docker Community Slack.</p> </li> <li> <p>To contribute code or documentation changes: submit a <a href="https://github.com/docker/compose/pulls">pull request on Github</a>.</p> </li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=containers">containers</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/" class="_attribution-link">https://docs.docker.com/compose/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Finstall%2Findex.html b/devdocs/docker/compose%2Finstall%2Findex.html
new file mode 100644
index 00000000..f6bafd5c
--- /dev/null
+++ b/devdocs/docker/compose%2Finstall%2Findex.html
@@ -0,0 +1,36 @@
+<h1>Install Docker Compose</h1>
+
+<p>This page contains information on how to install Docker Compose. You can run Compose on macOS, Windows, and 64-bit Linux.</p> <h2 id="prerequisites">Prerequisites</h2> <p>Docker Compose relies on Docker Engine for any meaningful work, so make sure you have Docker Engine installed either locally or remote, depending on your setup.</p> <ul> <li> <p>On desktop systems like Docker Desktop for Mac and Windows, Docker Compose is included as part of those desktop installs.</p> </li> <li> <p>On Linux systems, you can install Docker Compose with the Docker Engine using the <a href="../../engine/install/index#server" target="_blank" rel="noopener" class="_">convenience script</a>. Select the install Docker Engine page for your distribution and then look for instructions on installing using the convenience script.<br> Otherwise, you should first install the <a href="../../engine/install/index#server" target="_blank" rel="noopener" class="_">Docker Engine</a> for your OS and then refer to this page for instructions on installing Compose on Linux systems.</p> </li> <li> <p>To run Compose as a non-root user, see <a href="../../engine/install/linux-postinstall/index">Manage Docker as a non-root user</a>.</p> </li> </ul> <h2 id="install-compose">Install Compose</h2> <p>Follow the instructions below to install Compose on Mac, Windows, Windows Server, or Linux systems.</p> <blockquote> <p>Install a different version</p> <p>The instructions below outline installation of the current stable release (<strong>v2.5.0</strong>) of Compose. To install a different version of Compose, replace the given release number with the one that you want.</p> <p>Compose releases are also listed and available for direct download on the <a href="https://github.com/docker/compose/releases" target="_blank" rel="noopener" class="_">Compose repository release page on GitHub</a>.</p> <p>To install the Python version of Compose, follow instructions in the <a href="https://github.com/docker/compose/blob/master/INSTALL/" target="_blank" rel="noopener" class="_">Compose v1 GitHub branch</a>.</p> </blockquote> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#macOS">Mac</a></li> <li><a data-toggle="tab" data-target="#windows">Windows</a></li> <li><a data-toggle="tab" data-target="#windows-server">Windows Server</a></li> <li><a data-toggle="tab" data-target="#linux">Linux</a></li> <li><a data-toggle="tab" data-target="#linux-standalone">Linux Standalone binary</a></li> </ul> <div class="tab-content"> <div id="macOS" class="tab-pane fade in active"> <h3 id="install-compose-on-macos">Install Compose on macOS</h3> <p><strong>Docker Desktop for Mac</strong> includes Compose along with other Docker apps, so Mac users do not need to install Compose separately. For installation instructions, see <a href="https://docs.docker.com/desktop/mac/install/">Install Docker Desktop on Mac</a>.</p> </div> <div id="windows" class="tab-pane fade"> <h3 id="install-compose-on-windows-desktop-systems">Install Compose on Windows desktop systems</h3> <p><strong>Docker Desktop for Windows</strong> includes Compose along with other Docker apps, so most Windows users do not need to install Compose separately. For install instructions, see <a href="https://docs.docker.com/desktop/windows/install/">Install Docker Desktop on Windows</a>.</p> <p>If you are running the Docker daemon and client directly on Microsoft Windows Server, follow the instructions in the Windows Server tab.</p> </div> <div id="windows-server" class="tab-pane fade"> <h3 id="install-compose-on-windows-server">Install Compose on Windows Server</h3> <p>Follow these instructions if you are running the Docker daemon and client directly on Microsoft Windows Server and want to install Docker Compose.</p> <ol> <li> <p>Start an “elevated” PowerShell (run it as administrator). Search for PowerShell, right-click, and choose <strong>Run as administrator</strong>. When asked if you want to allow this app to make changes to your device, click <strong>Yes</strong>.</p> </li> <li> <p>In PowerShell, since GitHub now requires TLS1.2, run the following:</p> <div class="highlight"><pre class="highlight" data-language="">[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+</pre></div>  <p>Then run the following command to download the current stable release of Compose (v2.5.0):</p> <div class="highlight"><pre class="highlight" data-language="">Invoke-WebRequest "https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-Windows-x86_64.exe" -UseBasicParsing -OutFile $Env:ProgramFiles\Docker\docker-compose.exe
+</pre></div>  <blockquote> <p><strong>Note</strong></p> <p>On Windows Server 2019, you can add the Compose executable to <code class="language-plaintext highlighter-rouge">$Env:ProgramFiles\Docker</code>. Because this directory is registered in the system <code class="language-plaintext highlighter-rouge">PATH</code>, you can run the <code class="language-plaintext highlighter-rouge">docker-compose --version</code> command on the subsequent step with no additional configuration.</p> </blockquote> <blockquote> <p>To install a different version of Compose, substitute <code class="language-plaintext highlighter-rouge">v2.5.0</code> with the version of Compose you want to use.</p> </blockquote> </li> <li> <p>Test the installation.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker compose version
+Docker Compose version v2.5.0
+</pre></div>  </li> </ol> </div> <div id="linux" class="tab-pane fade"> <h3 id="install-compose-on-linux-systems">Install Compose on Linux systems</h3> <p>You can install Docker Compose in different ways, depending on your needs:</p> <ul> <li>In testing and development environments, some users choose to use automated <a href="#install-using-the-convenience-script">convenience scripts</a> to install Docker.</li> <li>Most users <a href="#install-using-the-repository">set up Docker’s repositories</a> and install from them, for ease of installation and upgrade tasks. This is the recommended approach.</li> <li>Some users <a href="#install-the-binary-manually">download and install the binary</a>, and manage upgrades manually.</li> </ul> <h4 id="install-using-the-convenience-script">Install using the convenience script</h4> <p>As Docker Compose is now part of the Docker CLI it can be installed via a convenience script with Docker Engine and the CLI.<br> <a href="../../engine/install/index#server">Choose your Linux distribution</a> and follow the instructions.</p> <h4 id="install-using-the-repository">Install using the repository</h4> <p>If you already follow the instructions to install Docker Engine, Docker Compose should already be installed. <br> Otherwise, you can set up the Docker repository as mentioned in the Docker Engine installation, <a href="../../engine/install/index#server">choose your Linux distribution</a> and go to the <code class="language-plaintext highlighter-rouge">Set up the repository</code> section.</p> <p>When finished</p> <ol> <li> <p>Update the <code class="language-plaintext highlighter-rouge">apt</code> package index, and install the <em>latest version</em> of Docker Compose, or go to the next step to install a specific version:</p> <div class="highlight"><pre class="highlight" data-language=""> $ sudo apt-get update
+ $ sudo apt-get install docker-compose-plugin
+</pre></div>  </li> <li> <p>To install a <em>specific version</em> of Docker Engine, list the available versions in the repo, then select and install:</p> <p>a. List the versions available in your repo:</p> <div class="highlight"><pre class="highlight" data-language="">$ apt-cache madison docker-compose-plugin
+
+  docker-compose-plugin | 2.3.3~ubuntu-focal | https://download.docker.com/linux/ubuntu focal/stable arm64 Packages
+</pre></div>  <p>b. Install a specific version using the version string from the second column, for example, <code class="language-plaintext highlighter-rouge">2.3.3~ubuntu-focal</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get install docker-compose-plugin=&lt;VERSION_STRING&gt;
+</pre></div>  </li> <li> <p>Verify that Docker Compose is installed correctly by checking the version.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker compose version
+Docker Compose version v2.3.3
+</pre></div>  </li> </ol> <h4 id="install-the-binary-manually">Install the binary manually</h4> <p>On Linux, you can download the Docker Compose binary from the <a href="https://github.com/docker/compose/releases" target="_blank" rel="noopener" class="_">Compose repository release page on GitHub</a> and copying it into <code class="language-plaintext highlighter-rouge">$HOME/.docker/cli-plugins</code> as <code class="language-plaintext highlighter-rouge">docker-compose</code>. Follow the instructions from the link, which involve running the <code class="language-plaintext highlighter-rouge">curl</code> command in your terminal to download the binaries. These step-by-step instructions are also included below.</p> <ol> <li> <p>Run this command to download the current stable release of Docker Compose:</p> <div class="highlight"><pre class="highlight" data-language="">$ DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
+$ mkdir -p $DOCKER_CONFIG/cli-plugins
+$ curl -SL https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose
+</pre></div>  <p>This command installs Compose for the active user under <code class="language-plaintext highlighter-rouge">$HOME</code> directory. To install Docker Compose for all users on your system, replace <code class="language-plaintext highlighter-rouge">~/.docker/cli-plugins</code> with <code class="language-plaintext highlighter-rouge">/usr/local/lib/docker/cli-plugins</code>.</p> <blockquote> <p>To install a different version of Compose, substitute <code class="language-plaintext highlighter-rouge">v2.5.0</code> with the version of Compose you want to use.</p> </blockquote> </li> <li> <p>Apply executable permissions to the binary:</p> <div class="highlight"><pre class="highlight" data-language=""> $ chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose
+</pre></div>  <p>or if you choose to install Compose for all users</p> <div class="highlight"><pre class="highlight" data-language=""> $ sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
+</pre></div>  </li> <li> <p>Test the installation.</p> <div class="highlight"><pre class="highlight" data-language=""> $ docker compose version
+ Docker Compose version v2.5.0
+</pre></div>  </li> </ol> </div> <div id="linux-standalone" class="tab-pane fade"> <h3 id="install-compose-as-standalone-binary-on-linux-systems">Install Compose as standalone binary on Linux systems</h3> <p>You can use Compose as a standalone binary without installing the Docker CLI.</p> <ol> <li>Run this command to download the current stable release of Docker Compose:</li> </ol> <div class="highlight"><pre class="highlight" data-language="">  $ curl -SL https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
+</pre></div>  <blockquote> <p>To install a different version of Compose, substitute <code class="language-plaintext highlighter-rouge">v2.5.0</code> with the version of Compose you want to use.</p> </blockquote> <ol> <li>Apply executable permissions to the binary:</li> </ol> <div class="highlight"><pre class="highlight" data-language="">  $ sudo chmod +x /usr/local/bin/docker-compose
+</pre></div>  <blockquote> <p><strong>Note</strong>:</p> <p>If the command <code class="language-plaintext highlighter-rouge">docker-compose</code> fails after installation, check your path. You can also create a symbolic link to <code class="language-plaintext highlighter-rouge">/usr/bin</code> or any other directory in your path.</p> <p>For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
+</pre></div>  </blockquote> <ol> <li> <p>Test the installation.</p> <div class="highlight"><pre class="highlight" data-language=""> $ docker-compose --version
+ Docker Compose version v2.5.0
+</pre></div>  </li> </ol> </div> </div>  <h2 id="uninstallation">Uninstallation</h2> <p>To uninstall Docker Compose if you installed using <code class="language-plaintext highlighter-rouge">curl</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ rm $DOCKER_CONFIG/cli-plugins/docker-compose
+</pre></div> <p>or if you choose to install Compose for all users</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo rm /usr/local/lib/docker/cli-plugins/docker-compose
+</pre></div> <blockquote> <p>Got a “Permission denied” error?</p> <p>If you get a “Permission denied” error using either of the above methods, you probably do not have the proper permissions to remove <code class="language-plaintext highlighter-rouge">docker-compose</code>. To force the removal, prepend <code class="language-plaintext highlighter-rouge">sudo</code> to either of the above commands and run again.</p> </blockquote> <h2 id="where-to-go-next">Where to go next</h2> <ul> <li><a href="../index">User guide</a></li> <li><a href="../gettingstarted/index">Getting Started</a></li> <li><a href="../reference/index">Command line reference</a></li> <li><a href="../compose-file/index">Compose file reference</a></li> <li><a href="../samples-for-compose/index">Sample apps with Compose</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=install">install</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/install/" class="_attribution-link">https://docs.docker.com/compose/install/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fnetworking%2Findex.html b/devdocs/docker/compose%2Fnetworking%2Findex.html
new file mode 100644
index 00000000..04f9ffc5
--- /dev/null
+++ b/devdocs/docker/compose%2Fnetworking%2Findex.html
@@ -0,0 +1,82 @@
+<h1>Networking in Compose</h1>
+
+<blockquote> <p>This page applies to Compose file formats <a href="../compose-file/compose-file-v2/index">version 2</a> and <a href="../compose-file/index">higher</a>. Networking features are not supported for Compose file version 1 (deprecated).</p> </blockquote> <p>By default Compose sets up a single <a href="../../engine/reference/commandline/network_create/index">network</a> for your app. Each container for a service joins the default network and is both <em>reachable</em> by other containers on that network, and <em>discoverable</em> by them at a hostname identical to the container name.</p> <blockquote> <p><strong>Note</strong></p> <p>Your app’s network is given a name based on the “project name”, which is based on the name of the directory it lives in. You can override the project name with either the <a href="../reference/index"><code class="language-plaintext highlighter-rouge">--project-name</code> flag</a> or the <a href="../reference/envvars/index#compose_project_name"><code class="language-plaintext highlighter-rouge">COMPOSE_PROJECT_NAME</code> environment variable</a>.</p> </blockquote> <p>For example, suppose your app is in a directory called <code class="language-plaintext highlighter-rouge">myapp</code>, and your <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    build: .
+    ports:
+      - "8000:8000"
+  db:
+    image: postgres
+    ports:
+      - "8001:5432"
+</pre></div> <p>When you run <code class="language-plaintext highlighter-rouge">docker-compose up</code>, the following happens:</p> <ol> <li>A network called <code class="language-plaintext highlighter-rouge">myapp_default</code> is created.</li> <li>A container is created using <code class="language-plaintext highlighter-rouge">web</code>’s configuration. It joins the network <code class="language-plaintext highlighter-rouge">myapp_default</code> under the name <code class="language-plaintext highlighter-rouge">web</code>.</li> <li>A container is created using <code class="language-plaintext highlighter-rouge">db</code>’s configuration. It joins the network <code class="language-plaintext highlighter-rouge">myapp_default</code> under the name <code class="language-plaintext highlighter-rouge">db</code>.</li> </ol> <blockquote> <p><strong>In v2.1+, overlay networks are always <code class="language-plaintext highlighter-rouge">attachable</code></strong></p> <p>Starting in Compose file format 2.1, overlay networks are always created as <code class="language-plaintext highlighter-rouge">attachable</code>, and this is not configurable. This means that standalone containers can connect to overlay networks.</p> <p>In Compose file format 3.x, you can optionally set the <code class="language-plaintext highlighter-rouge">attachable</code> property to <code class="language-plaintext highlighter-rouge">false</code>.</p> </blockquote> <p>Each container can now look up the hostname <code class="language-plaintext highlighter-rouge">web</code> or <code class="language-plaintext highlighter-rouge">db</code> and get back the appropriate container’s IP address. For example, <code class="language-plaintext highlighter-rouge">web</code>’s application code could connect to the URL <code class="language-plaintext highlighter-rouge">postgres://db:5432</code> and start using the Postgres database.</p> <p>It is important to note the distinction between <code class="language-plaintext highlighter-rouge">HOST_PORT</code> and <code class="language-plaintext highlighter-rouge">CONTAINER_PORT</code>. In the above example, for <code class="language-plaintext highlighter-rouge">db</code>, the <code class="language-plaintext highlighter-rouge">HOST_PORT</code> is <code class="language-plaintext highlighter-rouge">8001</code> and the container port is <code class="language-plaintext highlighter-rouge">5432</code> (postgres default). Networked service-to-service communication uses the <code class="language-plaintext highlighter-rouge">CONTAINER_PORT</code>. When <code class="language-plaintext highlighter-rouge">HOST_PORT</code> is defined, the service is accessible outside the swarm as well.</p> <p>Within the <code class="language-plaintext highlighter-rouge">web</code> container, your connection string to <code class="language-plaintext highlighter-rouge">db</code> would look like <code class="language-plaintext highlighter-rouge">postgres://db:5432</code>, and from the host machine, the connection string would look like <code class="language-plaintext highlighter-rouge">postgres://{DOCKER_IP}:8001</code>.</p> <h2 id="update-containers">Update containers</h2> <p>If you make a configuration change to a service and run <code class="language-plaintext highlighter-rouge">docker-compose up</code> to update it, the old container is removed and the new one joins the network under a different IP address but the same name. Running containers can look up that name and connect to the new address, but the old address stops working.</p> <p>If any containers have connections open to the old container, they are closed. It is a container’s responsibility to detect this condition, look up the name again and reconnect.</p> <h2 id="links">Links</h2> <p>Links allow you to define extra aliases by which a service is reachable from another service. They are not required to enable services to communicate - by default, any service can reach any other service at that service’s name. In the following example, <code class="language-plaintext highlighter-rouge">db</code> is reachable from <code class="language-plaintext highlighter-rouge">web</code> at the hostnames <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">database</code>:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+
+  web:
+    build: .
+    links:
+      - "db:database"
+  db:
+    image: postgres
+</pre></div> <p>See the <a href="../compose-file/compose-file-v2/index#links">links reference</a> for more information.</p> <h2 id="multi-host-networking">Multi-host networking</h2> <p>When deploying a Compose application on a Docker Engine with <a href="../../engine/swarm/index">Swarm mode enabled</a>, you can make use of the built-in <code class="language-plaintext highlighter-rouge">overlay</code> driver to enable multi-host communication.</p> <p>Consult the <a href="../../engine/swarm/index">Swarm mode section</a>, to see how to set up a Swarm cluster, and the <a href="https://docs.docker.com/network/network-tutorial-overlay/">Getting started with multi-host networking</a> to learn about multi-host overlay networks.</p> <h2 id="specify-custom-networks">Specify custom networks</h2> <p>Instead of just using the default app network, you can specify your own networks with the top-level <code class="language-plaintext highlighter-rouge">networks</code> key. This lets you create more complex topologies and specify <a href="../../engine/extend/plugins_network/index">custom network drivers</a> and options. You can also use it to connect services to externally-created networks which aren’t managed by Compose.</p> <p>Each service can specify what networks to connect to with the <em>service-level</em> <code class="language-plaintext highlighter-rouge">networks</code> key, which is a list of names referencing entries under the <em>top-level</em> <code class="language-plaintext highlighter-rouge">networks</code> key.</p> <p>Here’s an example Compose file defining two custom networks. The <code class="language-plaintext highlighter-rouge">proxy</code> service is isolated from the <code class="language-plaintext highlighter-rouge">db</code> service, because they do not share a network in common - only <code class="language-plaintext highlighter-rouge">app</code> can talk to both.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+
+services:
+  proxy:
+    build: ./proxy
+    networks:
+      - frontend
+  app:
+    build: ./app
+    networks:
+      - frontend
+      - backend
+  db:
+    image: postgres
+    networks:
+      - backend
+
+networks:
+  frontend:
+    # Use a custom driver
+    driver: custom-driver-1
+  backend:
+    # Use a custom driver which takes special options
+    driver: custom-driver-2
+    driver_opts:
+      foo: "1"
+      bar: "2"
+</pre></div> <p>Networks can be configured with static IP addresses by setting the <a href="../compose-file/compose-file-v2/index#ipv4_address-ipv6_address">ipv4_address and/or ipv6_address</a> for each attached network.</p> <p>Networks can also be given a <a href="../compose-file/compose-file-v3/index#network-configuration-reference">custom name</a> (since version 3.5):</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  # ...
+networks:
+  frontend:
+    name: custom_frontend
+    driver: custom-driver-1
+</pre></div> <p>For full details of the network configuration options available, see the following references:</p> <ul> <li><a href="../compose-file/compose-file-v2/index#network-configuration-reference">Top-level <code class="language-plaintext highlighter-rouge">networks</code> key</a></li> <li><a href="../compose-file/compose-file-v2/index#networks">Service-level <code class="language-plaintext highlighter-rouge">networks</code> key</a></li> </ul> <h2 id="configure-the-default-network">Configure the default network</h2> <p>Instead of (or as well as) specifying your own networks, you can also change the settings of the app-wide default network by defining an entry under <code class="language-plaintext highlighter-rouge">networks</code> named <code class="language-plaintext highlighter-rouge">default</code>:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    build: .
+    ports:
+      - "8000:8000"
+  db:
+    image: postgres
+
+networks:
+  default:
+    # Use a custom driver
+    driver: custom-driver-1
+</pre></div> <h2 id="use-a-pre-existing-network">Use a pre-existing network</h2> <p>If you want your containers to join a pre-existing network, use the <a href="../compose-file/compose-file-v2/index#network-configuration-reference"><code class="language-plaintext highlighter-rouge">external</code> option</a>:</p> <div class="highlight"><pre class="highlight" data-language="">services:
+  # ...
+networks:
+  default:
+    name: my-pre-existing-network
+    external: true
+</pre></div> <p>Instead of attempting to create a network called <code class="language-plaintext highlighter-rouge">[projectname]_default</code>, Compose looks for a network called <code class="language-plaintext highlighter-rouge">my-pre-existing-network</code> and connect your app’s containers to it.</p> 
+<p><a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=containers">containers</a>, <a href="https://docs.docker.com/search/?q=networking">networking</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/networking/" class="_attribution-link">https://docs.docker.com/compose/networking/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fproduction%2Findex.html b/devdocs/docker/compose%2Fproduction%2Findex.html
new file mode 100644
index 00000000..3b3adfd6
--- /dev/null
+++ b/devdocs/docker/compose%2Fproduction%2Findex.html
@@ -0,0 +1,13 @@
+<h1>Use Compose in production</h1>
+
+<p>When you define your app with Compose in development, you can use this definition to run your application in different environments such as CI, staging, and production.</p> <p>The easiest way to deploy an application is to run it on a single server, similar to how you would run your development environment. If you want to scale up your application, you can run Compose apps on a Swarm cluster.</p> <h3 id="modify-your-compose-file-for-production">Modify your Compose file for production</h3> <p>You probably need to make changes to your app configuration to make it ready for production. These changes may include:</p> <ul> <li>Removing any volume bindings for application code, so that code stays inside the container and can’t be changed from outside</li> <li>Binding to different ports on the host</li> <li>Setting environment variables differently, such as reducing the verbosity of logging, or to specify settings for external services such as an email server</li> <li>Specifying a restart policy like <code class="language-plaintext highlighter-rouge">restart: always</code> to avoid downtime</li> <li>Adding extra services such as a log aggregator</li> </ul> <p>For this reason, consider defining an additional Compose file, say <code class="language-plaintext highlighter-rouge">production.yml</code>, which specifies production-appropriate configuration. This configuration file only needs to include the changes you’d like to make from the original Compose file. The additional Compose file can be applied over the original <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> to create a new configuration.</p> <p>Once you’ve got a second configuration file, tell Compose to use it with the <code class="language-plaintext highlighter-rouge">-f</code> option:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose -f docker-compose.yml -f production.yml up -d
+</pre></div> <p>See <a href="../extends/index#different-environments">Using multiple compose files</a> for a more complete example.</p> <h3 id="deploying-changes">Deploying changes</h3> <p>When you make changes to your app code, remember to rebuild your image and recreate your app’s containers. To redeploy a service called <code class="language-plaintext highlighter-rouge">web</code>, use:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose build web
+$ docker-compose up --no-deps -d web
+</pre></div> <p>This first rebuilds the image for <code class="language-plaintext highlighter-rouge">web</code> and then stop, destroy, and recreate <em>just</em> the <code class="language-plaintext highlighter-rouge">web</code> service. The <code class="language-plaintext highlighter-rouge">--no-deps</code> flag prevents Compose from also recreating any services which <code class="language-plaintext highlighter-rouge">web</code> depends on.</p> <h3 id="running-compose-on-a-single-server">Running Compose on a single server</h3> <p>You can use Compose to deploy an app to a remote Docker host by setting the <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code>, <code class="language-plaintext highlighter-rouge">DOCKER_TLS_VERIFY</code>, and <code class="language-plaintext highlighter-rouge">DOCKER_CERT_PATH</code> environment variables appropriately.</p> <p>Once you’ve set up your environment variables, all the normal <code class="language-plaintext highlighter-rouge">docker-compose</code> commands work with no further configuration.</p> <h2 id="compose-documentation">Compose documentation</h2> <ul> <li><a href="../index">User guide</a></li> <li><a href="../install/index">Installing Compose</a></li> <li><a href="../gettingstarted/index">Getting Started</a></li> <li><a href="../reference/index">Command line reference</a></li> <li><a href="../compose-file/index">Compose file reference</a></li> <li><a href="../samples-for-compose/index">Sample apps with Compose</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=containers">containers</a>, <a href="https://docs.docker.com/search/?q=production">production</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/production/" class="_attribution-link">https://docs.docker.com/compose/production/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fprofiles%2Findex.html b/devdocs/docker/compose%2Fprofiles%2Findex.html
new file mode 100644
index 00000000..04f317b4
--- /dev/null
+++ b/devdocs/docker/compose%2Fprofiles%2Findex.html
@@ -0,0 +1,88 @@
+<h1>Using profiles with Compose</h1>
+
+<p>Profiles allow adjusting the Compose application model for various usages and environments by selectively enabling services. This is achieved by assigning each service to zero or more profiles. If unassigned, the service is <em>always</em> started but if assigned, it is only started if the profile is activated.</p> <p>This allows one to define additional services in a single <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file that should only be started in specific scenarios, e.g. for debugging or development tasks.</p> <h2 id="assigning-profiles-to-services">Assigning profiles to services</h2> <p>Services are associated with profiles through the <a href="../compose-file/compose-file-v3/index#profiles"><code class="language-plaintext highlighter-rouge">profiles</code> attribute</a> which takes an array of profile names:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  frontend:
+    image: frontend
+    profiles: ["frontend"]
+
+  phpmyadmin:
+    image: phpmyadmin
+    depends_on:
+      - db
+    profiles:
+      - debug
+
+  backend:
+    image: backend
+
+  db:
+    image: mysql
+</pre></div> <p>Here the services <code class="language-plaintext highlighter-rouge">frontend</code> and <code class="language-plaintext highlighter-rouge">phpmyadmin</code> are assigned to the profiles <code class="language-plaintext highlighter-rouge">frontend</code> and <code class="language-plaintext highlighter-rouge">debug</code> respectively and as such are only started when their respective profiles are enabled.</p> <p>Services without a <code class="language-plaintext highlighter-rouge">profiles</code> attribute will <em>always</em> be enabled, i.e. in this case running <code class="language-plaintext highlighter-rouge">docker-compose up</code> would only start <code class="language-plaintext highlighter-rouge">backend</code> and <code class="language-plaintext highlighter-rouge">db</code>.</p> <p>Valid profile names follow the regex format of <code class="language-plaintext highlighter-rouge">[a-zA-Z0-9][a-zA-Z0-9_.-]+</code>.</p> <blockquote> <p><strong>Note</strong></p> <p>The core services of your application should not be assigned <code class="language-plaintext highlighter-rouge">profiles</code> so they will always be enabled and automatically started.</p> </blockquote> <h2 id="enabling-profiles">Enabling profiles</h2> <p>To enable a profile supply the <code class="language-plaintext highlighter-rouge">--profile</code> <a href="../reference/index">command-line option</a> or use the <a href="../reference/envvars/index#compose_profiles"><code class="language-plaintext highlighter-rouge">COMPOSE_PROFILES</code> environment variable</a>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose --profile debug up
+$ COMPOSE_PROFILES=debug docker-compose up
+</pre></div> <p>The above command would both start your application with the <code class="language-plaintext highlighter-rouge">debug</code> profile enabled. Using the <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file above, this would start the services <code class="language-plaintext highlighter-rouge">backend</code>, <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">phpmyadmin</code>.</p> <p>Multiple profiles can be specified by passing multiple <code class="language-plaintext highlighter-rouge">--profile</code> flags or a comma-separated list for the <code class="language-plaintext highlighter-rouge">COMPOSE_PROFILES</code> environment variable:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose --profile frontend --profile debug up
+$ COMPOSE_PROFILES=frontend,debug docker-compose up
+</pre></div> <h2 id="auto-enabling-profiles-and-dependency-resolution">Auto-enabling profiles and dependency resolution</h2> <p>When a service with assigned <code class="language-plaintext highlighter-rouge">profiles</code> is explicitly targeted on the command line its profiles will be enabled automatically so you don’t need to enable them manually. This can be used for one-off services and debugging tools. As an example consider this configuration:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  backend:
+    image: backend
+
+  db:
+    image: mysql
+
+  db-migrations:
+    image: backend
+    command: myapp migrate
+    depends_on:
+      - db
+    profiles:
+      - tools
+</pre></div> <div class="highlight"><pre class="highlight" data-language=""># will only start backend and db
+$ docker-compose up -d
+
+# this will run db-migrations (and - if necessary - start db)
+# by implicitly enabling profile `tools`
+$ docker-compose run db-migrations
+</pre></div> <p>But keep in mind that <code class="language-plaintext highlighter-rouge">docker-compose</code> will only automatically enable the profiles of the services on the command line and not of any dependencies. This means that all services the targeted service <code class="language-plaintext highlighter-rouge">depends_on</code> must have a common profile with it, be always enabled (by omitting <code class="language-plaintext highlighter-rouge">profiles</code>) or have a matching profile enabled explicitly:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+services:
+  web:
+    image: web
+
+  mock-backend:
+    image: backend
+    profiles: ["dev"]
+    depends_on:
+      - db
+
+  db:
+    image: mysql
+    profiles: ["dev"]
+
+  phpmyadmin:
+    image: phpmyadmin
+    profiles: ["debug"]
+    depends_on:
+      - db
+</pre></div> <div class="highlight"><pre class="highlight" data-language=""># will only start "web"
+$ docker-compose up -d
+
+# this will start mock-backend (and - if necessary - db)
+# by implicitly enabling profile `dev`
+$ docker-compose up -d mock-backend
+
+# this will fail because profile "dev" is disabled
+$ docker-compose up phpmyadmin
+</pre></div> <p>Although targeting <code class="language-plaintext highlighter-rouge">phpmyadmin</code> will automatically enable its profiles - i.e. <code class="language-plaintext highlighter-rouge">debug</code> - it will not automatically enable the profile(s) required by <code class="language-plaintext highlighter-rouge">db</code> - i.e. <code class="language-plaintext highlighter-rouge">dev</code>. To fix this you either have to add the <code class="language-plaintext highlighter-rouge">debug</code> profile to the <code class="language-plaintext highlighter-rouge">db</code> service:</p> <div class="highlight"><pre class="highlight" data-language="">db:
+  image: mysql
+  profiles: ["debug", "dev"]
+</pre></div> <p>or enable a profile of <code class="language-plaintext highlighter-rouge">db</code> explicitly:</p> <div class="highlight"><pre class="highlight" data-language=""># profile "debug" is enabled automatically by targeting phpmyadmin
+$ docker-compose --profile dev up phpmyadmin
+$ COMPOSE_PROFILES=dev docker-compose up phpmyadmin
+</pre></div> <h2 id="compose-documentation">Compose documentation</h2> <ul> <li><a href="../index">User guide</a></li> <li><a href="../install/index">Installing Compose</a></li> <li><a href="../gettingstarted/index">Getting Started</a></li> <li><a href="../reference/index">Command line reference</a></li> <li><a href="../compose-file/index">Compose file reference</a></li> <li><a href="../samples-for-compose/index">Sample apps with Compose</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=cli">cli</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=profile">profile</a>, <a href="https://docs.docker.com/search/?q=profiles%20reference">profiles reference</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/profiles/" class="_attribution-link">https://docs.docker.com/compose/profiles/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Freference%2Fconfig%2Findex.html b/devdocs/docker/compose%2Freference%2Fconfig%2Findex.html
new file mode 100644
index 00000000..23616cc4
--- /dev/null
+++ b/devdocs/docker/compose%2Freference%2Fconfig%2Findex.html
@@ -0,0 +1,21 @@
+<h1>docker-compose config</h1>
+<pre data-language="">Usage: docker-compose config [options]
+
+Options:
+    --resolve-image-digests  Pin image tags to digests.
+    --no-interpolate         Don't interpolate environment variables.
+    -q, --quiet              Only validate the configuration, don't print
+                             anything.
+    --services               Print the service names, one per line.
+    --volumes                Print the volume names, one per line.
+    --hash="*"               Print the service config hash, one per line.
+                             Set "service1,service2" for a list of specified services
+                             or use the wildcard symbol to display all services.
+</pre> <p>Validate and view the Compose file.</p> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=cli">cli</a>, <a href="https://docs.docker.com/search/?q=config">config</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/reference/config/" class="_attribution-link">https://docs.docker.com/compose/reference/config/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Freference%2Fenvvars%2Findex.html b/devdocs/docker/compose%2Freference%2Fenvvars%2Findex.html
new file mode 100644
index 00000000..2dc8898e
--- /dev/null
+++ b/devdocs/docker/compose%2Freference%2Fenvvars%2Findex.html
@@ -0,0 +1,10 @@
+<h1>Compose CLI environment variables</h1>
+
+<p>Several environment variables are available for you to configure the Docker Compose command-line behaviour.</p> <p>Variables starting with <code class="language-plaintext highlighter-rouge">DOCKER_</code> are the same as those used to configure the Docker command-line client. If you’re using <code class="language-plaintext highlighter-rouge">docker-machine</code>, then the <code class="language-plaintext highlighter-rouge">eval "$(docker-machine env my-docker-vm)"</code> command should set them to their correct values. (In this example, <code class="language-plaintext highlighter-rouge">my-docker-vm</code> is the name of a machine you created.)</p> <blockquote> <p><strong>Note</strong>: Some of these variables can also be provided using an <a href="../../env-file/index">environment file</a>.</p> </blockquote> <h2 id="compose_project_name">COMPOSE_PROJECT_NAME</h2> <p>Sets the project name. This value is prepended along with the service name to the container on start up. For example, if your project name is <code class="language-plaintext highlighter-rouge">myapp</code> and it includes two services <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">web</code>, then Compose starts containers named <code class="language-plaintext highlighter-rouge">myapp-db-1</code> and <code class="language-plaintext highlighter-rouge">myapp-web-1</code> respectively.</p> <p>Setting this is optional. If you do not set this, the <code class="language-plaintext highlighter-rouge">COMPOSE_PROJECT_NAME</code> defaults to the <code class="language-plaintext highlighter-rouge">basename</code> of the project directory. See also the <code class="language-plaintext highlighter-rouge">-p</code> <a href="../index">command-line option</a>.</p> <h2 id="compose_file">COMPOSE_FILE</h2> <p>Specify the path to a Compose file. If not provided, Compose looks for a file named <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> in the current directory and then each parent directory in succession until a file by that name is found.</p> <p>This variable supports multiple Compose files separated by a path separator (on Linux and macOS the path separator is <code class="language-plaintext highlighter-rouge">:</code>, on Windows it is <code class="language-plaintext highlighter-rouge">;</code>). For example: <code class="language-plaintext highlighter-rouge">COMPOSE_FILE=docker-compose.yml:docker-compose.prod.yml</code>. The path separator can also be customized using <code class="language-plaintext highlighter-rouge">COMPOSE_PATH_SEPARATOR</code>.</p> <p>See also the <code class="language-plaintext highlighter-rouge">-f</code> <a href="../index">command-line option</a>.</p> <h2 id="compose_profiles">COMPOSE_PROFILES</h2> <p>Specify one or multiple active profiles to enable. Calling <code class="language-plaintext highlighter-rouge">docker-compose up</code> with <code class="language-plaintext highlighter-rouge">COMPOSE_PROFILES=frontend</code> will start the services with the profile <code class="language-plaintext highlighter-rouge">frontend</code> and services without specified profiles.</p> <p>You can specify a list of profiles separated with a comma: <code class="language-plaintext highlighter-rouge">COMPOSE_PROFILES=frontend,debug</code> will enable the profiles <code class="language-plaintext highlighter-rouge">frontend</code> and <code class="language-plaintext highlighter-rouge">debug</code>.</p> <p>See also <a href="../../profiles/index"><em>Using profiles with Compose</em></a> and the <code class="language-plaintext highlighter-rouge">--profile</code> <a href="../index#use---profile-to-specify-one-or-more-active-profiles">command-line option</a>.</p> <h2 id="compose_api_version">COMPOSE_API_VERSION</h2> <p>The Docker API only supports requests from clients which report a specific version. If you receive a <code class="language-plaintext highlighter-rouge">client and server don't have same version</code> error using <code class="language-plaintext highlighter-rouge">docker-compose</code>, you can workaround this error by setting this environment variable. Set the version value to match the server version.</p> <p>Setting this variable is intended as a workaround for situations where you need to run temporarily with a mismatch between the client and server version. For example, if you can upgrade the client but need to wait to upgrade the server.</p> <p>Running with this variable set and a known mismatch does prevent some Docker features from working properly. The exact features that fail would depend on the Docker client and server versions. For this reason, running with this variable set is only intended as a workaround and it is not officially supported.</p> <p>If you run into problems running with this set, resolve the mismatch through upgrade and remove this setting to see if your problems resolve before notifying support.</p> <h2 id="docker_host">DOCKER_HOST</h2> <p>Sets the URL of the <code class="language-plaintext highlighter-rouge">docker</code> daemon. As with the Docker client, defaults to <code class="language-plaintext highlighter-rouge">unix:///var/run/docker.sock</code>.</p> <h2 id="docker_tls_verify">DOCKER_TLS_VERIFY</h2> <p>When set to anything other than an empty string, enables TLS communication with the <code class="language-plaintext highlighter-rouge">docker</code> daemon.</p> <h2 id="docker_cert_path">DOCKER_CERT_PATH</h2> <p>Configures the path to the <code class="language-plaintext highlighter-rouge">ca.pem</code>, <code class="language-plaintext highlighter-rouge">cert.pem</code>, and <code class="language-plaintext highlighter-rouge">key.pem</code> files used for TLS verification. Defaults to <code class="language-plaintext highlighter-rouge">~/.docker</code>.</p> <h2 id="compose_http_timeout">COMPOSE_HTTP_TIMEOUT</h2> <p>Configures the time (in seconds) a request to the Docker daemon is allowed to hang before Compose considers it failed. Defaults to 60 seconds.</p> <h2 id="compose_tls_version">COMPOSE_TLS_VERSION</h2> <p>Configure which TLS version is used for TLS communication with the <code class="language-plaintext highlighter-rouge">docker</code> daemon. Defaults to <code class="language-plaintext highlighter-rouge">TLSv1</code>. Supported values are: <code class="language-plaintext highlighter-rouge">TLSv1</code>, <code class="language-plaintext highlighter-rouge">TLSv1_1</code>, <code class="language-plaintext highlighter-rouge">TLSv1_2</code>.</p> <h2 id="compose_convert_windows_paths">COMPOSE_CONVERT_WINDOWS_PATHS</h2> <p>Enable path conversion from Windows-style to Unix-style in volume definitions. Users of Docker Machine on Windows should always set this. Defaults to <code class="language-plaintext highlighter-rouge">0</code>. Supported values: <code class="language-plaintext highlighter-rouge">true</code> or <code class="language-plaintext highlighter-rouge">1</code> to enable, <code class="language-plaintext highlighter-rouge">false</code> or <code class="language-plaintext highlighter-rouge">0</code> to disable.</p> <h2 id="compose_path_separator">COMPOSE_PATH_SEPARATOR</h2> <p>If set, the value of the <code class="language-plaintext highlighter-rouge">COMPOSE_FILE</code> environment variable is separated using this character as path separator.</p> <h2 id="compose_force_windows_host">COMPOSE_FORCE_WINDOWS_HOST</h2> <p>If set, volume declarations using the <a href="../../compose-file/compose-file-v3/index#short-syntax-3">short syntax</a> are parsed assuming the host path is a Windows path, even if Compose is running on a UNIX-based system. Supported values: <code class="language-plaintext highlighter-rouge">true</code> or <code class="language-plaintext highlighter-rouge">1</code> to enable, <code class="language-plaintext highlighter-rouge">false</code> or <code class="language-plaintext highlighter-rouge">0</code> to disable.</p> <h2 id="compose_ignore_orphans">COMPOSE_IGNORE_ORPHANS</h2> <p>If set, Compose doesn’t try to detect orphaned containers for the project. Supported values: <code class="language-plaintext highlighter-rouge">true</code> or <code class="language-plaintext highlighter-rouge">1</code> to enable, <code class="language-plaintext highlighter-rouge">false</code> or <code class="language-plaintext highlighter-rouge">0</code> to disable.</p> <h2 id="compose_parallel_limit">COMPOSE_PARALLEL_LIMIT</h2> <p>Sets a limit for the number of operations Compose can execute in parallel. The default value is <code class="language-plaintext highlighter-rouge">64</code>, and may not be set lower than <code class="language-plaintext highlighter-rouge">2</code>.</p> <h2 id="compose_interactive_no_cli">COMPOSE_INTERACTIVE_NO_CLI</h2> <p>If set, Compose doesn’t attempt to use the Docker CLI for interactive <code class="language-plaintext highlighter-rouge">run</code> and <code class="language-plaintext highlighter-rouge">exec</code> operations. This option is not available on Windows where the CLI is required for the aforementioned operations. Supported: <code class="language-plaintext highlighter-rouge">true</code> or <code class="language-plaintext highlighter-rouge">1</code> to enable, <code class="language-plaintext highlighter-rouge">false</code> or <code class="language-plaintext highlighter-rouge">0</code> to disable.</p> <h2 id="compose_docker_cli_build">COMPOSE_DOCKER_CLI_BUILD</h2> <p>Configure whether to use the Compose python client for building images or the native docker cli. By default, Compose uses the <code class="language-plaintext highlighter-rouge">docker</code> CLI to perform builds, which allows you to use <a href="https://docs.docker.com/develop/develop-images/build_enhancements/#to-enable-buildkit-builds">BuildKit</a> to perform builds.</p> <p>Set <code class="language-plaintext highlighter-rouge">COMPOSE_DOCKER_CLI_BUILD=0</code> to disable native builds, and to use the built-in python client.</p> <h2 id="related-information">Related information</h2> <ul> <li><a href="../../index">User guide</a></li> <li><a href="../../install/index">Installing Compose</a></li> <li><a href="../../compose-file/index">Compose file reference</a></li> <li><a href="../../env-file/index">Environment file</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=cli">cli</a>, <a href="https://docs.docker.com/search/?q=reference">reference</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/reference/envvars/" class="_attribution-link">https://docs.docker.com/compose/reference/envvars/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Freference%2Findex.html b/devdocs/docker/compose%2Freference%2Findex.html
new file mode 100644
index 00000000..54605d8a
--- /dev/null
+++ b/devdocs/docker/compose%2Freference%2Findex.html
@@ -0,0 +1,96 @@
+<h1>Overview of docker-compose CLI</h1>
+
+<p>This page provides the usage information for the <code class="language-plaintext highlighter-rouge">docker-compose</code> Command.</p> <h2 id="command-options-overview-and-help">Command options overview and help</h2> <p>You can also see this information by running <code class="language-plaintext highlighter-rouge">docker-compose --help</code> from the command line.</p> <pre data-language="">Define and run multi-container applications with Docker.
+
+Usage:
+  docker-compose [-f &lt;arg&gt;...] [--profile &lt;name&gt;...] [options] [COMMAND] [ARGS...]
+  docker-compose -h|--help
+
+Options:
+  -f, --file FILE             Specify an alternate compose file
+                              (default: docker-compose.yml)
+  -p, --project-name NAME     Specify an alternate project name
+                              (default: directory name)
+  --profile NAME              Specify a profile to enable
+  --verbose                   Show more output
+  --log-level LEVEL           DEPRECATED and not working from 2.0 - Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
+  --no-ansi                   Do not print ANSI control characters
+  -v, --version               Print version and exit
+  -H, --host HOST             Daemon socket to connect to
+
+  --tls                       Use TLS; implied by --tlsverify
+  --tlscacert CA_PATH         Trust certs signed only by this CA
+  --tlscert CLIENT_CERT_PATH  Path to TLS certificate file
+  --tlskey TLS_KEY_PATH       Path to TLS key file
+  --tlsverify                 Use TLS and verify the remote
+  --skip-hostname-check       Don't check the daemon's hostname against the
+                              name specified in the client certificate
+  --project-directory PATH    Specify an alternate working directory
+                              (default: the path of the Compose file)
+  --compatibility             If set, Compose will attempt to convert deploy
+                              keys in v3 files to their non-Swarm equivalent
+
+Commands:
+  build              Build or rebuild services
+  bundle             Generate a Docker bundle from the Compose file
+  config             Validate and view the Compose file
+  create             Create services
+  down               Stop and remove containers, networks, images, and volumes
+  events             Receive real time events from containers
+  exec               Execute a command in a running container
+  help               Get help on a command
+  images             List images
+  kill               Kill containers
+  logs               View output from containers
+  pause              Pause services
+  port               Print the public port for a port binding
+  ps                 List containers
+  pull               Pull service images
+  push               Push service images
+  restart            Restart services
+  rm                 Remove stopped containers
+  run                Run a one-off command
+  scale              Set number of containers for a service
+  start              Start services
+  stop               Stop services
+  top                Display the running processes
+  unpause            Unpause services
+  up                 Create and start containers
+  version            Show the Docker-Compose version information
+</pre> <p>You can use Docker Compose binary, <code class="language-plaintext highlighter-rouge">docker-compose [-f &lt;arg&gt;...] [options] [COMMAND] [ARGS...]</code>, to build and manage multiple services in Docker containers.</p> <h2 id="use--f-to-specify-name-and-path-of-one-or-more-compose-files">Use <code class="language-plaintext highlighter-rouge">-f</code> to specify name and path of one or more Compose files</h2> <p>Use the <code class="language-plaintext highlighter-rouge">-f</code> flag to specify the location of a Compose configuration file.</p> <h3 id="specifying-multiple-compose-files">Specifying multiple Compose files</h3> <p>You can supply multiple <code class="language-plaintext highlighter-rouge">-f</code> configuration files. When you supply multiple files, Compose combines them into a single configuration. Compose builds the configuration in the order you supply the files. Subsequent files override and add to their predecessors.</p> <p>For example, consider this command line:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose -f docker-compose.yml -f docker-compose.admin.yml run backup_db
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file might specify a <code class="language-plaintext highlighter-rouge">webapp</code> service.</p> <div class="highlight"><pre class="highlight" data-language="">webapp:
+  image: examples/web
+  ports:
+    - "8000:8000"
+  volumes:
+    - "/data"
+</pre></div> <p>If the <code class="language-plaintext highlighter-rouge">docker-compose.admin.yml</code> also specifies this same service, any matching fields override the previous file. New values, add to the <code class="language-plaintext highlighter-rouge">webapp</code> service configuration.</p> <div class="highlight"><pre class="highlight" data-language="">webapp:
+  build: .
+  environment:
+    - DEBUG=1
+</pre></div> <p>When you use multiple Compose files, all paths in the files are relative to the first configuration file specified with <code class="language-plaintext highlighter-rouge">-f</code>. You can use the <code class="language-plaintext highlighter-rouge">--project-directory</code> option to override this base path.</p> <p>Use a <code class="language-plaintext highlighter-rouge">-f</code> with <code class="language-plaintext highlighter-rouge">-</code> (dash) as the filename to read the configuration from <code class="language-plaintext highlighter-rouge">stdin</code>. When <code class="language-plaintext highlighter-rouge">stdin</code> is used all paths in the configuration are relative to the current working directory.</p> <p>The <code class="language-plaintext highlighter-rouge">-f</code> flag is optional. If you don’t provide this flag on the command line, Compose traverses the working directory and its parent directories looking for a <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> and a <code class="language-plaintext highlighter-rouge">docker-compose.override.yml</code> file. You must supply at least the <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file. If both files are present on the same directory level, Compose combines the two files into a single configuration.</p> <p>The configuration in the <code class="language-plaintext highlighter-rouge">docker-compose.override.yml</code> file is applied over and in addition to the values in the <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file.</p> <h3 id="specifying-a-path-to-a-single-compose-file">Specifying a path to a single Compose file</h3> <p>You can use the <code class="language-plaintext highlighter-rouge">-f</code> flag to specify a path to a Compose file that is not located in the current directory, either from the command line or by setting up a <a href="envvars/index#compose_file">COMPOSE_FILE environment variable</a> in your shell or in an environment file.</p> <p>For an example of using the <code class="language-plaintext highlighter-rouge">-f</code> option at the command line, suppose you are running the <a href="https://docs.docker.com/samples/rails/">Compose Rails sample</a>, and have a <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file in a directory called <code class="language-plaintext highlighter-rouge">sandbox/rails</code>. You can use a command like <a href="pull/index">docker-compose pull</a> to get the postgres image for the <code class="language-plaintext highlighter-rouge">db</code> service from anywhere by using the <code class="language-plaintext highlighter-rouge">-f</code> flag as follows: <code class="language-plaintext highlighter-rouge">docker-compose -f ~/sandbox/rails/docker-compose.yml pull db</code></p> <p>Here’s the full example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose -f ~/sandbox/rails/docker-compose.yml pull db
+Pulling db (postgres:latest)...
+latest: Pulling from library/postgres
+ef0380f84d05: Pull complete
+50cf91dc1db8: Pull complete
+d3add4cd115c: Pull complete
+467830d8a616: Pull complete
+089b9db7dc57: Pull complete
+6fba0a36935c: Pull complete
+81ef0e73c953: Pull complete
+338a6c4894dc: Pull complete
+15853f32f67c: Pull complete
+044c83d92898: Pull complete
+17301519f133: Pull complete
+dcca70822752: Pull complete
+cecf11b8ccf3: Pull complete
+Digest: sha256:1364924c753d5ff7e2260cd34dc4ba05ebd40ee8193391220be0f9901d4e1651
+Status: Downloaded newer image for postgres:latest
+</pre></div> <h2 id="use--p-to-specify-a-project-name">Use <code class="language-plaintext highlighter-rouge">-p</code> to specify a project name</h2> <p>Each configuration has a project name. If you supply a <code class="language-plaintext highlighter-rouge">-p</code> flag, you can specify a project name. If you don’t specify the flag, Compose uses the current directory name. See also the <a href="envvars/index#compose_project_name">COMPOSE_PROJECT_NAME environment variable</a>.</p> <h2 id="use---profile-to-specify-one-or-more-active-profiles">Use <code class="language-plaintext highlighter-rouge">--profile</code> to specify one or more active profiles</h2> <p>Calling <code class="language-plaintext highlighter-rouge">docker-compose --profile frontend up</code> will start the services with the profile <code class="language-plaintext highlighter-rouge">frontend</code> and services without specified profiles. You can also enable multiple profiles, e.g. with <code class="language-plaintext highlighter-rouge">docker-compose --profile frontend --profile debug up</code> the profiles <code class="language-plaintext highlighter-rouge">frontend</code> and <code class="language-plaintext highlighter-rouge">debug</code> will be enabled.</p> <p>See also <a href="../profiles/index"><em>Using profiles with Compose</em></a> and the <a href="envvars/index#compose_profiles"><code class="language-plaintext highlighter-rouge">COMPOSE_PROFILES</code> environment variable</a>.</p> <h2 id="set-up-environment-variables">Set up environment variables</h2> <p>You can set <a href="envvars/index">environment variables</a> for various <code class="language-plaintext highlighter-rouge">docker-compose</code> options, including the <code class="language-plaintext highlighter-rouge">-f</code> and <code class="language-plaintext highlighter-rouge">-p</code> flags.</p> <p>For example, the <a href="envvars/index#compose_file">COMPOSE_FILE environment variable</a> relates to the <code class="language-plaintext highlighter-rouge">-f</code> flag, and <code class="language-plaintext highlighter-rouge">COMPOSE_PROJECT_NAME</code> <a href="envvars/index#compose_project_name">environment variable</a> relates to the <code class="language-plaintext highlighter-rouge">-p</code> flag.</p> <p>Also, you can set some of these variables in an <a href="../env-file/index">environment file</a>.</p> <h2 id="where-to-go-next">Where to go next</h2> <ul> <li><a href="envvars/index">CLI environment variables</a></li> <li><a href="../env-file/index">Declare default environment variables in file</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=cli">cli</a>, <a href="https://docs.docker.com/search/?q=reference">reference</a>, <a href="https://docs.docker.com/search/?q=docker-compose">docker-compose</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/reference/" class="_attribution-link">https://docs.docker.com/compose/reference/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Freference%2Fpull%2Findex.html b/devdocs/docker/compose%2Freference%2Fpull%2Findex.html
new file mode 100644
index 00000000..4ca25246
--- /dev/null
+++ b/devdocs/docker/compose%2Freference%2Fpull%2Findex.html
@@ -0,0 +1,48 @@
+<h1>docker-compose pull</h1>
+<pre data-language="">Usage: docker-compose pull [options] [SERVICE...]
+
+Options:
+    --ignore-pull-failures  Pull what it can and ignores images with pull failures.
+    --parallel              Deprecated, pull multiple images in parallel (enabled by default).
+    --no-parallel           Disable parallel pulling.
+    -q, --quiet             Pull without printing progress information
+    --include-deps          Also pull services declared as dependencies
+</pre> <p>Pulls an image associated with a service defined in a <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> or <code class="language-plaintext highlighter-rouge">docker-stack.yml</code> file, but does not start containers based on those images.</p> <p>For example, suppose you have this <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file from the <a href="https://docs.docker.com/samples/rails/">Quickstart: Compose and Rails</a> sample.</p> <div class="highlight"><pre class="highlight" data-language="">version: '2'
+services:
+  db:
+    image: postgres
+  web:
+    build: .
+    command: bundle exec rails s -p 3000 -b '0.0.0.0'
+    volumes:
+      - .:/myapp
+    ports:
+      - "3000:3000"
+    depends_on:
+      - db
+</pre></div> <p>If you run <code class="language-plaintext highlighter-rouge">docker-compose pull ServiceName</code> in the same directory as the <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file that defines the service, Docker pulls the associated image. For example, to call the <code class="language-plaintext highlighter-rouge">postgres</code> image configured as the <code class="language-plaintext highlighter-rouge">db</code> service in our example, you would run <code class="language-plaintext highlighter-rouge">docker-compose pull db</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose pull db
+Pulling db (postgres:latest)...
+latest: Pulling from library/postgres
+cd0a524342ef: Pull complete
+9c784d04dcb0: Pull complete
+d99dddf7e662: Pull complete
+e5bff71e3ce6: Pull complete
+cb3e0a865488: Pull complete
+31295d654cd5: Pull complete
+fc930a4e09f5: Pull complete
+8650cce8ef01: Pull complete
+61949acd8e52: Pull complete
+527a203588c0: Pull complete
+26dec14ac775: Pull complete
+0efc0ed5a9e5: Pull complete
+40cd26695b38: Pull complete
+Digest: sha256:fd6c0e2a9d053bebb294bb13765b3e01be7817bf77b01d58c2377ff27a4a46dc
+Status: Downloaded newer image for postgres:latest
+</pre></div> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=cli">cli</a>, <a href="https://docs.docker.com/search/?q=pull">pull</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/reference/pull/" class="_attribution-link">https://docs.docker.com/compose/reference/pull/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Freference%2Fstop%2Findex.html b/devdocs/docker/compose%2Freference%2Fstop%2Findex.html
new file mode 100644
index 00000000..a95b0488
--- /dev/null
+++ b/devdocs/docker/compose%2Freference%2Fstop%2Findex.html
@@ -0,0 +1,14 @@
+<h1>docker-compose stop</h1>
+<pre data-language="">Usage: docker-compose stop [options] [SERVICE...]
+
+Options:
+  -t, --timeout TIMEOUT      Specify a shutdown timeout in seconds.
+                             (default: 10)
+</pre> <p>Stops running containers without removing them. They can be started again with <code class="language-plaintext highlighter-rouge">docker-compose start</code>.</p> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=cli">cli</a>, <a href="https://docs.docker.com/search/?q=stop">stop</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/reference/stop/" class="_attribution-link">https://docs.docker.com/compose/reference/stop/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Freference%2Fup%2Findex.html b/devdocs/docker/compose%2Freference%2Fup%2Findex.html
new file mode 100644
index 00000000..77a97939
--- /dev/null
+++ b/devdocs/docker/compose%2Freference%2Fup%2Findex.html
@@ -0,0 +1,43 @@
+<h1>docker-compose up</h1>
+
+<pre data-language="">Usage: docker-compose up [options] [--scale SERVICE=NUM...] [SERVICE...]
+
+Options:
+    -d, --detach               Detached mode: Run containers in the background,
+                               print new container names. Incompatible with
+                               --abort-on-container-exit.
+    --no-color                 Produce monochrome output.
+    --quiet-pull               Pull without printing progress information
+    --no-deps                  Don't start linked services.
+    --force-recreate           Recreate containers even if their configuration
+                               and image haven't changed.
+    --always-recreate-deps     Recreate dependent containers.
+                               Incompatible with --no-recreate.
+    --no-recreate              If containers already exist, don't recreate
+                               them. Incompatible with --force-recreate and 
+                               --renew-anon-volumes.
+    --no-build                 Don't build an image, even if it's missing.
+    --no-start                 Don't start the services after creating them.
+    --build                    Build images before starting containers.
+    --abort-on-container-exit  Stops all containers if any container was
+                               stopped. Incompatible with --detach.
+    --attach-dependencies      Attach to dependent containers.
+    -t, --timeout TIMEOUT      Use this timeout in seconds for container
+                               shutdown when attached or when containers are
+                               already running. (default: 10)
+    -V, --renew-anon-volumes   Recreate anonymous volumes instead of retrieving
+                               data from the previous containers.
+    --remove-orphans           Remove containers for services not defined
+                               in the Compose file.
+    --exit-code-from SERVICE   Return the exit code of the selected service
+                               container. Implies --abort-on-container-exit.
+    --scale SERVICE=NUM        Scale SERVICE to NUM instances. Overrides the
+                               `scale` setting in the Compose file if present.
+</pre> <p>Builds, (re)creates, starts, and attaches to containers for a service.</p> <p>Unless they are already running, this command also starts any linked services.</p> <p>The <code class="language-plaintext highlighter-rouge">docker-compose up</code> command aggregates the output of each container (essentially running <code class="language-plaintext highlighter-rouge">docker-compose logs --follow</code>). When the command exits, all containers are stopped. Running <code class="language-plaintext highlighter-rouge">docker-compose up --detach</code> starts the containers in the background and leaves them running.</p> <p>If there are existing containers for a service, and the service’s configuration or image was changed after the container’s creation, <code class="language-plaintext highlighter-rouge">docker-compose up</code> picks up the changes by stopping and recreating the containers (preserving mounted volumes). To prevent Compose from picking up changes, use the <code class="language-plaintext highlighter-rouge">--no-recreate</code> flag.</p> <p>If you want to force Compose to stop and recreate all containers, use the <code class="language-plaintext highlighter-rouge">--force-recreate</code> flag.</p> <p>If the process encounters an error, the exit code for this command is <code class="language-plaintext highlighter-rouge">1</code>.<br> If the process is interrupted using <code class="language-plaintext highlighter-rouge">SIGINT</code> (<code class="language-plaintext highlighter-rouge">ctrl</code> + <code class="language-plaintext highlighter-rouge">C</code>) or <code class="language-plaintext highlighter-rouge">SIGTERM</code>, the containers are stopped, and the exit code is <code class="language-plaintext highlighter-rouge">0</code>.<br> If <code class="language-plaintext highlighter-rouge">SIGINT</code> or <code class="language-plaintext highlighter-rouge">SIGTERM</code> is sent again during this shutdown phase, the running containers are killed, and the exit code is <code class="language-plaintext highlighter-rouge">2</code>.</p> 
+<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=cli">cli</a>, <a href="https://docs.docker.com/search/?q=up">up</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/reference/up/" class="_attribution-link">https://docs.docker.com/compose/reference/up/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fsamples-for-compose%2Findex.html b/devdocs/docker/compose%2Fsamples-for-compose%2Findex.html
new file mode 100644
index 00000000..1393d990
--- /dev/null
+++ b/devdocs/docker/compose%2Fsamples-for-compose%2Findex.html
@@ -0,0 +1,11 @@
+<h1>Sample apps with Compose</h1>
+<p>The following samples show the various aspects of how to work with Docker Compose. As a prerequisite, be sure to <a href="../install/index">install Docker Compose</a> if you have not already done so.</p> <h2 id="key-concepts-these-samples-cover">Key concepts these samples cover</h2> <p>The samples should help you to:</p> <ul> <li>define services based on Docker images using <a href="../compose-file/index">Compose files</a> <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> and <code class="language-plaintext highlighter-rouge">docker-stack.yml</code> files</li> <li>understand the relationship between <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> and <a href="../../engine/reference/builder/index">Dockerfiles</a>
+</li> <li>learn how to make calls to your application services from Compose files</li> <li>learn how to deploy applications and services to a <a href="../../engine/swarm/index">swarm</a>
+</li> </ul> <h2 id="samples-tailored-to-demo-compose">Samples tailored to demo Compose</h2> <p>These samples focus specifically on Docker Compose:</p> <ul> <li> <p><a href="https://docs.docker.com/samples/django/">Quickstart: Compose and Django</a> - Shows how to use Docker Compose to set up and run a simple Django/PostgreSQL app.</p> </li> <li> <p><a href="https://docs.docker.com/samples/rails/">Quickstart: Compose and Rails</a> - Shows how to use Docker Compose to set up and run a Rails/PostgreSQL app.</p> </li> <li> <p><a href="https://docs.docker.com/samples/wordpress/">Quickstart: Compose and WordPress</a> - Shows how to use Docker Compose to set up and run WordPress in an isolated environment with Docker containers.</p> </li> </ul> <h2 id="awesome-compose-samples">Awesome Compose samples</h2> <p>The Awesome Compose samples provide a starting point on how to integrate different frameworks and technologies using Docker Compose. All samples are available in the <a href="https://github.com/docker/awesome-compose" target="_blank" rel="noopener" class="_">Awesome-compose GitHub repo</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=samples">samples</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/samples-for-compose/" class="_attribution-link">https://docs.docker.com/compose/samples-for-compose/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/compose%2Fstartup-order%2Findex.html b/devdocs/docker/compose%2Fstartup-order%2Findex.html
new file mode 100644
index 00000000..8d747220
--- /dev/null
+++ b/devdocs/docker/compose%2Fstartup-order%2Findex.html
@@ -0,0 +1,37 @@
+<h1>Control startup and shutdown order in Compose</h1>
+
+<p>You can control the order of service startup and shutdown with the <a href="../compose-file/compose-file-v3/index#depends_on">depends_on</a> option. Compose always starts and stops containers in dependency order, where dependencies are determined by <code class="language-plaintext highlighter-rouge">depends_on</code>, <code class="language-plaintext highlighter-rouge">links</code>, <code class="language-plaintext highlighter-rouge">volumes_from</code>, and <code class="language-plaintext highlighter-rouge">network_mode: "service:..."</code>.</p> <p>However, for startup Compose does not wait until a container is “ready” (whatever that means for your particular application) - only until it’s running. There’s a good reason for this.</p> <p>The problem of waiting for a database (for example) to be ready is really just a subset of a much larger problem of distributed systems. In production, your database could become unavailable or move hosts at any time. Your application needs to be resilient to these types of failures.</p> <p>To handle this, design your application to attempt to re-establish a connection to the database after a failure. If the application retries the connection, it can eventually connect to the database.</p> <p>The best solution is to perform this check in your application code, both at startup and whenever a connection is lost for any reason. However, if you don’t need this level of resilience, you can work around the problem with a wrapper script:</p> <ul> <li> <p>Use a tool such as <a href="https://github.com/vishnubob/wait-for-it">wait-for-it</a>, <a href="https://github.com/powerman/dockerize">dockerize</a>, sh-compatible <a href="https://github.com/Eficode/wait-for">wait-for</a>, or <a href="https://github.com/jasonsychau/RelayAndContainers">RelayAndContainers</a> template. These are small wrapper scripts which you can include in your application’s image to poll a given host and port until it’s accepting TCP connections.</p> <p>For example, to use <code class="language-plaintext highlighter-rouge">wait-for-it.sh</code> or <code class="language-plaintext highlighter-rouge">wait-for</code> to wrap your service’s command:</p> <div class="highlight"><pre class="highlight" data-language="">version: "2"
+services:
+  web:
+    build: .
+    ports:
+      - "80:8000"
+    depends_on:
+      - "db"
+    command: ["./wait-for-it.sh", "db:5432", "--", "python", "app.py"]
+  db:
+    image: postgres
+</pre></div>  <blockquote> <p><strong>Tip</strong></p> <p>There are limitations to this first solution. For example, it doesn’t verify when a specific service is really ready. If you add more arguments to the command, use the <code class="language-plaintext highlighter-rouge">bash shift</code> command with a loop, as shown in the next example.</p> </blockquote> </li> <li> <p>Alternatively, write your own wrapper script to perform a more application-specific health check. For example, you might want to wait until Postgres is ready to accept commands:</p> <div class="highlight"><pre class="highlight" data-language="">#!/bin/sh
+# wait-for-postgres.sh
+
+set -e
+  
+host="$1"
+shift
+  
+until PGPASSWORD=$POSTGRES_PASSWORD psql -h "$host" -U "postgres" -c '\q'; do
+  &gt;&amp;2 echo "Postgres is unavailable - sleeping"
+  sleep 1
+done
+  
+&gt;&amp;2 echo "Postgres is up - executing command"
+exec "$@"
+</pre></div>  <p>You can use this as a wrapper script as in the previous example, by setting:</p> <div class="highlight"><pre class="highlight" data-language="">command: ["./wait-for-postgres.sh", "db", "python", "app.py"]
+</pre></div>  </li> </ul> <h2 id="compose-documentation">Compose documentation</h2> <ul> <li><a href="../index">User guide</a></li> <li><a href="../install/index">Installing Compose</a></li> <li><a href="../gettingstarted/index">Getting Started</a></li> <li><a href="../reference/index">Command line reference</a></li> <li><a href="../compose-file/index">Compose file reference</a></li> <li><a href="../samples-for-compose/index">Sample apps with Compose</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=startup">startup</a>, <a href="https://docs.docker.com/search/?q=shutdown">shutdown</a>, <a href="https://docs.docker.com/search/?q=order">order</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/compose/startup-order/" class="_attribution-link">https://docs.docker.com/compose/startup-order/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fapi%2Findex.html b/devdocs/docker/engine%2Fapi%2Findex.html
new file mode 100644
index 00000000..724aeecf
--- /dev/null
+++ b/devdocs/docker/engine%2Fapi%2Findex.html
@@ -0,0 +1,31 @@
+<h1>Develop with Docker Engine API</h1>
+
+<p>Docker provides an API for interacting with the Docker daemon (called the Docker Engine API), as well as SDKs for Go and Python. The SDKs allow you to build and scale Docker apps and solutions quickly and easily. If Go or Python don’t work for you, you can use the Docker Engine API directly.</p> <p>For information about Docker Engine SDKs, see <a href="sdk/index">Develop with Docker Engine SDKs</a>.</p> <p>The Docker Engine API is a RESTful API accessed by an HTTP client such as <code class="language-plaintext highlighter-rouge">wget</code> or <code class="language-plaintext highlighter-rouge">curl</code>, or the HTTP library which is part of most modern programming languages.</p> <h2 id="view-the-api-reference">View the API reference</h2> <p>You can <a href="https://docs.docker.com/develop/sdk">view the reference for the latest version of the API</a> or <a href="https://docs.docker.com/engine/api/version-history/">choose a specific version</a>.</p> <h2 id="versioned-api-and-sdk">Versioned API and SDK</h2> <p>The version of the Docker Engine API you should use depends upon the version of your Docker daemon and Docker client.</p> <p>A given version of the Docker Engine SDK supports a specific version of the Docker Engine API, as well as all earlier versions. If breaking changes occur, they are documented prominently.</p> <blockquote> <p>Daemon and client API mismatches</p> <p>The Docker daemon and client do not necessarily need to be the same version at all times. However, keep the following in mind.</p> <ul> <li> <p>If the daemon is newer than the client, the client does not know about new features or deprecated API endpoints in the daemon.</p> </li> <li> <p>If the client is newer than the daemon, the client can request API endpoints that the daemon does not know about.</p> </li> </ul> </blockquote> <p>A new version of the API is released when new features are added. The Docker API is backward-compatible, so you do not need to update code that uses the API unless you need to take advantage of new features.</p> <p>To see the highest version of the API your Docker daemon and client support, use <code class="language-plaintext highlighter-rouge">docker version</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker version
+
+Client: Docker Engine - Community
+ Version:           20.10.0
+ API version:       1.41
+ Go version:        go1.13.15
+ Git commit:        7287ab3
+ Built:             Tue Dec  8 19:00:39 2020
+ OS/Arch:           linux/amd64
+ Context:           default
+ Experimental:      true
+Server: Docker Engine - Community
+ Engine:
+  Version:          20.10.0
+  API version:      1.41 (minimum version 1.12)
+  Go version:       go1.13.15
+  Git commit:       eeddea2
+  Built:            Tue Dec  8 18:58:12 2020
+  OS/Arch:          linux/amd64
+  ...
+</pre></div> <p>You can specify the API version to use, in one of the following ways:</p> <ul> <li> <p>When using the SDK, use the latest version you can, but at least the version that incorporates the API version with the features you need.</p> </li> <li> <p>When using <code class="language-plaintext highlighter-rouge">curl</code> directly, specify the version as the first part of the URL. For instance, if the endpoint is <code class="language-plaintext highlighter-rouge">/containers/</code>, you can use <code class="language-plaintext highlighter-rouge">/v1.41/containers/</code>.</p> </li> <li> <p>To force the Docker CLI or the Docker Engine SDKs to use an old version version of the API than the version reported by <code class="language-plaintext highlighter-rouge">docker version</code>, set the environment variable <code class="language-plaintext highlighter-rouge">DOCKER_API_VERSION</code> to the correct version. This works on Linux, Windows, or macOS clients.</p> <div class="highlight"><pre class="highlight" data-language="">$ DOCKER_API_VERSION='1.41'
+</pre></div>  <p>While the environment variable is set, that version of the API is used, even if the Docker daemon supports a newer version. This environment variable disables API version negotiation, and as such should only be used if you must use a specific version of the API, or for debugging purposes.</p> </li> <li> <p>The Docker Go SDK allows you to enable API version negotiation, automatically selects an API version that is supported by both the client, and the Docker Engine that is used.</p> </li> <li> <p>For the SDKs, you can also specify the API version programmatically, as a parameter to the <code class="language-plaintext highlighter-rouge">client</code> object. See the <a href="https://github.com/moby/moby/blob/v19.03.6/client/client.go#L119" target="_blank" rel="noopener" class="_">Go constructor</a> or the <a href="https://docker-py.readthedocs.io/en/stable/client.html" target="_blank" rel="noopener" class="_">Python SDK documentation for <code class="language-plaintext highlighter-rouge">client</code></a>.</p> </li> </ul> <h3 id="api-version-matrix">API version matrix</h3> <table> <thead> <tr> <th style="text-align: left">Docker version</th> <th style="text-align: left">Maximum API version</th> <th style="text-align: left">Change log</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">20.10</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.41/">1.41</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v141-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">19.03</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.40/">1.40</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v140-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">18.09</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.39/">1.39</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v139-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">18.06</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.38/">1.38</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v138-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">18.05</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.37/">1.37</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v137-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">18.04</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.37/">1.37</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v137-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">18.03</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.37/">1.37</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v137-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">18.02</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.36/">1.36</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v136-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.12</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.35/">1.35</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v135-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.11</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.34/">1.34</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v134-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.10</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.33/">1.33</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v133-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.09</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.32/">1.32</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v132-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.07</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.31/">1.31</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v131-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.06</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.30/">1.30</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v130-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.05</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.29/">1.29</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v129-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.04</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.28/">1.28</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v128-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.03.1</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.27/">1.27</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v127-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">17.03</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.27/">1.26</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v126-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">1.13.1</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.26/">1.26</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v126-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">1.13</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.26/">1.25</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v125-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">1.12</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.24/">1.24</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v124-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">1.11</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.23/">1.23</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v123-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">1.10</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.22/">1.22</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v122-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">1.9</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.21/">1.21</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v121-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">1.8</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.20/">1.20</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v120-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">1.7</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.19/">1.19</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v119-api-changes">changes</a></td> </tr> <tr> <td style="text-align: left">1.6</td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/v1.18/">1.18</a></td> <td style="text-align: left"><a href="https://docs.docker.com/engine/api/version-history/#v118-api-changes">changes</a></td> </tr> </tbody> </table> <h3 id="archived-api-versions">Archived API versions</h3> <p>Documentation for older versions of the API has been archived, but can be found in the <a href="https://github.com/moby/moby/tree/v1.9.1/docs/reference/api" target="_blank" rel="noopener" class="_">docker code repository on GitHub</a></p> 
+<p><a href="https://docs.docker.com/search/?q=developing">developing</a>, <a href="https://docs.docker.com/search/?q=api">api</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/api/" class="_attribution-link">https://docs.docker.com/engine/api/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fapi%2Fsdk%2Fexamples%2Findex.html b/devdocs/docker/engine%2Fapi%2Fsdk%2Fexamples%2Findex.html
new file mode 100644
index 00000000..05d1efd8
--- /dev/null
+++ b/devdocs/docker/engine%2Fapi%2Fsdk%2Fexamples%2Findex.html
@@ -0,0 +1,435 @@
+<h1>Examples using the Docker Engine SDKs and Docker API</h1>
+
+<p>After you <a href="https://docs.docker.com/get-docker/">install Docker</a>, you can <a href="../index#install-the-sdks">install the Go or Python SDK</a> and also try out the Docker Engine API.</p> <p>Each of these examples show how to perform a given Docker operation using the Go and Python SDKs and the HTTP API using <code class="language-plaintext highlighter-rouge">curl</code>.</p> <h2 id="run-a-container">Run a container</h2> <p>This first example shows how to run a container using the Docker API. On the command line, you would use the <code class="language-plaintext highlighter-rouge">docker run</code> command, but this is just as easy to do from your own apps too.</p> <p>This is the equivalent of typing <code class="language-plaintext highlighter-rouge">docker run alpine echo hello world</code> at the command prompt:</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#tab-run-go" data-group="go">Go</a></li> <li><a data-toggle="tab" data-target="#tab-run-python" data-group="python">Python</a></li> <li><a data-toggle="tab" data-target="#tab-run-curl" data-group="curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="tab-run-go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"io"
+	"os"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/stdcopy"
+)
+
+func main() {
+	ctx := context.Background()
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	reader, err := cli.ImagePull(ctx, "docker.io/library/alpine", types.ImagePullOptions{})
+	if err != nil {
+		panic(err)
+	}
+
+	defer reader.Close()
+	io.Copy(os.Stdout, reader)
+
+	resp, err := cli.ContainerCreate(ctx, &amp;container.Config{
+		Image: "alpine",
+		Cmd:   []string{"echo", "hello world"},
+		Tty:   false,
+	}, nil, nil, nil, "")
+	if err != nil {
+		panic(err)
+	}
+
+	if err := cli.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{}); err != nil {
+		panic(err)
+	}
+
+	statusCh, errCh := cli.ContainerWait(ctx, resp.ID, container.WaitConditionNotRunning)
+	select {
+	case err := &lt;-errCh:
+		if err != nil {
+			panic(err)
+		}
+	case &lt;-statusCh:
+	}
+
+	out, err := cli.ContainerLogs(ctx, resp.ID, types.ContainerLogsOptions{ShowStdout: true})
+	if err != nil {
+		panic(err)
+	}
+
+	stdcopy.StdCopy(os.Stdout, os.Stderr, out)
+}
+</pre></div>  </div> <div id="tab-run-python" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+print(client.containers.run("alpine", ["echo", "hello", "world"]))
+</pre></div>  </div> <div id="tab-run-curl" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">$ curl --unix-socket /var/run/docker.sock -H "Content-Type: application/json" \
+  -d '{"Image": "alpine", "Cmd": ["echo", "hello world"]}' \
+  -X POST http://localhost/v1.41/containers/create
+{"Id":"1c6594faf5","Warnings":null}
+
+$ curl --unix-socket /var/run/docker.sock -X POST http://localhost/v1.41/containers/1c6594faf5/start
+
+$ curl --unix-socket /var/run/docker.sock -X POST http://localhost/v1.41/containers/1c6594faf5/wait
+{"StatusCode":0}
+
+$ curl --unix-socket /var/run/docker.sock "http://localhost/v1.41/containers/1c6594faf5/logs?stdout=1"
+hello world
+</pre></div>  <p>When using cURL to connect over a unix socket, the hostname is not important. The examples above use <code class="language-plaintext highlighter-rouge">localhost</code>, but any hostname would work.</p> <blockquote class="important"> <p><strong>Using cURL 7.47.0 or below?</strong></p> <p>The examples above assume you are using cURL 7.50.0 or above. Older versions of cURL used a <a href="https://github.com/moby/moby/issues/17960" target="_blank" rel="noopener" class="_">non-standard URL notation</a> when using a socket connection.</p> <p>If you are using an older version of cURL, use <code class="language-plaintext highlighter-rouge">http:/&lt;API version&gt;/</code> instead, for example, <code class="language-plaintext highlighter-rouge">http:/v1.41/containers/1c6594faf5/start</code></p> </blockquote> </div> </div>  <h2 id="run-a-container-in-the-background">Run a container in the background</h2> <p>You can also run containers in the background, the equivalent of typing <code class="language-plaintext highlighter-rouge">docker run -d bfirsh/reticulate-splines</code>:</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#tab-rundetach-go" data-group="go">Go</a></li> <li><a data-toggle="tab" data-target="#tab-rundetach-python" data-group="python">Python</a></li> <li><a data-toggle="tab" data-target="#tab-rundetach-curl" data-group="curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="tab-rundetach-go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
+)
+
+func main() {
+	ctx := context.Background()
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	imageName := "bfirsh/reticulate-splines"
+
+	out, err := cli.ImagePull(ctx, imageName, types.ImagePullOptions{})
+	if err != nil {
+		panic(err)
+	}
+	defer out.Close()
+	io.Copy(os.Stdout, out)
+
+	resp, err := cli.ContainerCreate(ctx, &amp;container.Config{
+		Image: imageName,
+	}, nil, nil, nil, "")
+	if err != nil {
+		panic(err)
+	}
+
+	if err := cli.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{}); err != nil {
+		panic(err)
+	}
+
+	fmt.Println(resp.ID)
+}
+</pre></div>  </div> <div id="tab-rundetach-python" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+container = client.containers.run("bfirsh/reticulate-splines", detach=True)
+print(container.id)
+</pre></div>  </div> <div id="tab-rundetach-curl" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">$ curl --unix-socket /var/run/docker.sock -H "Content-Type: application/json" \
+  -d '{"Image": "bfirsh/reticulate-splines"}' \
+  -X POST http://localhost/v1.41/containers/create
+{"Id":"1c6594faf5","Warnings":null}
+
+$ curl --unix-socket /var/run/docker.sock -X POST http://localhost/v1.41/containers/1c6594faf5/start
+</pre></div>  </div> </div>  <h2 id="list-and-manage-containers">List and manage containers</h2> <p>You can use the API to list containers that are running, just like using <code class="language-plaintext highlighter-rouge">docker ps</code>:</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#tab-listcontainers-go" data-group="go">Go</a></li> <li><a data-toggle="tab" data-target="#tab-listcontainers-python" data-group="python">Python</a></li> <li><a data-toggle="tab" data-target="#tab-listcontainers-curl" data-group="curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="tab-listcontainers-go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+)
+
+func main() {
+	ctx := context.Background()
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	containers, err := cli.ContainerList(ctx, types.ContainerListOptions{})
+	if err != nil {
+		panic(err)
+	}
+
+	for _, container := range containers {
+		fmt.Println(container.ID)
+	}
+}
+</pre></div>  </div> <div id="tab-listcontainers-python" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+for container in client.containers.list():
+  print(container.id)
+</pre></div>  </div> <div id="tab-listcontainers-curl" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">$ curl --unix-socket /var/run/docker.sock http://localhost/v1.41/containers/json
+[{
+  "Id":"ae63e8b89a26f01f6b4b2c9a7817c31a1b6196acf560f66586fbc8809ffcd772",
+  "Names":["/tender_wing"],
+  "Image":"bfirsh/reticulate-splines",
+  ...
+}]
+</pre></div>  </div> </div>  <h2 id="stop-all-running-containers">Stop all running containers</h2> <p>Now that you know what containers exist, you can perform operations on them. This example stops all running containers.</p> <blockquote> <p><strong>Note</strong>: Don’t run this on a production server. Also, if you are using swarm services, the containers stop, but Docker creates new ones to keep the service running in its configured state.</p> </blockquote> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#tab-stopcontainers-go" data-group="go">Go</a></li> <li><a data-toggle="tab" data-target="#tab-stopcontainers-python" data-group="python">Python</a></li> <li><a data-toggle="tab" data-target="#tab-stopcontainers-curl" data-group="curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="tab-stopcontainers-go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+)
+
+func main() {
+	ctx := context.Background()
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	containers, err := cli.ContainerList(ctx, types.ContainerListOptions{})
+	if err != nil {
+		panic(err)
+	}
+
+	for _, container := range containers {
+		fmt.Print("Stopping container ", container.ID[:10], "... ")
+		if err := cli.ContainerStop(ctx, container.ID, nil); err != nil {
+			panic(err)
+		}
+		fmt.Println("Success")
+	}
+}
+</pre></div>  </div> <div id="tab-stopcontainers-python" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+for container in client.containers.list():
+  container.stop()
+</pre></div>  </div> <div id="tab-stopcontainers-curl" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">$ curl --unix-socket /var/run/docker.sock http://localhost/v1.41/containers/json
+[{
+  "Id":"ae63e8b89a26f01f6b4b2c9a7817c31a1b6196acf560f66586fbc8809ffcd772",
+  "Names":["/tender_wing"],
+  "Image":"bfirsh/reticulate-splines",
+  ...
+}]
+
+$ curl --unix-socket /var/run/docker.sock \
+  -X POST http://localhost/v1.41/containers/ae63e8b89a26/stop
+</pre></div>  </div> </div>  <h2 id="print-the-logs-of-a-specific-container">Print the logs of a specific container</h2> <p>You can also perform actions on individual containers. This example prints the logs of a container given its ID. You need to modify the code before running it to change the hard-coded ID of the container to print the logs for.</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#tab-containerlogs-go" data-group="go">Go</a></li> <li><a data-toggle="tab" data-target="#tab-containerlogs-python" data-group="python">Python</a></li> <li><a data-toggle="tab" data-target="#tab-containerlogs-curl" data-group="curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="tab-containerlogs-go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"io"
+	"os"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+)
+
+func main() {
+	ctx := context.Background()
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	options := types.ContainerLogsOptions{ShowStdout: true}
+	// Replace this ID with a container that really exists
+	out, err := cli.ContainerLogs(ctx, "f1064a8a4c82", options)
+	if err != nil {
+		panic(err)
+	}
+
+	io.Copy(os.Stdout, out)
+}
+</pre></div>  </div> <div id="tab-containerlogs-python" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+container = client.containers.get('f1064a8a4c82')
+print(container.logs())
+</pre></div>  </div> <div id="tab-containerlogs-curl" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">$ curl --unix-socket /var/run/docker.sock "http://localhost/v1.41/containers/ca5f55cdb/logs?stdout=1"
+Reticulating spline 1...
+Reticulating spline 2...
+Reticulating spline 3...
+Reticulating spline 4...
+Reticulating spline 5...
+</pre></div>  </div> </div>  <h2 id="list-all-images">List all images</h2> <p>List the images on your Engine, similar to <code class="language-plaintext highlighter-rouge">docker image ls</code>:</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#tab-listimages-go" data-group="go">Go</a></li> <li><a data-toggle="tab" data-target="#tab-listimages-python" data-group="python">Python</a></li> <li><a data-toggle="tab" data-target="#tab-listimages-curl" data-group="curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="tab-listimages-go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+)
+
+func main() {
+	ctx := context.Background()
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	images, err := cli.ImageList(ctx, types.ImageListOptions{})
+	if err != nil {
+		panic(err)
+	}
+
+	for _, image := range images {
+		fmt.Println(image.ID)
+	}
+}
+</pre></div>  </div> <div id="tab-listimages-python" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+for image in client.images.list():
+  print(image.id)
+</pre></div>  </div> <div id="tab-listimages-curl" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">$ curl --unix-socket /var/run/docker.sock http://localhost/v1.41/images/json
+[{
+  "Id":"sha256:31d9a31e1dd803470c5a151b8919ef1988ac3efd44281ac59d43ad623f275dcd",
+  "ParentId":"sha256:ee4603260daafe1a8c2f3b78fd760922918ab2441cbb2853ed5c439e59c52f96",
+  ...
+}]
+</pre></div>  </div> </div>  <h2 id="pull-an-image">Pull an image</h2> <p>Pull an image, like <code class="language-plaintext highlighter-rouge">docker pull</code>:</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#tab-pullimages-go" data-group="go">Go</a></li> <li><a data-toggle="tab" data-target="#tab-pullimages-python" data-group="python">Python</a></li> <li><a data-toggle="tab" data-target="#tab-pullimages-curl" data-group="curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="tab-pullimages-go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"io"
+	"os"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+)
+
+func main() {
+	ctx := context.Background()
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	out, err := cli.ImagePull(ctx, "alpine", types.ImagePullOptions{})
+	if err != nil {
+		panic(err)
+	}
+
+	defer out.Close()
+
+	io.Copy(os.Stdout, out)
+}
+</pre></div>  </div> <div id="tab-pullimages-python" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+image = client.images.pull("alpine")
+print(image.id)
+</pre></div>  </div> <div id="tab-pullimages-curl" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">$ curl --unix-socket /var/run/docker.sock \
+  -X POST "http://localhost/v1.41/images/create?fromImage=alpine"
+{"status":"Pulling from library/alpine","id":"3.1"}
+{"status":"Pulling fs layer","progressDetail":{},"id":"8f13703509f7"}
+{"status":"Downloading","progressDetail":{"current":32768,"total":2244027},"progress":"[\u003e                                                  ] 32.77 kB/2.244 MB","id":"8f13703509f7"}
+...
+</pre></div>  </div> </div>  <h2 id="pull-an-image-with-authentication">Pull an image with authentication</h2> <p>Pull an image, like <code class="language-plaintext highlighter-rouge">docker pull</code>, with authentication:</p> <blockquote> <p><strong>Note</strong>: Credentials are sent in the clear. Docker’s official registries use HTTPS. Private registries should also be configured to use HTTPS.</p> </blockquote> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#tab-pullimages-auth-go" data-group="go">Go</a></li> <li><a data-toggle="tab" data-target="#tab-pullimages-auth-python" data-group="python">Python</a></li> <li><a data-toggle="tab" data-target="#tab-pullimages-auth-curl" data-group="curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="tab-pullimages-auth-go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"io"
+	"os"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+)
+
+func main() {
+	ctx := context.Background()
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	authConfig := types.AuthConfig{
+		Username: "username",
+		Password: "password",
+	}
+	encodedJSON, err := json.Marshal(authConfig)
+	if err != nil {
+		panic(err)
+	}
+	authStr := base64.URLEncoding.EncodeToString(encodedJSON)
+
+	out, err := cli.ImagePull(ctx, "alpine", types.ImagePullOptions{RegistryAuth: authStr})
+	if err != nil {
+		panic(err)
+	}
+
+	defer out.Close()
+	io.Copy(os.Stdout, out)
+}
+</pre></div>  </div> <div id="tab-pullimages-auth-python" class="tab-pane fade"> <p>The Python SDK retrieves authentication information from the <a href="../../../reference/commandline/login/index#credentials-store">credentials store</a> file and integrates with <a href="https://github.com/docker/docker-credential-helpers" target="_blank" class="_">credential helpers</a>. It is possible to override these credentials, but that is out of scope for this Getting Started guide. After using <code class="language-plaintext highlighter-rouge">docker login</code>, the Python SDK uses these credentials automatically.</p> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+image = client.images.pull("alpine")
+print(image.id)
+</pre></div>  </div> <div id="tab-pullimages-auth-curl" class="tab-pane fade"> <p>This example leaves the credentials in your shell’s history, so consider this a naive implementation. The credentials are passed as a Base-64-encoded JSON structure.</p> <div class="highlight"><pre class="highlight" data-language="">$ JSON=$(echo '{"username": "string", "password": "string", "serveraddress": "string"}' | base64)
+
+$ curl --unix-socket /var/run/docker.sock \
+  -H "Content-Type: application/tar"
+  -X POST "http://localhost/v1.41/images/create?fromImage=alpine"
+  -H "X-Registry-Auth"
+  -d "$JSON"
+{"status":"Pulling from library/alpine","id":"3.1"}
+{"status":"Pulling fs layer","progressDetail":{},"id":"8f13703509f7"}
+{"status":"Downloading","progressDetail":{"current":32768,"total":2244027},"progress":"[\u003e                                                  ] 32.77 kB/2.244 MB","id":"8f13703509f7"}
+...
+</pre></div>  </div> </div>  <h2 id="commit-a-container">Commit a container</h2> <p>Commit a container to create an image from its contents:</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#tab-commit-go" data-group="go">Go</a></li> <li><a data-toggle="tab" data-target="#tab-commit-python" data-group="python">Python</a></li> <li><a data-toggle="tab" data-target="#tab-commit-curl" data-group="curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="tab-commit-go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
+)
+
+func main() {
+	ctx := context.Background()
+	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+	if err != nil {
+		panic(err)
+	}
+
+	createResp, err := cli.ContainerCreate(ctx, &amp;container.Config{
+		Image: "alpine",
+		Cmd:   []string{"touch", "/helloworld"},
+	}, nil, nil, nil, "")
+	if err != nil {
+		panic(err)
+	}
+
+	if err := cli.ContainerStart(ctx, createResp.ID, types.ContainerStartOptions{}); err != nil {
+		panic(err)
+	}
+
+	statusCh, errCh := cli.ContainerWait(ctx, createResp.ID, container.WaitConditionNotRunning)
+	select {
+	case err := &lt;-errCh:
+		if err != nil {
+			panic(err)
+		}
+	case &lt;-statusCh:
+	}
+
+	commitResp, err := cli.ContainerCommit(ctx, createResp.ID, types.ContainerCommitOptions{Reference: "helloworld"})
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println(commitResp.ID)
+}
+</pre></div>  </div> <div id="tab-commit-python" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+container = client.containers.run("alpine", ["touch", "/helloworld"], detach=True)
+container.wait()
+image = container.commit("helloworld")
+print(image.id)
+</pre></div>  </div> <div id="tab-commit-curl" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d alpine touch /helloworld
+0888269a9d584f0fa8fc96b3c0d8d57969ceea3a64acf47cd34eebb4744dbc52
+$ curl --unix-socket /var/run/docker.sock\
+  -X POST "http://localhost/v1.41/commit?container=0888269a9d&amp;repo=helloworld"
+{"Id":"sha256:6c86a5cd4b87f2771648ce619e319f3e508394b5bfc2cdbd2d60f59d52acda6c"}
+</pre></div>  </div> </div>  
+<p><a href="https://docs.docker.com/search/?q=developing">developing</a>, <a href="https://docs.docker.com/search/?q=api">api</a>, <a href="https://docs.docker.com/search/?q=sdk">sdk</a>, <a href="https://docs.docker.com/search/?q=developers">developers</a>, <a href="https://docs.docker.com/search/?q=rest">rest</a>, <a href="https://docs.docker.com/search/?q=curl">curl</a>, <a href="https://docs.docker.com/search/?q=python">python</a>, <a href="https://docs.docker.com/search/?q=go">go</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/api/sdk/examples/" class="_attribution-link">https://docs.docker.com/engine/api/sdk/examples/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fapi%2Fsdk%2Findex.html b/devdocs/docker/engine%2Fapi%2Fsdk%2Findex.html
new file mode 100644
index 00000000..d3b76c78
--- /dev/null
+++ b/devdocs/docker/engine%2Fapi%2Fsdk%2Findex.html
@@ -0,0 +1,81 @@
+<h1>Develop with Docker Engine SDKs</h1>
+
+<p>Docker provides an API for interacting with the Docker daemon (called the Docker Engine API), as well as SDKs for Go and Python. The SDKs allow you to build and scale Docker apps and solutions quickly and easily. If Go or Python don’t work for you, you can use the Docker Engine API directly.</p> <p>The Docker Engine API is a RESTful API accessed by an HTTP client such as <code class="language-plaintext highlighter-rouge">wget</code> or <code class="language-plaintext highlighter-rouge">curl</code>, or the HTTP library which is part of most modern programming languages.</p> <h2 id="install-the-sdks">Install the SDKs</h2> <p>Use the following commands to install the Go or Python SDK. Both SDKs can be installed and coexist together.</p> <h3 id="go-sdk">Go SDK</h3> <div class="highlight"><pre class="highlight" data-language="">$ go get github.com/docker/docker/client
+</pre></div> <p>The client requires a recent version of Go. Run <code class="language-plaintext highlighter-rouge">go version</code> and ensure that you are running a currently supported version of Go</p> <p><a href="https://godoc.org/github.com/docker/docker/client">Read the full Docker Engine Go SDK reference</a>.</p> <h3 id="python-sdk">Python SDK</h3> <ul> <li> <p><strong>Recommended</strong>: Run <code class="language-plaintext highlighter-rouge">pip install docker</code>.</p> </li> <li> <p><strong>If you can’t use <code class="language-plaintext highlighter-rouge">pip</code></strong>:</p> <ol> <li>
+<a href="https://pypi.python.org/pypi/docker/">Download the package directly</a>.</li> <li>Extract it and change to the extracted directory,</li> <li>Run <code class="language-plaintext highlighter-rouge">python setup.py install</code>.</li> </ol> </li> </ul> <p><a href="https://docker-py.readthedocs.io/">Read the full Docker Engine Python SDK reference</a>.</p> <h2 id="view-the-api-reference">View the API reference</h2> <p>You can <a href="https://docs.docker.com/develop/sdk">view the reference for the latest version of the API</a> or <a href="https://docs.docker.com/engine/api/version-history/">choose a specific version</a>.</p> <h2 id="versioned-api-and-sdk">Versioned API and SDK</h2> <p>The version of the Docker Engine API you should use depends upon the version of your Docker daemon and Docker client. Refer to the <a href="../index#versioned-api-and-sdk">versioned API and SDK</a> section in the API documentation for details.</p> <h2 id="sdk-and-api-quickstart">SDK and API quickstart</h2> <p>Use the following guidelines to choose the SDK or API version to use in your code:</p> <ul> <li>If you’re starting a new project, use the <a href="https://docs.docker.com/develop/sdk">latest version</a>, but use API version negotiation or specify the version you are using. This helps prevent surprises.</li> <li>If you need a new feature, update your code to use at least the minimum version that supports the feature, and prefer the latest version you can use.</li> <li>Otherwise, continue to use the version that your code is already using.</li> </ul> <p>As an example, the <code class="language-plaintext highlighter-rouge">docker run</code> command can be easily implemented using the Docker API directly, or using the Python or Go SDK.</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#go">Go</a></li> <li><a data-toggle="tab" data-target="#python">Python</a></li> <li><a data-toggle="tab" data-target="#curl">HTTP</a></li> </ul> <div class="tab-content"> <div id="go" class="tab-pane fade in active"> <div class="highlight"><pre class="highlight" data-language="">package main
+
+import (
+	"context"
+	"io"
+	"os"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/pkg/stdcopy"
+)
+
+func main() {
+    ctx := context.Background()
+    cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+    if err != nil {
+        panic(err)
+    }
+
+    reader, err := cli.ImagePull(ctx, "docker.io/library/alpine", types.ImagePullOptions{})
+    if err != nil {
+        panic(err)
+    }
+    io.Copy(os.Stdout, reader)
+
+    resp, err := cli.ContainerCreate(ctx, &amp;container.Config{
+        Image: "alpine",
+        Cmd:   []string{"echo", "hello world"},
+    }, nil, nil, nil, "")
+    if err != nil {
+        panic(err)
+    }
+
+    if err := cli.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{}); err != nil {
+        panic(err)
+    }
+
+    statusCh, errCh := cli.ContainerWait(ctx, resp.ID, container.WaitConditionNotRunning)
+    select {
+    case err := &lt;-errCh:
+        if err != nil {
+            panic(err)
+        }
+    case &lt;-statusCh:
+    }
+
+    out, err := cli.ContainerLogs(ctx, resp.ID, types.ContainerLogsOptions{ShowStdout: true})
+    if err != nil {
+        panic(err)
+    }
+
+    stdcopy.StdCopy(os.Stdout, os.Stderr, out)
+}
+</pre></div>  </div> <div id="python" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">import docker
+client = docker.from_env()
+print client.containers.run("alpine", ["echo", "hello", "world"])
+</pre></div>  </div> <div id="curl" class="tab-pane fade"> <div class="highlight"><pre class="highlight" data-language="">$ curl --unix-socket /var/run/docker.sock -H "Content-Type: application/json" \
+  -d '{"Image": "alpine", "Cmd": ["echo", "hello world"]}' \
+  -X POST http://localhost/v1.41/containers/create
+{"Id":"1c6594faf5","Warnings":null}
+
+$ curl --unix-socket /var/run/docker.sock -X POST http://localhost/v1.41/containers/1c6594faf5/start
+
+$ curl --unix-socket /var/run/docker.sock -X POST http://localhost/v1.41/containers/1c6594faf5/wait
+{"StatusCode":0}
+
+$ curl --unix-socket /var/run/docker.sock "http://localhost/v1.41/containers/1c6594faf5/logs?stdout=1"
+hello world
+</pre></div>  <p>When using cURL to connect over a unix socket, the hostname is not important. The examples above use <code class="language-plaintext highlighter-rouge">localhost</code>, but any hostname would work.</p> <blockquote class="important"> <p><strong>Using cURL 7.47.0 or below?</strong></p> <p>The examples above assume you are using cURL 7.50.0 or above. Older versions of cURL used a <a href="https://github.com/moby/moby/issues/17960" target="_blank" rel="noopener" class="_">non-standard URL notation</a> when using a socket connection.</p> <p>If you are using an older version of cURL, use <code class="language-plaintext highlighter-rouge">http:/&lt;API version&gt;/</code> instead, for example, <code class="language-plaintext highlighter-rouge">http:/v1.41/containers/1c6594faf5/start</code></p> </blockquote> </div> </div> <p>For more examples, take a look at the <a href="examples/index">SDK examples</a>.</p> <h2 id="unofficial-libraries">Unofficial libraries</h2> <p>There are a number of community supported libraries available for other languages. They have not been tested by Docker, so if you run into any issues, file them with the library maintainers.</p> <table> <thead> <tr> <th style="text-align: left">Language</th> <th style="text-align: left">Library</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">C</td> <td style="text-align: left"><a href="https://github.com/danielsuo/libdocker">libdocker</a></td> </tr> <tr> <td style="text-align: left">C#</td> <td style="text-align: left"><a href="https://github.com/ahmetalpbalkan/Docker.DotNet">Docker.DotNet</a></td> </tr> <tr> <td style="text-align: left">C++</td> <td style="text-align: left"><a href="https://github.com/lasote/docker_client">lasote/docker_client</a></td> </tr> <tr> <td style="text-align: left">Clojure</td> <td style="text-align: left"><a href="https://github.com/into-docker/clj-docker-client">clj-docker-client</a></td> </tr> <tr> <td style="text-align: left">Clojure</td> <td style="text-align: left"><a href="https://github.com/lispyclouds/contajners">contajners</a></td> </tr> <tr> <td style="text-align: left">Dart</td> <td style="text-align: left"><a href="https://github.com/bwu-dart/bwu_docker">bwu_docker</a></td> </tr> <tr> <td style="text-align: left">Erlang</td> <td style="text-align: left"><a href="https://github.com/proger/erldocker">erldocker</a></td> </tr> <tr> <td style="text-align: left">Gradle</td> <td style="text-align: left"><a href="https://github.com/gesellix/gradle-docker-plugin">gradle-docker-plugin</a></td> </tr> <tr> <td style="text-align: left">Groovy</td> <td style="text-align: left"><a href="https://github.com/gesellix/docker-client">docker-client</a></td> </tr> <tr> <td style="text-align: left">Haskell</td> <td style="text-align: left"><a href="https://github.com/denibertovic/docker-hs">docker-hs</a></td> </tr> <tr> <td style="text-align: left">HTML (Web Components)</td> <td style="text-align: left"><a href="https://github.com/kapalhq/docker-elements">docker-elements</a></td> </tr> <tr> <td style="text-align: left">Java</td> <td style="text-align: left"><a href="https://github.com/spotify/docker-client">docker-client</a></td> </tr> <tr> <td style="text-align: left">Java</td> <td style="text-align: left"><a href="https://github.com/docker-java/docker-java">docker-java</a></td> </tr> <tr> <td style="text-align: left">Java</td> <td style="text-align: left"><a href="https://github.com/amihaiemil/docker-java-api">docker-java-api</a></td> </tr> <tr> <td style="text-align: left">Java</td> <td style="text-align: left"><a href="https://github.com/ndeloof/jocker">jocker</a></td> </tr> <tr> <td style="text-align: left">NodeJS</td> <td style="text-align: left"><a href="https://github.com/apocas/dockerode">dockerode</a></td> </tr> <tr> <td style="text-align: left">NodeJS</td> <td style="text-align: left"><a href="https://github.com/arhea/harbor-master">harbor-master</a></td> </tr> <tr> <td style="text-align: left">Perl</td> <td style="text-align: left"><a href="https://github.com/alambike/eixo-docker">Eixo::Docker</a></td> </tr> <tr> <td style="text-align: left">PHP</td> <td style="text-align: left"><a href="https://github.com/docker-php/docker-php">Docker-PHP</a></td> </tr> <tr> <td style="text-align: left">Ruby</td> <td style="text-align: left"><a href="https://github.com/swipely/docker-api">docker-api</a></td> </tr> <tr> <td style="text-align: left">Rust</td> <td style="text-align: left"><a href="https://github.com/abh1nav/docker-rust">docker-rust</a></td> </tr> <tr> <td style="text-align: left">Rust</td> <td style="text-align: left"><a href="https://github.com/softprops/shiplift">shiplift</a></td> </tr> <tr> <td style="text-align: left">Scala</td> <td style="text-align: left"><a href="https://github.com/softprops/tugboat">tugboat</a></td> </tr> <tr> <td style="text-align: left">Scala</td> <td style="text-align: left"><a href="https://github.com/almoehi/reactive-docker">reactive-docker</a></td> </tr> <tr> <td style="text-align: left">Swift</td> <td style="text-align: left"><a href="https://github.com/valeriomazzeo/docker-client-swift">docker-client-swift</a></td> </tr> </tbody> </table> 
+<p><a href="https://docs.docker.com/search/?q=developing">developing</a>, <a href="https://docs.docker.com/search/?q=sdk">sdk</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/api/sdk/" class="_attribution-link">https://docs.docker.com/engine/api/sdk/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fcontext%2Fworking-with-contexts%2Findex.html b/devdocs/docker/engine%2Fcontext%2Fworking-with-contexts%2Findex.html
new file mode 100644
index 00000000..9c5f0497
--- /dev/null
+++ b/devdocs/docker/engine%2Fcontext%2Fworking-with-contexts%2Findex.html
@@ -0,0 +1,101 @@
+<h1>Docker Context</h1>
+
+<h2 id="introduction">Introduction</h2> <p>This guide shows how <em>contexts</em> make it easy for a <strong>single Docker CLI</strong> to manage multiple Swarm clusters, multiple Kubernetes clusters, and multiple individual Docker nodes.</p> <p>A single Docker CLI can have multiple contexts. Each context contains all of the endpoint and security information required to manage a different cluster or node. The <code class="language-plaintext highlighter-rouge">docker context</code> command makes it easy to configure these contexts and switch between them.</p> <p>As an example, a single Docker client on your company laptop might be configured with two contexts; <strong>dev-k8s</strong> and <strong>prod-swarm</strong>. <strong>dev-k8s</strong> contains the endpoint data and security credentials to configure and manage a Kubernetes cluster in a development environment. <strong>prod-swarm</strong> contains everything required to manage a Swarm cluster in a production environment. Once these contexts are configured, you can use the top-level <code class="language-plaintext highlighter-rouge">docker context use &lt;context-name&gt;</code> to easily switch between them.</p> <p>For information on using Docker Context to deploy your apps to the cloud, see <a href="https://docs.docker.com/cloud/aci-integration/">Deploying Docker containers on Azure</a> and <a href="https://docs.docker.com/cloud/ecs-integration/">Deploying Docker containers on ECS</a>.</p> <h2 id="prerequisites">Prerequisites</h2> <p>To follow the examples in this guide, you’ll need:</p> <ul> <li>A Docker client that supports the top-level <code class="language-plaintext highlighter-rouge">context</code> command</li> </ul> <p>Run <code class="language-plaintext highlighter-rouge">docker context</code> to verify that your Docker client supports contexts.</p> <p>You will also need one of the following:</p> <ul> <li>Docker Swarm cluster</li> <li>Single-engine Docker node</li> <li>Kubernetes cluster</li> </ul> <h2 id="the-anatomy-of-a-context">The anatomy of a context</h2> <p>A context is a combination of several properties. These include:</p> <ul> <li>Name</li> <li>Endpoint configuration</li> <li>TLS info</li> <li>Orchestrator</li> </ul> <p>The easiest way to see what a context looks like is to view the <strong>default</strong> context.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context ls
+NAME          DESCRIPTION     DOCKER ENDPOINT                KUBERNETES ENDPOINT      ORCHESTRATOR
+default *     Current...      unix:///var/run/docker.sock                             swarm
+</pre></div> <p>This shows a single context called “default”. It’s configured to talk to a Swarm cluster through the local <code class="language-plaintext highlighter-rouge">/var/run/docker.sock</code> Unix socket. It has no Kubernetes endpoint configured.</p> <p>The asterisk in the <code class="language-plaintext highlighter-rouge">NAME</code> column indicates that this is the active context. This means all <code class="language-plaintext highlighter-rouge">docker</code> commands will be executed against the “default” context unless overridden with environment variables such as <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code> and <code class="language-plaintext highlighter-rouge">DOCKER_CONTEXT</code>, or on the command-line with the <code class="language-plaintext highlighter-rouge">--context</code> and <code class="language-plaintext highlighter-rouge">--host</code> flags.</p> <p>Dig a bit deeper with <code class="language-plaintext highlighter-rouge">docker context inspect</code>. In this example, we’re inspecting the context called <code class="language-plaintext highlighter-rouge">default</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context inspect default
+[
+    {
+        "Name": "default",
+        "Metadata": {
+            "StackOrchestrator": "swarm"
+        },
+        "Endpoints": {
+            "docker": {
+                "Host": "unix:///var/run/docker.sock",
+                "SkipTLSVerify": false
+            }
+        },
+        "TLSMaterial": {},
+        "Storage": {
+            "MetadataPath": "\u003cIN MEMORY\u003e",
+            "TLSPath": "\u003cIN MEMORY\u003e"
+        }
+    }
+]
+</pre></div> <p>This context is using “swarm” as the orchestrator (<code class="language-plaintext highlighter-rouge">metadata.stackOrchestrator</code>). It is configured to talk to an endpoint exposed on a local Unix socket at <code class="language-plaintext highlighter-rouge">/var/run/docker.sock</code> (<code class="language-plaintext highlighter-rouge">Endpoints.docker.Host</code>), and requires TLS verification (<code class="language-plaintext highlighter-rouge">Endpoints.docker.SkipTLSVerify</code>).</p> <h3 id="create-a-new-context">Create a new context</h3> <p>You can create new contexts with the <code class="language-plaintext highlighter-rouge">docker context create</code> command.</p> <p>The following example creates a new context called “docker-test” and specifies the following:</p> <ul> <li>Default orchestrator = Swarm</li> <li>Issue commands to the local Unix socket <code class="language-plaintext highlighter-rouge">/var/run/docker.sock</code>
+</li> </ul> <div class="highlight"><pre class="highlight" data-language="">$ docker context create docker-test \
+  --default-stack-orchestrator=swarm \
+  --docker host=unix:///var/run/docker.sock
+
+Successfully created context "docker-test"
+</pre></div> <p>The new context is stored in a <code class="language-plaintext highlighter-rouge">meta.json</code> file below <code class="language-plaintext highlighter-rouge">~/.docker/contexts/</code>. Each new context you create gets its own <code class="language-plaintext highlighter-rouge">meta.json</code> stored in a dedicated sub-directory of <code class="language-plaintext highlighter-rouge">~/.docker/contexts/</code>.</p> <blockquote> <p><strong>Note:</strong> The default context behaves differently than manually created contexts. It does not have a <code class="language-plaintext highlighter-rouge">meta.json</code> configuration file, and it dynamically updates based on the current configuration. For example, if you switch your current Kubernetes config using <code class="language-plaintext highlighter-rouge">kubectl config use-context</code>, the default Docker context will dynamically update itself to the new Kubernetes endpoint.</p> </blockquote> <p>You can view the new context with <code class="language-plaintext highlighter-rouge">docker context ls</code> and <code class="language-plaintext highlighter-rouge">docker context inspect &lt;context-name&gt;</code>.</p> <p>The following can be used to create a config with Kubernetes as the default orchestrator using the existing kubeconfig stored in <code class="language-plaintext highlighter-rouge">/home/ubuntu/.kube/config</code>. For this to work, you will need a valid kubeconfig file in <code class="language-plaintext highlighter-rouge">/home/ubuntu/.kube/config</code>. If your kubeconfig has more than one context, the current context (<code class="language-plaintext highlighter-rouge">kubectl config current-context</code>) will be used.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context create k8s-test \
+  --default-stack-orchestrator=kubernetes \
+  --kubernetes config-file=/home/ubuntu/.kube/config \
+  --docker host=unix:///var/run/docker.sock
+
+Successfully created context "k8s-test"
+</pre></div> <p>You can view all contexts on the system with <code class="language-plaintext highlighter-rouge">docker context ls</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context ls
+NAME           DESCRIPTION   DOCKER ENDPOINT               KUBERNETES ENDPOINT               ORCHESTRATOR
+default *      Current       unix:///var/run/docker.sock   https://35.226.99.100 (default)   swarm
+k8s-test                     unix:///var/run/docker.sock   https://35.226.99.100 (default)   kubernetes
+docker-test                  unix:///var/run/docker.sock                                     swarm
+</pre></div> <p>The current context is indicated with an asterisk (“*”).</p> <h2 id="use-a-different-context">Use a different context</h2> <p>You can use <code class="language-plaintext highlighter-rouge">docker context use</code> to quickly switch between contexts.</p> <p>The following command will switch the <code class="language-plaintext highlighter-rouge">docker</code> CLI to use the “k8s-test” context.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context use k8s-test
+
+k8s-test
+Current context is now "k8s-test"
+</pre></div> <p>Verify the operation by listing all contexts and ensuring the asterisk (“*”) is against the “k8s-test” context.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context ls
+NAME            DESCRIPTION                               DOCKER ENDPOINT               KUBERNETES ENDPOINT               ORCHESTRATOR
+default         Current DOCKER_HOST based configuration   unix:///var/run/docker.sock   https://35.226.99.100 (default)   swarm
+docker-test                                               unix:///var/run/docker.sock                                     swarm
+k8s-test *                                                unix:///var/run/docker.sock   https://35.226.99.100 (default)   kubernetes
+</pre></div> <p><code class="language-plaintext highlighter-rouge">docker</code> commands will now target endpoints defined in the “k8s-test” context.</p> <p>You can also set the current context using the <code class="language-plaintext highlighter-rouge">DOCKER_CONTEXT</code> environment variable. This overrides the context set with <code class="language-plaintext highlighter-rouge">docker context use</code>.</p> <p>Use the appropriate command below to set the context to <code class="language-plaintext highlighter-rouge">docker-test</code> using an environment variable.</p> <p>Windows PowerShell:</p> <div class="highlight"><pre class="highlight" data-language="">&gt; $Env:DOCKER_CONTEXT=docker-test
+</pre></div> <p>Linux:</p> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_CONTEXT=docker-test
+</pre></div> <p>Run a <code class="language-plaintext highlighter-rouge">docker context ls</code> to verify that the “docker-test” context is now the active context.</p> <p>You can also use the global <code class="language-plaintext highlighter-rouge">--context</code> flag to override the context specified by the <code class="language-plaintext highlighter-rouge">DOCKER_CONTEXT</code> environment variable. For example, the following will send the command to a context called “production”.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker --context production container ls
+</pre></div> <h2 id="exporting-and-importing-docker-contexts">Exporting and importing Docker contexts</h2> <p>The <code class="language-plaintext highlighter-rouge">docker context</code> command makes it easy to export and import contexts on different machines with the Docker client installed.</p> <p>You can use the <code class="language-plaintext highlighter-rouge">docker context export</code> command to export an existing context to a file. This file can later be imported on another machine that has the <code class="language-plaintext highlighter-rouge">docker</code> client installed.</p> <p>By default, contexts will be exported as a <em>native Docker contexts</em>. You can export and import these using the <code class="language-plaintext highlighter-rouge">docker context</code> command. If the context you are exporting includes a Kubernetes endpoint, the Kubernetes part of the context will be included in the <code class="language-plaintext highlighter-rouge">export</code> and <code class="language-plaintext highlighter-rouge">import</code> operations.</p> <p>There is also an option to export just the Kubernetes part of a context. This will produce a native kubeconfig file that can be manually merged with an existing <code class="language-plaintext highlighter-rouge">~/.kube/config</code> file on another host that has <code class="language-plaintext highlighter-rouge">kubectl</code> installed. You cannot export just the Kubernetes portion of a context and then import it with <code class="language-plaintext highlighter-rouge">docker context import</code>. The only way to import the exported Kubernetes config is to manually merge it into an existing kubeconfig file.</p> <p>Let’s look at exporting and importing a native Docker context.</p> <h3 id="exporting-and-importing-a-native-docker-context">Exporting and importing a native Docker context</h3> <p>The following example exports an existing context called “docker-test”. It will be written to a file called <code class="language-plaintext highlighter-rouge">docker-test.dockercontext</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context export docker-test
+Written file "docker-test.dockercontext"
+</pre></div> <p>Check the contents of the export file.</p> <div class="highlight"><pre class="highlight" data-language="">$ cat docker-test.dockercontext
+meta.json0000644000000000000000000000022300000000000011023 0ustar0000000000000000{"Name":"docker-test","Metadata":{"StackOrchestrator":"swarm"},"Endpoints":{"docker":{"Host":"unix:///var/run/docker.sock","SkipTLSVerify":false}}}tls0000700000000000000000000000000000000000000007716 5ustar0000000000000000
+</pre></div> <p>This file can be imported on another host using <code class="language-plaintext highlighter-rouge">docker context import</code>. The target host must have the Docker client installed.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context import docker-test docker-test.dockercontext
+docker-test
+Successfully imported context "docker-test"
+</pre></div> <p>You can verify that the context was imported with <code class="language-plaintext highlighter-rouge">docker context ls</code>.</p> <p>The format of the import command is <code class="language-plaintext highlighter-rouge">docker context import &lt;context-name&gt; &lt;context-file&gt;</code>.</p> <p>Now, let’s look at exporting just the Kubernetes parts of a context.</p> <h3 id="exporting-a-kubernetes-context">Exporting a Kubernetes context</h3> <p>You can export a Kubernetes context only if the context you are exporting has a Kubernetes endpoint configured. You cannot import a Kubernetes context using <code class="language-plaintext highlighter-rouge">docker context import</code>.</p> <p>These steps will use the <code class="language-plaintext highlighter-rouge">--kubeconfig</code> flag to export <strong>only</strong> the Kubernetes elements of the existing <code class="language-plaintext highlighter-rouge">k8s-test</code> context to a file called “k8s-test.kubeconfig”. The <code class="language-plaintext highlighter-rouge">cat</code> command will then show that it’s exported as a valid kubeconfig file.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context export k8s-test --kubeconfig
+Written file "k8s-test.kubeconfig"
+</pre></div> <p>Verify that the exported file contains a valid kubectl config.</p> <div class="highlight"><pre class="highlight" data-language="">$ cat k8s-test.kubeconfig
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data:
+    &lt;Snip&gt;
+    server: https://35.226.99.100
+  name: cluster
+contexts:
+- context:
+    cluster: cluster
+    namespace: default
+    user: authInfo
+  name: context
+current-context: context
+kind: Config
+preferences: {}
+users:
+- name: authInfo
+  user:
+    auth-provider:
+      config:
+        cmd-args: config config-helper --format=json
+        cmd-path: /snap/google-cloud-sdk/77/bin/gcloud
+        expiry-key: '{.credential.token_expiry}'
+        token-key: '{.credential.access_token}'
+      name: gcp
+</pre></div> <p>You can merge this with an existing <code class="language-plaintext highlighter-rouge">~/.kube/config</code> file on another machine.</p> <h2 id="updating-a-context">Updating a context</h2> <p>You can use <code class="language-plaintext highlighter-rouge">docker context update</code> to update fields in an existing context.</p> <p>The following example updates the “Description” field in the existing <code class="language-plaintext highlighter-rouge">k8s-test</code> context.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context update k8s-test --description "Test Kubernetes cluster"
+k8s-test
+Successfully updated context "k8s-test"
+</pre></div> 
+<p><a href="https://docs.docker.com/search/?q=engine">engine</a>, <a href="https://docs.docker.com/search/?q=context">context</a>, <a href="https://docs.docker.com/search/?q=cli">cli</a>, <a href="https://docs.docker.com/search/?q=kubernetes">kubernetes</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/context/working-with-contexts/" class="_attribution-link">https://docs.docker.com/engine/context/working-with-contexts/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fdeprecated%2Findex.html b/devdocs/docker/engine%2Fdeprecated%2Findex.html
new file mode 100644
index 00000000..559fb679
--- /dev/null
+++ b/devdocs/docker/engine%2Fdeprecated%2Findex.html
@@ -0,0 +1,82 @@
+ <h1 id="deprecated-engine-features">Deprecated Engine Features</h1> <p>This page provides an overview of features that are deprecated in Engine. Changes in packaging, and supported (Linux) distributions are not included. To learn about end of support for Linux distributions, refer to the <a href="../release-notes/index">release notes</a>.</p> <h2 id="feature-deprecation-policy">Feature Deprecation Policy</h2> <p>As changes are made to Docker there may be times when existing features need to be removed or replaced with newer features. Before an existing feature is removed it is labeled as “deprecated” within the documentation and remains in Docker for at least one stable release unless specified explicitly otherwise. After that time it may be removed.</p> <p>Users are expected to take note of the list of deprecated features each release and plan their migration away from those features, and (if applicable) towards the replacement features as soon as possible.</p> <h2 id="deprecated-engine-features-1">Deprecated Engine Features</h2> <p>The table below provides an overview of the current status of deprecated features:</p> <ul> <li>
+<strong>Deprecated</strong>: the feature is marked “deprecated” and should no longer be used. The feature may be removed, disabled, or change behavior in a future release. The <em>“Deprecated”</em> column contains the release in which the feature was marked deprecated, whereas the <em>“Remove”</em> column contains a tentative release in which the feature is to be removed. If no release is included in the <em>“Remove”</em> column, the release is yet to be decided on.</li> <li>
+<strong>Removed</strong>: the feature was removed, disabled, or hidden. Refer to the linked section for details. Some features are “soft” deprecated, which means that they remain functional for backward compatibility, and to allow users to migrate to alternatives. In such cases, a warning may be printed, and users should not rely on this feature.</li> </ul> <table> <thead> <tr> <th>Status</th> <th>Feature</th> <th>Deprecated</th> <th>Remove</th> </tr> </thead> <tbody> <tr> <td>Deprecated</td> <td><a href="#support-for-encrypted-tls-private-keys">Support for encrypted TLS private keys</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#kubernetes-stack-and-context-support">Kubernetes stack and context support</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#pulling-images-from-non-compliant-image-registries">Pulling images from non-compliant image registries</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#linux-containers-on-windows-lcow-experimental">Linux containers on Windows (LCOW)</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#blkio-weight-options-with-cgroups-v1">BLKIO weight options with cgroups v1</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#kernel-memory-limit">Kernel memory limit</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#classic-swarm-and-overlay-networks-using-cluster-store">Classic Swarm and overlay networks using external key/value stores</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#support-for-legacy-dockercfg-configuration-files">Support for the legacy <code class="language-plaintext highlighter-rouge">~/.dockercfg</code> configuration file for authentication</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#cli-plugins-support">CLI plugins support</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#dockerfile-legacy-env-name-value-syntax">Dockerfile legacy <code class="language-plaintext highlighter-rouge">ENV name value</code> syntax</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Removed</td> <td><a href="#docker-build---stream-flag-experimental"><code class="language-plaintext highlighter-rouge">docker build --stream</code> flag (experimental)</a></td> <td>v20.10</td> <td>v20.10</td> </tr> <tr> <td>Deprecated</td> <td><a href="#fluentd-async-connect-log-opt"><code class="language-plaintext highlighter-rouge">fluentd-async-connect</code> log opt</a></td> <td>v20.10</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#configuration-options-for-experimental-cli-features">Configuration options for experimental CLI features</a></td> <td>v19.03</td> <td>v20.10</td> </tr> <tr> <td>Deprecated</td> <td><a href="#pushing-and-pulling-with-image-manifest-v2-schema-1">Pushing and pulling with image manifest v2 schema 1</a></td> <td>v19.03</td> <td>v20.10</td> </tr> <tr> <td>Removed</td> <td><a href="#docker-engine-subcommands"><code class="language-plaintext highlighter-rouge">docker engine</code> subcommands</a></td> <td>v19.03</td> <td>v20.10</td> </tr> <tr> <td>Removed</td> <td><a href="#top-level-docker-deploy-subcommand-experimental">Top-level <code class="language-plaintext highlighter-rouge">docker deploy</code> subcommand (experimental)</a></td> <td>v19.03</td> <td>v20.10</td> </tr> <tr> <td>Removed</td> <td><a href="#docker-stack-deploy-using-dab-files-experimental"><code class="language-plaintext highlighter-rouge">docker stack deploy</code> using “dab” files (experimental)</a></td> <td>v19.03</td> <td>v20.10</td> </tr> <tr> <td>Deprecated</td> <td><a href="#aufs-storage-driver">AuFS storage driver</a></td> <td>v19.03</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#legacy-overlay-storage-driver">Legacy “overlay” storage driver</a></td> <td>v18.09</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#device-mapper-storage-driver">Device mapper storage driver</a></td> <td>v18.09</td> <td>-</td> </tr> <tr> <td>Removed</td> <td><a href="#use-of-reserved-namespaces-in-engine-labels">Use of reserved namespaces in engine labels</a></td> <td>v18.06</td> <td>v20.10</td> </tr> <tr> <td>Removed</td> <td><a href="#--disable-legacy-registry-override-daemon-option"><code class="language-plaintext highlighter-rouge">--disable-legacy-registry</code> override daemon option</a></td> <td>v17.12</td> <td>v19.03</td> </tr> <tr> <td>Removed</td> <td><a href="#interacting-with-v1-registries">Interacting with V1 registries</a></td> <td>v17.06</td> <td>v17.12</td> </tr> <tr> <td>Removed</td> <td><a href="#asynchronous-service-create-and-service-update-as-default">Asynchronous <code class="language-plaintext highlighter-rouge">service create</code> and <code class="language-plaintext highlighter-rouge">service update</code> as default</a></td> <td>v17.05</td> <td>v17.10</td> </tr> <tr> <td>Removed</td> <td><a href="#-g-and---graph-flags-on-dockerd"><code class="language-plaintext highlighter-rouge">-g</code> and <code class="language-plaintext highlighter-rouge">--graph</code> flags on <code class="language-plaintext highlighter-rouge">dockerd</code></a></td> <td>v17.05</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#top-level-network-properties-in-networksettings">Top-level network properties in NetworkSettings</a></td> <td>v1.13</td> <td>v17.12</td> </tr> <tr> <td>Removed</td> <td><a href="#filter-param-for-imagesjson-endpoint"><code class="language-plaintext highlighter-rouge">filter</code> param for <code class="language-plaintext highlighter-rouge">/images/json</code> endpoint</a></td> <td>v1.13</td> <td>v20.10</td> </tr> <tr> <td>Removed</td> <td><a href="#repositoryshortid-image-references"><code class="language-plaintext highlighter-rouge">repository:shortid</code> image references</a></td> <td>v1.13</td> <td>v17.12</td> </tr> <tr> <td>Removed</td> <td><a href="#docker-daemon-subcommand"><code class="language-plaintext highlighter-rouge">docker daemon</code> subcommand</a></td> <td>v1.13</td> <td>v17.12</td> </tr> <tr> <td>Removed</td> <td><a href="#duplicate-keys-with-conflicting-values-in-engine-labels">Duplicate keys with conflicting values in engine labels</a></td> <td>v1.13</td> <td>v17.12</td> </tr> <tr> <td>Deprecated</td> <td><a href="#maintainer-in-dockerfile"><code class="language-plaintext highlighter-rouge">MAINTAINER</code> in Dockerfile</a></td> <td>v1.13</td> <td>-</td> </tr> <tr> <td>Deprecated</td> <td><a href="#api-calls-without-a-version">API calls without a version</a></td> <td>v1.13</td> <td>v17.12</td> </tr> <tr> <td>Removed</td> <td><a href="#backing-filesystem-without-d_type-support-for-overlayoverlay2">Backing filesystem without <code class="language-plaintext highlighter-rouge">d_type</code> support for overlay/overlay2</a></td> <td>v1.13</td> <td>v17.12</td> </tr> <tr> <td>Removed</td> <td><a href="#--automated-and---stars-flags-on-docker-search"><code class="language-plaintext highlighter-rouge">--automated</code> and <code class="language-plaintext highlighter-rouge">--stars</code> flags on <code class="language-plaintext highlighter-rouge">docker search</code></a></td> <td>v1.12</td> <td>v20.10</td> </tr> <tr> <td>Deprecated</td> <td><a href="#-h-shorthand-for---help"><code class="language-plaintext highlighter-rouge">-h</code> shorthand for <code class="language-plaintext highlighter-rouge">--help</code></a></td> <td>v1.12</td> <td>v17.09</td> </tr> <tr> <td>Removed</td> <td><a href="#-e-and---email-flags-on-docker-login"><code class="language-plaintext highlighter-rouge">-e</code> and <code class="language-plaintext highlighter-rouge">--email</code> flags on <code class="language-plaintext highlighter-rouge">docker login</code></a></td> <td>v1.11</td> <td>v17.06</td> </tr> <tr> <td>Deprecated</td> <td><a href="#separator--of---security-opt-flag-on-docker-run">Separator (<code class="language-plaintext highlighter-rouge">:</code>) of <code class="language-plaintext highlighter-rouge">--security-opt</code> flag on <code class="language-plaintext highlighter-rouge">docker run</code></a></td> <td>v1.11</td> <td>v17.06</td> </tr> <tr> <td>Deprecated</td> <td><a href="#ambiguous-event-fields-in-api">Ambiguous event fields in API</a></td> <td>v1.10</td> <td>-</td> </tr> <tr> <td>Removed</td> <td><a href="#-f-flag-on-docker-tag"><code class="language-plaintext highlighter-rouge">-f</code> flag on <code class="language-plaintext highlighter-rouge">docker tag</code></a></td> <td>v1.10</td> <td>v1.12</td> </tr> <tr> <td>Removed</td> <td><a href="#hostconfig-at-api-container-start">HostConfig at API container start</a></td> <td>v1.10</td> <td>v1.12</td> </tr> <tr> <td>Removed</td> <td><a href="#--before-and---since-flags-on-docker-ps"><code class="language-plaintext highlighter-rouge">--before</code> and <code class="language-plaintext highlighter-rouge">--since</code> flags on <code class="language-plaintext highlighter-rouge">docker ps</code></a></td> <td>v1.10</td> <td>v1.12</td> </tr> <tr> <td>Removed</td> <td><a href="#driver-specific-log-tags">Driver-specific log tags</a></td> <td>v1.9</td> <td>v1.12</td> </tr> <tr> <td>Removed</td> <td><a href="#docker-content-trust-env-passphrase-variables-name-change">Docker Content Trust <code class="language-plaintext highlighter-rouge">ENV</code> passphrase variables name change</a></td> <td>v1.9</td> <td>v1.12</td> </tr> <tr> <td>Removed</td> <td><a href="#containersid-or-namecopy-endpoint"><code class="language-plaintext highlighter-rouge">/containers/(id or name)/copy</code> endpoint</a></td> <td>v1.8</td> <td>v1.12</td> </tr> <tr> <td>Removed</td> <td><a href="#lxc-built-in-exec-driver">LXC built-in exec driver</a></td> <td>v1.8</td> <td>v1.10</td> </tr> <tr> <td>Removed</td> <td><a href="#old-command-line-options">Old Command Line Options</a></td> <td>v1.8</td> <td>v1.10</td> </tr> <tr> <td>Removed</td> <td><a href="#--api-enable-cors-flag-on-dockerd"><code class="language-plaintext highlighter-rouge">--api-enable-cors</code> flag on <code class="language-plaintext highlighter-rouge">dockerd</code></a></td> <td>v1.6</td> <td>v17.09</td> </tr> <tr> <td>Removed</td> <td><a href="#--run-flag-on-docker-commit"><code class="language-plaintext highlighter-rouge">--run</code> flag on <code class="language-plaintext highlighter-rouge">docker commit</code></a></td> <td>v0.10</td> <td>v1.13</td> </tr> <tr> <td>Removed</td> <td><a href="#three-arguments-form-in-docker-import">Three arguments form in <code class="language-plaintext highlighter-rouge">docker import</code></a></td> <td>v0.6.7</td> <td>v1.12</td> </tr> </tbody> </table> <h3 id="support-for-encrypted-tls-private-keys">Support for encrypted TLS private keys</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>Use of encrypted TLS private keys has been deprecated, and will be removed in a future release. Golang has deprecated support for legacy PEM encryption (as specified in <a href="https://datatracker.ietf.org/doc/html/rfc1423">RFC 1423</a>), as it is insecure by design (see <a href="https://go-review.googlesource.com/c/go/+/264159">https://go-review.googlesource.com/c/go/+/264159</a>).</p> <h3 id="kubernetes-stack-and-context-support">Kubernetes stack and context support</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>Following the deprecation of <a href="https://github.com/docker/compose-on-kubernetes">Compose on Kubernetes</a>, support for Kubernetes in the <code class="language-plaintext highlighter-rouge">stack</code> and <code class="language-plaintext highlighter-rouge">context</code> commands in the docker CLI is now marked as deprecated as well.</p> <h3 id="pulling-images-from-non-compliant-image-registries">Pulling images from non-compliant image registries</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>Docker Engine v20.10 and up includes optimizations to verify if images in the local image cache need updating before pulling, preventing the Docker Engine from making unnecessary API requests. These optimizations require the container image registry to conform to the <a href="https://github.com/opencontainers/distribution-spec">Open Container Initiative Distribution Specification</a>.</p> <p>While most registries conform to the specification, we encountered some registries to be non-compliant, resulting in <code class="language-plaintext highlighter-rouge">docker pull</code> to fail.</p> <p>As a temporary solution, Docker Engine v20.10 includes a fallback mechanism to allow <code class="language-plaintext highlighter-rouge">docker pull</code> to be functional when using a non-compliant registry. A warning message is printed in this situation:</p> <div class="highlight"><pre class="highlight" data-language="">WARNING Failed to pull manifest by the resolved digest. This registry does not
+        appear to conform to the distribution registry specification; falling back to
+        pull by tag. This fallback is DEPRECATED, and will be removed in a future
+        release.
+</pre></div> <p>The fallback is added to allow users to either migrate their images to a compliant registry, or for these registries to become compliant.</p> <p>Note that this fallback only addresses failures on <code class="language-plaintext highlighter-rouge">docker pull</code>. Other commands, such as <code class="language-plaintext highlighter-rouge">docker stack deploy</code>, or pulling images with <code class="language-plaintext highlighter-rouge">containerd</code> will continue to fail.</p> <p>Given that other functionality is still broken with these registries, we consider this fallback a <em>temporary</em> solution, and will remove the fallback in an upcoming major release.</p> <h3 id="linux-containers-on-windows-lcow-experimental">Linux containers on Windows (LCOW) (experimental)</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>The experimental feature to run Linux containers on Windows (LCOW) was introduced as a technical preview in Docker 17.09. While many enhancements were made after its introduction, the feature never reached completeness, and development has now stopped in favor of running docker natively on Linux in WSL2.</p> <p>Developers who want to run Linux workloads on a Windows host are encouraged to use <a href="https://docs.docker.com/docker-for-windows/wsl/">Docker Desktop with WSL2</a> instead.</p> <h3 id="blkio-weight-options-with-cgroups-v1">BLKIO weight options with cgroups v1</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>Specifying blkio weight (<code class="language-plaintext highlighter-rouge">docker run --blkio-weight</code> and <code class="language-plaintext highlighter-rouge">docker run --blkio-weight-device</code>) is now marked as deprecated when using cgroups v1 because the corresponding features were <a href="https://github.com/torvalds/linux/commit/f382fb0bcef4c37dc049e9f6963e3baf204d815c">removed in Linux kernel v5.0 and up</a>. When using cgroups v2, the <code class="language-plaintext highlighter-rouge">--blkio-weight</code> options are implemented using <a href="https://github.com/torvalds/linux/blob/v5.0/Documentation/admin-guide/cgroup-v2.rst#io">`io.weight</a>.</p> <h3 id="kernel-memory-limit">Kernel memory limit</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>Specifying kernel memory limit (<code class="language-plaintext highlighter-rouge">docker run --kernel-memory</code>) is now marked as deprecated, as <a href="https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0b5adf44cae99b3ebcc7">Linux kernel deprecated <code class="language-plaintext highlighter-rouge">kmem.limit_in_bytes</code> in v5.4</a>.</p> <h3 id="classic-swarm-and-overlay-networks-using-cluster-store">Classic Swarm and overlay networks using cluster store</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>Standalone (“classic”) Swarm has been deprecated, and with that the use of overlay networks using an external key/value store. The corresponding<code class="language-plaintext highlighter-rouge">--cluster-advertise</code>, <code class="language-plaintext highlighter-rouge">--cluster-store</code>, and <code class="language-plaintext highlighter-rouge">--cluster-store-opt</code> daemon options have been marked deprecated, and will be disabled or removed in a future release.</p> <h3 id="support-for-legacy-dockercfg-configuration-files">Support for legacy <code class="language-plaintext highlighter-rouge">~/.dockercfg</code> configuration files</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>The docker CLI up until v1.7.0 used the <code class="language-plaintext highlighter-rouge">~/.dockercfg</code> file to store credentials after authenticating to a registry (<code class="language-plaintext highlighter-rouge">docker login</code>). Docker v1.7.0 replaced this file with a new CLI configuration file, located in <code class="language-plaintext highlighter-rouge">~/.docker/config.json</code>. When implementing the new configuration file, the old file (and file-format) was kept as a fall-back, to assist existing users with migrating to the new file.</p> <p>Given that the old file format encourages insecure storage of credentials (credentials are stored unencrypted), and that no version of the CLI since Docker v1.7.0 has created this file, the file is marked deprecated, and support for this file will be removed in a future release.</p> <h3 id="configuration-options-for-experimental-cli-features">Configuration options for experimental CLI features</h3> <p>The <code class="language-plaintext highlighter-rouge">DOCKER_CLI_EXPERIMENTAL</code> environment variable and the corresponding <code class="language-plaintext highlighter-rouge">experimental</code> field in the CLI configuration file are deprecated. Experimental features will be enabled by default, and these configuration options will no longer be functional.</p> <h3 id="cli-plugins-support">CLI plugins support</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>CLI Plugin API is now marked as deprecated.</p> <h3 id="dockerfile-legacy-env-name-value-syntax">Dockerfile legacy <code class="language-plaintext highlighter-rouge">ENV name value</code> syntax</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>The Dockerfile <code class="language-plaintext highlighter-rouge">ENV</code> instruction allows values to be set using either <code class="language-plaintext highlighter-rouge">ENV name=value</code> or <code class="language-plaintext highlighter-rouge">ENV name value</code>. The latter (<code class="language-plaintext highlighter-rouge">ENV name value</code>) form can be ambiguous, for example, the following defines a single env-variable (<code class="language-plaintext highlighter-rouge">ONE</code>) with value <code class="language-plaintext highlighter-rouge">"TWO= THREE=world"</code>, but may have intended to be setting three env-vars:</p> <div class="highlight"><pre class="highlight" data-language="">ENV ONE TWO= THREE=world
+</pre></div> <p>This format also does not allow setting multiple environment-variables in a single <code class="language-plaintext highlighter-rouge">ENV</code> line in the Dockerfile.</p> <p>Use of the <code class="language-plaintext highlighter-rouge">ENV name value</code> syntax is discouraged, and may be removed in a future release. Users are encouraged to update their Dockerfiles to use the <code class="language-plaintext highlighter-rouge">ENV name=value</code> syntax, for example:</p> <div class="highlight"><pre class="highlight" data-language="">ENV ONE="" TWO="" THREE="world"
+</pre></div> <h3 id="docker-build---stream-flag-experimental">
+<code class="language-plaintext highlighter-rouge">docker build --stream</code> flag (experimental)</h3> <p><strong>Deprecated in Release: v20.10</strong> <strong>Removed in Release: v20.10</strong></p> <p>Docker v17.07 introduced an experimental <code class="language-plaintext highlighter-rouge">--stream</code> flag on <code class="language-plaintext highlighter-rouge">docker build</code> which allowed the build-context to be incrementally sent to the daemon, instead of unconditionally sending the whole build-context.</p> <p>This functionality has been reimplemented as part of BuildKit, which uses streaming by default and the <code class="language-plaintext highlighter-rouge">--stream</code> option will be ignored when using the classic builder, printing a deprecation warning instead.</p> <p>Users that want to use this feature are encouraged to enable BuildKit by setting the <code class="language-plaintext highlighter-rouge">DOCKER_BUILDKIT=1</code> environment variable or through the daemon or CLI configuration files.</p> <h3 id="fluentd-async-connect-log-opt">
+<code class="language-plaintext highlighter-rouge">fluentd-async-connect</code> log opt</h3> <p><strong>Deprecated in Release: v20.10</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--log-opt fluentd-async-connect</code> option for the fluentd logging driver is <a href="https://github.com/moby/moby/pull/39086">deprecated in favor of <code class="language-plaintext highlighter-rouge">--log-opt fluentd-async</code></a>. A deprecation message is logged in the daemon logs if the old option is used:</p> <div class="highlight"><pre class="highlight" data-language="">fluent#New: AsyncConnect is now deprecated, please use Async instead
+</pre></div> <p>Users are encouraged to use the <code class="language-plaintext highlighter-rouge">fluentd-async</code> option going forward, as support for the old option will be removed in a future release.</p> <h3 id="pushing-and-pulling-with-image-manifest-v2-schema-1">Pushing and pulling with image manifest v2 schema 1</h3> <p><strong>Deprecated in Release: v19.03</strong></p> <p><strong>Target For Removal In Release: v20.10</strong></p> <p>The image manifest <a href="https://github.com/docker/distribution/blob/fda42e5ef908bdba722d435ff1f330d40dfcd56c/docs/spec/manifest-v2-1/">v2 schema 1</a> format is deprecated in favor of the <a href="https://github.com/docker/distribution/blob/fda42e5ef908bdba722d435ff1f330d40dfcd56c/docs/spec/manifest-v2-2/">v2 schema 2</a> format.</p> <p>If the registry you are using still supports v2 schema 1, urge their administrators to move to v2 schema 2.</p> <h3 id="docker-engine-subcommands">
+<code class="language-plaintext highlighter-rouge">docker engine</code> subcommands</h3> <p><strong>Deprecated in Release: v19.03</strong></p> <p><strong>Removed in Release: v20.10</strong></p> <p>The <code class="language-plaintext highlighter-rouge">docker engine activate</code>, <code class="language-plaintext highlighter-rouge">docker engine check</code>, and <code class="language-plaintext highlighter-rouge">docker engine update</code> provided an alternative installation method to upgrade Docker Community engines to Docker Enterprise, using an image-based distribution of the Docker Engine.</p> <p>This feature was only available on Linux, and only when executed on a local node. Given the limitations of this feature, and the feature not getting widely adopted, the <code class="language-plaintext highlighter-rouge">docker engine</code> subcommands will be removed, in favor of installation through standard package managers.</p> <h3 id="top-level-docker-deploy-subcommand-experimental">Top-level <code class="language-plaintext highlighter-rouge">docker deploy</code> subcommand (experimental)</h3> <p><strong>Deprecated in Release: v19.03</strong></p> <p><strong>Removed in Release: v20.10</strong></p> <p>The top-level <code class="language-plaintext highlighter-rouge">docker deploy</code> command (using the “Docker Application Bundle” (.dab) file format was introduced as an experimental feature in Docker 1.13 / 17.03, but superseded by support for Docker Compose files using the <code class="language-plaintext highlighter-rouge">docker stack deploy</code> subcommand.</p> <h3 id="docker-stack-deploy-using-dab-files-experimental">
+<code class="language-plaintext highlighter-rouge">docker stack deploy</code> using “dab” files (experimental)</h3> <p><strong>Deprecated in Release: v19.03</strong></p> <p><strong>Removed in Release: v20.10</strong></p> <p>With no development being done on this feature, and no active use of the file format, support for the DAB file format and the top-level docker deploy command (hidden by default in 19.03), will be removed, in favour of <code class="language-plaintext highlighter-rouge">docker stack deploy</code> using compose files.</p> <h3 id="aufs-storage-driver">AuFS storage driver</h3> <p><strong>Deprecated in Release: v19.03</strong></p> <p>The <code class="language-plaintext highlighter-rouge">aufs</code> storage driver is deprecated in favor of <code class="language-plaintext highlighter-rouge">overlay2</code>, and will be removed in a future release. Users of the <code class="language-plaintext highlighter-rouge">aufs</code> storage driver are recommended to migrate to a different storage driver, such as <code class="language-plaintext highlighter-rouge">overlay2</code>, which is now the default storage driver.</p> <p>The <code class="language-plaintext highlighter-rouge">aufs</code> storage driver facilitates running Docker on distros that have no support for OverlayFS, such as Ubuntu 14.04 LTS, which originally shipped with a 3.14 kernel.</p> <p>Now that Ubuntu 14.04 is no longer a supported distro for Docker, and <code class="language-plaintext highlighter-rouge">overlay2</code> is available to all supported distros (as they are either on kernel 4.x, or have support for multiple lowerdirs backported), there is no reason to continue maintenance of the <code class="language-plaintext highlighter-rouge">aufs</code> storage driver.</p> <h3 id="legacy-overlay-storage-driver">Legacy “overlay” storage driver</h3> <p><strong>Deprecated in Release: v18.09</strong></p> <p>The <code class="language-plaintext highlighter-rouge">overlay</code> storage driver is deprecated in favor of the <code class="language-plaintext highlighter-rouge">overlay2</code> storage driver, which has all the benefits of <code class="language-plaintext highlighter-rouge">overlay</code>, without its limitations (excessive inode consumption). The legacy <code class="language-plaintext highlighter-rouge">overlay</code> storage driver will be removed in a future release. Users of the <code class="language-plaintext highlighter-rouge">overlay</code> storage driver should migrate to the <code class="language-plaintext highlighter-rouge">overlay2</code> storage driver.</p> <p>The legacy <code class="language-plaintext highlighter-rouge">overlay</code> storage driver allowed using overlayFS-backed filesystems on pre 4.x kernels. Now that all supported distributions are able to run <code class="language-plaintext highlighter-rouge">overlay2</code> (as they are either on kernel 4.x, or have support for multiple lowerdirs backported), there is no reason to keep maintaining the <code class="language-plaintext highlighter-rouge">overlay</code> storage driver.</p> <h3 id="device-mapper-storage-driver">Device mapper storage driver</h3> <p><strong>Deprecated in Release: v18.09</strong></p> <p>The <code class="language-plaintext highlighter-rouge">devicemapper</code> storage driver is deprecated in favor of <code class="language-plaintext highlighter-rouge">overlay2</code>, and will be removed in a future release. Users of the <code class="language-plaintext highlighter-rouge">devicemapper</code> storage driver are recommended to migrate to a different storage driver, such as <code class="language-plaintext highlighter-rouge">overlay2</code>, which is now the default storage driver.</p> <p>The <code class="language-plaintext highlighter-rouge">devicemapper</code> storage driver facilitates running Docker on older (3.x) kernels that have no support for other storage drivers (such as overlay2, or AUFS).</p> <p>Now that support for <code class="language-plaintext highlighter-rouge">overlay2</code> is added to all supported distros (as they are either on kernel 4.x, or have support for multiple lowerdirs backported), there is no reason to continue maintenance of the <code class="language-plaintext highlighter-rouge">devicemapper</code> storage driver.</p> <h3 id="use-of-reserved-namespaces-in-engine-labels">Use of reserved namespaces in engine labels</h3> <p><strong>Deprecated in Release: v18.06</strong></p> <p><strong>Removed In Release: v20.10</strong></p> <p>The namespaces <code class="language-plaintext highlighter-rouge">com.docker.*</code>, <code class="language-plaintext highlighter-rouge">io.docker.*</code>, and <code class="language-plaintext highlighter-rouge">org.dockerproject.*</code> in engine labels were always documented to be reserved, but there was never any enforcement.</p> <p>Usage of these namespaces will now cause a warning in the engine logs to discourage their use, and will error instead in v20.10 and above.</p> <h3 id="--disable-legacy-registry-override-daemon-option">
+<code class="language-plaintext highlighter-rouge">--disable-legacy-registry</code> override daemon option</h3> <p><strong>Disabled In Release: v17.12</strong></p> <p><strong>Removed In Release: v19.03</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--disable-legacy-registry</code> flag was disabled in Docker 17.12 and will print an error when used. For this error to be printed, the flag itself is still present, but hidden. The flag has been removed in Docker 19.03.</p> <h3 id="interacting-with-v1-registries">Interacting with V1 registries</h3> <p><strong>Disabled By Default In Release: v17.06</strong></p> <p><strong>Removed In Release: v17.12</strong></p> <p>Version 1.8.3 added a flag (<code class="language-plaintext highlighter-rouge">--disable-legacy-registry=false</code>) which prevents the docker daemon from <code class="language-plaintext highlighter-rouge">pull</code>, <code class="language-plaintext highlighter-rouge">push</code>, and <code class="language-plaintext highlighter-rouge">login</code> operations against v1 registries. Though enabled by default, this signals the intent to deprecate the v1 protocol.</p> <p>Support for the v1 protocol to the public registry was removed in 1.13. Any mirror configurations using v1 should be updated to use a <a href="https://docs.docker.com/registry/recipes/mirror/">v2 registry mirror</a>.</p> <p>Starting with Docker 17.12, support for V1 registries has been removed, and the <code class="language-plaintext highlighter-rouge">--disable-legacy-registry</code> flag can no longer be used, and <code class="language-plaintext highlighter-rouge">dockerd</code> will fail to start when set.</p> <h3 id="asynchronous-service-create-and-service-update-as-default">Asynchronous <code class="language-plaintext highlighter-rouge">service create</code> and <code class="language-plaintext highlighter-rouge">service update</code> as default</h3> <p><strong>Deprecated In Release: v17.05</strong></p> <p><strong>Disabled by default in release: <a href="https://github.com/docker/docker-ce/releases/tag/v17.10.0-ce">v17.10</a></strong></p> <p>Docker 17.05 added an optional <code class="language-plaintext highlighter-rouge">--detach=false</code> option to make the <code class="language-plaintext highlighter-rouge">docker service create</code> and <code class="language-plaintext highlighter-rouge">docker service update</code> work synchronously. This option will be enabled by default in Docker 17.10, at which point the <code class="language-plaintext highlighter-rouge">--detach</code> flag can be used to use the previous (asynchronous) behavior.</p> <p>The default for this option will also be changed accordingly for <code class="language-plaintext highlighter-rouge">docker service rollback</code> and <code class="language-plaintext highlighter-rouge">docker service scale</code> in Docker 17.10.</p> <h3 id="-g-and---graph-flags-on-dockerd">
+<code class="language-plaintext highlighter-rouge">-g</code> and <code class="language-plaintext highlighter-rouge">--graph</code> flags on <code class="language-plaintext highlighter-rouge">dockerd</code>
+</h3> <p><strong>Deprecated In Release: v17.05</strong></p> <p>The <code class="language-plaintext highlighter-rouge">-g</code> or <code class="language-plaintext highlighter-rouge">--graph</code> flag for the <code class="language-plaintext highlighter-rouge">dockerd</code> or <code class="language-plaintext highlighter-rouge">docker daemon</code> command was used to indicate the directory in which to store persistent data and resource configuration and has been replaced with the more descriptive <code class="language-plaintext highlighter-rouge">--data-root</code> flag.</p> <p>These flags were added before Docker 1.0, so will not be <em>removed</em>, only <em>hidden</em>, to discourage their use.</p> <h3 id="top-level-network-properties-in-networksettings">Top-level network properties in NetworkSettings</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.13.0">v1.13.0</a></strong></p> <p><strong>Target For Removal In Release: v17.12</strong></p> <p>When inspecting a container, <code class="language-plaintext highlighter-rouge">NetworkSettings</code> contains top-level information about the default (“bridge”) network;</p> <p><code class="language-plaintext highlighter-rouge">EndpointID</code>, <code class="language-plaintext highlighter-rouge">Gateway</code>, <code class="language-plaintext highlighter-rouge">GlobalIPv6Address</code>, <code class="language-plaintext highlighter-rouge">GlobalIPv6PrefixLen</code>, <code class="language-plaintext highlighter-rouge">IPAddress</code>, <code class="language-plaintext highlighter-rouge">IPPrefixLen</code>, <code class="language-plaintext highlighter-rouge">IPv6Gateway</code>, and <code class="language-plaintext highlighter-rouge">MacAddress</code>.</p> <p>These properties are deprecated in favor of per-network properties in <code class="language-plaintext highlighter-rouge">NetworkSettings.Networks</code>. These properties were already “deprecated” in docker 1.9, but kept around for backward compatibility.</p> <p>Refer to <a href="https://github.com/docker/docker/pull/17538">#17538</a> for further information.</p> <h3 id="filter-param-for-imagesjson-endpoint">
+<code class="language-plaintext highlighter-rouge">filter</code> param for <code class="language-plaintext highlighter-rouge">/images/json</code> endpoint</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.13.0">v1.13.0</a></strong></p> <p><strong>Removed In Release: v20.10</strong></p> <p>The <code class="language-plaintext highlighter-rouge">filter</code> param to filter the list of image by reference (name or name:tag) is now implemented as a regular filter, named <code class="language-plaintext highlighter-rouge">reference</code>.</p> <h3 id="repositoryshortid-image-references">
+<code class="language-plaintext highlighter-rouge">repository:shortid</code> image references</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.13.0">v1.13.0</a></strong></p> <p><strong>Removed In Release: v17.12</strong></p> <p>The <code class="language-plaintext highlighter-rouge">repository:shortid</code> syntax for referencing images is very little used, collides with tag references, and can be confused with digest references.</p> <p>Support for the <code class="language-plaintext highlighter-rouge">repository:shortid</code> notation to reference images was removed in Docker 17.12.</p> <h3 id="docker-daemon-subcommand">
+<code class="language-plaintext highlighter-rouge">docker daemon</code> subcommand</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.13.0">v1.13.0</a></strong></p> <p><strong>Removed In Release: v17.12</strong></p> <p>The daemon is moved to a separate binary (<code class="language-plaintext highlighter-rouge">dockerd</code>), and should be used instead.</p> <h3 id="duplicate-keys-with-conflicting-values-in-engine-labels">Duplicate keys with conflicting values in engine labels</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.13.0">v1.13.0</a></strong></p> <p><strong>Removed In Release: v17.12</strong></p> <p>When setting duplicate keys with conflicting values, an error will be produced, and the daemon will fail to start.</p> <h3 id="maintainer-in-dockerfile">
+<code class="language-plaintext highlighter-rouge">MAINTAINER</code> in Dockerfile</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.13.0">v1.13.0</a></strong></p> <p><code class="language-plaintext highlighter-rouge">MAINTAINER</code> was an early very limited form of <code class="language-plaintext highlighter-rouge">LABEL</code> which should be used instead.</p> <h3 id="api-calls-without-a-version">API calls without a version</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.13.0">v1.13.0</a></strong></p> <p><strong>Target For Removal In Release: v17.12</strong></p> <p>API versions should be supplied to all API calls to ensure compatibility with future Engine versions. Instead of just requesting, for example, the URL <code class="language-plaintext highlighter-rouge">/containers/json</code>, you must now request <code class="language-plaintext highlighter-rouge">/v1.25/containers/json</code>.</p> <h3 id="backing-filesystem-without-d_type-support-for-overlayoverlay2">Backing filesystem without <code class="language-plaintext highlighter-rouge">d_type</code> support for overlay/overlay2</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.13.0">v1.13.0</a></strong></p> <p><strong>Removed In Release: v17.12</strong></p> <p>The overlay and overlay2 storage driver does not work as expected if the backing filesystem does not support <code class="language-plaintext highlighter-rouge">d_type</code>. For example, XFS does not support <code class="language-plaintext highlighter-rouge">d_type</code> if it is formatted with the <code class="language-plaintext highlighter-rouge">ftype=0</code> option.</p> <p>Starting with Docker 17.12, new installations will not support running overlay2 on a backing filesystem without <code class="language-plaintext highlighter-rouge">d_type</code> support. For existing installations that upgrade to 17.12, a warning will be printed.</p> <p>Please also refer to <a href="https://github.com/docker/docker/issues/27358">#27358</a> for further information.</p> <h3 id="--automated-and---stars-flags-on-docker-search">
+<code class="language-plaintext highlighter-rouge">--automated</code> and <code class="language-plaintext highlighter-rouge">--stars</code> flags on <code class="language-plaintext highlighter-rouge">docker search</code>
+</h3> <p><strong>Deprecated in Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p><strong>Removed In Release: v20.10</strong></p> <p>The <code class="language-plaintext highlighter-rouge">docker search --automated</code> and <code class="language-plaintext highlighter-rouge">docker search --stars</code> options are deprecated. Use <code class="language-plaintext highlighter-rouge">docker search --filter=is-automated=&lt;true|false&gt;</code> and <code class="language-plaintext highlighter-rouge">docker search --filter=stars=...</code> instead.</p> <h3 id="-h-shorthand-for---help">
+<code class="language-plaintext highlighter-rouge">-h</code> shorthand for <code class="language-plaintext highlighter-rouge">--help</code>
+</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p><strong>Target For Removal In Release: v17.09</strong></p> <p>The shorthand (<code class="language-plaintext highlighter-rouge">-h</code>) is less common than <code class="language-plaintext highlighter-rouge">--help</code> on Linux and cannot be used on all subcommands (due to it conflicting with, e.g. <code class="language-plaintext highlighter-rouge">-h</code> / <code class="language-plaintext highlighter-rouge">--hostname</code> on <code class="language-plaintext highlighter-rouge">docker create</code>). For this reason, the <code class="language-plaintext highlighter-rouge">-h</code> shorthand was not printed in the “usage” output of subcommands, nor documented, and is now marked “deprecated”.</p> <h3 id="-e-and---email-flags-on-docker-login">
+<code class="language-plaintext highlighter-rouge">-e</code> and <code class="language-plaintext highlighter-rouge">--email</code> flags on <code class="language-plaintext highlighter-rouge">docker login</code>
+</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.11.0">v1.11.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce">v17.06</a></strong></p> <p>The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn’t exist. Due to this change, the email flag is no longer required, and will be deprecated.</p> <h3 id="separator--of---security-opt-flag-on-docker-run">Separator (<code class="language-plaintext highlighter-rouge">:</code>) of <code class="language-plaintext highlighter-rouge">--security-opt</code> flag on <code class="language-plaintext highlighter-rouge">docker run</code>
+</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.11.0">v1.11.0</a></strong></p> <p><strong>Target For Removal In Release: v17.06</strong></p> <p>The flag <code class="language-plaintext highlighter-rouge">--security-opt</code> doesn’t use the colon separator (<code class="language-plaintext highlighter-rouge">:</code>) anymore to divide keys and values, it uses the equal symbol (<code class="language-plaintext highlighter-rouge">=</code>) for consistency with other similar flags, like <code class="language-plaintext highlighter-rouge">--storage-opt</code>.</p> <h3 id="ambiguous-event-fields-in-api">Ambiguous event fields in API</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.10.0">v1.10.0</a></strong></p> <p>The fields <code class="language-plaintext highlighter-rouge">ID</code>, <code class="language-plaintext highlighter-rouge">Status</code> and <code class="language-plaintext highlighter-rouge">From</code> in the events API have been deprecated in favor of a more rich structure. See the events API documentation for the new format.</p> <h3 id="-f-flag-on-docker-tag">
+<code class="language-plaintext highlighter-rouge">-f</code> flag on <code class="language-plaintext highlighter-rouge">docker tag</code>
+</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.10.0">v1.10.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p>To make tagging consistent across the various <code class="language-plaintext highlighter-rouge">docker</code> commands, the <code class="language-plaintext highlighter-rouge">-f</code> flag on the <code class="language-plaintext highlighter-rouge">docker tag</code> command is deprecated. It is not longer necessary to specify <code class="language-plaintext highlighter-rouge">-f</code> to move a tag from one image to another. Nor will <code class="language-plaintext highlighter-rouge">docker</code> generate an error if the <code class="language-plaintext highlighter-rouge">-f</code> flag is missing and the specified tag is already in use.</p> <h3 id="hostconfig-at-api-container-start">HostConfig at API container start</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.10.0">v1.10.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p>Passing an <code class="language-plaintext highlighter-rouge">HostConfig</code> to <code class="language-plaintext highlighter-rouge">POST /containers/{name}/start</code> is deprecated in favor of defining it at container creation (<code class="language-plaintext highlighter-rouge">POST /containers/create</code>).</p> <h3 id="--before-and---since-flags-on-docker-ps">
+<code class="language-plaintext highlighter-rouge">--before</code> and <code class="language-plaintext highlighter-rouge">--since</code> flags on <code class="language-plaintext highlighter-rouge">docker ps</code>
+</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.10.0">v1.10.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p>The <code class="language-plaintext highlighter-rouge">docker ps --before</code> and <code class="language-plaintext highlighter-rouge">docker ps --since</code> options are deprecated. Use <code class="language-plaintext highlighter-rouge">docker ps --filter=before=...</code> and <code class="language-plaintext highlighter-rouge">docker ps --filter=since=...</code> instead.</p> <h3 id="driver-specific-log-tags">Driver-specific log tags</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.9.0">v1.9.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p>Log tags are now generated in a standard way across different logging drivers. Because of which, the driver specific log tag options <code class="language-plaintext highlighter-rouge">syslog-tag</code>, <code class="language-plaintext highlighter-rouge">gelf-tag</code> and <code class="language-plaintext highlighter-rouge">fluentd-tag</code> have been deprecated in favor of the generic <code class="language-plaintext highlighter-rouge">tag</code> option.</p> <div class="highlight"><pre class="highlight" data-language="">
+$ docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}"
+
+</pre></div> <h3 id="docker-content-trust-env-passphrase-variables-name-change">Docker Content Trust ENV passphrase variables name change</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.9.0">v1.9.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p>Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the Tagging key has been renamed to Repository key. Due to this renaming, we’re also changing the corresponding environment variables</p> <ul> <li>DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE</li> <li>DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE</li> </ul> <h3 id="containersid-or-namecopy-endpoint">
+<code class="language-plaintext highlighter-rouge">/containers/(id or name)/copy</code> endpoint</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.8.0">v1.8.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p>The endpoint <code class="language-plaintext highlighter-rouge">/containers/(id or name)/copy</code> is deprecated in favor of <code class="language-plaintext highlighter-rouge">/containers/(id or name)/archive</code>.</p> <h3 id="lxc-built-in-exec-driver">LXC built-in exec driver</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.8.0">v1.8.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.10.0">v1.10.0</a></strong></p> <p>The built-in LXC execution driver, the lxc-conf flag, and API fields have been removed.</p> <h3 id="old-command-line-options">Old Command Line Options</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.8.0">v1.8.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.10.0">v1.10.0</a></strong></p> <p>The flags <code class="language-plaintext highlighter-rouge">-d</code> and <code class="language-plaintext highlighter-rouge">--daemon</code> are deprecated in favor of the <code class="language-plaintext highlighter-rouge">daemon</code> subcommand:</p> <div class="highlight"><pre class="highlight" data-language="">docker daemon -H ...
+</pre></div> <p>The following single-dash (<code class="language-plaintext highlighter-rouge">-opt</code>) variant of certain command line options are deprecated and replaced with double-dash options (<code class="language-plaintext highlighter-rouge">--opt</code>):</p> <div class="highlight"><pre class="highlight" data-language="">docker attach -nostdin
+docker attach -sig-proxy
+docker build -no-cache
+docker build -rm
+docker commit -author
+docker commit -run
+docker events -since
+docker history -notrunc
+docker images -notrunc
+docker inspect -format
+docker ps -beforeId
+docker ps -notrunc
+docker ps -sinceId
+docker rm -link
+docker run -cidfile
+docker run -dns
+docker run -entrypoint
+docker run -expose
+docker run -link
+docker run -lxc-conf
+docker run -n
+docker run -privileged
+docker run -volumes-from
+docker search -notrunc
+docker search -stars
+docker search -t
+docker search -trusted
+docker tag -force
+</pre></div> <p>The following double-dash options are deprecated and have no replacement:</p> <div class="highlight"><pre class="highlight" data-language="">docker run --cpuset
+docker run --networking
+docker ps --since-id
+docker ps --before-id
+docker search --trusted
+</pre></div> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.5.0">v1.5.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p>The single-dash (<code class="language-plaintext highlighter-rouge">-help</code>) was removed, in favor of the double-dash <code class="language-plaintext highlighter-rouge">--help</code></p> <div class="highlight"><pre class="highlight" data-language="">docker -help
+docker [COMMAND] -help
+</pre></div> <h3 id="--api-enable-cors-flag-on-dockerd">
+<code class="language-plaintext highlighter-rouge">--api-enable-cors</code> flag on dockerd</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v1.6.0">v1.6.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce">v17.09</a></strong></p> <p>The flag <code class="language-plaintext highlighter-rouge">--api-enable-cors</code> is deprecated since v1.6.0. Use the flag <code class="language-plaintext highlighter-rouge">--api-cors-header</code> instead.</p> <h3 id="--run-flag-on-docker-commit">
+<code class="language-plaintext highlighter-rouge">--run</code> flag on docker commit</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v0.10.0">v0.10.0</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.13.0">v1.13.0</a></strong></p> <p>The flag <code class="language-plaintext highlighter-rouge">--run</code> of the docker commit (and its short version <code class="language-plaintext highlighter-rouge">-run</code>) were deprecated in favor of the <code class="language-plaintext highlighter-rouge">--changes</code> flag that allows to pass <code class="language-plaintext highlighter-rouge">Dockerfile</code> commands.</p> <h3 id="three-arguments-form-in-docker-import">Three arguments form in <code class="language-plaintext highlighter-rouge">docker import</code>
+</h3> <p><strong>Deprecated In Release: <a href="https://github.com/docker/docker/releases/tag/v0.6.7">v0.6.7</a></strong></p> <p><strong>Removed In Release: <a href="https://github.com/docker/docker/releases/tag/v1.12.0">v1.12.0</a></strong></p> <p>The <code class="language-plaintext highlighter-rouge">docker import</code> command format <code class="language-plaintext highlighter-rouge">file|URL|- [REPOSITORY [TAG]]</code> is deprecated since November 2013. It’s no more supported.</p> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=about">about</a>, <a href="https://docs.docker.com/search/?q=technology">technology</a>, <a href="https://docs.docker.com/search/?q=deprecate">deprecate</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/deprecated/" class="_attribution-link">https://docs.docker.com/engine/deprecated/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fextend%2Fconfig%2Findex.html b/devdocs/docker/engine%2Fextend%2Fconfig%2Findex.html
new file mode 100644
index 00000000..a154b487
--- /dev/null
+++ b/devdocs/docker/engine%2Fextend%2Fconfig%2Findex.html
@@ -0,0 +1,55 @@
+ <h1 id="plugin-config-version-1-of-plugin-v2">Plugin Config Version 1 of Plugin V2</h1> <p>This document outlines the format of the V0 plugin configuration. The plugin config described herein was introduced in the Docker daemon in the <a href="https://github.com/docker/docker/commit/f37117045c5398fd3dca8016ea8ca0cb47e7312b">v1.12.0 release</a>.</p> <p>Plugin configs describe the various constituents of a docker plugin. Plugin configs can be serialized to JSON format with the following media types:</p> <table> <thead> <tr> <th>Config Type</th> <th>Media Type</th> </tr> </thead> <tbody> <tr> <td>config</td> <td>“application/vnd.docker.plugin.v1+json”</td> </tr> </tbody> </table> <h2 id="config-field-descriptions">
+<em>Config</em> Field Descriptions</h2> <p>Config provides the base accessible fields for working with V0 plugin format in the registry.</p> <ul> <li> <p><strong><code class="language-plaintext highlighter-rouge">description</code></strong> <em>string</em></p> <p>description of the plugin</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">documentation</code></strong> <em>string</em></p> <p>link to the documentation about the plugin</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">interface</code></strong> <em>PluginInterface</em></p> <p>interface implemented by the plugins, struct consisting of the following fields</p> <ul> <li> <p><strong><code class="language-plaintext highlighter-rouge">types</code></strong> <em>string array</em></p> <p>types indicate what interface(s) the plugin currently implements.</p> <p>currently supported:</p> <ul> <li> <p><strong>docker.volumedriver/1.0</strong></p> </li> <li> <p><strong>docker.networkdriver/1.0</strong></p> </li> <li> <p><strong>docker.ipamdriver/1.0</strong></p> </li> <li> <p><strong>docker.authz/1.0</strong></p> </li> <li> <p><strong>docker.logdriver/1.0</strong></p> </li> <li> <p><strong>docker.metricscollector/1.0</strong></p> </li> </ul> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">socket</code></strong> <em>string</em></p> <p>socket is the name of the socket the engine should use to communicate with the plugins. the socket will be created in <code class="language-plaintext highlighter-rouge">/run/docker/plugins</code>.</p> </li> </ul> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">entrypoint</code></strong> <em>string array</em></p> <p>entrypoint of the plugin, see <a href="../../reference/builder/index#entrypoint"><code class="language-plaintext highlighter-rouge">ENTRYPOINT</code></a></p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">workdir</code></strong> <em>string</em></p> <p>workdir of the plugin, see <a href="../../reference/builder/index#workdir"><code class="language-plaintext highlighter-rouge">WORKDIR</code></a></p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">network</code></strong> <em>PluginNetwork</em></p> <p>network of the plugin, struct consisting of the following fields</p> <ul> <li> <p><strong><code class="language-plaintext highlighter-rouge">type</code></strong> <em>string</em></p> <p>network type.</p> <p>currently supported:</p> <div class="highlight"><pre class="highlight" data-language="">- **bridge**
+- **host**
+- **none**
+</pre></div>  </li> </ul> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">mounts</code></strong> <em>PluginMount array</em></p> <p>mount of the plugin, struct consisting of the following fields, see <a href="https://github.com/opencontainers/runtime-spec/blob/master/config/#mounts"><code class="language-plaintext highlighter-rouge">MOUNTS</code></a></p> <ul> <li> <p><strong><code class="language-plaintext highlighter-rouge">name</code></strong> <em>string</em></p> <p>name of the mount.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">description</code></strong> <em>string</em></p> <p>description of the mount.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">source</code></strong> <em>string</em></p> <p>source of the mount.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">destination</code></strong> <em>string</em></p> <p>destination of the mount.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">type</code></strong> <em>string</em></p> <p>mount type.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">options</code></strong> <em>string array</em></p> <p>options of the mount.</p> </li> </ul> </li> <li>
+<strong><code class="language-plaintext highlighter-rouge">ipchost</code></strong> <em>boolean</em> Access to host ipc namespace.</li> <li> <p><strong><code class="language-plaintext highlighter-rouge">pidhost</code></strong> <em>boolean</em> Access to host pid namespace.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">propagatedMount</code></strong> <em>string</em></p> <p>path to be mounted as rshared, so that mounts under that path are visible to docker. This is useful for volume plugins. This path will be bind-mounted outside of the plugin rootfs so it’s contents are preserved on upgrade.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">env</code></strong> <em>PluginEnv array</em></p> <p>env of the plugin, struct consisting of the following fields</p> <ul> <li> <p><strong><code class="language-plaintext highlighter-rouge">name</code></strong> <em>string</em></p> <p>name of the env.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">description</code></strong> <em>string</em></p> <p>description of the env.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">value</code></strong> <em>string</em></p> <p>value of the env.</p> </li> </ul> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">args</code></strong> <em>PluginArgs</em></p> <p>args of the plugin, struct consisting of the following fields</p> <ul> <li> <p><strong><code class="language-plaintext highlighter-rouge">name</code></strong> <em>string</em></p> <p>name of the args.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">description</code></strong> <em>string</em></p> <p>description of the args.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">value</code></strong> <em>string array</em></p> <p>values of the args.</p> </li> </ul> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">linux</code></strong> <em>PluginLinux</em></p> <ul> <li> <p><strong><code class="language-plaintext highlighter-rouge">capabilities</code></strong> <em>string array</em></p> <p>capabilities of the plugin (<em>Linux only</em>), see list <a href="https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC/#security"><code class="language-plaintext highlighter-rouge">here</code></a></p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">allowAllDevices</code></strong> <em>boolean</em></p> <p>If <code class="language-plaintext highlighter-rouge">/dev</code> is bind mounted from the host, and allowAllDevices is set to true, the plugin will have <code class="language-plaintext highlighter-rouge">rwm</code> access to all devices on the host.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">devices</code></strong> <em>PluginDevice array</em></p> <p>device of the plugin, (<em>Linux only</em>), struct consisting of the following fields, see <a href="https://github.com/opencontainers/runtime-spec/blob/master/config-linux/#devices"><code class="language-plaintext highlighter-rouge">DEVICES</code></a></p> <ul> <li> <p><strong><code class="language-plaintext highlighter-rouge">name</code></strong> <em>string</em></p> <p>name of the device.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">description</code></strong> <em>string</em></p> <p>description of the device.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">path</code></strong> <em>string</em></p> <p>path of the device.</p> </li> </ul> </li> </ul> </li> </ul> <h2 id="example-config">Example Config</h2> <p><em>Example showing the ‘tiborvass/sample-volume-plugin’ plugin config.</em></p> <div class="highlight"><pre class="highlight" data-language="">{
+  "Args": {
+    "Description": "",
+    "Name": "",
+    "Settable": null,
+    "Value": null
+  },
+  "Description": "A sample volume plugin for Docker",
+  "Documentation": "https://docs.docker.com/engine/extend/plugins/",
+  "Entrypoint": [
+    "/usr/bin/sample-volume-plugin",
+    "/data"
+  ],
+  "Env": [
+    {
+      "Description": "",
+      "Name": "DEBUG",
+      "Settable": [
+        "value"
+      ],
+      "Value": "0"
+    }
+  ],
+  "Interface": {
+    "Socket": "plugin.sock",
+    "Types": [
+      "docker.volumedriver/1.0"
+    ]
+  },
+  "Linux": {
+    "Capabilities": null,
+    "AllowAllDevices": false,
+    "Devices": null
+  },
+  "Mounts": null,
+  "Network": {
+    "Type": ""
+  },
+  "PropagatedMount": "/data",
+  "User": {},
+  "Workdir": ""
+}
+</pre></div> 
+<p><a href="https://docs.docker.com/search/?q=API">API</a>, <a href="https://docs.docker.com/search/?q=Usage">Usage</a>, <a href="https://docs.docker.com/search/?q=plugins">plugins</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=developer">developer</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/extend/config/" class="_attribution-link">https://docs.docker.com/engine/extend/config/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fextend%2Findex.html b/devdocs/docker/engine%2Fextend%2Findex.html
new file mode 100644
index 00000000..52b27035
--- /dev/null
+++ b/devdocs/docker/engine%2Fextend%2Findex.html
@@ -0,0 +1,89 @@
+ <h1 id="docker-engine-managed-plugin-system">Docker Engine managed plugin system</h1> <ul> <li><a href="index#installing-and-using-a-plugin">Installing and using a plugin</a></li> <li><a href="index#developing-a-plugin">Developing a plugin</a></li> <li><a href="index#debugging-plugins">Debugging plugins</a></li> </ul> <p>Docker Engine’s plugin system allows you to install, start, stop, and remove plugins using Docker Engine.</p> <p>For information about legacy (non-managed) plugins, refer to <a href="legacy_plugins/index">Understand legacy Docker Engine plugins</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>Docker Engine managed plugins are currently not supported on Windows daemons.</p> </blockquote> <h2 id="installing-and-using-a-plugin">Installing and using a plugin</h2> <p>Plugins are distributed as Docker images and can be hosted on Docker Hub or on a private registry.</p> <p>To install a plugin, use the <code class="language-plaintext highlighter-rouge">docker plugin install</code> command, which pulls the plugin from Docker Hub or your private registry, prompts you to grant permissions or capabilities if necessary, and enables the plugin.</p> <p>To check the status of installed plugins, use the <code class="language-plaintext highlighter-rouge">docker plugin ls</code> command. Plugins that start successfully are listed as enabled in the output.</p> <p>After a plugin is installed, you can use it as an option for another Docker operation, such as creating a volume.</p> <p>In the following example, you install the <code class="language-plaintext highlighter-rouge">sshfs</code> plugin, verify that it is enabled, and use it to create a volume.</p> <blockquote> <p><strong>Note</strong></p> <p>This example is intended for instructional purposes only. Once the volume is created, your SSH password to the remote host will be exposed as plaintext when inspecting the volume. You should delete the volume as soon as you are done with the example.</p> </blockquote> <ol> <li> <p>Install the <code class="language-plaintext highlighter-rouge">sshfs</code> plugin.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin install vieux/sshfs
+
+Plugin "vieux/sshfs" is requesting the following privileges:
+- network: [host]
+- capabilities: [CAP_SYS_ADMIN]
+Do you grant the above permissions? [y/N] y
+
+vieux/sshfs
+</pre></div>  <p>The plugin requests 2 privileges:</p> <ul> <li>It needs access to the <code class="language-plaintext highlighter-rouge">host</code> network.</li> <li>It needs the <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code> capability, which allows the plugin to run the <code class="language-plaintext highlighter-rouge">mount</code> command.</li> </ul> </li> <li> <p>Check that the plugin is enabled in the output of <code class="language-plaintext highlighter-rouge">docker plugin ls</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin ls
+
+ID                    NAME                  TAG                 DESCRIPTION                   ENABLED
+69553ca1d789          vieux/sshfs           latest              the `sshfs` plugin            true
+</pre></div>  </li> <li> <p>Create a volume using the plugin. This example mounts the <code class="language-plaintext highlighter-rouge">/remote</code> directory on host <code class="language-plaintext highlighter-rouge">1.2.3.4</code> into a volume named <code class="language-plaintext highlighter-rouge">sshvolume</code>.</p> <p>This volume can now be mounted into containers.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create \
+  -d vieux/sshfs \
+  --name sshvolume \
+  -o sshcmd=user@1.2.3.4:/remote \
+  -o password=$(cat file_containing_password_for_remote_host)
+
+sshvolume
+</pre></div>  </li> <li> <p>Verify that the volume was created successfully.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume ls
+
+DRIVER              NAME
+vieux/sshfs         sshvolume
+</pre></div>  </li> <li> <p>Start a container that uses the volume <code class="language-plaintext highlighter-rouge">sshvolume</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --rm -v sshvolume:/data busybox ls /data
+
+&lt;content of /remote on machine 1.2.3.4&gt;
+</pre></div>  </li> <li> <p>Remove the volume <code class="language-plaintext highlighter-rouge">sshvolume</code></p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume rm sshvolume
+
+sshvolume
+</pre></div>  </li> </ol> <p>To disable a plugin, use the <code class="language-plaintext highlighter-rouge">docker plugin disable</code> command. To completely remove it, use the <code class="language-plaintext highlighter-rouge">docker plugin remove</code> command. For other available commands and options, see the <a href="../reference/commandline/cli/index">command line reference</a>.</p> <h2 id="developing-a-plugin">Developing a plugin</h2> <h4 id="the-rootfs-directory">The rootfs directory</h4> <p>The <code class="language-plaintext highlighter-rouge">rootfs</code> directory represents the root filesystem of the plugin. In this example, it was created from a Dockerfile:</p> <blockquote> <p><strong>Note:</strong> The <code class="language-plaintext highlighter-rouge">/run/docker/plugins</code> directory is mandatory inside of the plugin’s filesystem for docker to communicate with the plugin.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">$ git clone https://github.com/vieux/docker-volume-sshfs
+$ cd docker-volume-sshfs
+$ docker build -t rootfsimage .
+$ id=$(docker create rootfsimage true) # id was cd851ce43a403 when the image was created
+$ sudo mkdir -p myplugin/rootfs
+$ sudo docker export "$id" | sudo tar -x -C myplugin/rootfs
+$ docker rm -vf "$id"
+$ docker rmi rootfsimage
+</pre></div> <h4 id="the-configjson-file">The config.json file</h4> <p>The <code class="language-plaintext highlighter-rouge">config.json</code> file describes the plugin. See the <a href="config/index">plugins config reference</a>.</p> <p>Consider the following <code class="language-plaintext highlighter-rouge">config.json</code> file.</p> <div class="highlight"><pre class="highlight" data-language="">{
+	"description": "sshFS plugin for Docker",
+	"documentation": "https://docs.docker.com/engine/extend/plugins/",
+	"entrypoint": ["/docker-volume-sshfs"],
+	"network": {
+		   "type": "host"
+		   },
+	"interface" : {
+		   "types": ["docker.volumedriver/1.0"],
+		   "socket": "sshfs.sock"
+	},
+	"linux": {
+		"capabilities": ["CAP_SYS_ADMIN"]
+	}
+}
+</pre></div> <p>This plugin is a volume driver. It requires a <code class="language-plaintext highlighter-rouge">host</code> network and the <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code> capability. It depends upon the <code class="language-plaintext highlighter-rouge">/docker-volume-sshfs</code> entrypoint and uses the <code class="language-plaintext highlighter-rouge">/run/docker/plugins/sshfs.sock</code> socket to communicate with Docker Engine. This plugin has no runtime parameters.</p> <h4 id="creating-the-plugin">Creating the plugin</h4> <p>A new plugin can be created by running <code class="language-plaintext highlighter-rouge">docker plugin create &lt;plugin-name&gt; ./path/to/plugin/data</code> where the plugin data contains a plugin configuration file <code class="language-plaintext highlighter-rouge">config.json</code> and a root filesystem in subdirectory <code class="language-plaintext highlighter-rouge">rootfs</code>.</p> <p>After that the plugin <code class="language-plaintext highlighter-rouge">&lt;plugin-name&gt;</code> will show up in <code class="language-plaintext highlighter-rouge">docker plugin ls</code>. Plugins can be pushed to remote registries with <code class="language-plaintext highlighter-rouge">docker plugin push &lt;plugin-name&gt;</code>.</p> <h2 id="debugging-plugins">Debugging plugins</h2> <p>Stdout of a plugin is redirected to dockerd logs. Such entries have a <code class="language-plaintext highlighter-rouge">plugin=&lt;ID&gt;</code> suffix. Here are a few examples of commands for pluginID <code class="language-plaintext highlighter-rouge">f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62</code> and their corresponding log entries in the docker daemon logs.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin install tiborvass/sample-volume-plugin
+
+INFO[0036] Starting...       Found 0 volumes on startup  plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create -d tiborvass/sample-volume-plugin samplevol
+
+INFO[0193] Create Called...  Ensuring directory /data/samplevol exists on host...  plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
+INFO[0193] open /var/lib/docker/plugin-data/local-persist.json: no such file or directory  plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
+INFO[0193]                   Created volume samplevol with mountpoint /data/samplevol  plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
+INFO[0193] Path Called...    Returned path /data/samplevol  plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker run -v samplevol:/tmp busybox sh
+
+INFO[0421] Get Called...     Found samplevol                plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
+INFO[0421] Mount Called...   Mounted samplevol              plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
+INFO[0421] Path Called...    Returned path /data/samplevol  plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
+INFO[0421] Unmount Called... Unmounted samplevol            plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62
+</pre></div> <h4 id="using-docker-runc-to-obtain-logfiles-and-shell-into-the-plugin">Using docker-runc to obtain logfiles and shell into the plugin.</h4> <p><code class="language-plaintext highlighter-rouge">docker-runc</code>, the default docker container runtime can be used for debugging plugins. This is specifically useful to collect plugin logs if they are redirected to a file.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker-runc --root /var/run/docker/plugins/runtime-root/moby-plugins list
+
+ID                                                                 PID         STATUS      BUNDLE                                                                                                                                       CREATED                          OWNER
+93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25   15806       running     /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby-plugins/93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25   2018-02-08T21:40:08.621358213Z   root
+9b4606d84e06b56df84fadf054a21374b247941c94ce405b0a261499d689d9c9   14992       running     /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby-plugins/9b4606d84e06b56df84fadf054a21374b247941c94ce405b0a261499d689d9c9   2018-02-08T21:35:12.321325872Z   root
+c5bb4b90941efcaccca999439ed06d6a6affdde7081bb34dc84126b57b3e793d   14984       running     /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby-plugins/c5bb4b90941efcaccca999439ed06d6a6affdde7081bb34dc84126b57b3e793d   2018-02-08T21:35:12.321288966Z   root
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker-runc --root /var/run/docker/plugins/runtime-root/moby-plugins exec 93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25 cat /var/log/plugin.log
+</pre></div> <p>If the plugin has a built-in shell, then exec into the plugin can be done as follows:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker-runc --root /var/run/docker/plugins/runtime-root/moby-plugins exec -t 93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25 sh
+</pre></div> <h4 id="using-curl-to-debug-plugin-socket-issues">Using curl to debug plugin socket issues.</h4> <p>To verify if the plugin API socket that the docker daemon communicates with is responsive, use curl. In this example, we will make API calls from the docker host to volume and network plugins using curl 7.47.0 to ensure that the plugin is listening on the said socket. For a well functioning plugin, these basic requests should work. Note that plugin sockets are available on the host under <code class="language-plaintext highlighter-rouge">/var/run/docker/plugins/&lt;pluginID&gt;</code></p> <div class="highlight"><pre class="highlight" data-language="">$ curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/e8a37ba56fc879c991f7d7921901723c64df6b42b87e6a0b055771ecf8477a6d/plugin.sock http:/VolumeDriver.List
+
+{"Mountpoint":"","Err":"","Volumes":[{"Name":"myvol1","Mountpoint":"/data/myvol1"},{"Name":"myvol2","Mountpoint":"/data/myvol2"}],"Volume":null}
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/45e00a7ce6185d6e365904c8bcf62eb724b1fe307e0d4e7ecc9f6c1eb7bcdb70/plugin.sock http:/NetworkDriver.GetCapabilities
+
+{"Scope":"local"}
+</pre></div> <p>When using curl 7.5 and above, the URL should be of the form <code class="language-plaintext highlighter-rouge">http://hostname/APICall</code>, where <code class="language-plaintext highlighter-rouge">hostname</code> is the valid hostname where the plugin is installed and <code class="language-plaintext highlighter-rouge">APICall</code> is the call to the plugin API.</p> <p>For example, <code class="language-plaintext highlighter-rouge">http://localhost/VolumeDriver.List</code></p> 
+<p><a href="https://docs.docker.com/search/?q=API">API</a>, <a href="https://docs.docker.com/search/?q=Usage">Usage</a>, <a href="https://docs.docker.com/search/?q=plugins">plugins</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=developer">developer</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/extend/" class="_attribution-link">https://docs.docker.com/engine/extend/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fextend%2Flegacy_plugins%2Findex.html b/devdocs/docker/engine%2Fextend%2Flegacy_plugins%2Findex.html
new file mode 100644
index 00000000..830393d2
--- /dev/null
+++ b/devdocs/docker/engine%2Fextend%2Flegacy_plugins%2Findex.html
@@ -0,0 +1,9 @@
+ <h1 id="use-docker-engine-plugins">Use Docker Engine plugins</h1> <p>This document describes the Docker Engine plugins generally available in Docker Engine. To view information on plugins managed by Docker, refer to <a href="../index">Docker Engine plugin system</a>.</p> <p>You can extend the capabilities of the Docker Engine by loading third-party plugins. This page explains the types of plugins and provides links to several volume and network plugins for Docker.</p> <h2 id="types-of-plugins">Types of plugins</h2> <p>Plugins extend Docker’s functionality. They come in specific types. For example, a <a href="../plugins_volume/index">volume plugin</a> might enable Docker volumes to persist across multiple Docker hosts and a <a href="../plugins_network/index">network plugin</a> might provide network plumbing.</p> <p>Currently Docker supports authorization, volume and network driver plugins. In the future it will support additional plugin types.</p> <h2 id="installing-a-plugin">Installing a plugin</h2> <p>Follow the instructions in the plugin’s documentation.</p> <h2 id="finding-a-plugin">Finding a plugin</h2> <p>The sections below provide an inexhaustive overview of available plugins.</p>  <h3 id="network-plugins">Network plugins</h3> <table> <thead> <tr> <th style="text-align: left">Plugin</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="https://github.com/contiv/netplugin">Contiv Networking</a></td> <td style="text-align: left">An open source network plugin to provide infrastructure and security policies for a multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/openstack/kuryr">Kuryr Network Plugin</a></td> <td style="text-align: left">A network plugin is developed as part of the OpenStack Kuryr project and implements the Docker networking (libnetwork) remote driver API by utilizing Neutron, the OpenStack networking service. It includes an IPAM driver as well.</td> </tr> <tr> <td style="text-align: left"><a href="https://www.weave.works/docs/net/latest/introducing-weave/">Weave Network Plugin</a></td> <td style="text-align: left">A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity.</td> </tr> </tbody> </table> <h3 id="volume-plugins">Volume plugins</h3> <table> <thead> <tr> <th style="text-align: left">Plugin</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="https://github.com/Azure/azurefile-dockervolumedriver">Azure File Storage plugin</a></td> <td style="text-align: left">Lets you mount Microsoft <a href="https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/">Azure File Storage</a> shares to Docker containers as volumes using the SMB 3.0 protocol. <a href="https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/">Learn more</a>.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/RedCoolBeans/docker-volume-beegfs">BeeGFS Volume Plugin</a></td> <td style="text-align: left">An open source volume plugin to create persistent volumes in a BeeGFS parallel file system.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/blockbridge/blockbridge-docker-volume">Blockbridge plugin</a></td> <td style="text-align: left">A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/contiv/volplugin">Contiv Volume Plugin</a></td> <td style="text-align: left">An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption. It has support for Ceph and NFS.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/rancher/convoy">Convoy plugin</a></td> <td style="text-align: left">A volume plugin for a variety of storage back-ends including device mapper and NFS. It’s a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/omallo/docker-volume-plugin-dostorage">DigitalOcean Block Storage plugin</a></td> <td style="text-align: left">Integrates DigitalOcean’s <a href="https://www.digitalocean.com/products/storage/">block storage solution</a> into the Docker ecosystem by automatically attaching a given block storage volume to a DigitalOcean droplet and making the contents of the volume available to Docker containers running on that droplet.</td> </tr> <tr> <td style="text-align: left"><a href="https://www.drbd.org/en/supported-projects/docker">DRBD plugin</a></td> <td style="text-align: left">A volume plugin that provides highly available storage replicated by <a href="https://www.drbd.org">DRBD</a>. Data written to the docker volume is replicated in a cluster of DRBD nodes.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/ScatterHQ/flocker">Flocker plugin</a></td> <td style="text-align: left">A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/openstack/fuxi">Fuxi Volume Plugin</a></td> <td style="text-align: left">A volume plugin that is developed as part of the OpenStack Kuryr project and implements the Docker volume plugin API by utilizing Cinder, the OpenStack block storage service.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/mcuadros/gce-docker">gce-docker plugin</a></td> <td style="text-align: left">A volume plugin able to attach, format and mount Google Compute <a href="https://cloud.google.com/compute/docs/disks/persistent-disks">persistent-disks</a>.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/calavera/docker-volume-glusterfs">GlusterFS plugin</a></td> <td style="text-align: left">A volume plugin that provides multi-host volumes management for Docker using GlusterFS.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/muthu-r/horcrux">Horcrux Volume Plugin</a></td> <td style="text-align: left">A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, <a href="https://www.minio.io">Minio</a> and Amazon S3.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/hpe-storage/python-hpedockerplugin/">HPE 3Par Volume Plugin</a></td> <td style="text-align: left">A volume plugin that supports HPE 3Par and StoreVirtual iSCSI storage arrays.</td> </tr> <tr> <td style="text-align: left"><a href="https://infinit.sh/documentation/docker/volume-plugin">Infinit volume plugin</a></td> <td style="text-align: left">A volume plugin that makes it easy to mount and manage Infinit volumes using Docker.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/vdemeester/docker-volume-ipfs">IPFS Volume Plugin</a></td> <td style="text-align: left">An open source volume plugin that allows using an <a href="https://ipfs.io/">ipfs</a> filesystem as a volume.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/calavera/docker-volume-keywhiz">Keywhiz plugin</a></td> <td style="text-align: left">A plugin that provides credentials and secret management using Keywhiz as a central repository.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/CWSpear/local-persist">Local Persist Plugin</a></td> <td style="text-align: left">A volume plugin that extends the default <code class="language-plaintext highlighter-rouge">local</code> driver’s functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to <em>always persist</em>, even if the volume is removed via <code class="language-plaintext highlighter-rouge">docker volume rm</code>.</td> </tr> <tr> <td style="text-align: left">
+<a href="https://github.com/NetApp/netappdvp">NetApp Plugin</a> (nDVP)</td> <td style="text-align: left">A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/ContainX/docker-volume-netshare">Netshare plugin</a></td> <td style="text-align: left">A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems.</td> </tr> <tr> <td style="text-align: left"><a href="https://connect.nimblestorage.com/community/app-integration/docker">Nimble Storage Volume Plugin</a></td> <td style="text-align: left">A volume plug-in that integrates with Nimble Storage Unified Flash Fabric arrays. The plug-in abstracts array volume capabilities to the Docker administrator to allow self-provisioning of secure multi-tenant volumes and clones.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/libopenstorage/openstorage">OpenStorage Plugin</a></td> <td style="text-align: left">A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/portworx/px-dev">Portworx Volume Plugin</a></td> <td style="text-align: left">A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/quobyte/docker-volume">Quobyte Volume Plugin</a></td> <td style="text-align: left">A volume plugin that connects Docker to <a href="https://www.quobyte.com/containers">Quobyte</a>’s data center file system, a general-purpose scalable and fault-tolerant storage platform.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/emccode/rexray">REX-Ray plugin</a></td> <td style="text-align: left">A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/virtuozzo/docker-volume-ploop">Virtuozzo Storage and Ploop plugin</a></td> <td style="text-align: left">A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/vmware/docker-volume-vsphere">VMware vSphere Storage Plugin</a></td> <td style="text-align: left">Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments.</td> </tr> </tbody> </table> <h3 id="authorization-plugins">Authorization plugins</h3> <table> <thead> <tr> <th style="text-align: left">Plugin</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="https://github.com/casbin/casbin-authz-plugin">Casbin AuthZ Plugin</a></td> <td style="text-align: left">An authorization plugin based on <a href="https://github.com/casbin/casbin">Casbin</a>, which supports access control models like ACL, RBAC, ABAC. The access control model can be customized. The policy can be persisted into file or DB.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/kassisol/hbm">HBM plugin</a></td> <td style="text-align: left">An authorization plugin that prevents from executing commands with certains parameters.</td> </tr> <tr> <td style="text-align: left"><a href="https://github.com/twistlock/authz">Twistlock AuthZ Broker</a></td> <td style="text-align: left">A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name).</td> </tr> </tbody> </table> <h2 id="troubleshooting-a-plugin">Troubleshooting a plugin</h2> <p>If you are having problems with Docker after loading a plugin, ask the authors of the plugin for help. The Docker team may not be able to assist you.</p> <h2 id="writing-a-plugin">Writing a plugin</h2> <p>If you are interested in writing a plugin for Docker, or seeing how they work under the hood, see the <a href="../plugin_api/index">docker plugins reference</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=Examples">Examples</a>, <a href="https://docs.docker.com/search/?q=Usage">Usage</a>, <a href="https://docs.docker.com/search/?q=plugins">plugins</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=user%20guide">user guide</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/extend/legacy_plugins/" class="_attribution-link">https://docs.docker.com/engine/extend/legacy_plugins/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fextend%2Fplugin_api%2Findex.html b/devdocs/docker/engine%2Fextend%2Fplugin_api%2Findex.html
new file mode 100644
index 00000000..707ab33a
--- /dev/null
+++ b/devdocs/docker/engine%2Fextend%2Fplugin_api%2Findex.html
@@ -0,0 +1,43 @@
+ <h1 id="docker-plugin-api">Docker Plugin API</h1> <p>Docker plugins are out-of-process extensions which add capabilities to the Docker Engine.</p> <p>This document describes the Docker Engine plugin API. To view information on plugins managed by Docker Engine, refer to <a href="../index">Docker Engine plugin system</a>.</p> <p>This page is intended for people who want to develop their own Docker plugin. If you just want to learn about or use Docker plugins, look <a href="../legacy_plugins/index">here</a>.</p> <h2 id="what-plugins-are">What plugins are</h2> <p>A plugin is a process running on the same or a different host as the docker daemon, which registers itself by placing a file on the same docker host in one of the plugin directories described in <a href="#plugin-discovery">Plugin discovery</a>.</p> <p>Plugins have human-readable names, which are short, lowercase strings. For example, <code class="language-plaintext highlighter-rouge">flocker</code> or <code class="language-plaintext highlighter-rouge">weave</code>.</p> <p>Plugins can run inside or outside containers. Currently running them outside containers is recommended.</p> <h2 id="plugin-discovery">Plugin discovery</h2> <p>Docker discovers plugins by looking for them in the plugin directory whenever a user or container tries to use one by name.</p> <p>There are three types of files which can be put in the plugin directory.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">.sock</code> files are UNIX domain sockets.</li> <li>
+<code class="language-plaintext highlighter-rouge">.spec</code> files are text files containing a URL, such as <code class="language-plaintext highlighter-rouge">unix:///other.sock</code> or <code class="language-plaintext highlighter-rouge">tcp://localhost:8080</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">.json</code> files are text files containing a full json specification for the plugin.</li> </ul> <p>Plugins with UNIX domain socket files must run on the same docker host, whereas plugins with spec or json files can run on a different host if a remote URL is specified.</p> <p>UNIX domain socket files must be located under <code class="language-plaintext highlighter-rouge">/run/docker/plugins</code>, whereas spec files can be located either under <code class="language-plaintext highlighter-rouge">/etc/docker/plugins</code> or <code class="language-plaintext highlighter-rouge">/usr/lib/docker/plugins</code>.</p> <p>The name of the file (excluding the extension) determines the plugin name.</p> <p>For example, the <code class="language-plaintext highlighter-rouge">flocker</code> plugin might create a UNIX socket at <code class="language-plaintext highlighter-rouge">/run/docker/plugins/flocker.sock</code>.</p> <p>You can define each plugin into a separated subdirectory if you want to isolate definitions from each other. For example, you can create the <code class="language-plaintext highlighter-rouge">flocker</code> socket under <code class="language-plaintext highlighter-rouge">/run/docker/plugins/flocker/flocker.sock</code> and only mount <code class="language-plaintext highlighter-rouge">/run/docker/plugins/flocker</code> inside the <code class="language-plaintext highlighter-rouge">flocker</code> container.</p> <p>Docker always searches for unix sockets in <code class="language-plaintext highlighter-rouge">/run/docker/plugins</code> first. It checks for spec or json files under <code class="language-plaintext highlighter-rouge">/etc/docker/plugins</code> and <code class="language-plaintext highlighter-rouge">/usr/lib/docker/plugins</code> if the socket doesn’t exist. The directory scan stops as soon as it finds the first plugin definition with the given name.</p> <h3 id="json-specification">JSON specification</h3> <p>This is the JSON format for a plugin:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "Name": "plugin-example",
+  "Addr": "https://example.com/docker/plugin",
+  "TLSConfig": {
+    "InsecureSkipVerify": false,
+    "CAFile": "/usr/shared/docker/certs/example-ca.pem",
+    "CertFile": "/usr/shared/docker/certs/example-cert.pem",
+    "KeyFile": "/usr/shared/docker/certs/example-key.pem"
+  }
+}
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">TLSConfig</code> field is optional and TLS will only be verified if this configuration is present.</p> <h2 id="plugin-lifecycle">Plugin lifecycle</h2> <p>Plugins should be started before Docker, and stopped after Docker. For example, when packaging a plugin for a platform which supports <code class="language-plaintext highlighter-rouge">systemd</code>, you might use <a href="https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before="><code class="language-plaintext highlighter-rouge">systemd</code> dependencies</a> to manage startup and shutdown order.</p> <p>When upgrading a plugin, you should first stop the Docker daemon, upgrade the plugin, then start Docker again.</p> <h2 id="plugin-activation">Plugin activation</h2> <p>When a plugin is first referred to -- either by a user referring to it by name (e.g. <code class="language-plaintext highlighter-rouge">docker run --volume-driver=foo</code>) or a container already configured to use a plugin being started -- Docker looks for the named plugin in the plugin directory and activates it with a handshake. See Handshake API below.</p> <p>Plugins are <em>not</em> activated automatically at Docker daemon startup. Rather, they are activated only lazily, or on-demand, when they are needed.</p> <h2 id="systemd-socket-activation">Systemd socket activation</h2> <p>Plugins may also be socket activated by <code class="language-plaintext highlighter-rouge">systemd</code>. The official <a href="https://github.com/docker/go-plugins-helpers">Plugins helpers</a> natively supports socket activation. In order for a plugin to be socket activated it needs a <code class="language-plaintext highlighter-rouge">service</code> file and a <code class="language-plaintext highlighter-rouge">socket</code> file.</p> <p>The <code class="language-plaintext highlighter-rouge">service</code> file (for example <code class="language-plaintext highlighter-rouge">/lib/systemd/system/your-plugin.service</code>):</p> <div class="highlight"><pre class="highlight" data-language="">[Unit]
+Description=Your plugin
+Before=docker.service
+After=network.target your-plugin.socket
+Requires=your-plugin.socket docker.service
+
+[Service]
+ExecStart=/usr/lib/docker/your-plugin
+
+[Install]
+WantedBy=multi-user.target
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">socket</code> file (for example <code class="language-plaintext highlighter-rouge">/lib/systemd/system/your-plugin.socket</code>):</p> <div class="highlight"><pre class="highlight" data-language="">[Unit]
+Description=Your plugin
+
+[Socket]
+ListenStream=/run/docker/plugins/your-plugin.sock
+
+[Install]
+WantedBy=sockets.target
+</pre></div> <p>This will allow plugins to be actually started when the Docker daemon connects to the sockets they’re listening on (for instance the first time the daemon uses them or if one of the plugin goes down accidentally).</p> <h2 id="api-design">API design</h2> <p>The Plugin API is RPC-style JSON over HTTP, much like webhooks.</p> <p>Requests flow <em>from</em> the Docker daemon <em>to</em> the plugin. So the plugin needs to implement an HTTP server and bind this to the UNIX socket mentioned in the “plugin discovery” section.</p> <p>All requests are HTTP <code class="language-plaintext highlighter-rouge">POST</code> requests.</p> <p>The API is versioned via an Accept header, which currently is always set to <code class="language-plaintext highlighter-rouge">application/vnd.docker.plugins.v1+json</code>.</p> <h2 id="handshake-api">Handshake API</h2> <p>Plugins are activated via the following “handshake” API call.</p> <h3 id="pluginactivate">/Plugin.Activate</h3> <p><strong>Request:</strong> empty body</p> <p><strong>Response:</strong></p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Implements": ["VolumeDriver"]
+}
+</pre></div> <p>Responds with a list of Docker subsystems which this plugin implements. After activation, the plugin will then be sent events from this subsystem.</p> <p>Possible values are:</p> <ul> <li><a href="../plugins_authorization/index"><code class="language-plaintext highlighter-rouge">authz</code></a></li> <li><a href="../plugins_network/index"><code class="language-plaintext highlighter-rouge">NetworkDriver</code></a></li> <li><a href="../plugins_volume/index"><code class="language-plaintext highlighter-rouge">VolumeDriver</code></a></li> </ul> <h2 id="plugin-retries">Plugin retries</h2> <p>Attempts to call a method on a plugin are retried with an exponential backoff for up to 30 seconds. This may help when packaging plugins as containers, since it gives plugin containers a chance to start up before failing any user containers which depend on them.</p> <h2 id="plugins-helpers">Plugins helpers</h2> <p>To ease plugins development, we’re providing an <code class="language-plaintext highlighter-rouge">sdk</code> for each kind of plugins currently supported by Docker at <a href="https://github.com/docker/go-plugins-helpers">docker/go-plugins-helpers</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=API">API</a>, <a href="https://docs.docker.com/search/?q=Usage">Usage</a>, <a href="https://docs.docker.com/search/?q=plugins">plugins</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=developer">developer</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/extend/plugin_api/" class="_attribution-link">https://docs.docker.com/engine/extend/plugin_api/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fextend%2Fplugins_authorization%2Findex.html b/devdocs/docker/engine%2Fextend%2Fplugins_authorization%2Findex.html
new file mode 100644
index 00000000..89f8c6f3
--- /dev/null
+++ b/devdocs/docker/engine%2Fextend%2Fplugins_authorization%2Findex.html
@@ -0,0 +1,48 @@
+ <h1 id="access-authorization-plugin">Access authorization plugin</h1> <p>This document describes the Docker Engine plugins generally available in Docker Engine. To view information on plugins managed by Docker Engine, refer to <a href="../index">Docker Engine plugin system</a>.</p> <p>Docker’s out-of-the-box authorization model is all or nothing. Any user with permission to access the Docker daemon can run any Docker client command. The same is true for callers using Docker’s Engine API to contact the daemon. If you require greater access control, you can create authorization plugins and add them to your Docker daemon configuration. Using an authorization plugin, a Docker administrator can configure granular access policies for managing access to the Docker daemon.</p> <p>Anyone with the appropriate skills can develop an authorization plugin. These skills, at their most basic, are knowledge of Docker, understanding of REST, and sound programming knowledge. This document describes the architecture, state, and methods information available to an authorization plugin developer.</p> <h2 id="basic-principles">Basic principles</h2> <p>Docker’s <a href="../plugin_api/index">plugin infrastructure</a> enables extending Docker by loading, removing and communicating with third-party components using a generic API. The access authorization subsystem was built using this mechanism.</p> <p>Using this subsystem, you don’t need to rebuild the Docker daemon to add an authorization plugin. You can add a plugin to an installed Docker daemon. You do need to restart the Docker daemon to add a new plugin.</p> <p>An authorization plugin approves or denies requests to the Docker daemon based on both the current authentication context and the command context. The authentication context contains all user details and the authentication method. The command context contains all the relevant request data.</p> <p>Authorization plugins must follow the rules described in <a href="../plugin_api/index">Docker Plugin API</a>. Each plugin must reside within directories described under the <a href="../plugin_api/index#plugin-discovery">Plugin discovery</a> section.</p> <blockquote> <p><strong>Note</strong></p> <p>The abbreviations <code class="language-plaintext highlighter-rouge">AuthZ</code> and <code class="language-plaintext highlighter-rouge">AuthN</code> mean authorization and authentication respectively.</p> </blockquote> <h2 id="default-user-authorization-mechanism">Default user authorization mechanism</h2> <p>If TLS is enabled in the <a href="../../security/protect-access/index">Docker daemon</a>, the default user authorization flow extracts the user details from the certificate subject name. That is, the <code class="language-plaintext highlighter-rouge">User</code> field is set to the client certificate subject common name, and the <code class="language-plaintext highlighter-rouge">AuthenticationMethod</code> field is set to <code class="language-plaintext highlighter-rouge">TLS</code>.</p> <h2 id="basic-architecture">Basic architecture</h2> <p>You are responsible for registering your plugin as part of the Docker daemon startup. You can install multiple plugins and chain them together. This chain can be ordered. Each request to the daemon passes in order through the chain. Only when all the plugins grant access to the resource, is the access granted.</p> <p>When an HTTP request is made to the Docker daemon through the CLI or via the Engine API, the authentication subsystem passes the request to the installed authentication plugin(s). The request contains the user (caller) and command context. The plugin is responsible for deciding whether to allow or deny the request.</p> <p>The sequence diagrams below depict an allow and deny authorization flow:</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAfoAAAIECAMAAADGuxyPAAAAnFBMVEX///8KCgoGBgYZGRmHh4d4eHhGRkYAAACIiIh3d3f7+/shISH39/dPT08PDw/Q0NDb29uLi4vg4OAxMTE/Pz8TExNzc3P+/v7s7OyQkJC+vr7o6OgpKSmlpaVoaGjX19fk5OT09PTw8PCbm5t/f387OztTU1OWlpY3Nze4uLhubm7Jycmrq6uDg4OysrJfX1+goKDDw8NZWVlKSkpnwBSyAAAgAElEQVR42uydaXeiTBCFmyah3gjiBq4EjUbjbtT//9/eqmbrVpMZM9E4Y90PagzVfemH3vCcQggWi8VisVgsFovFYrFYLBaLxWKxWCwWi3XH2gBEp75fL/AlBqh8Fjz/7P+qhPkvSjhZ4JlBX9a16rlNeT4ALI6+ru9h/Wfo0xIY/c3qGclDfPR1B34L/fNmU//gX2kJnxzx8+jPNPePyQEZgu99Ef0nSkv4Uj+87954JQ0AnCbAczrrUx/woSH2NBZg8xP6lSsbS3Xw0glltHrBT2Vwu64cJ4xmkGomxHZvy3CMxWUlZBSL2Bhke27L6L1wkUcdoM+DxmDjnzuALS4hAEZpXKvTsKQ9Ucd6qwjLUEZ7sS3dee+wrqIWw75h7o70APC+QPwfo2+oj+kQQIra1HY+rhE2R+i7Mvn0fohei0UcEUjQBoUiykRfBP0H0BfCBlipfw6KMYLk48HeOPn8H17OrvpkD8y6tFoM+4a5O1IE1hBfFHMNfQVb43X2Qo1ivS3wtSzECCB8eJuqz2X8/PawTdqut0Rhy0dD7J3+86JGl1JWQtK6eiz+w63QfLDPTBRRBnotqA/QEVVQh0QwTeOGALt6Gw+bC/EKEKyfbZADMve6rUmYmHVptRj2DXP3I+zw2EArbCsTvTbXYz8rWbT/i1Q7eRF1wDKh0JfI79j3qkL0nynKpcPTEpIj9NhYdbyWVewptSgdvR7kIhdEBFapriwlmwiAcdcTlaGgEcHHt7XTrPTUOVGHHxp1abWY9vV67kex4oPdyW19hH6r2tWlVUFAIdhv3qjtKjr6hVQzPS0elk2cIlwTvREbJ5tJKrNYcmRRGnojaA5+aQMOho6KJWArooshqPVEfjAK5x/XcZyIrJt15bUY9o167mdTH2bTNHRz9JaJvqK6iisqOLqmu8EVtd1AQz/AWfiBWPRpxpXysNcbsXHSu9wcvR6loTeCkOfWhbcG1CbaJVOdKu/WkmaEib5dTRcoel1aLYZ9o5670TJvJTr7jWqnEpxG3ys6x4jarl2g96Zpw3s4185nL9EheiP2CL0epaE3gko+kL0m7H3jLkRl5Vg415TSrutVPNoBPGqjWlaXXoth36jnboTL8PiVJGm1F6u+v8jQL030+KKujGyuHxboEcpU3RnYAjTxLUzRL/Mj9Ngj9HqUPtfrQWJCa3bCms0stEboxDgdeQGNVjZYPdVz3/AqoHXgY/zm6XXptZj2jXruRD0Jdkt9mtA8h7Aa27Wr0OOMuu9UDfS1bCE8OWi7N8TRrKFmOHbuW1SOm5eQtK4ee4Rej9LR60G0jsSRaUhbufz+EwZG2x5OBPjVI35+64R0FeCKIK6M1Glodem1mOiNeu5EHbUtSkf+qRjQ7XxwG9RmlXyuzNG3dsnU0GgftN0kmzTiFraf6+JG2iplJSStq8cez/ValI5eD6JhmVZhDQPQY1rxKJl0SLhyr4b5bl+rS6/FRG/UcydqJOv39EecvlgEVhi3HUIvVraMugb67KaXJz5EL3obWzZGHTUoJyWYN8w8cQK9HnXqbl7Sy6cqrKl2a7nWji1DR80AL3Q3L1C3iQaxLe1d/6AurRYTvVnPHavFZlksFovFYrFYLBaLxWKxWCwWi8VisVgsFmv6dBmd5+J5/3RdzW7Awxc8fqvgv4sIznOxu5CNj+Q//ryHr3j8XvQ3UezD43XHulP1XdvDj7cJo2f0jJ7RM3pGz+gZPaNn9Iye0TN6Rs/oGT2jZ/SMntEzekbP6Bk9o2f0jJ7RM/rbQ7+II8sfjyijgAOemEDvowIW3QuhryX5ytxN/2fRO0W2zYOzLkOeGWWcZwhbpcZlGDynrXdan7TpD6JvUa6g/VRCufQr9LPTicC+Bb0bBOOGBXL9k+h7YOWpcg/OWkM/DxJJqCXGg3GkUoP+behfIaLcj/UppY4j88PeRxlFni+IXuUYLT2AVf1B9DV4VdldT5y1hj5Vh/L3psbFTMrBJ+g/btMfRN+XYXJBtv1PzV8FPaWv2vwg+obv+W7r99BvpVXRjO/g/Retd3PoHynjt9KoNigG/GHTlXZMF0XZrk5COZ2pzPEnEwB+J/oXy8J5p7KzpT9WY79upF/2LaffjkPfUTYoRb0dDwyTf4K+AhOxSZInJhSHUM7Ougz9OLTGeQ09W2Xd0q7ZjgoqAoWo7mz0G02TAf9cjxdH3zAeDZGhH0Ywbk7AxSYvW+F+VAspRf0Gdp3hZdGLABZiYfmb5kQSBMOIv3ufgxs5o1fp4gVStyGYB2BXdZN/gr4JS5zZJyb69KzL4Nqbff5En1KQpFbNjZcx9gB91YZ97Pphhv5MjxdHH0LpBPpYJfVdU5LbshqC13SmVxjwsdet0QU18JIqPjLiQNCi3HRbyshKQW+UjFYz+XX0Jdv3RCmUbQN9PuCPX6iyOOvkDU83/kxJYQ/Ql+k5IC9jyNCf6fHi6KUUx+g9K5nxpvIFHW/VuTjXQR9je61VNW3caB0baapxdoRHtdOnF0yhrpv8OvqZYhPjuv0k+pny5KSH+vViaxKMbZVc00Sf+lsU6M/zeHH0Nrwco69ApBIcN7D7ldV2p0R96xrodyr1dbs7ak7psReGkbrqbrTLfscLoKsyE9PFsNZNfh39TtHdqqcpnECvWMOYXuth9qCVdF9vl2fiEH03SRjbkjn68zxeHP04n3t6/Rx9F4onzyRL26uhn6KfuspYvUP0x0YeVd8h9Os003wHRwDN5JfRD62sru1J9O0cfWmaZ0gvjB+hf1bZ/IVwc/Tt20K/ylP1P+GWNkW/SPL4p+uXa6JvS79UiiDutkUP0R8bKdB301nz1bw+v4x+BNOYFNC476jBcHAa/Ryc1sfos8BZen34t4q+KsNkwzqgtWeK/kWtoLFDrYZXRk/7+kXyqKAtoj82UqBvQ6OV7Anq34I+SNM612nFlozOs5Pol2D3xEfoi8Be4qYPt4oeO3tEQ36lkVzsyQp/p65YnPZauuOlWgFdEL3XAauOEzx1LVwaB+LYSIE+XeG/Jyv8P0Zfh+xmjoOsn6hstFDOzrpAX/XlVnyIXgvc02MbvP3toi/Ro4f3DQDnpUDfc2Ha3Elra7TqAtJ7KZe5hx+k9/BLDXAemnYUNsSxEQ097uudppPs6/8c/Sqfv58RVl/CfmM3wnJ21gX6GML0Jn7QPEavBVZ9KM+jkC7k20QvWrOyK/3g3fjlrj130yc86o7nvrW+EHr1y10Uqzv4g41Nz4Wc0Nh5aERDr1LUJw+c/Ab0UX6j0vNx6uuOrTAe2uXsrHX0uZxj9Hog3X3c92k3d6Por13s3fxeX1XLlMHv/CrB6P8t9KHr5fegGP1doX8Cd94cqxvPjP6+0LdGU9+KHjzB6O8N/S21CaNn9Iye0TN6Rs/oGT2jZ/SMntEzekbP6Bk9o2f0jJ7RM3pGz+hvFP1lnuBwLnq47gMm4PHnPXzF47fqjMcyOMEZB5/nYvHFJ0WcZUlX9/s8fJun3/D4z45A/4Slm/TE6Bk9o2f0jJ7RM3pGz+gZPaNn9Iye0TN6Rs+WGD1bYvRsidF/q4Y9Rv/XnJO/pFenKcpJmgE3exeS0olNz0txHc0Y/d+Hvj0YxMFg0MvehXwfDKpNOTinPpvR/4XoUc00A2TyrnLae0ma4WoY+28Vx3dHQswifz+pVSnriFMTyZetJzsMKjhyhCNG/9eglyT4AL1Xk2r2rkKzXbdXpYq9HlhLykaVoh8mX87cdomiPun1HqO/NfSd/v/s3Yt2ojoUBuAAlVhBFBARr3jXarXa93+3Q2DTQqfOEXvqQfJnrQ6aBAx8gyCQnSgtv6NXFYVrI5bQT9jIiF68NtduNFmm9JR5UuoT/+9f+E0T9A/zhT9vt9MTdgH9qlqWpbgLMazMMaWnTLbvqMbor/RcN0H/SMf6DP2biDc8GMQTPaKfMebalOm02HTNB3+lVxJ70D8efc8LGqH7PNOCxoHbphKYI9WmzJHWZntlyoz17CI92YP+8ehZq2NpLyZrLa3mxo4O/cr5aFOmX9MUN9rjF+riMn1iD/rHXifdLjwLJ3vQS0kv7EEvJ31k/wr6+6yTXp5OSUlSOejvRF8vSwK9tOuEL3y56XGaJys9ftzJSo9LOrLS40KurPS4fSMtPW7ayrpOeFRD2nXCA1rSrxPoQY82gR5tKvk6XexT9W3B5R5YoH+AdXrhu8y74ZY58aDuX1NUEPLZNZmgf5B1Mr3jOfNWu0QfFZj7xjWZoH+QdXrbOGpIT2TqtuhT5XDbUI4N6mzlWHVXOzZEgdjBdxvFeGNs71rW2UwzT0vLCHyqCfpHWafNnDVrH/TJXn/uTbw36mzl8K7f00aiIFLuWUFjp7Qctc8c7Y0yHWUd1ZynNUH/GOvUsqZs65l5eoex5oI6W9E7Uo4zWzOzzWY7t06ZtuikFWzSmkmTPF4gaecT6O+9TmPV8zw+z9NHx/pzjTpbxe9WKb3diefyF5r2bjxR5vMqyjloac3iTWqEc2PcAP1d12mmHMIwrLmMelhl6NPOVjn6eK+fn0Q3HLZM6eOumbZ7O71oiD4G/V3XaS0oI+w+9bASfaqInjpbpaBRQaQ889aNndUKjJk/4mnmwBLH+uBH9Gxm7EB/z3VyEym9mfawWqgLoqfOViloVBCf4Ucn8yM2XXnDcXeVZooz/Lr/M3o2P4K+EutUvEmOAXpJ6Rsc9JLSM9BXjL4Peknp+xz0ctL3FdDLSR/JXw2K07wq0Qv5q0Hx465C9LH81fS4pFMd+kT+WnpcyK0OPclfST/TXxjoq0F/Jvlr6BvOGjdtq0PPCz2qccSjGnLu9fJuJhzrQS/zGT7o5f1dD/oK0Re7mgf6KtEXuoYP+krRF7pzB/pK0Re5Xw/6atEXeEoH9BWjR5tAjzaBHm0CPdoEetCDHvSgBz3oQQ960IMe9KAHPehBL1WTLkfnBX3pmvQxjnozeVzTSKdMFcNhbg6Flj/cgv7x6HthOO6E4SCdMvUtDNtdNSyyfA30D0gfpa6e5CVTVezwJo8x297YWifRedl2aL2v7DSYY5LpP2tep8VEdN50wVSBSqhevBzQl4ReFYlfoDdtdZA4dntOEp03VPZsz1N6Ctm7NXoNMVdmr6cKVEL1xHJ6VKEP+v+ZPphEafkdvaoonOIqt/mEUXTeOAjnMqWnzJNSn/jsO3oqoXpiOWnifdCX9Qt/3m4PMo4UnXfxHr0/pvSUyfYd1Rh9R08lVC/OTOmVPuhLfKzPOFJ03nii2xS9Nw3Z22LTNR/k6eMKVEL1cvRkD/rS01N03pkWNA7cpui9lCkCM++VqYjOy7bJdzpVoBKql6dP7EFfenqKzstaS6u5sdPovUmmX9MUN9rjF+qCufQZSYW0JKn3hT62B/1DNSk6hl9MJ/u6ZXCyB31l6GuDAvSRPegrQ39tohgPyhj0d2lSobFv7pRAL1uTsNdLTo9jvaz0OMOXlR6/62Wlx9U8WelxDV9Wety5k5Ye9+tlbRKe0pG9Sfk23eXy4dAEfQnp7/CBr8OmCXop6Z+6zd+2B31J6Wvmb9uDvqz07LftQV9a+t+2B3156X/ZHvTlpH/ZPEepawxBLxv9oVsX6ZWDXjZ6//c/C/TlpGegBz3o5aL/CPoC+lLS3xLN5cr0EfQF9OWkvyGay5VJA3256SmaSxyB5bS0jMBnu41ivLF8CJc0Xgu7IegL6EtLL6K5iAgsLWXdaGnznhU0dkorH8IljeTCbgj6Avpy0lM0FxGBxRYhXIJNHJOlNcuHcEkjubAbgr6Avpz0FM1F6D2vohcHze7EJV9CuNCE3RD0BfTlPdaTZ7wP2268885P+RAuaSQXdkPQF9CXnn5giWN9MPPWjZ3VyodwSSO5sGJBX0D/GPRMnOHXozP8aDJi+RAuabwWVizoC+jLS/8fpH8N/wB60IMe9KCvBv2/JtCDHvSgBz3oQQ960IMe9KAHPehBD3rQ/zf090ygR5tAjzaBHvSgBz3oQQ960IMe9KAHPehBD3rQgx70aBLo0STQo0mgf6gmvfAdi/u2ZcciB70E9KZ3PINeSvq3jaOGH/RJgBt3znyvy9hyBPoHoe/fMPNmzpq1lN5JAtzUzqyluKyn9kD/GPT9Gx5OallTtvVMoqcANzvPt8fqbNTBF/5j0PeVG+jHqud5fE70FODG11r6dnk4B6B/CPpIvjj9TDmEYVhziZ4C3LDxqzVdjD0H9I9AL+SL069FFCPm8H5CTwFu2MFbRgt0cYb/CPSxfHF6N4lAozczZ/h1n5nKIv4DffnpE3mOzSQdPcmDXjr6s8JBLyc9L1/yQI+9HvQ41oMeZ/igL8PvetA/Pv2NV/NAXwH6267hg74K9LfduQN9Fehvul8P+krQ3/SUDugrQY82gR5tAj3aBHq0CfSg/9E6icG4rffJPT6OxnqxLWV3sXMM6O9I/xY6u9VPHlgtSj98HbRBXwZ6MVRfwx0ztnct62zSgNqOtxh6iyD6Y9SDybHqrnZsxDPSaN1U8Fk1O1eyuHSu7VBZLWP6jeqNL/eLAv2d6dliyBy1zxztjQbUdviCnfjYn3CHejA5vOv3tFiIRuv+KPismnmZLI7mCpVR443TXr9nl/tFPenP16fFvA36n9KvNWa22Wzn1mlAbYc7zBRdlq0T9WASOawZP9RMo3VnCqhq5iUtjuYKRNVNlv5Cv6gnvX59WhwNfQL6H+71LvMXmvZuPNGA2g6fsgaPtqvXFz2Y/IMmctgqpqfRujMFVDXzkhZHc9WaUf1zlp5m/tovquBmbgTaDvQ/offdLhPjKLPlUzqg9ici9WDK0NNo3ZmCP+lpcTRXXHWZpb/QL6rwZj4YU9DffoZ/WmkhC4yZP+ILGlA7g0g9mDL0NFp3puBPeloczTWw5o197lh/oV9U8c18tEF/++967RztodOVNxx3VzSgdgaRejBl6NPRuj8L/qSnxaVznVxFf8/SX+gXVXwz7zagl/Rq3swCvaT0vz8QEejv2yQT9JLSm03Qy0lv6hz0UtKbugJ6KemF/NWgOMOvEH0sfzU9ftdXhz6Rv5r+GIC+IvQkfy09ruFXhr6rF+lfjzt3FaLnKkXVuOZZjaOG+/UVpL/mWY23tqSbCV/40m4mnOaBXuofd6CvDn3BSzqgrxB9sQu5oK8SfbHbN6CvEn2hm7agrxR9kUc1QF8temZiM8lKjzaBHm0CPdoEerQJ9KAHPehBD3rQgx70oAc96EEPetCDvrxNsvbiX73LmsmTmkY6jcPAqJsD6CtP3wvDcScMB+lUBH8K2101BH3V6aPU1ZO8ZBqHfDP5Vrxue2NrnYR39Z81r9NijlJbDhd+PsIrlVEg2DTF0Xp1O18YLxH0/yu9KhK/QG/a6iDR6/acJLzr1ug1ogoOf2Ezd52P8EplFAj2C32+UCyx9/nIAOj/B/pgEqXld/SqovAkYG+kN2EU3vWk1Cc+i+gjuKCTj/BKZVTzC32+UCwxSk0T9CX8wp+324OMHoV3ZfuOaoyYo0bZo6GIxco+I7wmZWnNPH2+kGK2c90EfTmP9Rm9NLxri03XfODw6L/Fq56P8EplVPNz5hljrp0vTOmVxB70Zaan8K4iMO9emTr8aLa0UT7CK5VRTbZNuuiaSmCOVDtfmNKTPejLTE/hXf2aprjb6Fjf1bSA5SO8Utk/7N2LdqJIEAbgBiKVkYsXQIkXvDuoiSb6/u+23dAoRrOjJCiGv87Z0SWNFHzYQKuFbMkcuaC+oWw3jeM/7ulje9A/TkoR9j/i499VlUnag/530Ve6F9ELe9D/LvoLgqT9G+hvktI1977JOWR5D5VAfxv658IE6EubEjr8ctPjNK+s9Li4Kys9hnTKSo+B3LLS4+Ob0tLjQ9uypoSvapQ2pbNf0ApvOqC4eQd9YXKimw4ohkoH9IWhv+2it14H9OWkr3TysQd98elZPvagfwD6fOxB/wj0udiD/iHo87AHfcHp24H8ugiBvmzv+tyWCnrQgx70oAc96EEP+vP0N63mA/pC0d+ymg/oC0Uvq/lEdXfioj1sFSrGe1KQR5bnSar0sG8V/QF9wehFNR9Rd6cWF+3x7ZfqSqmNj+r6yIeIPnvRH9AXiV5W8xF1d2TRnqgST218XNdHPsT0mYv+gL5I9LKajyjDIIv2NNzoL8d1fZIH9q2iP6Av2rFeesqiPdH7dPLxqa5P/JA0zVj0B/QFpZdFe8be3+rKrh3X9ZEPSdPri/6Avsj0smgPW/GH/qe6PkmVHpa16A/oi0b/I3Fx+Q/Qgx70oAf9Y9NfHKAHPehBD3rQgx70oAc96EEPetCD/kfo71OuF/T3z+lO9XpBj5xAD3rQgx70oAc96EEPetCDHvSgBz3oQQ96pAR6pAR6pAT6R0ppSSsW/cBJ3oYc9GWhN73NFvSlpH8Pm+pwTx9XKXEmrO21GJv1Qf8g9FneteGEWZWEXlYpqWxZTXGYr/qgfwx607p+3po9YgvPlPSySsnKazcCddx30eE/Br2pZ/g2WqB6nkcTSS+qlLTXWlur6YvZevsC+oegN3Xlevqxsh4OhxVH0ssqJSx4s0fTwGuC/hHohfz19H9FKRvWpE5ML6uUsLU3Y52kHBHoi00fyV9P70yjB91KneE/t5mpTKP/QF98+liesJlKRy/lQV86+paUB33p6EmVN/r5U5jYgf629M+FCQv06PBBj9M80OPiDvRFGNIB/ePTZxzIBf0voM/28Q3ofwN9tg9tQf8b6DN9VQP0v4KemdhMZaVHTqBHTqBHTqBHTjmvk/0q/tVbzIo/TjGSx1xv4gz6ItH7w2HgDofd5DHXmziDvkj0POT9eOVjchNn8fwbd2cGfVEvom1VBH1BL27iHNFnvzsz6AuwTmeHzuyXAY/ZOXp5E+eYPvPdmUF//3U6P2D+Px2+vIlzTJ/57sygv/s6ffEx2T+O9Sn6jHdnBv291+mrD8cvp894d2bQ33mdvvxKzOX0Ge/ODPr7rtPPfxHu4vu0gv6u65TD119B/xD0eXzpHfQPQV+8XzntQH9jevzICR0+NjNO87CZcXGHzVy6IR1s5t9OX7BfOYH+lutUqF85gf6m61SkXzmB/rbrVKBfOYH+GxFePnTmJm1bFzS+Lov+LttonhtmHAZc/FwOP5bTBTn+aOQ0MnflMWF74wFCu3L/HLLk+LP0hXjZW3eS55ZXtI76CfSgBz3oQQ960IMe9KAHPehBD3rQgx70oAc96EEPetCDHvSgBz3oQV8++lXQU+zZpM2f6mSyOX1Z22LVyYm+Ef3aQzE2g/vS67T7Yq0t2t/lfkZJvMnEVc/ty613Pv5nm96Rvl0h6u1Clazqv+gXNMmN3nDdmaOQur4nfZcUGp5f6xT90o1DpUacuDvrEU0fj35KvRV/aIYUxMmPu+0v5u/nSB/dRL76REr9jvQNmtL0/Fqn6GW8UG+cJM4Wqjr8H/qvt+kd6QeqF++Qvv2/yd+EnrEKbe5I79imbbQvo/9QlVoq8S29/2PrFY6+Qs/y2aQxPHT445ahaoHYKSytPvfUcCHWjscgX/qRovDjTm2rqfYs6vvTiQwsW9EHfuDZepRGN9D434ZHSX6HvkZztolLfcaKY7KStbZoEHjKbL+Ersatj/bZl2imw4yM1bcaz7cXxh3+tTnmTu9Q7eg0J6Yf92jWmpPBN7mleLtJw+PNFhvavozzpWcurdhKsTetuSoQjhKxt+9LMnr6ZKoafAdpauQuXdLq6SS/Q9+iV35knx/Ty7W2yNA2O6JV3LTqiuNjKnGLz/uJvq7RLjBsL6G/Msfc6T2qnqEP+MkrY2vainXaRE+Dm3T4/F235lmIDfwqFnySiE4u75GX9MHYLprpL7lHSWanr2q2yaqe6h/R7zv82UgsLEje5I6ZTrxPyvgzvUX8tH80o4T+yhxzp1dVdkpvKvERL1RHPOOPaF3029AHfHuto8X4/ELrNJFW1M9OeCtfbFPxN2qmk8xOv4hsAn7efpZ+EeWky6Z283Bp4s40Eo2O6WV+qwP9dTnmTq8dlTaS9DXqTUU4/O1nRZc7VfHeugX9lsQh3u9MWiHfSMeJNKO3m7jKfuc7QCeuz8x3hnU6yez020j3g3rn6SNrmol/mx6t0wMSqmYt2Gf6Di2ji2d1T39djrnTz/bHnu5gT9/ZD1os5KntzehDnk9zzpesbTn9aSKV6L0j6NfRsUBcZPXTSWamHyvJsj7O0vt7+mpIlZPET+j79BRNNfb0frHo3+QGZOwPv6SV9CtxbGXJ+cst6X3VrlZ7FHR81uX0p4kc6DvyqDk93j8z008oDES4ot/Xo85weJ5+SXr7a/pkxoXcP+yi0tdVL75gHYpzT0k/is6g+RvqbXxjenFdv4qujHjPq7PTRA70Pjnt+Jqg+SP0bvTKorqfMpa98+Is/StpXfYV/WHGbpzNgIpKz9/sPdHl15x4Z4/P8LfRHssPe+10xq/RGVCO9OYLKU1+gBdvLX5q7LLTRA708gz/PT7D/zZ9k5LBHJ1b/xGvzVOwkrU+0Ndt9YN9SZ+accev95i5Ky59dSPG8B0ifXSg7xoUtraq8nG0VVckx1LyGcN35Rh+1SH9qaX1PIedJpKi59f1ekuPr+u/T/+2P373OdZApd1GczwrWesDfUCeHMR3W6f0qRnrNlnLnid25GLSs/bCMlTbfT/65M5fGqo2rx0f69nSVtY50Uef3PWCaAR/uNHU3ttoLvrOz4mk6Nkw0FRj2WU/Qt/bD1SaNj/0dWaKF4w1K1nrNP0+9FP69Ixi9HE3EFdzBaW/9cuW5vP6enSaMrzkUwnQ/y56zzD3Y1CgLxX9HzKWrVk08Az6ctG3J6Gt9J5MBvqy0Rdpm4Ae9KAHPehBD3rQgx70oAc96EEPetCDHvSgBz3oQQ/6gtLnc7PZa+lvfJtcqtw/h9NrxgAAAANhSURBVCw5/mjkdQ+H67JY3foWE50C5JAhRwQCgUAgEAgEAoFAIBA5hU/1n3qpRsjGNMAmLSe9WfGxSctJj7hTOC+MWQ5jr8a5Z8ct2NBStJbJ6RuashE1tQzVWbBkMhu4avgUsqGovCNM980nhqoP4/+fpprP1Fkr7vBXrqLozWiS89RjXWrY22SiT31D2dZmymy4X6II+WrNue0tzeNWiEvij8XanjpmwfLcs+MWLJwPPpwl38xG58MIWE1ZNCv2KJlsGptmX0nR75uHQ98JWLWn1zre5NB8O5ioEf3Ia9VXvU006V0R9GFnlUz0yfXrqrby+TzJEnnIVzONXa3Dc0m3QlwUHbtdM3oLZqzPPfvUQjFFjVTTFxUz1qq5tgfMXJjJ5LUw2RzoD8356zQc1lG7vO/of27O6btvVcaeQ/YqJi0FPV9AMtEXtb34nsOmLpNLjNKKX+1VGYsSLuN0K8RFYSq1l81m2lRH554dt/hLCg8a+KLsw5AGZkjOtMmSyc/8qMAmB/pD8xrvqXu8s46WmEx+Es3/xh3++G/gqg6bimIyfUEvyknIidHssyfGnmZMLjF6mfjVpuJVxrRKt0JcFruX+fvEnej/tXO2vQnCQBwvZSOGDkEa5CFo3VBEpyj6/b/b7mhvYuZesDdLtt6r8ue8Nv3ZoyXkHrfuPHIRocEyzrCGesTSYi4SRXKOFM4GPTzzb+6qR19pWCQ/mX8KoF+5m2N7lOzYEHrYR5LY/5yg6h4xjIk2aQi9suhHWh64kXKC/HHrzmOHq/29BpYdJFnHL2ZYYHVLcoG5d9/oNQuZ/Oau0XdYhXV2Ibk17oB+66aMLSUkfMjlc4OexCFU0yOOykRrdcLPLPrxpriLZUPV49Z5MbhK5SYMJVZB9V6zZg2zv1gdeEdyKgN1gG1eKuqwSpqBu0aP9wu3IvmlrBXuCgH9gncZbu98cQLJoCdxCNX0iMMy0fwyUJ24MIv+ByZqxmrxTcurh1dx4CSnNzzclcnex6TLRfUps9jjcgkJuCi5Bw/xm7tGz+IrdydDd0c+9+j95XR6aeEUETYQQWr0JN5BNT3isEy06Ook/QnSov9lG/GO5mutlRV+qrX27Cz+dfRfLeZVvEsqO4v/Dz3s7rmYpXYWrVmzNtI+AC0GjHECTN/OAAAAAElFTkSuQmCC" alt="Authorization Allow flow"></p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAcYAAAF3CAMAAAAIKhvLAAAAn1BMVEX///9HR0cGBgZPT0+Hh4d4eHgKCgoAAAB3d3eIiIgdHR37+/s5OTns7Oz39/c/Pz8TExNzc3MODg6cnJyLi4sXFxcxMTHc3NwjIyPQ0NDo6Oijo6Pk5OSQkJD+/v7AwMC5ubng4OArKyvw8PCWlpb09PR/f3/Y2NhTU1NtbW2tra1mZmaDg4PHx8dfX1+0tLTV1dVDQ0NZWVnLy8uoqKjBCfIoAAAb6klEQVR42uyd63qqOhCGIbbM2oiAKIiKJ6z1fEC9/2vbmQCSeGiXtta693w/VlmYSSZ5ySSkj1NNI5FIJBKJRCKRSCQSiUQikUgkEolEIh1rDhCfu79e8n+mAJuPjPnnzYsf5jU0/9KTAIyf6/YVfj2DbA8Alie3BzrMvoaxqIEw3l9tThHmJ7c78FcY26vV4MJHWQ0flHgoxiv8egbpwFzw7BsxfqCshiv0oxj/W4oA9CpAG69XAPiAehBwuKimCD0LkwV7UXiWuCxejPhVCcxeyKw0NPUhU1/TerrJXGevKTWotlNglanJ4rbkxco1kmaKsTX3mTltqQUnaeDfAawyk24nMJg/EXXbi5g3Kh6as9aSW6rnil/PrBeOkA9OchljIC7X6WYIFVdwMDwPh/QYY4+lV+1jjJItH98YWFanUMvEzwwXMUbiGsxIKTgDqPKCrwC9Ym1DeTxY2FZ6/c8la8kt1XPFr2dWDMZQC1N+EsYm7957f4SdNd6W/D8lTasBuC9vgbgu8eu3l146GK0ZFx/KeKhZ4LWXdXwspBqaqi2/YzYx5uq5E7xhqz/jXhii5vdlncFEKVh2weQFQ/C7qckQYDuo8GqnmvYO4MzaJrDogrXkluq54tcTawnY4wXvvIpRWhsXmlY28J0kFB23Y1wu+WB05P1el++UvLGmjfc4xUwsXtTQVG35nRq3MA7vOV0PDD4bNoixJRzik4QNlYL8eoclqvk+mJPv2dpuyK998PiPdVLdXLKW3FI9l/16Yk3FWDf4g9u9hLEnBiDEVdRBE/5Qv+FgNGWMS5bHyGhf5Q93qGJUbAURrNMskIigbnKMPECbSZKEuBbKBXngf8XHLX9J6MYYhpN6SyzvSXb3krXkluK54tcTvzS6IG1POMYGv2moGJvZWDR5GEObPU5QPhiRhDHyAV7w/xtcphg7xqjYZrvfAuM4+xS3OPuDQ2u1YMzrDKSDinG6IBozNJ9kNy9ZS24pnit+Pa9mh25jdzhGHhfLoGLMx6JVPLk1HIxKgRH3GGIkbb5ATfuj8DioKrZT0YyEMcqWSZyNa5x1RagoCv7Dq1MHu7lIDB7Ky9mUsnf2JWvZLcVzxa/nFe/T9B3FcKeTRtDdBYy4jvDrcozDww2HBUbcotjZUouLl3tubTzYnmDki5tri9BuINIAt6TTN1styD/w06CfTsbOlPtqO3jLB6MlZtTbBWvZLdVz2a+nVYvlO78JLg584IMlbhgDsYUrdRoKxrrY1aUTTxmMNz6Zq3WuPt+DlLpYTyjX0FRtTzHyF9dVpWGJnWoCMN/VhA9qQf4BWMVU5G0sW70QTy74a0j41nGR6Hlr2S0Vo+zX06oj9utZdLW0CI9XIQxwEHanC0x3m4bfoHI0GJM8MM+7fEDMkL+tGWWphqZqe4pxGIsPQ8Q4Tpdrb3dcEE8NpX3Ia9ZmrXhv7Fyylt1SMcp+Pa2Cw6E4HpBvtJ1j+PNKIgLTwmdh72g7shcnHrZ2EaPWWvksqHXEjulQQ1O1PcWoVeaukfTm4hQnmpvM3I5PCo4YMHmwZ4nPXL0vPlrEzHfETvm8teSWilH265nVfRpPe9J5Aek5VcFTmmuP2km/8ASfr95dGognj/0hM+cVGgcSiUQikUgkEolEIpFIJBKJdJ2sP/fRvev/tOGHOXCtg98i+OcugjvX/3nDj3Lgage/B6N232rhh6ML/FAHf9mAE0bCSBgJI2EkjISRMBJGwkgYCSNhJIyEkTASRsJIGAkjYSSMhJEwEkbC+Jsw7uah4Vk1/OKYDrY2gdalCpa9qzHW08wl4XzzQIz6ue+ois6U4PBNK+uQV2SRec1cp50Nynl9MFQ/jbH7ChDrFoNS+TOM/fOJQz7BGDqOExjA1g/D2AIjTWdz2hkJ49RJxaCeeW3FIgHXU2B8hxjzMQ0sTMiAHg9bl77Q2b4Jo8jOVX4BY/wojHV4F/nQznRGwpipA+Ew91rrMxZ9gPHyUP00xg3z0yeq4n3o8RcxYvKL1aMwxq7tmd2/w9hjxkbyeivSSdrfOW/ugvEVM1AK1epREVSH1TDLLFryGxOXWX3sEpxN5PN3GEeGwaN2c2syL01eKjVhjkueoY8rc9dLxBramprMnEdK8zdjbMJEW0FfOyxzQyjlnSnBeO4aRfUtX2SHlR6+jjAqDDWtsfUNfRNbaVC9ysG7YQyU7IM5xmEMTnUCIR/kkuHrtbqLmU9XsO0Mb8WoObDTloa3qk4YjqnShLttTyGMk9o7CznsgQnONAG/ITd/M8YqzPhKOFExZp0pgemv9DTPH8Z+J025ffC6BPtjjA0fStPQc3OM1zh4N4wulM9gnIv8amvMBVcSwXCN3ftSUOUTYq0lYrz2WOVJEwk4Xcw4s8QbaPSWZjA9NH8jxrLv2fwfkRZHopEHVWuELU3zyRfYstdtTKN2hLGE83XkQI7xGgfvhpEx7RSjbaRLicVG3M2l6ID+VYxz3v2ZqKDCK1Ob6IlJ0xbs9vzzIHsFGMjN34ixL8Z5yvefZzH2M4fSou5A2l9bvshjpWKspEnLlgXGKxy8G0YfRqcYmxCKnH4Bd7Ek9uplTFb4NYxbkZmm0qtVLd5ntYmBmAkIs8bb6GX5azEaSs3fiHErSC1FGs4zGAW3FM3AzVNfZ++NfqmvHWPspzO3yw4Yr3DwbhitQ1BvjQ8Ye1Ki1HQv9w0YA97SAFOLmVuO8bSJAuMsS5nZ4fNTav42jEMjb2h5FmPlgLFsHRJxFl6fYNynuV8184Cx8gswLg5ZRv/wd6sM4y7N95ot8t+DscK8cjmGaa/CX8d17bQJeTbOs1fa/tcx1iCYoxyMrbqIPdF5jFNIupcx5obrjLX3qzA2mJu+OUW42cowjpgpNj6dxfDbML5yNss0uXqPYzxtosBYgbib7m0HX8foZOn+B7hbSSNg/yzGGZgt7RLGwrCVujKGX4WRT8IYw+omSJ/WdKe6FY9cD8Ku7OZebBNuwmh3wBjwBRGf+pGFlZ00UWDkbnTEpaN9GeMA8hf/BN54Zzui/VLemQJjw2NL7SJGyVD82SVb/2UYyys8U40BklGBsRWCVd0yo6eM4xKyt/Nbz1TLAegvVTP2+XbjpAkJ48CHpKqDP/46xsVhvWvz/e+Ggb7yA7eUd6bAOAU3O1R1qqcYJcOxi++N7i/DqHX7pZB5jvobDvyTMKb4qzGym1PPWN/2G454Lo5/opWPf0VmgiHquAkJY5rYND3h+SLG8HC8YXt81ehZhjsfmqW8MwXGeZE5XT/FKBuKI6cNvtT+JozfV+3/4/eNY7GmR39zREwYfy9GN7QPhxWE8Wkx/oFwWrXEySFhfF6M3ZrlGvGLrRHGZ8b48AEnjISRMBJGwkgYCSNhJIyEkTASRsJIGAkjYSSMhJEwEkbCeEWt90nhC3eu//OGH+XA1Q5+i67Iy6s7VxS+oX41CfCthl/o4H0c+szBn9bL69PHnv+SQ4SRMBJGwkgYCSNhJIyEkTASRsJIGAkjYSSMhJEwEsb/M8ZhizA+BKMn0oPpVa2UfpHTzH9qDBOPWNdlZ4z7hPGxGCtRNHeiqJX/1Fg7isZVFl1TuU8YH4yRq5rlY0p/ijSpdppYr+HOvbdN4oU1TevHrj6pN/D71npdS292//iu0+Qz2q0RxodgZCi4gNGuM7HaNaBaGfiLctNcR8Yec11kGIfpzX5YKVeTw2wsE8afxtgZc1nnMDLjX/budDFVHAwDcISanCJFRMEFFXGhLqO16v1f2yQQFM/YjlpBoG9+1BaCBJ6GJeQjlNkHEjG+E1fjv/yjTsVb3/SYUU706Ot2eDqoDjww5uag2my34wtPgfaPYlkWdQLxyopNzCgnkmVd0dwj40q+eAiMOTk3Jhhd8Ya9Xi/8+OSME0Kclpzod8lsynox4wujHhjzyfhmDmp958/EHtSWrGXQgeEqLTnR1d7Jks6INp1EjNIRjLljJN26aS8M0tUtVW8Rt0N3m5acOKzaVNwzBkogGSNHMOa6FafS+n4dTDqCsfCMwhGMxWfkjmBMjfEz/a7x9eO79sCYFmPlNfVUAWMhDqr/tw4cVMvDiEucMjDihqMMjLj9LwMjGuPKwIim8RIw4kFVKRjx2LgUjOjEUQpGAkYwghGMYDylSe+WGV/mBmPWjOHAw8c0HhH/bCzWxIw+m1wzEYxPYDTM1S7xp/0VI59hLGvXTATjExibji+CNWTnU9GH32ctjW5qsnO/b7069qYmZoiKt9apCANYOqa1M04Trc5gKHOC8RmMepOo1SNjVBt3b1vTlZ37fdYYvtkHMYOLiV6Na7r3FY/4tisn+nRa69rNOCcYs2fsWjMyMo1zRp8QNZCd++VfUsztiGUmRptM9s6rnNgSQQEDPc4p99otieovMzD+gHGlmKbJmueMfJfuqrJzf/jXPGZsRQNTDgNNUzsvcuKfOZ+01OKcd+y12Xqj7cF4N+OEfvT7/apDZI/+BGPcuf+M8SBq49Rz7TY/HMeMYYhOy/kBo/g3MNtgvJdxKlg4nCd79Is+/JJRdu6PcfgMLjYxp7W1tR9ok+GBxRN7Fj83aoOfMZJpBYz3MjrRXq+ocY/+QAkko+zcH+PwGeKidM8vSg9kNjfHi8Y8nsivVLXX4Q8Za1objI9qxXniXls1wVgCxiAAYwkYUy4eGH+y1wwPjMVnNKwNGAvPaFSiN32AsciMRoWyq1eKS5ycMgrF6xlxw5FPxlDxasZaB7f/eWSMFK9mRGNcLhml4rWMaBrPJ6NUvIpx4u3woCqfjLckS3/FY+Pi18YM2yPAmOq5EYzluFIFYynuG8GYU8YbW3HAmFPG29pUwZhXxpuecIAxt4zEMDdgLD7jDU//wZhjxtwkMIIRjGAEIxjBCEYwghGMYAQjGMEIRjCCEYxg/LWM37ysDoxpMqY7PD0Ys2ZMZXh6MGbNSB48PL3MIOfIfOH3gDEFxjSGp08wyjkyn/iet3D23gDjIxnTGJ4+wSjnyHzie6K0UAwwZnJQvX94+gSjnCPzhRPDFLCKAcaszo0JkxuGp48WCTPIOTLfifGF0cgRjNkyXjs8/WgbLiIzyDkyX5JROoIxW8Zrh6d35OZEGeI5Ub4zxsgRjM9rxfluQGyvddVGM+kIxnwyVntXMwpHMOaT8cqNlq/BroDxLsbcJTA+rTY+YKNRG8vDiHNjGRhxpVoGRtw3loERrThlYESbagkY8YSjFIwLC88bS8CIp/+lYLxYoHomzUYeGNMtUCZ7gpkeGEvA6KXjCMZsGUk6jmDMmDEdRzBmzZiKIxgzZ0zDEYzZMv4RaUddMBaZcfUaJn0FxiIzprUuMIIRjGD8hYzHsHYwps54T7z6lWk8AmNmjHfEq1+ZbDBmxyjj1cMY87VudQZDstapCFk/C1KPI9LJHWHtYMyEUcSrixjzLp3WunZTRNat6f48SD2OVSd3hLWDMX1GGa8uYsxbIkh9oLsd/tGdnAepx7Hq5I6wdjCmzyjj1YXEnzn/Zam16uGcv4LU5Qe5I6wdjNmcG6VNWLdazkHUxql3HqQex6qTO8LawZgpY8/i50ZtMDGntbW1Pw9Sj2PVyW1h7WDMnpFfolra65Ds+QXrgZwHqccR6eS2sHYwFqYV538DacEIRjCCEYx53utgBCMYwQhGMIIRjGAEIxjBCEYwgvEqxizfVQfGUhcIjGAEIxjBCEYwghGMYAQjGMEIRjCCEYxgBCMYwQhGMOacUcTYW5UtGAvO6Pb99dz0wVhsRhG5VHMWcUi9b7069qa22vHJzumdaqfB3hunYPx47HffDMZ2MBibwReB+UvHtHYGGY0tdVeVWcD4IEbDixlJMI7Hc/dZY/hmHzw6I9sobFCkxGDv61Mwfjz2u88C4rHV8J35FwPzfcUjvu32abN2YFWZBYyPYTSszZFxasdR8z7jx1c1IB2XVDfHRRKDvSeC8eOx38UyBtsTYnoXA/ONNpnsndeBzud9VmUWMD6E0aiwRrI2ygB5n/EqOA9IoA610XGRxGDviWD8eJhisUxNkJrexcD8YaBpauelIZZaVeMsYHwAo1GhYY+ikHHoNOKo+ZixrYzs4ak2ngZ7TwTjX2C8GJjv2m1C9JewNlaqMgsYH8AoFCPG8ErV7sdR8zEj0R1RWeXQ74nB3hPB+BcYLwbmD7TJ8MCCHnWNJavKLGD8OWOoGDHyT3vHa4sMkD8yTpl491M89PtpsPdEMP4FxouB+bO5OV7wQ+pHh6r1IA7PB+NPGSPF77tpfoRnL6/1uPX2xf/F5xT3jQ9ilIrfMU66eri/rxv6/bq0pfvhB30H44MYpeJ3jF2q1h6+4mmHjpdoxXkUIwaM/y21MdMExrTOjWAsyZUqGIt03wjGUrTigLHIjMc2VTAWmjF+wgHGYjMSw9yAsfiM0dN/MBadMTcJjGAEIxjBCEYw/gbGqN2agrHgjM2+SGAsOKN8Qp5SV3swps/oJRnT6WoPxtQZPbFFVKE8LUhKXe3BmDajR0PGabstRr1Lqas9GFNm5Irs7KCaSld7MKbLKBTZ6Uq1llJXezCmyhgqsuN9I9um1NUejGkyRoqP26Ivu9qDMUVGqfi4Lfqyqz0Y02Pc0Yd3oP6qqz0Y02P81X3tURtLsddwbgRjya9Uwfjk+0YwlqIVB4yFZozbVMFYbEb5hAOMBWeMnjeCseiMxANj7kqXciPM09+08DteBcFS/t9lz6407FfUajCCEYxgBCMYwQhGMIIRjGAEIxjBCEYwghGMYAQjGMEIRjCCMU+M+1WHWnpTDABVYQaZsy+Hulh7NzO2opexdFbbJzJWWOWLjVHZW/y3fnzY+48stWLWXblTLqdvdlXWjMMqY+OKrjAxzsX3jCPWvIOxU6/XHcqUj6cx9hhl/csbk2Bc1KOksJYstT5mLCgIY8DGe/7h62wRlXjSG36xvHsX40B81F7YxZi4TBhbLBAclzYmwSjTgHUmcanJSFH63zB+vauyZtwqdvQf9WZ9W+IfMhJSZZtnMY5Nw9KG1zF6Ct0mSr1j7v/slHwwVtmr/K3Z6p8OqpNGR9EWAli123NT0Udik3h6v5dxRik/and3mmLVwyjHxCq0d9Wilfe3lWl9hufQ3kJTtFX/bPV3M3bZnGzYiBxPcxOmxhujsveVSU9f37OZe/7PNwgXOi1ISHtn08p2rEcH1ZsKmBqjw7Zn1wIR42TM6o056/CdrFK70myZrEtGG7YbTO5lJHW2J2tqbRpzRezTs1WYO3fBOuPPZqB0OLavsfrik4k3eJxWfzdjgy35mXB+zig3RmWavakw8Vaf8NhfZ6uzUqvs8Ddj22bqomOZMeMtBUyN0WS1C4wrfrVGyAfbiQ3ZhL+ufnhQ5RXig3yG++sgvvI/q/hkdX7gW7C1mCAWmrLPs9XfyVizLYP/UN7OGI8HVX0m1rSIK59jJEvtMjr5m1EV9XVWZzHjLQVMjVFRyH8ZDRqdSnRlxou5Djeg8lPGFd/8ZfgFb/zLzlfhhZXGDe0OfL4jbwH85OrvZByF+3nBWpcZR7JAUVbTT1xf6zYTmc4Z34Qfv105Md5QwNQYbTb7L2OXdQKRHF5ENbxWr7H6Txl3TJwS37xmQ+fbfL4KP6wJArPJ1+HJkRzE0TCx+jsZd6HUmo0vM4ZuEY1vso/k3a5iqyPyN+O/7Z3rlqI4EIBDsJNpBERRREUQvCDetX3/Z9tUIICjfc5O657VseqPsSyqQj5TuXiIk7znhrTE+AcV/M8wmmVSH6YlxqhcCU+KudwDMHoiUrwUPo2TwHgdosK4kvkW5v6jevifYZyqp9+h19zAaJUYm2b5fy5Vra8wnnlDao0So/UEGDdFkxHyS6ytCoxfMGIRNcg/BqNFO81mwrPIEstxjVyHqPfGdbGkndyP0eXeGqQFuVWTuSe4jTHjx/B7jOrCfcG681QY+9TJV04BTLYKjHNqyInPeDN9GMYPwWYrJ+wCk0auQ1QYLZ6E+dw2vh9ji+c7iDHMVvIMOLmJccWNIfkOY3XhMK9Kyp8Ko+iECaTVg5d/W/OZ6kl+5SLuh/Vqnnn3pxjtMWexGBDhWz83wdlViAqjqMZYFlvkbowxVwv/I5+Jmx3L+Lq6mQpjv0O35FuMtQs1GONt7ckwNnewp5pwfpxXGIc+N9snyqKLdtzyYnX+0z3Vpse1RttIemK6cRWihjHu8WNb4730foybcrwbifnvgXJt1/McXd1MhTHjTrGp2mpfY6xdmDqwbnSeDCMJJ7pPO63LXzgs2EZZDi7HRpJ12P5nv3Aka7n9E+x6NNnMl5Cifg9Rw0iCtaF2eO7E6JfbG3ZHjBqRyZz11NDVzVQY19XjbNo1xvqFcsvpAIvaZ8L4OLfv8XtjKsf04N9sESPG58Xo+Ha5WYEYXxbjL+5nbVPuHCLG18UYuqbDkoZNEOMrY/zfGxwxIkbEiBgRI2JEjIgRMSJGxIgYESNiRIyIETEiRsSIGBEjYnw3jHi68d9wujEKCgoKCgoKCgoKCgoKCsofi8X7j3LVNcmUp9ikr4/R/rCwSV8fI8oDxBsTonuErPxbpUsLEujMaNsCY9dgOzhXxaDehCg1ObSo2TBJAKc8AJ/S3PXpMZDve4uauUnNdp5Uv1qMHWPpwWv4ZMi7nZNSWnxksNPBZK2gjAhSeIuXjpPZl1bvJ790Ejp0StbZrdKlBTGXh62XiSYzoq2/JgM2iT86c6W2jV08YjWMpbkZWOK1mWiDyHEr81PqUolx7rT722QHqoPLAKMZbZXS4i0rpb0vcKEiCim82b4+iPzswuoNJXLCge9PiL+/VfrNgok+tKW2BU+Br6i976TEnthKvYf2XVcYK3Php+uRiA4JOZ+VegXmO4lxuGkS8mmSlSNUGWAUAZTSgvNdAM7iSIqIslq5tzObwhED07rVG4rNBuPdbtGn81ulS4sZZ0J4asGzzwE/2Cb3FjFR6k84Y8mtMFbmA5ENEzKTObpUN8B8lifV6Wwt0ilZwEg5AozwTHWhtODxZ7NBiMjXRUTpJve2AS9T/lW3ekfRxkvXbc2026ULi7HRBxHdy4IzV/skjNq+kyr1uI5RtGZlnkqMbt7wSt0ozAXGwDA3ewFkU2IUcyillJcrQHlEcFN4+8wxbi+s3lDGeq+fMn18u3RhMYFe+LUUXLYikbFm1BVDlDFT6gjyW2bmfUlky8o8xxjBKXTdk1LvC3OBcdYLRTr2yKoj8mW7wKiUdUBFxDypSm/7PKla745RzAvgBLX0dsk9196FXmswSOAUuOPc8hZigBsFK7pV6tDT05WY4oTGcuA6Zs08xwifRz1XqW1/mZ6ZxDiikeWyRBDapSPxKjEqZR1QERGqVXhrJvoh8k/k3TESY0nI0vimdFzW38U6c3ZTWHD4TtaE8Yn6bqkmsUY9McUhUUI1MehV5jlG+Nz4rMz7R+Z9SIzNtdM57cVseGBSLyswKuUFoCIiVKvw1tdYT65q3hzjY+Wu9XwAS8KFhq342hhj6sZ7x8VWfG2M5JxQoxtiK6Kg/DXyDxV9nWTmVk1ZAAAAAElFTkSuQmCC" alt="Authorization Deny flow"></p> <p>Each request sent to the plugin includes the authenticated user, the HTTP headers, and the request/response body. Only the user name and the authentication method used are passed to the plugin. Most importantly, no user credentials or tokens are passed. Finally, not all request/response bodies are sent to the authorization plugin. Only those request/response bodies where the <code class="language-plaintext highlighter-rouge">Content-Type</code> is either <code class="language-plaintext highlighter-rouge">text/*</code> or <code class="language-plaintext highlighter-rouge">application/json</code> are sent.</p> <p>For commands that can potentially hijack the HTTP connection (<code class="language-plaintext highlighter-rouge">HTTP Upgrade</code>), such as <code class="language-plaintext highlighter-rouge">exec</code>, the authorization plugin is only called for the initial HTTP requests. Once the plugin approves the command, authorization is not applied to the rest of the flow. Specifically, the streaming data is not passed to the authorization plugins. For commands that return chunked HTTP response, such as <code class="language-plaintext highlighter-rouge">logs</code> and <code class="language-plaintext highlighter-rouge">events</code>, only the HTTP request is sent to the authorization plugins.</p> <p>During request/response processing, some authorization flows might need to do additional queries to the Docker daemon. To complete such flows, plugins can call the daemon API similar to a regular user. To enable these additional queries, the plugin must provide the means for an administrator to configure proper authentication and security policies.</p> <h2 id="docker-client-flows">Docker client flows</h2> <p>To enable and configure the authorization plugin, the plugin developer must support the Docker client interactions detailed in this section.</p> <h3 id="setting-up-docker-daemon">Setting up Docker daemon</h3> <p>Enable the authorization plugin with a dedicated command line flag in the <code class="language-plaintext highlighter-rouge">--authorization-plugin=PLUGIN_ID</code> format. The flag supplies a <code class="language-plaintext highlighter-rouge">PLUGIN_ID</code> value. This value can be the plugin’s socket or a path to a specification file. Authorization plugins can be loaded without restarting the daemon. Refer to the <a href="../../reference/commandline/dockerd/index#configuration-reload-behavior"><code class="language-plaintext highlighter-rouge">dockerd</code> documentation</a> for more information.</p> <div class="highlight"><pre class="highlight" data-language="">$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
+</pre></div> <p>Docker’s authorization subsystem supports multiple <code class="language-plaintext highlighter-rouge">--authorization-plugin</code> parameters.</p> <h3 id="calling-authorized-command-allow">Calling authorized command (allow)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker pull centos
+&lt;...&gt;
+f1b10cd84249: Pull complete
+&lt;...&gt;
+</pre></div> <h3 id="calling-unauthorized-command-deny">Calling unauthorized command (deny)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker pull centos
+&lt;...&gt;
+docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed.
+</pre></div> <h3 id="error-from-plugins">Error from plugins</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker pull centos
+&lt;...&gt;
+docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
+</pre></div> <h2 id="api-schema-and-implementation">API schema and implementation</h2> <p>In addition to Docker’s standard plugin registration method, each plugin should implement the following two methods:</p> <ul> <li> <p><code class="language-plaintext highlighter-rouge">/AuthZPlugin.AuthZReq</code> This authorize request method is called before the Docker daemon processes the client request.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">/AuthZPlugin.AuthZRes</code> This authorize response method is called before the response is returned from Docker daemon to the client.</p> </li> </ul> <h4 id="authzpluginauthzreq">/AuthZPlugin.AuthZReq</h4> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "User":              "The user identification",
+    "UserAuthNMethod":   "The authentication method used",
+    "RequestMethod":     "The HTTP method",
+    "RequestURI":        "The HTTP request URI",
+    "RequestBody":       "Byte array containing the raw HTTP request body",
+    "RequestHeader":     "Byte array containing the raw HTTP request header as a map[string][]string "
+}
+</pre></div> <p><strong>Response</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Allow": "Determined whether the user is allowed or not",
+    "Msg":   "The authorization message",
+    "Err":   "The error message if things go wrong"
+}
+</pre></div> <h4 id="authzpluginauthzres">/AuthZPlugin.AuthZRes</h4> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "User":              "The user identification",
+    "UserAuthNMethod":   "The authentication method used",
+    "RequestMethod":     "The HTTP method",
+    "RequestURI":        "The HTTP request URI",
+    "RequestBody":       "Byte array containing the raw HTTP request body",
+    "RequestHeader":     "Byte array containing the raw HTTP request header as a map[string][]string",
+    "ResponseBody":      "Byte array containing the raw HTTP response body",
+    "ResponseHeader":    "Byte array containing the raw HTTP response header as a map[string][]string",
+    "ResponseStatusCode":"Response status code"
+}
+</pre></div> <p><strong>Response</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+   "Allow":              "Determined whether the user is allowed or not",
+   "Msg":                "The authorization message",
+   "Err":                "The error message if things go wrong"
+}
+</pre></div> <h3 id="request-authorization">Request authorization</h3> <p>Each plugin must support two request authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message.</p> <h4 id="daemon---plugin">Daemon -&gt; Plugin</h4> <table> <thead> <tr> <th>Name</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>User</td> <td>string</td> <td>The user identification</td> </tr> <tr> <td>Authentication method</td> <td>string</td> <td>The authentication method used</td> </tr> <tr> <td>Request method</td> <td>enum</td> <td>The HTTP method (GET/DELETE/POST)</td> </tr> <tr> <td>Request URI</td> <td>string</td> <td>The HTTP request URI including API version (e.g., v.1.17/containers/json)</td> </tr> <tr> <td>Request headers</td> <td>map[string]string</td> <td>Request headers as key value pairs (without the authorization header)</td> </tr> <tr> <td>Request body</td> <td>[]byte</td> <td>Raw request body</td> </tr> </tbody> </table> <h4 id="plugin---daemon">Plugin -&gt; Daemon</h4> <table> <thead> <tr> <th>Name</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>Allow</td> <td>bool</td> <td>Boolean value indicating whether the request is allowed or denied</td> </tr> <tr> <td>Msg</td> <td>string</td> <td>Authorization message (will be returned to the client in case the access is denied)</td> </tr> <tr> <td>Err</td> <td>string</td> <td>Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information)</td> </tr> </tbody> </table> <h3 id="response-authorization">Response authorization</h3> <p>The plugin must support two authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message.</p> <h4 id="daemon---plugin-1">Daemon -&gt; Plugin</h4> <table> <thead> <tr> <th>Name</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>User</td> <td>string</td> <td>The user identification</td> </tr> <tr> <td>Authentication method</td> <td>string</td> <td>The authentication method used</td> </tr> <tr> <td>Request method</td> <td>string</td> <td>The HTTP method (GET/DELETE/POST)</td> </tr> <tr> <td>Request URI</td> <td>string</td> <td>The HTTP request URI including API version (e.g., v.1.17/containers/json)</td> </tr> <tr> <td>Request headers</td> <td>map[string]string</td> <td>Request headers as key value pairs (without the authorization header)</td> </tr> <tr> <td>Request body</td> <td>[]byte</td> <td>Raw request body</td> </tr> <tr> <td>Response status code</td> <td>int</td> <td>Status code from the docker daemon</td> </tr> <tr> <td>Response headers</td> <td>map[string]string</td> <td>Response headers as key value pairs</td> </tr> <tr> <td>Response body</td> <td>[]byte</td> <td>Raw docker daemon response body</td> </tr> </tbody> </table> <h4 id="plugin---daemon-1">Plugin -&gt; Daemon</h4> <table> <thead> <tr> <th>Name</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>Allow</td> <td>bool</td> <td>Boolean value indicating whether the response is allowed or denied</td> </tr> <tr> <td>Msg</td> <td>string</td> <td>Authorization message (will be returned to the client in case the access is denied)</td> </tr> <tr> <td>Err</td> <td>string</td> <td>Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information)</td> </tr> </tbody> </table> 
+<p><a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=authorization">authorization</a>, <a href="https://docs.docker.com/search/?q=authentication">authentication</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=plugin">plugin</a>, <a href="https://docs.docker.com/search/?q=extend">extend</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/extend/plugins_authorization/" class="_attribution-link">https://docs.docker.com/engine/extend/plugins_authorization/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fextend%2Fplugins_network%2Findex.html b/devdocs/docker/engine%2Fextend%2Fplugins_network%2Findex.html
new file mode 100644
index 00000000..904b68cc
--- /dev/null
+++ b/devdocs/docker/engine%2Fextend%2Fplugins_network%2Findex.html
@@ -0,0 +1,10 @@
+ <h1 id="docker-network-driver-plugins">Docker network driver plugins</h1> <p>This document describes Docker Engine network driver plugins generally available in Docker Engine. To view information on plugins managed by Docker Engine, refer to <a href="../index">Docker Engine plugin system</a>.</p> <p>Docker Engine network plugins enable Engine deployments to be extended to support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN or something completely different. Network driver plugins are supported via the LibNetwork project. Each plugin is implemented as a “remote driver” for LibNetwork, which shares plugin infrastructure with Engine. Effectively, network driver plugins are activated in the same way as other plugins, and use the same kind of protocol.</p> <h2 id="network-plugins-and-swarm-mode">Network plugins and swarm mode</h2> <p><a href="../legacy_plugins/index">Legacy plugins</a> do not work in swarm mode. However, plugins written using the <a href="../index">v2 plugin system</a> do work in swarm mode, as long as they are installed on each swarm worker node.</p> <h2 id="use-network-driver-plugins">Use network driver plugins</h2> <p>The means of installing and running a network driver plugin depend on the particular plugin. So, be sure to install your plugin according to the instructions obtained from the plugin developer.</p> <p>Once running however, network driver plugins are used just like the built-in network drivers: by being mentioned as a driver in network-oriented Docker commands. For example,</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create --driver weave mynet
+</pre></div> <p>Some network driver plugins are listed in <a href="../legacy_plugins/index">plugins</a></p> <p>The <code class="language-plaintext highlighter-rouge">mynet</code> network is now owned by <code class="language-plaintext highlighter-rouge">weave</code>, so subsequent commands referring to that network will be sent to the plugin,</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --network=mynet busybox top
+</pre></div> <h2 id="find-network-plugins">Find network plugins</h2> <p>Network plugins are written by third parties, and are published by those third parties, either on <a href="https://store.docker.com/search?category=network&amp;q=&amp;type=plugin">Docker Store</a> or on the third party’s site.</p> <h2 id="write-a-network-plugin">Write a network plugin</h2> <p>Network plugins implement the <a href="../plugin_api/index">Docker plugin API</a> and the network plugin protocol</p> <h2 id="network-plugin-protocol">Network plugin protocol</h2> <p>The network driver protocol, in addition to the plugin activation call, is documented as part of libnetwork: <a href="https://github.com/docker/libnetwork/blob/master/docs/remote/">https://github.com/docker/libnetwork/blob/master/docs/remote.md</a>.</p> <h2 id="related-information">Related Information</h2> <p>To interact with the Docker maintainers and other interested users, see the IRC channel <code class="language-plaintext highlighter-rouge">#docker-network</code>.</p> <ul> <li><a href="https://docs.docker.com/network/">Docker networks feature overview</a></li> <li>The <a href="https://github.com/docker/libnetwork">LibNetwork</a> project</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=Examples">Examples</a>, <a href="https://docs.docker.com/search/?q=Usage">Usage</a>, <a href="https://docs.docker.com/search/?q=plugins">plugins</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=user%20guide">user guide</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/extend/plugins_network/" class="_attribution-link">https://docs.docker.com/engine/extend/plugins_network/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fextend%2Fplugins_volume%2Findex.html b/devdocs/docker/engine%2Fextend%2Fplugins_volume%2Findex.html
new file mode 100644
index 00000000..14319e18
--- /dev/null
+++ b/devdocs/docker/engine%2Fextend%2Fplugins_volume%2Findex.html
@@ -0,0 +1,98 @@
+ <h1 id="docker-volume-plugins">Docker volume plugins</h1> <p>Docker Engine volume plugins enable Engine deployments to be integrated with external storage systems such as Amazon EBS, and enable data volumes to persist beyond the lifetime of a single Docker host. See the <a href="../legacy_plugins/index">plugin documentation</a> for more information.</p> <h2 id="changelog">Changelog</h2> <h3 id="1130">1.13.0</h3> <ul> <li>If used as part of the v2 plugin architecture, mountpoints that are part of paths returned by the plugin must be mounted under the directory specified by <code class="language-plaintext highlighter-rouge">PropagatedMount</code> in the plugin configuration (<a href="https://github.com/docker/docker/pull/26398">#26398</a>)</li> </ul> <h3 id="1120">1.12.0</h3> <ul> <li>Add <code class="language-plaintext highlighter-rouge">Status</code> field to <code class="language-plaintext highlighter-rouge">VolumeDriver.Get</code> response (<a href="https://github.com/docker/docker/pull/21006#">#21006</a>)</li> <li>Add <code class="language-plaintext highlighter-rouge">VolumeDriver.Capabilities</code> to get capabilities of the volume driver (<a href="https://github.com/docker/docker/pull/22077">#22077</a>)</li> </ul> <h3 id="1100">1.10.0</h3> <ul> <li>Add <code class="language-plaintext highlighter-rouge">VolumeDriver.Get</code> which gets the details about the volume (<a href="https://github.com/docker/docker/pull/16534">#16534</a>)</li> <li>Add <code class="language-plaintext highlighter-rouge">VolumeDriver.List</code> which lists all volumes owned by the driver (<a href="https://github.com/docker/docker/pull/16534">#16534</a>)</li> </ul> <h3 id="180">1.8.0</h3> <ul> <li>Initial support for volume driver plugins (<a href="https://github.com/docker/docker/pull/14659">#14659</a>)</li> </ul> <h2 id="command-line-changes">Command-line changes</h2> <p>To give a container access to a volume, use the <code class="language-plaintext highlighter-rouge">--volume</code> and <code class="language-plaintext highlighter-rouge">--volume-driver</code> flags on the <code class="language-plaintext highlighter-rouge">docker container run</code> command. The <code class="language-plaintext highlighter-rouge">--volume</code> (or <code class="language-plaintext highlighter-rouge">-v</code>) flag accepts a volume name and path on the host, and the <code class="language-plaintext highlighter-rouge">--volume-driver</code> flag accepts a driver type.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create --driver=flocker volumename
+
+$ docker container run -it --volume volumename:/data busybox sh
+</pre></div> <h3 id="--volume"><code class="language-plaintext highlighter-rouge">--volume</code></h3> <p>The <code class="language-plaintext highlighter-rouge">--volume</code> (or <code class="language-plaintext highlighter-rouge">-v</code>) flag takes a value that is in the format <code class="language-plaintext highlighter-rouge">&lt;volume_name&gt;:&lt;mountpoint&gt;</code>. The two parts of the value are separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) character.</p> <ul> <li>The volume name is a human-readable name for the volume, and cannot begin with a <code class="language-plaintext highlighter-rouge">/</code> character. It is referred to as <code class="language-plaintext highlighter-rouge">volume_name</code> in the rest of this topic.</li> <li>The <code class="language-plaintext highlighter-rouge">Mountpoint</code> is the path on the host (v1) or in the plugin (v2) where the volume has been made available.</li> </ul> <h3 id="volumedriver"><code class="language-plaintext highlighter-rouge">volumedriver</code></h3> <p>Specifying a <code class="language-plaintext highlighter-rouge">volumedriver</code> in conjunction with a <code class="language-plaintext highlighter-rouge">volumename</code> allows you to use plugins such as <a href="https://github.com/ScatterHQ/flocker">Flocker</a> to manage volumes external to a single host, such as those on EBS.</p> <h2 id="create-a-volumedriver">Create a VolumeDriver</h2> <p>The container creation endpoint (<code class="language-plaintext highlighter-rouge">/containers/create</code>) accepts a <code class="language-plaintext highlighter-rouge">VolumeDriver</code> field of type <code class="language-plaintext highlighter-rouge">string</code> allowing to specify the name of the driver. If not specified, it defaults to <code class="language-plaintext highlighter-rouge">"local"</code> (the default driver for local volumes).</p> <h2 id="volume-plugin-protocol">Volume plugin protocol</h2> <p>If a plugin registers itself as a <code class="language-plaintext highlighter-rouge">VolumeDriver</code> when activated, it must provide the Docker Daemon with writeable paths on the host filesystem. The Docker daemon provides these paths to containers to consume. The Docker daemon makes the volumes available by bind-mounting the provided paths into the containers.</p> <blockquote> <p><strong>Note</strong></p> <p>Volume plugins should <em>not</em> write data to the <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code> directory, including <code class="language-plaintext highlighter-rouge">/var/lib/docker/volumes</code>. The <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code> directory is reserved for Docker.</p> </blockquote> <h3 id="volumedrivercreate"><code class="language-plaintext highlighter-rouge">/VolumeDriver.Create</code></h3> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Name": "volume_name",
+    "Opts": {}
+}
+</pre></div> <p>Instruct the plugin that the user wants to create a volume, given a user specified volume name. The plugin does not need to actually manifest the volume on the filesystem yet (until <code class="language-plaintext highlighter-rouge">Mount</code> is called). <code class="language-plaintext highlighter-rouge">Opts</code> is a map of driver specific options passed through from the user request.</p> <p><strong>Response</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Err": ""
+}
+</pre></div> <p>Respond with a string error if an error occurred.</p> <h3 id="volumedriverremove"><code class="language-plaintext highlighter-rouge">/VolumeDriver.Remove</code></h3> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Name": "volume_name"
+}
+</pre></div> <p>Delete the specified volume from disk. This request is issued when a user invokes <code class="language-plaintext highlighter-rouge">docker rm -v</code> to remove volumes associated with a container.</p> <p><strong>Response</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Err": ""
+}
+</pre></div> <p>Respond with a string error if an error occurred.</p> <h3 id="volumedrivermount"><code class="language-plaintext highlighter-rouge">/VolumeDriver.Mount</code></h3> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Name": "volume_name",
+    "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c"
+}
+</pre></div> <p>Docker requires the plugin to provide a volume, given a user specified volume name. <code class="language-plaintext highlighter-rouge">Mount</code> is called once per container start. If the same <code class="language-plaintext highlighter-rouge">volume_name</code> is requested more than once, the plugin may need to keep track of each new mount request and provision at the first mount request and deprovision at the last corresponding unmount request.</p> <p><code class="language-plaintext highlighter-rouge">ID</code> is a unique ID for the caller that is requesting the mount.</p> <p><strong>Response</strong>:</p> <ul> <li> <p><strong>v1</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Mountpoint": "/path/to/directory/on/host",
+    "Err": ""
+}
+</pre></div>  </li> <li> <p><strong>v2</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Mountpoint": "/path/under/PropagatedMount",
+    "Err": ""
+}
+</pre></div>  </li> </ul> <p><code class="language-plaintext highlighter-rouge">Mountpoint</code> is the path on the host (v1) or in the plugin (v2) where the volume has been made available.</p> <p><code class="language-plaintext highlighter-rouge">Err</code> is either empty or contains an error string.</p> <h3 id="volumedriverpath"><code class="language-plaintext highlighter-rouge">/VolumeDriver.Path</code></h3> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Name": "volume_name"
+}
+</pre></div> <p>Request the path to the volume with the given <code class="language-plaintext highlighter-rouge">volume_name</code>.</p> <p><strong>Response</strong>:</p> <ul> <li> <p><strong>v1</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Mountpoint": "/path/to/directory/on/host",
+    "Err": ""
+}
+</pre></div>  </li> <li> <p><strong>v2</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Mountpoint": "/path/under/PropagatedMount",
+    "Err": ""
+}
+</pre></div>  </li> </ul> <p>Respond with the path on the host (v1) or inside the plugin (v2) where the volume has been made available, and/or a string error if an error occurred.</p> <p><code class="language-plaintext highlighter-rouge">Mountpoint</code> is optional. However, the plugin may be queried again later if one is not provided.</p> <h3 id="volumedriverunmount"><code class="language-plaintext highlighter-rouge">/VolumeDriver.Unmount</code></h3> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Name": "volume_name",
+    "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c"
+}
+</pre></div> <p>Docker is no longer using the named volume. <code class="language-plaintext highlighter-rouge">Unmount</code> is called once per container stop. Plugin may deduce that it is safe to deprovision the volume at this point.</p> <p><code class="language-plaintext highlighter-rouge">ID</code> is a unique ID for the caller that is requesting the mount.</p> <p><strong>Response</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Err": ""
+}
+</pre></div> <p>Respond with a string error if an error occurred.</p> <h3 id="volumedriverget"><code class="language-plaintext highlighter-rouge">/VolumeDriver.Get</code></h3> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "Name": "volume_name"
+}
+</pre></div> <p>Get info about <code class="language-plaintext highlighter-rouge">volume_name</code>.</p> <p><strong>Response</strong>:</p> <ul> <li> <p><strong>v1</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "Volume": {
+    "Name": "volume_name",
+    "Mountpoint": "/path/to/directory/on/host",
+    "Status": {}
+  },
+  "Err": ""
+}
+</pre></div>  </li> <li> <p><strong>v2</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "Volume": {
+    "Name": "volume_name",
+    "Mountpoint": "/path/under/PropagatedMount",
+    "Status": {}
+  },
+  "Err": ""
+}
+</pre></div>  </li> </ul> <p>Respond with a string error if an error occurred. <code class="language-plaintext highlighter-rouge">Mountpoint</code> and <code class="language-plaintext highlighter-rouge">Status</code> are optional.</p> <h3 id="volumedriverlist">/VolumeDriver.List</h3> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{}
+</pre></div> <p>Get the list of volumes registered with the plugin.</p> <p><strong>Response</strong>:</p> <ul> <li> <p><strong>v1</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "Volumes": [
+    {
+      "Name": "volume_name",
+      "Mountpoint": "/path/to/directory/on/host"
+    }
+  ],
+  "Err": ""
+}
+</pre></div>  </li> <li> <p><strong>v2</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "Volumes": [
+    {
+      "Name": "volume_name",
+      "Mountpoint": "/path/under/PropagatedMount"
+    }
+  ],
+  "Err": ""
+}
+</pre></div>  </li> </ul> <p>Respond with a string error if an error occurred. <code class="language-plaintext highlighter-rouge">Mountpoint</code> is optional.</p> <h3 id="volumedrivercapabilities">/VolumeDriver.Capabilities</h3> <p><strong>Request</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{}
+</pre></div> <p>Get the list of capabilities the driver supports.</p> <p>The driver is not required to implement <code class="language-plaintext highlighter-rouge">Capabilities</code>. If it is not implemented, the default values are used.</p> <p><strong>Response</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "Capabilities": {
+    "Scope": "global"
+  }
+}
+</pre></div> <p>Supported scopes are <code class="language-plaintext highlighter-rouge">global</code> and <code class="language-plaintext highlighter-rouge">local</code>. Any other value in <code class="language-plaintext highlighter-rouge">Scope</code> will be ignored, and <code class="language-plaintext highlighter-rouge">local</code> is used. <code class="language-plaintext highlighter-rouge">Scope</code> allows cluster managers to handle the volume in different ways. For instance, a scope of <code class="language-plaintext highlighter-rouge">global</code>, signals to the cluster manager that it only needs to create the volume once instead of on each Docker host. More capabilities may be added in the future.</p> 
+<p><a href="https://docs.docker.com/search/?q=Examples">Examples</a>, <a href="https://docs.docker.com/search/?q=Usage">Usage</a>, <a href="https://docs.docker.com/search/?q=volume">volume</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=data">data</a>, <a href="https://docs.docker.com/search/?q=volumes">volumes</a>, <a href="https://docs.docker.com/search/?q=plugin">plugin</a>, <a href="https://docs.docker.com/search/?q=api">api</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/extend/plugins_volume/" class="_attribution-link">https://docs.docker.com/engine/extend/plugins_volume/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Findex.html b/devdocs/docker/engine%2Findex.html
new file mode 100644
index 00000000..f5e4a079
--- /dev/null
+++ b/devdocs/docker/engine%2Findex.html
@@ -0,0 +1,9 @@
+<h1>Docker Engine overview</h1>
+<p>Docker Engine is an open source containerization technology for building and containerizing your applications. Docker Engine acts as a client-server application with:</p> <ul> <li>A server with a long-running daemon process <a href="reference/commandline/dockerd/index"><code class="language-plaintext highlighter-rouge">dockerd</code></a>.</li> <li>APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon.</li> <li>A command line interface (CLI) client <a href="reference/commandline/cli/index"><code class="language-plaintext highlighter-rouge">docker</code></a>.</li> </ul> <p>The CLI uses <a href="api/index">Docker APIs</a> to control or interact with the Docker daemon through scripting or direct CLI commands. Many other Docker applications use the underlying API and CLI. The daemon creates and manage Docker objects, such as images, containers, networks, and volumes.</p> <p>For more details, see <a href="../get-started/overview/index#docker-architecture">Docker Architecture</a>.</p> <h2 id="docker-user-guide">Docker user guide</h2> <p>To learn about Docker in more detail and to answer questions about usage and implementation, check out the <a href="../get-started/overview/index">overview page in “get started”</a>.</p> <h2 id="installation-guides">Installation guides</h2> <p>The <a href="install/index">installation section</a> shows you how to install Docker on a variety of platforms.</p> <h2 id="release-notes">Release notes</h2> <p>A summary of the changes in each release in the current series can now be found on the separate <a href="release-notes/index">Release Notes page</a></p> <h2 id="feature-deprecation-policy">Feature Deprecation Policy</h2> <p>As changes are made to Docker there may be times when existing features need to be removed or replaced with newer features. Before an existing feature is removed it is labeled as “deprecated” within the documentation and remains in Docker for at least 3 stable releases unless specified explicitly otherwise. After that time it may be removed.</p> <p>Users are expected to take note of the list of deprecated features each release and plan their migration away from those features, and (if applicable) towards the replacement features as soon as possible.</p> <p>The complete list of deprecated features can be found on the <a href="deprecated/index">Deprecated Features page</a>.</p> <h2 id="licensing">Licensing</h2> <p>Docker is licensed under the Apache License, Version 2.0. See <a href="https://github.com/moby/moby/blob/master/LICENSE">LICENSE</a> for the full license text.</p> 
+<p><a href="https://docs.docker.com/search/?q=Engine">Engine</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/" class="_attribution-link">https://docs.docker.com/engine/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Finstall%2Fbinaries%2Findex.html b/devdocs/docker/engine%2Finstall%2Fbinaries%2Findex.html
new file mode 100644
index 00000000..27299a50
--- /dev/null
+++ b/devdocs/docker/engine%2Finstall%2Fbinaries%2Findex.html
@@ -0,0 +1,26 @@
+<h1>Install Docker Engine from binaries</h1>
+
+<blockquote class="important"> <p><strong>Important</strong></p> <p>This page contains information on how to install Docker using binaries. These instructions are mostly suitable for testing purposes. We do not recommend installing Docker using binaries in production environments as they will not be updated automatically with security updates. The Linux binaries described on this page are statically linked, which means that vulnerabilities in build-time dependencies are not automatically patched by security updates of your Linux distribution.</p> <p>Updating binaries is also slightly more involved when compared to Docker packages installed using a package manager or through Docker Desktop, as it requires (manually) updating the installed version whenever there is a new release of Docker.</p> <p>Also, static binaries may not include all functionalities provided by the dynamic packages.</p> <p>On Windows and Mac, we recommend that you install <a href="https://docs.docker.com/desktop/">Docker Desktop</a> instead. For Linux, we recommend that you follow the instructions specific for your distribution.</p> </blockquote> <p>If you want to try Docker or use it in a testing environment, but you’re not on a supported platform, you can try installing from static binaries. If possible, you should use packages built for your operating system, and use your operating system’s package management system to manage Docker installation and upgrades.</p> <p>Static binaries for the Docker daemon binary are only available for Linux (as <code class="language-plaintext highlighter-rouge">dockerd</code>) and Windows (as <code class="language-plaintext highlighter-rouge">dockerd.exe</code>). Static binaries for the Docker client are available for Linux, Windows, and macOS (as <code class="language-plaintext highlighter-rouge">docker</code>).</p> <p>This topic discusses binary installation for Linux, Windows, and macOS:</p> <ul> <li><a href="#install-daemon-and-client-binaries-on-linux">Install daemon and client binaries on Linux</a></li> <li><a href="#install-client-binaries-on-macos">Install client binaries on macOS</a></li> <li><a href="#install-server-and-client-binaries-on-windows">Install server and client binaries on Windows</a></li> </ul> <h2 id="install-daemon-and-client-binaries-on-linux">Install daemon and client binaries on Linux</h2> <h3 id="prerequisites">Prerequisites</h3> <p>Before attempting to install Docker from binaries, be sure your host machine meets the prerequisites:</p> <ul> <li>A 64-bit installation</li> <li>Version 3.10 or higher of the Linux kernel. The latest version of the kernel available for your platform is recommended.</li> <li>
+<code class="language-plaintext highlighter-rouge">iptables</code> version 1.4 or higher</li> <li>
+<code class="language-plaintext highlighter-rouge">git</code> version 1.7 or higher</li> <li>A <code class="language-plaintext highlighter-rouge">ps</code> executable, usually provided by <code class="language-plaintext highlighter-rouge">procps</code> or a similar package.</li> <li>
+<a href="https://tukaani.org/xz/">XZ Utils</a> 4.9 or higher</li> <li>A <a href="https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount">properly mounted</a> <code class="language-plaintext highlighter-rouge">cgroupfs</code> hierarchy; a single, all-encompassing <code class="language-plaintext highlighter-rouge">cgroup</code> mount point is not sufficient. See Github issues <a href="https://github.com/moby/moby/issues/2683">#2683</a>, <a href="https://github.com/moby/moby/issues/3485">#3485</a>, <a href="https://github.com/moby/moby/issues/4568">#4568</a>).</li> </ul> <h4 id="secure-your-environment-as-much-as-possible">Secure your environment as much as possible</h4> <h5 id="os-considerations">OS considerations</h5> <p>Enable SELinux or AppArmor if possible.</p> <p>It is recommended to use AppArmor or SELinux if your Linux distribution supports either of the two. This helps improve security and blocks certain types of exploits. Review the documentation for your Linux distribution for instructions for enabling and configuring AppArmor or SELinux.</p> <blockquote class="warning"> <p>Security Warning</p> <p>If either of the security mechanisms is enabled, do not disable it as a work-around to make Docker or its containers run. Instead, configure it correctly to fix any problems.</p> </blockquote> <h5 id="docker-daemon-considerations">Docker daemon considerations</h5> <ul> <li> <p>Enable <code class="language-plaintext highlighter-rouge">seccomp</code> security profiles if possible. See <a href="../../security/seccomp/index">Enabling <code class="language-plaintext highlighter-rouge">seccomp</code> for Docker</a>.</p> </li> <li> <p>Enable user namespaces if possible. See the <a href="../../reference/commandline/dockerd/index#daemon-user-namespace-options">Daemon user namespace options</a>.</p> </li> </ul> <h3 id="install-static-binaries">Install static binaries</h3> <ol> <li> <p>Download the static binary archive. Go to <a href="https://download.docker.com/linux/static/stable/">https://download.docker.com/linux/static/stable/</a>, choose your hardware platform, and download the <code class="language-plaintext highlighter-rouge">.tgz</code> file relating to the version of Docker Engine you want to install.</p> </li> <li> <p>Extract the archive using the <code class="language-plaintext highlighter-rouge">tar</code> utility. The <code class="language-plaintext highlighter-rouge">dockerd</code> and <code class="language-plaintext highlighter-rouge">docker</code> binaries are extracted.</p> <div class="highlight"><pre class="highlight" data-language="">$ tar xzvf /path/to/&lt;FILE&gt;.tar.gz
+</pre></div>  </li> <li> <p><strong>Optional</strong>: Move the binaries to a directory on your executable path, such as <code class="language-plaintext highlighter-rouge">/usr/bin/</code>. If you skip this step, you must provide the path to the executable when you invoke <code class="language-plaintext highlighter-rouge">docker</code> or <code class="language-plaintext highlighter-rouge">dockerd</code> commands.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo cp docker/* /usr/bin/
+</pre></div>  </li> <li> <p>Start the Docker daemon:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd &amp;
+</pre></div>  <p>If you need to start the daemon with additional options, modify the above command accordingly or create and edit the file <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code> to add the custom configuration options.</p> </li> <li> <p>Verify that Docker is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <h2 id="install-client-binaries-on-macos">Install client binaries on macOS</h2> <blockquote> <p><strong>Note</strong></p> <p>The following instructions are mostly suitable for testing purposes. The macOS binary includes the Docker client only. It does not include the <code class="language-plaintext highlighter-rouge">dockerd</code> daemon which is required to run containers. Therefore, we recommend that you install <a href="https://docs.docker.com/desktop/">Docker Desktop</a> instead.</p> </blockquote> <p>The binaries for Mac also do not contain:</p> <ul> <li>A runtime environment. You must set up a functional engine either in a Virtual Machine, or on a remote Linux machine.</li> <li>Docker components such as <code class="language-plaintext highlighter-rouge">buildx</code>, <code class="language-plaintext highlighter-rouge">docker scan</code>, and <code class="language-plaintext highlighter-rouge">docker compose</code>.</li> </ul> <p>To install client binaries, perform the following steps:</p> <ol> <li> <p>Download the static binary archive. Go to <a href="https://download.docker.com/mac/static/stable/">https://download.docker.com/mac/static/stable/</a> and select <code class="language-plaintext highlighter-rouge">x86_64</code> (for Mac on Intel chip) or <code class="language-plaintext highlighter-rouge">aarch64</code> (for Mac on Apple silicon), and then download the <code class="language-plaintext highlighter-rouge">.tgz</code> file relating to the version of Docker Engine you want to install.</p> </li> <li> <p>Extract the archive using the <code class="language-plaintext highlighter-rouge">tar</code> utility. The <code class="language-plaintext highlighter-rouge">docker</code> binary is extracted.</p> <div class="highlight"><pre class="highlight" data-language="">$ tar xzvf /path/to/&lt;FILE&gt;.tar.gz
+</pre></div>  </li> <li> <p>Clear the extended attributes to allow it run.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo xattr -rc docker
+</pre></div>  <p>Now, when you run the following command, you can see the Docker CLI usage instructions:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker/docker
+</pre></div>  </li> <li> <p><strong>Optional</strong>: Move the binary to a directory on your executable path, such as <code class="language-plaintext highlighter-rouge">/usr/local/bin/</code>. If you skip this step, you must provide the path to the executable when you invoke <code class="language-plaintext highlighter-rouge">docker</code> or <code class="language-plaintext highlighter-rouge">dockerd</code> commands.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo cp docker/docker /usr/local/bin/
+</pre></div>  </li> <li> <p>Verify that Docker is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image. The value of <code class="language-plaintext highlighter-rouge">&lt;hostname&gt;</code> is a hostname or IP address running the Docker daemon and accessible to the client.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker -H &lt;hostname&gt; run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <h2 id="install-server-and-client-binaries-on-windows">Install server and client binaries on Windows</h2> <blockquote> <p><strong>Note</strong></p> <p>The following section describes how to install the Docker daemon on Windows Server which allows you to run Windows containers only. The binaries for Windows do not contain Docker components such as <code class="language-plaintext highlighter-rouge">buildx</code>, <code class="language-plaintext highlighter-rouge">docker scan</code>, and <code class="language-plaintext highlighter-rouge">docker compose</code>. If you are running Windows 10 or 11, we recommend that you install <a href="https://docs.docker.com/desktop/">Docker Desktop</a> instead.</p> </blockquote> <p>Binary packages on Windows include both <code class="language-plaintext highlighter-rouge">dockerd.exe</code> and <code class="language-plaintext highlighter-rouge">docker.exe</code>. On Windows, these binaries only provide the ability to run native Windows containers (not Linux containers).</p> <p>To install server and client binaries, perform the following steps:</p> <ol> <li> <p>Download the static binary archive. Go to <a href="https://download.docker.com/win/static/stable/x86_64">https://download.docker.com/win/static/stable/x86_64</a> and select the latest version from the list.</p> </li> <li> <p>Run the following PowerShell commands to install and extract the archive to your program files:</p> <div class="highlight"><pre class="highlight" data-language=""> PS C:\&gt; Expand-Archive /path/to/&lt;FILE&gt;.zip -DestinationPath $Env:ProgramFiles
+</pre></div>  </li> <li> <p>Register the service and start the Docker Engine:</p> <div class="highlight"><pre class="highlight" data-language=""> PS C:\&gt; &amp;$Env:ProgramFiles\Docker\dockerd --register-service
+ PS C:\&gt; Start-Service docker
+</pre></div>  </li> <li> <p>Verify that Docker is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">PS C:\&gt; &amp;$Env:ProgramFiles\Docker\docker run hello-world:nanoserver
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <h2 id="upgrade-static-binaries">Upgrade static binaries</h2> <p>To upgrade your manual installation of Docker Engine, first stop any <code class="language-plaintext highlighter-rouge">dockerd</code> or <code class="language-plaintext highlighter-rouge">dockerd.exe</code> processes running locally, then follow the regular installation steps to install the new version on top of the existing version.</p> <h2 id="next-steps">Next steps</h2> <ul> <li>Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a>.</li> <li>Take a look at the <a href="../../../get-started/index">Get started</a> training modules to learn how to build an image and run it as a containerized application.</li> <li>Review the topics in <a href="https://docs.docker.com/develop/">Develop with Docker</a> to learn how to build new applications using Docker.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=binaries">binaries</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=linux">linux</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/install/binaries/" class="_attribution-link">https://docs.docker.com/engine/install/binaries/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Finstall%2Fcentos%2Findex.html b/devdocs/docker/engine%2Finstall%2Fcentos%2Findex.html
new file mode 100644
index 00000000..1a70363a
--- /dev/null
+++ b/devdocs/docker/engine%2Finstall%2Fcentos%2Findex.html
@@ -0,0 +1,48 @@
+<h1>Install Docker Engine on CentOS</h1>
+
+<p>To get started with Docker Engine on CentOS, make sure you <a href="#prerequisites">meet the prerequisites</a>, then <a href="#installation-methods">install Docker</a>.</p> <h2 id="prerequisites">Prerequisites</h2> <h3 id="os-requirements">OS requirements</h3> <p>To install Docker Engine, you need a maintained version of CentOS 7, CentOS 8 (stream), or CentOS 9 (stream). Archived versions aren’t supported or tested.</p> <p>The <code class="language-plaintext highlighter-rouge">centos-extras</code> repository must be enabled. This repository is enabled by default, but if you have disabled it, you need to <a href="https://wiki.centos.org/AdditionalResources/Repositories" target="_blank" rel="noopener" class="_">re-enable it</a>.</p> <p>The <code class="language-plaintext highlighter-rouge">overlay2</code> storage driver is recommended.</p> <h3 id="uninstall-old-versions">Uninstall old versions</h3> <p>Older versions of Docker were called <code class="language-plaintext highlighter-rouge">docker</code> or <code class="language-plaintext highlighter-rouge">docker-engine</code>. If these are installed, uninstall them, along with associated dependencies.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum remove docker \
+                  docker-client \
+                  docker-client-latest \
+                  docker-common \
+                  docker-latest \
+                  docker-latest-logrotate \
+                  docker-logrotate \
+                  docker-engine
+</pre></div> <p>It’s OK if <code class="language-plaintext highlighter-rouge">yum</code> reports that none of these packages are installed.</p> <p>The contents of <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code>, including images, containers, volumes, and networks, are preserved. The Docker Engine package is now called <code class="language-plaintext highlighter-rouge">docker-ce</code>.</p> <h2 id="installation-methods">Installation methods</h2> <p>You can install Docker Engine in different ways, depending on your needs:</p> <ul> <li> <p>Most users <a href="#install-using-the-repository">set up Docker’s repositories</a> and install from them, for ease of installation and upgrade tasks. This is the recommended approach.</p> </li> <li> <p>Some users download the RPM package and <a href="#install-from-a-package">install it manually</a> and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.</p> </li> <li> <p>In testing and development environments, some users choose to use automated <a href="#install-using-the-convenience-script">convenience scripts</a> to install Docker.</p> </li> </ul> <h3 id="install-using-the-repository">Install using the repository</h3> <p>Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.</p> <h4 id="set-up-the-repository">Set up the repository</h4> <p>Install the <code class="language-plaintext highlighter-rouge">yum-utils</code> package (which provides the <code class="language-plaintext highlighter-rouge">yum-config-manager</code> utility) and set up the repository.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum install -y yum-utils
+
+$ sudo yum-config-manager \
+    --add-repo \
+    https://download.docker.com/linux/centos/docker-ce.repo
+</pre></div> <h4 id="install-docker-engine">Install Docker Engine</h4> <ol> <li> <p>Install the <em>latest version</em> of Docker Engine, containerd, and Docker Compose or go to the next step to install a specific version:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  <p>If prompted to accept the GPG key, verify that the fingerprint matches <code class="language-plaintext highlighter-rouge">060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35</code>, and if so, accept it.</p> <p>This command installs Docker, but it doesn’t start Docker. It also creates a <code class="language-plaintext highlighter-rouge">docker</code> group, however, it doesn’t add any users to the group by default.</p> </li> <li> <p>To install a <em>specific version</em> of Docker Engine, list the available versions in the repo, then select and install:</p> <p>a. List and sort the versions available in your repo. This example sorts results by version number, highest to lowest, and is truncated:</p> <div class="highlight"><pre class="highlight" data-language="">$ yum list docker-ce --showduplicates | sort -r
+
+docker-ce.x86_64  3:18.09.1-3.el7                     docker-ce-stable
+docker-ce.x86_64  3:18.09.0-3.el7                     docker-ce-stable
+docker-ce.x86_64  18.06.1.ce-3.el7                    docker-ce-stable
+docker-ce.x86_64  18.06.0.ce-3.el7                    docker-ce-stable
+</pre></div>  <p>The list returned depends on which repositories are enabled, and is specific to your version of CentOS (indicated by the <code class="language-plaintext highlighter-rouge">.el7</code> suffix in this example).</p> <p>b. Install a specific version by its fully qualified package name, which is the package name (<code class="language-plaintext highlighter-rouge">docker-ce</code>) plus the version string (2nd column) starting at the first colon (<code class="language-plaintext highlighter-rouge">:</code>), up to the first hyphen, separated by a hyphen (<code class="language-plaintext highlighter-rouge">-</code>). For example, <code class="language-plaintext highlighter-rouge">docker-ce-18.09.1</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum install docker-ce-&lt;VERSION_STRING&gt; docker-ce-cli-&lt;VERSION_STRING&gt; containerd.io docker-compose-plugin
+</pre></div>  <p>This command installs Docker, but it doesn’t start Docker. It also creates a <code class="language-plaintext highlighter-rouge">docker</code> group, however, it doesn’t add any users to the group by default.</p> </li> <li> <p>Start Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl start docker
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>This installs and runs Docker Engine. Use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Linux postinstall</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, follow the <a href="#install-using-the-repository">installation instructions</a>, choosing the new version you want to install.</p> <h3 id="install-from-a-package">Install from a package</h3> <p>If you cannot use Docker’s repository to install Docker, you can download the <code class="language-plaintext highlighter-rouge">.rpm</code> file for your release and install it manually. You need to download a new file each time you want to upgrade Docker Engine.</p> <ol> <li> <p>Go to <a href="https://download.docker.com/linux/centos/" target="_blank" rel="noopener" class="_">https://download.docker.com/linux/centos/</a> and choose your version of CentOS. Then browse to <code class="language-plaintext highlighter-rouge">x86_64/stable/Packages/</code> and download the <code class="language-plaintext highlighter-rouge">.rpm</code> file for the Docker version you want to install.</p> </li> <li> <p>Install Docker Engine, changing the path below to the path where you downloaded the Docker package.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum install /path/to/package.rpm
+</pre></div>  <p>Docker is installed but not started. The <code class="language-plaintext highlighter-rouge">docker</code> group is created, but no users are added to the group.</p> </li> <li> <p>Start Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl start docker
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>This installs and runs Docker Engine. Use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine-1">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, download the newer package file and repeat the <a href="#install-from-a-package">installation procedure</a>, using <code class="language-plaintext highlighter-rouge">yum -y upgrade</code> instead of <code class="language-plaintext highlighter-rouge">yum -y install</code>, and point to the new file.</p>  <h3 id="install-using-the-convenience-script">Install using the convenience script</h3> <p>Docker provides a convenience script at <a href="https://get.docker.com/">get.docker.com</a> to install Docker into development environments quickly and non-interactively. The convenience script is not recommended for production environments, but can be used as an example to create a provisioning script that is tailored to your needs. Also refer to the <a href="#install-using-the-repository">install using the repository</a> steps to learn about installation steps to install using the package repository. The source code for the script is open source, and can be found in the <a href="https://github.com/docker/docker-install" target="_blank" rel="noopener" class="_"><code class="language-plaintext highlighter-rouge">docker-install</code> repository on GitHub</a>.</p> <p class="warning">Always examine scripts downloaded from the internet before running them locally. Before installing, make yourself familiar with potential risks and limitations of the convenience script:</p> <ul> <li>The script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to run.</li> <li>The script attempts to detect your Linux distribution and version and configure your package management system for you, and does not allow you to customize most installation parameters.</li> <li>The script installs dependencies and recommendations without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.</li> <li>By default, the script installs the latest stable release of Docker, containerd, and runc. When using this script to provision a machine, this may result in unexpected major version upgrades of Docker. Always test (major) upgrades in a test environment before deploying to your production systems.</li> <li>The script is not designed to upgrade an existing Docker installation. When using the script to update an existing installation, dependencies may not be updated to the expected version, causing outdated versions to be used.</li> </ul> <blockquote> <p>Tip: preview script steps before running</p> <p>You can run the script with the <code class="language-plaintext highlighter-rouge">DRY_RUN=1</code> option to learn what steps the script will execute during installation:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ DRY_RUN=1 sh ./get-docker.sh
+</pre></div>  </blockquote> <p>This example downloads the script from <a href="https://get.docker.com/">get.docker.com</a> and runs it to install the latest stable release of Docker on Linux:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ sudo sh get-docker.sh
+Executing docker install script, commit: 7cae5f8b0decc17d6571f9f52eb840fbc13b2737
+&lt;...&gt;
+</pre></div> <p>Docker is installed. The <code class="language-plaintext highlighter-rouge">docker</code> service starts automatically on Debian based distributions. On <code class="language-plaintext highlighter-rouge">RPM</code> based distributions, such as CentOS, Fedora, RHEL or SLES, you need to start it manually using the appropriate <code class="language-plaintext highlighter-rouge">systemctl</code> or <code class="language-plaintext highlighter-rouge">service</code> command. As the message indicates, non-root users cannot run Docker commands by default.</p> <blockquote> <p><strong>Use Docker as a non-privileged user, or install in rootless mode?</strong></p> <p>The installation script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to install and use Docker. If you want to grant non-root users access to Docker, refer to the <a href="../linux-postinstall/index#manage-docker-as-a-non-root-user">post-installation steps for Linux</a>. Docker can also be installed without <code class="language-plaintext highlighter-rouge">root</code> privileges, or configured to run in rootless mode. For instructions on running Docker in rootless mode, refer to <a href="../../security/rootless/index">run the Docker daemon as a non-root user (rootless mode)</a>.</p> </blockquote> <h4 id="install-pre-releases">Install pre-releases</h4> <p>Docker also provides a convenience script at <a href="https://test.docker.com/">test.docker.com</a> to install pre-releases of Docker on Linux. This script is equivalent to the script at <code class="language-plaintext highlighter-rouge">get.docker.com</code>, but configures your package manager to enable the “test” channel from our package repository, which includes both stable and pre-releases (beta versions, release-candidates) of Docker. Use this script to get early access to new releases, and to evaluate them in a testing environment before they are released as stable.</p> <p>To install the latest version of Docker on Linux from the “test” channel, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://test.docker.com -o test-docker.sh
+$ sudo sh test-docker.sh
+&lt;...&gt;
+</pre></div> <h4 id="upgrade-docker-after-using-the-convenience-script">Upgrade Docker after using the convenience script</h4> <p>If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.</p> <h2 id="uninstall-docker-engine">Uninstall Docker Engine</h2> <ol> <li> <p>Uninstall the Docker Engine, CLI, Containerd, and Docker Compose packages:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum remove docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  </li> <li> <p>Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo rm -rf /var/lib/docker
+$ sudo rm -rf /var/lib/containerd
+</pre></div>  </li> </ol> <p>You must delete any edited configuration files manually.</p> <h2 id="next-steps">Next steps</h2> <ul> <li>Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a>.</li> <li>Review the topics in <a href="https://docs.docker.com/develop/">Develop with Docker</a> to learn how to build new applications using Docker.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=requirements">requirements</a>, <a href="https://docs.docker.com/search/?q=apt">apt</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=centos">centos</a>, <a href="https://docs.docker.com/search/?q=rpm">rpm</a>, <a href="https://docs.docker.com/search/?q=install">install</a>, <a href="https://docs.docker.com/search/?q=uninstall">uninstall</a>, <a href="https://docs.docker.com/search/?q=upgrade">upgrade</a>, <a href="https://docs.docker.com/search/?q=update">update</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/install/centos/" class="_attribution-link">https://docs.docker.com/engine/install/centos/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Finstall%2Fdebian%2Findex.html b/devdocs/docker/engine%2Finstall%2Fdebian%2Findex.html
new file mode 100644
index 00000000..6e8eef64
--- /dev/null
+++ b/devdocs/docker/engine%2Finstall%2Fdebian%2Findex.html
@@ -0,0 +1,47 @@
+<h1>Install Docker Engine on Debian</h1>
+
+<p>To get started with Docker Engine on Debian, make sure you <a href="#prerequisites">meet the prerequisites</a>, then <a href="#installation-methods">install Docker</a>.</p> <h2 id="prerequisites">Prerequisites</h2> <h3 id="os-requirements">OS requirements</h3> <p>To install Docker Engine, you need the 64-bit version of one of these Debian or Raspbian versions:</p> <ul> <li>Debian Bullseye 11 (stable)</li> <li>Debian Buster 10 (oldstable)</li> <li>Raspbian Bullseye 11 (stable)</li> <li>Raspbian Buster 10 (oldstable)</li> </ul> <p>Docker Engine is supported on <code class="language-plaintext highlighter-rouge">x86_64</code> (or <code class="language-plaintext highlighter-rouge">amd64</code>), <code class="language-plaintext highlighter-rouge">armhf</code>, and <code class="language-plaintext highlighter-rouge">arm64</code> architectures.</p> <h3 id="uninstall-old-versions">Uninstall old versions</h3> <p>Older versions of Docker were called <code class="language-plaintext highlighter-rouge">docker</code>, <code class="language-plaintext highlighter-rouge">docker.io</code>, or <code class="language-plaintext highlighter-rouge">docker-engine</code>. If these are installed, uninstall them:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get remove docker docker-engine docker.io containerd runc
+</pre></div> <p>It’s OK if <code class="language-plaintext highlighter-rouge">apt-get</code> reports that none of these packages are installed.</p> <p>The contents of <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code>, including images, containers, volumes, and networks, are preserved. If you do not need to save your existing data, and want to start with a clean installation, refer to the <a href="#uninstall-docker-engine">uninstall Docker Engine</a> section at the bottom of this page.</p> <h2 id="installation-methods">Installation methods</h2> <p>You can install Docker Engine in different ways, depending on your needs:</p> <ul> <li> <p>Most users <a href="#install-using-the-repository">set up Docker’s repositories</a> and install from them, for ease of installation and upgrade tasks. This is the recommended approach, except for Raspbian.</p> </li> <li> <p>Some users download the DEB package and <a href="#install-from-a-package">install it manually</a> and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.</p> </li> <li> <p>In testing and development environments, some users choose to use automated <a href="#install-using-the-convenience-script">convenience scripts</a> to install Docker. This is currently the only approach for Raspbian.</p> </li> </ul> <h3 id="install-using-the-repository">Install using the repository</h3> <p>Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.</p> <blockquote> <p><strong>Raspbian users cannot use this method!</strong></p> <p>For Raspbian, installing using the repository is not yet supported. You must instead use the <a href="#install-using-the-convenience-script">convenience script</a>.</p> </blockquote> <h4 id="set-up-the-repository">Set up the repository</h4> <ol> <li> <p>Update the <code class="language-plaintext highlighter-rouge">apt</code> package index and install packages to allow <code class="language-plaintext highlighter-rouge">apt</code> to use a repository over HTTPS:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get update
+
+$ sudo apt-get install \
+    ca-certificates \
+    curl \
+    gnupg \
+    lsb-release
+</pre></div>  </li> <li> <p>Add Docker’s official GPG key:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo mkdir -p /etc/apt/keyrings
+$ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+</pre></div>  </li> <li> <p>Use the following command to set up the repository:</p> <div class="highlight"><pre class="highlight" data-language="">$ echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
+  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list &gt; /dev/null
+</pre></div>  </li> </ol> <h4 id="install-docker-engine">Install Docker Engine</h4> <p>This procedure works for Debian on <code class="language-plaintext highlighter-rouge">x86_64</code> / <code class="language-plaintext highlighter-rouge">amd64</code>, <code class="language-plaintext highlighter-rouge">armhf</code>, <code class="language-plaintext highlighter-rouge">arm64</code>, and Raspbian.</p> <ol> <li> <p>Update the <code class="language-plaintext highlighter-rouge">apt</code> package index, and install the <em>latest version</em> of Docker Engine, containerd, and Docker Compose, or go to the next step to install a specific version:</p> <div class="highlight"><pre class="highlight" data-language=""> $ sudo apt-get update
+ $ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  <blockquote> <p>Receiving a GPG error when running <code class="language-plaintext highlighter-rouge">apt-get update</code>?</p> <p>Your default umask may not be set correctly, causing the public key file for the repo to not be detected. Run the following command and then try to update your repo again: <code class="language-plaintext highlighter-rouge">sudo chmod a+r /etc/apt/keyrings/docker.gpg</code>.</p> </blockquote> </li> <li> <p>To install a <em>specific version</em> of Docker Engine, list the available versions in the repo, then select and install:</p> <p>a. List the versions available in your repo:</p> <div class="highlight"><pre class="highlight" data-language="">$ apt-cache madison docker-ce
+
+  docker-ce | 5:18.09.1~3-0~debian-stretch | https://download.docker.com/linux/debian stretch/stable amd64 Packages
+  docker-ce | 5:18.09.0~3-0~debian-stretch | https://download.docker.com/linux/debian stretch/stable amd64 Packages
+  docker-ce | 18.06.1~ce~3-0~debian        | https://download.docker.com/linux/debian stretch/stable amd64 Packages
+  docker-ce | 18.06.0~ce~3-0~debian        | https://download.docker.com/linux/debian stretch/stable amd64 Packages
+</pre></div>  <p>b. Install a specific version using the version string from the second column, for example, <code class="language-plaintext highlighter-rouge">5:18.09.1~3-0~debian-stretch</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get install docker-ce=&lt;VERSION_STRING&gt; docker-ce-cli=&lt;VERSION_STRING&gt; containerd.io docker-compose-plugin
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>Docker Engine is installed and running. The <code class="language-plaintext highlighter-rouge">docker</code> group is created but no users are added to it. You need to use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Linux postinstall</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, first run <code class="language-plaintext highlighter-rouge">sudo apt-get update</code>, then follow the <a href="#install-using-the-repository">installation instructions</a>, choosing the new version you want to install.</p> <h3 id="install-from-a-package">Install from a package</h3> <p>If you cannot use Docker’s repository to install Docker Engine, you can download the <code class="language-plaintext highlighter-rouge">.deb</code> file for your release and install it manually. You need to download a new file each time you want to upgrade Docker.</p> <ol> <li> <p>Go to <a href="https://download.docker.com/linux/debian/dists/" target="_blank" rel="noopener" class="_"><code class="language-plaintext highlighter-rouge">https://download.docker.com/linux/debian/dists/</code></a>, choose your Debian version, then browse to <code class="language-plaintext highlighter-rouge">pool/stable/</code>, choose <code class="language-plaintext highlighter-rouge">amd64</code>, <code class="language-plaintext highlighter-rouge">armhf</code>, or <code class="language-plaintext highlighter-rouge">arm64</code>, and download the <code class="language-plaintext highlighter-rouge">.deb</code> file for the Docker Engine version you want to install.</p> </li> <li> <p>Install Docker Engine, changing the path below to the path where you downloaded the Docker package.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dpkg -i /path/to/package.deb
+</pre></div>  <p>The Docker daemon starts automatically.</p> </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>Docker Engine is installed and running. The <code class="language-plaintext highlighter-rouge">docker</code> group is created but no users are added to it. You need to use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine-1">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, download the newer package file and repeat the <a href="#install-from-a-package">installation procedure</a>, pointing to the new file.</p>  <h3 id="install-using-the-convenience-script">Install using the convenience script</h3> <p>Docker provides a convenience script at <a href="https://get.docker.com/">get.docker.com</a> to install Docker into development environments quickly and non-interactively. The convenience script is not recommended for production environments, but can be used as an example to create a provisioning script that is tailored to your needs. Also refer to the <a href="#install-using-the-repository">install using the repository</a> steps to learn about installation steps to install using the package repository. The source code for the script is open source, and can be found in the <a href="https://github.com/docker/docker-install" target="_blank" rel="noopener" class="_"><code class="language-plaintext highlighter-rouge">docker-install</code> repository on GitHub</a>.</p> <p class="warning">Always examine scripts downloaded from the internet before running them locally. Before installing, make yourself familiar with potential risks and limitations of the convenience script:</p> <ul> <li>The script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to run.</li> <li>The script attempts to detect your Linux distribution and version and configure your package management system for you, and does not allow you to customize most installation parameters.</li> <li>The script installs dependencies and recommendations without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.</li> <li>By default, the script installs the latest stable release of Docker, containerd, and runc. When using this script to provision a machine, this may result in unexpected major version upgrades of Docker. Always test (major) upgrades in a test environment before deploying to your production systems.</li> <li>The script is not designed to upgrade an existing Docker installation. When using the script to update an existing installation, dependencies may not be updated to the expected version, causing outdated versions to be used.</li> </ul> <blockquote> <p>Tip: preview script steps before running</p> <p>You can run the script with the <code class="language-plaintext highlighter-rouge">DRY_RUN=1</code> option to learn what steps the script will execute during installation:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ DRY_RUN=1 sh ./get-docker.sh
+</pre></div>  </blockquote> <p>This example downloads the script from <a href="https://get.docker.com/">get.docker.com</a> and runs it to install the latest stable release of Docker on Linux:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ sudo sh get-docker.sh
+Executing docker install script, commit: 7cae5f8b0decc17d6571f9f52eb840fbc13b2737
+&lt;...&gt;
+</pre></div> <p>Docker is installed. The <code class="language-plaintext highlighter-rouge">docker</code> service starts automatically on Debian based distributions. On <code class="language-plaintext highlighter-rouge">RPM</code> based distributions, such as CentOS, Fedora, RHEL or SLES, you need to start it manually using the appropriate <code class="language-plaintext highlighter-rouge">systemctl</code> or <code class="language-plaintext highlighter-rouge">service</code> command. As the message indicates, non-root users cannot run Docker commands by default.</p> <blockquote> <p><strong>Use Docker as a non-privileged user, or install in rootless mode?</strong></p> <p>The installation script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to install and use Docker. If you want to grant non-root users access to Docker, refer to the <a href="../linux-postinstall/index#manage-docker-as-a-non-root-user">post-installation steps for Linux</a>. Docker can also be installed without <code class="language-plaintext highlighter-rouge">root</code> privileges, or configured to run in rootless mode. For instructions on running Docker in rootless mode, refer to <a href="../../security/rootless/index">run the Docker daemon as a non-root user (rootless mode)</a>.</p> </blockquote> <h4 id="install-pre-releases">Install pre-releases</h4> <p>Docker also provides a convenience script at <a href="https://test.docker.com/">test.docker.com</a> to install pre-releases of Docker on Linux. This script is equivalent to the script at <code class="language-plaintext highlighter-rouge">get.docker.com</code>, but configures your package manager to enable the “test” channel from our package repository, which includes both stable and pre-releases (beta versions, release-candidates) of Docker. Use this script to get early access to new releases, and to evaluate them in a testing environment before they are released as stable.</p> <p>To install the latest version of Docker on Linux from the “test” channel, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://test.docker.com -o test-docker.sh
+$ sudo sh test-docker.sh
+&lt;...&gt;
+</pre></div> <h4 id="upgrade-docker-after-using-the-convenience-script">Upgrade Docker after using the convenience script</h4> <p>If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.</p> <h2 id="uninstall-docker-engine">Uninstall Docker Engine</h2> <ol> <li> <p>Uninstall the Docker Engine, CLI, Containerd, and Docker Compose packages:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  </li> <li> <p>Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo rm -rf /var/lib/docker
+$ sudo rm -rf /var/lib/containerd
+</pre></div>  </li> </ol> <p>You must delete any edited configuration files manually.</p> <h2 id="next-steps">Next steps</h2> <ul> <li>Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a>.</li> <li>Review the topics in <a href="https://docs.docker.com/develop/">Develop with Docker</a> to learn how to build new applications using Docker.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=requirements">requirements</a>, <a href="https://docs.docker.com/search/?q=apt">apt</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=debian">debian</a>, <a href="https://docs.docker.com/search/?q=install">install</a>, <a href="https://docs.docker.com/search/?q=uninstall">uninstall</a>, <a href="https://docs.docker.com/search/?q=upgrade">upgrade</a>, <a href="https://docs.docker.com/search/?q=update">update</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/install/debian/" class="_attribution-link">https://docs.docker.com/engine/install/debian/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Finstall%2Ffedora%2Findex.html b/devdocs/docker/engine%2Finstall%2Ffedora%2Findex.html
new file mode 100644
index 00000000..c2f6e0db
--- /dev/null
+++ b/devdocs/docker/engine%2Finstall%2Ffedora%2Findex.html
@@ -0,0 +1,50 @@
+<h1>Install Docker Engine on Fedora</h1>
+
+<p>To get started with Docker Engine on Fedora, make sure you <a href="#prerequisites">meet the prerequisites</a>, then <a href="#installation-methods">install Docker</a>.</p> <h2 id="prerequisites">Prerequisites</h2> <h3 id="os-requirements">OS requirements</h3> <p>To install Docker Engine, you need the 64-bit version of one of these Fedora versions:</p> <ul> <li>Fedora 34</li> <li>Fedora 35</li> <li>Fedora 36</li> </ul> <h3 id="uninstall-old-versions">Uninstall old versions</h3> <p>Older versions of Docker were called <code class="language-plaintext highlighter-rouge">docker</code> or <code class="language-plaintext highlighter-rouge">docker-engine</code>. If these are installed, uninstall them, along with associated dependencies.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dnf remove docker \
+                  docker-client \
+                  docker-client-latest \
+                  docker-common \
+                  docker-latest \
+                  docker-latest-logrotate \
+                  docker-logrotate \
+                  docker-selinux \
+                  docker-engine-selinux \
+                  docker-engine
+</pre></div> <p>It’s OK if <code class="language-plaintext highlighter-rouge">dnf</code> reports that none of these packages are installed.</p> <p>The contents of <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code>, including images, containers, volumes, and networks, are preserved. The Docker Engine package is now called <code class="language-plaintext highlighter-rouge">docker-ce</code>.</p> <h2 id="installation-methods">Installation methods</h2> <p>You can install Docker Engine in different ways, depending on your needs:</p> <ul> <li> <p>Most users <a href="#install-using-the-repository">set up Docker’s repositories</a> and install from them, for ease of installation and upgrade tasks. This is the recommended approach.</p> </li> <li> <p>Some users download the RPM package and <a href="#install-from-a-package">install it manually</a> and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.</p> </li> <li> <p>In testing and development environments, some users choose to use automated <a href="#install-using-the-convenience-script">convenience scripts</a> to install Docker.</p> </li> </ul> <h3 id="install-using-the-repository">Install using the repository</h3> <p>Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.</p> <h4 id="set-up-the-repository">Set up the repository</h4> <p>Install the <code class="language-plaintext highlighter-rouge">dnf-plugins-core</code> package (which provides the commands to manage your DNF repositories) and set up the repository.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dnf -y install dnf-plugins-core
+
+$ sudo dnf config-manager \
+    --add-repo \
+    https://download.docker.com/linux/fedora/docker-ce.repo
+</pre></div> <h4 id="install-docker-engine">Install Docker Engine</h4> <ol> <li> <p>Install the <em>latest version</em> of Docker Engine, containerd, and Docker Compose or go to the next step to install a specific version:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dnf install docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  <p>If prompted to accept the GPG key, verify that the fingerprint matches <code class="language-plaintext highlighter-rouge">060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35</code>, and if so, accept it.</p> <p>This command installs Docker, but it doesn’t start Docker. It also creates a <code class="language-plaintext highlighter-rouge">docker</code> group, however, it doesn’t add any users to the group by default.</p> </li> <li> <p>To install a <em>specific version</em> of Docker Engine, list the available versions in the repo, then select and install:</p> <p>a. List and sort the versions available in your repo. This example sorts results by version number, highest to lowest, and is truncated:</p> <div class="highlight"><pre class="highlight" data-language="">$ dnf list docker-ce  --showduplicates | sort -r
+
+docker-ce.x86_64  3:18.09.1-3.fc28                 docker-ce-stable
+docker-ce.x86_64  3:18.09.0-3.fc28                 docker-ce-stable
+docker-ce.x86_64  18.06.1.ce-3.fc28                docker-ce-stable
+docker-ce.x86_64  18.06.0.ce-3.fc28                docker-ce-stable
+</pre></div>  <p>The list returned depends on which repositories are enabled, and is specific to your version of Fedora (indicated by the <code class="language-plaintext highlighter-rouge">.fc28</code> suffix in this example).</p> <p>b. Install a specific version by its fully qualified package name, which is the package name (<code class="language-plaintext highlighter-rouge">docker-ce</code>) plus the version string (2nd column) up to the first hyphen, separated by a hyphen (<code class="language-plaintext highlighter-rouge">-</code>), for example, <code class="language-plaintext highlighter-rouge">docker-ce-3:18.09.1</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dnf -y install docker-ce-&lt;VERSION_STRING&gt; docker-ce-cli-&lt;VERSION_STRING&gt; containerd.io docker-compose-plugin
+</pre></div>  <p>This command installs Docker, but it doesn’t start Docker. It also creates a <code class="language-plaintext highlighter-rouge">docker</code> group, however, it doesn’t add any users to the group by default.</p> </li> <li> <p>Start Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl start docker
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>This installs and runs Docker Engine. Use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Linux postinstall</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, follow the <a href="#install-using-the-repository">installation instructions</a>, choosing the new version you want to install.</p> <h3 id="install-from-a-package">Install from a package</h3> <p>If you cannot use Docker’s repository to install Docker, you can download the <code class="language-plaintext highlighter-rouge">.rpm</code> file for your release and install it manually. You need to download a new file each time you want to upgrade Docker Engine.</p> <ol> <li> <p>Go to <a href="https://download.docker.com/linux/fedora/" target="_blank" rel="noopener" class="_">https://download.docker.com/linux/fedora/</a> and choose your version of Fedora. Then browse to <code class="language-plaintext highlighter-rouge">x86_64/stable/Packages/</code> and download the <code class="language-plaintext highlighter-rouge">.rpm</code> file for the Docker version you want to install.</p> </li> <li> <p>Install Docker Engine, changing the path below to the path where you downloaded the Docker package.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dnf -y install /path/to/package.rpm
+</pre></div>  <p>Docker is installed but not started. The <code class="language-plaintext highlighter-rouge">docker</code> group is created, but no users are added to the group.</p> </li> <li> <p>Start Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl start docker
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>This installs and runs Docker Engine. Use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine-1">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, download the newer package file and repeat the <a href="#install-from-a-package">installation procedure</a>, using <code class="language-plaintext highlighter-rouge">dnf -y upgrade</code> instead of <code class="language-plaintext highlighter-rouge">dnf -y install</code>, and point to the new file.</p>  <h3 id="install-using-the-convenience-script">Install using the convenience script</h3> <p>Docker provides a convenience script at <a href="https://get.docker.com/">get.docker.com</a> to install Docker into development environments quickly and non-interactively. The convenience script is not recommended for production environments, but can be used as an example to create a provisioning script that is tailored to your needs. Also refer to the <a href="#install-using-the-repository">install using the repository</a> steps to learn about installation steps to install using the package repository. The source code for the script is open source, and can be found in the <a href="https://github.com/docker/docker-install" target="_blank" rel="noopener" class="_"><code class="language-plaintext highlighter-rouge">docker-install</code> repository on GitHub</a>.</p> <p class="warning">Always examine scripts downloaded from the internet before running them locally. Before installing, make yourself familiar with potential risks and limitations of the convenience script:</p> <ul> <li>The script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to run.</li> <li>The script attempts to detect your Linux distribution and version and configure your package management system for you, and does not allow you to customize most installation parameters.</li> <li>The script installs dependencies and recommendations without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.</li> <li>By default, the script installs the latest stable release of Docker, containerd, and runc. When using this script to provision a machine, this may result in unexpected major version upgrades of Docker. Always test (major) upgrades in a test environment before deploying to your production systems.</li> <li>The script is not designed to upgrade an existing Docker installation. When using the script to update an existing installation, dependencies may not be updated to the expected version, causing outdated versions to be used.</li> </ul> <blockquote> <p>Tip: preview script steps before running</p> <p>You can run the script with the <code class="language-plaintext highlighter-rouge">DRY_RUN=1</code> option to learn what steps the script will execute during installation:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ DRY_RUN=1 sh ./get-docker.sh
+</pre></div>  </blockquote> <p>This example downloads the script from <a href="https://get.docker.com/">get.docker.com</a> and runs it to install the latest stable release of Docker on Linux:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ sudo sh get-docker.sh
+Executing docker install script, commit: 7cae5f8b0decc17d6571f9f52eb840fbc13b2737
+&lt;...&gt;
+</pre></div> <p>Docker is installed. The <code class="language-plaintext highlighter-rouge">docker</code> service starts automatically on Debian based distributions. On <code class="language-plaintext highlighter-rouge">RPM</code> based distributions, such as CentOS, Fedora, RHEL or SLES, you need to start it manually using the appropriate <code class="language-plaintext highlighter-rouge">systemctl</code> or <code class="language-plaintext highlighter-rouge">service</code> command. As the message indicates, non-root users cannot run Docker commands by default.</p> <blockquote> <p><strong>Use Docker as a non-privileged user, or install in rootless mode?</strong></p> <p>The installation script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to install and use Docker. If you want to grant non-root users access to Docker, refer to the <a href="../linux-postinstall/index#manage-docker-as-a-non-root-user">post-installation steps for Linux</a>. Docker can also be installed without <code class="language-plaintext highlighter-rouge">root</code> privileges, or configured to run in rootless mode. For instructions on running Docker in rootless mode, refer to <a href="../../security/rootless/index">run the Docker daemon as a non-root user (rootless mode)</a>.</p> </blockquote> <h4 id="install-pre-releases">Install pre-releases</h4> <p>Docker also provides a convenience script at <a href="https://test.docker.com/">test.docker.com</a> to install pre-releases of Docker on Linux. This script is equivalent to the script at <code class="language-plaintext highlighter-rouge">get.docker.com</code>, but configures your package manager to enable the “test” channel from our package repository, which includes both stable and pre-releases (beta versions, release-candidates) of Docker. Use this script to get early access to new releases, and to evaluate them in a testing environment before they are released as stable.</p> <p>To install the latest version of Docker on Linux from the “test” channel, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://test.docker.com -o test-docker.sh
+$ sudo sh test-docker.sh
+&lt;...&gt;
+</pre></div> <h4 id="upgrade-docker-after-using-the-convenience-script">Upgrade Docker after using the convenience script</h4> <p>If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.</p> <h2 id="uninstall-docker-engine">Uninstall Docker Engine</h2> <ol> <li> <p>Uninstall the Docker Engine, CLI, Containerd, and Docker Compose packages:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dnf remove docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  </li> <li> <p>Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo rm -rf /var/lib/docker
+$ sudo rm -rf /var/lib/containerd
+</pre></div>  </li> </ol> <p>You must delete any edited configuration files manually.</p> <h2 id="next-steps">Next steps</h2> <ul> <li>Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a>.</li> <li>Review the topics in <a href="https://docs.docker.com/develop/">Develop with Docker</a> to learn how to build new applications using Docker.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=requirements">requirements</a>, <a href="https://docs.docker.com/search/?q=apt">apt</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=fedora">fedora</a>, <a href="https://docs.docker.com/search/?q=rpm">rpm</a>, <a href="https://docs.docker.com/search/?q=install">install</a>, <a href="https://docs.docker.com/search/?q=uninstall">uninstall</a>, <a href="https://docs.docker.com/search/?q=upgrade">upgrade</a>, <a href="https://docs.docker.com/search/?q=update">update</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/install/fedora/" class="_attribution-link">https://docs.docker.com/engine/install/fedora/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Finstall%2Findex.html b/devdocs/docker/engine%2Finstall%2Findex.html
new file mode 100644
index 00000000..246d0d39
--- /dev/null
+++ b/devdocs/docker/engine%2Finstall%2Findex.html
@@ -0,0 +1,10 @@
+<h1>Install Docker Engine</h1>
+
+<blockquote class="important"> <p><strong>Docker Desktop for Linux</strong></p> <p>Docker Desktop helps you build, share, and run containers easily on Mac and Windows as you do on Linux. We are excited to share that Docker Desktop for Linux is now GA. For more information, see <a href="https://docs.docker.com/desktop/linux/install/">Docker Desktop for Linux</a>.</p> </blockquote> <h2 id="supported-platforms">Supported platforms</h2> <p>Docker Engine is available on a variety of <a href="https://docs.docker.com/desktop/linux/install/">Linux platforms</a>, <a href="https://docs.docker.com/desktop/mac/install/">macOS</a> and <a href="https://docs.docker.com/desktop/windows/install/">Windows 10</a> through Docker Desktop, and as a <a href="binaries/index">static binary installation</a>. Find your preferred operating system below.</p> <h3 id="desktop">Desktop</h3> <table> <thead> <tr> <th style="text-align: left">Platform</th> <th style="text-align: center">x86_64 / amd64</th> <th style="text-align: center">arm64 (Apple Silicon)</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="https://docs.docker.com/desktop/linux/install/">Docker Desktop for Linux</a></td> <td style="text-align: center"><a href="https://docs.docker.com/desktop/linux/install/"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: center"> </td> </tr> <tr> <td style="text-align: left"><a href="https://docs.docker.com/desktop/mac/install/">Docker Desktop for Mac (macOS)</a></td> <td style="text-align: center"><a href="https://docs.docker.com/desktop/mac/install/"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: center"><a href="https://docs.docker.com/desktop/mac/install/"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> </tr> <tr> <td style="text-align: left"><a href="https://docs.docker.com/desktop/windows/install/">Docker Desktop for Windows</a></td> <td style="text-align: center"><a href="https://docs.docker.com/desktop/windows/install/"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: center"> </td> </tr> </tbody> </table> <h3 id="server">Server</h3> <p>Docker provides <code class="language-plaintext highlighter-rouge">.deb</code> and <code class="language-plaintext highlighter-rouge">.rpm</code> packages from the following Linux distributions and architectures:</p> <table> <thead> <tr> <th style="text-align: left">Platform</th> <th style="text-align: left">x86_64 / amd64</th> <th style="text-align: left">arm64 / aarch64</th> <th style="text-align: left">arm (32-bit)</th> <th style="text-align: left">s390x</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="centos/index">CentOS</a></td> <td style="text-align: left"><a href="centos/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"><a href="centos/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"> </td> <td style="text-align: left"> </td> </tr> <tr> <td style="text-align: left"><a href="debian/index">Debian</a></td> <td style="text-align: left"><a href="debian/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"><a href="debian/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"><a href="debian/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"> </td> </tr> <tr> <td style="text-align: left"><a href="fedora/index">Fedora</a></td> <td style="text-align: left"><a href="fedora/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"><a href="fedora/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"> </td> <td style="text-align: left"> </td> </tr> <tr> <td style="text-align: left"><a href="debian/index">Raspbian</a></td> <td style="text-align: left"> </td> <td style="text-align: left"> </td> <td style="text-align: left"><a href="debian/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"> </td> </tr> <tr> <td style="text-align: left"><a href="rhel/index">RHEL</a></td> <td style="text-align: left"> </td> <td style="text-align: left"> </td> <td style="text-align: left"> </td> <td style="text-align: left"><a href="rhel/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> </tr> <tr> <td style="text-align: left"><a href="sles/index">SLES</a></td> <td style="text-align: left"> </td> <td style="text-align: left"> </td> <td style="text-align: left"> </td> <td style="text-align: left"><a href="sles/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> </tr> <tr> <td style="text-align: left"><a href="ubuntu/index">Ubuntu</a></td> <td style="text-align: left"><a href="ubuntu/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"><a href="ubuntu/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"><a href="ubuntu/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"><a href="ubuntu/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> </tr> <tr> <td style="text-align: left"><a href="binaries/index">Binaries</a></td> <td style="text-align: left"><a href="binaries/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"><a href="binaries/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"><a href="binaries/index"><img src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjxzdmcgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0IiB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPgogICAgPCEtLSBHZW5lcmF0b3I6IFNrZXRjaCA0MiAoMzY3ODEpIC0gaHR0cDovL3d3dy5ib2hlbWlhbmNvZGluZy5jb20vc2tldGNoIC0tPgogICAgPHRpdGxlPlJvdW5kIENoZWNrPC90aXRsZT4KICAgIDxkZXNjPkNyZWF0ZWQgd2l0aCBTa2V0Y2guPC9kZXNjPgogICAgPGRlZnM+PC9kZWZzPgogICAgPGcgaWQ9IlN5c3RlbSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPGcgaWQ9IlJvdW5kLUNoZWNrIj4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9Ikljb24tQm91bmRzIiBwb2ludHM9IjAgMCAyNCAwIDI0IDI0IDAgMjQiPjwvcG9seWdvbj4KICAgICAgICAgICAgPGNpcmNsZSBpZD0iT3ZhbCIgZmlsbD0iIzAwQ0JDQSIgY3g9IjEyIiBjeT0iMTIiIHI9IjExIj48L2NpcmNsZT4KICAgICAgICAgICAgPHBvbHlnb24gaWQ9IkNvbWJpbmVkLVNoYXBlIiBmaWxsPSIjRkJGQkZDIiBwb2ludHM9IjcuMDQ1OTk1MDggMTEgNSAxMy4xOTQwNjExIDEwLjEyMTMyMDMgMTcuOTcxMTk0MSAxOC45NzExOTQxIDkuMTIxMzIwMzQgMTYuODQ5ODczNyA3IDEwLjA0OTI3MjQgMTMuODAwNjAxNCI+PC9wb2x5Z29uPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+" alt="yes" class="inline" style="height: 14px; margin: 0 auto"></a></td> <td style="text-align: left"> </td> </tr> </tbody> </table> <h3 id="other-linux-distributions">Other Linux distributions</h3> <blockquote> <p><strong>Note</strong></p> <p>While the instructions below may work, Docker does not test or verify installation on derivatives.</p> </blockquote> <ul> <li>Users of Debian derivatives such as “BunsenLabs Linux”, “Kali Linux” or “LMDE” (Debian-based Mint) should follow the installation instructions for <a href="debian/index">Debian</a>, substituting the version of their distro for the corresponding Debian release. Refer to the documentation of your distro to find which Debian release corresponds with your derivative version.</li> <li>Likewise, users of Ubuntu derivatives such as “Kubuntu”, “Lubuntu” or “Xubuntu” should follow the installation instructions for <a href="ubuntu/index">Ubuntu</a>, substituting the version of their distro for the corresponding Ubuntu release. Refer to the documentation of your distro to find which Ubuntu release corresponds with your derivative version.</li> <li>Some Linux distributions are providing a package of Docker Engine through their package repositories. These packages are built and maintained by the Linux distribution’s package maintainers and may have differences in configuration or built from modified source code. Docker is not involved in releasing these packages and bugs or issues involving these packages should be reported in your Linux distribution’s issue tracker.</li> </ul> <p>Docker provides <a href="binaries/index">binaries</a> for manual installation of Docker Engine. These binaries are statically linked and can be used on any Linux distribution.</p> <h2 id="release-channels">Release channels</h2> <p>Docker Engine has two types of update channels, <strong>stable</strong> and <strong>test</strong>:</p> <ul> <li>The <strong>Stable</strong> channel gives you latest releases for general availability.</li> <li>The <strong>Test</strong> channel gives pre-releases that are ready for testing before general availability (GA).</li> </ul> <h3 id="stable">Stable</h3> <p>Year-month releases are made from a release branch diverged from the master branch. The branch is created with format <code class="language-plaintext highlighter-rouge">&lt;year&gt;.&lt;month&gt;</code>, for example <code class="language-plaintext highlighter-rouge">20.10</code>. The year-month name indicates the earliest possible calendar month to expect the release to be generally available. All further patch releases are performed from that branch. For example, once <code class="language-plaintext highlighter-rouge">v20.10.0</code> is released, all subsequent patch releases are built from the <code class="language-plaintext highlighter-rouge">20.10</code> branch.</p> <h3 id="test">Test</h3> <p>In preparation for a new year-month release, a branch is created from the master branch with format <code class="language-plaintext highlighter-rouge">YY.mm</code> when the milestones desired by Docker for the release have achieved feature-complete. Pre-releases such as betas and release candidates are conducted from their respective release branches. Patch releases and the corresponding pre-releases are performed from within the corresponding release branch.</p> <h2 id="support">Support</h2> <p>Docker Engine releases of a year-month branch are supported with patches as needed for one month after the next year-month general availability release.</p> <p>This means bug reports and backports to release branches are assessed until the end-of-life date.</p> <p>After the year-month branch has reached end-of-life, the branch may be deleted from the repository.</p> <h3 id="backporting">Backporting</h3> <p>Backports to the Docker products are prioritized by the Docker company. A Docker employee or repository maintainer will endeavour to ensure sensible bugfixes make it into <em>active</em> releases.</p> <p>If there are important fixes that ought to be considered for backport to active release branches, be sure to highlight this in the PR description or by adding a comment to the PR.</p> <h3 id="upgrade-path">Upgrade path</h3> <p>Patch releases are always backward compatible with its year-month version.</p> <h3 id="licensing">Licensing</h3> <p>Docker is licensed under the Apache License, Version 2.0. See <a href="https://github.com/moby/moby/blob/master/LICENSE">LICENSE</a> for the full license text.</p> <h2 id="reporting-security-issues">Reporting security issues</h2> <p>The Docker maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!</p> <p>Please DO NOT file a public issue; instead send your report privately to security@docker.com.</p> <p>Security reports are greatly appreciated, and Docker will publicly thank you for it.</p> <h2 id="get-started">Get started</h2> <p>After setting up Docker, you can learn the basics with <a href="../../get-started/index">Getting started with Docker</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=install">install</a>, <a href="https://docs.docker.com/search/?q=Docker%20Engine">Docker Engine</a>, <a href="https://docs.docker.com/search/?q=Docker%20Engine">Docker Engine</a>, <a href="https://docs.docker.com/search/?q=docker%20editions">docker editions</a>, <a href="https://docs.docker.com/search/?q=stable">stable</a>, <a href="https://docs.docker.com/search/?q=edge">edge</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/install/" class="_attribution-link">https://docs.docker.com/engine/install/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Finstall%2Flinux-postinstall%2Findex.html b/devdocs/docker/engine%2Finstall%2Flinux-postinstall%2Findex.html
new file mode 100644
index 00000000..d03224c8
--- /dev/null
+++ b/devdocs/docker/engine%2Finstall%2Flinux-postinstall%2Findex.html
@@ -0,0 +1,76 @@
+<h1>Post-installation steps for Linux</h1>
+
+<p>This section contains optional procedures for configuring Linux hosts to work better with Docker.</p> <h2 id="manage-docker-as-a-non-root-user">Manage Docker as a non-root user</h2> <p>The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user <code class="language-plaintext highlighter-rouge">root</code> and other users can only access it using <code class="language-plaintext highlighter-rouge">sudo</code>. The Docker daemon always runs as the <code class="language-plaintext highlighter-rouge">root</code> user.</p> <p>If you don’t want to preface the <code class="language-plaintext highlighter-rouge">docker</code> command with <code class="language-plaintext highlighter-rouge">sudo</code>, create a Unix group called <code class="language-plaintext highlighter-rouge">docker</code> and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the <code class="language-plaintext highlighter-rouge">docker</code> group.</p> <blockquote class="warning"> <p>Warning</p> <p>The <code class="language-plaintext highlighter-rouge">docker</code> group grants privileges equivalent to the <code class="language-plaintext highlighter-rouge">root</code> user. For details on how this impacts security in your system, see <a href="../../security/index#docker-daemon-attack-surface"><em>Docker Daemon Attack Surface</em></a>.</p> </blockquote> <blockquote> <p><strong>Note</strong>:</p> <p>To run Docker without root privileges, see <a href="../../security/rootless/index">Run the Docker daemon as a non-root user (Rootless mode)</a>.</p> </blockquote> <p>To create the <code class="language-plaintext highlighter-rouge">docker</code> group and add your user:</p> <ol> <li> <p>Create the <code class="language-plaintext highlighter-rouge">docker</code> group.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo groupadd docker
+</pre></div>  </li> <li> <p>Add your user to the <code class="language-plaintext highlighter-rouge">docker</code> group.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo usermod -aG docker $USER
+</pre></div>  </li> <li> <p>Log out and log back in so that your group membership is re-evaluated.</p> <p>If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect.</p> <p>On a desktop Linux environment such as X Windows, log out of your session completely and then log back in.</p> <p>On Linux, you can also run the following command to activate the changes to groups:</p> <div class="highlight"><pre class="highlight" data-language="">$ newgrp docker 
+</pre></div>  </li> <li> <p>Verify that you can run <code class="language-plaintext highlighter-rouge">docker</code> commands without <code class="language-plaintext highlighter-rouge">sudo</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> <p>If you initially ran Docker CLI commands using <code class="language-plaintext highlighter-rouge">sudo</code> before adding your user to the <code class="language-plaintext highlighter-rouge">docker</code> group, you may see the following error, which indicates that your <code class="language-plaintext highlighter-rouge">~/.docker/</code> directory was created with incorrect permissions due to the <code class="language-plaintext highlighter-rouge">sudo</code> commands.</p> <pre>WARNING: Error loading config file: /home/user/.docker/config.json -
+stat /home/user/.docker/config.json: permission denied
+</pre> <p>To fix this problem, either remove the <code class="language-plaintext highlighter-rouge">~/.docker/</code> directory (it is recreated automatically, but any custom settings are lost), or change its ownership and permissions using the following commands:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo chown "$USER":"$USER" /home/"$USER"/.docker -R
+$ sudo chmod g+rwx "$HOME/.docker" -R
+</pre></div>  </li> </ol> <h2 id="configure-docker-to-start-on-boot">Configure Docker to start on boot</h2> <p>Most current Linux distributions (RHEL, CentOS, Fedora, Debian, Ubuntu 16.04 and higher) use <a href="https://docs.docker.com/config/daemon/systemd/"><code class="language-plaintext highlighter-rouge">systemd</code></a> to manage which services start when the system boots. On Debian and Ubuntu, the Docker service is configured to start on boot by default. To automatically start Docker and Containerd on boot for other distros, use the commands below:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl enable docker.service
+$ sudo systemctl enable containerd.service
+</pre></div> <p>To disable this behavior, use <code class="language-plaintext highlighter-rouge">disable</code> instead.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl disable docker.service
+$ sudo systemctl disable containerd.service
+</pre></div> <p>If you need to add an HTTP Proxy, set a different directory or partition for the Docker runtime files, or make other customizations, see <a href="https://docs.docker.com/config/daemon/systemd/">customize your systemd Docker daemon options</a>.</p> <h2 id="use-a-different-storage-engine">Use a different storage engine</h2> <p>For information about the different storage engines, see <a href="https://docs.docker.com/storage/storagedriver/">Storage drivers</a>. The default storage engine and the list of supported storage engines depend on your host’s Linux distribution and available kernel drivers.</p> <h2 id="configure-default-logging-driver">Configure default logging driver</h2> <p>Docker provides the <a href="https://docs.docker.com/config/containers/logging/">capability</a> to collect and view log data from all containers running on a host via a series of logging drivers. The default logging driver, <code class="language-plaintext highlighter-rouge">json-file</code>, writes log data to JSON-formatted files on the host filesystem. Over time, these log files expand in size, leading to potential exhaustion of disk resources.</p> <p>To alleviate such issues, either configure the <code class="language-plaintext highlighter-rouge">json-file</code> logging driver to enable <a href="https://docs.docker.com/config/containers/logging/json-file/">log rotation</a>, use an <a href="https://docs.docker.com/config/containers/logging/configure/#configure-the-default-logging-driver">alternative logging driver</a> such as the <a href="https://docs.docker.com/config/containers/logging/local/">“local” logging driver</a> that performs log rotation by default, or use a logging driver that sends logs to a remote logging aggregator.</p> <h2 id="configure-where-the-docker-daemon-listens-for-connections">Configure where the Docker daemon listens for connections</h2> <p>By default, the Docker daemon listens for connections on a UNIX socket to accept requests from local clients. It is possible to allow Docker to accept requests from remote hosts by configuring it to listen on an IP address and port as well as the UNIX socket. For more detailed information on this configuration option take a look at “Bind Docker to another host/port or a unix socket” section of the <a href="../../reference/commandline/dockerd/index">Docker CLI Reference</a> article.</p> <blockquote class="warning"> <p>Secure your connection</p> <p>Before configuring Docker to accept connections from remote hosts it is critically important that you understand the security implications of opening docker to the network. If steps are not taken to secure the connection, it is possible for remote non-root users to gain root access on the host. For more information on how to use TLS certificates to secure this connection, check this article on <a href="../../security/protect-access/index">how to protect the Docker daemon socket</a>.</p> </blockquote> <p>Configuring Docker to accept remote connections can be done with the <code class="language-plaintext highlighter-rouge">docker.service</code> systemd unit file for Linux distributions using systemd, such as recent versions of RedHat, CentOS, Ubuntu and SLES, or with the <code class="language-plaintext highlighter-rouge">daemon.json</code> file which is recommended for Linux distributions that do not use systemd.</p> <blockquote> <p>systemd vs daemon.json</p> <p>Configuring Docker to listen for connections using both the <code class="language-plaintext highlighter-rouge">systemd</code> unit file and the <code class="language-plaintext highlighter-rouge">daemon.json</code> file causes a conflict that prevents Docker from starting.</p> </blockquote> <h3 id="configuring-remote-access-with-systemd-unit-file">Configuring remote access with <code class="language-plaintext highlighter-rouge">systemd</code> unit file</h3> <ol> <li> <p>Use the command <code class="language-plaintext highlighter-rouge">sudo systemctl edit docker.service</code> to open an override file for <code class="language-plaintext highlighter-rouge">docker.service</code> in a text editor.</p> </li> <li> <p>Add or modify the following lines, substituting your own values.</p> <div class="highlight"><pre class="highlight" data-language="">[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// -H tcp://127.0.0.1:2375
+</pre></div>  </li> <li> <p>Save the file.</p> </li> <li> <p>Reload the <code class="language-plaintext highlighter-rouge">systemctl</code> configuration.</p> <div class="highlight"><pre class="highlight" data-language=""> $ sudo systemctl daemon-reload
+</pre></div>  </li> <li> <p>Restart Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl restart docker.service
+</pre></div>  </li> <li> <p>Check to see whether the change was honored by reviewing the output of <code class="language-plaintext highlighter-rouge">netstat</code> to confirm <code class="language-plaintext highlighter-rouge">dockerd</code> is listening on the configured port.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo netstat -lntp | grep dockerd
+tcp        0      0 127.0.0.1:2375          0.0.0.0:*               LISTEN      3758/dockerd
+</pre></div>  </li> </ol> <h3 id="configuring-remote-access-with-daemonjson">Configuring remote access with <code class="language-plaintext highlighter-rouge">daemon.json</code>
+</h3> <ol> <li> <p>Set the <code class="language-plaintext highlighter-rouge">hosts</code> array in the <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code> to connect to the UNIX socket and an IP address, as follows:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "hosts": ["unix:///var/run/docker.sock", "tcp://127.0.0.1:2375"]
+}
+</pre></div>  </li> <li> <p>Restart Docker.</p> </li> <li> <p>Check to see whether the change was honored by reviewing the output of <code class="language-plaintext highlighter-rouge">netstat</code> to confirm <code class="language-plaintext highlighter-rouge">dockerd</code> is listening on the configured port.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo netstat -lntp | grep dockerd
+tcp        0      0 127.0.0.1:2375          0.0.0.0:*               LISTEN      3758/dockerd
+</pre></div>  </li> </ol> <h2 id="enable-ipv6-on-the-docker-daemon">Enable IPv6 on the Docker daemon</h2> <p>To enable IPv6 on the Docker daemon, see <a href="https://docs.docker.com/config/daemon/ipv6/">Enable IPv6 support</a>.</p> <h2 id="troubleshooting">Troubleshooting</h2> <h3 id="kernel-compatibility">Kernel compatibility</h3> <p>Docker cannot run correctly if your kernel is older than version 3.10 or if it is missing some modules. To check kernel compatibility, you can download and run the <a href="https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh"><code class="language-plaintext highlighter-rouge">check-config.sh</code></a> script.</p> <div class="highlight"><pre class="highlight" data-language="">$ curl https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh &gt; check-config.sh
+
+$ bash ./check-config.sh
+</pre></div> <p>The script only works on Linux, not macOS.</p> <h3 id="cannot-connect-to-the-docker-daemon"><code class="language-plaintext highlighter-rouge">Cannot connect to the Docker daemon</code></h3> <p>If you see an error such as the following, your Docker client may be configured to connect to a Docker daemon on a different host, and that host may not be reachable.</p> <pre data-language="">Cannot connect to the Docker daemon. Is 'docker daemon' running on this host?
+</pre> <p>To see which host your client is configured to connect to, check the value of the <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code> variable in your environment.</p> <div class="highlight"><pre class="highlight" data-language="">$ env | grep DOCKER_HOST
+</pre></div> <p>If this command returns a value, the Docker client is set to connect to a Docker daemon running on that host. If it is unset, the Docker client is set to connect to the Docker daemon running on the local host. If it is set in error, use the following command to unset it:</p> <div class="highlight"><pre class="highlight" data-language="">$ unset DOCKER_HOST
+</pre></div> <p>You may need to edit your environment in files such as <code class="language-plaintext highlighter-rouge">~/.bashrc</code> or <code class="language-plaintext highlighter-rouge">~/.profile</code> to prevent the <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code> variable from being set erroneously.</p> <p>If <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code> is set as intended, verify that the Docker daemon is running on the remote host and that a firewall or network outage is not preventing you from connecting.</p> <h3 id="ip-forwarding-problems">IP forwarding problems</h3> <p>If you manually configure your network using <code class="language-plaintext highlighter-rouge">systemd-network</code> with <code class="language-plaintext highlighter-rouge">systemd</code> version 219 or higher, Docker containers may not be able to access your network. Beginning with <code class="language-plaintext highlighter-rouge">systemd</code> version 220, the forwarding setting for a given network (<code class="language-plaintext highlighter-rouge">net.ipv4.conf.&lt;interface&gt;.forwarding</code>) defaults to <em>off</em>. This setting prevents IP forwarding. It also conflicts with Docker’s behavior of enabling the <code class="language-plaintext highlighter-rouge">net.ipv4.conf.all.forwarding</code> setting within containers.</p> <p>To work around this on RHEL, CentOS, or Fedora, edit the <code class="language-plaintext highlighter-rouge">&lt;interface&gt;.network</code> file in <code class="language-plaintext highlighter-rouge">/usr/lib/systemd/network/</code> on your Docker host (ex: <code class="language-plaintext highlighter-rouge">/usr/lib/systemd/network/80-container-host0.network</code>) and add the following block within the <code class="language-plaintext highlighter-rouge">[Network]</code> section.</p> <div class="highlight"><pre class="highlight" data-language="">[Network]
+...
+IPForward=kernel
+# OR
+IPForward=true
+</pre></div> <p>This configuration allows IP forwarding from the container as expected.</p> <h3 id="dns-resolver-found-in-resolvconf-and-containers-cant-use-it"><code class="language-plaintext highlighter-rouge">DNS resolver found in resolv.conf and containers can't use it</code></h3> <p>Linux systems which use a GUI often have a network manager running, which uses a <code class="language-plaintext highlighter-rouge">dnsmasq</code> instance running on a loopback address such as <code class="language-plaintext highlighter-rouge">127.0.0.1</code> or <code class="language-plaintext highlighter-rouge">127.0.1.1</code> to cache DNS requests, and adds this entry to <code class="language-plaintext highlighter-rouge">/etc/resolv.conf</code>. The <code class="language-plaintext highlighter-rouge">dnsmasq</code> service speeds up DNS look-ups and also provides DHCP services. This configuration does not work within a Docker container which has its own network namespace, because the Docker container resolves loopback addresses such as <code class="language-plaintext highlighter-rouge">127.0.0.1</code> to <strong>itself</strong>, and it is very unlikely to be running a DNS server on its own loopback address.</p> <p>If Docker detects that no DNS server referenced in <code class="language-plaintext highlighter-rouge">/etc/resolv.conf</code> is a fully functional DNS server, the following warning occurs and Docker uses the public DNS servers provided by Google at <code class="language-plaintext highlighter-rouge">8.8.8.8</code> and <code class="language-plaintext highlighter-rouge">8.8.4.4</code> for DNS resolution.</p> <pre data-language="">WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers
+can't use it. Using default external servers : [8.8.8.8 8.8.4.4]
+</pre> <p>If you see this warning, first check to see if you use <code class="language-plaintext highlighter-rouge">dnsmasq</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ ps aux |grep dnsmasq
+</pre></div> <p>If your container needs to resolve hosts which are internal to your network, the public nameservers are not adequate. You have two choices:</p> <ul> <li>You can specify a DNS server for Docker to use, <strong>or</strong>
+</li> <li>You can disable <code class="language-plaintext highlighter-rouge">dnsmasq</code> in NetworkManager. If you do this, NetworkManager adds your true DNS nameserver to <code class="language-plaintext highlighter-rouge">/etc/resolv.conf</code>, but you lose the possible benefits of <code class="language-plaintext highlighter-rouge">dnsmasq</code>.</li> </ul> <p><strong>You only need to use one of these methods.</strong></p> <h3 id="specify-dns-servers-for-docker">Specify DNS servers for Docker</h3> <p>The default location of the configuration file is <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code>. You can change the location of the configuration file using the <code class="language-plaintext highlighter-rouge">--config-file</code> daemon flag. The documentation below assumes the configuration file is located at <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code>.</p> <ol> <li> <p>Create or edit the Docker daemon configuration file, which defaults to <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code> file, which controls the Docker daemon configuration.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo nano /etc/docker/daemon.json
+</pre></div>  </li> <li> <p>Add a <code class="language-plaintext highlighter-rouge">dns</code> key with one or more IP addresses as values. If the file has existing contents, you only need to add or edit the <code class="language-plaintext highlighter-rouge">dns</code> line.</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "dns": ["8.8.8.8", "8.8.4.4"]
+}
+</pre></div>  <p>If your internal DNS server cannot resolve public IP addresses, include at least one DNS server which can, so that you can connect to Docker Hub and so that your containers can resolve internet domain names.</p> <p>Save and close the file.</p> </li> <li> <p>Restart the Docker daemon.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo service docker restart
+</pre></div>  </li> <li> <p>Verify that Docker can resolve external IP addresses by trying to pull an image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pull hello-world
+</pre></div>  </li> <li> <p>If necessary, verify that Docker containers can resolve an internal hostname by pinging it.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --rm -it alpine ping -c4 &lt;my_internal_host&gt;
+
+PING google.com (192.168.1.2): 56 data bytes
+64 bytes from 192.168.1.2: seq=0 ttl=41 time=7.597 ms
+64 bytes from 192.168.1.2: seq=1 ttl=41 time=7.635 ms
+64 bytes from 192.168.1.2: seq=2 ttl=41 time=7.660 ms
+64 bytes from 192.168.1.2: seq=3 ttl=41 time=7.677 ms
+</pre></div>  </li> </ol> <h4 id="disable-dnsmasq">Disable <code class="language-plaintext highlighter-rouge">dnsmasq</code>
+</h4> <h5 id="ubuntu">Ubuntu</h5> <p>If you prefer not to change the Docker daemon’s configuration to use a specific IP address, follow these instructions to disable <code class="language-plaintext highlighter-rouge">dnsmasq</code> in NetworkManager.</p> <ol> <li> <p>Edit the <code class="language-plaintext highlighter-rouge">/etc/NetworkManager/NetworkManager.conf</code> file.</p> </li> <li> <p>Comment out the <code class="language-plaintext highlighter-rouge">dns=dnsmasq</code> line by adding a <code class="language-plaintext highlighter-rouge">#</code> character to the beginning of the line.</p> <pre># dns=dnsmasq
+</pre> <p>Save and close the file.</p> </li> <li> <p>Restart both NetworkManager and Docker. As an alternative, you can reboot your system.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl restart network-manager
+$ sudo systemctl restart docker
+</pre></div>  </li> </ol> <h5 id="rhel-centos-or-fedora">RHEL, CentOS, or Fedora</h5> <p>To disable <code class="language-plaintext highlighter-rouge">dnsmasq</code> on RHEL, CentOS, or Fedora:</p> <ol> <li> <p>Disable the <code class="language-plaintext highlighter-rouge">dnsmasq</code> service:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl stop dnsmasq
+$ sudo systemctl disable dnsmasq
+</pre></div>  </li> <li> <p>Configure the DNS servers manually using the <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html" target="_blank" rel="noopener" class="_">Red Hat documentation</a>.</p> </li> </ol> <h3 id="allow-access-to-the-remote-api-through-a-firewall">Allow access to the remote API through a firewall</h3> <p>If you run a firewall on the same host as you run Docker and you want to access the Docker Remote API from another host and remote access is enabled, you need to configure your firewall to allow incoming connections on the Docker port, which defaults to <code class="language-plaintext highlighter-rouge">2376</code> if TLS encrypted transport is enabled or <code class="language-plaintext highlighter-rouge">2375</code> otherwise.</p> <p>Two common firewall daemons are <a href="https://help.ubuntu.com/community/UFW">UFW (Uncomplicated Firewall)</a> (often used for Ubuntu systems) and <a href="https://firewalld.org">firewalld</a> (often used for RPM-based systems). Consult the documentation for your OS and firewall, but the following information might help you get started. These options are fairly permissive and you may want to use a different configuration that locks your system down more.</p> <ul> <li> <p><strong>UFW</strong>: Set <code class="language-plaintext highlighter-rouge">DEFAULT_FORWARD_POLICY="ACCEPT"</code> in your configuration.</p> </li> <li> <p><strong>firewalld</strong>: Add rules similar to the following to your policy (one for incoming requests and one for outgoing requests). Be sure the interface names and chain names are correct.</p> <div class="highlight"><pre class="highlight" data-language="">&lt;direct&gt;
+  [ &lt;rule ipv="ipv6" table="filter" chain="FORWARD_direct" priority="0"&gt; -i zt0 -j ACCEPT &lt;/rule&gt; ]
+  [ &lt;rule ipv="ipv6" table="filter" chain="FORWARD_direct" priority="0"&gt; -o zt0 -j ACCEPT &lt;/rule&gt; ]
+&lt;/direct&gt;
+</pre></div>  </li> </ul> <h3 id="your-kernel-does-not-support-cgroup-swap-limit-capabilities"><code class="language-plaintext highlighter-rouge">Your kernel does not support cgroup swap limit capabilities</code></h3> <p>On Ubuntu or Debian hosts, You may see messages similar to the following when working with an image.</p> <pre data-language="">WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.
+</pre> <p>This warning does not occur on RPM-based systems, which enable these capabilities by default.</p> <p>If you don’t need these capabilities, you can ignore the warning. You can enable these capabilities on Ubuntu or Debian by following these instructions. Memory and swap accounting incur an overhead of about 1% of the total available memory and a 10% overall performance degradation, even if Docker is not running.</p> <ol> <li> <p>Log into the Ubuntu or Debian host as a user with <code class="language-plaintext highlighter-rouge">sudo</code> privileges.</p> </li> <li> <p>Edit the <code class="language-plaintext highlighter-rouge">/etc/default/grub</code> file. Add or edit the <code class="language-plaintext highlighter-rouge">GRUB_CMDLINE_LINUX</code> line to add the following two key-value pairs:</p> <pre>GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
+</pre> <p>Save and close the file.</p> </li> <li> <p>Update GRUB.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo update-grub
+</pre></div>  <p>If your GRUB configuration file has incorrect syntax, an error occurs. In this case, repeat steps 2 and 3.</p> <p>The changes take effect when the system is rebooted.</p> </li> </ol> <h2 id="next-steps">Next steps</h2> <ul> <li>Take a look at the <a href="../../../get-started/index">Get started</a> training modules to learn how to build an image and run it as a containerized application.</li> <li>Review the topics in <a href="https://docs.docker.com/develop/">Develop with Docker</a> to learn how to build new applications using Docker.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=Docker">Docker</a>, <a href="https://docs.docker.com/search/?q=Docker%20documentation">Docker documentation</a>, <a href="https://docs.docker.com/search/?q=requirements">requirements</a>, <a href="https://docs.docker.com/search/?q=apt">apt</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=ubuntu">ubuntu</a>, <a href="https://docs.docker.com/search/?q=install">install</a>, <a href="https://docs.docker.com/search/?q=uninstall">uninstall</a>, <a href="https://docs.docker.com/search/?q=upgrade">upgrade</a>, <a href="https://docs.docker.com/search/?q=update">update</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/install/linux-postinstall/" class="_attribution-link">https://docs.docker.com/engine/install/linux-postinstall/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Finstall%2Frhel%2Findex.html b/devdocs/docker/engine%2Finstall%2Frhel%2Findex.html
new file mode 100644
index 00000000..d827a5df
--- /dev/null
+++ b/devdocs/docker/engine%2Finstall%2Frhel%2Findex.html
@@ -0,0 +1,49 @@
+<h1>Install Docker Engine on RHEL</h1>
+
+<p>To get started with Docker Engine on RHEL, make sure you <a href="#prerequisites">meet the prerequisites</a>, then <a href="#installation-methods">install Docker</a>.</p> <h2 id="prerequisites">Prerequisites</h2> <blockquote> <p><strong>Note</strong></p> <p>We currently only provide packages for RHEL on s390x (IBM Z). Other architectures are not yet supported for RHEL, but you may be able to install the CentOS packages on RHEL. Refer to the <a href="../centos/index">Install Docker Engine on CentOS</a> page for details.</p> </blockquote> <h3 id="os-requirements">OS requirements</h3> <p>To install Docker Engine, you need a maintained version of RHEL 7 or 8 on s390x (IBM Z). Archived versions aren’t supported or tested.</p> <p>The <code class="language-plaintext highlighter-rouge">overlay2</code> storage driver is recommended.</p> <h3 id="uninstall-old-versions">Uninstall old versions</h3> <p>Older versions of Docker were called <code class="language-plaintext highlighter-rouge">docker</code> or <code class="language-plaintext highlighter-rouge">docker-engine</code>. If these are installed, uninstall them, along with associated dependencies. Also uninstall <code class="language-plaintext highlighter-rouge">Podman</code> and the associated dependencies if installed already.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum remove docker \
+                  docker-client \
+                  docker-client-latest \
+                  docker-common \
+                  docker-latest \
+                  docker-latest-logrotate \
+                  docker-logrotate \
+                  docker-engine \
+                  podman \
+                  runc
+</pre></div> <p>It’s OK if <code class="language-plaintext highlighter-rouge">yum</code> reports that none of these packages are installed.</p> <p>The contents of <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code>, including images, containers, volumes, and networks, are preserved. The Docker Engine package is now called <code class="language-plaintext highlighter-rouge">docker-ce</code>.</p> <h2 id="installation-methods">Installation methods</h2> <p>You can install Docker Engine in different ways, depending on your needs:</p> <ul> <li> <p>Most users <a href="#install-using-the-repository">set up Docker’s repositories</a> and install from them, for ease of installation and upgrade tasks. This is the recommended approach.</p> </li> <li> <p>Some users download the RPM package and <a href="#install-from-a-package">install it manually</a> and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.</p> </li> <li> <p>In testing and development environments, some users choose to use automated <a href="#install-using-the-convenience-script">convenience scripts</a> to install Docker.</p> </li> </ul> <h3 id="install-using-the-repository">Install using the repository</h3> <p>Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.</p> <h4 id="set-up-the-repository">Set up the repository</h4> <p>Install the <code class="language-plaintext highlighter-rouge">yum-utils</code> package (which provides the <code class="language-plaintext highlighter-rouge">yum-config-manager</code> utility) and set up the repository.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum install -y yum-utils
+
+$ sudo yum-config-manager \
+    --add-repo \
+    https://download.docker.com/linux/rhel/docker-ce.repo
+</pre></div> <h4 id="install-docker-engine">Install Docker Engine</h4> <ol> <li> <p>Install the <em>latest version</em> of Docker Engine, containerd, and Docker Compose or go to the next step to install a specific version:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  <p>If prompted to accept the GPG key, verify that the fingerprint matches <code class="language-plaintext highlighter-rouge">060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35</code>, and if so, accept it.</p> <p>This command installs Docker, but it doesn’t start Docker. It also creates a <code class="language-plaintext highlighter-rouge">docker</code> group, however, it doesn’t add any users to the group by default.</p> </li> <li> <p>To install a <em>specific version</em> of Docker Engine, list the available versions in the repo, then select and install:</p> <p>a. List and sort the versions available in your repo. This example sorts results by version number, highest to lowest, and is truncated:</p> <div class="highlight"><pre class="highlight" data-language="">$ yum list docker-ce --showduplicates | sort -r
+
+docker-ce.s390x                3:20.10.8-3.el8                 docker-ce-stable
+docker-ce.s390x                3:20.10.7-3.el8                 docker-ce-stable
+&lt;...&gt;
+</pre></div>  <p>The list returned depends on which repositories are enabled, and is specific to your version of RHEL (indicated by the <code class="language-plaintext highlighter-rouge">.el8</code> suffix in this example).</p> <p>b. Install a specific version by its fully qualified package name, which is the package name (<code class="language-plaintext highlighter-rouge">docker-ce</code>) plus the version string (2nd column) starting at the first colon (<code class="language-plaintext highlighter-rouge">:</code>), up to the first hyphen, separated by a hyphen (<code class="language-plaintext highlighter-rouge">-</code>). For example, <code class="language-plaintext highlighter-rouge">docker-ce-20.10.7</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum install docker-ce-&lt;VERSION_STRING&gt; docker-ce-cli-&lt;VERSION_STRING&gt; containerd.io docker-compose-plugin
+</pre></div>  <p>This command installs Docker, but it doesn’t start Docker. It also creates a <code class="language-plaintext highlighter-rouge">docker</code> group, however, it doesn’t add any users to the group by default.</p> </li> <li> <p>Start Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl start docker
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>This installs and runs Docker Engine. Use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Linux postinstall</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, follow the <a href="#install-using-the-repository">installation instructions</a>, choosing the new version you want to install.</p> <h3 id="install-from-a-package">Install from a package</h3> <p>If you cannot use Docker’s repository to install Docker, you can download the <code class="language-plaintext highlighter-rouge">.rpm</code> file for your release and install it manually. You need to download a new file each time you want to upgrade Docker Engine.</p> <ol> <li> <p>Go to <a href="https://download.docker.com/linux/rhel/" target="_blank" rel="noopener" class="_">https://download.docker.com/linux/rhel/</a> and choose your version of RHEL. Then browse to <code class="language-plaintext highlighter-rouge">s390x/stable/Packages/</code> and download the <code class="language-plaintext highlighter-rouge">.rpm</code> file for the Docker version you want to install.</p> </li> <li> <p>Install Docker Engine, changing the path below to the path where you downloaded the Docker package.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum install /path/to/package.rpm
+</pre></div>  <p>Docker is installed but not started. The <code class="language-plaintext highlighter-rouge">docker</code> group is created, but no users are added to the group.</p> </li> <li> <p>Start Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl start docker
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>This installs and runs Docker Engine. Use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine-1">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, download the newer package file and repeat the <a href="#install-from-a-package">installation procedure</a>, using <code class="language-plaintext highlighter-rouge">yum -y upgrade</code> instead of <code class="language-plaintext highlighter-rouge">yum -y install</code>, and point to the new file.</p>  <h3 id="install-using-the-convenience-script">Install using the convenience script</h3> <p>Docker provides a convenience script at <a href="https://get.docker.com/">get.docker.com</a> to install Docker into development environments quickly and non-interactively. The convenience script is not recommended for production environments, but can be used as an example to create a provisioning script that is tailored to your needs. Also refer to the <a href="#install-using-the-repository">install using the repository</a> steps to learn about installation steps to install using the package repository. The source code for the script is open source, and can be found in the <a href="https://github.com/docker/docker-install" target="_blank" rel="noopener" class="_"><code class="language-plaintext highlighter-rouge">docker-install</code> repository on GitHub</a>.</p> <p class="warning">Always examine scripts downloaded from the internet before running them locally. Before installing, make yourself familiar with potential risks and limitations of the convenience script:</p> <ul> <li>The script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to run.</li> <li>The script attempts to detect your Linux distribution and version and configure your package management system for you, and does not allow you to customize most installation parameters.</li> <li>The script installs dependencies and recommendations without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.</li> <li>By default, the script installs the latest stable release of Docker, containerd, and runc. When using this script to provision a machine, this may result in unexpected major version upgrades of Docker. Always test (major) upgrades in a test environment before deploying to your production systems.</li> <li>The script is not designed to upgrade an existing Docker installation. When using the script to update an existing installation, dependencies may not be updated to the expected version, causing outdated versions to be used.</li> </ul> <blockquote> <p>Tip: preview script steps before running</p> <p>You can run the script with the <code class="language-plaintext highlighter-rouge">DRY_RUN=1</code> option to learn what steps the script will execute during installation:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ DRY_RUN=1 sh ./get-docker.sh
+</pre></div>  </blockquote> <p>This example downloads the script from <a href="https://get.docker.com/">get.docker.com</a> and runs it to install the latest stable release of Docker on Linux:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ sudo sh get-docker.sh
+Executing docker install script, commit: 7cae5f8b0decc17d6571f9f52eb840fbc13b2737
+&lt;...&gt;
+</pre></div> <p>Docker is installed. The <code class="language-plaintext highlighter-rouge">docker</code> service starts automatically on Debian based distributions. On <code class="language-plaintext highlighter-rouge">RPM</code> based distributions, such as CentOS, Fedora, RHEL or SLES, you need to start it manually using the appropriate <code class="language-plaintext highlighter-rouge">systemctl</code> or <code class="language-plaintext highlighter-rouge">service</code> command. As the message indicates, non-root users cannot run Docker commands by default.</p> <blockquote> <p><strong>Use Docker as a non-privileged user, or install in rootless mode?</strong></p> <p>The installation script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to install and use Docker. If you want to grant non-root users access to Docker, refer to the <a href="../linux-postinstall/index#manage-docker-as-a-non-root-user">post-installation steps for Linux</a>. Docker can also be installed without <code class="language-plaintext highlighter-rouge">root</code> privileges, or configured to run in rootless mode. For instructions on running Docker in rootless mode, refer to <a href="../../security/rootless/index">run the Docker daemon as a non-root user (rootless mode)</a>.</p> </blockquote> <h4 id="install-pre-releases">Install pre-releases</h4> <p>Docker also provides a convenience script at <a href="https://test.docker.com/">test.docker.com</a> to install pre-releases of Docker on Linux. This script is equivalent to the script at <code class="language-plaintext highlighter-rouge">get.docker.com</code>, but configures your package manager to enable the “test” channel from our package repository, which includes both stable and pre-releases (beta versions, release-candidates) of Docker. Use this script to get early access to new releases, and to evaluate them in a testing environment before they are released as stable.</p> <p>To install the latest version of Docker on Linux from the “test” channel, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://test.docker.com -o test-docker.sh
+$ sudo sh test-docker.sh
+&lt;...&gt;
+</pre></div> <h4 id="upgrade-docker-after-using-the-convenience-script">Upgrade Docker after using the convenience script</h4> <p>If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.</p> <h2 id="uninstall-docker-engine">Uninstall Docker Engine</h2> <ol> <li> <p>Uninstall the Docker Engine, CLI, Containerd, and Docker Compose packages:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo yum remove docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  </li> <li> <p>Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo rm -rf /var/lib/docker
+$ sudo rm -rf /var/lib/containerd
+</pre></div>  </li> </ol> <p>You must delete any edited configuration files manually.</p> <h2 id="next-steps">Next steps</h2> <ul> <li>Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a>.</li> <li>Review the topics in <a href="https://docs.docker.com/develop/">Develop with Docker</a> to learn how to build new applications using Docker.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=requirements">requirements</a>, <a href="https://docs.docker.com/search/?q=apt">apt</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=rhel">rhel</a>, <a href="https://docs.docker.com/search/?q=rpm">rpm</a>, <a href="https://docs.docker.com/search/?q=install">install</a>, <a href="https://docs.docker.com/search/?q=uninstall">uninstall</a>, <a href="https://docs.docker.com/search/?q=upgrade">upgrade</a>, <a href="https://docs.docker.com/search/?q=update">update</a>, <a href="https://docs.docker.com/search/?q=s390x">s390x</a>, <a href="https://docs.docker.com/search/?q=ibm-z">ibm-z</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/install/rhel/" class="_attribution-link">https://docs.docker.com/engine/install/rhel/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Finstall%2Fsles%2Findex.html b/devdocs/docker/engine%2Finstall%2Fsles%2Findex.html
new file mode 100644
index 00000000..facc0ebb
--- /dev/null
+++ b/devdocs/docker/engine%2Finstall%2Fsles%2Findex.html
@@ -0,0 +1,46 @@
+<h1>Install Docker Engine on SLES</h1>
+
+<p>To get started with Docker Engine on SLES, make sure you <a href="#prerequisites">meet the prerequisites</a>, then <a href="#installation-methods">install Docker</a>.</p> <h2 id="prerequisites">Prerequisites</h2> <blockquote> <p><strong>Note</strong></p> <p>We currently only provide packages for SLES on s390x (IBM Z). Other architectures are not yet supported for SLES.</p> </blockquote> <h3 id="os-requirements">OS requirements</h3> <p>To install Docker Engine, you need a maintained version of SLES 15-SP2 or SLES 15-SP3 on s390x (IBM Z). Archived versions aren’t supported or tested.</p> <p>The <a href="https://scc.suse.com/packages?name=SUSE%20Linux%20Enterprise%20Server&amp;version=15.2&amp;arch=s390x"><code class="language-plaintext highlighter-rouge">SCC SUSE</code></a> repositories must be enabled.</p> <p>The <a href="https://download.opensuse.org/repositories/security">OpenSUSE <code class="language-plaintext highlighter-rouge">SELinux</code> repository</a> must be enabled. This repository is not added by default, and you need to enable it for the version of SLES you are running. Run the following commands to add it:</p> <div class="highlight"><pre class="highlight" data-language="">$ sles_version="$(. /etc/os-release &amp;&amp; echo "${VERSION_ID##*.}")"
+$ opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/SLE_15_SP$sles_version/security:SELinux.repo"
+$ sudo zypper addrepo $opensuse_repo 
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">overlay2</code> storage driver is recommended.</p> <h3 id="uninstall-old-versions">Uninstall old versions</h3> <p>Older versions of Docker were called <code class="language-plaintext highlighter-rouge">docker</code> or <code class="language-plaintext highlighter-rouge">docker-engine</code>. If these are installed, uninstall them, along with associated dependencies.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo zypper remove docker \
+                  docker-client \
+                  docker-client-latest \
+                  docker-common \
+                  docker-latest \
+                  docker-latest-logrotate \
+                  docker-logrotate \
+                  docker-engine \
+                  runc
+</pre></div> <p>It’s OK if <code class="language-plaintext highlighter-rouge">zypper</code> reports that none of these packages are installed.</p> <p>The contents of <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code>, including images, containers, volumes, and networks, are preserved. The Docker Engine package is now called <code class="language-plaintext highlighter-rouge">docker-ce</code>.</p> <h2 id="installation-methods">Installation methods</h2> <p>You can install Docker Engine in different ways, depending on your needs:</p> <ul> <li> <p>Most users <a href="#install-using-the-repository">set up Docker’s repositories</a> and install from them, for ease of installation and upgrade tasks. This is the recommended approach.</p> </li> <li> <p>Some users download the RPM package and <a href="#install-from-a-package">install it manually</a> and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.</p> </li> <li> <p>In testing and development environments, some users choose to use automated <a href="#install-using-the-convenience-script">convenience scripts</a> to install Docker.</p> </li> </ul> <h3 id="install-using-the-repository">Install using the repository</h3> <p>Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.</p> <h4 id="set-up-the-repository">Set up the repository</h4> <p>Set up the repository.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo zypper addrepo https://download.docker.com/linux/sles/docker-ce.repo
+</pre></div> <h4 id="install-docker-engine">Install Docker Engine</h4> <ol> <li> <p>Install the <em>latest version</em> of Docker Engine, containerd, and Docker Compose or go to the next step to install a specific version:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo zypper install docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  <p>If prompted to accept the GPG key, verify that the fingerprint matches <code class="language-plaintext highlighter-rouge">060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35</code>, and if so, accept it.</p> <p>This command installs Docker, but it doesn’t start Docker. It also creates a <code class="language-plaintext highlighter-rouge">docker</code> group, however, it doesn’t add any users to the group by default.</p> </li> <li> <p>To install a <em>specific version</em> of Docker Engine, list the available versions in the repo, then select and install:</p> <p>a. List and sort the versions available in your repo. This example sorts results by version number, highest to lowest, and is truncated:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo zypper search -s --match-exact docker-ce | sort -r
+    
+  v  | docker-ce | package | 3:20.10.8-3 | s390x | Docker CE Stable - s390x
+  v  | docker-ce | package | 3:20.10.7-3 | s390x | Docker CE Stable - s390x
+</pre></div>  <p>The list returned depends on which repositories are enabled, and is specific to your version of SLES.</p> <p>b. Install a specific version by its fully qualified package name, which is the package name (<code class="language-plaintext highlighter-rouge">docker-ce</code>) plus the version string (fourth column), separated by a hyphen (<code class="language-plaintext highlighter-rouge">-</code>). For example, <code class="language-plaintext highlighter-rouge">docker-ce-3:20.10.8</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo zypper install docker-ce-&lt;VERSION_STRING&gt; docker-ce-cli-&lt;VERSION_STRING&gt; containerd.io docker-compose-plugin
+</pre></div>  <p>This command installs Docker, but it doesn’t start Docker. It also creates a <code class="language-plaintext highlighter-rouge">docker</code> group, however, it doesn’t add any users to the group by default.</p> </li> <li> <p>Start Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl start docker
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>This installs and runs Docker Engine. Use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Linux postinstall</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, follow the <a href="#install-using-the-repository">installation instructions</a>, choosing the new version you want to install.</p> <h3 id="install-from-a-package">Install from a package</h3> <p>If you cannot use Docker’s repository to install Docker, you can download the <code class="language-plaintext highlighter-rouge">.rpm</code> file for your release and install it manually. You need to download a new file each time you want to upgrade Docker Engine.</p> <ol> <li> <p>Go to <a href="https://download.docker.com/linux/sles/" target="_blank" rel="noopener" class="_">https://download.docker.com/linux/sles/</a> and choose your version of SLES. Then browse to <code class="language-plaintext highlighter-rouge">15/s390x/stable/Packages/</code> and download the <code class="language-plaintext highlighter-rouge">.rpm</code> file for the Docker version you want to install.</p> </li> <li> <p>Install Docker Engine, changing the path below to the path where you downloaded the Docker package.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo zypper install /path/to/package.rpm
+</pre></div>  <p>Docker is installed but not started. The <code class="language-plaintext highlighter-rouge">docker</code> group is created, but no users are added to the group.</p> </li> <li> <p>Start Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo systemctl start docker
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>This installs and runs Docker Engine. Use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine-1">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, download the newer package file and repeat the <a href="#install-from-a-package">installation procedure</a>, using <code class="language-plaintext highlighter-rouge">zypper -y upgrade</code> instead of <code class="language-plaintext highlighter-rouge">zypper -y install</code>, and point to the new file.</p>  <h3 id="install-using-the-convenience-script">Install using the convenience script</h3> <p>Docker provides a convenience script at <a href="https://get.docker.com/">get.docker.com</a> to install Docker into development environments quickly and non-interactively. The convenience script is not recommended for production environments, but can be used as an example to create a provisioning script that is tailored to your needs. Also refer to the <a href="#install-using-the-repository">install using the repository</a> steps to learn about installation steps to install using the package repository. The source code for the script is open source, and can be found in the <a href="https://github.com/docker/docker-install" target="_blank" rel="noopener" class="_"><code class="language-plaintext highlighter-rouge">docker-install</code> repository on GitHub</a>.</p> <p class="warning">Always examine scripts downloaded from the internet before running them locally. Before installing, make yourself familiar with potential risks and limitations of the convenience script:</p> <ul> <li>The script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to run.</li> <li>The script attempts to detect your Linux distribution and version and configure your package management system for you, and does not allow you to customize most installation parameters.</li> <li>The script installs dependencies and recommendations without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.</li> <li>By default, the script installs the latest stable release of Docker, containerd, and runc. When using this script to provision a machine, this may result in unexpected major version upgrades of Docker. Always test (major) upgrades in a test environment before deploying to your production systems.</li> <li>The script is not designed to upgrade an existing Docker installation. When using the script to update an existing installation, dependencies may not be updated to the expected version, causing outdated versions to be used.</li> </ul> <blockquote> <p>Tip: preview script steps before running</p> <p>You can run the script with the <code class="language-plaintext highlighter-rouge">DRY_RUN=1</code> option to learn what steps the script will execute during installation:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ DRY_RUN=1 sh ./get-docker.sh
+</pre></div>  </blockquote> <p>This example downloads the script from <a href="https://get.docker.com/">get.docker.com</a> and runs it to install the latest stable release of Docker on Linux:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ sudo sh get-docker.sh
+Executing docker install script, commit: 7cae5f8b0decc17d6571f9f52eb840fbc13b2737
+&lt;...&gt;
+</pre></div> <p>Docker is installed. The <code class="language-plaintext highlighter-rouge">docker</code> service starts automatically on Debian based distributions. On <code class="language-plaintext highlighter-rouge">RPM</code> based distributions, such as CentOS, Fedora, RHEL or SLES, you need to start it manually using the appropriate <code class="language-plaintext highlighter-rouge">systemctl</code> or <code class="language-plaintext highlighter-rouge">service</code> command. As the message indicates, non-root users cannot run Docker commands by default.</p> <blockquote> <p><strong>Use Docker as a non-privileged user, or install in rootless mode?</strong></p> <p>The installation script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to install and use Docker. If you want to grant non-root users access to Docker, refer to the <a href="../linux-postinstall/index#manage-docker-as-a-non-root-user">post-installation steps for Linux</a>. Docker can also be installed without <code class="language-plaintext highlighter-rouge">root</code> privileges, or configured to run in rootless mode. For instructions on running Docker in rootless mode, refer to <a href="../../security/rootless/index">run the Docker daemon as a non-root user (rootless mode)</a>.</p> </blockquote> <h4 id="install-pre-releases">Install pre-releases</h4> <p>Docker also provides a convenience script at <a href="https://test.docker.com/">test.docker.com</a> to install pre-releases of Docker on Linux. This script is equivalent to the script at <code class="language-plaintext highlighter-rouge">get.docker.com</code>, but configures your package manager to enable the “test” channel from our package repository, which includes both stable and pre-releases (beta versions, release-candidates) of Docker. Use this script to get early access to new releases, and to evaluate them in a testing environment before they are released as stable.</p> <p>To install the latest version of Docker on Linux from the “test” channel, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://test.docker.com -o test-docker.sh
+$ sudo sh test-docker.sh
+&lt;...&gt;
+</pre></div> <h4 id="upgrade-docker-after-using-the-convenience-script">Upgrade Docker after using the convenience script</h4> <p>If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.</p> <h2 id="uninstall-docker-engine">Uninstall Docker Engine</h2> <ol> <li> <p>Uninstall the Docker Engine, CLI, Containerd, and Docker Compose packages:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo zypper remove docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  </li> <li> <p>Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo rm -rf /var/lib/docker
+$ sudo rm -rf /var/lib/containerd
+</pre></div>  </li> </ol> <p>You must delete any edited configuration files manually.</p> <h2 id="next-steps">Next steps</h2> <ul> <li>Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a>.</li> <li>Review the topics in <a href="https://docs.docker.com/develop/">Develop with Docker</a> to learn how to build new applications using Docker.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=requirements">requirements</a>, <a href="https://docs.docker.com/search/?q=apt">apt</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=centos">centos</a>, <a href="https://docs.docker.com/search/?q=rpm">rpm</a>, <a href="https://docs.docker.com/search/?q=sles">sles</a>, <a href="https://docs.docker.com/search/?q=install">install</a>, <a href="https://docs.docker.com/search/?q=uninstall">uninstall</a>, <a href="https://docs.docker.com/search/?q=upgrade">upgrade</a>, <a href="https://docs.docker.com/search/?q=update">update</a>, <a href="https://docs.docker.com/search/?q=s390x">s390x</a>, <a href="https://docs.docker.com/search/?q=ibm-z">ibm-z</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/install/sles/" class="_attribution-link">https://docs.docker.com/engine/install/sles/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Finstall%2Fubuntu%2Findex.html b/devdocs/docker/engine%2Finstall%2Fubuntu%2Findex.html
new file mode 100644
index 00000000..c52bf582
--- /dev/null
+++ b/devdocs/docker/engine%2Finstall%2Fubuntu%2Findex.html
@@ -0,0 +1,47 @@
+<h1>Install Docker Engine on Ubuntu</h1>
+
+<blockquote class="important"> <p><strong>Docker Desktop for Linux</strong></p> <p>Docker Desktop helps you build, share, and run containers easily on Mac and Windows as you do on Linux. We are excited to share that Docker Desktop for Linux is now GA. For more information, see <a href="https://docs.docker.com/desktop/linux/install/">Docker Desktop for Linux</a>.</p> </blockquote> <p>To get started with Docker Engine on Ubuntu, make sure you <a href="#prerequisites">meet the prerequisites</a>, then <a href="#installation-methods">install Docker</a>.</p> <h2 id="prerequisites">Prerequisites</h2> <h3 id="os-requirements">OS requirements</h3> <p>To install Docker Engine, you need the 64-bit version of one of these Ubuntu versions:</p> <ul> <li>Ubuntu Jammy 22.04 (LTS)</li> <li>Ubuntu Impish 21.10</li> <li>Ubuntu Focal 20.04 (LTS)</li> <li>Ubuntu Bionic 18.04 (LTS)</li> </ul> <p>Docker Engine is supported on <code class="language-plaintext highlighter-rouge">x86_64</code> (or <code class="language-plaintext highlighter-rouge">amd64</code>), <code class="language-plaintext highlighter-rouge">armhf</code>, <code class="language-plaintext highlighter-rouge">arm64</code>, and <code class="language-plaintext highlighter-rouge">s390x</code> architectures.</p> <h3 id="uninstall-old-versions">Uninstall old versions</h3> <p>Older versions of Docker were called <code class="language-plaintext highlighter-rouge">docker</code>, <code class="language-plaintext highlighter-rouge">docker.io</code>, or <code class="language-plaintext highlighter-rouge">docker-engine</code>. If these are installed, uninstall them:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get remove docker docker-engine docker.io containerd runc
+</pre></div> <p>It’s OK if <code class="language-plaintext highlighter-rouge">apt-get</code> reports that none of these packages are installed.</p> <p>The contents of <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code>, including images, containers, volumes, and networks, are preserved. If you do not need to save your existing data, and want to start with a clean installation, refer to the <a href="#uninstall-docker-engine">uninstall Docker Engine</a> section at the bottom of this page.</p> <h2 id="installation-methods">Installation methods</h2> <p>You can install Docker Engine in different ways, depending on your needs:</p> <ul> <li> <p>Most users <a href="#install-using-the-repository">set up Docker’s repositories</a> and install from them, for ease of installation and upgrade tasks. This is the recommended approach.</p> </li> <li> <p>Some users download the DEB package and <a href="#install-from-a-package">install it manually</a> and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.</p> </li> <li> <p>In testing and development environments, some users choose to use automated <a href="#install-using-the-convenience-script">convenience scripts</a> to install Docker.</p> </li> </ul> <h3 id="install-using-the-repository">Install using the repository</h3> <p>Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.</p> <h4 id="set-up-the-repository">Set up the repository</h4> <ol> <li> <p>Update the <code class="language-plaintext highlighter-rouge">apt</code> package index and install packages to allow <code class="language-plaintext highlighter-rouge">apt</code> to use a repository over HTTPS:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get update
+
+$ sudo apt-get install \
+    ca-certificates \
+    curl \
+    gnupg \
+    lsb-release
+</pre></div>  </li> <li> <p>Add Docker’s official GPG key:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo mkdir -p /etc/apt/keyrings
+$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+</pre></div>  </li> <li> <p>Use the following command to set up the repository:</p> <div class="highlight"><pre class="highlight" data-language="">$ echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list &gt; /dev/null
+</pre></div>  </li> </ol> <h4 id="install-docker-engine">Install Docker Engine</h4> <ol> <li> <p>Update the <code class="language-plaintext highlighter-rouge">apt</code> package index, and install the <em>latest version</em> of Docker Engine, containerd, and Docker Compose, or go to the next step to install a specific version:</p> <div class="highlight"><pre class="highlight" data-language=""> $ sudo apt-get update
+ $ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  <blockquote> <p>Receiving a GPG error when running <code class="language-plaintext highlighter-rouge">apt-get update</code>?</p> <p>Your default umask may not be set correctly, causing the public key file for the repo to not be detected. Run the following command and then try to update your repo again: <code class="language-plaintext highlighter-rouge">sudo chmod a+r /etc/apt/keyrings/docker.gpg</code>.</p> </blockquote> </li> <li> <p>To install a <em>specific version</em> of Docker Engine, list the available versions in the repo, then select and install:</p> <p>a. List the versions available in your repo:</p> <div class="highlight"><pre class="highlight" data-language="">$ apt-cache madison docker-ce
+
+docker-ce | 5:20.10.16~3-0~ubuntu-jammy | https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages
+docker-ce | 5:20.10.15~3-0~ubuntu-jammy | https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages
+docker-ce | 5:20.10.14~3-0~ubuntu-jammy | https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages
+docker-ce | 5:20.10.13~3-0~ubuntu-jammy | https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages
+</pre></div>  <p>b. Install a specific version using the version string from the second column, for example, <code class="language-plaintext highlighter-rouge">5:20.10.16~3-0~ubuntu-jammy</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get install docker-ce=&lt;VERSION_STRING&gt; docker-ce-cli=&lt;VERSION_STRING&gt; containerd.io docker-compose-plugin
+</pre></div>  </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>Docker Engine is installed and running. The <code class="language-plaintext highlighter-rouge">docker</code> group is created but no users are added to it. You need to use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Linux postinstall</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, first run <code class="language-plaintext highlighter-rouge">sudo apt-get update</code>, then follow the <a href="#install-using-the-repository">installation instructions</a>, choosing the new version you want to install.</p> <h3 id="install-from-a-package">Install from a package</h3> <p>If you cannot use Docker’s repository to install Docker Engine, you can download the <code class="language-plaintext highlighter-rouge">.deb</code> file for your release and install it manually. You need to download a new file each time you want to upgrade Docker.</p> <ol> <li> <p>Go to <a href="https://download.docker.com/linux/ubuntu/dists/" target="_blank" rel="noopener" class="_"><code class="language-plaintext highlighter-rouge">https://download.docker.com/linux/ubuntu/dists/</code></a>, choose your Ubuntu version, then browse to <code class="language-plaintext highlighter-rouge">pool/stable/</code>, choose <code class="language-plaintext highlighter-rouge">amd64</code>, <code class="language-plaintext highlighter-rouge">armhf</code>, <code class="language-plaintext highlighter-rouge">arm64</code>, or <code class="language-plaintext highlighter-rouge">s390x</code>, and download the <code class="language-plaintext highlighter-rouge">.deb</code> file for the Docker Engine version you want to install.</p> </li> <li> <p>Install Docker Engine, changing the path below to the path where you downloaded the Docker package.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dpkg -i /path/to/package.deb
+</pre></div>  <p>The Docker daemon starts automatically.</p> </li> <li> <p>Verify that Docker Engine is installed correctly by running the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo docker run hello-world
+</pre></div>  <p>This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.</p> </li> </ol> <p>Docker Engine is installed and running. The <code class="language-plaintext highlighter-rouge">docker</code> group is created but no users are added to it. You need to use <code class="language-plaintext highlighter-rouge">sudo</code> to run Docker commands. Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a> to allow non-privileged users to run Docker commands and for other optional configuration steps.</p> <h4 id="upgrade-docker-engine-1">Upgrade Docker Engine</h4> <p>To upgrade Docker Engine, download the newer package file and repeat the <a href="#install-from-a-package">installation procedure</a>, pointing to the new file.</p>  <h3 id="install-using-the-convenience-script">Install using the convenience script</h3> <p>Docker provides a convenience script at <a href="https://get.docker.com/">get.docker.com</a> to install Docker into development environments quickly and non-interactively. The convenience script is not recommended for production environments, but can be used as an example to create a provisioning script that is tailored to your needs. Also refer to the <a href="#install-using-the-repository">install using the repository</a> steps to learn about installation steps to install using the package repository. The source code for the script is open source, and can be found in the <a href="https://github.com/docker/docker-install" target="_blank" rel="noopener" class="_"><code class="language-plaintext highlighter-rouge">docker-install</code> repository on GitHub</a>.</p> <p class="warning">Always examine scripts downloaded from the internet before running them locally. Before installing, make yourself familiar with potential risks and limitations of the convenience script:</p> <ul> <li>The script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to run.</li> <li>The script attempts to detect your Linux distribution and version and configure your package management system for you, and does not allow you to customize most installation parameters.</li> <li>The script installs dependencies and recommendations without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.</li> <li>By default, the script installs the latest stable release of Docker, containerd, and runc. When using this script to provision a machine, this may result in unexpected major version upgrades of Docker. Always test (major) upgrades in a test environment before deploying to your production systems.</li> <li>The script is not designed to upgrade an existing Docker installation. When using the script to update an existing installation, dependencies may not be updated to the expected version, causing outdated versions to be used.</li> </ul> <blockquote> <p>Tip: preview script steps before running</p> <p>You can run the script with the <code class="language-plaintext highlighter-rouge">DRY_RUN=1</code> option to learn what steps the script will execute during installation:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ DRY_RUN=1 sh ./get-docker.sh
+</pre></div>  </blockquote> <p>This example downloads the script from <a href="https://get.docker.com/">get.docker.com</a> and runs it to install the latest stable release of Docker on Linux:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com -o get-docker.sh
+$ sudo sh get-docker.sh
+Executing docker install script, commit: 7cae5f8b0decc17d6571f9f52eb840fbc13b2737
+&lt;...&gt;
+</pre></div> <p>Docker is installed. The <code class="language-plaintext highlighter-rouge">docker</code> service starts automatically on Debian based distributions. On <code class="language-plaintext highlighter-rouge">RPM</code> based distributions, such as CentOS, Fedora, RHEL or SLES, you need to start it manually using the appropriate <code class="language-plaintext highlighter-rouge">systemctl</code> or <code class="language-plaintext highlighter-rouge">service</code> command. As the message indicates, non-root users cannot run Docker commands by default.</p> <blockquote> <p><strong>Use Docker as a non-privileged user, or install in rootless mode?</strong></p> <p>The installation script requires <code class="language-plaintext highlighter-rouge">root</code> or <code class="language-plaintext highlighter-rouge">sudo</code> privileges to install and use Docker. If you want to grant non-root users access to Docker, refer to the <a href="../linux-postinstall/index#manage-docker-as-a-non-root-user">post-installation steps for Linux</a>. Docker can also be installed without <code class="language-plaintext highlighter-rouge">root</code> privileges, or configured to run in rootless mode. For instructions on running Docker in rootless mode, refer to <a href="../../security/rootless/index">run the Docker daemon as a non-root user (rootless mode)</a>.</p> </blockquote> <h4 id="install-pre-releases">Install pre-releases</h4> <p>Docker also provides a convenience script at <a href="https://test.docker.com/">test.docker.com</a> to install pre-releases of Docker on Linux. This script is equivalent to the script at <code class="language-plaintext highlighter-rouge">get.docker.com</code>, but configures your package manager to enable the “test” channel from our package repository, which includes both stable and pre-releases (beta versions, release-candidates) of Docker. Use this script to get early access to new releases, and to evaluate them in a testing environment before they are released as stable.</p> <p>To install the latest version of Docker on Linux from the “test” channel, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://test.docker.com -o test-docker.sh
+$ sudo sh test-docker.sh
+&lt;...&gt;
+</pre></div> <h4 id="upgrade-docker-after-using-the-convenience-script">Upgrade Docker after using the convenience script</h4> <p>If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.</p> <h2 id="uninstall-docker-engine">Uninstall Docker Engine</h2> <ol> <li> <p>Uninstall the Docker Engine, CLI, Containerd, and Docker Compose packages:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-compose-plugin
+</pre></div>  </li> <li> <p>Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo rm -rf /var/lib/docker
+$ sudo rm -rf /var/lib/containerd
+</pre></div>  </li> </ol> <p>You must delete any edited configuration files manually.</p> <h2 id="next-steps">Next steps</h2> <ul> <li>Continue to <a href="../linux-postinstall/index">Post-installation steps for Linux</a>.</li> <li>Review the topics in <a href="https://docs.docker.com/develop/">Develop with Docker</a> to learn how to build new applications using Docker.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=requirements">requirements</a>, <a href="https://docs.docker.com/search/?q=apt">apt</a>, <a href="https://docs.docker.com/search/?q=installation">installation</a>, <a href="https://docs.docker.com/search/?q=ubuntu">ubuntu</a>, <a href="https://docs.docker.com/search/?q=install">install</a>, <a href="https://docs.docker.com/search/?q=uninstall">uninstall</a>, <a href="https://docs.docker.com/search/?q=upgrade">upgrade</a>, <a href="https://docs.docker.com/search/?q=update">update</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/install/ubuntu/" class="_attribution-link">https://docs.docker.com/engine/install/ubuntu/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fbuilder%2Findex.html b/devdocs/docker/engine%2Freference%2Fbuilder%2Findex.html
new file mode 100644
index 00000000..533d2592
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fbuilder%2Findex.html
@@ -0,0 +1,527 @@
+<h1>Dockerfile reference</h1>
+ <p>Docker can build images automatically by reading the instructions from a <code class="language-plaintext highlighter-rouge">Dockerfile</code>. A <code class="language-plaintext highlighter-rouge">Dockerfile</code> is a text document that contains all the commands a user could call on the command line to assemble an image. Using <code class="language-plaintext highlighter-rouge">docker build</code> users can create an automated build that executes several command-line instructions in succession.</p> <p>This page describes the commands you can use in a <code class="language-plaintext highlighter-rouge">Dockerfile</code>. When you are done reading this page, refer to the <a href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"><code class="language-plaintext highlighter-rouge">Dockerfile</code> Best Practices</a> for a tip-oriented guide.</p> <h2 id="usage">Usage</h2> <p>The <a href="../commandline/build/index">docker build</a> command builds an image from a <code class="language-plaintext highlighter-rouge">Dockerfile</code> and a <em>context</em>. The build’s context is the set of files at a specified location <code class="language-plaintext highlighter-rouge">PATH</code> or <code class="language-plaintext highlighter-rouge">URL</code>. The <code class="language-plaintext highlighter-rouge">PATH</code> is a directory on your local filesystem. The <code class="language-plaintext highlighter-rouge">URL</code> is a Git repository location.</p> <p>The build context is processed recursively. So, a <code class="language-plaintext highlighter-rouge">PATH</code> includes any subdirectories and the <code class="language-plaintext highlighter-rouge">URL</code> includes the repository and its submodules. This example shows a build command that uses the current directory (<code class="language-plaintext highlighter-rouge">.</code>) as build context:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build .
+
+Sending build context to Docker daemon  6.51 MB
+...
+</pre></div> <p>The build is run by the Docker daemon, not by the CLI. The first thing a build process does is send the entire context (recursively) to the daemon. In most cases, it’s best to start with an empty directory as context and keep your Dockerfile in that directory. Add only the files needed for building the Dockerfile.</p> <blockquote class="warning"> <p><strong>Warning</strong></p> <p>Do not use your root directory, <code class="language-plaintext highlighter-rouge">/</code>, as the <code class="language-plaintext highlighter-rouge">PATH</code> for your build context, as it causes the build to transfer the entire contents of your hard drive to the Docker daemon.</p> </blockquote> <p>To use a file in the build context, the <code class="language-plaintext highlighter-rouge">Dockerfile</code> refers to the file specified in an instruction, for example, a <code class="language-plaintext highlighter-rouge">COPY</code> instruction. To increase the build’s performance, exclude files and directories by adding a <code class="language-plaintext highlighter-rouge">.dockerignore</code> file to the context directory. For information about how to <a href="#dockerignore-file">create a <code class="language-plaintext highlighter-rouge">.dockerignore</code> file</a> see the documentation on this page.</p> <p>Traditionally, the <code class="language-plaintext highlighter-rouge">Dockerfile</code> is called <code class="language-plaintext highlighter-rouge">Dockerfile</code> and located in the root of the context. You use the <code class="language-plaintext highlighter-rouge">-f</code> flag with <code class="language-plaintext highlighter-rouge">docker build</code> to point to a Dockerfile anywhere in your file system.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -f /path/to/a/Dockerfile .
+</pre></div> <p>You can specify a repository and tag at which to save the new image if the build succeeds:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t shykes/myapp .
+</pre></div> <p>To tag the image into multiple repositories after the build, add multiple <code class="language-plaintext highlighter-rouge">-t</code> parameters when you run the <code class="language-plaintext highlighter-rouge">build</code> command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t shykes/myapp:1.0.2 -t shykes/myapp:latest .
+</pre></div> <p>Before the Docker daemon runs the instructions in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>, it performs a preliminary validation of the <code class="language-plaintext highlighter-rouge">Dockerfile</code> and returns an error if the syntax is incorrect:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t test/myapp .
+
+[+] Building 0.3s (2/2) FINISHED
+ =&gt; [internal] load build definition from Dockerfile                       0.1s
+ =&gt; =&gt; transferring dockerfile: 60B                                        0.0s
+ =&gt; [internal] load .dockerignore                                          0.1s
+ =&gt; =&gt; transferring context: 2B                                            0.0s
+error: failed to solve: rpc error: code = Unknown desc = failed to solve with frontend dockerfile.v0: failed to create LLB definition:
+dockerfile parse error line 2: unknown instruction: RUNCMD
+</pre></div> <p>The Docker daemon runs the instructions in the <code class="language-plaintext highlighter-rouge">Dockerfile</code> one-by-one, committing the result of each instruction to a new image if necessary, before finally outputting the ID of your new image. The Docker daemon will automatically clean up the context you sent.</p> <p>Note that each instruction is run independently, and causes a new image to be created - so <code class="language-plaintext highlighter-rouge">RUN cd /tmp</code> will not have any effect on the next instructions.</p> <p>Whenever possible, Docker uses a build-cache to accelerate the <code class="language-plaintext highlighter-rouge">docker build</code> process significantly. This is indicated by the <code class="language-plaintext highlighter-rouge">CACHED</code> message in the console output. (For more information, see the <a href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"><code class="language-plaintext highlighter-rouge">Dockerfile</code> best practices guide</a>):</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t svendowideit/ambassador .
+
+[+] Building 0.7s (6/6) FINISHED
+ =&gt; [internal] load build definition from Dockerfile                       0.1s
+ =&gt; =&gt; transferring dockerfile: 286B                                       0.0s
+ =&gt; [internal] load .dockerignore                                          0.1s
+ =&gt; =&gt; transferring context: 2B                                            0.0s
+ =&gt; [internal] load metadata for docker.io/library/alpine:3.2              0.4s
+ =&gt; CACHED [1/2] FROM docker.io/library/alpine:3.2@sha256:e9a2035f9d0d7ce  0.0s
+ =&gt; CACHED [2/2] RUN apk add --no-cache socat                              0.0s
+ =&gt; exporting to image                                                     0.0s
+ =&gt; =&gt; exporting layers                                                    0.0s
+ =&gt; =&gt; writing image sha256:1affb80ca37018ac12067fa2af38cc5bcc2a8f09963de  0.0s
+ =&gt; =&gt; naming to docker.io/svendowideit/ambassador                         0.0s
+</pre></div> <p>By default, the build cache is based on results from previous builds on the machine on which you are building. The <code class="language-plaintext highlighter-rouge">--cache-from</code> option also allows you to use a build-cache that’s distributed through an image registry refer to the <a href="../commandline/build/index#specifying-external-cache-sources">specifying external cache sources</a> section in the <code class="language-plaintext highlighter-rouge">docker build</code> command reference.</p> <p>When you’re done with your build, you’re ready to look into <a href="../../scan/index">scanning your image with <code class="language-plaintext highlighter-rouge">docker scan</code></a>, and <a href="https://docs.docker.com/docker-hub/repos/">pushing your image to Docker Hub</a>.</p> <h2 id="buildkit">BuildKit</h2> <p>Starting with version 18.09, Docker supports a new backend for executing your builds that is provided by the <a href="https://github.com/moby/buildkit">moby/buildkit</a> project. The BuildKit backend provides many benefits compared to the old implementation. For example, BuildKit can:</p> <ul> <li>Detect and skip executing unused build stages</li> <li>Parallelize building independent build stages</li> <li>Incrementally transfer only the changed files in your build context between builds</li> <li>Detect and skip transferring unused files in your build context</li> <li>Use external Dockerfile implementations with many new features</li> <li>Avoid side-effects with rest of the API (intermediate images and containers)</li> <li>Prioritize your build cache for automatic pruning</li> </ul> <p>To use the BuildKit backend, you need to set an environment variable <code class="language-plaintext highlighter-rouge">DOCKER_BUILDKIT=1</code> on the CLI before invoking <code class="language-plaintext highlighter-rouge">docker build</code>.</p> <p>To learn about the Dockerfile syntax available to BuildKit-based builds <a href="https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax/">refer to the documentation in the BuildKit repository</a>.</p> <h2 id="format">Format</h2> <p>Here is the format of the <code class="language-plaintext highlighter-rouge">Dockerfile</code>:</p> <div class="highlight"><pre class="highlight" data-language=""># Comment
+INSTRUCTION arguments
+</pre></div> <p>The instruction is not case-sensitive. However, convention is for them to be UPPERCASE to distinguish them from arguments more easily.</p> <p>Docker runs instructions in a <code class="language-plaintext highlighter-rouge">Dockerfile</code> in order. A <code class="language-plaintext highlighter-rouge">Dockerfile</code> <strong>must begin with a <code class="language-plaintext highlighter-rouge">FROM</code> instruction</strong>. This may be after <a href="#parser-directives">parser directives</a>, <a href="#format">comments</a>, and globally scoped <a href="#arg">ARGs</a>. The <code class="language-plaintext highlighter-rouge">FROM</code> instruction specifies the <a href="https://docs.docker.com/glossary/#parent-image"><em>Parent Image</em></a> from which you are building. <code class="language-plaintext highlighter-rouge">FROM</code> may only be preceded by one or more <code class="language-plaintext highlighter-rouge">ARG</code> instructions, which declare arguments that are used in <code class="language-plaintext highlighter-rouge">FROM</code> lines in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <p>Docker treats lines that <em>begin</em> with <code class="language-plaintext highlighter-rouge">#</code> as a comment, unless the line is a valid <a href="#parser-directives">parser directive</a>. A <code class="language-plaintext highlighter-rouge">#</code> marker anywhere else in a line is treated as an argument. This allows statements like:</p> <div class="highlight"><pre class="highlight" data-language=""># Comment
+RUN echo 'we are running some # of cool things'
+</pre></div> <p>Comment lines are removed before the Dockerfile instructions are executed, which means that the comment in the following example is not handled by the shell executing the <code class="language-plaintext highlighter-rouge">echo</code> command, and both examples below are equivalent:</p> <div class="highlight"><pre class="highlight" data-language="">RUN echo hello \
+# comment
+world
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">RUN echo hello \
+world
+</pre></div> <p>Line continuation characters are not supported in comments.</p> <blockquote> <p><strong>Note on whitespace</strong></p> <p>For backward compatibility, leading whitespace before comments (<code class="language-plaintext highlighter-rouge">#</code>) and instructions (such as <code class="language-plaintext highlighter-rouge">RUN</code>) are ignored, but discouraged. Leading whitespace is not preserved in these cases, and the following examples are therefore equivalent:</p> <div class="highlight"><pre class="highlight" data-language="">        # this is a comment-line
+    RUN echo hello
+RUN echo world
+</pre></div>  <div class="highlight"><pre class="highlight" data-language=""># this is a comment-line
+RUN echo hello
+RUN echo world
+</pre></div>  <p>Note however, that whitespace in instruction <em>arguments</em>, such as the commands following <code class="language-plaintext highlighter-rouge">RUN</code>, are preserved, so the following example prints ` hello world` with leading whitespace as specified:</p> <div class="highlight"><pre class="highlight" data-language="">RUN echo "\
+     hello\
+     world"
+</pre></div>  </blockquote> <h2 id="parser-directives">Parser directives</h2> <p>Parser directives are optional, and affect the way in which subsequent lines in a <code class="language-plaintext highlighter-rouge">Dockerfile</code> are handled. Parser directives do not add layers to the build, and will not be shown as a build step. Parser directives are written as a special type of comment in the form <code class="language-plaintext highlighter-rouge"># directive=value</code>. A single directive may only be used once.</p> <p>Once a comment, empty line or builder instruction has been processed, Docker no longer looks for parser directives. Instead it treats anything formatted as a parser directive as a comment and does not attempt to validate if it might be a parser directive. Therefore, all parser directives must be at the very top of a <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <p>Parser directives are not case-sensitive. However, convention is for them to be lowercase. Convention is also to include a blank line following any parser directives. Line continuation characters are not supported in parser directives.</p> <p>Due to these rules, the following examples are all invalid:</p> <p>Invalid due to line continuation:</p> <div class="highlight"><pre class="highlight" data-language=""># direc \
+tive=value
+</pre></div> <p>Invalid due to appearing twice:</p> <div class="highlight"><pre class="highlight" data-language=""># directive=value1
+# directive=value2
+
+FROM ImageName
+</pre></div> <p>Treated as a comment due to appearing after a builder instruction:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ImageName
+# directive=value
+</pre></div> <p>Treated as a comment due to appearing after a comment which is not a parser directive:</p> <div class="highlight"><pre class="highlight" data-language=""># About my dockerfile
+# directive=value
+FROM ImageName
+</pre></div> <p>The unknown directive is treated as a comment due to not being recognized. In addition, the known directive is treated as a comment due to appearing after a comment which is not a parser directive.</p> <div class="highlight"><pre class="highlight" data-language=""># unknowndirective=value
+# knowndirective=value
+</pre></div> <p>Non line-breaking whitespace is permitted in a parser directive. Hence, the following lines are all treated identically:</p> <div class="highlight"><pre class="highlight" data-language="">#directive=value
+# directive =value
+#	directive= value
+# directive = value
+#	  dIrEcTiVe=value
+</pre></div> <p>The following parser directives are supported:</p> <ul> <li><code class="language-plaintext highlighter-rouge">syntax</code></li> <li><code class="language-plaintext highlighter-rouge">escape</code></li> </ul> <h2 id="syntax">syntax</h2>  <div class="highlight"><pre class="highlight" data-language=""># syntax=[remote image reference]
+</pre></div> <p>For example:</p> <div class="highlight"><pre class="highlight" data-language=""># syntax=docker/dockerfile:1
+# syntax=docker.io/docker/dockerfile:1
+# syntax=example.com/user/repo:tag@sha256:abcdef...
+</pre></div> <p>This feature is only available when using the <a href="#buildkit">BuildKit</a> backend, and is ignored when using the classic builder backend.</p> <p>The syntax directive defines the location of the Dockerfile syntax that is used to build the Dockerfile. The BuildKit backend allows to seamlessly use external implementations that are distributed as Docker images and execute inside a container sandbox environment.</p> <p>Custom Dockerfile implementations allows you to:</p> <ul> <li>Automatically get bugfixes without updating the Docker daemon</li> <li>Make sure all users are using the same implementation to build your Dockerfile</li> <li>Use the latest features without updating the Docker daemon</li> <li>Try out new features or third-party features before they are integrated in the Docker daemon</li> <li>Use <a href="https://github.com/moby/buildkit#exploring-llb">alternative build definitions, or create your own</a>
+</li> </ul> <h3 id="official-releases">Official releases</h3> <p>Docker distributes official versions of the images that can be used for building Dockerfiles under <code class="language-plaintext highlighter-rouge">docker/dockerfile</code> repository on Docker Hub. There are two channels where new images are released: <code class="language-plaintext highlighter-rouge">stable</code> and <code class="language-plaintext highlighter-rouge">labs</code>.</p> <p>Stable channel follows <a href="https://semver.org">semantic versioning</a>. For example:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">docker/dockerfile:1</code> - kept updated with the latest <code class="language-plaintext highlighter-rouge">1.x.x</code> minor <em>and</em> patch release</li> <li>
+<code class="language-plaintext highlighter-rouge">docker/dockerfile:1.2</code> - kept updated with the latest <code class="language-plaintext highlighter-rouge">1.2.x</code> patch release, and stops receiving updates once version <code class="language-plaintext highlighter-rouge">1.3.0</code> is released.</li> <li>
+<code class="language-plaintext highlighter-rouge">docker/dockerfile:1.2.1</code> - immutable: never updated</li> </ul> <p>We recommend using <code class="language-plaintext highlighter-rouge">docker/dockerfile:1</code>, which always points to the latest stable release of the version 1 syntax, and receives both “minor” and “patch” updates for the version 1 release cycle. BuildKit automatically checks for updates of the syntax when performing a build, making sure you are using the most current version.</p> <p>If a specific version is used, such as <code class="language-plaintext highlighter-rouge">1.2</code> or <code class="language-plaintext highlighter-rouge">1.2.1</code>, the Dockerfile needs to be updated manually to continue receiving bugfixes and new features. Old versions of the Dockerfile remain compatible with the new versions of the builder.</p> <p><strong>labs channel</strong></p> <p>The “labs” channel provides early access to Dockerfile features that are not yet available in the stable channel. Labs channel images are released in conjunction with the stable releases, and follow the same versioning with the <code class="language-plaintext highlighter-rouge">-labs</code> suffix, for example:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">docker/dockerfile:labs</code> - latest release on labs channel</li> <li>
+<code class="language-plaintext highlighter-rouge">docker/dockerfile:1-labs</code> - same as <code class="language-plaintext highlighter-rouge">dockerfile:1</code> in the stable channel, with labs features enabled</li> <li>
+<code class="language-plaintext highlighter-rouge">docker/dockerfile:1.2-labs</code> - same as <code class="language-plaintext highlighter-rouge">dockerfile:1.2</code> in the stable channel, with labs features enabled</li> <li>
+<code class="language-plaintext highlighter-rouge">docker/dockerfile:1.2.1-labs</code> - immutable: never updated. Same as <code class="language-plaintext highlighter-rouge">dockerfile:1.2.1</code> in the stable channel, with labs features enabled</li> </ul> <p>Choose a channel that best fits your needs; if you want to benefit from new features, use the labs channel. Images in the labs channel provide a superset of the features in the stable channel; note that <code class="language-plaintext highlighter-rouge">stable</code> features in the labs channel images follow <a href="https://semver.org">semantic versioning</a>, but “labs” features do not, and newer releases may not be backwards compatible, so it is recommended to use an immutable full version variant.</p> <p>For documentation on “labs” features, master builds, and nightly feature releases, refer to the description in <a href="https://github.com/moby/buildkit/blob/master/README/">the BuildKit source repository on GitHub</a>. For a full list of available images, visit the <a href="https://hub.docker.com/r/docker/dockerfile">image repository on Docker Hub</a>, and the <a href="https://hub.docker.com/r/docker/dockerfile-upstream">docker/dockerfile-upstream image repository</a> for development builds.</p> <h2 id="escape">escape</h2> <div class="highlight"><pre class="highlight" data-language=""># escape=\ (backslash)
+</pre></div> <p>Or</p> <div class="highlight"><pre class="highlight" data-language=""># escape=` (backtick)
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">escape</code> directive sets the character used to escape characters in a <code class="language-plaintext highlighter-rouge">Dockerfile</code>. If not specified, the default escape character is <code class="language-plaintext highlighter-rouge">\</code>.</p> <p>The escape character is used both to escape characters in a line, and to escape a newline. This allows a <code class="language-plaintext highlighter-rouge">Dockerfile</code> instruction to span multiple lines. Note that regardless of whether the <code class="language-plaintext highlighter-rouge">escape</code> parser directive is included in a <code class="language-plaintext highlighter-rouge">Dockerfile</code>, <em>escaping is not performed in a <code class="language-plaintext highlighter-rouge">RUN</code> command, except at the end of a line.</em></p> <p>Setting the escape character to <code class="language-plaintext highlighter-rouge">`</code> is especially useful on <code class="language-plaintext highlighter-rouge">Windows</code>, where <code class="language-plaintext highlighter-rouge">\</code> is the directory path separator. <code class="language-plaintext highlighter-rouge">`</code> is consistent with <a href="https://technet.microsoft.com/en-us/library/hh847755.aspx">Windows PowerShell</a>.</p> <p>Consider the following example which would fail in a non-obvious way on <code class="language-plaintext highlighter-rouge">Windows</code>. The second <code class="language-plaintext highlighter-rouge">\</code> at the end of the second line would be interpreted as an escape for the newline, instead of a target of the escape from the first <code class="language-plaintext highlighter-rouge">\</code>. Similarly, the <code class="language-plaintext highlighter-rouge">\</code> at the end of the third line would, assuming it was actually handled as an instruction, cause it be treated as a line continuation. The result of this dockerfile is that second and third lines are considered a single instruction:</p> <div class="highlight"><pre class="highlight" data-language="">FROM microsoft/nanoserver
+COPY testfile.txt c:\\
+RUN dir c:\
+</pre></div> <p>Results in:</p> <div class="highlight"><pre class="highlight" data-language="">PS E:\myproject&gt; docker build -t cmd .
+
+Sending build context to Docker daemon 3.072 kB
+Step 1/2 : FROM microsoft/nanoserver
+ ---&gt; 22738ff49c6d
+Step 2/2 : COPY testfile.txt c:\RUN dir c:
+GetFileAttributesEx c:RUN: The system cannot find the file specified.
+PS E:\myproject&gt;
+</pre></div> <p>One solution to the above would be to use <code class="language-plaintext highlighter-rouge">/</code> as the target of both the <code class="language-plaintext highlighter-rouge">COPY</code> instruction, and <code class="language-plaintext highlighter-rouge">dir</code>. However, this syntax is, at best, confusing as it is not natural for paths on <code class="language-plaintext highlighter-rouge">Windows</code>, and at worst, error prone as not all commands on <code class="language-plaintext highlighter-rouge">Windows</code> support <code class="language-plaintext highlighter-rouge">/</code> as the path separator.</p> <p>By adding the <code class="language-plaintext highlighter-rouge">escape</code> parser directive, the following <code class="language-plaintext highlighter-rouge">Dockerfile</code> succeeds as expected with the use of natural platform semantics for file paths on <code class="language-plaintext highlighter-rouge">Windows</code>:</p> <div class="highlight"><pre class="highlight" data-language=""># escape=`
+
+FROM microsoft/nanoserver
+COPY testfile.txt c:\
+RUN dir c:\
+</pre></div> <p>Results in:</p> <div class="highlight"><pre class="highlight" data-language="">PS E:\myproject&gt; docker build -t succeeds --no-cache=true .
+
+Sending build context to Docker daemon 3.072 kB
+Step 1/3 : FROM microsoft/nanoserver
+ ---&gt; 22738ff49c6d
+Step 2/3 : COPY testfile.txt c:\
+ ---&gt; 96655de338de
+Removing intermediate container 4db9acbb1682
+Step 3/3 : RUN dir c:\
+ ---&gt; Running in a2c157f842f5
+ Volume in drive C has no label.
+ Volume Serial Number is 7E6D-E0F7
+
+ Directory of c:\
+
+10/05/2016  05:04 PM             1,894 License.txt
+10/05/2016  02:22 PM    &lt;DIR&gt;          Program Files
+10/05/2016  02:14 PM    &lt;DIR&gt;          Program Files (x86)
+10/28/2016  11:18 AM                62 testfile.txt
+10/28/2016  11:20 AM    &lt;DIR&gt;          Users
+10/28/2016  11:20 AM    &lt;DIR&gt;          Windows
+           2 File(s)          1,956 bytes
+           4 Dir(s)  21,259,096,064 bytes free
+ ---&gt; 01c7f3bef04f
+Removing intermediate container a2c157f842f5
+Successfully built 01c7f3bef04f
+PS E:\myproject&gt;
+</pre></div> <h2 id="environment-replacement">Environment replacement</h2> <p>Environment variables (declared with <a href="#env">the <code class="language-plaintext highlighter-rouge">ENV</code> statement</a>) can also be used in certain instructions as variables to be interpreted by the <code class="language-plaintext highlighter-rouge">Dockerfile</code>. Escapes are also handled for including variable-like syntax into a statement literally.</p> <p>Environment variables are notated in the <code class="language-plaintext highlighter-rouge">Dockerfile</code> either with <code class="language-plaintext highlighter-rouge">$variable_name</code> or <code class="language-plaintext highlighter-rouge">${variable_name}</code>. They are treated equivalently and the brace syntax is typically used to address issues with variable names with no whitespace, like <code class="language-plaintext highlighter-rouge">${foo}_bar</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">${variable_name}</code> syntax also supports a few of the standard <code class="language-plaintext highlighter-rouge">bash</code> modifiers as specified below:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">${variable:-word}</code> indicates that if <code class="language-plaintext highlighter-rouge">variable</code> is set then the result will be that value. If <code class="language-plaintext highlighter-rouge">variable</code> is not set then <code class="language-plaintext highlighter-rouge">word</code> will be the result.</li> <li>
+<code class="language-plaintext highlighter-rouge">${variable:+word}</code> indicates that if <code class="language-plaintext highlighter-rouge">variable</code> is set then <code class="language-plaintext highlighter-rouge">word</code> will be the result, otherwise the result is the empty string.</li> </ul> <p>In all cases, <code class="language-plaintext highlighter-rouge">word</code> can be any string, including additional environment variables.</p> <p>Escaping is possible by adding a <code class="language-plaintext highlighter-rouge">\</code> before the variable: <code class="language-plaintext highlighter-rouge">\$foo</code> or <code class="language-plaintext highlighter-rouge">\${foo}</code>, for example, will translate to <code class="language-plaintext highlighter-rouge">$foo</code> and <code class="language-plaintext highlighter-rouge">${foo}</code> literals respectively.</p> <p>Example (parsed representation is displayed after the <code class="language-plaintext highlighter-rouge">#</code>):</p> <div class="highlight"><pre class="highlight" data-language="">FROM busybox
+ENV FOO=/bar
+WORKDIR ${FOO}   # WORKDIR /bar
+ADD . $FOO       # ADD . /bar
+COPY \$FOO /quux # COPY $FOO /quux
+</pre></div> <p>Environment variables are supported by the following list of instructions in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>:</p> <ul> <li><code class="language-plaintext highlighter-rouge">ADD</code></li> <li><code class="language-plaintext highlighter-rouge">COPY</code></li> <li><code class="language-plaintext highlighter-rouge">ENV</code></li> <li><code class="language-plaintext highlighter-rouge">EXPOSE</code></li> <li><code class="language-plaintext highlighter-rouge">FROM</code></li> <li><code class="language-plaintext highlighter-rouge">LABEL</code></li> <li><code class="language-plaintext highlighter-rouge">STOPSIGNAL</code></li> <li><code class="language-plaintext highlighter-rouge">USER</code></li> <li><code class="language-plaintext highlighter-rouge">VOLUME</code></li> <li><code class="language-plaintext highlighter-rouge">WORKDIR</code></li> <li>
+<code class="language-plaintext highlighter-rouge">ONBUILD</code> (when combined with one of the supported instructions above)</li> </ul> <p>Environment variable substitution will use the same value for each variable throughout the entire instruction. In other words, in this example:</p> <div class="highlight"><pre class="highlight" data-language="">ENV abc=hello
+ENV abc=bye def=$abc
+ENV ghi=$abc
+</pre></div> <p>will result in <code class="language-plaintext highlighter-rouge">def</code> having a value of <code class="language-plaintext highlighter-rouge">hello</code>, not <code class="language-plaintext highlighter-rouge">bye</code>. However, <code class="language-plaintext highlighter-rouge">ghi</code> will have a value of <code class="language-plaintext highlighter-rouge">bye</code> because it is not part of the same instruction that set <code class="language-plaintext highlighter-rouge">abc</code> to <code class="language-plaintext highlighter-rouge">bye</code>.</p> <h2 id="dockerignore-file">.dockerignore file</h2> <p>Before the docker CLI sends the context to the docker daemon, it looks for a file named <code class="language-plaintext highlighter-rouge">.dockerignore</code> in the root directory of the context. If this file exists, the CLI modifies the context to exclude files and directories that match patterns in it. This helps to avoid unnecessarily sending large or sensitive files and directories to the daemon and potentially adding them to images using <code class="language-plaintext highlighter-rouge">ADD</code> or <code class="language-plaintext highlighter-rouge">COPY</code>.</p> <p>The CLI interprets the <code class="language-plaintext highlighter-rouge">.dockerignore</code> file as a newline-separated list of patterns similar to the file globs of Unix shells. For the purposes of matching, the root of the context is considered to be both the working and the root directory. For example, the patterns <code class="language-plaintext highlighter-rouge">/foo/bar</code> and <code class="language-plaintext highlighter-rouge">foo/bar</code> both exclude a file or directory named <code class="language-plaintext highlighter-rouge">bar</code> in the <code class="language-plaintext highlighter-rouge">foo</code> subdirectory of <code class="language-plaintext highlighter-rouge">PATH</code> or in the root of the git repository located at <code class="language-plaintext highlighter-rouge">URL</code>. Neither excludes anything else.</p> <p>If a line in <code class="language-plaintext highlighter-rouge">.dockerignore</code> file starts with <code class="language-plaintext highlighter-rouge">#</code> in column 1, then this line is considered as a comment and is ignored before interpreted by the CLI.</p> <p>Here is an example <code class="language-plaintext highlighter-rouge">.dockerignore</code> file:</p> <pre data-language=""># comment
+*/temp*
+*/*/temp*
+temp?
+</pre> <p>This file causes the following build behavior:</p> <table> <thead> <tr> <th style="text-align: left">Rule</th> <th style="text-align: left">Behavior</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge"># comment</code></td> <td style="text-align: left">Ignored.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">*/temp*</code></td> <td style="text-align: left">Exclude files and directories whose names start with <code class="language-plaintext highlighter-rouge">temp</code> in any immediate subdirectory of the root. For example, the plain file <code class="language-plaintext highlighter-rouge">/somedir/temporary.txt</code> is excluded, as is the directory <code class="language-plaintext highlighter-rouge">/somedir/temp</code>.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">*/*/temp*</code></td> <td style="text-align: left">Exclude files and directories starting with <code class="language-plaintext highlighter-rouge">temp</code> from any subdirectory that is two levels below the root. For example, <code class="language-plaintext highlighter-rouge">/somedir/subdir/temporary.txt</code> is excluded.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">temp?</code></td> <td style="text-align: left">Exclude files and directories in the root directory whose names are a one-character extension of <code class="language-plaintext highlighter-rouge">temp</code>. For example, <code class="language-plaintext highlighter-rouge">/tempa</code> and <code class="language-plaintext highlighter-rouge">/tempb</code> are excluded.</td> </tr> </tbody> </table> <p>Matching is done using Go’s <a href="https://golang.org/pkg/path/filepath#Match">filepath.Match</a> rules. A preprocessing step removes leading and trailing whitespace and eliminates <code class="language-plaintext highlighter-rouge">.</code> and <code class="language-plaintext highlighter-rouge">..</code> elements using Go’s <a href="https://golang.org/pkg/path/filepath/#Clean">filepath.Clean</a>. Lines that are blank after preprocessing are ignored.</p> <p>Beyond Go’s filepath.Match rules, Docker also supports a special wildcard string <code class="language-plaintext highlighter-rouge">**</code> that matches any number of directories (including zero). For example, <code class="language-plaintext highlighter-rouge">**/*.go</code> will exclude all files that end with <code class="language-plaintext highlighter-rouge">.go</code> that are found in all directories, including the root of the build context.</p> <p>Lines starting with <code class="language-plaintext highlighter-rouge">!</code> (exclamation mark) can be used to make exceptions to exclusions. The following is an example <code class="language-plaintext highlighter-rouge">.dockerignore</code> file that uses this mechanism:</p> <pre data-language="">*.md
+!README.md
+</pre> <p>All markdown files <em>except</em> <code class="language-plaintext highlighter-rouge">README.md</code> are excluded from the context.</p> <p>The placement of <code class="language-plaintext highlighter-rouge">!</code> exception rules influences the behavior: the last line of the <code class="language-plaintext highlighter-rouge">.dockerignore</code> that matches a particular file determines whether it is included or excluded. Consider the following example:</p> <pre data-language="">*.md
+!README*.md
+README-secret.md
+</pre> <p>No markdown files are included in the context except README files other than <code class="language-plaintext highlighter-rouge">README-secret.md</code>.</p> <p>Now consider this example:</p> <pre data-language="">*.md
+README-secret.md
+!README*.md
+</pre> <p>All of the README files are included. The middle line has no effect because <code class="language-plaintext highlighter-rouge">!README*.md</code> matches <code class="language-plaintext highlighter-rouge">README-secret.md</code> and comes last.</p> <p>You can even use the <code class="language-plaintext highlighter-rouge">.dockerignore</code> file to exclude the <code class="language-plaintext highlighter-rouge">Dockerfile</code> and <code class="language-plaintext highlighter-rouge">.dockerignore</code> files. These files are still sent to the daemon because it needs them to do its job. But the <code class="language-plaintext highlighter-rouge">ADD</code> and <code class="language-plaintext highlighter-rouge">COPY</code> instructions do not copy them to the image.</p> <p>Finally, you may want to specify which files to include in the context, rather than which to exclude. To achieve this, specify <code class="language-plaintext highlighter-rouge">*</code> as the first pattern, followed by one or more <code class="language-plaintext highlighter-rouge">!</code> exception patterns.</p> <blockquote> <p><strong>Note</strong></p> <p>For historical reasons, the pattern <code class="language-plaintext highlighter-rouge">.</code> is ignored.</p> </blockquote> <h2 id="from">FROM</h2> <div class="highlight"><pre class="highlight" data-language="">FROM [--platform=&lt;platform&gt;] &lt;image&gt; [AS &lt;name&gt;]
+</pre></div> <p>Or</p> <div class="highlight"><pre class="highlight" data-language="">FROM [--platform=&lt;platform&gt;] &lt;image&gt;[:&lt;tag&gt;] [AS &lt;name&gt;]
+</pre></div> <p>Or</p> <div class="highlight"><pre class="highlight" data-language="">FROM [--platform=&lt;platform&gt;] &lt;image&gt;[@&lt;digest&gt;] [AS &lt;name&gt;]
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">FROM</code> instruction initializes a new build stage and sets the <a href="https://docs.docker.com/glossary/#base-image"><em>Base Image</em></a> for subsequent instructions. As such, a valid <code class="language-plaintext highlighter-rouge">Dockerfile</code> must start with a <code class="language-plaintext highlighter-rouge">FROM</code> instruction. The image can be any valid image – it is especially easy to start by <strong>pulling an image</strong> from the <a href="https://docs.docker.com/docker-hub/repos/"><em>Public Repositories</em></a>.</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">ARG</code> is the only instruction that may precede <code class="language-plaintext highlighter-rouge">FROM</code> in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>. See <a href="#understand-how-arg-and-from-interact">Understand how ARG and FROM interact</a>.</li> <li>
+<code class="language-plaintext highlighter-rouge">FROM</code> can appear multiple times within a single <code class="language-plaintext highlighter-rouge">Dockerfile</code> to create multiple images or use one build stage as a dependency for another. Simply make a note of the last image ID output by the commit before each new <code class="language-plaintext highlighter-rouge">FROM</code> instruction. Each <code class="language-plaintext highlighter-rouge">FROM</code> instruction clears any state created by previous instructions.</li> <li>Optionally a name can be given to a new build stage by adding <code class="language-plaintext highlighter-rouge">AS name</code> to the <code class="language-plaintext highlighter-rouge">FROM</code> instruction. The name can be used in subsequent <code class="language-plaintext highlighter-rouge">FROM</code> and <code class="language-plaintext highlighter-rouge">COPY --from=&lt;name&gt;</code> instructions to refer to the image built in this stage.</li> <li>The <code class="language-plaintext highlighter-rouge">tag</code> or <code class="language-plaintext highlighter-rouge">digest</code> values are optional. If you omit either of them, the builder assumes a <code class="language-plaintext highlighter-rouge">latest</code> tag by default. The builder returns an error if it cannot find the <code class="language-plaintext highlighter-rouge">tag</code> value.</li> </ul> <p>The optional <code class="language-plaintext highlighter-rouge">--platform</code> flag can be used to specify the platform of the image in case <code class="language-plaintext highlighter-rouge">FROM</code> references a multi-platform image. For example, <code class="language-plaintext highlighter-rouge">linux/amd64</code>, <code class="language-plaintext highlighter-rouge">linux/arm64</code>, or <code class="language-plaintext highlighter-rouge">windows/amd64</code>. By default, the target platform of the build request is used. Global build arguments can be used in the value of this flag, for example <a href="#automatic-platform-args-in-the-global-scope">automatic platform ARGs</a> allow you to force a stage to native build platform (<code class="language-plaintext highlighter-rouge">--platform=$BUILDPLATFORM</code>), and use it to cross-compile to the target platform inside the stage.</p> <h3 id="understand-how-arg-and-from-interact">Understand how ARG and FROM interact</h3> <p><code class="language-plaintext highlighter-rouge">FROM</code> instructions support variables that are declared by any <code class="language-plaintext highlighter-rouge">ARG</code> instructions that occur before the first <code class="language-plaintext highlighter-rouge">FROM</code>.</p> <div class="highlight"><pre class="highlight" data-language="">ARG  CODE_VERSION=latest
+FROM base:${CODE_VERSION}
+CMD  /code/run-app
+
+FROM extras:${CODE_VERSION}
+CMD  /code/run-extras
+</pre></div> <p>An <code class="language-plaintext highlighter-rouge">ARG</code> declared before a <code class="language-plaintext highlighter-rouge">FROM</code> is outside of a build stage, so it can’t be used in any instruction after a <code class="language-plaintext highlighter-rouge">FROM</code>. To use the default value of an <code class="language-plaintext highlighter-rouge">ARG</code> declared before the first <code class="language-plaintext highlighter-rouge">FROM</code> use an <code class="language-plaintext highlighter-rouge">ARG</code> instruction without a value inside of a build stage:</p> <div class="highlight"><pre class="highlight" data-language="">ARG VERSION=latest
+FROM busybox:$VERSION
+ARG VERSION
+RUN echo $VERSION &gt; image_version
+</pre></div> <h2 id="run">RUN</h2> <p>RUN has 2 forms:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">RUN &lt;command&gt;</code> (<em>shell</em> form, the command is run in a shell, which by default is <code class="language-plaintext highlighter-rouge">/bin/sh -c</code> on Linux or <code class="language-plaintext highlighter-rouge">cmd /S /C</code> on Windows)</li> <li>
+<code class="language-plaintext highlighter-rouge">RUN ["executable", "param1", "param2"]</code> (<em>exec</em> form)</li> </ul> <p>The <code class="language-plaintext highlighter-rouge">RUN</code> instruction will execute any commands in a new layer on top of the current image and commit the results. The resulting committed image will be used for the next step in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <p>Layering <code class="language-plaintext highlighter-rouge">RUN</code> instructions and generating commits conforms to the core concepts of Docker where commits are cheap and containers can be created from any point in an image’s history, much like source control.</p> <p>The <em>exec</em> form makes it possible to avoid shell string munging, and to <code class="language-plaintext highlighter-rouge">RUN</code> commands using a base image that does not contain the specified shell executable.</p> <p>The default shell for the <em>shell</em> form can be changed using the <code class="language-plaintext highlighter-rouge">SHELL</code> command.</p> <p>In the <em>shell</em> form you can use a <code class="language-plaintext highlighter-rouge">\</code> (backslash) to continue a single RUN instruction onto the next line. For example, consider these two lines:</p> <div class="highlight"><pre class="highlight" data-language="">RUN /bin/bash -c 'source $HOME/.bashrc; \
+echo $HOME'
+</pre></div> <p>Together they are equivalent to this single line:</p> <div class="highlight"><pre class="highlight" data-language="">RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME'
+</pre></div> <p>To use a different shell, other than ‘/bin/sh’, use the <em>exec</em> form passing in the desired shell. For example:</p> <div class="highlight"><pre class="highlight" data-language="">RUN ["/bin/bash", "-c", "echo hello"]
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>The <em>exec</em> form is parsed as a JSON array, which means that you must use double-quotes (“) around words not single-quotes (‘).</p> </blockquote> <p>Unlike the <em>shell</em> form, the <em>exec</em> form does not invoke a command shell. This means that normal shell processing does not happen. For example, <code class="language-plaintext highlighter-rouge">RUN [ "echo", "$HOME" ]</code> will not do variable substitution on <code class="language-plaintext highlighter-rouge">$HOME</code>. If you want shell processing then either use the <em>shell</em> form or execute a shell directly, for example: <code class="language-plaintext highlighter-rouge">RUN [ "sh", "-c", "echo $HOME" ]</code>. When using the exec form and executing a shell directly, as in the case for the shell form, it is the shell that is doing the environment variable expansion, not docker.</p> <blockquote> <p><strong>Note</strong></p> <p>In the <em>JSON</em> form, it is necessary to escape backslashes. This is particularly relevant on Windows where the backslash is the path separator. The following line would otherwise be treated as <em>shell</em> form due to not being valid JSON, and fail in an unexpected way:</p> <div class="highlight"><pre class="highlight" data-language="">RUN ["c:\windows\system32\tasklist.exe"]
+</pre></div>  <p>The correct syntax for this example is:</p> <div class="highlight"><pre class="highlight" data-language="">RUN ["c:\\windows\\system32\\tasklist.exe"]
+</pre></div>  </blockquote> <p>The cache for <code class="language-plaintext highlighter-rouge">RUN</code> instructions isn’t invalidated automatically during the next build. The cache for an instruction like <code class="language-plaintext highlighter-rouge">RUN apt-get dist-upgrade -y</code> will be reused during the next build. The cache for <code class="language-plaintext highlighter-rouge">RUN</code> instructions can be invalidated by using the <code class="language-plaintext highlighter-rouge">--no-cache</code> flag, for example <code class="language-plaintext highlighter-rouge">docker build --no-cache</code>.</p> <p>See the <a href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"><code class="language-plaintext highlighter-rouge">Dockerfile</code> Best Practices guide</a> for more information.</p> <p>The cache for <code class="language-plaintext highlighter-rouge">RUN</code> instructions can be invalidated by <a href="#add"><code class="language-plaintext highlighter-rouge">ADD</code></a> and <a href="#copy"><code class="language-plaintext highlighter-rouge">COPY</code></a> instructions.</p> <h3 id="known-issues-run">Known issues (RUN)</h3> <ul> <li> <p><a href="https://github.com/docker/docker/issues/783">Issue 783</a> is about file permissions problems that can occur when using the AUFS file system. You might notice it during an attempt to <code class="language-plaintext highlighter-rouge">rm</code> a file, for example.</p> <p>For systems that have recent aufs version (i.e., <code class="language-plaintext highlighter-rouge">dirperm1</code> mount option can be set), docker will attempt to fix the issue automatically by mounting the layers with <code class="language-plaintext highlighter-rouge">dirperm1</code> option. More details on <code class="language-plaintext highlighter-rouge">dirperm1</code> option can be found at <a href="https://github.com/sfjro/aufs3-linux/tree/aufs3.18/Documentation/filesystems/aufs"><code class="language-plaintext highlighter-rouge">aufs</code> man page</a></p> <p>If your system doesn’t have support for <code class="language-plaintext highlighter-rouge">dirperm1</code>, the issue describes a workaround.</p> </li> </ul> <h2 id="cmd">CMD</h2> <p>The <code class="language-plaintext highlighter-rouge">CMD</code> instruction has three forms:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">CMD ["executable","param1","param2"]</code> (<em>exec</em> form, this is the preferred form)</li> <li>
+<code class="language-plaintext highlighter-rouge">CMD ["param1","param2"]</code> (as <em>default parameters to ENTRYPOINT</em>)</li> <li>
+<code class="language-plaintext highlighter-rouge">CMD command param1 param2</code> (<em>shell</em> form)</li> </ul> <p>There can only be one <code class="language-plaintext highlighter-rouge">CMD</code> instruction in a <code class="language-plaintext highlighter-rouge">Dockerfile</code>. If you list more than one <code class="language-plaintext highlighter-rouge">CMD</code> then only the last <code class="language-plaintext highlighter-rouge">CMD</code> will take effect.</p> <p><strong>The main purpose of a <code class="language-plaintext highlighter-rouge">CMD</code> is to provide defaults for an executing container.</strong> These defaults can include an executable, or they can omit the executable, in which case you must specify an <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> instruction as well.</p> <p>If <code class="language-plaintext highlighter-rouge">CMD</code> is used to provide default arguments for the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> instruction, both the <code class="language-plaintext highlighter-rouge">CMD</code> and <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> instructions should be specified with the JSON array format.</p> <blockquote> <p><strong>Note</strong></p> <p>The <em>exec</em> form is parsed as a JSON array, which means that you must use double-quotes (“) around words not single-quotes (‘).</p> </blockquote> <p>Unlike the <em>shell</em> form, the <em>exec</em> form does not invoke a command shell. This means that normal shell processing does not happen. For example, <code class="language-plaintext highlighter-rouge">CMD [ "echo", "$HOME" ]</code> will not do variable substitution on <code class="language-plaintext highlighter-rouge">$HOME</code>. If you want shell processing then either use the <em>shell</em> form or execute a shell directly, for example: <code class="language-plaintext highlighter-rouge">CMD [ "sh", "-c", "echo $HOME" ]</code>. When using the exec form and executing a shell directly, as in the case for the shell form, it is the shell that is doing the environment variable expansion, not docker.</p> <p>When used in the shell or exec formats, the <code class="language-plaintext highlighter-rouge">CMD</code> instruction sets the command to be executed when running the image.</p> <p>If you use the <em>shell</em> form of the <code class="language-plaintext highlighter-rouge">CMD</code>, then the <code class="language-plaintext highlighter-rouge">&lt;command&gt;</code> will execute in <code class="language-plaintext highlighter-rouge">/bin/sh -c</code>:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+CMD echo "This is a test." | wc -
+</pre></div> <p>If you want to <strong>run your</strong> <code class="language-plaintext highlighter-rouge">&lt;command&gt;</code> <strong>without a shell</strong> then you must express the command as a JSON array and give the full path to the executable. <strong>This array form is the preferred format of <code class="language-plaintext highlighter-rouge">CMD</code>.</strong> Any additional parameters must be individually expressed as strings in the array:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+CMD ["/usr/bin/wc","--help"]
+</pre></div> <p>If you would like your container to run the same executable every time, then you should consider using <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> in combination with <code class="language-plaintext highlighter-rouge">CMD</code>. See <a href="#entrypoint"><em>ENTRYPOINT</em></a>.</p> <p>If the user specifies arguments to <code class="language-plaintext highlighter-rouge">docker run</code> then they will override the default specified in <code class="language-plaintext highlighter-rouge">CMD</code>.</p> <blockquote> <p><strong>Note</strong></p> <p>Do not confuse <code class="language-plaintext highlighter-rouge">RUN</code> with <code class="language-plaintext highlighter-rouge">CMD</code>. <code class="language-plaintext highlighter-rouge">RUN</code> actually runs a command and commits the result; <code class="language-plaintext highlighter-rouge">CMD</code> does not execute anything at build time, but specifies the intended command for the image.</p> </blockquote> <h2 id="label">LABEL</h2> <div class="highlight"><pre class="highlight" data-language="">LABEL &lt;key&gt;=&lt;value&gt; &lt;key&gt;=&lt;value&gt; &lt;key&gt;=&lt;value&gt; ...
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">LABEL</code> instruction adds metadata to an image. A <code class="language-plaintext highlighter-rouge">LABEL</code> is a key-value pair. To include spaces within a <code class="language-plaintext highlighter-rouge">LABEL</code> value, use quotes and backslashes as you would in command-line parsing. A few usage examples:</p> <div class="highlight"><pre class="highlight" data-language="">LABEL "com.example.vendor"="ACME Incorporated"
+LABEL com.example.label-with-value="foo"
+LABEL version="1.0"
+LABEL description="This text illustrates \
+that label-values can span multiple lines."
+</pre></div> <p>An image can have more than one label. You can specify multiple labels on a single line. Prior to Docker 1.10, this decreased the size of the final image, but this is no longer the case. You may still choose to specify multiple labels in a single instruction, in one of the following two ways:</p> <div class="highlight"><pre class="highlight" data-language="">LABEL multi.label1="value1" multi.label2="value2" other="value3"
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">LABEL multi.label1="value1" \
+      multi.label2="value2" \
+      other="value3"
+</pre></div> <p>Labels included in base or parent images (images in the <code class="language-plaintext highlighter-rouge">FROM</code> line) are inherited by your image. If a label already exists but with a different value, the most-recently-applied value overrides any previously-set value.</p> <p>To view an image’s labels, use the <code class="language-plaintext highlighter-rouge">docker image inspect</code> command. You can use the <code class="language-plaintext highlighter-rouge">--format</code> option to show just the labels;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image inspect --format='' myimage
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">{
+  "com.example.vendor": "ACME Incorporated",
+  "com.example.label-with-value": "foo",
+  "version": "1.0",
+  "description": "This text illustrates that label-values can span multiple lines.",
+  "multi.label1": "value1",
+  "multi.label2": "value2",
+  "other": "value3"
+}
+</pre></div> <h2 id="maintainer-deprecated">MAINTAINER (deprecated)</h2> <div class="highlight"><pre class="highlight" data-language="">MAINTAINER &lt;name&gt;
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">MAINTAINER</code> instruction sets the <em>Author</em> field of the generated images. The <code class="language-plaintext highlighter-rouge">LABEL</code> instruction is a much more flexible version of this and you should use it instead, as it enables setting any metadata you require, and can be viewed easily, for example with <code class="language-plaintext highlighter-rouge">docker inspect</code>. To set a label corresponding to the <code class="language-plaintext highlighter-rouge">MAINTAINER</code> field you could use:</p> <div class="highlight"><pre class="highlight" data-language="">LABEL org.opencontainers.image.authors="SvenDowideit@home.org.au"
+</pre></div> <p>This will then be visible from <code class="language-plaintext highlighter-rouge">docker inspect</code> with the other labels.</p> <h2 id="expose">EXPOSE</h2> <div class="highlight"><pre class="highlight" data-language="">EXPOSE &lt;port&gt; [&lt;port&gt;/&lt;protocol&gt;...]
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">EXPOSE</code> instruction informs Docker that the container listens on the specified network ports at runtime. You can specify whether the port listens on TCP or UDP, and the default is TCP if the protocol is not specified.</p> <p>The <code class="language-plaintext highlighter-rouge">EXPOSE</code> instruction does not actually publish the port. It functions as a type of documentation between the person who builds the image and the person who runs the container, about which ports are intended to be published. To actually publish the port when running the container, use the <code class="language-plaintext highlighter-rouge">-p</code> flag on <code class="language-plaintext highlighter-rouge">docker run</code> to publish and map one or more ports, or the <code class="language-plaintext highlighter-rouge">-P</code> flag to publish all exposed ports and map them to high-order ports.</p> <p>By default, <code class="language-plaintext highlighter-rouge">EXPOSE</code> assumes TCP. You can also specify UDP:</p> <div class="highlight"><pre class="highlight" data-language="">EXPOSE 80/udp
+</pre></div> <p>To expose on both TCP and UDP, include two lines:</p> <div class="highlight"><pre class="highlight" data-language="">EXPOSE 80/tcp
+EXPOSE 80/udp
+</pre></div> <p>In this case, if you use <code class="language-plaintext highlighter-rouge">-P</code> with <code class="language-plaintext highlighter-rouge">docker run</code>, the port will be exposed once for TCP and once for UDP. Remember that <code class="language-plaintext highlighter-rouge">-P</code> uses an ephemeral high-ordered host port on the host, so the port will not be the same for TCP and UDP.</p> <p>Regardless of the <code class="language-plaintext highlighter-rouge">EXPOSE</code> settings, you can override them at runtime by using the <code class="language-plaintext highlighter-rouge">-p</code> flag. For example</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -p 80:80/tcp -p 80:80/udp ...
+</pre></div> <p>To set up port redirection on the host system, see <a href="../run/index#expose-incoming-ports">using the -P flag</a>. The <code class="language-plaintext highlighter-rouge">docker network</code> command supports creating networks for communication among containers without the need to expose or publish specific ports, because the containers connected to the network can communicate with each other over any port. For detailed information, see the <a href="https://docs.docker.com/network/">overview of this feature</a>.</p> <h2 id="env">ENV</h2> <div class="highlight"><pre class="highlight" data-language="">ENV &lt;key&gt;=&lt;value&gt; ...
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">ENV</code> instruction sets the environment variable <code class="language-plaintext highlighter-rouge">&lt;key&gt;</code> to the value <code class="language-plaintext highlighter-rouge">&lt;value&gt;</code>. This value will be in the environment for all subsequent instructions in the build stage and can be <a href="#environment-replacement">replaced inline</a> in many as well. The value will be interpreted for other environment variables, so quote characters will be removed if they are not escaped. Like command line parsing, quotes and backslashes can be used to include spaces within values.</p> <p>Example:</p> <div class="highlight"><pre class="highlight" data-language="">ENV MY_NAME="John Doe"
+ENV MY_DOG=Rex\ The\ Dog
+ENV MY_CAT=fluffy
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">ENV</code> instruction allows for multiple <code class="language-plaintext highlighter-rouge">&lt;key&gt;=&lt;value&gt; ...</code> variables to be set at one time, and the example below will yield the same net results in the final image:</p> <div class="highlight"><pre class="highlight" data-language="">ENV MY_NAME="John Doe" MY_DOG=Rex\ The\ Dog \
+    MY_CAT=fluffy
+</pre></div> <p>The environment variables set using <code class="language-plaintext highlighter-rouge">ENV</code> will persist when a container is run from the resulting image. You can view the values using <code class="language-plaintext highlighter-rouge">docker inspect</code>, and change them using <code class="language-plaintext highlighter-rouge">docker run --env &lt;key&gt;=&lt;value&gt;</code>.</p> <p>Environment variable persistence can cause unexpected side effects. For example, setting <code class="language-plaintext highlighter-rouge">ENV DEBIAN_FRONTEND=noninteractive</code> changes the behavior of <code class="language-plaintext highlighter-rouge">apt-get</code>, and may confuse users of your image.</p> <p>If an environment variable is only needed during build, and not in the final image, consider setting a value for a single command instead:</p> <div class="highlight"><pre class="highlight" data-language="">RUN DEBIAN_FRONTEND=noninteractive apt-get update &amp;&amp; apt-get install -y ...
+</pre></div> <p>Or using <a href="#arg"><code class="language-plaintext highlighter-rouge">ARG</code></a>, which is not persisted in the final image:</p> <div class="highlight"><pre class="highlight" data-language="">ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update &amp;&amp; apt-get install -y ...
+</pre></div> <blockquote> <p><strong>Alternative syntax</strong></p> <p>The <code class="language-plaintext highlighter-rouge">ENV</code> instruction also allows an alternative syntax <code class="language-plaintext highlighter-rouge">ENV &lt;key&gt; &lt;value&gt;</code>, omitting the <code class="language-plaintext highlighter-rouge">=</code>. For example:</p> <div class="highlight"><pre class="highlight" data-language="">ENV MY_VAR my-value
+</pre></div>  <p>This syntax does not allow for multiple environment-variables to be set in a single <code class="language-plaintext highlighter-rouge">ENV</code> instruction, and can be confusing. For example, the following sets a single environment variable (<code class="language-plaintext highlighter-rouge">ONE</code>) with value <code class="language-plaintext highlighter-rouge">"TWO= THREE=world"</code>:</p> <div class="highlight"><pre class="highlight" data-language="">ENV ONE TWO= THREE=world
+</pre></div>  <p>The alternative syntax is supported for backward compatibility, but discouraged for the reasons outlined above, and may be removed in a future release.</p> </blockquote> <h2 id="add">ADD</h2> <p>ADD has two forms:</p> <div class="highlight"><pre class="highlight" data-language="">ADD [--chown=&lt;user&gt;:&lt;group&gt;] &lt;src&gt;... &lt;dest&gt;
+ADD [--chown=&lt;user&gt;:&lt;group&gt;] ["&lt;src&gt;",... "&lt;dest&gt;"]
+</pre></div> <p>The latter form is required for paths containing whitespace.</p> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--chown</code> feature is only supported on Dockerfiles used to build Linux containers, and will not work on Windows containers. Since user and group ownership concepts do not translate between Linux and Windows, the use of <code class="language-plaintext highlighter-rouge">/etc/passwd</code> and <code class="language-plaintext highlighter-rouge">/etc/group</code> for translating user and group names to IDs restricts this feature to only be viable for Linux OS-based containers.</p> </blockquote> <p>The <code class="language-plaintext highlighter-rouge">ADD</code> instruction copies new files, directories or remote file URLs from <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> and adds them to the filesystem of the image at the path <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code>.</p> <p>Multiple <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> resources may be specified but if they are files or directories, their paths are interpreted as relative to the source of the context of the build.</p> <p>Each <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> may contain wildcards and matching will be done using Go’s <a href="https://golang.org/pkg/path/filepath#Match">filepath.Match</a> rules. For example:</p> <p>To add all files starting with “hom”:</p> <div class="highlight"><pre class="highlight" data-language="">ADD hom* /mydir/
+</pre></div> <p>In the example below, <code class="language-plaintext highlighter-rouge">?</code> is replaced with any single character, e.g., “home.txt”.</p> <div class="highlight"><pre class="highlight" data-language="">ADD hom?.txt /mydir/
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> is an absolute path, or a path relative to <code class="language-plaintext highlighter-rouge">WORKDIR</code>, into which the source will be copied inside the destination container.</p> <p>The example below uses a relative path, and adds “test.txt” to <code class="language-plaintext highlighter-rouge">&lt;WORKDIR&gt;/relativeDir/</code>:</p> <div class="highlight"><pre class="highlight" data-language="">ADD test.txt relativeDir/
+</pre></div> <p>Whereas this example uses an absolute path, and adds “test.txt” to <code class="language-plaintext highlighter-rouge">/absoluteDir/</code></p> <div class="highlight"><pre class="highlight" data-language="">ADD test.txt /absoluteDir/
+</pre></div> <p>When adding files or directories that contain special characters (such as <code class="language-plaintext highlighter-rouge">[</code> and <code class="language-plaintext highlighter-rouge">]</code>), you need to escape those paths following the Golang rules to prevent them from being treated as a matching pattern. For example, to add a file named <code class="language-plaintext highlighter-rouge">arr[0].txt</code>, use the following;</p> <div class="highlight"><pre class="highlight" data-language="">ADD arr[[]0].txt /mydir/
+</pre></div> <p>All new files and directories are created with a UID and GID of 0, unless the optional <code class="language-plaintext highlighter-rouge">--chown</code> flag specifies a given username, groupname, or UID/GID combination to request specific ownership of the content added. The format of the <code class="language-plaintext highlighter-rouge">--chown</code> flag allows for either username and groupname strings or direct integer UID and GID in any combination. Providing a username without groupname or a UID without GID will use the same numeric UID as the GID. If a username or groupname is provided, the container’s root filesystem <code class="language-plaintext highlighter-rouge">/etc/passwd</code> and <code class="language-plaintext highlighter-rouge">/etc/group</code> files will be used to perform the translation from name to integer UID or GID respectively. The following examples show valid definitions for the <code class="language-plaintext highlighter-rouge">--chown</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">ADD --chown=55:mygroup files* /somedir/
+ADD --chown=bin files* /somedir/
+ADD --chown=1 files* /somedir/
+ADD --chown=10:11 files* /somedir/
+</pre></div> <p>If the container root filesystem does not contain either <code class="language-plaintext highlighter-rouge">/etc/passwd</code> or <code class="language-plaintext highlighter-rouge">/etc/group</code> files and either user or group names are used in the <code class="language-plaintext highlighter-rouge">--chown</code> flag, the build will fail on the <code class="language-plaintext highlighter-rouge">ADD</code> operation. Using numeric IDs requires no lookup and will not depend on container root filesystem content.</p> <p>In the case where <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> is a remote file URL, the destination will have permissions of 600. If the remote file being retrieved has an HTTP <code class="language-plaintext highlighter-rouge">Last-Modified</code> header, the timestamp from that header will be used to set the <code class="language-plaintext highlighter-rouge">mtime</code> on the destination file. However, like any other file processed during an <code class="language-plaintext highlighter-rouge">ADD</code>, <code class="language-plaintext highlighter-rouge">mtime</code> will not be included in the determination of whether or not the file has changed and the cache should be updated.</p> <blockquote> <p><strong>Note</strong></p> <p>If you build by passing a <code class="language-plaintext highlighter-rouge">Dockerfile</code> through STDIN (<code class="language-plaintext highlighter-rouge">docker build - &lt; somefile</code>), there is no build context, so the <code class="language-plaintext highlighter-rouge">Dockerfile</code> can only contain a URL based <code class="language-plaintext highlighter-rouge">ADD</code> instruction. You can also pass a compressed archive through STDIN: (<code class="language-plaintext highlighter-rouge">docker build - &lt; archive.tar.gz</code>), the <code class="language-plaintext highlighter-rouge">Dockerfile</code> at the root of the archive and the rest of the archive will be used as the context of the build.</p> </blockquote> <p>If your URL files are protected using authentication, you need to use <code class="language-plaintext highlighter-rouge">RUN wget</code>, <code class="language-plaintext highlighter-rouge">RUN curl</code> or use another tool from within the container as the <code class="language-plaintext highlighter-rouge">ADD</code> instruction does not support authentication.</p> <blockquote> <p><strong>Note</strong></p> <p>The first encountered <code class="language-plaintext highlighter-rouge">ADD</code> instruction will invalidate the cache for all following instructions from the Dockerfile if the contents of <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> have changed. This includes invalidating the cache for <code class="language-plaintext highlighter-rouge">RUN</code> instructions. See the <a href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache"><code class="language-plaintext highlighter-rouge">Dockerfile</code> Best Practices guide – Leverage build cache</a> for more information.</p> </blockquote> <p><code class="language-plaintext highlighter-rouge">ADD</code> obeys the following rules:</p> <ul> <li> <p>The <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> path must be inside the <em>context</em> of the build; you cannot <code class="language-plaintext highlighter-rouge">ADD ../something /something</code>, because the first step of a <code class="language-plaintext highlighter-rouge">docker build</code> is to send the context directory (and subdirectories) to the docker daemon.</p> </li> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> is a URL and <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> does not end with a trailing slash, then a file is downloaded from the URL and copied to <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code>.</p> </li> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> is a URL and <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> does end with a trailing slash, then the filename is inferred from the URL and the file is downloaded to <code class="language-plaintext highlighter-rouge">&lt;dest&gt;/&lt;filename&gt;</code>. For instance, <code class="language-plaintext highlighter-rouge">ADD http://example.com/foobar /</code> would create the file <code class="language-plaintext highlighter-rouge">/foobar</code>. The URL must have a nontrivial path so that an appropriate filename can be discovered in this case (<code class="language-plaintext highlighter-rouge">http://example.com</code> will not work).</p> </li> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> is a directory, the entire contents of the directory are copied, including filesystem metadata.</p> </li> </ul> <blockquote> <p><strong>Note</strong></p> <p>The directory itself is not copied, just its contents.</p> </blockquote> <ul> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> is a <em>local</em> tar archive in a recognized compression format (identity, gzip, bzip2 or xz) then it is unpacked as a directory. Resources from <em>remote</em> URLs are <strong>not</strong> decompressed. When a directory is copied or unpacked, it has the same behavior as <code class="language-plaintext highlighter-rouge">tar -x</code>, the result is the union of:</p> <ol> <li>Whatever existed at the destination path and</li> <li>The contents of the source tree, with conflicts resolved in favor of “2.” on a file-by-file basis.</li> </ol> <blockquote> <p><strong>Note</strong></p> <p>Whether a file is identified as a recognized compression format or not is done solely based on the contents of the file, not the name of the file. For example, if an empty file happens to end with <code class="language-plaintext highlighter-rouge">.tar.gz</code> this will not be recognized as a compressed file and <strong>will not</strong> generate any kind of decompression error message, rather the file will simply be copied to the destination.</p> </blockquote> </li> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> is any other kind of file, it is copied individually along with its metadata. In this case, if <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> ends with a trailing slash <code class="language-plaintext highlighter-rouge">/</code>, it will be considered a directory and the contents of <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> will be written at <code class="language-plaintext highlighter-rouge">&lt;dest&gt;/base(&lt;src&gt;)</code>.</p> </li> <li> <p>If multiple <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> resources are specified, either directly or due to the use of a wildcard, then <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> must be a directory, and it must end with a slash <code class="language-plaintext highlighter-rouge">/</code>.</p> </li> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> does not end with a trailing slash, it will be considered a regular file and the contents of <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> will be written at <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code>.</p> </li> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> doesn’t exist, it is created along with all missing directories in its path.</p> </li> </ul> <h2 id="copy">COPY</h2> <p>COPY has two forms:</p> <div class="highlight"><pre class="highlight" data-language="">COPY [--chown=&lt;user&gt;:&lt;group&gt;] &lt;src&gt;... &lt;dest&gt;
+COPY [--chown=&lt;user&gt;:&lt;group&gt;] ["&lt;src&gt;",... "&lt;dest&gt;"]
+</pre></div> <p>This latter form is required for paths containing whitespace</p> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--chown</code> feature is only supported on Dockerfiles used to build Linux containers, and will not work on Windows containers. Since user and group ownership concepts do not translate between Linux and Windows, the use of <code class="language-plaintext highlighter-rouge">/etc/passwd</code> and <code class="language-plaintext highlighter-rouge">/etc/group</code> for translating user and group names to IDs restricts this feature to only be viable for Linux OS-based containers.</p> </blockquote> <p>The <code class="language-plaintext highlighter-rouge">COPY</code> instruction copies new files or directories from <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> and adds them to the filesystem of the container at the path <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code>.</p> <p>Multiple <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> resources may be specified but the paths of files and directories will be interpreted as relative to the source of the context of the build.</p> <p>Each <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> may contain wildcards and matching will be done using Go’s <a href="https://golang.org/pkg/path/filepath#Match">filepath.Match</a> rules. For example:</p> <p>To add all files starting with “hom”:</p> <div class="highlight"><pre class="highlight" data-language="">COPY hom* /mydir/
+</pre></div> <p>In the example below, <code class="language-plaintext highlighter-rouge">?</code> is replaced with any single character, e.g., “home.txt”.</p> <div class="highlight"><pre class="highlight" data-language="">COPY hom?.txt /mydir/
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> is an absolute path, or a path relative to <code class="language-plaintext highlighter-rouge">WORKDIR</code>, into which the source will be copied inside the destination container.</p> <p>The example below uses a relative path, and adds “test.txt” to <code class="language-plaintext highlighter-rouge">&lt;WORKDIR&gt;/relativeDir/</code>:</p> <div class="highlight"><pre class="highlight" data-language="">COPY test.txt relativeDir/
+</pre></div> <p>Whereas this example uses an absolute path, and adds “test.txt” to <code class="language-plaintext highlighter-rouge">/absoluteDir/</code></p> <div class="highlight"><pre class="highlight" data-language="">COPY test.txt /absoluteDir/
+</pre></div> <p>When copying files or directories that contain special characters (such as <code class="language-plaintext highlighter-rouge">[</code> and <code class="language-plaintext highlighter-rouge">]</code>), you need to escape those paths following the Golang rules to prevent them from being treated as a matching pattern. For example, to copy a file named <code class="language-plaintext highlighter-rouge">arr[0].txt</code>, use the following;</p> <div class="highlight"><pre class="highlight" data-language="">COPY arr[[]0].txt /mydir/
+</pre></div> <p>All new files and directories are created with a UID and GID of 0, unless the optional <code class="language-plaintext highlighter-rouge">--chown</code> flag specifies a given username, groupname, or UID/GID combination to request specific ownership of the copied content. The format of the <code class="language-plaintext highlighter-rouge">--chown</code> flag allows for either username and groupname strings or direct integer UID and GID in any combination. Providing a username without groupname or a UID without GID will use the same numeric UID as the GID. If a username or groupname is provided, the container’s root filesystem <code class="language-plaintext highlighter-rouge">/etc/passwd</code> and <code class="language-plaintext highlighter-rouge">/etc/group</code> files will be used to perform the translation from name to integer UID or GID respectively. The following examples show valid definitions for the <code class="language-plaintext highlighter-rouge">--chown</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">COPY --chown=55:mygroup files* /somedir/
+COPY --chown=bin files* /somedir/
+COPY --chown=1 files* /somedir/
+COPY --chown=10:11 files* /somedir/
+</pre></div> <p>If the container root filesystem does not contain either <code class="language-plaintext highlighter-rouge">/etc/passwd</code> or <code class="language-plaintext highlighter-rouge">/etc/group</code> files and either user or group names are used in the <code class="language-plaintext highlighter-rouge">--chown</code> flag, the build will fail on the <code class="language-plaintext highlighter-rouge">COPY</code> operation. Using numeric IDs requires no lookup and does not depend on container root filesystem content.</p> <blockquote> <p><strong>Note</strong></p> <p>If you build using STDIN (<code class="language-plaintext highlighter-rouge">docker build - &lt; somefile</code>), there is no build context, so <code class="language-plaintext highlighter-rouge">COPY</code> can’t be used.</p> </blockquote> <p>Optionally <code class="language-plaintext highlighter-rouge">COPY</code> accepts a flag <code class="language-plaintext highlighter-rouge">--from=&lt;name&gt;</code> that can be used to set the source location to a previous build stage (created with <code class="language-plaintext highlighter-rouge">FROM .. AS &lt;name&gt;</code>) that will be used instead of a build context sent by the user. In case a build stage with a specified name can’t be found an image with the same name is attempted to be used instead.</p> <p><code class="language-plaintext highlighter-rouge">COPY</code> obeys the following rules:</p> <ul> <li> <p>The <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> path must be inside the <em>context</em> of the build; you cannot <code class="language-plaintext highlighter-rouge">COPY ../something /something</code>, because the first step of a <code class="language-plaintext highlighter-rouge">docker build</code> is to send the context directory (and subdirectories) to the docker daemon.</p> </li> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> is a directory, the entire contents of the directory are copied, including filesystem metadata.</p> </li> </ul> <blockquote> <p><strong>Note</strong></p> <p>The directory itself is not copied, just its contents.</p> </blockquote> <ul> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> is any other kind of file, it is copied individually along with its metadata. In this case, if <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> ends with a trailing slash <code class="language-plaintext highlighter-rouge">/</code>, it will be considered a directory and the contents of <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> will be written at <code class="language-plaintext highlighter-rouge">&lt;dest&gt;/base(&lt;src&gt;)</code>.</p> </li> <li> <p>If multiple <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> resources are specified, either directly or due to the use of a wildcard, then <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> must be a directory, and it must end with a slash <code class="language-plaintext highlighter-rouge">/</code>.</p> </li> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> does not end with a trailing slash, it will be considered a regular file and the contents of <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> will be written at <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code>.</p> </li> <li> <p>If <code class="language-plaintext highlighter-rouge">&lt;dest&gt;</code> doesn’t exist, it is created along with all missing directories in its path.</p> </li> </ul> <blockquote> <p><strong>Note</strong></p> <p>The first encountered <code class="language-plaintext highlighter-rouge">COPY</code> instruction will invalidate the cache for all following instructions from the Dockerfile if the contents of <code class="language-plaintext highlighter-rouge">&lt;src&gt;</code> have changed. This includes invalidating the cache for <code class="language-plaintext highlighter-rouge">RUN</code> instructions. See the <a href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache"><code class="language-plaintext highlighter-rouge">Dockerfile</code> Best Practices guide – Leverage build cache</a> for more information.</p> </blockquote> <h2 id="entrypoint">ENTRYPOINT</h2> <p>ENTRYPOINT has two forms:</p> <p>The <em>exec</em> form, which is the preferred form:</p> <div class="highlight"><pre class="highlight" data-language="">ENTRYPOINT ["executable", "param1", "param2"]
+</pre></div> <p>The <em>shell</em> form:</p> <div class="highlight"><pre class="highlight" data-language="">ENTRYPOINT command param1 param2
+</pre></div> <p>An <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> allows you to configure a container that will run as an executable.</p> <p>For example, the following starts nginx with its default content, listening on port 80:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -i -t --rm -p 80:80 nginx
+</pre></div> <p>Command line arguments to <code class="language-plaintext highlighter-rouge">docker run &lt;image&gt;</code> will be appended after all elements in an <em>exec</em> form <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code>, and will override all elements specified using <code class="language-plaintext highlighter-rouge">CMD</code>. This allows arguments to be passed to the entry point, i.e., <code class="language-plaintext highlighter-rouge">docker run &lt;image&gt; -d</code> will pass the <code class="language-plaintext highlighter-rouge">-d</code> argument to the entry point. You can override the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> instruction using the <code class="language-plaintext highlighter-rouge">docker run --entrypoint</code> flag.</p> <p>The <em>shell</em> form prevents any <code class="language-plaintext highlighter-rouge">CMD</code> or <code class="language-plaintext highlighter-rouge">run</code> command line arguments from being used, but has the disadvantage that your <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> will be started as a subcommand of <code class="language-plaintext highlighter-rouge">/bin/sh -c</code>, which does not pass signals. This means that the executable will not be the container’s <code class="language-plaintext highlighter-rouge">PID 1</code> - and will <em>not</em> receive Unix signals - so your executable will not receive a <code class="language-plaintext highlighter-rouge">SIGTERM</code> from <code class="language-plaintext highlighter-rouge">docker stop &lt;container&gt;</code>.</p> <p>Only the last <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> instruction in the <code class="language-plaintext highlighter-rouge">Dockerfile</code> will have an effect.</p> <h3 id="exec-form-entrypoint-example">Exec form ENTRYPOINT example</h3> <p>You can use the <em>exec</em> form of <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> to set fairly stable default commands and arguments and then use either form of <code class="language-plaintext highlighter-rouge">CMD</code> to set additional defaults that are more likely to be changed.</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ENTRYPOINT ["top", "-b"]
+CMD ["-c"]
+</pre></div> <p>When you run the container, you can see that <code class="language-plaintext highlighter-rouge">top</code> is the only process:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --rm --name test  top -H
+
+top - 08:25:00 up  7:27,  0 users,  load average: 0.00, 0.01, 0.05
+Threads:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+%Cpu(s):  0.1 us,  0.1 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
+KiB Mem:   2056668 total,  1616832 used,   439836 free,    99352 buffers
+KiB Swap:  1441840 total,        0 used,  1441840 free.  1324440 cached Mem
+
+  PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND
+    1 root      20   0   19744   2336   2080 R  0.0  0.1   0:00.04 top
+</pre></div> <p>To examine the result further, you can use <code class="language-plaintext highlighter-rouge">docker exec</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker exec -it test ps aux
+
+USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
+root         1  2.6  0.1  19752  2352 ?        Ss+  08:24   0:00 top -b -H
+root         7  0.0  0.1  15572  2164 ?        R+   08:25   0:00 ps aux
+</pre></div> <p>And you can gracefully request <code class="language-plaintext highlighter-rouge">top</code> to shut down using <code class="language-plaintext highlighter-rouge">docker stop test</code>.</p> <p>The following <code class="language-plaintext highlighter-rouge">Dockerfile</code> shows using the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> to run Apache in the foreground (i.e., as <code class="language-plaintext highlighter-rouge">PID 1</code>):</p> <div class="highlight"><pre class="highlight" data-language="">FROM debian:stable
+RUN apt-get update &amp;&amp; apt-get install -y --force-yes apache2
+EXPOSE 80 443
+VOLUME ["/var/www", "/var/log/apache2", "/etc/apache2"]
+ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
+</pre></div> <p>If you need to write a starter script for a single executable, you can ensure that the final executable receives the Unix signals by using <code class="language-plaintext highlighter-rouge">exec</code> and <code class="language-plaintext highlighter-rouge">gosu</code> commands:</p> <div class="highlight"><pre class="highlight" data-language="">#!/usr/bin/env bash
+set -e
+
+if [ "$1" = 'postgres' ]; then
+    chown -R postgres "$PGDATA"
+
+    if [ -z "$(ls -A "$PGDATA")" ]; then
+        gosu postgres initdb
+    fi
+
+    exec gosu postgres "$@"
+fi
+
+exec "$@"
+</pre></div> <p>Lastly, if you need to do some extra cleanup (or communicate with other containers) on shutdown, or are co-ordinating more than one executable, you may need to ensure that the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> script receives the Unix signals, passes them on, and then does some more work:</p> <div class="highlight"><pre class="highlight" data-language="">#!/bin/sh
+# Note: I've written this using sh so it works in the busybox container too
+
+# USE the trap if you need to also do manual cleanup after the service is stopped,
+#     or need to start multiple services in the one container
+trap "echo TRAPed signal" HUP INT QUIT TERM
+
+# start service in background here
+/usr/sbin/apachectl start
+
+echo "[hit enter key to exit] or run 'docker stop &lt;container&gt;'"
+read
+
+# stop service and clean up here
+echo "stopping apache"
+/usr/sbin/apachectl stop
+
+echo "exited $0"
+</pre></div> <p>If you run this image with <code class="language-plaintext highlighter-rouge">docker run -it --rm -p 80:80 --name test apache</code>, you can then examine the container’s processes with <code class="language-plaintext highlighter-rouge">docker exec</code>, or <code class="language-plaintext highlighter-rouge">docker top</code>, and then ask the script to stop Apache:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker exec -it test ps aux
+
+USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
+root         1  0.1  0.0   4448   692 ?        Ss+  00:42   0:00 /bin/sh /run.sh 123 cmd cmd2
+root        19  0.0  0.2  71304  4440 ?        Ss   00:42   0:00 /usr/sbin/apache2 -k start
+www-data    20  0.2  0.2 360468  6004 ?        Sl   00:42   0:00 /usr/sbin/apache2 -k start
+www-data    21  0.2  0.2 360468  6000 ?        Sl   00:42   0:00 /usr/sbin/apache2 -k start
+root        81  0.0  0.1  15572  2140 ?        R+   00:44   0:00 ps aux
+
+$ docker top test
+
+PID                 USER                COMMAND
+10035               root                {run.sh} /bin/sh /run.sh 123 cmd cmd2
+10054               root                /usr/sbin/apache2 -k start
+10055               33                  /usr/sbin/apache2 -k start
+10056               33                  /usr/sbin/apache2 -k start
+
+$ /usr/bin/time docker stop test
+
+test
+real	0m 0.27s
+user	0m 0.03s
+sys	0m 0.03s
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>You can override the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> setting using <code class="language-plaintext highlighter-rouge">--entrypoint</code>, but this can only set the binary to <em>exec</em> (no <code class="language-plaintext highlighter-rouge">sh -c</code> will be used).</p> </blockquote> <blockquote> <p><strong>Note</strong></p> <p>The <em>exec</em> form is parsed as a JSON array, which means that you must use double-quotes (“) around words not single-quotes (‘).</p> </blockquote> <p>Unlike the <em>shell</em> form, the <em>exec</em> form does not invoke a command shell. This means that normal shell processing does not happen. For example, <code class="language-plaintext highlighter-rouge">ENTRYPOINT [ "echo", "$HOME" ]</code> will not do variable substitution on <code class="language-plaintext highlighter-rouge">$HOME</code>. If you want shell processing then either use the <em>shell</em> form or execute a shell directly, for example: <code class="language-plaintext highlighter-rouge">ENTRYPOINT [ "sh", "-c", "echo $HOME" ]</code>. When using the exec form and executing a shell directly, as in the case for the shell form, it is the shell that is doing the environment variable expansion, not docker.</p> <h3 id="shell-form-entrypoint-example">Shell form ENTRYPOINT example</h3> <p>You can specify a plain string for the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> and it will execute in <code class="language-plaintext highlighter-rouge">/bin/sh -c</code>. This form will use shell processing to substitute shell environment variables, and will ignore any <code class="language-plaintext highlighter-rouge">CMD</code> or <code class="language-plaintext highlighter-rouge">docker run</code> command line arguments. To ensure that <code class="language-plaintext highlighter-rouge">docker stop</code> will signal any long running <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> executable correctly, you need to remember to start it with <code class="language-plaintext highlighter-rouge">exec</code>:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ENTRYPOINT exec top -b
+</pre></div> <p>When you run this image, you’ll see the single <code class="language-plaintext highlighter-rouge">PID 1</code> process:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --rm --name test top
+
+Mem: 1704520K used, 352148K free, 0K shrd, 0K buff, 140368121167873K cached
+CPU:   5% usr   0% sys   0% nic  94% idle   0% io   0% irq   0% sirq
+Load average: 0.08 0.03 0.05 2/98 6
+  PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
+    1     0 root     R     3164   0%   0% top -b
+</pre></div> <p>Which exits cleanly on <code class="language-plaintext highlighter-rouge">docker stop</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ /usr/bin/time docker stop test
+
+test
+real	0m 0.20s
+user	0m 0.02s
+sys	0m 0.04s
+</pre></div> <p>If you forget to add <code class="language-plaintext highlighter-rouge">exec</code> to the beginning of your <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code>:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ENTRYPOINT top -b
+CMD -- --ignored-param1
+</pre></div> <p>You can then run it (giving it a name for the next step):</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --name test top --ignored-param2
+
+top - 13:58:24 up 17 min,  0 users,  load average: 0.00, 0.00, 0.00
+Tasks:   2 total,   1 running,   1 sleeping,   0 stopped,   0 zombie
+%Cpu(s): 16.7 us, 33.3 sy,  0.0 ni, 50.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
+MiB Mem :   1990.8 total,   1354.6 free,    231.4 used,    404.7 buff/cache
+MiB Swap:   1024.0 total,   1024.0 free,      0.0 used.   1639.8 avail Mem
+
+  PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND
+    1 root      20   0    2612    604    536 S   0.0   0.0   0:00.02 sh
+    6 root      20   0    5956   3188   2768 R   0.0   0.2   0:00.00 top
+</pre></div> <p>You can see from the output of <code class="language-plaintext highlighter-rouge">top</code> that the specified <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> is not <code class="language-plaintext highlighter-rouge">PID 1</code>.</p> <p>If you then run <code class="language-plaintext highlighter-rouge">docker stop test</code>, the container will not exit cleanly - the <code class="language-plaintext highlighter-rouge">stop</code> command will be forced to send a <code class="language-plaintext highlighter-rouge">SIGKILL</code> after the timeout:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker exec -it test ps waux
+
+USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
+root         1  0.4  0.0   2612   604 pts/0    Ss+  13:58   0:00 /bin/sh -c top -b --ignored-param2
+root         6  0.0  0.1   5956  3188 pts/0    S+   13:58   0:00 top -b
+root         7  0.0  0.1   5884  2816 pts/1    Rs+  13:58   0:00 ps waux
+
+$ /usr/bin/time docker stop test
+
+test
+real	0m 10.19s
+user	0m 0.04s
+sys	0m 0.03s
+</pre></div> <h3 id="understand-how-cmd-and-entrypoint-interact">Understand how CMD and ENTRYPOINT interact</h3> <p>Both <code class="language-plaintext highlighter-rouge">CMD</code> and <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> instructions define what command gets executed when running a container. There are few rules that describe their co-operation.</p> <ol> <li> <p>Dockerfile should specify at least one of <code class="language-plaintext highlighter-rouge">CMD</code> or <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> commands.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> should be defined when using the container as an executable.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">CMD</code> should be used as a way of defining default arguments for an <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> command or for executing an ad-hoc command in a container.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">CMD</code> will be overridden when running the container with alternative arguments.</p> </li> </ol> <p>The table below shows what command is executed for different <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> / <code class="language-plaintext highlighter-rouge">CMD</code> combinations:</p> <table> <thead> <tr> <th style="text-align: left"> </th> <th style="text-align: left">No ENTRYPOINT</th> <th style="text-align: left">ENTRYPOINT exec_entry p1_entry</th> <th style="text-align: left">ENTRYPOINT [“exec_entry”, “p1_entry”]</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><strong>No CMD</strong></td> <td style="text-align: left"><em>error, not allowed</em></td> <td style="text-align: left">/bin/sh -c exec_entry p1_entry</td> <td style="text-align: left">exec_entry p1_entry</td> </tr> <tr> <td style="text-align: left"><strong>CMD [“exec_cmd”, “p1_cmd”]</strong></td> <td style="text-align: left">exec_cmd p1_cmd</td> <td style="text-align: left">/bin/sh -c exec_entry p1_entry</td> <td style="text-align: left">exec_entry p1_entry exec_cmd p1_cmd</td> </tr> <tr> <td style="text-align: left"><strong>CMD [“p1_cmd”, “p2_cmd”]</strong></td> <td style="text-align: left">p1_cmd p2_cmd</td> <td style="text-align: left">/bin/sh -c exec_entry p1_entry</td> <td style="text-align: left">exec_entry p1_entry p1_cmd p2_cmd</td> </tr> <tr> <td style="text-align: left"><strong>CMD exec_cmd p1_cmd</strong></td> <td style="text-align: left">/bin/sh -c exec_cmd p1_cmd</td> <td style="text-align: left">/bin/sh -c exec_entry p1_entry</td> <td style="text-align: left">exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd</td> </tr> </tbody> </table> <blockquote> <p><strong>Note</strong></p> <p>If <code class="language-plaintext highlighter-rouge">CMD</code> is defined from the base image, setting <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> will reset <code class="language-plaintext highlighter-rouge">CMD</code> to an empty value. In this scenario, <code class="language-plaintext highlighter-rouge">CMD</code> must be defined in the current image to have a value.</p> </blockquote> <h2 id="volume">VOLUME</h2> <div class="highlight"><pre class="highlight" data-language="">VOLUME ["/data"]
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">VOLUME</code> instruction creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers. The value can be a JSON array, <code class="language-plaintext highlighter-rouge">VOLUME ["/var/log/"]</code>, or a plain string with multiple arguments, such as <code class="language-plaintext highlighter-rouge">VOLUME /var/log</code> or <code class="language-plaintext highlighter-rouge">VOLUME /var/log /var/db</code>. For more information/examples and mounting instructions via the Docker client, refer to <a href="https://docs.docker.com/storage/volumes/"><em>Share Directories via Volumes</em></a> documentation.</p> <p>The <code class="language-plaintext highlighter-rouge">docker run</code> command initializes the newly created volume with any data that exists at the specified location within the base image. For example, consider the following Dockerfile snippet:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+RUN mkdir /myvol
+RUN echo "hello world" &gt; /myvol/greeting
+VOLUME /myvol
+</pre></div> <p>This Dockerfile results in an image that causes <code class="language-plaintext highlighter-rouge">docker run</code> to create a new mount point at <code class="language-plaintext highlighter-rouge">/myvol</code> and copy the <code class="language-plaintext highlighter-rouge">greeting</code> file into the newly created volume.</p> <h3 id="notes-about-specifying-volumes">Notes about specifying volumes</h3> <p>Keep the following things in mind about volumes in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <ul> <li> <p><strong>Volumes on Windows-based containers</strong>: When using Windows-based containers, the destination of a volume inside the container must be one of:</p> <ul> <li>a non-existing or empty directory</li> <li>a drive other than <code class="language-plaintext highlighter-rouge">C:</code>
+</li> </ul> </li> <li> <p><strong>Changing the volume from within the Dockerfile</strong>: If any build steps change the data within the volume after it has been declared, those changes will be discarded.</p> </li> <li> <p><strong>JSON formatting</strong>: The list is parsed as a JSON array. You must enclose words with double quotes (<code class="language-plaintext highlighter-rouge">"</code>) rather than single quotes (<code class="language-plaintext highlighter-rouge">'</code>).</p> </li> <li> <p><strong>The host directory is declared at container run-time</strong>: The host directory (the mountpoint) is, by its nature, host-dependent. This is to preserve image portability, since a given host directory can’t be guaranteed to be available on all hosts. For this reason, you can’t mount a host directory from within the Dockerfile. The <code class="language-plaintext highlighter-rouge">VOLUME</code> instruction does not support specifying a <code class="language-plaintext highlighter-rouge">host-dir</code> parameter. You must specify the mountpoint when you create or run the container.</p> </li> </ul> <h2 id="user">USER</h2> <div class="highlight"><pre class="highlight" data-language="">USER &lt;user&gt;[:&lt;group&gt;]
+</pre></div> <p>or</p> <div class="highlight"><pre class="highlight" data-language="">USER &lt;UID&gt;[:&lt;GID&gt;]
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">USER</code> instruction sets the user name (or UID) and optionally the user group (or GID) to use when running the image and for any <code class="language-plaintext highlighter-rouge">RUN</code>, <code class="language-plaintext highlighter-rouge">CMD</code> and <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> instructions that follow it in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <blockquote> <p>Note that when specifying a group for the user, the user will have <em>only</em> the specified group membership. Any other configured group memberships will be ignored.</p> </blockquote> <blockquote> <p><strong>Warning</strong></p> <p>When the user doesn’t have a primary group then the image (or the next instructions) will be run with the <code class="language-plaintext highlighter-rouge">root</code> group.</p> <p>On Windows, the user must be created first if it’s not a built-in account. This can be done with the <code class="language-plaintext highlighter-rouge">net user</code> command called as part of a Dockerfile.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">FROM microsoft/windowsservercore
+# Create Windows user in the container
+RUN net user /add patrick
+# Set it for subsequent commands
+USER patrick
+</pre></div> <h2 id="workdir">WORKDIR</h2> <div class="highlight"><pre class="highlight" data-language="">WORKDIR /path/to/workdir
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">WORKDIR</code> instruction sets the working directory for any <code class="language-plaintext highlighter-rouge">RUN</code>, <code class="language-plaintext highlighter-rouge">CMD</code>, <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code>, <code class="language-plaintext highlighter-rouge">COPY</code> and <code class="language-plaintext highlighter-rouge">ADD</code> instructions that follow it in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>. If the <code class="language-plaintext highlighter-rouge">WORKDIR</code> doesn’t exist, it will be created even if it’s not used in any subsequent <code class="language-plaintext highlighter-rouge">Dockerfile</code> instruction.</p> <p>The <code class="language-plaintext highlighter-rouge">WORKDIR</code> instruction can be used multiple times in a <code class="language-plaintext highlighter-rouge">Dockerfile</code>. If a relative path is provided, it will be relative to the path of the previous <code class="language-plaintext highlighter-rouge">WORKDIR</code> instruction. For example:</p> <div class="highlight"><pre class="highlight" data-language="">WORKDIR /a
+WORKDIR b
+WORKDIR c
+RUN pwd
+</pre></div> <p>The output of the final <code class="language-plaintext highlighter-rouge">pwd</code> command in this <code class="language-plaintext highlighter-rouge">Dockerfile</code> would be <code class="language-plaintext highlighter-rouge">/a/b/c</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">WORKDIR</code> instruction can resolve environment variables previously set using <code class="language-plaintext highlighter-rouge">ENV</code>. You can only use environment variables explicitly set in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>. For example:</p> <div class="highlight"><pre class="highlight" data-language="">ENV DIRPATH=/path
+WORKDIR $DIRPATH/$DIRNAME
+RUN pwd
+</pre></div> <p>The output of the final <code class="language-plaintext highlighter-rouge">pwd</code> command in this <code class="language-plaintext highlighter-rouge">Dockerfile</code> would be <code class="language-plaintext highlighter-rouge">/path/$DIRNAME</code></p> <p>If not specified, the default working directory is <code class="language-plaintext highlighter-rouge">/</code>. In practice, if you aren’t building a Dockerfile from scratch (<code class="language-plaintext highlighter-rouge">FROM scratch</code>), the <code class="language-plaintext highlighter-rouge">WORKDIR</code> may likely be set by the base image you’re using.</p> <p>Therefore, to avoid unintended operations in unknown directories, it is best practice to set your <code class="language-plaintext highlighter-rouge">WORKDIR</code> explicitly.</p> <h2 id="arg">ARG</h2> <div class="highlight"><pre class="highlight" data-language="">ARG &lt;name&gt;[=&lt;default value&gt;]
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">ARG</code> instruction defines a variable that users can pass at build-time to the builder with the <code class="language-plaintext highlighter-rouge">docker build</code> command using the <code class="language-plaintext highlighter-rouge">--build-arg &lt;varname&gt;=&lt;value&gt;</code> flag. If a user specifies a build argument that was not defined in the Dockerfile, the build outputs a warning.</p> <div class="highlight"><pre class="highlight" data-language="">[Warning] One or more build-args [foo] were not consumed.
+</pre></div> <p>A Dockerfile may include one or more <code class="language-plaintext highlighter-rouge">ARG</code> instructions. For example, the following is a valid Dockerfile:</p> <div class="highlight"><pre class="highlight" data-language="">FROM busybox
+ARG user1
+ARG buildno
+# ...
+</pre></div> <blockquote class="warning"> <p><strong>Warning:</strong></p> <p>It is not recommended to use build-time variables for passing secrets like github keys, user credentials etc. Build-time variable values are visible to any user of the image with the <code class="language-plaintext highlighter-rouge">docker history</code> command.</p> <p>Refer to the <a href="https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information">“build images with BuildKit”</a> section to learn about secure ways to use secrets when building images.</p> </blockquote> <h3 id="default-values">Default values</h3> <p>An <code class="language-plaintext highlighter-rouge">ARG</code> instruction can optionally include a default value:</p> <div class="highlight"><pre class="highlight" data-language="">FROM busybox
+ARG user1=someuser
+ARG buildno=1
+# ...
+</pre></div> <p>If an <code class="language-plaintext highlighter-rouge">ARG</code> instruction has a default value and if there is no value passed at build-time, the builder uses the default.</p> <h3 id="scope">Scope</h3> <p>An <code class="language-plaintext highlighter-rouge">ARG</code> variable definition comes into effect from the line on which it is defined in the <code class="language-plaintext highlighter-rouge">Dockerfile</code> not from the argument’s use on the command-line or elsewhere. For example, consider this Dockerfile:</p> <div class="highlight"><pre class="highlight" data-language="">FROM busybox
+USER ${user:-some_user}
+ARG user
+USER $user
+# ...
+</pre></div> <p>A user builds this file by calling:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --build-arg user=what_user .
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">USER</code> at line 2 evaluates to <code class="language-plaintext highlighter-rouge">some_user</code> as the <code class="language-plaintext highlighter-rouge">user</code> variable is defined on the subsequent line 3. The <code class="language-plaintext highlighter-rouge">USER</code> at line 4 evaluates to <code class="language-plaintext highlighter-rouge">what_user</code> as <code class="language-plaintext highlighter-rouge">user</code> is defined and the <code class="language-plaintext highlighter-rouge">what_user</code> value was passed on the command line. Prior to its definition by an <code class="language-plaintext highlighter-rouge">ARG</code> instruction, any use of a variable results in an empty string.</p> <p>An <code class="language-plaintext highlighter-rouge">ARG</code> instruction goes out of scope at the end of the build stage where it was defined. To use an arg in multiple stages, each stage must include the <code class="language-plaintext highlighter-rouge">ARG</code> instruction.</p> <div class="highlight"><pre class="highlight" data-language="">FROM busybox
+ARG SETTINGS
+RUN ./run/setup $SETTINGS
+
+FROM busybox
+ARG SETTINGS
+RUN ./run/other $SETTINGS
+</pre></div> <h3 id="using-arg-variables">Using ARG variables</h3> <p>You can use an <code class="language-plaintext highlighter-rouge">ARG</code> or an <code class="language-plaintext highlighter-rouge">ENV</code> instruction to specify variables that are available to the <code class="language-plaintext highlighter-rouge">RUN</code> instruction. Environment variables defined using the <code class="language-plaintext highlighter-rouge">ENV</code> instruction always override an <code class="language-plaintext highlighter-rouge">ARG</code> instruction of the same name. Consider this Dockerfile with an <code class="language-plaintext highlighter-rouge">ENV</code> and <code class="language-plaintext highlighter-rouge">ARG</code> instruction.</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ARG CONT_IMG_VER
+ENV CONT_IMG_VER=v1.0.0
+RUN echo $CONT_IMG_VER
+</pre></div> <p>Then, assume this image is built with this command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --build-arg CONT_IMG_VER=v2.0.1 .
+</pre></div> <p>In this case, the <code class="language-plaintext highlighter-rouge">RUN</code> instruction uses <code class="language-plaintext highlighter-rouge">v1.0.0</code> instead of the <code class="language-plaintext highlighter-rouge">ARG</code> setting passed by the user:<code class="language-plaintext highlighter-rouge">v2.0.1</code> This behavior is similar to a shell script where a locally scoped variable overrides the variables passed as arguments or inherited from environment, from its point of definition.</p> <p>Using the example above but a different <code class="language-plaintext highlighter-rouge">ENV</code> specification you can create more useful interactions between <code class="language-plaintext highlighter-rouge">ARG</code> and <code class="language-plaintext highlighter-rouge">ENV</code> instructions:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ARG CONT_IMG_VER
+ENV CONT_IMG_VER=${CONT_IMG_VER:-v1.0.0}
+RUN echo $CONT_IMG_VER
+</pre></div> <p>Unlike an <code class="language-plaintext highlighter-rouge">ARG</code> instruction, <code class="language-plaintext highlighter-rouge">ENV</code> values are always persisted in the built image. Consider a docker build without the <code class="language-plaintext highlighter-rouge">--build-arg</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build .
+</pre></div> <p>Using this Dockerfile example, <code class="language-plaintext highlighter-rouge">CONT_IMG_VER</code> is still persisted in the image but its value would be <code class="language-plaintext highlighter-rouge">v1.0.0</code> as it is the default set in line 3 by the <code class="language-plaintext highlighter-rouge">ENV</code> instruction.</p> <p>The variable expansion technique in this example allows you to pass arguments from the command line and persist them in the final image by leveraging the <code class="language-plaintext highlighter-rouge">ENV</code> instruction. Variable expansion is only supported for <a href="#environment-replacement">a limited set of Dockerfile instructions.</a></p> <h3 id="predefined-args">Predefined ARGs</h3> <p>Docker has a set of predefined <code class="language-plaintext highlighter-rouge">ARG</code> variables that you can use without a corresponding <code class="language-plaintext highlighter-rouge">ARG</code> instruction in the Dockerfile.</p> <ul> <li><code class="language-plaintext highlighter-rouge">HTTP_PROXY</code></li> <li><code class="language-plaintext highlighter-rouge">http_proxy</code></li> <li><code class="language-plaintext highlighter-rouge">HTTPS_PROXY</code></li> <li><code class="language-plaintext highlighter-rouge">https_proxy</code></li> <li><code class="language-plaintext highlighter-rouge">FTP_PROXY</code></li> <li><code class="language-plaintext highlighter-rouge">ftp_proxy</code></li> <li><code class="language-plaintext highlighter-rouge">NO_PROXY</code></li> <li><code class="language-plaintext highlighter-rouge">no_proxy</code></li> </ul> <p>To use these, pass them on the command line using the <code class="language-plaintext highlighter-rouge">--build-arg</code> flag, for example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --build-arg HTTPS_PROXY=https://my-proxy.example.com .
+</pre></div> <p>By default, these pre-defined variables are excluded from the output of <code class="language-plaintext highlighter-rouge">docker history</code>. Excluding them reduces the risk of accidentally leaking sensitive authentication information in an <code class="language-plaintext highlighter-rouge">HTTP_PROXY</code> variable.</p> <p>For example, consider building the following Dockerfile using <code class="language-plaintext highlighter-rouge">--build-arg HTTP_PROXY=http://user:pass@proxy.lon.example.com</code></p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+RUN echo "Hello World"
+</pre></div> <p>In this case, the value of the <code class="language-plaintext highlighter-rouge">HTTP_PROXY</code> variable is not available in the <code class="language-plaintext highlighter-rouge">docker history</code> and is not cached. If you were to change location, and your proxy server changed to <code class="language-plaintext highlighter-rouge">http://user:pass@proxy.sfo.example.com</code>, a subsequent build does not result in a cache miss.</p> <p>If you need to override this behaviour then you may do so by adding an <code class="language-plaintext highlighter-rouge">ARG</code> statement in the Dockerfile as follows:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ARG HTTP_PROXY
+RUN echo "Hello World"
+</pre></div> <p>When building this Dockerfile, the <code class="language-plaintext highlighter-rouge">HTTP_PROXY</code> is preserved in the <code class="language-plaintext highlighter-rouge">docker history</code>, and changing its value invalidates the build cache.</p> <h3 id="automatic-platform-args-in-the-global-scope">Automatic platform ARGs in the global scope</h3> <p>This feature is only available when using the <a href="#buildkit">BuildKit</a> backend.</p> <p>Docker predefines a set of <code class="language-plaintext highlighter-rouge">ARG</code> variables with information on the platform of the node performing the build (build platform) and on the platform of the resulting image (target platform). The target platform can be specified with the <code class="language-plaintext highlighter-rouge">--platform</code> flag on <code class="language-plaintext highlighter-rouge">docker build</code>.</p> <p>The following <code class="language-plaintext highlighter-rouge">ARG</code> variables are set automatically:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">TARGETPLATFORM</code> - platform of the build result. Eg <code class="language-plaintext highlighter-rouge">linux/amd64</code>, <code class="language-plaintext highlighter-rouge">linux/arm/v7</code>, <code class="language-plaintext highlighter-rouge">windows/amd64</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">TARGETOS</code> - OS component of TARGETPLATFORM</li> <li>
+<code class="language-plaintext highlighter-rouge">TARGETARCH</code> - architecture component of TARGETPLATFORM</li> <li>
+<code class="language-plaintext highlighter-rouge">TARGETVARIANT</code> - variant component of TARGETPLATFORM</li> <li>
+<code class="language-plaintext highlighter-rouge">BUILDPLATFORM</code> - platform of the node performing the build.</li> <li>
+<code class="language-plaintext highlighter-rouge">BUILDOS</code> - OS component of BUILDPLATFORM</li> <li>
+<code class="language-plaintext highlighter-rouge">BUILDARCH</code> - architecture component of BUILDPLATFORM</li> <li>
+<code class="language-plaintext highlighter-rouge">BUILDVARIANT</code> - variant component of BUILDPLATFORM</li> </ul> <p>These arguments are defined in the global scope so are not automatically available inside build stages or for your <code class="language-plaintext highlighter-rouge">RUN</code> commands. To expose one of these arguments inside the build stage redefine it without value.</p> <p>For example:</p> <div class="highlight"><pre class="highlight" data-language="">FROM alpine
+ARG TARGETPLATFORM
+RUN echo "I'm building for $TARGETPLATFORM"
+</pre></div> <h3 id="impact-on-build-caching">Impact on build caching</h3> <p><code class="language-plaintext highlighter-rouge">ARG</code> variables are not persisted into the built image as <code class="language-plaintext highlighter-rouge">ENV</code> variables are. However, <code class="language-plaintext highlighter-rouge">ARG</code> variables do impact the build cache in similar ways. If a Dockerfile defines an <code class="language-plaintext highlighter-rouge">ARG</code> variable whose value is different from a previous build, then a “cache miss” occurs upon its first usage, not its definition. In particular, all <code class="language-plaintext highlighter-rouge">RUN</code> instructions following an <code class="language-plaintext highlighter-rouge">ARG</code> instruction use the <code class="language-plaintext highlighter-rouge">ARG</code> variable implicitly (as an environment variable), thus can cause a cache miss. All predefined <code class="language-plaintext highlighter-rouge">ARG</code> variables are exempt from caching unless there is a matching <code class="language-plaintext highlighter-rouge">ARG</code> statement in the <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <p>For example, consider these two Dockerfile:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ARG CONT_IMG_VER
+RUN echo $CONT_IMG_VER
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ARG CONT_IMG_VER
+RUN echo hello
+</pre></div> <p>If you specify <code class="language-plaintext highlighter-rouge">--build-arg CONT_IMG_VER=&lt;value&gt;</code> on the command line, in both cases, the specification on line 2 does not cause a cache miss; line 3 does cause a cache miss.<code class="language-plaintext highlighter-rouge">ARG CONT_IMG_VER</code> causes the RUN line to be identified as the same as running <code class="language-plaintext highlighter-rouge">CONT_IMG_VER=&lt;value&gt; echo hello</code>, so if the <code class="language-plaintext highlighter-rouge">&lt;value&gt;</code> changes, we get a cache miss.</p> <p>Consider another example under the same command line:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ARG CONT_IMG_VER
+ENV CONT_IMG_VER=$CONT_IMG_VER
+RUN echo $CONT_IMG_VER
+</pre></div> <p>In this example, the cache miss occurs on line 3. The miss happens because the variable’s value in the <code class="language-plaintext highlighter-rouge">ENV</code> references the <code class="language-plaintext highlighter-rouge">ARG</code> variable and that variable is changed through the command line. In this example, the <code class="language-plaintext highlighter-rouge">ENV</code> command causes the image to include the value.</p> <p>If an <code class="language-plaintext highlighter-rouge">ENV</code> instruction overrides an <code class="language-plaintext highlighter-rouge">ARG</code> instruction of the same name, like this Dockerfile:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu
+ARG CONT_IMG_VER
+ENV CONT_IMG_VER=hello
+RUN echo $CONT_IMG_VER
+</pre></div> <p>Line 3 does not cause a cache miss because the value of <code class="language-plaintext highlighter-rouge">CONT_IMG_VER</code> is a constant (<code class="language-plaintext highlighter-rouge">hello</code>). As a result, the environment variables and values used on the <code class="language-plaintext highlighter-rouge">RUN</code> (line 4) doesn’t change between builds.</p> <h2 id="onbuild">ONBUILD</h2> <div class="highlight"><pre class="highlight" data-language="">ONBUILD &lt;INSTRUCTION&gt;
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">ONBUILD</code> instruction adds to the image a <em>trigger</em> instruction to be executed at a later time, when the image is used as the base for another build. The trigger will be executed in the context of the downstream build, as if it had been inserted immediately after the <code class="language-plaintext highlighter-rouge">FROM</code> instruction in the downstream <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <p>Any build instruction can be registered as a trigger.</p> <p>This is useful if you are building an image which will be used as a base to build other images, for example an application build environment or a daemon which may be customized with user-specific configuration.</p> <p>For example, if your image is a reusable Python application builder, it will require application source code to be added in a particular directory, and it might require a build script to be called <em>after</em> that. You can’t just call <code class="language-plaintext highlighter-rouge">ADD</code> and <code class="language-plaintext highlighter-rouge">RUN</code> now, because you don’t yet have access to the application source code, and it will be different for each application build. You could simply provide application developers with a boilerplate <code class="language-plaintext highlighter-rouge">Dockerfile</code> to copy-paste into their application, but that is inefficient, error-prone and difficult to update because it mixes with application-specific code.</p> <p>The solution is to use <code class="language-plaintext highlighter-rouge">ONBUILD</code> to register advance instructions to run later, during the next build stage.</p> <p>Here’s how it works:</p> <ol> <li>When it encounters an <code class="language-plaintext highlighter-rouge">ONBUILD</code> instruction, the builder adds a trigger to the metadata of the image being built. The instruction does not otherwise affect the current build.</li> <li>At the end of the build, a list of all triggers is stored in the image manifest, under the key <code class="language-plaintext highlighter-rouge">OnBuild</code>. They can be inspected with the <code class="language-plaintext highlighter-rouge">docker inspect</code> command.</li> <li>Later the image may be used as a base for a new build, using the <code class="language-plaintext highlighter-rouge">FROM</code> instruction. As part of processing the <code class="language-plaintext highlighter-rouge">FROM</code> instruction, the downstream builder looks for <code class="language-plaintext highlighter-rouge">ONBUILD</code> triggers, and executes them in the same order they were registered. If any of the triggers fail, the <code class="language-plaintext highlighter-rouge">FROM</code> instruction is aborted which in turn causes the build to fail. If all triggers succeed, the <code class="language-plaintext highlighter-rouge">FROM</code> instruction completes and the build continues as usual.</li> <li>Triggers are cleared from the final image after being executed. In other words they are not inherited by “grand-children” builds.</li> </ol> <p>For example you might add something like this:</p> <div class="highlight"><pre class="highlight" data-language="">ONBUILD ADD . /app/src
+ONBUILD RUN /usr/local/bin/python-build --dir /app/src
+</pre></div> <blockquote> <p><strong>Warning</strong></p> <p>Chaining <code class="language-plaintext highlighter-rouge">ONBUILD</code> instructions using <code class="language-plaintext highlighter-rouge">ONBUILD ONBUILD</code> isn’t allowed.</p> </blockquote> <blockquote> <p><strong>Warning</strong></p> <p>The <code class="language-plaintext highlighter-rouge">ONBUILD</code> instruction may not trigger <code class="language-plaintext highlighter-rouge">FROM</code> or <code class="language-plaintext highlighter-rouge">MAINTAINER</code> instructions.</p> </blockquote> <h2 id="stopsignal">STOPSIGNAL</h2> <div class="highlight"><pre class="highlight" data-language="">STOPSIGNAL signal
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">STOPSIGNAL</code> instruction sets the system call signal that will be sent to the container to exit. This signal can be a signal name in the format <code class="language-plaintext highlighter-rouge">SIG&lt;NAME&gt;</code>, for instance <code class="language-plaintext highlighter-rouge">SIGKILL</code>, or an unsigned number that matches a position in the kernel’s syscall table, for instance <code class="language-plaintext highlighter-rouge">9</code>. The default is <code class="language-plaintext highlighter-rouge">SIGTERM</code> if not defined.</p> <p>The image’s default stopsignal can be overridden per container, using the <code class="language-plaintext highlighter-rouge">--stop-signal</code> flag on <code class="language-plaintext highlighter-rouge">docker run</code> and <code class="language-plaintext highlighter-rouge">docker create</code>.</p> <h2 id="healthcheck">HEALTHCHECK</h2> <p>The <code class="language-plaintext highlighter-rouge">HEALTHCHECK</code> instruction has two forms:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">HEALTHCHECK [OPTIONS] CMD command</code> (check container health by running a command inside the container)</li> <li>
+<code class="language-plaintext highlighter-rouge">HEALTHCHECK NONE</code> (disable any healthcheck inherited from the base image)</li> </ul> <p>The <code class="language-plaintext highlighter-rouge">HEALTHCHECK</code> instruction tells Docker how to test a container to check that it is still working. This can detect cases such as a web server that is stuck in an infinite loop and unable to handle new connections, even though the server process is still running.</p> <p>When a container has a healthcheck specified, it has a <em>health status</em> in addition to its normal status. This status is initially <code class="language-plaintext highlighter-rouge">starting</code>. Whenever a health check passes, it becomes <code class="language-plaintext highlighter-rouge">healthy</code> (whatever state it was previously in). After a certain number of consecutive failures, it becomes <code class="language-plaintext highlighter-rouge">unhealthy</code>.</p> <p>The options that can appear before <code class="language-plaintext highlighter-rouge">CMD</code> are:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">--interval=DURATION</code> (default: <code class="language-plaintext highlighter-rouge">30s</code>)</li> <li>
+<code class="language-plaintext highlighter-rouge">--timeout=DURATION</code> (default: <code class="language-plaintext highlighter-rouge">30s</code>)</li> <li>
+<code class="language-plaintext highlighter-rouge">--start-period=DURATION</code> (default: <code class="language-plaintext highlighter-rouge">0s</code>)</li> <li>
+<code class="language-plaintext highlighter-rouge">--retries=N</code> (default: <code class="language-plaintext highlighter-rouge">3</code>)</li> </ul> <p>The health check will first run <strong>interval</strong> seconds after the container is started, and then again <strong>interval</strong> seconds after each previous check completes.</p> <p>If a single run of the check takes longer than <strong>timeout</strong> seconds then the check is considered to have failed.</p> <p>It takes <strong>retries</strong> consecutive failures of the health check for the container to be considered <code class="language-plaintext highlighter-rouge">unhealthy</code>.</p> <p><strong>start period</strong> provides initialization time for containers that need time to bootstrap. Probe failure during that period will not be counted towards the maximum number of retries. However, if a health check succeeds during the start period, the container is considered started and all consecutive failures will be counted towards the maximum number of retries.</p> <p>There can only be one <code class="language-plaintext highlighter-rouge">HEALTHCHECK</code> instruction in a Dockerfile. If you list more than one then only the last <code class="language-plaintext highlighter-rouge">HEALTHCHECK</code> will take effect.</p> <p>The command after the <code class="language-plaintext highlighter-rouge">CMD</code> keyword can be either a shell command (e.g. <code class="language-plaintext highlighter-rouge">HEALTHCHECK CMD /bin/check-running</code>) or an <em>exec</em> array (as with other Dockerfile commands; see e.g. <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> for details).</p> <p>The command’s exit status indicates the health status of the container. The possible values are:</p> <ul> <li>0: success - the container is healthy and ready for use</li> <li>1: unhealthy - the container is not working correctly</li> <li>2: reserved - do not use this exit code</li> </ul> <p>For example, to check every five minutes or so that a web-server is able to serve the site’s main page within three seconds:</p> <div class="highlight"><pre class="highlight" data-language="">HEALTHCHECK --interval=5m --timeout=3s \
+  CMD curl -f http://localhost/ || exit 1
+</pre></div> <p>To help debug failing probes, any output text (UTF-8 encoded) that the command writes on stdout or stderr will be stored in the health status and can be queried with <code class="language-plaintext highlighter-rouge">docker inspect</code>. Such output should be kept short (only the first 4096 bytes are stored currently).</p> <p>When the health status of a container changes, a <code class="language-plaintext highlighter-rouge">health_status</code> event is generated with the new status.</p> <h2 id="shell">SHELL</h2> <div class="highlight"><pre class="highlight" data-language="">SHELL ["executable", "parameters"]
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">SHELL</code> instruction allows the default shell used for the <em>shell</em> form of commands to be overridden. The default shell on Linux is <code class="language-plaintext highlighter-rouge">["/bin/sh", "-c"]</code>, and on Windows is <code class="language-plaintext highlighter-rouge">["cmd", "/S", "/C"]</code>. The <code class="language-plaintext highlighter-rouge">SHELL</code> instruction <em>must</em> be written in JSON form in a Dockerfile.</p> <p>The <code class="language-plaintext highlighter-rouge">SHELL</code> instruction is particularly useful on Windows where there are two commonly used and quite different native shells: <code class="language-plaintext highlighter-rouge">cmd</code> and <code class="language-plaintext highlighter-rouge">powershell</code>, as well as alternate shells available including <code class="language-plaintext highlighter-rouge">sh</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">SHELL</code> instruction can appear multiple times. Each <code class="language-plaintext highlighter-rouge">SHELL</code> instruction overrides all previous <code class="language-plaintext highlighter-rouge">SHELL</code> instructions, and affects all subsequent instructions. For example:</p> <div class="highlight"><pre class="highlight" data-language="">FROM microsoft/windowsservercore
+
+# Executed as cmd /S /C echo default
+RUN echo default
+
+# Executed as cmd /S /C powershell -command Write-Host default
+RUN powershell -command Write-Host default
+
+# Executed as powershell -command Write-Host hello
+SHELL ["powershell", "-command"]
+RUN Write-Host hello
+
+# Executed as cmd /S /C echo hello
+SHELL ["cmd", "/S", "/C"]
+RUN echo hello
+</pre></div> <p>The following instructions can be affected by the <code class="language-plaintext highlighter-rouge">SHELL</code> instruction when the <em>shell</em> form of them is used in a Dockerfile: <code class="language-plaintext highlighter-rouge">RUN</code>, <code class="language-plaintext highlighter-rouge">CMD</code> and <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code>.</p> <p>The following example is a common pattern found on Windows which can be streamlined by using the <code class="language-plaintext highlighter-rouge">SHELL</code> instruction:</p> <div class="highlight"><pre class="highlight" data-language="">RUN powershell -command Execute-MyCmdlet -param1 "c:\foo.txt"
+</pre></div> <p>The command invoked by docker will be:</p> <div class="highlight"><pre class="highlight" data-language="">cmd /S /C powershell -command Execute-MyCmdlet -param1 "c:\foo.txt"
+</pre></div> <p>This is inefficient for two reasons. First, there is an un-necessary cmd.exe command processor (aka shell) being invoked. Second, each <code class="language-plaintext highlighter-rouge">RUN</code> instruction in the <em>shell</em> form requires an extra <code class="language-plaintext highlighter-rouge">powershell -command</code> prefixing the command.</p> <p>To make this more efficient, one of two mechanisms can be employed. One is to use the JSON form of the RUN command such as:</p> <div class="highlight"><pre class="highlight" data-language="">RUN ["powershell", "-command", "Execute-MyCmdlet", "-param1 \"c:\\foo.txt\""]
+</pre></div> <p>While the JSON form is unambiguous and does not use the un-necessary cmd.exe, it does require more verbosity through double-quoting and escaping. The alternate mechanism is to use the <code class="language-plaintext highlighter-rouge">SHELL</code> instruction and the <em>shell</em> form, making a more natural syntax for Windows users, especially when combined with the <code class="language-plaintext highlighter-rouge">escape</code> parser directive:</p> <div class="highlight"><pre class="highlight" data-language=""># escape=`
+
+FROM microsoft/nanoserver
+SHELL ["powershell","-command"]
+RUN New-Item -ItemType Directory C:\Example
+ADD Execute-MyCmdlet.ps1 c:\example\
+RUN c:\example\Execute-MyCmdlet -sample 'hello world'
+</pre></div> <p>Resulting in:</p> <div class="highlight"><pre class="highlight" data-language="">PS E:\myproject&gt; docker build -t shell .
+
+Sending build context to Docker daemon 4.096 kB
+Step 1/5 : FROM microsoft/nanoserver
+ ---&gt; 22738ff49c6d
+Step 2/5 : SHELL powershell -command
+ ---&gt; Running in 6fcdb6855ae2
+ ---&gt; 6331462d4300
+Removing intermediate container 6fcdb6855ae2
+Step 3/5 : RUN New-Item -ItemType Directory C:\Example
+ ---&gt; Running in d0eef8386e97
+
+
+    Directory: C:\
+
+
+Mode         LastWriteTime              Length Name
+----         -------------              ------ ----
+d-----       10/28/2016  11:26 AM              Example
+
+
+ ---&gt; 3f2fbf1395d9
+Removing intermediate container d0eef8386e97
+Step 4/5 : ADD Execute-MyCmdlet.ps1 c:\example\
+ ---&gt; a955b2621c31
+Removing intermediate container b825593d39fc
+Step 5/5 : RUN c:\example\Execute-MyCmdlet 'hello world'
+ ---&gt; Running in be6d8e63fe75
+hello world
+ ---&gt; 8e559e9bf424
+Removing intermediate container be6d8e63fe75
+Successfully built 8e559e9bf424
+PS E:\myproject&gt;
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">SHELL</code> instruction could also be used to modify the way in which a shell operates. For example, using <code class="language-plaintext highlighter-rouge">SHELL cmd /S /C /V:ON|OFF</code> on Windows, delayed environment variable expansion semantics could be modified.</p> <p>The <code class="language-plaintext highlighter-rouge">SHELL</code> instruction can also be used on Linux should an alternate shell be required such as <code class="language-plaintext highlighter-rouge">zsh</code>, <code class="language-plaintext highlighter-rouge">csh</code>, <code class="language-plaintext highlighter-rouge">tcsh</code> and others.</p> <h2 id="dockerfile-examples">Dockerfile examples</h2> <p>For examples of Dockerfiles, refer to:</p> <ul> <li>The <a href="https://docs.docker.com/develop/develop-images/dockerfile_best-practices/">“build images” section</a>
+</li> <li>The <a href="../../../get-started/index">“get started</a>
+</li> <li>The <a href="https://docs.docker.com/language/">language-specific getting started guides</a>
+</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=builder">builder</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=Dockerfile">Dockerfile</a>, <a href="https://docs.docker.com/search/?q=automation">automation</a>, <a href="https://docs.docker.com/search/?q=image%20creation">image creation</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/builder/" class="_attribution-link">https://docs.docker.com/engine/reference/builder/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fattach%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fattach%2Findex.html
new file mode 100644
index 00000000..12a221c7
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fattach%2Findex.html
@@ -0,0 +1,65 @@
+<h1>docker attach</h1>  <p><br></p> <p>Attach local standard input, output, and error streams to a running container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker attach [OPTIONS] CONTAINER
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Use <code class="language-plaintext highlighter-rouge">docker attach</code> to attach your terminal’s standard input, output, and error (or any combination of the three) to a running container using the container’s ID or name. This allows you to view its ongoing output or to control it interactively, as though the commands were running directly in your terminal.</p> <blockquote> <p><strong>Note:</strong> The <code class="language-plaintext highlighter-rouge">attach</code> command will display the output of the <code class="language-plaintext highlighter-rouge">ENTRYPOINT/CMD</code> process. This can appear as if the attach command is hung when in fact the process may simply not be interacting with the terminal at that time.</p> </blockquote> <p>You can attach to the same contained process multiple times simultaneously, from different sessions on the Docker host.</p> <p>To stop a container, use <code class="language-plaintext highlighter-rouge">CTRL-c</code>. This key sequence sends <code class="language-plaintext highlighter-rouge">SIGKILL</code> to the container. If <code class="language-plaintext highlighter-rouge">--sig-proxy</code> is true (the default),<code class="language-plaintext highlighter-rouge">CTRL-c</code> sends a <code class="language-plaintext highlighter-rouge">SIGINT</code> to the container. If the container was run with <code class="language-plaintext highlighter-rouge">-i</code> and <code class="language-plaintext highlighter-rouge">-t</code>, you can detach from a container and leave it running using the <code class="language-plaintext highlighter-rouge">CTRL-p CTRL-q</code> key sequence.</p> <blockquote> <p><strong>Note:</strong> A process running as PID 1 inside a container is treated specially by Linux: it ignores any signal with the default action. So, the process will not terminate on <code class="language-plaintext highlighter-rouge">SIGINT</code> or <code class="language-plaintext highlighter-rouge">SIGTERM</code> unless it is coded to do so.</p> </blockquote> <p>It is forbidden to redirect the standard input of a <code class="language-plaintext highlighter-rouge">docker attach</code> command while attaching to a tty-enabled container (i.e.: launched with <code class="language-plaintext highlighter-rouge">-t</code>).</p> <p>While a client is connected to container’s stdio using <code class="language-plaintext highlighter-rouge">docker attach</code>, Docker uses a ~1MB memory buffer to maximize the throughput of the application. If this buffer is filled, the speed of the API connection will start to have an effect on the process output writing speed. This is similar to other applications like SSH. Because of this, it is not recommended to run performance critical applications that generate a lot of output in the foreground over a slow client connection. Instead, users should use the <code class="language-plaintext highlighter-rouge">docker logs</code> command to get access to the logs.</p> <h3 id="override-the-detach-sequence">Override the detach sequence</h3> <p>If you want, you can configure an override the Docker key sequence for detach. This is useful if the Docker default sequence conflicts with key sequence you use for other applications. There are two ways to define your own detach key sequence, as a per-container override or as a configuration property on your entire configuration.</p> <p>To override the sequence for an individual container, use the <code class="language-plaintext highlighter-rouge">--detach-keys="&lt;sequence&gt;"</code> flag with the <code class="language-plaintext highlighter-rouge">docker attach</code> command. The format of the <code class="language-plaintext highlighter-rouge">&lt;sequence&gt;</code> is either a letter [a-Z], or the <code class="language-plaintext highlighter-rouge">ctrl-</code> combined with any of the following:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">a-z</code> (a single lowercase alpha character )</li> <li>
+<code class="language-plaintext highlighter-rouge">@</code> (at sign)</li> <li>
+<code class="language-plaintext highlighter-rouge">[</code> (left bracket)</li> <li>
+<code class="language-plaintext highlighter-rouge">\\</code> (two backward slashes)</li> <li>
+<code class="language-plaintext highlighter-rouge">_</code> (underscore)</li> <li>
+<code class="language-plaintext highlighter-rouge">^</code> (caret)</li> </ul> <p>These <code class="language-plaintext highlighter-rouge">a</code>, <code class="language-plaintext highlighter-rouge">ctrl-a</code>, <code class="language-plaintext highlighter-rouge">X</code>, or <code class="language-plaintext highlighter-rouge">ctrl-\\</code> values are all examples of valid key sequences. To configure a different configuration default key sequence for all containers, see <a href="../cli/index#configuration-files"><strong>Configuration file</strong> section</a>.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--detach-keys</code></td> <td></td> <td>Override the key sequence for detaching a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-stdin</code></td> <td></td> <td>Do not attach STDIN</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sig-proxy</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Proxy all received signals to the process</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="attach-to-and-detach-from-a-running-container">Attach to and detach from a running container</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d --name topdemo ubuntu /usr/bin/top -b
+
+$ docker attach topdemo
+
+top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+Mem:    373572k total,   355560k used,    18012k free,    27872k buffers
+Swap:   786428k total,        0k used,   786428k free,   221740k cached
+
+PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+ 1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top
+
+ top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+ Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+ Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+ Mem:    373572k total,   355244k used,    18328k free,    27872k buffers
+ Swap:   786428k total,        0k used,   786428k free,   221776k cached
+
+   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+       1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
+
+
+ top - 02:05:58 up  3:06,  0 users,  load average: 0.01, 0.02, 0.05
+ Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+ Cpu(s):  0.2%us,  0.3%sy,  0.0%ni, 99.5%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+ Mem:    373572k total,   355780k used,    17792k free,    27880k buffers
+ Swap:   786428k total,        0k used,   786428k free,   221776k cached
+
+ PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+      1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
+^C$
+
+$ echo $?
+0
+$ docker ps -a | grep topdemo
+
+7998ac8581f9        ubuntu:14.04        "/usr/bin/top -b"   38 seconds ago      Exited (0) 21 seconds ago                          topdemo
+</pre></div> <h3 id="get-the-exit-code-of-the-containers-command">Get the exit code of the container’s command</h3> <p>And in this second example, you can see the exit code returned by the <code class="language-plaintext highlighter-rouge">bash</code> process is returned by the <code class="language-plaintext highlighter-rouge">docker attach</code> command to its caller too:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --name test -d -it debian
+275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab
+
+$ docker attach test
+root@f38c87f2a42d:/# exit 13
+
+exit
+
+$ echo $?
+13
+
+$ docker ps -a | grep test
+
+275c44472aeb        debian:7            "/bin/bash"         26 seconds ago      Exited (13) 17 seconds ago                         test
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/attach/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/attach/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuild%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuild%2Findex.html
new file mode 100644
index 00000000..ad2eb257
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuild%2Findex.html
@@ -0,0 +1,180 @@
+<h1>docker build</h1>  <p><br></p> <p>Build an image from a Dockerfile</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker build [OPTIONS] PATH | URL | -
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker build</code> command builds Docker images from a Dockerfile and a “context”. A build’s context is the set of files located in the specified <code class="language-plaintext highlighter-rouge">PATH</code> or <code class="language-plaintext highlighter-rouge">URL</code>. The build process can refer to any of the files in the context. For example, your build can use a <a href="../../builder/index#copy"><em>COPY</em></a> instruction to reference a file in the context.</p> <p>The <code class="language-plaintext highlighter-rouge">URL</code> parameter can refer to three kinds of resources: Git repositories, pre-packaged tarball contexts and plain text files.</p> <h3 id="git-repositories">Git repositories</h3> <p>When the <code class="language-plaintext highlighter-rouge">URL</code> parameter points to the location of a Git repository, the repository acts as the build context. The system recursively fetches the repository and its submodules. The commit history is not preserved. A repository is first pulled into a temporary directory on your local host. After that succeeds, the directory is sent to the Docker daemon as the context. Local copy gives you the ability to access private repositories using local user credentials, VPN’s, and so forth.</p> <blockquote> <p><strong>Note</strong></p> <p>If the <code class="language-plaintext highlighter-rouge">URL</code> parameter contains a fragment the system will recursively clone the repository and its submodules using a <code class="language-plaintext highlighter-rouge">git clone --recursive</code> command.</p> </blockquote> <p>Git URLs accept context configuration in their fragment section, separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>). The first part represents the reference that Git will check out, and can be either a branch, a tag, or a remote reference. The second part represents a subdirectory inside the repository that will be used as a build context.</p> <p>For example, run this command to use a directory called <code class="language-plaintext highlighter-rouge">docker</code> in the branch <code class="language-plaintext highlighter-rouge">container</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build https://github.com/docker/rootfs.git#container:docker
+</pre></div> <p>The following table represents all the valid suffixes with their build contexts:</p> <table> <thead> <tr> <th>Build Syntax Suffix</th> <th>Commit Used</th> <th>Build Context Used</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">myrepo.git</code></td> <td><code class="language-plaintext highlighter-rouge">refs/heads/master</code></td> <td><code class="language-plaintext highlighter-rouge">/</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">myrepo.git#mytag</code></td> <td><code class="language-plaintext highlighter-rouge">refs/tags/mytag</code></td> <td><code class="language-plaintext highlighter-rouge">/</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">myrepo.git#mybranch</code></td> <td><code class="language-plaintext highlighter-rouge">refs/heads/mybranch</code></td> <td><code class="language-plaintext highlighter-rouge">/</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">myrepo.git#pull/42/head</code></td> <td><code class="language-plaintext highlighter-rouge">refs/pull/42/head</code></td> <td><code class="language-plaintext highlighter-rouge">/</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">myrepo.git#:myfolder</code></td> <td><code class="language-plaintext highlighter-rouge">refs/heads/master</code></td> <td><code class="language-plaintext highlighter-rouge">/myfolder</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">myrepo.git#master:myfolder</code></td> <td><code class="language-plaintext highlighter-rouge">refs/heads/master</code></td> <td><code class="language-plaintext highlighter-rouge">/myfolder</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">myrepo.git#mytag:myfolder</code></td> <td><code class="language-plaintext highlighter-rouge">refs/tags/mytag</code></td> <td><code class="language-plaintext highlighter-rouge">/myfolder</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">myrepo.git#mybranch:myfolder</code></td> <td><code class="language-plaintext highlighter-rouge">refs/heads/mybranch</code></td> <td><code class="language-plaintext highlighter-rouge">/myfolder</code></td> </tr> </tbody> </table> <blockquote> <p><strong>Note</strong></p> <p>You cannot specify the build-context directory (<code class="language-plaintext highlighter-rouge">myfolder</code> in the examples above) when using BuildKit as builder (<code class="language-plaintext highlighter-rouge">DOCKER_BUILDKIT=1</code>). Support for this feature is tracked in <a href="https://github.com/moby/buildkit/issues/1684">buildkit#1684</a>.</p> </blockquote> <h3 id="tarball-contexts">Tarball contexts</h3> <p>If you pass an URL to a remote tarball, the URL itself is sent to the daemon:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build http://server/context.tar.gz
+</pre></div> <p>The download operation will be performed on the host the Docker daemon is running on, which is not necessarily the same host from which the build command is being issued. The Docker daemon will fetch <code class="language-plaintext highlighter-rouge">context.tar.gz</code> and use it as the build context. Tarball contexts must be tar archives conforming to the standard <code class="language-plaintext highlighter-rouge">tar</code> UNIX format and can be compressed with any one of the ‘xz’, ‘bzip2’, ‘gzip’ or ‘identity’ (no compression) formats.</p> <h3 id="text-files">Text files</h3> <p>Instead of specifying a context, you can pass a single <code class="language-plaintext highlighter-rouge">Dockerfile</code> in the <code class="language-plaintext highlighter-rouge">URL</code> or pipe the file in via <code class="language-plaintext highlighter-rouge">STDIN</code>. To pipe a <code class="language-plaintext highlighter-rouge">Dockerfile</code> from <code class="language-plaintext highlighter-rouge">STDIN</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build - &lt; Dockerfile
+</pre></div> <p>With Powershell on Windows, you can run:</p> <div class="highlight"><pre class="highlight" data-language="">Get-Content Dockerfile | docker build -
+</pre></div> <p>If you use <code class="language-plaintext highlighter-rouge">STDIN</code> or specify a <code class="language-plaintext highlighter-rouge">URL</code> pointing to a plain text file, the system places the contents into a file called <code class="language-plaintext highlighter-rouge">Dockerfile</code>, and any <code class="language-plaintext highlighter-rouge">-f</code>, <code class="language-plaintext highlighter-rouge">--file</code> option is ignored. In this scenario, there is no context.</p> <p>By default the <code class="language-plaintext highlighter-rouge">docker build</code> command will look for a <code class="language-plaintext highlighter-rouge">Dockerfile</code> at the root of the build context. The <code class="language-plaintext highlighter-rouge">-f</code>, <code class="language-plaintext highlighter-rouge">--file</code>, option lets you specify the path to an alternative file to use instead. This is useful in cases where the same set of files are used for multiple builds. The path must be to a file within the build context. If a relative path is specified then it is interpreted as relative to the root of the context.</p> <p>In most cases, it’s best to put each Dockerfile in an empty directory. Then, add to that directory only the files needed for building the Dockerfile. To increase the build’s performance, you can exclude files and directories by adding a <code class="language-plaintext highlighter-rouge">.dockerignore</code> file to that directory as well. For information on creating one, see the <a href="../../builder/index#dockerignore-file">.dockerignore file</a>.</p> <p>If the Docker client loses connection to the daemon, the build is canceled. This happens if you interrupt the Docker client with <code class="language-plaintext highlighter-rouge">CTRL-c</code> or if the Docker client is killed for any reason. If the build initiated a pull which is still running at the time the build is cancelled, the pull is cancelled as well.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--add-host</code></td> <td></td> <td>Add a custom host-to-IP mapping (host:ip)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--build-arg</code></td> <td></td> <td>Set build-time variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cache-from</code></td> <td></td> <td>Images to consider as cache sources</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroup-parent</code></td> <td></td> <td>Optional parent cgroup for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--compress</code></td> <td></td> <td>Compress the build context using gzip</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-period</code></td> <td></td> <td>Limit the CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-quota</code></td> <td></td> <td>Limit the CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--cpu-shares</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>CPU shares (relative weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-cpus</code></td> <td></td> <td>CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-mems</code></td> <td></td> <td>MEMs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--file</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Name of the Dockerfile (Default is 'PATH/Dockerfile')</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--force-rm</code></td> <td></td> <td>Always remove intermediate containers</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--iidfile</code></td> <td></td> <td>Write the image ID to the file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--isolation</code></td> <td></td> <td>Container isolation technology</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label</code></td> <td></td> <td>Set metadata for an image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--memory</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Memory limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swap</code></td> <td></td> <td>Swap limit equal to memory plus swap: '-1' to enable unlimited swap</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network</code></td> <td></td> <td>Set the networking mode for the RUN instructions during build</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-cache</code></td> <td></td> <td>Do not use cache when building the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--output</code> , <code class="language-plaintext highlighter-rouge">-o</code>
+</td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>Output destination (format: type=local,dest=path)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>Set platform if server is multi-platform capable</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--progress</code></td> <td><code class="language-plaintext highlighter-rouge">auto</code></td> <td>Set type of progress output (auto, plain, tty). Use plain to show container output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pull</code></td> <td></td> <td>Always attempt to pull a newer version of the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress the build output and print image ID on success</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rm</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Remove intermediate containers after a successful build</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--secret</code></td> <td></td> <td>Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--security-opt</code></td> <td></td> <td>Security options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--shm-size</code></td> <td></td> <td>Size of /dev/shm</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--squash</code></td> <td></td> <td>
+<a href="../dockerd/index#daemon-configuration-file" target="_blank" rel="noopener" class="_"><span class="badge badge-warning" data-toggle="tooltip" title="Read about experimental daemon options (in a new window).">experimental (daemon)</span></a><br>Squash newly built layers into a single new layer</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ssh</code></td> <td></td> <td>SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|&lt;id&gt;[=&lt;socket&gt;|&lt;key&gt;[,&lt;key&gt;]])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stream</code></td> <td></td> <td>Stream attaches to server to negotiate build context</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tag</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Name and optionally a tag in the 'name:tag' format</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--target</code></td> <td></td> <td>Set the target build stage to build.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit</code></td> <td></td> <td>Ulimit options</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="build-with-path">Build with PATH</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker build .
+
+Uploading context 10240 bytes
+Step 1/3 : FROM busybox
+Pulling repository busybox
+ ---&gt; e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/
+Step 2/3 : RUN ls -lh /
+ ---&gt; Running in 9c9e81692ae9
+total 24
+drwxr-xr-x    2 root     root        4.0K Mar 12  2013 bin
+drwxr-xr-x    5 root     root        4.0K Oct 19 00:19 dev
+drwxr-xr-x    2 root     root        4.0K Oct 19 00:19 etc
+drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 lib
+lrwxrwxrwx    1 root     root           3 Mar 12  2013 lib64 -&gt; lib
+dr-xr-xr-x  116 root     root           0 Nov 15 23:34 proc
+lrwxrwxrwx    1 root     root           3 Mar 12  2013 sbin -&gt; bin
+dr-xr-xr-x   13 root     root           0 Nov 15 23:34 sys
+drwxr-xr-x    2 root     root        4.0K Mar 12  2013 tmp
+drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 usr
+ ---&gt; b35f4035db3f
+Step 3/3 : CMD echo Hello world
+ ---&gt; Running in 02071fceb21b
+ ---&gt; f52f38b7823e
+Successfully built f52f38b7823e
+Removing intermediate container 9c9e81692ae9
+Removing intermediate container 02071fceb21b
+</pre></div> <p>This example specifies that the <code class="language-plaintext highlighter-rouge">PATH</code> is <code class="language-plaintext highlighter-rouge">.</code>, and so all the files in the local directory get <code class="language-plaintext highlighter-rouge">tar</code>d and sent to the Docker daemon. The <code class="language-plaintext highlighter-rouge">PATH</code> specifies where to find the files for the “context” of the build on the Docker daemon. Remember that the daemon could be running on a remote machine and that no parsing of the Dockerfile happens at the client side (where you’re running <code class="language-plaintext highlighter-rouge">docker build</code>). That means that <em>all</em> the files at <code class="language-plaintext highlighter-rouge">PATH</code> get sent, not just the ones listed to <a href="../../builder/index#add"><em>ADD</em></a> in the Dockerfile.</p> <p>The transfer of context from the local machine to the Docker daemon is what the <code class="language-plaintext highlighter-rouge">docker</code> client means when you see the “Sending build context” message.</p> <p>If you wish to keep the intermediate containers after the build is complete, you must use <code class="language-plaintext highlighter-rouge">--rm=false</code>. This does not affect the build cache.</p> <h3 id="build-with-url">Build with URL</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker build github.com/creack/docker-firefox
+</pre></div> <p>This will clone the GitHub repository and use the cloned repository as context. The Dockerfile at the root of the repository is used as Dockerfile. You can specify an arbitrary Git repository by using the <code class="language-plaintext highlighter-rouge">git://</code> or <code class="language-plaintext highlighter-rouge">git@</code> scheme.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -f ctx/Dockerfile http://server/ctx.tar.gz
+
+Downloading context: http://server/ctx.tar.gz [===================&gt;]    240 B/240 B
+Step 1/3 : FROM busybox
+ ---&gt; 8c2e06607696
+Step 2/3 : ADD ctx/container.cfg /
+ ---&gt; e7829950cee3
+Removing intermediate container b35224abf821
+Step 3/3 : CMD /bin/ls
+ ---&gt; Running in fbc63d321d73
+ ---&gt; 3286931702ad
+Removing intermediate container fbc63d321d73
+Successfully built 377c409b35e4
+</pre></div> <p>This sends the URL <code class="language-plaintext highlighter-rouge">http://server/ctx.tar.gz</code> to the Docker daemon, which downloads and extracts the referenced tarball. The <code class="language-plaintext highlighter-rouge">-f ctx/Dockerfile</code> parameter specifies a path inside <code class="language-plaintext highlighter-rouge">ctx.tar.gz</code> to the <code class="language-plaintext highlighter-rouge">Dockerfile</code> that is used to build the image. Any <code class="language-plaintext highlighter-rouge">ADD</code> commands in that <code class="language-plaintext highlighter-rouge">Dockerfile</code> that refers to local paths must be relative to the root of the contents inside <code class="language-plaintext highlighter-rouge">ctx.tar.gz</code>. In the example above, the tarball contains a directory <code class="language-plaintext highlighter-rouge">ctx/</code>, so the <code class="language-plaintext highlighter-rouge">ADD ctx/container.cfg /</code> operation works as expected.</p> <h3 id="build-with--">Build with -</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker build - &lt; Dockerfile
+</pre></div> <p>This will read a Dockerfile from <code class="language-plaintext highlighter-rouge">STDIN</code> without context. Due to the lack of a context, no contents of any local directory will be sent to the Docker daemon. Since there is no context, a Dockerfile <code class="language-plaintext highlighter-rouge">ADD</code> only works if it refers to a remote URL.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build - &lt; context.tar.gz
+</pre></div> <p>This will build an image for a compressed context read from <code class="language-plaintext highlighter-rouge">STDIN</code>. Supported formats are: bzip2, gzip and xz.</p> <h3 id="use-a-dockerignore-file">Use a .dockerignore file</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker build .
+
+Uploading context 18.829 MB
+Uploading context
+Step 1/2 : FROM busybox
+ ---&gt; 769b9341d937
+Step 2/2 : CMD echo Hello world
+ ---&gt; Using cache
+ ---&gt; 99cc1ad10469
+Successfully built 99cc1ad10469
+$ echo ".git" &gt; .dockerignore
+$ docker build .
+Uploading context  6.76 MB
+Uploading context
+Step 1/2 : FROM busybox
+ ---&gt; 769b9341d937
+Step 2/2 : CMD echo Hello world
+ ---&gt; Using cache
+ ---&gt; 99cc1ad10469
+Successfully built 99cc1ad10469
+</pre></div> <p>This example shows the use of the <code class="language-plaintext highlighter-rouge">.dockerignore</code> file to exclude the <code class="language-plaintext highlighter-rouge">.git</code> directory from the context. Its effect can be seen in the changed size of the uploaded context. The builder reference contains detailed information on <a href="../../builder/index#dockerignore-file">creating a .dockerignore file</a>.</p> <p>When using the <a href="../../builder/index#buildkit">BuildKit backend</a>, <code class="language-plaintext highlighter-rouge">docker build</code> searches for a <code class="language-plaintext highlighter-rouge">.dockerignore</code> file relative to the Dockerfile name. For example, running <code class="language-plaintext highlighter-rouge">docker build -f myapp.Dockerfile .</code> will first look for an ignore file named <code class="language-plaintext highlighter-rouge">myapp.Dockerfile.dockerignore</code>. If such a file is not found, the <code class="language-plaintext highlighter-rouge">.dockerignore</code> file is used if present. Using a Dockerfile based <code class="language-plaintext highlighter-rouge">.dockerignore</code> is useful if a project contains multiple Dockerfiles that expect to ignore different sets of files.</p> <h3 id="tag-an-image--t">Tag an image (-t)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t vieux/apache:2.0 .
+</pre></div> <p>This will build like the previous example, but it will then tag the resulting image. The repository name will be <code class="language-plaintext highlighter-rouge">vieux/apache</code> and the tag will be <code class="language-plaintext highlighter-rouge">2.0</code>. <a href="../tag/index">Read more about valid tags</a>.</p> <p>You can apply multiple tags to an image. For example, you can apply the <code class="language-plaintext highlighter-rouge">latest</code> tag to a newly built image and add another tag that references a specific version. For example, to tag an image both as <code class="language-plaintext highlighter-rouge">whenry/fedora-jboss:latest</code> and <code class="language-plaintext highlighter-rouge">whenry/fedora-jboss:v2.1</code>, use the following:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 .
+</pre></div> <h3 id="specify-a-dockerfile--f">Specify a Dockerfile (-f)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker build -f Dockerfile.debug .
+</pre></div> <p>This will use a file called <code class="language-plaintext highlighter-rouge">Dockerfile.debug</code> for the build instructions instead of <code class="language-plaintext highlighter-rouge">Dockerfile</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ curl example.com/remote/Dockerfile | docker build -f - .
+</pre></div> <p>The above command will use the current directory as the build context and read a Dockerfile from stdin.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug .
+$ docker build -f dockerfiles/Dockerfile.prod  -t myapp_prod .
+</pre></div> <p>The above commands will build the current build context (as specified by the <code class="language-plaintext highlighter-rouge">.</code>) twice, once using a debug version of a <code class="language-plaintext highlighter-rouge">Dockerfile</code> and once using a production version.</p> <div class="highlight"><pre class="highlight" data-language="">$ cd /home/me/myapp/some/dir/really/deep
+$ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp
+$ docker build -f ../../../../dockerfiles/debug /home/me/myapp
+</pre></div> <p>These two <code class="language-plaintext highlighter-rouge">docker build</code> commands do the exact same thing. They both use the contents of the <code class="language-plaintext highlighter-rouge">debug</code> file instead of looking for a <code class="language-plaintext highlighter-rouge">Dockerfile</code> and will use <code class="language-plaintext highlighter-rouge">/home/me/myapp</code> as the root of the build context. Note that <code class="language-plaintext highlighter-rouge">debug</code> is in the directory structure of the build context, regardless of how you refer to it on the command line.</p> <blockquote> <p><strong>Note</strong></p> <p><code class="language-plaintext highlighter-rouge">docker build</code> returns a <code class="language-plaintext highlighter-rouge">no such file or directory</code> error if the file or directory does not exist in the uploaded context. This may happen if there is no context, or if you specify a file that is elsewhere on the Host system. The context is limited to the current directory (and its children) for security reasons, and to ensure repeatable builds on remote Docker hosts. This is also the reason why <code class="language-plaintext highlighter-rouge">ADD ../file</code> does not work.</p> </blockquote> <h3 id="use-a-custom-parent-cgroup---cgroup-parent">Use a custom parent cgroup (--cgroup-parent)</h3> <p>When <code class="language-plaintext highlighter-rouge">docker build</code> is run with the <code class="language-plaintext highlighter-rouge">--cgroup-parent</code> option the containers used in the build will be run with the <a href="../../run/index#specify-custom-cgroups">corresponding <code class="language-plaintext highlighter-rouge">docker run</code> flag</a>.</p> <h3 id="set-ulimits-in-container---ulimit">Set ulimits in container (--ulimit)</h3> <p>Using the <code class="language-plaintext highlighter-rouge">--ulimit</code> option with <code class="language-plaintext highlighter-rouge">docker build</code> will cause each build step’s container to be started using those <a href="../run/index#set-ulimits-in-container---ulimit"><code class="language-plaintext highlighter-rouge">--ulimit</code> flag values</a>.</p> <h3 id="set-build-time-variables---build-arg">Set build-time variables (--build-arg)</h3> <p>You can use <code class="language-plaintext highlighter-rouge">ENV</code> instructions in a Dockerfile to define variable values. These values persist in the built image. However, often persistence is not what you want. Users want to specify variables differently depending on which host they build an image on.</p> <p>A good example is <code class="language-plaintext highlighter-rouge">http_proxy</code> or source versions for pulling intermediate files. The <code class="language-plaintext highlighter-rouge">ARG</code> instruction lets Dockerfile authors define values that users can set at build-time using the <code class="language-plaintext highlighter-rouge">--build-arg</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 --build-arg FTP_PROXY=http://40.50.60.5:4567 .
+</pre></div> <p>This flag allows you to pass the build-time variables that are accessed like regular environment variables in the <code class="language-plaintext highlighter-rouge">RUN</code> instruction of the Dockerfile. Also, these values don’t persist in the intermediate or final images like <code class="language-plaintext highlighter-rouge">ENV</code> values do. You must add <code class="language-plaintext highlighter-rouge">--build-arg</code> for each build argument.</p> <p>Using this flag will not alter the output you see when the <code class="language-plaintext highlighter-rouge">ARG</code> lines from the Dockerfile are echoed during the build process.</p> <p>For detailed information on using <code class="language-plaintext highlighter-rouge">ARG</code> and <code class="language-plaintext highlighter-rouge">ENV</code> instructions, see the <a href="../../builder/index">Dockerfile reference</a>.</p> <p>You may also use the <code class="language-plaintext highlighter-rouge">--build-arg</code> flag without a value, in which case the value from the local environment will be propagated into the Docker container being built:</p> <div class="highlight"><pre class="highlight" data-language="">$ export HTTP_PROXY=http://10.20.30.2:1234
+$ docker build --build-arg HTTP_PROXY .
+</pre></div> <p>This is similar to how <code class="language-plaintext highlighter-rouge">docker run -e</code> works. Refer to the <a href="../run/index#set-environment-variables--e---env---env-file"><code class="language-plaintext highlighter-rouge">docker run</code> documentation</a> for more information.</p> <h3 id="optional-security-options---security-opt">Optional security options (--security-opt)</h3> <p>This flag is only supported on a daemon running on Windows, and only supports the <code class="language-plaintext highlighter-rouge">credentialspec</code> option. The <code class="language-plaintext highlighter-rouge">credentialspec</code> must be in the format <code class="language-plaintext highlighter-rouge">file://spec.txt</code> or <code class="language-plaintext highlighter-rouge">registry://keyname</code>.</p> <h3 id="specify-isolation-technology-for-container---isolation">Specify isolation technology for container (--isolation)</h3> <p>This option is useful in situations where you are running Docker containers on Windows. The <code class="language-plaintext highlighter-rouge">--isolation=&lt;value&gt;</code> option sets a container’s isolation technology. On Linux, the only supported is the <code class="language-plaintext highlighter-rouge">default</code> option which uses Linux namespaces. On Microsoft Windows, you can specify these values:</p> <table> <thead> <tr> <th>Value</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">default</code></td> <td>Use the value specified by the Docker daemon’s <code class="language-plaintext highlighter-rouge">--exec-opt</code> . If the <code class="language-plaintext highlighter-rouge">daemon</code> does not specify an isolation technology, Microsoft Windows uses <code class="language-plaintext highlighter-rouge">process</code> as its default value.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">process</code></td> <td>Namespace isolation only.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">hyperv</code></td> <td>Hyper-V hypervisor partition-based isolation.</td> </tr> </tbody> </table> <p>Specifying the <code class="language-plaintext highlighter-rouge">--isolation</code> flag without a value is the same as setting <code class="language-plaintext highlighter-rouge">--isolation="default"</code>.</p> <h3 id="add-entries-to-container-hosts-file---add-host">Add entries to container hosts file (--add-host)</h3> <p>You can add other hosts into a container’s <code class="language-plaintext highlighter-rouge">/etc/hosts</code> file by using one or more <code class="language-plaintext highlighter-rouge">--add-host</code> flags. This example adds a static address for a host named <code class="language-plaintext highlighter-rouge">docker</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --add-host=docker:10.180.0.1 .
+</pre></div> <h3 id="specifying-target-build-stage---target">Specifying target build stage (--target)</h3> <p>When building a Dockerfile with multiple build stages, <code class="language-plaintext highlighter-rouge">--target</code> can be used to specify an intermediate build stage by name as a final stage for the resulting image. Commands after the target stage will be skipped.</p> <div class="highlight"><pre class="highlight" data-language="">FROM debian AS build-env
+# ...
+
+FROM alpine AS production-env
+# ...
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t mybuildimage --target build-env .
+</pre></div> <h3 id="custom-build-outputs">Custom build outputs</h3> <p>By default, a local container image is created from the build result. The <code class="language-plaintext highlighter-rouge">--output</code> (or <code class="language-plaintext highlighter-rouge">-o</code>) flag allows you to override this behavior, and a specify a custom exporter. For example, custom exporters allow you to export the build artifacts as files on the local filesystem instead of a Docker image, which can be useful for generating local binaries, code generation etc.</p> <p>The value for <code class="language-plaintext highlighter-rouge">--output</code> is a CSV-formatted string defining the exporter type and options. Currently, <code class="language-plaintext highlighter-rouge">local</code> and <code class="language-plaintext highlighter-rouge">tar</code> exporters are supported. The <code class="language-plaintext highlighter-rouge">local</code> exporter writes the resulting build files to a directory on the client side. The <code class="language-plaintext highlighter-rouge">tar</code> exporter is similar but writes the files as a single tarball (<code class="language-plaintext highlighter-rouge">.tar</code>).</p> <p>If no type is specified, the value defaults to the output directory of the local exporter. Use a hyphen (<code class="language-plaintext highlighter-rouge">-</code>) to write the output tarball to standard output (<code class="language-plaintext highlighter-rouge">STDOUT</code>).</p> <p>The following example builds an image using the current directory (<code class="language-plaintext highlighter-rouge">.</code>) as build context, and exports the files to a directory named <code class="language-plaintext highlighter-rouge">out</code> in the current directory. If the directory does not exist, Docker creates the directory automatically:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -o out .
+</pre></div> <p>The example above uses the short-hand syntax, omitting the <code class="language-plaintext highlighter-rouge">type</code> options, and thus uses the default (<code class="language-plaintext highlighter-rouge">local</code>) exporter. The example below shows the equivalent using the long-hand CSV syntax, specifying both <code class="language-plaintext highlighter-rouge">type</code> and <code class="language-plaintext highlighter-rouge">dest</code> (destination path):</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --output type=local,dest=out .
+</pre></div> <p>Use the <code class="language-plaintext highlighter-rouge">tar</code> type to export the files as a <code class="language-plaintext highlighter-rouge">.tar</code> archive:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --output type=tar,dest=out.tar .
+</pre></div> <p>The example below shows the equivalent when using the short-hand syntax. In this case, <code class="language-plaintext highlighter-rouge">-</code> is specified as destination, which automatically selects the <code class="language-plaintext highlighter-rouge">tar</code> type, and writes the output tarball to standard output, which is then redirected to the <code class="language-plaintext highlighter-rouge">out.tar</code> file:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -o - . &gt; out.tar
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">--output</code> option exports all files from the target stage. A common pattern for exporting only specific files is to do multi-stage builds and to copy the desired files to a new scratch stage with <a href="../../builder/index#copy"><code class="language-plaintext highlighter-rouge">COPY --from</code></a>.</p> <p>The example <code class="language-plaintext highlighter-rouge">Dockerfile</code> below uses a separate stage to collect the build-artifacts for exporting:</p> <div class="highlight"><pre class="highlight" data-language="">FROM golang AS build-stage
+RUN go get -u github.com/LK4D4/vndr
+
+FROM scratch AS export-stage
+COPY --from=build-stage /go/bin/vndr /
+</pre></div> <p>When building the Dockerfile with the <code class="language-plaintext highlighter-rouge">-o</code> option, only the files from the final stage are exported to the <code class="language-plaintext highlighter-rouge">out</code> directory, in this case, the <code class="language-plaintext highlighter-rouge">vndr</code> binary:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -o out .
+
+[+] Building 2.3s (7/7) FINISHED
+ =&gt; [internal] load build definition from Dockerfile                                                                          0.1s
+ =&gt; =&gt; transferring dockerfile: 176B                                                                                          0.0s
+ =&gt; [internal] load .dockerignore                                                                                             0.0s
+ =&gt; =&gt; transferring context: 2B                                                                                               0.0s
+ =&gt; [internal] load metadata for docker.io/library/golang:latest                                                              1.6s
+ =&gt; [build-stage 1/2] FROM docker.io/library/golang@sha256:2df96417dca0561bf1027742dcc5b446a18957cd28eba6aa79269f23f1846d3f   0.0s
+ =&gt; =&gt; resolve docker.io/library/golang@sha256:2df96417dca0561bf1027742dcc5b446a18957cd28eba6aa79269f23f1846d3f               0.0s
+ =&gt; CACHED [build-stage 2/2] RUN go get -u github.com/LK4D4/vndr                                                              0.0s
+ =&gt; [export-stage 1/1] COPY --from=build-stage /go/bin/vndr /                                                                 0.2s
+ =&gt; exporting to client                                                                                                       0.4s
+ =&gt; =&gt; copying files 10.30MB                                                                                                  0.3s
+
+$ ls ./out
+vndr
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>This feature requires the BuildKit backend. You can either <a href="../../builder/index#buildkit">enable BuildKit</a> or use the <a href="https://github.com/docker/buildx">buildx</a> plugin which provides more output type options.</p> </blockquote> <h3 id="specifying-external-cache-sources">Specifying external cache sources</h3> <p>In addition to local build cache, the builder can reuse the cache generated from previous builds with the <code class="language-plaintext highlighter-rouge">--cache-from</code> flag pointing to an image in the registry.</p> <p>To use an image as a cache source, cache metadata needs to be written into the image on creation. This can be done by setting <code class="language-plaintext highlighter-rouge">--build-arg BUILDKIT_INLINE_CACHE=1</code> when building the image. After that, the built image can be used as a cache source for subsequent builds.</p> <p>Upon importing the cache, the builder will only pull the JSON metadata from the registry and determine possible cache hits based on that information. If there is a cache hit, the matched layers are pulled into the local environment.</p> <p>In addition to images, the cache can also be pulled from special cache manifests generated by <a href="https://github.com/docker/buildx"><code class="language-plaintext highlighter-rouge">buildx</code></a> or the BuildKit CLI (<code class="language-plaintext highlighter-rouge">buildctl</code>). These manifests (when built with the <code class="language-plaintext highlighter-rouge">type=registry</code> and <code class="language-plaintext highlighter-rouge">mode=max</code> options) allow pulling layer data for intermediate stages in multi-stage builds.</p> <p>The following example builds an image with inline-cache metadata and pushes it to a registry, then uses the image as a cache source on another machine:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t myname/myapp --build-arg BUILDKIT_INLINE_CACHE=1 .
+$ docker push myname/myapp
+</pre></div> <p>After pushing the image, the image is used as cache source on another machine. BuildKit automatically pulls the image from the registry if needed.</p> <p>On another machine:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --cache-from myname/myapp .
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>This feature requires the BuildKit backend. You can either <a href="../../builder/index#buildkit">enable BuildKit</a> or use the <a href="https://github.com/docker/buildx">buildx</a> plugin. The previous builder has limited support for reusing cache from pre-pulled images.</p> </blockquote> <h3 id="squash-an-images-layers---squash-experimental">Squash an image’s layers (--squash) (experimental)</h3> <h4 id="overview">Overview</h4> <p>Once the image is built, squash the new layers into a new image with a single new layer. Squashing does not destroy any existing image, rather it creates a new image with the content of the squashed layers. This effectively makes it look like all <code class="language-plaintext highlighter-rouge">Dockerfile</code> commands were created with a single layer. The build cache is preserved with this method.</p> <p>The <code class="language-plaintext highlighter-rouge">--squash</code> option is an experimental feature, and should not be considered stable.</p> <p>Squashing layers can be beneficial if your Dockerfile produces multiple layers modifying the same files, for example, files that are created in one step, and removed in another step. For other use-cases, squashing images may actually have a negative impact on performance; when pulling an image consisting of multiple layers, layers can be pulled in parallel, and allows sharing layers between images (saving space).</p> <p>For most use cases, multi-stage builds are a better alternative, as they give more fine-grained control over your build, and can take advantage of future optimizations in the builder. Refer to the <a href="https://docs.docker.com/develop/develop-images/multistage-build/">use multi-stage builds</a> section in the userguide for more information.</p> <h4 id="known-limitations">Known limitations</h4> <p>The <code class="language-plaintext highlighter-rouge">--squash</code> option has a number of known limitations:</p> <ul> <li>When squashing layers, the resulting image cannot take advantage of layer sharing with other images, and may use significantly more space. Sharing the base image is still supported.</li> <li>When using this option you may see significantly more space used due to storing two copies of the image, one for the build cache with all the cache layers intact, and one for the squashed version.</li> <li>While squashing layers may produce smaller images, it may have a negative impact on performance, as a single layer takes longer to extract, and downloading a single layer cannot be parallelized.</li> <li>When attempting to squash an image that does not make changes to the filesystem (for example, the Dockerfile only contains <code class="language-plaintext highlighter-rouge">ENV</code> instructions), the squash step will fail (see <a href="https://github.com/moby/moby/issues/33823">issue #33823</a>).</li> </ul> <h4 id="prerequisites">Prerequisites</h4> <p>The example on this page is using experimental mode in Docker 19.03.</p> <p>Experimental mode can be enabled by using the <code class="language-plaintext highlighter-rouge">--experimental</code> flag when starting the Docker daemon or setting <code class="language-plaintext highlighter-rouge">experimental: true</code> in the <code class="language-plaintext highlighter-rouge">daemon.json</code> configuration file.</p> <p>By default, experimental mode is disabled. To see the current configuration of the docker daemon, use the <code class="language-plaintext highlighter-rouge">docker version</code> command and check the <code class="language-plaintext highlighter-rouge">Experimental</code> line in the <code class="language-plaintext highlighter-rouge">Engine</code> section:</p> <div class="highlight"><pre class="highlight" data-language="">Client: Docker Engine - Community
+ Version:           19.03.8
+ API version:       1.40
+ Go version:        go1.12.17
+ Git commit:        afacb8b
+ Built:             Wed Mar 11 01:21:11 2020
+ OS/Arch:           darwin/amd64
+ Experimental:      false
+
+Server: Docker Engine - Community
+ Engine:
+  Version:          19.03.8
+  API version:      1.40 (minimum version 1.12)
+  Go version:       go1.12.17
+  Git commit:       afacb8b
+  Built:            Wed Mar 11 01:29:16 2020
+  OS/Arch:          linux/amd64
+  Experimental:     true
+ [...]
+</pre></div> <p>To enable experimental mode, users need to restart the docker daemon with the experimental flag enabled.</p> <h4 id="enable-docker-experimental">Enable Docker experimental</h4> <p>To enable experimental features, you need to start the Docker daemon with <code class="language-plaintext highlighter-rouge">--experimental</code> flag. You can also enable the daemon flag via <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code>, for example:</p> <div class="highlight"><pre class="highlight" data-language="">{
+    "experimental": true
+}
+</pre></div> <p>Then make sure the experimental flag is enabled:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker version -f '{{.Server.Experimental}}'
+true
+</pre></div> <h4 id="build-an-image-with---squash-argument">Build an image with <code class="language-plaintext highlighter-rouge">--squash</code> argument</h4> <p>The following is an example of docker build with <code class="language-plaintext highlighter-rouge">--squash</code> argument</p> <div class="highlight"><pre class="highlight" data-language="">FROM busybox
+RUN echo hello &gt; /hello
+RUN echo world &gt;&gt; /hello
+RUN touch remove_me /remove_me
+ENV HELLO=world
+RUN rm /remove_me
+</pre></div> <p>An image named <code class="language-plaintext highlighter-rouge">test</code> is built with <code class="language-plaintext highlighter-rouge">--squash</code> argument.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --squash -t test .
+
+&lt;...&gt;
+</pre></div> <p>If everything is right, the history looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker history test
+
+IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
+4e10cb5b4cac        3 seconds ago                                                       12 B                merge sha256:88a7b0112a41826885df0e7072698006ee8f621c6ab99fca7fe9151d7b599702 to sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb
+&lt;missing&gt;           5 minutes ago       /bin/sh -c rm /remove_me                        0 B
+&lt;missing&gt;           5 minutes ago       /bin/sh -c #(nop) ENV HELLO=world               0 B
+&lt;missing&gt;           5 minutes ago       /bin/sh -c touch remove_me /remove_me           0 B
+&lt;missing&gt;           5 minutes ago       /bin/sh -c echo world &gt;&gt; /hello                 0 B
+&lt;missing&gt;           6 minutes ago       /bin/sh -c echo hello &gt; /hello                  0 B
+&lt;missing&gt;           7 weeks ago         /bin/sh -c #(nop) CMD ["sh"]                    0 B
+&lt;missing&gt;           7 weeks ago         /bin/sh -c #(nop) ADD file:47ca6e777c36a4cfff   1.113 MB
+</pre></div> <p>We could find that a layer’s name is <code class="language-plaintext highlighter-rouge">&lt;missing&gt;</code>, and there is a new layer with COMMENT <code class="language-plaintext highlighter-rouge">merge</code>.</p> <p>Test the image, check for <code class="language-plaintext highlighter-rouge">/remove_me</code> being gone, make sure <code class="language-plaintext highlighter-rouge">hello\nworld</code> is in <code class="language-plaintext highlighter-rouge">/hello</code>, make sure the <code class="language-plaintext highlighter-rouge">HELLO</code> environment variable’s value is <code class="language-plaintext highlighter-rouge">world</code>.</p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/build/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/build/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuilder%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuilder%2Findex.html
new file mode 100644
index 00000000..922282c4
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuilder%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker builder</h1>  <p><br></p> <p>Manage builds</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker builder COMMAND
+</pre></div>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../builder_build/index">docker builder build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../builder_prune/index">docker builder prune</a></td> <td>Remove build cache</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/builder/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/builder/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuilder_build%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuilder_build%2Findex.html
new file mode 100644
index 00000000..4e6dce75
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuilder_build%2Findex.html
@@ -0,0 +1,22 @@
+<h1>docker builder build</h1>  <p><br></p> <p>Build an image from a Dockerfile</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker builder build [OPTIONS] PATH | URL | -
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--add-host</code></td> <td></td> <td>Add a custom host-to-IP mapping (host:ip)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--build-arg</code></td> <td></td> <td>Set build-time variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cache-from</code></td> <td></td> <td>Images to consider as cache sources</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroup-parent</code></td> <td></td> <td>Optional parent cgroup for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--compress</code></td> <td></td> <td>Compress the build context using gzip</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-period</code></td> <td></td> <td>Limit the CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-quota</code></td> <td></td> <td>Limit the CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--cpu-shares</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>CPU shares (relative weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-cpus</code></td> <td></td> <td>CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-mems</code></td> <td></td> <td>MEMs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--file</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Name of the Dockerfile (Default is 'PATH/Dockerfile')</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--force-rm</code></td> <td></td> <td>Always remove intermediate containers</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--iidfile</code></td> <td></td> <td>Write the image ID to the file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--isolation</code></td> <td></td> <td>Container isolation technology</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label</code></td> <td></td> <td>Set metadata for an image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--memory</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Memory limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swap</code></td> <td></td> <td>Swap limit equal to memory plus swap: '-1' to enable unlimited swap</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network</code></td> <td></td> <td>Set the networking mode for the RUN instructions during build</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-cache</code></td> <td></td> <td>Do not use cache when building the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--output</code> , <code class="language-plaintext highlighter-rouge">-o</code>
+</td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.31 API reference (in a new window)">API 1.40+</span></a><br>Output destination (format: type=local,dest=path)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.31 API reference (in a new window)">API 1.40+</span></a><br>Set platform if server is multi-platform capable</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--progress</code></td> <td><code class="language-plaintext highlighter-rouge">auto</code></td> <td>Set type of progress output (auto, plain, tty). Use plain to show container output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pull</code></td> <td></td> <td>Always attempt to pull a newer version of the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress the build output and print image ID on success</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rm</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Remove intermediate containers after a successful build</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--secret</code></td> <td></td> <td>Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--security-opt</code></td> <td></td> <td>Security options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--shm-size</code></td> <td></td> <td>Size of /dev/shm</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--squash</code></td> <td></td> <td>
+<a href="../dockerd/index#daemon-configuration-file" target="_blank" rel="noopener" class="_"><span class="badge badge-warning" data-toggle="tooltip" title="Read about experimental daemon options (in a new window).">experimental (daemon)</span></a><br>Squash newly built layers into a single new layer</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ssh</code></td> <td></td> <td>SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|&lt;id&gt;[=&lt;socket&gt;|&lt;key&gt;[,&lt;key&gt;]])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stream</code></td> <td></td> <td>Stream attaches to server to negotiate build context</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tag</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Name and optionally a tag in the 'name:tag' format</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--target</code></td> <td></td> <td>Set the target build stage to build.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit</code></td> <td></td> <td>Ulimit options</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../builder/index">docker builder</a></td> <td style="text-align: left">Manage builds</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker builder build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../builder_prune/index">docker builder prune</a></td> <td>Remove build cache</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/builder_build/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/builder_build/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuilder_prune%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuilder_prune%2Findex.html
new file mode 100644
index 00000000..44887efe
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fbuilder_prune%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker builder prune</h1>  <p><br></p> <p>Remove build cache</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker builder prune
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Remove all unused build cache, not just dangling ones</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--filter</code></td> <td></td> <td>Provide filter values (e.g. 'until=24h')</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Do not prompt for confirmation</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--keep-storage</code></td> <td></td> <td>Amount of disk space to keep for cache</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../builder/index">docker builder</a></td> <td style="text-align: left">Manage builds</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../builder_build/index">docker builder build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="index">docker builder prune</a></td> <td>Remove build cache</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/builder_prune/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/builder_prune/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint%2Findex.html
new file mode 100644
index 00000000..fc824e94
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint%2Findex.html
@@ -0,0 +1,30 @@
+<h1>docker checkpoint</h1>  <p><br></p> <p>Manage checkpoints</p> <blockquote> <p>This command is experimental.</p> <p>This command is experimental on the Docker daemon. It should not be used in production environments. To enable experimental features on the Docker daemon, edit the <a href="../dockerd/index#daemon-configuration-file">daemon.json</a> and set <code class="language-plaintext highlighter-rouge">experimental</code> to <code class="language-plaintext highlighter-rouge">true</code>.</p>  <p>Experimental features provide early access to future product functionality. These features are intended for testing and feedback only as they may change between releases without warning or can be removed entirely from a future release. Experimental features must not be used in production environments. Docker does not offer support for experimental features.</p> </blockquote> <p>For a list of current experimental features in the Docker CLI, see <a href="https://github.com/docker/cli/blob/master/experimental/README/">Docker CLI Experimental features</a>.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker checkpoint COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Checkpoint and Restore is an experimental feature that allows you to freeze a running container by checkpointing it, which turns its state into a collection of files on disk. Later, the container can be restored from the point it was frozen.</p> <p>This is accomplished using a tool called <a href="https://criu.org">CRIU</a>, which is an external dependency of this feature. A good overview of the history of checkpoint and restore in Docker is available in this <a href="https://kubernetes.io/blog/2015/07/how-did-quake-demo-from-dockercon-work/">Kubernetes blog post</a>.</p> <h3 id="installing-criu">Installing CRIU</h3> <p>If you use a Debian system, you can add the CRIU PPA and install with <code class="language-plaintext highlighter-rouge">apt-get</code> <a href="https://launchpad.net/~criu/+archive/ubuntu/ppa">from the criu launchpad</a>.</p> <p>Alternatively, you can <a href="https://criu.org/Installation">build CRIU from source</a>.</p> <p>You need at least version 2.0 of CRIU to run checkpoint and restore in Docker.</p> <h3 id="use-cases-for-checkpoint-and-restore">Use cases for checkpoint and restore</h3> <p>This feature is currently focused on single-host use cases for checkpoint and restore. Here are a few:</p> <ul> <li>Restarting the host machine without stopping/starting containers</li> <li>Speeding up the start time of slow start applications</li> <li>“Rewinding” processes to an earlier point in time</li> <li>“Forensic debugging” of running processes</li> </ul> <p>Another primary use case of checkpoint and restore outside of Docker is the live migration of a server from one machine to another. This is possible with the current implementation, but not currently a priority (and so the workflow is not optimized for the task).</p> <h3 id="using-checkpoint-and-restore">Using checkpoint and restore</h3> <p>A new top level command <code class="language-plaintext highlighter-rouge">docker checkpoint</code> is introduced, with three subcommands:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">docker checkpoint create</code> (creates a new checkpoint)</li> <li>
+<code class="language-plaintext highlighter-rouge">docker checkpoint ls</code> (lists existing checkpoints)</li> <li>
+<code class="language-plaintext highlighter-rouge">docker checkpoint rm</code> (deletes an existing checkpoint)</li> </ul> <p>Additionally, a <code class="language-plaintext highlighter-rouge">--checkpoint</code> flag is added to the <code class="language-plaintext highlighter-rouge">docker container start</code> command.</p> <p>The options for <code class="language-plaintext highlighter-rouge">docker checkpoint create</code>:</p> <div class="highlight"><pre class="highlight" data-language="">Usage:  docker checkpoint create [OPTIONS] CONTAINER CHECKPOINT
+
+Create a checkpoint from a running container
+
+  --leave-running=false    Leave the container running after checkpoint
+  --checkpoint-dir         Use a custom checkpoint storage directory
+</pre></div> <p>And to restore a container:</p> <div class="highlight"><pre class="highlight" data-language="">Usage:  docker start --checkpoint CHECKPOINT_ID [OTHER OPTIONS] CONTAINER
+</pre></div> <p>Example of using checkpoint and restore on a container:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --security-opt=seccomp:unconfined --name cr -d busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
+abc0123
+
+$ docker checkpoint create cr checkpoint1
+
+# &lt;later&gt;
+$ docker start --checkpoint checkpoint1 cr
+abc0123
+</pre></div> <p>This process just logs an incrementing counter to stdout. If you run <code class="language-plaintext highlighter-rouge">docker logs</code> in between running/checkpoint/restoring you should see that the counter increases while the process is running, stops while it’s checkpointed, and resumes from the point it left off once you restore.</p> <h3 id="known-limitations">Known limitations</h3> <p>seccomp is only supported by CRIU in very up to date kernels.</p> <p>External terminal (i.e. <code class="language-plaintext highlighter-rouge">docker run -t ..</code>) is not supported at the moment. If you try to create a checkpoint for a container with an external terminal, it would fail:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker checkpoint create cr checkpoint1
+Error response from daemon: Cannot checkpoint container c1: rpc error: code = 2 desc = exit status 1: "criu failed: type NOTIFY errno 0\nlog file: /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log\n"
+
+$ cat /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log
+Error (mount.c:740): mnt: 126:./dev/console doesn't have a proper root mount
+</pre></div>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../checkpoint_create/index">docker checkpoint create</a></td> <td>Create a checkpoint from a running container</td> </tr> <tr> <td><a href="../checkpoint_ls/index">docker checkpoint ls</a></td> <td>List checkpoints for a container</td> </tr> <tr> <td><a href="../checkpoint_rm/index">docker checkpoint rm</a></td> <td>Remove a checkpoint</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/checkpoint/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/checkpoint/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint_create%2Findex.html
new file mode 100644
index 00000000..5a965954
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint_create%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker checkpoint create</h1>  <p><br></p> <p>Create a checkpoint from a running container</p> <blockquote> <p>This command is experimental.</p> <p>This command is experimental on the Docker daemon. It should not be used in production environments. To enable experimental features on the Docker daemon, edit the <a href="../dockerd/index#daemon-configuration-file">daemon.json</a> and set <code class="language-plaintext highlighter-rouge">experimental</code> to <code class="language-plaintext highlighter-rouge">true</code>.</p>  <p>Experimental features provide early access to future product functionality. These features are intended for testing and feedback only as they may change between releases without warning or can be removed entirely from a future release. Experimental features must not be used in production environments. Docker does not offer support for experimental features.</p> </blockquote> <p>For a list of current experimental features in the Docker CLI, see <a href="https://github.com/docker/cli/blob/master/experimental/README/">Docker CLI Experimental features</a>.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker checkpoint create [OPTIONS] CONTAINER CHECKPOINT
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--checkpoint-dir</code></td> <td></td> <td>Use a custom checkpoint storage directory</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--leave-running</code></td> <td></td> <td>Leave the container running after checkpoint</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../checkpoint/index">docker checkpoint</a></td> <td style="text-align: left">Manage checkpoints</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker checkpoint create</a></td> <td>Create a checkpoint from a running container</td> </tr> <tr> <td><a href="../checkpoint_ls/index">docker checkpoint ls</a></td> <td>List checkpoints for a container</td> </tr> <tr> <td><a href="../checkpoint_rm/index">docker checkpoint rm</a></td> <td>Remove a checkpoint</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/checkpoint_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/checkpoint_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint_ls%2Findex.html
new file mode 100644
index 00000000..013b15ea
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint_ls%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker checkpoint ls</h1>  <p><br></p> <p>List checkpoints for a container</p> <blockquote> <p>This command is experimental.</p> <p>This command is experimental on the Docker daemon. It should not be used in production environments. To enable experimental features on the Docker daemon, edit the <a href="../dockerd/index#daemon-configuration-file">daemon.json</a> and set <code class="language-plaintext highlighter-rouge">experimental</code> to <code class="language-plaintext highlighter-rouge">true</code>.</p>  <p>Experimental features provide early access to future product functionality. These features are intended for testing and feedback only as they may change between releases without warning or can be removed entirely from a future release. Experimental features must not be used in production environments. Docker does not offer support for experimental features.</p> </blockquote> <p>For a list of current experimental features in the Docker CLI, see <a href="https://github.com/docker/cli/blob/master/experimental/README/">Docker CLI Experimental features</a>.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker checkpoint ls [OPTIONS] CONTAINER
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--checkpoint-dir</code></td> <td></td> <td>Use a custom checkpoint storage directory</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../checkpoint/index">docker checkpoint</a></td> <td style="text-align: left">Manage checkpoints</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../checkpoint_create/index">docker checkpoint create</a></td> <td>Create a checkpoint from a running container</td> </tr> <tr> <td><a href="index">docker checkpoint ls</a></td> <td>List checkpoints for a container</td> </tr> <tr> <td><a href="../checkpoint_rm/index">docker checkpoint rm</a></td> <td>Remove a checkpoint</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/checkpoint_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/checkpoint_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint_rm%2Findex.html
new file mode 100644
index 00000000..7cefd72c
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcheckpoint_rm%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker checkpoint rm</h1>  <p><br></p> <p>Remove a checkpoint</p> <blockquote> <p>This command is experimental.</p> <p>This command is experimental on the Docker daemon. It should not be used in production environments. To enable experimental features on the Docker daemon, edit the <a href="../dockerd/index#daemon-configuration-file">daemon.json</a> and set <code class="language-plaintext highlighter-rouge">experimental</code> to <code class="language-plaintext highlighter-rouge">true</code>.</p>  <p>Experimental features provide early access to future product functionality. These features are intended for testing and feedback only as they may change between releases without warning or can be removed entirely from a future release. Experimental features must not be used in production environments. Docker does not offer support for experimental features.</p> </blockquote> <p>For a list of current experimental features in the Docker CLI, see <a href="https://github.com/docker/cli/blob/master/experimental/README/">Docker CLI Experimental features</a>.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker checkpoint rm [OPTIONS] CONTAINER CHECKPOINT
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--checkpoint-dir</code></td> <td></td> <td>Use a custom checkpoint storage directory</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../checkpoint/index">docker checkpoint</a></td> <td style="text-align: left">Manage checkpoints</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../checkpoint_create/index">docker checkpoint create</a></td> <td>Create a checkpoint from a running container</td> </tr> <tr> <td><a href="../checkpoint_ls/index">docker checkpoint ls</a></td> <td>List checkpoints for a container</td> </tr> <tr> <td><a href="index">docker checkpoint rm</a></td> <td>Remove a checkpoint</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/checkpoint_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/checkpoint_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcli%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcli%2Findex.html
new file mode 100644
index 00000000..c7e152f7
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcli%2Findex.html
@@ -0,0 +1,104 @@
+<h1>Use the Docker command line</h1> <h2 id="docker">docker</h2> <p>To list available commands, either run <code class="language-plaintext highlighter-rouge">docker</code> with no parameters or execute <code class="language-plaintext highlighter-rouge">docker help</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker
+Usage: docker [OPTIONS] COMMAND [ARG...]
+       docker [ --help | -v | --version ]
+
+A self-sufficient runtime for containers.
+
+Options:
+      --config string      Location of client config files (default "/root/.docker")
+  -c, --context string     Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker context use")
+  -D, --debug              Enable debug mode
+      --help               Print usage
+  -H, --host value         Daemon socket(s) to connect to (default [])
+  -l, --log-level string   Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
+      --tls                Use TLS; implied by --tlsverify
+      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
+      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
+      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
+      --tlsverify          Use TLS and verify the remote
+  -v, --version            Print version information and quit
+
+Commands:
+    attach    Attach to a running container
+    # […]
+</pre></div> <h2 id="description">Description</h2> <p>Depending on your Docker system configuration, you may be required to preface each <code class="language-plaintext highlighter-rouge">docker</code> command with <code class="language-plaintext highlighter-rouge">sudo</code>. To avoid having to use <code class="language-plaintext highlighter-rouge">sudo</code> with the <code class="language-plaintext highlighter-rouge">docker</code> command, your system administrator can create a Unix group called <code class="language-plaintext highlighter-rouge">docker</code> and add users to it.</p> <p>For more information about installing Docker or <code class="language-plaintext highlighter-rouge">sudo</code> configuration, refer to the <a href="https://docs.docker.com/install/">installation</a> instructions for your operating system.</p> <h2 id="environment-variables">Environment variables</h2> <p>The following list of environment variables are supported by the <code class="language-plaintext highlighter-rouge">docker</code> command line:</p> <table> <thead> <tr> <th style="text-align: left">Variable</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_API_VERSION</code></td> <td style="text-align: left">Override the negotiated API version to use for debugging (e.g. <code class="language-plaintext highlighter-rouge">1.19</code>)</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_CERT_PATH</code></td> <td style="text-align: left">Location of your authentication keys. This variable is used both by the <code class="language-plaintext highlighter-rouge">docker</code> CLI and the <a href="../dockerd/index"><code class="language-plaintext highlighter-rouge">dockerd</code> daemon</a>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_CONFIG</code></td> <td style="text-align: left">The location of your client configuration files.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_CONTENT_TRUST_SERVER</code></td> <td style="text-align: left">The URL of the Notary server to use. Defaults to the same URL as the registry.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_CONTENT_TRUST</code></td> <td style="text-align: left">When set Docker uses notary to sign and verify images. Equates to <code class="language-plaintext highlighter-rouge">--disable-content-trust=false</code> for build, create, pull, push, run.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_CONTEXT</code></td> <td style="text-align: left">Name of the <code class="language-plaintext highlighter-rouge">docker context</code> to use (overrides <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code> env var and default context set with <code class="language-plaintext highlighter-rouge">docker context use</code>)</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_DEFAULT_PLATFORM</code></td> <td style="text-align: left">Default platform for commands that take the <code class="language-plaintext highlighter-rouge">--platform</code> flag.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_HIDE_LEGACY_COMMANDS</code></td> <td style="text-align: left">When set, Docker hides “legacy” top-level commands (such as <code class="language-plaintext highlighter-rouge">docker rm</code>, and <code class="language-plaintext highlighter-rouge">docker pull</code>) in <code class="language-plaintext highlighter-rouge">docker help</code> output, and only <code class="language-plaintext highlighter-rouge">Management commands</code> per object-type (e.g., <code class="language-plaintext highlighter-rouge">docker container</code>) are printed. This may become the default in a future release, at which point this environment-variable is removed.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_HOST</code></td> <td style="text-align: left">Daemon socket to connect to.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_STACK_ORCHESTRATOR</code></td> <td style="text-align: left">Configure the default orchestrator to use when using <code class="language-plaintext highlighter-rouge">docker stack</code> management commands.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">DOCKER_TLS_VERIFY</code></td> <td style="text-align: left">When set Docker uses TLS and verifies the remote. This variable is used both by the <code class="language-plaintext highlighter-rouge">docker</code> CLI and the <a href="../dockerd/index"><code class="language-plaintext highlighter-rouge">dockerd</code> daemon</a>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">BUILDKIT_PROGRESS</code></td> <td style="text-align: left">Set type of progress output (<code class="language-plaintext highlighter-rouge">auto</code>, <code class="language-plaintext highlighter-rouge">plain</code>, <code class="language-plaintext highlighter-rouge">tty</code>) when <a href="../build/index">building</a> with <a href="../../builder/index#buildkit">BuildKit backend</a>. Use plain to show container output (default <code class="language-plaintext highlighter-rouge">auto</code>).</td> </tr> </tbody> </table> <p>Because Docker is developed using Go, you can also use any environment variables used by the Go runtime. In particular, you may find these useful:</p> <ul> <li><code class="language-plaintext highlighter-rouge">HTTP_PROXY</code></li> <li><code class="language-plaintext highlighter-rouge">HTTPS_PROXY</code></li> <li><code class="language-plaintext highlighter-rouge">NO_PROXY</code></li> </ul> <p>These Go environment variables are case-insensitive. See the <a href="https://golang.org/pkg/net/http/">Go specification</a> for details on these variables.</p> <h2 id="configuration-files">Configuration files</h2> <p>By default, the Docker command line stores its configuration files in a directory called <code class="language-plaintext highlighter-rouge">.docker</code> within your <code class="language-plaintext highlighter-rouge">$HOME</code> directory.</p> <p>Docker manages most of the files in the configuration directory and you should not modify them. However, you <em>can</em> modify the <code class="language-plaintext highlighter-rouge">config.json</code> file to control certain aspects of how the <code class="language-plaintext highlighter-rouge">docker</code> command behaves.</p> <p>You can modify the <code class="language-plaintext highlighter-rouge">docker</code> command behavior using environment variables or command-line options. You can also use options within <code class="language-plaintext highlighter-rouge">config.json</code> to modify some of the same behavior. If an environment variable and the <code class="language-plaintext highlighter-rouge">--config</code> flag are set, the flag takes precedent over the environment variable. Command line options override environment variables and environment variables override properties you specify in a <code class="language-plaintext highlighter-rouge">config.json</code> file.</p> <h3 id="change-the-docker-directory">Change the <code class="language-plaintext highlighter-rouge">.docker</code> directory</h3> <p>To specify a different directory, use the <code class="language-plaintext highlighter-rouge">DOCKER_CONFIG</code> environment variable or the <code class="language-plaintext highlighter-rouge">--config</code> command line option. If both are specified, then the <code class="language-plaintext highlighter-rouge">--config</code> option overrides the <code class="language-plaintext highlighter-rouge">DOCKER_CONFIG</code> environment variable. The example below overrides the <code class="language-plaintext highlighter-rouge">docker ps</code> command using a <code class="language-plaintext highlighter-rouge">config.json</code> file located in the <code class="language-plaintext highlighter-rouge">~/testconfigs/</code> directory.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker --config ~/testconfigs/ ps
+</pre></div> <p>This flag only applies to whatever command is being ran. For persistent configuration, you can set the <code class="language-plaintext highlighter-rouge">DOCKER_CONFIG</code> environment variable in your shell (e.g. <code class="language-plaintext highlighter-rouge">~/.profile</code> or <code class="language-plaintext highlighter-rouge">~/.bashrc</code>). The example below sets the new directory to be <code class="language-plaintext highlighter-rouge">HOME/newdir/.docker</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ echo export DOCKER_CONFIG=$HOME/newdir/.docker &gt; ~/.profile
+</pre></div> <h2 id="docker-cli-configuration-file-configjson-properties">Docker CLI configuration file (<code class="language-plaintext highlighter-rouge">config.json</code>) properties</h2>  <p>Use the Docker CLI configuration to customize settings for the <code class="language-plaintext highlighter-rouge">docker</code> CLI. The configuration file uses JSON formatting, and properties:</p> <p>By default, configuration file is stored in <code class="language-plaintext highlighter-rouge">~/.docker/config.json</code>. Refer to the <a href="#change-the-docker-directory">change the <code class="language-plaintext highlighter-rouge">.docker</code> directory</a> section to use a different location.</p> <blockquote> <p><strong>Warning</strong></p> <p>The configuration file and other files inside the <code class="language-plaintext highlighter-rouge">~/.docker</code> configuration directory may contain sensitive information, such as authentication information for proxies or, depending on your credential store, credentials for your image registries. Review your configuration file’s content before sharing with others, and prevent committing the file to version control.</p> </blockquote> <h3 id="customize-the-default-output-format-for-commands">Customize the default output format for commands</h3> <p>These fields allow you to customize the default output format for some commands if no <code class="language-plaintext highlighter-rouge">--format</code> flag is provided.</p> <table> <thead> <tr> <th style="text-align: left">Property</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">configFormat</code></td> <td style="text-align: left">Custom default format for <code class="language-plaintext highlighter-rouge">docker config ls</code> output. Refer to the <a href="../config_ls/index#format-the-output"><strong>format the output</strong> section in the <code class="language-plaintext highlighter-rouge">docker config ls</code> documentation</a> for a list of supported formatting directives.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">imagesFormat</code></td> <td style="text-align: left">Custom default format for <code class="language-plaintext highlighter-rouge">docker images</code> / <code class="language-plaintext highlighter-rouge">docker image ls</code> output. Refer to the <a href="../images/index#format-the-output"><strong>format the output</strong> section in the <code class="language-plaintext highlighter-rouge">docker images</code> documentation</a> for a list of supported formatting directives.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">nodesFormat</code></td> <td style="text-align: left">Custom default format for <code class="language-plaintext highlighter-rouge">docker node ls</code> output. Refer to the <a href="../node_ls/index#formatting"><strong>formatting</strong> section in the <code class="language-plaintext highlighter-rouge">docker node ls</code> documentation</a> for a list of supported formatting directives.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">pluginsFormat</code></td> <td style="text-align: left">Custom default format for <code class="language-plaintext highlighter-rouge">docker plugin ls</code> output. Refer to the <a href="../plugin_ls/index#formatting"><strong>formatting</strong> section in the <code class="language-plaintext highlighter-rouge">docker plugin ls</code> documentation</a> for a list of supported formatting directives.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">psFormat</code></td> <td style="text-align: left">Custom default format for <code class="language-plaintext highlighter-rouge">docker ps</code> / <code class="language-plaintext highlighter-rouge">docker container ps</code> output. Refer to the <a href="../ps/index#formatting"><strong>formatting</strong> section in the <code class="language-plaintext highlighter-rouge">docker ps</code> documentation</a> for a list of supported formatting directives.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">secretFormat</code></td> <td style="text-align: left">Custom default format for <code class="language-plaintext highlighter-rouge">docker secret ls</code> output. Refer to the <a href="../secret_ls/index#format-the-output"><strong>format the output</strong> section in the <code class="language-plaintext highlighter-rouge">docker secret ls</code> documentation</a> for a list of supported formatting directives.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">serviceInspectFormat</code></td> <td style="text-align: left">Custom default format for <code class="language-plaintext highlighter-rouge">docker service inspect</code> output. Refer to the <a href="../service_inspect/index#formatting"><strong>formatting</strong> section in the <code class="language-plaintext highlighter-rouge">docker service inspect</code> documentation</a> for a list of supported formatting directives.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">servicesFormat</code></td> <td style="text-align: left">Custom default format for <code class="language-plaintext highlighter-rouge">docker service ls</code> output. Refer to the <a href="../service_ls/index#formatting"><strong>formatting</strong> section in the <code class="language-plaintext highlighter-rouge">docker service ls</code> documentation</a> for a list of supported formatting directives.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">statsFormat</code></td> <td style="text-align: left">Custom default format for <code class="language-plaintext highlighter-rouge">docker stats</code> output. Refer to the <a href="../stats/index#formatting"><strong>formatting</strong> section in the <code class="language-plaintext highlighter-rouge">docker stats</code> documentation</a> for a list of supported formatting directives.</td> </tr> </tbody> </table> <h3 id="custom-http-headers">Custom HTTP headers</h3> <p>The property <code class="language-plaintext highlighter-rouge">HttpHeaders</code> specifies a set of headers to include in all messages sent from the Docker client to the daemon. Docker does not try to interpret or understand these headers; it simply puts them into the messages. Docker does not allow these headers to change any headers it sets for itself.</p> <h3 id="credential-store-options">Credential store options</h3> <p>The property <code class="language-plaintext highlighter-rouge">credsStore</code> specifies an external binary to serve as the default credential store. When this property is set, <code class="language-plaintext highlighter-rouge">docker login</code> will attempt to store credentials in the binary specified by <code class="language-plaintext highlighter-rouge">docker-credential-&lt;value&gt;</code> which is visible on <code class="language-plaintext highlighter-rouge">$PATH</code>. If this property is not set, credentials will be stored in the <code class="language-plaintext highlighter-rouge">auths</code> property of the config. For more information, see the <a href="../login/index#credentials-store"><strong>Credentials store</strong> section in the <code class="language-plaintext highlighter-rouge">docker login</code> documentation</a></p> <p>The property <code class="language-plaintext highlighter-rouge">credHelpers</code> specifies a set of credential helpers to use preferentially over <code class="language-plaintext highlighter-rouge">credsStore</code> or <code class="language-plaintext highlighter-rouge">auths</code> when storing and retrieving credentials for specific registries. If this property is set, the binary <code class="language-plaintext highlighter-rouge">docker-credential-&lt;value&gt;</code> will be used when storing or retrieving credentials for a specific registry. For more information, see the <a href="../login/index#credential-helpers"><strong>Credential helpers</strong> section in the <code class="language-plaintext highlighter-rouge">docker login</code> documentation</a></p> <h3 id="orchestrator-options-for-docker-stacks">Orchestrator options for docker stacks</h3> <p>The property <code class="language-plaintext highlighter-rouge">stackOrchestrator</code> specifies the default orchestrator to use when running <code class="language-plaintext highlighter-rouge">docker stack</code> management commands. Valid values are <code class="language-plaintext highlighter-rouge">"swarm"</code>, <code class="language-plaintext highlighter-rouge">"kubernetes"</code>, and <code class="language-plaintext highlighter-rouge">"all"</code>. This property can be overridden with the <code class="language-plaintext highlighter-rouge">DOCKER_STACK_ORCHESTRATOR</code> environment variable, or the <code class="language-plaintext highlighter-rouge">--orchestrator</code> flag.</p> <h3 id="automatic-proxy-configuration-for-containers">Automatic proxy configuration for containers</h3> <p>The property <code class="language-plaintext highlighter-rouge">proxies</code> specifies proxy environment variables to be automatically set on containers, and set as <code class="language-plaintext highlighter-rouge">--build-arg</code> on containers used during <code class="language-plaintext highlighter-rouge">docker build</code>. A <code class="language-plaintext highlighter-rouge">"default"</code> set of proxies can be configured, and will be used for any docker daemon that the client connects to, or a configuration per host (docker daemon), for example, “https://docker-daemon1.example.com”. The following properties can be set for each environment:</p> <table> <thead> <tr> <th style="text-align: left">Property</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">httpProxy</code></td> <td style="text-align: left">Default value of <code class="language-plaintext highlighter-rouge">HTTP_PROXY</code> and <code class="language-plaintext highlighter-rouge">http_proxy</code> for containers, and as <code class="language-plaintext highlighter-rouge">--build-arg</code> on <code class="language-plaintext highlighter-rouge">docker build</code>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">httpsProxy</code></td> <td style="text-align: left">Default value of <code class="language-plaintext highlighter-rouge">HTTPS_PROXY</code> and <code class="language-plaintext highlighter-rouge">https_proxy</code> for containers, and as <code class="language-plaintext highlighter-rouge">--build-arg</code> on <code class="language-plaintext highlighter-rouge">docker build</code>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">ftpProxy</code></td> <td style="text-align: left">Default value of <code class="language-plaintext highlighter-rouge">FTP_PROXY</code> and <code class="language-plaintext highlighter-rouge">ftp_proxy</code> for containers, and as <code class="language-plaintext highlighter-rouge">--build-arg</code> on <code class="language-plaintext highlighter-rouge">docker build</code>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">noProxy</code></td> <td style="text-align: left">Default value of <code class="language-plaintext highlighter-rouge">NO_PROXY</code> and <code class="language-plaintext highlighter-rouge">no_proxy</code> for containers, and as <code class="language-plaintext highlighter-rouge">--build-arg</code> on <code class="language-plaintext highlighter-rouge">docker build</code>
+</td> </tr> </tbody> </table> <p>These settings are used to configure proxy settings for containers only, and not used as proxy settings for the <code class="language-plaintext highlighter-rouge">docker</code> CLI or the <code class="language-plaintext highlighter-rouge">dockerd</code> daemon. Refer to the <a href="#environment-variables">environment variables</a> and <a href="https://docs.docker.com/config/daemon/systemd/#httphttps-proxy">HTTP/HTTPS proxy</a> sections for configuring proxy settings for the cli and daemon.</p> <blockquote> <p><strong>Warning</strong></p> <p>Proxy settings may contain sensitive information (for example, if the proxy requires authentication). Environment variables are stored as plain text in the container’s configuration, and as such can be inspected through the remote API or committed to an image when using <code class="language-plaintext highlighter-rouge">docker commit</code>.</p> </blockquote> <h3 id="default-key-sequence-to-detach-from-containers">Default key-sequence to detach from containers</h3> <p>Once attached to a container, users detach from it and leave it running using the using <code class="language-plaintext highlighter-rouge">CTRL-p CTRL-q</code> key sequence. This detach key sequence is customizable using the <code class="language-plaintext highlighter-rouge">detachKeys</code> property. Specify a <code class="language-plaintext highlighter-rouge">&lt;sequence&gt;</code> value for the property. The format of the <code class="language-plaintext highlighter-rouge">&lt;sequence&gt;</code> is a comma-separated list of either a letter [a-Z], or the <code class="language-plaintext highlighter-rouge">ctrl-</code> combined with any of the following:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">a-z</code> (a single lowercase alpha character )</li> <li>
+<code class="language-plaintext highlighter-rouge">@</code> (at sign)</li> <li>
+<code class="language-plaintext highlighter-rouge">[</code> (left bracket)</li> <li>
+<code class="language-plaintext highlighter-rouge">\\</code> (two backward slashes)</li> <li>
+<code class="language-plaintext highlighter-rouge">_</code> (underscore)</li> <li>
+<code class="language-plaintext highlighter-rouge">^</code> (caret)</li> </ul> <p>Your customization applies to all containers started in with your Docker client. Users can override your custom or the default key sequence on a per-container basis. To do this, the user specifies the <code class="language-plaintext highlighter-rouge">--detach-keys</code> flag with the <code class="language-plaintext highlighter-rouge">docker attach</code>, <code class="language-plaintext highlighter-rouge">docker exec</code>, <code class="language-plaintext highlighter-rouge">docker run</code> or <code class="language-plaintext highlighter-rouge">docker start</code> command.</p> <h3 id="cli-plugin-options">CLI Plugin options</h3> <p>The property <code class="language-plaintext highlighter-rouge">plugins</code> contains settings specific to CLI plugins. The key is the plugin name, while the value is a further map of options, which are specific to that plugin.</p> <h3 id="sample-configuration-file">Sample configuration file</h3> <p>Following is a sample <code class="language-plaintext highlighter-rouge">config.json</code> file to illustrate the format used for various fields:</p> <div class="highlight"><pre class="highlight" data-language="">
+{
+  "HttpHeaders": {
+    "MyHeader": "MyValue"
+  },
+  "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}",
+  "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}",
+  "pluginsFormat": "table {{.ID}}\t{{.Name}}\t{{.Enabled}}",
+  "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}",
+  "servicesFormat": "table {{.ID}}\t{{.Name}}\t{{.Mode}}",
+  "secretFormat": "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}\t{{.UpdatedAt}}",
+  "configFormat": "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}\t{{.UpdatedAt}}",
+  "serviceInspectFormat": "pretty",
+  "nodesFormat": "table {{.ID}}\t{{.Hostname}}\t{{.Availability}}",
+  "detachKeys": "ctrl-e,e",
+  "credsStore": "secretservice",
+  "credHelpers": {
+    "awesomereg.example.org": "hip-star",
+    "unicorn.example.com": "vcbait"
+  },
+  "stackOrchestrator": "kubernetes",
+  "plugins": {
+    "plugin1": {
+      "option": "value"
+    },
+    "plugin2": {
+      "anotheroption": "anothervalue",
+      "athirdoption": "athirdvalue"
+    }
+  },
+  "proxies": {
+    "default": {
+      "httpProxy":  "http://user:pass@example.com:3128",
+      "httpsProxy": "https://my-proxy.example.com:3129",
+      "noProxy":    "intra.mycorp.example.com",
+      "ftpProxy":   "http://user:pass@example.com:3128"
+    },
+    "https://manager1.mycorp.example.com:2377": {
+      "httpProxy":  "http://user:pass@example.com:3128",
+      "httpsProxy": "https://my-proxy.example.com:3129"
+    }
+  }
+}
+
+</pre></div> <h3 id="experimental-features">Experimental features</h3> <p>Experimental features provide early access to future product functionality. These features are intended for testing and feedback, and they may change between releases without warning or can be removed from a future release.</p> <p>Starting with Docker 20.10, experimental CLI features are enabled by default, and require no configuration to enable them.</p> <h3 id="notary">Notary</h3> <p>If using your own notary server and a self-signed certificate or an internal Certificate Authority, you need to place the certificate at <code class="language-plaintext highlighter-rouge">tls/&lt;registry_url&gt;/ca.crt</code> in your docker config directory.</p> <p>Alternatively you can trust the certificate globally by adding it to your system’s list of root Certificate Authorities.</p> <h2 id="examples">Examples</h2> <h3 id="display-help-text">Display help text</h3> <p>To list the help on any command just execute the command, followed by the <code class="language-plaintext highlighter-rouge">--help</code> option.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --help
+
+Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
+
+Run a command in a new container
+
+Options:
+      --add-host value             Add a custom host-to-IP mapping (host:ip) (default [])
+  -a, --attach value               Attach to STDIN, STDOUT or STDERR (default [])
+&lt;...&gt;
+</pre></div> <h3 id="option-types">Option types</h3> <p>Single character command line options can be combined, so rather than typing <code class="language-plaintext highlighter-rouge">docker run -i -t --name test busybox sh</code>, you can write <code class="language-plaintext highlighter-rouge">docker run -it --name test busybox sh</code>.</p> <h4 id="boolean">Boolean</h4> <p>Boolean options take the form <code class="language-plaintext highlighter-rouge">-d=false</code>. The value you see in the help text is the default value which is set if you do <strong>not</strong> specify that flag. If you specify a Boolean flag without a value, this will set the flag to <code class="language-plaintext highlighter-rouge">true</code>, irrespective of the default value.</p> <p>For example, running <code class="language-plaintext highlighter-rouge">docker run -d</code> will set the value to <code class="language-plaintext highlighter-rouge">true</code>, so your container <strong>will</strong> run in “detached” mode, in the background.</p> <p>Options which default to <code class="language-plaintext highlighter-rouge">true</code> (e.g., <code class="language-plaintext highlighter-rouge">docker build --rm=true</code>) can only be set to the non-default value by explicitly setting them to <code class="language-plaintext highlighter-rouge">false</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build --rm=false .
+</pre></div> <h4 id="multi">Multi</h4> <p>You can specify options like <code class="language-plaintext highlighter-rouge">-a=[]</code> multiple times in a single command line, for example in these commands:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -a stdin -a stdout -i -t ubuntu /bin/bash
+
+$ docker run -a stdin -a stdout -a stderr ubuntu /bin/ls
+</pre></div> <p>Sometimes, multiple options can call for a more complex value string as for <code class="language-plaintext highlighter-rouge">-v</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -v /host:/container example/mysql
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Do not use the <code class="language-plaintext highlighter-rouge">-t</code> and <code class="language-plaintext highlighter-rouge">-a stderr</code> options together due to limitations in the <code class="language-plaintext highlighter-rouge">pty</code> implementation. All <code class="language-plaintext highlighter-rouge">stderr</code> in <code class="language-plaintext highlighter-rouge">pty</code> mode simply goes to <code class="language-plaintext highlighter-rouge">stdout</code>.</p> </blockquote> <h4 id="strings-and-integers">Strings and Integers</h4> <p>Options like <code class="language-plaintext highlighter-rouge">--name=""</code> expect a string, and they can only be specified once. Options like <code class="language-plaintext highlighter-rouge">-c=0</code> expect an integer, and they can only be specified once.</p> 
+<p><a href="https://docs.docker.com/search/?q=Docker">Docker</a>, <a href="https://docs.docker.com/search/?q=Docker%20documentation">Docker documentation</a>, <a href="https://docs.docker.com/search/?q=CLI">CLI</a>, <a href="https://docs.docker.com/search/?q=command%20line">command line</a>, <a href="https://docs.docker.com/search/?q=config.json">config.json</a>, <a href="https://docs.docker.com/search/?q=CLI%20configuration%20file">CLI configuration file</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/cli/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/cli/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcommit%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcommit%2Findex.html
new file mode 100644
index 00000000..f5402e6f
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcommit%2Findex.html
@@ -0,0 +1,66 @@
+<h1>docker commit</h1>  <p><br></p> <p>Create a new image from a container’s changes</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">It can be useful to commit a container’s file changes or settings into a new image. This allows you to debug a container by running an interactive shell, or to export a working dataset to another server. Generally, it is better to use Dockerfiles to manage your images in a documented and maintainable way. <a href="../tag/index">Read more about valid image names and tags</a>.</p> <p>The commit operation will not include any data contained in volumes mounted inside the container.</p> <p>By default, the container being committed and its processes will be paused while the image is committed. This reduces the likelihood of encountering data corruption during the process of creating the commit. If this behavior is undesired, set the <code class="language-plaintext highlighter-rouge">--pause</code> option to false.</p> <p>The <code class="language-plaintext highlighter-rouge">--change</code> option will apply <code class="language-plaintext highlighter-rouge">Dockerfile</code> instructions to the image that is created. Supported <code class="language-plaintext highlighter-rouge">Dockerfile</code> instructions: <code class="language-plaintext highlighter-rouge">CMD</code>|<code class="language-plaintext highlighter-rouge">ENTRYPOINT</code>|<code class="language-plaintext highlighter-rouge">ENV</code>|<code class="language-plaintext highlighter-rouge">EXPOSE</code>|<code class="language-plaintext highlighter-rouge">LABEL</code>|<code class="language-plaintext highlighter-rouge">ONBUILD</code>|<code class="language-plaintext highlighter-rouge">USER</code>|<code class="language-plaintext highlighter-rouge">VOLUME</code>|<code class="language-plaintext highlighter-rouge">WORKDIR</code></p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--author</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Author (e.g., "John Hannibal Smith &lt;hannibal@a-team.com&gt;")</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--change</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>Apply Dockerfile instruction to the created image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--message</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Commit message</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--pause</code> , <code class="language-plaintext highlighter-rouge">-p</code>
+</td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Pause container during commit</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="commit-a-container">Commit a container</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker ps
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS              NAMES
+c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours                            desperate_dubinsky
+197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours                            focused_hamilton
+
+$ docker commit c3f279d17e0a  svendowideit/testimage:version3
+
+f5283438590d
+
+$ docker images
+
+REPOSITORY                        TAG                 ID                  CREATED             SIZE
+svendowideit/testimage            version3            f5283438590d        16 seconds ago      335.7 MB
+</pre></div> <h3 id="commit-a-container-with-new-configurations">Commit a container with new configurations</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker ps
+
+CONTAINER ID       IMAGE               COMMAND             CREATED             STATUS              PORTS              NAMES
+c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours                            desperate_dubinsky
+197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours                            focused_hamilton
+
+$ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a
+
+[HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin]
+
+$ docker commit --change "ENV DEBUG=true" c3f279d17e0a  svendowideit/testimage:version3
+
+f5283438590d
+
+$ docker inspect -f "{{ .Config.Env }}" f5283438590d
+
+[HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true]
+</pre></div> <h3 id="commit-a-container-with-new-cmd-and-expose-instructions">Commit a container with new <code class="language-plaintext highlighter-rouge">CMD</code> and <code class="language-plaintext highlighter-rouge">EXPOSE</code> instructions</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker ps
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS              NAMES
+c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours                            desperate_dubinsky
+197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours                            focused_hamilton
+
+$ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a  svendowideit/testimage:version4
+
+f5283438590d
+
+$ docker run -d svendowideit/testimage:version4
+
+89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0
+
+$ docker ps
+
+CONTAINER ID        IMAGE               COMMAND                 CREATED             STATUS              PORTS              NAMES
+89373736e2e7        testimage:version4  "apachectl -DFOREGROU"  3 seconds ago       Up 2 seconds        80/tcp             distracted_fermat
+c3f279d17e0a        ubuntu:12.04        /bin/bash               7 days ago          Up 25 hours                            desperate_dubinsky
+197387f1b436        ubuntu:12.04        /bin/bash               7 days ago          Up 25 hours                            focused_hamilton
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/commit/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/commit/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig%2Findex.html
new file mode 100644
index 00000000..09aa3f55
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker config</h1>  <p><br></p> <p>Manage Docker configs</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker config COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage configs.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../config_create/index">docker config create</a></td> <td>Create a config from a file or STDIN</td> </tr> <tr> <td><a href="../config_inspect/index">docker config inspect</a></td> <td>Display detailed information on one or more configs</td> </tr> <tr> <td><a href="../config_ls/index">docker config ls</a></td> <td>List configs</td> </tr> <tr> <td><a href="../config_rm/index">docker config rm</a></td> <td>Remove one or more configs</td> </tr> </tbody> </table> <h2 id="more-info">More info</h2> <p><a href="../../../swarm/configs/index">Store configuration data using Docker Configs</a></p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/config/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/config/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_create%2Findex.html
new file mode 100644
index 00000000..8ba5438f
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_create%2Findex.html
@@ -0,0 +1,51 @@
+<h1>docker config create</h1>  <p><br></p> <p>Create a config from a file or STDIN</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker config create [OPTIONS] CONFIG file|-
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Creates a config using standard input or from a file for the config content.</p> <p>For detailed information about using configs, refer to <a href="../../../swarm/configs/index">store configuration data using Docker Configs</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--label</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Config labels</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--template-driver</code></td> <td></td> <td>Template driver</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="create-a-config">Create a config</h3> <div class="highlight"><pre class="highlight" data-language="">$ printf &lt;config&gt; | docker config create my_config -
+
+onakdyv307se2tl7nl20anokv
+
+$ docker config ls
+
+ID                          NAME                CREATED             UPDATED
+onakdyv307se2tl7nl20anokv   my_config           6 seconds ago       6 seconds ago
+</pre></div> <h3 id="create-a-config-with-a-file">Create a config with a file</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker config create my_config ./config.json
+
+dg426haahpi5ezmkkj5kyl3sn
+
+$ docker config ls
+
+ID                          NAME                CREATED             UPDATED
+dg426haahpi5ezmkkj5kyl3sn   my_config           7 seconds ago       7 seconds ago
+</pre></div> <h3 id="create-a-config-with-labels">Create a config with labels</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker config create \
+    --label env=dev \
+    --label rev=20170324 \
+    my_config ./config.json
+
+eo7jnzguqgtpdah3cm5srfb97
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker config inspect my_config
+
+[
+    {
+        "ID": "eo7jnzguqgtpdah3cm5srfb97",
+        "Version": {
+            "Index": 17
+        },
+        "CreatedAt": "2017-03-24T08:15:09.735271783Z",
+        "UpdatedAt": "2017-03-24T08:15:09.735271783Z",
+        "Spec": {
+            "Name": "my_config",
+            "Labels": {
+                "env": "dev",
+                "rev": "20170324"
+            },
+            "Data": "aGVsbG8K"
+        }
+    }
+]
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../config/index">docker config</a></td> <td style="text-align: left">Manage Docker configs</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker config create</a></td> <td>Create a config from a file or STDIN</td> </tr> <tr> <td><a href="../config_inspect/index">docker config inspect</a></td> <td>Display detailed information on one or more configs</td> </tr> <tr> <td><a href="../config_ls/index">docker config ls</a></td> <td>List configs</td> </tr> <tr> <td><a href="../config_rm/index">docker config rm</a></td> <td>Remove one or more configs</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/config_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/config_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_inspect%2Findex.html
new file mode 100644
index 00000000..eca63d17
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_inspect%2Findex.html
@@ -0,0 +1,35 @@
+<h1>docker config inspect</h1>  <p><br></p> <p>Display detailed information on one or more configs</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker config inspect [OPTIONS] CONFIG [CONFIG...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Inspects the specified config.</p> <p>By default, this renders all results in a JSON array. If a format is specified, the given template will be executed for each result.</p> <p>Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package describes all the details of the format.</p> <p>For detailed information about using configs, refer to <a href="../../../swarm/configs/index">store configuration data using Docker Configs</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pretty</code></td> <td></td> <td>Print the information in a human friendly format</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="inspect-a-config-by-name-or-id">Inspect a config by name or ID</h3> <p>You can inspect a config, either by its <em>name</em>, or <em>ID</em></p> <p>For example, given the following config:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config ls
+
+ID                          NAME                CREATED             UPDATED
+eo7jnzguqgtpdah3cm5srfb97   my_config           3 minutes ago       3 minutes ago
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker config inspect config.json
+</pre></div> <p>The output is in JSON format, for example:</p> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "ID": "eo7jnzguqgtpdah3cm5srfb97",
+    "Version": {
+      "Index": 17
+    },
+    "CreatedAt": "2017-03-24T08:15:09.735271783Z",
+    "UpdatedAt": "2017-03-24T08:15:09.735271783Z",
+    "Spec": {
+      "Name": "my_config",
+      "Labels": {
+        "env": "dev",
+        "rev": "20170324"
+      },
+      "Data": "aGVsbG8K"
+    }
+  }
+]
+</pre></div> <h3 id="formatting">Formatting</h3> <p>You can use the --format option to obtain specific information about a config. The following example command outputs the creation time of the config.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config inspect --format='{{.CreatedAt}}' eo7jnzguqgtpdah3cm5srfb97
+
+2017-03-24 08:15:09.735271783 +0000 UTC
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../config/index">docker config</a></td> <td style="text-align: left">Manage Docker configs</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../config_create/index">docker config create</a></td> <td>Create a config from a file or STDIN</td> </tr> <tr> <td><a href="index">docker config inspect</a></td> <td>Display detailed information on one or more configs</td> </tr> <tr> <td><a href="../config_ls/index">docker config ls</a></td> <td>List configs</td> </tr> <tr> <td><a href="../config_rm/index">docker config rm</a></td> <td>Remove one or more configs</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/config_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/config_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_ls%2Findex.html
new file mode 100644
index 00000000..4715cbcb
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_ls%2Findex.html
@@ -0,0 +1,48 @@
+<h1>docker config ls</h1>  <p><br></p> <p>List configs</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker config ls [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Run this command on a manager node to list the configs in the swarm.</p> <p>For detailed information about using configs, refer to <a href="../../../swarm/configs/index">store configuration data using Docker Configs</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print configs using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker config ls
+
+ID                          NAME                        CREATED             UPDATED
+6697bflskwj1998km1gnnjr38   q5s5570vtvnimefos1fyeo2u2   6 weeks ago         6 weeks ago
+9u9hk4br2ej0wgngkga6rp4hq   my_config                   5 weeks ago         5 weeks ago
+mem02h8n73mybpgqjf0kfi1n0   test_config                 3 seconds ago       3 seconds ago
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is a <code class="language-plaintext highlighter-rouge">key=value</code> pair. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li>
+<a href="#id">id</a> (config’s ID)</li> <li>
+<a href="#label">label</a> (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>)</li> <li>
+<a href="#name">name</a> (config’s name)</li> </ul> <h4 id="id">id</h4> <p>The <code class="language-plaintext highlighter-rouge">id</code> filter matches all or prefix of a config’s id.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config ls -f "id=6697bflskwj1998km1gnnjr38"
+
+ID                          NAME                        CREATED             UPDATED
+6697bflskwj1998km1gnnjr38   q5s5570vtvnimefos1fyeo2u2   6 weeks ago         6 weeks ago
+</pre></div> <h4 id="label">label</h4> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter matches configs based on the presence of a <code class="language-plaintext highlighter-rouge">label</code> alone or a <code class="language-plaintext highlighter-rouge">label</code> and a value.</p> <p>The following filter matches all configs with a <code class="language-plaintext highlighter-rouge">project</code> label regardless of its value:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config ls --filter label=project
+
+ID                          NAME                        CREATED             UPDATED
+mem02h8n73mybpgqjf0kfi1n0   test_config                 About an hour ago   About an hour ago
+</pre></div> <p>The following filter matches only services with the <code class="language-plaintext highlighter-rouge">project</code> label with the <code class="language-plaintext highlighter-rouge">project-a</code> value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls --filter label=project=test
+
+ID                          NAME                        CREATED             UPDATED
+mem02h8n73mybpgqjf0kfi1n0   test_config                 About an hour ago   About an hour ago
+</pre></div> <h4 id="name">name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on all or prefix of a config’s name.</p> <p>The following filter matches config with a name containing a prefix of <code class="language-plaintext highlighter-rouge">test</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config ls --filter name=test_config
+
+ID                          NAME                        CREATED             UPDATED
+mem02h8n73mybpgqjf0kfi1n0   test_config                 About an hour ago   About an hour ago
+</pre></div> <h3 id="format-the-output">Format the output</h3> <p>The formatting option (<code class="language-plaintext highlighter-rouge">--format</code>) pretty prints configs output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Config ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Config name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CreatedAt</code></td> <td>Time when the config was created</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.UpdatedAt</code></td> <td>Time when the config was updated</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Labels</code></td> <td>All labels assigned to the config</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Label</code></td> <td>Value of a specific label for this config. For example <code class="language-plaintext highlighter-rouge">{{.Label "my-label"}}</code>
+</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">config ls</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, will include column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code> and <code class="language-plaintext highlighter-rouge">Name</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all images:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config ls --format "{{.ID}}: {{.Name}}"
+
+77af4d6b9913: config-1
+b6fa739cedf5: config-2
+78a85c484f71: config-3
+</pre></div> <p>To list all configs with their name and created date in a table format you can use:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config ls --format "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}"
+
+ID                  NAME                      CREATED
+77af4d6b9913        config-1                  5 minutes ago
+b6fa739cedf5        config-2                  3 hours ago
+78a85c484f71        config-3                  10 days ago
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../config/index">docker config</a></td> <td style="text-align: left">Manage Docker configs</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../config_create/index">docker config create</a></td> <td>Create a config from a file or STDIN</td> </tr> <tr> <td><a href="../config_inspect/index">docker config inspect</a></td> <td>Display detailed information on one or more configs</td> </tr> <tr> <td><a href="index">docker config ls</a></td> <td>List configs</td> </tr> <tr> <td><a href="../config_rm/index">docker config rm</a></td> <td>Remove one or more configs</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/config_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/config_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_rm%2Findex.html
new file mode 100644
index 00000000..60c91340
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fconfig_rm%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker config rm</h1>  <p><br></p> <p>Remove one or more configs</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker config rm CONFIG [CONFIG...]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Removes the specified configs from the swarm.</p> <p>For detailed information about using configs, refer to <a href="../../../swarm/configs/index">store configuration data using Docker Configs</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <p>This example removes a config:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config rm my_config
+sapth4csdo5b6wz2p5uimh5xg
+</pre></div> <blockquote> <p><strong>Warning</strong></p> <p>Unlike <code class="language-plaintext highlighter-rouge">docker rm</code>, this command does not ask for confirmation before removing a config.</p> </blockquote> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../config/index">docker config</a></td> <td style="text-align: left">Manage Docker configs</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../config_create/index">docker config create</a></td> <td>Create a config from a file or STDIN</td> </tr> <tr> <td><a href="../config_inspect/index">docker config inspect</a></td> <td>Display detailed information on one or more configs</td> </tr> <tr> <td><a href="../config_ls/index">docker config ls</a></td> <td>List configs</td> </tr> <tr> <td><a href="index">docker config rm</a></td> <td>Remove one or more configs</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/config_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/config_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer%2Findex.html
new file mode 100644
index 00000000..ef7a2b36
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker container</h1>  <p><br></p> <p>Manage containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage containers.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_attach%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_attach%2Findex.html
new file mode 100644
index 00000000..bbf57d97
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_attach%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker container attach</h1>  <p><br></p> <p>Attach local standard input, output, and error streams to a running container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container attach [OPTIONS] CONTAINER
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--detach-keys</code></td> <td></td> <td>Override the key sequence for detaching a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-stdin</code></td> <td></td> <td>Do not attach STDIN</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sig-proxy</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Proxy all received signals to the process</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_attach/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_attach/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_commit%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_commit%2Findex.html
new file mode 100644
index 00000000..82e2df42
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_commit%2Findex.html
@@ -0,0 +1,15 @@
+<h1>docker container commit</h1>  <p><br></p> <p>Create a new image from a container’s changes</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--author</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Author (e.g., "John Hannibal Smith &lt;hannibal@a-team.com&gt;")</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--change</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>Apply Dockerfile instruction to the created image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--message</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Commit message</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--pause</code> , <code class="language-plaintext highlighter-rouge">-p</code>
+</td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Pause container during commit</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_commit/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_commit/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_cp%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_cp%2Findex.html
new file mode 100644
index 00000000..739bd0f1
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_cp%2Findex.html
@@ -0,0 +1,12 @@
+<h1>docker container cp</h1>  <p><br></p> <p>Copy files/folders between a container and the local filesystem</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
+docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Copy files/folders between a container and the local filesystem</p> <p>Use ‘-‘ as the source to read a tar archive from stdin and extract it to a directory destination in a container. Use ‘-‘ as the destination to stream a tar archive of a container source to stdout.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--archive</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Archive mode (copy all uid/gid information)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--follow-link</code> , <code class="language-plaintext highlighter-rouge">-L</code>
+</td> <td></td> <td>Always follow symbol link in SRC_PATH</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_cp/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_cp/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_create%2Findex.html
new file mode 100644
index 00000000..6bdf9147
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_create%2Findex.html
@@ -0,0 +1,35 @@
+<h1>docker container create</h1>  <p><br></p> <p>Create a new container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container create [OPTIONS] IMAGE [COMMAND] [ARG...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--add-host</code></td> <td></td> <td>Add a custom host-to-IP mapping (host:ip)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--attach</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Attach to STDIN, STDOUT or STDERR</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight</code></td> <td></td> <td>Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight-device</code></td> <td></td> <td>Block IO weight (relative device weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-add</code></td> <td></td> <td>Add Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-drop</code></td> <td></td> <td>Drop Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroup-parent</code></td> <td></td> <td>Optional parent cgroup for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroupns</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.41+</span></a><br>Cgroup namespace to use (host|private) 'host': Run the container in the Docker host's cgroup namespace 'private': Run the container in its own private cgroup namespace '': Use the cgroup namespace as configured by the default-cgroupns-mode option on the daemon (default)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cidfile</code></td> <td></td> <td>Write the container ID to the file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-count</code></td> <td></td> <td>CPU count (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-percent</code></td> <td></td> <td>CPU percent (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-period</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-quota</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-period</code></td> <td></td> <td>Limit CPU real-time period in microseconds</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-runtime</code></td> <td></td> <td>Limit CPU real-time runtime in microseconds</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--cpu-shares</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>CPU shares (relative weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpus</code></td> <td></td> <td>Number of CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-cpus</code></td> <td></td> <td>CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-mems</code></td> <td></td> <td>MEMs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device</code></td> <td></td> <td>Add a host device to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-cgroup-rule</code></td> <td></td> <td>Add a rule to the cgroup allowed devices list</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-read-bps</code></td> <td></td> <td>Limit read rate (bytes per second) from a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-read-iops</code></td> <td></td> <td>Limit read rate (IO per second) from a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-write-bps</code></td> <td></td> <td>Limit write rate (bytes per second) to a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-write-iops</code></td> <td></td> <td>Limit write rate (IO per second) to a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns</code></td> <td></td> <td>Set custom DNS servers</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-opt</code></td> <td></td> <td>Set DNS options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-option</code></td> <td></td> <td>Set DNS options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-search</code></td> <td></td> <td>Set custom DNS search domains</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--domainname</code></td> <td></td> <td>Container NIS domain name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--entrypoint</code></td> <td></td> <td>Overwrite the default ENTRYPOINT of the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--env</code> , <code class="language-plaintext highlighter-rouge">-e</code>
+</td> <td></td> <td>Set environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--env-file</code></td> <td></td> <td>Read in a file of environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--expose</code></td> <td></td> <td>Expose a port or a range of ports</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--gpus</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>GPU devices to add to the container ('all' to pass all GPUs)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--group-add</code></td> <td></td> <td>Add additional groups to join</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-cmd</code></td> <td></td> <td>Command to run to check health</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-interval</code></td> <td></td> <td>Time between running the check (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-retries</code></td> <td></td> <td>Consecutive failures needed to report unhealthy</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-start-period</code></td> <td></td> <td>Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-timeout</code></td> <td></td> <td>Maximum time to allow one check to run (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--help</code></td> <td></td> <td>Print usage</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--hostname</code> , <code class="language-plaintext highlighter-rouge">-h</code>
+</td> <td></td> <td>Container host name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--init</code></td> <td></td> <td>Run an init inside the container that forwards signals and reaps processes</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--interactive</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Keep STDIN open even if not attached</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--io-maxbandwidth</code></td> <td></td> <td>Maximum IO bandwidth limit for the system drive (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--io-maxiops</code></td> <td></td> <td>Maximum IOps limit for the system drive (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip</code></td> <td></td> <td>IPv4 address (e.g., 172.30.100.104)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip6</code></td> <td></td> <td>IPv6 address (e.g., 2001:db8::33)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ipc</code></td> <td></td> <td>IPC mode to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--isolation</code></td> <td></td> <td>Container isolation technology</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kernel-memory</code></td> <td></td> <td>Kernel memory limit</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--label</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Set meta data on a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label-file</code></td> <td></td> <td>Read in a line delimited file of labels</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link</code></td> <td></td> <td>Add link to another container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link-local-ip</code></td> <td></td> <td>Container IPv4/IPv6 link-local addresses</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-driver</code></td> <td></td> <td>Logging driver for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-opt</code></td> <td></td> <td>Log driver options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mac-address</code></td> <td></td> <td>Container MAC address (e.g., 92:d0:c6:0a:29:33)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--memory</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Memory limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-reservation</code></td> <td></td> <td>Memory soft limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swap</code></td> <td></td> <td>Swap limit equal to memory plus swap: '-1' to enable unlimited swap</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swappiness</code></td> <td><code class="language-plaintext highlighter-rouge">-1</code></td> <td>Tune container memory swappiness (0 to 100)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mount</code></td> <td></td> <td>Attach a filesystem mount to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--name</code></td> <td></td> <td>Assign a name to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--net</code></td> <td></td> <td>Connect a container to a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--net-alias</code></td> <td></td> <td>Add network-scoped alias for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network</code></td> <td></td> <td>Connect a container to a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network-alias</code></td> <td></td> <td>Add network-scoped alias for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-healthcheck</code></td> <td></td> <td>Disable any container-specified HEALTHCHECK</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--oom-kill-disable</code></td> <td></td> <td>Disable OOM Killer</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--oom-score-adj</code></td> <td></td> <td>Tune host's OOM preferences (-1000 to 1000)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pid</code></td> <td></td> <td>PID namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pids-limit</code></td> <td></td> <td>Tune container pids limit (set -1 for unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>Set platform if server is multi-platform capable</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--privileged</code></td> <td></td> <td>Give extended privileges to this container</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--publish</code> , <code class="language-plaintext highlighter-rouge">-p</code>
+</td> <td></td> <td>Publish a container's port(s) to the host</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--publish-all</code> , <code class="language-plaintext highlighter-rouge">-P</code>
+</td> <td></td> <td>Publish all exposed ports to random ports</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pull</code></td> <td><code class="language-plaintext highlighter-rouge">missing</code></td> <td>Pull image before creating ("always"|"missing"|"never")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--read-only</code></td> <td></td> <td>Mount the container's root filesystem as read only</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart</code></td> <td><code class="language-plaintext highlighter-rouge">no</code></td> <td>Restart policy to apply when a container exits</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rm</code></td> <td></td> <td>Automatically remove the container when it exits</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--runtime</code></td> <td></td> <td>Runtime to use for this container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--security-opt</code></td> <td></td> <td>Security Options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--shm-size</code></td> <td></td> <td>Size of /dev/shm</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-signal</code></td> <td><code class="language-plaintext highlighter-rouge">SIGTERM</code></td> <td>Signal to stop a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-timeout</code></td> <td></td> <td>Timeout (in seconds) to stop a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--storage-opt</code></td> <td></td> <td>Storage driver options for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sysctl</code></td> <td></td> <td>Sysctl options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--tmpfs</code></td> <td></td> <td>Mount a tmpfs directory</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tty</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Allocate a pseudo-TTY</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit</code></td> <td></td> <td>Ulimit options</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--user</code> , <code class="language-plaintext highlighter-rouge">-u</code>
+</td> <td></td> <td>Username or UID (format: &lt;name|uid&gt;[:&lt;group|gid&gt;])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--userns</code></td> <td></td> <td>User namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--uts</code></td> <td></td> <td>UTS namespace to use</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--volume</code> , <code class="language-plaintext highlighter-rouge">-v</code>
+</td> <td></td> <td>Bind mount a volume</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--volume-driver</code></td> <td></td> <td>Optional volume driver for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--volumes-from</code></td> <td></td> <td>Mount volumes from the specified container(s)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--workdir</code> , <code class="language-plaintext highlighter-rouge">-w</code>
+</td> <td></td> <td>Working directory inside the container</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_diff%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_diff%2Findex.html
new file mode 100644
index 00000000..75d33f79
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_diff%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker container diff</h1>  <p><br></p> <p>Inspect changes to files or directories on a container’s filesystem</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container diff CONTAINER
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_diff/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_diff/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_exec%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_exec%2Findex.html
new file mode 100644
index 00000000..9a581e32
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_exec%2Findex.html
@@ -0,0 +1,19 @@
+<h1>docker container exec</h1>  <p><br></p> <p>Run a command in a running container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container exec [OPTIONS] CONTAINER COMMAND [ARG...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--detach</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Detached mode: run command in the background</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--detach-keys</code></td> <td></td> <td>Override the key sequence for detaching a container</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--env</code> , <code class="language-plaintext highlighter-rouge">-e</code>
+</td> <td></td> <td>Set environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--env-file</code></td> <td></td> <td>Read in a file of environment variables</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--interactive</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Keep STDIN open even if not attached</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--privileged</code></td> <td></td> <td>Give extended privileges to the command</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tty</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Allocate a pseudo-TTY</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--user</code> , <code class="language-plaintext highlighter-rouge">-u</code>
+</td> <td></td> <td>Username or UID (format: &lt;name|uid&gt;[:&lt;group|gid&gt;])</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--workdir</code> , <code class="language-plaintext highlighter-rouge">-w</code>
+</td> <td></td> <td>Working directory inside the container</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_exec/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_exec/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_export%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_export%2Findex.html
new file mode 100644
index 00000000..df3e5bbc
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_export%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker container export</h1>  <p><br></p> <p>Export a container’s filesystem as a tar archive</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container export [OPTIONS] CONTAINER
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--output</code> , <code class="language-plaintext highlighter-rouge">-o</code>
+</td> <td></td> <td>Write to a file, instead of STDOUT</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_export/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_export/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_inspect%2Findex.html
new file mode 100644
index 00000000..d1ad0cc7
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_inspect%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker container inspect</h1>  <p><br></p> <p>Display detailed information on one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container inspect [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--size</code> , <code class="language-plaintext highlighter-rouge">-s</code>
+</td> <td></td> <td>Display total file sizes</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_kill%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_kill%2Findex.html
new file mode 100644
index 00000000..60c99770
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_kill%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker container kill</h1>  <p><br></p> <p>Kill one or more running containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container kill [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--signal</code> , <code class="language-plaintext highlighter-rouge">-s</code>
+</td> <td><code class="language-plaintext highlighter-rouge">KILL</code></td> <td>Signal to send to the container</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_kill/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_kill/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_logs%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_logs%2Findex.html
new file mode 100644
index 00000000..cc5fb665
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_logs%2Findex.html
@@ -0,0 +1,13 @@
+<h1>docker container logs</h1>  <p><br></p> <p>Fetch the logs of a container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container logs [OPTIONS] CONTAINER
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--details</code></td> <td></td> <td>Show extra details provided to logs</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--follow</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Follow log output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--since</code></td> <td></td> <td>Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tail</code> , <code class="language-plaintext highlighter-rouge">-n</code>
+</td> <td><code class="language-plaintext highlighter-rouge">all</code></td> <td>Number of lines to show from the end of the logs</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--timestamps</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Show timestamps</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--until</code></td> <td></td> <td>Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_logs/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_logs/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_ls%2Findex.html
new file mode 100644
index 00000000..c0e42bc1
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_ls%2Findex.html
@@ -0,0 +1,19 @@
+<h1>docker container ls</h1>  <p><br></p> <p>List containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container ls [OPTIONS]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Show all containers (default shows just running)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print containers using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--last</code> , <code class="language-plaintext highlighter-rouge">-n</code>
+</td> <td><code class="language-plaintext highlighter-rouge">-1</code></td> <td>Show n last created containers (includes all states)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--latest</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Show the latest created container (includes all states)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Don't truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display container IDs</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--size</code> , <code class="language-plaintext highlighter-rouge">-s</code>
+</td> <td></td> <td>Display total file sizes</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_pause%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_pause%2Findex.html
new file mode 100644
index 00000000..3099447b
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_pause%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker container pause</h1>  <p><br></p> <p>Pause all processes within one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container pause CONTAINER [CONTAINER...]
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_pause/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_pause/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_port%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_port%2Findex.html
new file mode 100644
index 00000000..45f92566
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_port%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker container port</h1>  <p><br></p> <p>List port mappings or a specific mapping for the container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container port CONTAINER [PRIVATE_PORT[/PROTO]]
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_port/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_port/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_prune%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_prune%2Findex.html
new file mode 100644
index 00000000..0e57681a
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_prune%2Findex.html
@@ -0,0 +1,51 @@
+<h1>docker container prune</h1>  <p><br></p> <p>Remove all stopped containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container prune [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Removes all stopped containers.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--filter</code></td> <td></td> <td>Provide filter values (e.g. 'until=&lt;timestamp&gt;')</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Do not prompt for confirmation</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="prune-containers">Prune containers</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker container prune
+WARNING! This will remove all stopped containers.
+Are you sure you want to continue? [y/N] y
+Deleted Containers:
+4a7f7eebae0f63178aff7eb0aa39cd3f0627a203ab2df258c1a00b456cf20063
+f98f9c2aa1eaf727e4ec9c0283bc7d4aa4762fbdba7f26191f26c97f64090360
+
+Total reclaimed space: 212 B
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li>until (<code class="language-plaintext highlighter-rouge">&lt;timestamp&gt;</code>) - only remove containers created before given timestamp</li> <li>label (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code>, <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>, <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;</code>, or <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;=&lt;value&gt;</code>) - only remove containers with (or without, in case <code class="language-plaintext highlighter-rouge">label!=...</code> is used) the specified labels.</li> </ul> <p>The <code class="language-plaintext highlighter-rouge">until</code> filter can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. <code class="language-plaintext highlighter-rouge">10m</code>, <code class="language-plaintext highlighter-rouge">1h30m</code>) computed relative to the daemon machine’s time. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05</code>, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05.999999999</code>, <code class="language-plaintext highlighter-rouge">2006-01-02Z07:00</code>, and <code class="language-plaintext highlighter-rouge">2006-01-02</code>. The local timezone on the daemon will be used if you do not provide either a <code class="language-plaintext highlighter-rouge">Z</code> or a <code class="language-plaintext highlighter-rouge">+-00:00</code> timezone offset at the end of the timestamp. When providing Unix timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long.</p> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter accepts two formats. One is the <code class="language-plaintext highlighter-rouge">label=...</code> (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>), which removes containers with the specified labels. The other format is the <code class="language-plaintext highlighter-rouge">label!=...</code> (<code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;=&lt;value&gt;</code>), which removes containers without the specified labels.</p> <p>The following removes containers created more than 5 minutes ago:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}'
+
+CONTAINER ID        IMAGE               COMMAND             CREATED AT                      STATUS
+61b9efa71024        busybox             "sh"                2017-01-04 13:23:33 -0800 PST   Exited (0) 41 seconds ago
+53a9bc23a516        busybox             "sh"                2017-01-04 13:11:59 -0800 PST   Exited (0) 12 minutes ago
+
+$ docker container prune --force --filter "until=5m"
+
+Deleted Containers:
+53a9bc23a5168b6caa2bfbefddf1b30f93c7ad57f3dec271fd32707497cb9369
+
+Total reclaimed space: 25 B
+
+$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}'
+
+CONTAINER ID        IMAGE               COMMAND             CREATED AT                      STATUS
+61b9efa71024        busybox             "sh"                2017-01-04 13:23:33 -0800 PST   Exited (0) 44 seconds ago
+</pre></div> <p>The following removes containers created before <code class="language-plaintext highlighter-rouge">2017-01-04T13:10:00</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}'
+
+CONTAINER ID        IMAGE               COMMAND             CREATED AT                      STATUS
+53a9bc23a516        busybox             "sh"                2017-01-04 13:11:59 -0800 PST   Exited (0) 7 minutes ago
+4a75091a6d61        busybox             "sh"                2017-01-04 13:09:53 -0800 PST   Exited (0) 9 minutes ago
+
+$ docker container prune --force --filter "until=2017-01-04T13:10:00"
+
+Deleted Containers:
+4a75091a6d618526fcd8b33ccd6e5928ca2a64415466f768a6180004b0c72c6c
+
+Total reclaimed space: 27 B
+
+$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}'
+
+CONTAINER ID        IMAGE               COMMAND             CREATED AT                      STATUS
+53a9bc23a516        busybox             "sh"                2017-01-04 13:11:59 -0800 PST   Exited (0) 9 minutes ago
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_prune/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_prune/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_rename%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_rename%2Findex.html
new file mode 100644
index 00000000..84d8b01a
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_rename%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker container rename</h1>  <p><br></p> <p>Rename a container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container rename CONTAINER NEW_NAME
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_rename/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_rename/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_restart%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_restart%2Findex.html
new file mode 100644
index 00000000..b70812f4
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_restart%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker container restart</h1>  <p><br></p> <p>Restart one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container restart [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--time</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td><code class="language-plaintext highlighter-rouge">10</code></td> <td>Seconds to wait for stop before killing the container</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_restart/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_restart/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_rm%2Findex.html
new file mode 100644
index 00000000..8ddcf19d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_rm%2Findex.html
@@ -0,0 +1,13 @@
+<h1>docker container rm</h1>  <p><br></p> <p>Remove one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container rm [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force the removal of a running container (uses SIGKILL)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--link</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Remove the specified link</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--volumes</code> , <code class="language-plaintext highlighter-rouge">-v</code>
+</td> <td></td> <td>Remove anonymous volumes associated with the container</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_run%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_run%2Findex.html
new file mode 100644
index 00000000..c91a04cb
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_run%2Findex.html
@@ -0,0 +1,37 @@
+<h1>docker container run</h1>  <p><br></p> <p>Run a command in a new container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container run [OPTIONS] IMAGE [COMMAND] [ARG...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--add-host</code></td> <td></td> <td>Add a custom host-to-IP mapping (host:ip)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--attach</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Attach to STDIN, STDOUT or STDERR</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight</code></td> <td></td> <td>Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight-device</code></td> <td></td> <td>Block IO weight (relative device weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-add</code></td> <td></td> <td>Add Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-drop</code></td> <td></td> <td>Drop Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroup-parent</code></td> <td></td> <td>Optional parent cgroup for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroupns</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.41+</span></a><br>Cgroup namespace to use (host|private) 'host': Run the container in the Docker host's cgroup namespace 'private': Run the container in its own private cgroup namespace '': Use the cgroup namespace as configured by the default-cgroupns-mode option on the daemon (default)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cidfile</code></td> <td></td> <td>Write the container ID to the file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-count</code></td> <td></td> <td>CPU count (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-percent</code></td> <td></td> <td>CPU percent (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-period</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-quota</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-period</code></td> <td></td> <td>Limit CPU real-time period in microseconds</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-runtime</code></td> <td></td> <td>Limit CPU real-time runtime in microseconds</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--cpu-shares</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>CPU shares (relative weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpus</code></td> <td></td> <td>Number of CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-cpus</code></td> <td></td> <td>CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-mems</code></td> <td></td> <td>MEMs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--detach</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Run container in background and print container ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--detach-keys</code></td> <td></td> <td>Override the key sequence for detaching a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device</code></td> <td></td> <td>Add a host device to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-cgroup-rule</code></td> <td></td> <td>Add a rule to the cgroup allowed devices list</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-read-bps</code></td> <td></td> <td>Limit read rate (bytes per second) from a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-read-iops</code></td> <td></td> <td>Limit read rate (IO per second) from a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-write-bps</code></td> <td></td> <td>Limit write rate (bytes per second) to a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-write-iops</code></td> <td></td> <td>Limit write rate (IO per second) to a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns</code></td> <td></td> <td>Set custom DNS servers</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-opt</code></td> <td></td> <td>Set DNS options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-option</code></td> <td></td> <td>Set DNS options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-search</code></td> <td></td> <td>Set custom DNS search domains</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--domainname</code></td> <td></td> <td>Container NIS domain name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--entrypoint</code></td> <td></td> <td>Overwrite the default ENTRYPOINT of the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--env</code> , <code class="language-plaintext highlighter-rouge">-e</code>
+</td> <td></td> <td>Set environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--env-file</code></td> <td></td> <td>Read in a file of environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--expose</code></td> <td></td> <td>Expose a port or a range of ports</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--gpus</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>GPU devices to add to the container ('all' to pass all GPUs)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--group-add</code></td> <td></td> <td>Add additional groups to join</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-cmd</code></td> <td></td> <td>Command to run to check health</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-interval</code></td> <td></td> <td>Time between running the check (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-retries</code></td> <td></td> <td>Consecutive failures needed to report unhealthy</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-start-period</code></td> <td></td> <td>Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-timeout</code></td> <td></td> <td>Maximum time to allow one check to run (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--help</code></td> <td></td> <td>Print usage</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--hostname</code> , <code class="language-plaintext highlighter-rouge">-h</code>
+</td> <td></td> <td>Container host name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--init</code></td> <td></td> <td>Run an init inside the container that forwards signals and reaps processes</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--interactive</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Keep STDIN open even if not attached</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--io-maxbandwidth</code></td> <td></td> <td>Maximum IO bandwidth limit for the system drive (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--io-maxiops</code></td> <td></td> <td>Maximum IOps limit for the system drive (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip</code></td> <td></td> <td>IPv4 address (e.g., 172.30.100.104)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip6</code></td> <td></td> <td>IPv6 address (e.g., 2001:db8::33)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ipc</code></td> <td></td> <td>IPC mode to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--isolation</code></td> <td></td> <td>Container isolation technology</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kernel-memory</code></td> <td></td> <td>Kernel memory limit</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--label</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Set meta data on a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label-file</code></td> <td></td> <td>Read in a line delimited file of labels</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link</code></td> <td></td> <td>Add link to another container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link-local-ip</code></td> <td></td> <td>Container IPv4/IPv6 link-local addresses</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-driver</code></td> <td></td> <td>Logging driver for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-opt</code></td> <td></td> <td>Log driver options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mac-address</code></td> <td></td> <td>Container MAC address (e.g., 92:d0:c6:0a:29:33)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--memory</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Memory limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-reservation</code></td> <td></td> <td>Memory soft limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swap</code></td> <td></td> <td>Swap limit equal to memory plus swap: '-1' to enable unlimited swap</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swappiness</code></td> <td><code class="language-plaintext highlighter-rouge">-1</code></td> <td>Tune container memory swappiness (0 to 100)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mount</code></td> <td></td> <td>Attach a filesystem mount to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--name</code></td> <td></td> <td>Assign a name to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--net</code></td> <td></td> <td>Connect a container to a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--net-alias</code></td> <td></td> <td>Add network-scoped alias for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network</code></td> <td></td> <td>Connect a container to a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network-alias</code></td> <td></td> <td>Add network-scoped alias for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-healthcheck</code></td> <td></td> <td>Disable any container-specified HEALTHCHECK</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--oom-kill-disable</code></td> <td></td> <td>Disable OOM Killer</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--oom-score-adj</code></td> <td></td> <td>Tune host's OOM preferences (-1000 to 1000)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pid</code></td> <td></td> <td>PID namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pids-limit</code></td> <td></td> <td>Tune container pids limit (set -1 for unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>Set platform if server is multi-platform capable</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--privileged</code></td> <td></td> <td>Give extended privileges to this container</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--publish</code> , <code class="language-plaintext highlighter-rouge">-p</code>
+</td> <td></td> <td>Publish a container's port(s) to the host</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--publish-all</code> , <code class="language-plaintext highlighter-rouge">-P</code>
+</td> <td></td> <td>Publish all exposed ports to random ports</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pull</code></td> <td><code class="language-plaintext highlighter-rouge">missing</code></td> <td>Pull image before running ("always"|"missing"|"never")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--read-only</code></td> <td></td> <td>Mount the container's root filesystem as read only</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart</code></td> <td><code class="language-plaintext highlighter-rouge">no</code></td> <td>Restart policy to apply when a container exits</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rm</code></td> <td></td> <td>Automatically remove the container when it exits</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--runtime</code></td> <td></td> <td>Runtime to use for this container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--security-opt</code></td> <td></td> <td>Security Options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--shm-size</code></td> <td></td> <td>Size of /dev/shm</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sig-proxy</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Proxy received signals to the process</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-signal</code></td> <td><code class="language-plaintext highlighter-rouge">SIGTERM</code></td> <td>Signal to stop a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-timeout</code></td> <td></td> <td>Timeout (in seconds) to stop a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--storage-opt</code></td> <td></td> <td>Storage driver options for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sysctl</code></td> <td></td> <td>Sysctl options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--tmpfs</code></td> <td></td> <td>Mount a tmpfs directory</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tty</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Allocate a pseudo-TTY</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit</code></td> <td></td> <td>Ulimit options</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--user</code> , <code class="language-plaintext highlighter-rouge">-u</code>
+</td> <td></td> <td>Username or UID (format: &lt;name|uid&gt;[:&lt;group|gid&gt;])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--userns</code></td> <td></td> <td>User namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--uts</code></td> <td></td> <td>UTS namespace to use</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--volume</code> , <code class="language-plaintext highlighter-rouge">-v</code>
+</td> <td></td> <td>Bind mount a volume</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--volume-driver</code></td> <td></td> <td>Optional volume driver for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--volumes-from</code></td> <td></td> <td>Mount volumes from the specified container(s)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--workdir</code> , <code class="language-plaintext highlighter-rouge">-w</code>
+</td> <td></td> <td>Working directory inside the container</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_run/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_run/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_start%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_start%2Findex.html
new file mode 100644
index 00000000..aba39c89
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_start%2Findex.html
@@ -0,0 +1,13 @@
+<h1>docker container start</h1>  <p><br></p> <p>Start one or more stopped containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container start [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--attach</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Attach STDOUT/STDERR and forward signals</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--checkpoint</code></td> <td></td> <td>
+<a href="../dockerd/index#daemon-configuration-file" target="_blank" rel="noopener" class="_"><span class="badge badge-warning" data-toggle="tooltip" title="Read about experimental daemon options (in a new window).">experimental (daemon)</span></a><br>Restore from this checkpoint</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--checkpoint-dir</code></td> <td></td> <td>
+<a href="../dockerd/index#daemon-configuration-file" target="_blank" rel="noopener" class="_"><span class="badge badge-warning" data-toggle="tooltip" title="Read about experimental daemon options (in a new window).">experimental (daemon)</span></a><br>Use a custom checkpoint storage directory</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--detach-keys</code></td> <td></td> <td>Override the key sequence for detaching a container</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--interactive</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Attach container's STDIN</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_start/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_start/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_stats%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_stats%2Findex.html
new file mode 100644
index 00000000..e8017056
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_stats%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker container stats</h1>  <p><br></p> <p>Display a live stream of container(s) resource usage statistics</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container stats [OPTIONS] [CONTAINER...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Show all containers (default shows just running)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print images using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-stream</code></td> <td></td> <td>Disable streaming stats and only pull the first result</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Do not truncate output</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_stats/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_stats/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_stop%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_stop%2Findex.html
new file mode 100644
index 00000000..6227b9cf
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_stop%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker container stop</h1>  <p><br></p> <p>Stop one or more running containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container stop [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--time</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td><code class="language-plaintext highlighter-rouge">10</code></td> <td>Seconds to wait for stop before killing it</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_stop/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_stop/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_top%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_top%2Findex.html
new file mode 100644
index 00000000..29d08950
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_top%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker container top</h1>  <p><br></p> <p>Display the running processes of a container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container top CONTAINER [ps OPTIONS]
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_top/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_top/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_unpause%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_unpause%2Findex.html
new file mode 100644
index 00000000..50316572
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_unpause%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker container unpause</h1>  <p><br></p> <p>Unpause all processes within one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container unpause CONTAINER [CONTAINER...]
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_unpause/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_unpause/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_update%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_update%2Findex.html
new file mode 100644
index 00000000..1ffebd5f
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_update%2Findex.html
@@ -0,0 +1,12 @@
+<h1>docker container update</h1>  <p><br></p> <p>Update configuration of one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container update [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight</code></td> <td></td> <td>Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-period</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-quota</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-period</code></td> <td></td> <td>Limit the CPU real-time period in microseconds</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-runtime</code></td> <td></td> <td>Limit the CPU real-time runtime in microseconds</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--cpu-shares</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>CPU shares (relative weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpus</code></td> <td></td> <td>Number of CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-cpus</code></td> <td></td> <td>CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-mems</code></td> <td></td> <td>MEMs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kernel-memory</code></td> <td></td> <td>Kernel memory limit</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--memory</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Memory limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-reservation</code></td> <td></td> <td>Memory soft limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swap</code></td> <td></td> <td>Swap limit equal to memory plus swap: '-1' to enable unlimited swap</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pids-limit</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>Tune container pids limit (set -1 for unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart</code></td> <td></td> <td>Restart policy to apply when a container exits</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../container_wait/index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_update/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_update/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_wait%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_wait%2Findex.html
new file mode 100644
index 00000000..7f7242bd
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontainer_wait%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker container wait</h1>  <p><br></p> <p>Block until one or more containers stop, then print their exit codes</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker container wait CONTAINER [CONTAINER...]
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../container/index">docker container</a></td> <td style="text-align: left">Manage containers</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../container_attach/index">docker container attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../container_commit/index">docker container commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../container_cp/index">docker container cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../container_create/index">docker container create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../container_diff/index">docker container diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../container_exec/index">docker container exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../container_export/index">docker container export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../container_inspect/index">docker container inspect</a></td> <td>Display detailed information on one or more containers</td> </tr> <tr> <td><a href="../container_kill/index">docker container kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../container_logs/index">docker container logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../container_ls/index">docker container ls</a></td> <td>List containers</td> </tr> <tr> <td><a href="../container_pause/index">docker container pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_port/index">docker container port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../container_prune/index">docker container prune</a></td> <td>Remove all stopped containers</td> </tr> <tr> <td><a href="../container_rename/index">docker container rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../container_restart/index">docker container restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../container_rm/index">docker container rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../container_run/index">docker container run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../container_start/index">docker container start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../container_stats/index">docker container stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../container_stop/index">docker container stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../container_top/index">docker container top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../container_unpause/index">docker container unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../container_update/index">docker container update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="index">docker container wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/container_wait/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/container_wait/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext%2Findex.html
new file mode 100644
index 00000000..4da064fd
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker context</h1>  <p><br></p> <p>Manage contexts</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker context COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage contexts.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../context_create/index">docker context create</a></td> <td>Create a context</td> </tr> <tr> <td><a href="../context_export/index">docker context export</a></td> <td>Export a context to a tar or kubeconfig file</td> </tr> <tr> <td><a href="../context_import/index">docker context import</a></td> <td>Import a context from a tar or zip file</td> </tr> <tr> <td><a href="../context_inspect/index">docker context inspect</a></td> <td>Display detailed information on one or more contexts</td> </tr> <tr> <td><a href="../context_ls/index">docker context ls</a></td> <td>List contexts</td> </tr> <tr> <td><a href="../context_rm/index">docker context rm</a></td> <td>Remove one or more contexts</td> </tr> <tr> <td><a href="../context_update/index">docker context update</a></td> <td>Update a context</td> </tr> <tr> <td><a href="../context_use/index">docker context use</a></td> <td>Set the current docker context</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/context/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/context/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_create%2Findex.html
new file mode 100644
index 00000000..8fa4d0bc
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_create%2Findex.html
@@ -0,0 +1,25 @@
+<h1>docker context create</h1>  <p><br></p> <p>Create a context</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker context create [OPTIONS] CONTEXT
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Creates a new <code class="language-plaintext highlighter-rouge">context</code>. This allows you to quickly switch the cli configuration to connect to different clusters or single nodes.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--default-stack-orchestrator</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><br>Default orchestrator for stack operations to use with this context (swarm|kubernetes|all)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--description</code></td> <td></td> <td>Description of the context</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--docker</code></td> <td></td> <td>set the docker endpoint</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--from</code></td> <td></td> <td>create context from a named context</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kubernetes</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>set the kubernetes endpoint</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="create-a-context-with-a-docker-and-kubernetes-endpoint">Create a context with a docker and kubernetes endpoint</h3> <p>To create a context from scratch provide the docker and, if required, kubernetes options. The example below creates the context <code class="language-plaintext highlighter-rouge">my-context</code> with a docker endpoint of <code class="language-plaintext highlighter-rouge">/var/run/docker.sock</code> and a kubernetes configuration sourced from the file <code class="language-plaintext highlighter-rouge">/home/me/my-kube-config</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context create \
+    --docker host=unix:///var/run/docker.sock \
+    --kubernetes config-file=/home/me/my-kube-config \
+    my-context
+</pre></div> <h3 id="create-a-context-based-on-an-existing-context">Create a context based on an existing context</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--from=&lt;context-name&gt;</code> option to create a new context from an existing context. The example below creates a new context named <code class="language-plaintext highlighter-rouge">my-context</code> from the existing context <code class="language-plaintext highlighter-rouge">existing-context</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context create --from existing-context my-context
+</pre></div> <p>If the <code class="language-plaintext highlighter-rouge">--from</code> option is not set, the <code class="language-plaintext highlighter-rouge">context</code> is created from the current context:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context create my-context
+</pre></div> <p>This can be used to create a context out of an existing <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code> based script:</p> <div class="highlight"><pre class="highlight" data-language="">$ source my-setup-script.sh
+$ docker context create my-context
+</pre></div> <p>To source only the <code class="language-plaintext highlighter-rouge">docker</code> endpoint configuration from an existing context use the <code class="language-plaintext highlighter-rouge">--docker from=&lt;context-name&gt;</code> option. The example below creates a new context named <code class="language-plaintext highlighter-rouge">my-context</code> using the docker endpoint configuration from the existing context <code class="language-plaintext highlighter-rouge">existing-context</code> and a kubernetes configuration sourced from the file <code class="language-plaintext highlighter-rouge">/home/me/my-kube-config</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context create \
+    --docker from=existing-context \
+    --kubernetes config-file=/home/me/my-kube-config \
+    my-context
+</pre></div> <p>To source only the <code class="language-plaintext highlighter-rouge">kubernetes</code> configuration from an existing context use the <code class="language-plaintext highlighter-rouge">--kubernetes from=&lt;context-name&gt;</code> option. The example below creates a new context named <code class="language-plaintext highlighter-rouge">my-context</code> using the kuberentes configuration from the existing context <code class="language-plaintext highlighter-rouge">existing-context</code> and a docker endpoint of <code class="language-plaintext highlighter-rouge">/var/run/docker.sock</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context create \
+    --docker host=unix:///var/run/docker.sock \
+    --kubernetes from=existing-context \
+    my-context
+</pre></div> <p>Docker and Kubernetes endpoints configurations, as well as default stack orchestrator and description can be modified with <code class="language-plaintext highlighter-rouge">docker context update</code>.</p> <p>Refer to the <a href="../context_update/index"><code class="language-plaintext highlighter-rouge">docker context update</code> reference</a> for details.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../context/index">docker context</a></td> <td style="text-align: left">Manage contexts</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker context create</a></td> <td>Create a context</td> </tr> <tr> <td><a href="../context_export/index">docker context export</a></td> <td>Export a context to a tar or kubeconfig file</td> </tr> <tr> <td><a href="../context_import/index">docker context import</a></td> <td>Import a context from a tar or zip file</td> </tr> <tr> <td><a href="../context_inspect/index">docker context inspect</a></td> <td>Display detailed information on one or more contexts</td> </tr> <tr> <td><a href="../context_ls/index">docker context ls</a></td> <td>List contexts</td> </tr> <tr> <td><a href="../context_rm/index">docker context rm</a></td> <td>Remove one or more contexts</td> </tr> <tr> <td><a href="../context_update/index">docker context update</a></td> <td>Update a context</td> </tr> <tr> <td><a href="../context_use/index">docker context use</a></td> <td>Set the current docker context</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/context_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/context_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_export%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_export%2Findex.html
new file mode 100644
index 00000000..06418070
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_export%2Findex.html
@@ -0,0 +1,8 @@
+<h1>docker context export</h1>  <p><br></p> <p>Export a context to a tar or kubeconfig file</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker context export [OPTIONS] CONTEXT [FILE|-]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Exports a context in a file that can then be used with <code class="language-plaintext highlighter-rouge">docker context import</code> (or with <code class="language-plaintext highlighter-rouge">kubectl</code> if <code class="language-plaintext highlighter-rouge">--kubeconfig</code> is set). Default output filename is <code class="language-plaintext highlighter-rouge">&lt;CONTEXT&gt;.dockercontext</code>, or <code class="language-plaintext highlighter-rouge">&lt;CONTEXT&gt;.kubeconfig</code> if <code class="language-plaintext highlighter-rouge">--kubeconfig</code> is set. To export to <code class="language-plaintext highlighter-rouge">STDOUT</code>, you can run <code class="language-plaintext highlighter-rouge">docker context export my-context -</code>.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--kubeconfig</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Export as a kubeconfig file</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../context/index">docker context</a></td> <td style="text-align: left">Manage contexts</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../context_create/index">docker context create</a></td> <td>Create a context</td> </tr> <tr> <td><a href="index">docker context export</a></td> <td>Export a context to a tar or kubeconfig file</td> </tr> <tr> <td><a href="../context_import/index">docker context import</a></td> <td>Import a context from a tar or zip file</td> </tr> <tr> <td><a href="../context_inspect/index">docker context inspect</a></td> <td>Display detailed information on one or more contexts</td> </tr> <tr> <td><a href="../context_ls/index">docker context ls</a></td> <td>List contexts</td> </tr> <tr> <td><a href="../context_rm/index">docker context rm</a></td> <td>Remove one or more contexts</td> </tr> <tr> <td><a href="../context_update/index">docker context update</a></td> <td>Update a context</td> </tr> <tr> <td><a href="../context_use/index">docker context use</a></td> <td>Set the current docker context</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/context_export/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/context_export/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_import%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_import%2Findex.html
new file mode 100644
index 00000000..c01e59cd
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_import%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker context import</h1>  <p><br></p> <p>Import a context from a tar or zip file</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker context import CONTEXT FILE|-
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Imports a context previously exported with <code class="language-plaintext highlighter-rouge">docker context export</code>. To import from stdin, use a hyphen (<code class="language-plaintext highlighter-rouge">-</code>) as filename.</p>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../context/index">docker context</a></td> <td style="text-align: left">Manage contexts</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../context_create/index">docker context create</a></td> <td>Create a context</td> </tr> <tr> <td><a href="../context_export/index">docker context export</a></td> <td>Export a context to a tar or kubeconfig file</td> </tr> <tr> <td><a href="index">docker context import</a></td> <td>Import a context from a tar or zip file</td> </tr> <tr> <td><a href="../context_inspect/index">docker context inspect</a></td> <td>Display detailed information on one or more contexts</td> </tr> <tr> <td><a href="../context_ls/index">docker context ls</a></td> <td>List contexts</td> </tr> <tr> <td><a href="../context_rm/index">docker context rm</a></td> <td>Remove one or more contexts</td> </tr> <tr> <td><a href="../context_update/index">docker context update</a></td> <td>Update a context</td> </tr> <tr> <td><a href="../context_use/index">docker context use</a></td> <td>Set the current docker context</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/context_import/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/context_import/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_inspect%2Findex.html
new file mode 100644
index 00000000..c11ea1a6
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_inspect%2Findex.html
@@ -0,0 +1,42 @@
+<h1>docker context inspect</h1>  <p><br></p> <p>Display detailed information on one or more contexts</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker context inspect [OPTIONS] [CONTEXT] [CONTEXT...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Inspects one or more contexts.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="inspect-a-context-by-name">Inspect a context by name</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker context inspect "local+aks"
+
+[
+  {
+    "Name": "local+aks",
+    "Metadata": {
+      "Description": "Local Docker Engine + Azure AKS endpoint",
+      "StackOrchestrator": "kubernetes"
+    },
+    "Endpoints": {
+      "docker": {
+        "Host": "npipe:////./pipe/docker_engine",
+        "SkipTLSVerify": false
+      },
+      "kubernetes": {
+        "Host": "https://simon-aks-***.hcp.uksouth.azmk8s.io:443",
+        "SkipTLSVerify": false,
+        "DefaultNamespace": "default"
+      }
+    },
+    "TLSMaterial": {
+      "kubernetes": [
+        "ca.pem",
+        "cert.pem",
+        "key.pem"
+      ]
+    },
+    "Storage": {
+      "MetadataPath": "C:\\Users\\simon\\.docker\\contexts\\meta\\cb6d08c0a1bfa5fe6f012e61a442788c00bed93f509141daff05f620fc54ddee",
+      "TLSPath": "C:\\Users\\simon\\.docker\\contexts\\tls\\cb6d08c0a1bfa5fe6f012e61a442788c00bed93f509141daff05f620fc54ddee"
+    }
+  }
+]
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../context/index">docker context</a></td> <td style="text-align: left">Manage contexts</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../context_create/index">docker context create</a></td> <td>Create a context</td> </tr> <tr> <td><a href="../context_export/index">docker context export</a></td> <td>Export a context to a tar or kubeconfig file</td> </tr> <tr> <td><a href="../context_import/index">docker context import</a></td> <td>Import a context from a tar or zip file</td> </tr> <tr> <td><a href="index">docker context inspect</a></td> <td>Display detailed information on one or more contexts</td> </tr> <tr> <td><a href="../context_ls/index">docker context ls</a></td> <td>List contexts</td> </tr> <tr> <td><a href="../context_rm/index">docker context rm</a></td> <td>Remove one or more contexts</td> </tr> <tr> <td><a href="../context_update/index">docker context update</a></td> <td>Update a context</td> </tr> <tr> <td><a href="../context_use/index">docker context use</a></td> <td>Set the current docker context</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/context_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/context_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_ls%2Findex.html
new file mode 100644
index 00000000..636c24b0
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_ls%2Findex.html
@@ -0,0 +1,15 @@
+<h1>docker context ls</h1>  <p><br></p> <p>List contexts</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker context ls [OPTIONS]
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print contexts using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only show context names</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>Use <code class="language-plaintext highlighter-rouge">docker context ls</code> to print all contexts. The currently active context is indicated with an <code class="language-plaintext highlighter-rouge">*</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context ls
+
+NAME                DESCRIPTION                               DOCKER ENDPOINT                      KUBERNETES ENDPOINT   ORCHESTRATOR
+default *           Current DOCKER_HOST based configuration   unix:///var/run/docker.sock                                swarm
+production                                                    tcp:///prod.corp.example.com:2376
+staging                                                       tcp:///stage.corp.example.com:2376
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../context/index">docker context</a></td> <td style="text-align: left">Manage contexts</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../context_create/index">docker context create</a></td> <td>Create a context</td> </tr> <tr> <td><a href="../context_export/index">docker context export</a></td> <td>Export a context to a tar or kubeconfig file</td> </tr> <tr> <td><a href="../context_import/index">docker context import</a></td> <td>Import a context from a tar or zip file</td> </tr> <tr> <td><a href="../context_inspect/index">docker context inspect</a></td> <td>Display detailed information on one or more contexts</td> </tr> <tr> <td><a href="index">docker context ls</a></td> <td>List contexts</td> </tr> <tr> <td><a href="../context_rm/index">docker context rm</a></td> <td>Remove one or more contexts</td> </tr> <tr> <td><a href="../context_update/index">docker context update</a></td> <td>Update a context</td> </tr> <tr> <td><a href="../context_use/index">docker context use</a></td> <td>Set the current docker context</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/context_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/context_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_rm%2Findex.html
new file mode 100644
index 00000000..8b45c22d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_rm%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker context rm</h1>  <p><br></p> <p>Remove one or more contexts</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker context rm CONTEXT [CONTEXT...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force the removal of a context in use</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../context/index">docker context</a></td> <td style="text-align: left">Manage contexts</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../context_create/index">docker context create</a></td> <td>Create a context</td> </tr> <tr> <td><a href="../context_export/index">docker context export</a></td> <td>Export a context to a tar or kubeconfig file</td> </tr> <tr> <td><a href="../context_import/index">docker context import</a></td> <td>Import a context from a tar or zip file</td> </tr> <tr> <td><a href="../context_inspect/index">docker context inspect</a></td> <td>Display detailed information on one or more contexts</td> </tr> <tr> <td><a href="../context_ls/index">docker context ls</a></td> <td>List contexts</td> </tr> <tr> <td><a href="index">docker context rm</a></td> <td>Remove one or more contexts</td> </tr> <tr> <td><a href="../context_update/index">docker context update</a></td> <td>Update a context</td> </tr> <tr> <td><a href="../context_use/index">docker context use</a></td> <td>Set the current docker context</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/context_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/context_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_update%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_update%2Findex.html
new file mode 100644
index 00000000..f6088802
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_update%2Findex.html
@@ -0,0 +1,13 @@
+<h1>docker context update</h1>  <p><br></p> <p>Update a context</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker context update [OPTIONS] CONTEXT
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Updates an existing <code class="language-plaintext highlighter-rouge">context</code>. See <a href="../context_create/index">context create</a>.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--default-stack-orchestrator</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><br>Default orchestrator for stack operations to use with this context (swarm|kubernetes|all)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--description</code></td> <td></td> <td>Description of the context</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--docker</code></td> <td></td> <td>set the docker endpoint</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kubernetes</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>set the kubernetes endpoint</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="update-an-existing-context">Update an existing context</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker context update \
+    --description "some description" \
+    --docker "host=tcp://myserver:2376,ca=~/ca-file,cert=~/cert-file,key=~/key-file" \
+    my-context
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../context/index">docker context</a></td> <td style="text-align: left">Manage contexts</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../context_create/index">docker context create</a></td> <td>Create a context</td> </tr> <tr> <td><a href="../context_export/index">docker context export</a></td> <td>Export a context to a tar or kubeconfig file</td> </tr> <tr> <td><a href="../context_import/index">docker context import</a></td> <td>Import a context from a tar or zip file</td> </tr> <tr> <td><a href="../context_inspect/index">docker context inspect</a></td> <td>Display detailed information on one or more contexts</td> </tr> <tr> <td><a href="../context_ls/index">docker context ls</a></td> <td>List contexts</td> </tr> <tr> <td><a href="../context_rm/index">docker context rm</a></td> <td>Remove one or more contexts</td> </tr> <tr> <td><a href="index">docker context update</a></td> <td>Update a context</td> </tr> <tr> <td><a href="../context_use/index">docker context use</a></td> <td>Set the current docker context</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/context_update/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/context_update/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_use%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_use%2Findex.html
new file mode 100644
index 00000000..53fbba5a
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcontext_use%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker context use</h1>  <p><br></p> <p>Set the current docker context</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker context use CONTEXT
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Set the default context to use, when <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code>, <code class="language-plaintext highlighter-rouge">DOCKER_CONTEXT</code> environment variables and <code class="language-plaintext highlighter-rouge">--host</code>, <code class="language-plaintext highlighter-rouge">--context</code> global options are not set. To disable usage of contexts, you can use the special <code class="language-plaintext highlighter-rouge">default</code> context.</p>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../context/index">docker context</a></td> <td style="text-align: left">Manage contexts</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../context_create/index">docker context create</a></td> <td>Create a context</td> </tr> <tr> <td><a href="../context_export/index">docker context export</a></td> <td>Export a context to a tar or kubeconfig file</td> </tr> <tr> <td><a href="../context_import/index">docker context import</a></td> <td>Import a context from a tar or zip file</td> </tr> <tr> <td><a href="../context_inspect/index">docker context inspect</a></td> <td>Display detailed information on one or more contexts</td> </tr> <tr> <td><a href="../context_ls/index">docker context ls</a></td> <td>List contexts</td> </tr> <tr> <td><a href="../context_rm/index">docker context rm</a></td> <td>Remove one or more contexts</td> </tr> <tr> <td><a href="../context_update/index">docker context update</a></td> <td>Update a context</td> </tr> <tr> <td><a href="index">docker context use</a></td> <td>Set the current docker context</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/context_use/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/context_use/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcp%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcp%2Findex.html
new file mode 100644
index 00000000..a23ca6bb
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcp%2Findex.html
@@ -0,0 +1,32 @@
+<h1>docker cp</h1>  <p><br></p> <p>Copy files/folders between a container and the local filesystem</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
+docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker cp</code> utility copies the contents of <code class="language-plaintext highlighter-rouge">SRC_PATH</code> to the <code class="language-plaintext highlighter-rouge">DEST_PATH</code>. You can copy from the container’s file system to the local machine or the reverse, from the local filesystem to the container. If <code class="language-plaintext highlighter-rouge">-</code> is specified for either the <code class="language-plaintext highlighter-rouge">SRC_PATH</code> or <code class="language-plaintext highlighter-rouge">DEST_PATH</code>, you can also stream a tar archive from <code class="language-plaintext highlighter-rouge">STDIN</code> or to <code class="language-plaintext highlighter-rouge">STDOUT</code>. The <code class="language-plaintext highlighter-rouge">CONTAINER</code> can be a running or stopped container. The <code class="language-plaintext highlighter-rouge">SRC_PATH</code> or <code class="language-plaintext highlighter-rouge">DEST_PATH</code> can be a file or directory.</p> <p>The <code class="language-plaintext highlighter-rouge">docker cp</code> command assumes container paths are relative to the container’s <code class="language-plaintext highlighter-rouge">/</code> (root) directory. This means supplying the initial forward slash is optional; The command sees <code class="language-plaintext highlighter-rouge">compassionate_darwin:/tmp/foo/myfile.txt</code> and <code class="language-plaintext highlighter-rouge">compassionate_darwin:tmp/foo/myfile.txt</code> as identical. Local machine paths can be an absolute or relative value. The command interprets a local machine’s relative paths as relative to the current working directory where <code class="language-plaintext highlighter-rouge">docker cp</code> is run.</p> <p>The <code class="language-plaintext highlighter-rouge">cp</code> command behaves like the Unix <code class="language-plaintext highlighter-rouge">cp -a</code> command in that directories are copied recursively with permissions preserved if possible. Ownership is set to the user and primary group at the destination. For example, files copied to a container are created with <code class="language-plaintext highlighter-rouge">UID:GID</code> of the root user. Files copied to the local machine are created with the <code class="language-plaintext highlighter-rouge">UID:GID</code> of the user which invoked the <code class="language-plaintext highlighter-rouge">docker cp</code> command. However, if you specify the <code class="language-plaintext highlighter-rouge">-a</code> option, <code class="language-plaintext highlighter-rouge">docker cp</code> sets the ownership to the user and primary group at the source. If you specify the <code class="language-plaintext highlighter-rouge">-L</code> option, <code class="language-plaintext highlighter-rouge">docker cp</code> follows any symbolic link in the <code class="language-plaintext highlighter-rouge">SRC_PATH</code>. <code class="language-plaintext highlighter-rouge">docker cp</code> does <em>not</em> create parent directories for <code class="language-plaintext highlighter-rouge">DEST_PATH</code> if they do not exist.</p> <p>Assuming a path separator of <code class="language-plaintext highlighter-rouge">/</code>, a first argument of <code class="language-plaintext highlighter-rouge">SRC_PATH</code> and second argument of <code class="language-plaintext highlighter-rouge">DEST_PATH</code>, the behavior is as follows:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">SRC_PATH</code> specifies a file <ul> <li>
+<code class="language-plaintext highlighter-rouge">DEST_PATH</code> does not exist <ul> <li>the file is saved to a file created at <code class="language-plaintext highlighter-rouge">DEST_PATH</code>
+</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">DEST_PATH</code> does not exist and ends with <code class="language-plaintext highlighter-rouge">/</code> <ul> <li>Error condition: the destination directory must exist.</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">DEST_PATH</code> exists and is a file <ul> <li>the destination is overwritten with the source file’s contents</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">DEST_PATH</code> exists and is a directory <ul> <li>the file is copied into this directory using the basename from <code class="language-plaintext highlighter-rouge">SRC_PATH</code>
+</li> </ul> </li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">SRC_PATH</code> specifies a directory <ul> <li>
+<code class="language-plaintext highlighter-rouge">DEST_PATH</code> does not exist <ul> <li>
+<code class="language-plaintext highlighter-rouge">DEST_PATH</code> is created as a directory and the <em>contents</em> of the source directory are copied into this directory</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">DEST_PATH</code> exists and is a file <ul> <li>Error condition: cannot copy a directory to a file</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">DEST_PATH</code> exists and is a directory <ul> <li>
+<code class="language-plaintext highlighter-rouge">SRC_PATH</code> does not end with <code class="language-plaintext highlighter-rouge">/.</code> (that is: <em>slash</em> followed by <em>dot</em>) <ul> <li>the source directory is copied into this directory</li> </ul> </li> <li>
+<code class="language-plaintext highlighter-rouge">SRC_PATH</code> does end with <code class="language-plaintext highlighter-rouge">/.</code> (that is: <em>slash</em> followed by <em>dot</em>) <ul> <li>the <em>content</em> of the source directory is copied into this directory</li> </ul> </li> </ul> </li> </ul> </li> </ul> <p>The command requires <code class="language-plaintext highlighter-rouge">SRC_PATH</code> and <code class="language-plaintext highlighter-rouge">DEST_PATH</code> to exist according to the above rules. If <code class="language-plaintext highlighter-rouge">SRC_PATH</code> is local and is a symbolic link, the symbolic link, not the target, is copied by default. To copy the link target and not the link, specify the <code class="language-plaintext highlighter-rouge">-L</code> option.</p> <p>A colon (<code class="language-plaintext highlighter-rouge">:</code>) is used as a delimiter between <code class="language-plaintext highlighter-rouge">CONTAINER</code> and its path. You can also use <code class="language-plaintext highlighter-rouge">:</code> when specifying paths to a <code class="language-plaintext highlighter-rouge">SRC_PATH</code> or <code class="language-plaintext highlighter-rouge">DEST_PATH</code> on a local machine, for example <code class="language-plaintext highlighter-rouge">file:name.txt</code>. If you use a <code class="language-plaintext highlighter-rouge">:</code> in a local machine path, you must be explicit with a relative or absolute path, for example:</p> <div class="highlight"><pre class="highlight" data-language="">`/path/to/file:name.txt` or `./file:name.txt`
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--archive</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Archive mode (copy all uid/gid information)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--follow-link</code> , <code class="language-plaintext highlighter-rouge">-L</code>
+</td> <td></td> <td>Always follow symbol link in SRC_PATH</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>Copy a local file into container</p> <div class="highlight"><pre class="highlight" data-language="">$ docker cp ./some_file CONTAINER:/work
+</pre></div> <p>Copy files from container to local path</p> <div class="highlight"><pre class="highlight" data-language="">$ docker cp CONTAINER:/var/logs/ /tmp/app_logs
+</pre></div> <p>Copy a file from container to stdout. Please note <code class="language-plaintext highlighter-rouge">cp</code> command produces a tar stream</p> <div class="highlight"><pre class="highlight" data-language="">$ docker cp CONTAINER:/var/logs/app.log - | tar x -O | grep "ERROR"
+</pre></div> <h3 id="corner-cases">Corner cases</h3> <p>It is not possible to copy certain system files such as resources under <code class="language-plaintext highlighter-rouge">/proc</code>, <code class="language-plaintext highlighter-rouge">/sys</code>, <code class="language-plaintext highlighter-rouge">/dev</code>, <a href="../run/index#mount-tmpfs---tmpfs">tmpfs</a>, and mounts created by the user in the container. However, you can still copy such files by manually running <code class="language-plaintext highlighter-rouge">tar</code> in <code class="language-plaintext highlighter-rouge">docker exec</code>. Both of the following examples do the same thing in different ways (consider <code class="language-plaintext highlighter-rouge">SRC_PATH</code> and <code class="language-plaintext highlighter-rouge">DEST_PATH</code> are directories):</p> <div class="highlight"><pre class="highlight" data-language="">$ docker exec CONTAINER tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH -
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i CONTAINER tar Cxf DEST_PATH -
+</pre></div> <p>Using <code class="language-plaintext highlighter-rouge">-</code> as the <code class="language-plaintext highlighter-rouge">SRC_PATH</code> streams the contents of <code class="language-plaintext highlighter-rouge">STDIN</code> as a tar archive. The command extracts the content of the tar to the <code class="language-plaintext highlighter-rouge">DEST_PATH</code> in container’s filesystem. In this case, <code class="language-plaintext highlighter-rouge">DEST_PATH</code> must specify a directory. Using <code class="language-plaintext highlighter-rouge">-</code> as the <code class="language-plaintext highlighter-rouge">DEST_PATH</code> streams the contents of the resource as a tar archive to <code class="language-plaintext highlighter-rouge">STDOUT</code>.</p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/cp/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/cp/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fcreate%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcreate%2Findex.html
new file mode 100644
index 00000000..940850dd
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fcreate%2Findex.html
@@ -0,0 +1,69 @@
+<h1>docker create</h1>  <p><br></p> <p>Create a new container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker container create</code> (or shorthand: <code class="language-plaintext highlighter-rouge">docker create</code>) command creates a new container from the specified image, without starting it.</p> <p>When creating a container, the docker daemon creates a writeable container layer over the specified image and prepares it for running the specified command. The container ID is then printed to <code class="language-plaintext highlighter-rouge">STDOUT</code>. This is similar to <code class="language-plaintext highlighter-rouge">docker run -d</code> except the container is never started. You can then use the <code class="language-plaintext highlighter-rouge">docker container start</code> (or shorthand: <code class="language-plaintext highlighter-rouge">docker start</code>) command to start the container at any point.</p> <p>This is useful when you want to set up a container configuration ahead of time so that it is ready to start when you need it. The initial status of the new container is <code class="language-plaintext highlighter-rouge">created</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">docker create</code> command shares most of its options with the <code class="language-plaintext highlighter-rouge">docker run</code> command (which performs a <code class="language-plaintext highlighter-rouge">docker create</code> before starting it). Refer to the <a href="../run/index"><code class="language-plaintext highlighter-rouge">docker run</code> command</a> section and the <a href="../../run/index">Docker run reference</a> for details on the available flags and options.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--add-host</code></td> <td></td> <td>Add a custom host-to-IP mapping (host:ip)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--attach</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Attach to STDIN, STDOUT or STDERR</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight</code></td> <td></td> <td>Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight-device</code></td> <td></td> <td>Block IO weight (relative device weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-add</code></td> <td></td> <td>Add Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-drop</code></td> <td></td> <td>Drop Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroup-parent</code></td> <td></td> <td>Optional parent cgroup for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroupns</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.41+</span></a><br>Cgroup namespace to use (host|private) 'host': Run the container in the Docker host's cgroup namespace 'private': Run the container in its own private cgroup namespace '': Use the cgroup namespace as configured by the default-cgroupns-mode option on the daemon (default)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cidfile</code></td> <td></td> <td>Write the container ID to the file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-count</code></td> <td></td> <td>CPU count (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-percent</code></td> <td></td> <td>CPU percent (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-period</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-quota</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-period</code></td> <td></td> <td>Limit CPU real-time period in microseconds</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-runtime</code></td> <td></td> <td>Limit CPU real-time runtime in microseconds</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--cpu-shares</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>CPU shares (relative weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpus</code></td> <td></td> <td>Number of CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-cpus</code></td> <td></td> <td>CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-mems</code></td> <td></td> <td>MEMs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device</code></td> <td></td> <td>Add a host device to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-cgroup-rule</code></td> <td></td> <td>Add a rule to the cgroup allowed devices list</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-read-bps</code></td> <td></td> <td>Limit read rate (bytes per second) from a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-read-iops</code></td> <td></td> <td>Limit read rate (IO per second) from a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-write-bps</code></td> <td></td> <td>Limit write rate (bytes per second) to a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-write-iops</code></td> <td></td> <td>Limit write rate (IO per second) to a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns</code></td> <td></td> <td>Set custom DNS servers</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-opt</code></td> <td></td> <td>Set DNS options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-option</code></td> <td></td> <td>Set DNS options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-search</code></td> <td></td> <td>Set custom DNS search domains</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--domainname</code></td> <td></td> <td>Container NIS domain name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--entrypoint</code></td> <td></td> <td>Overwrite the default ENTRYPOINT of the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--env</code> , <code class="language-plaintext highlighter-rouge">-e</code>
+</td> <td></td> <td>Set environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--env-file</code></td> <td></td> <td>Read in a file of environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--expose</code></td> <td></td> <td>Expose a port or a range of ports</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--gpus</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>GPU devices to add to the container ('all' to pass all GPUs)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--group-add</code></td> <td></td> <td>Add additional groups to join</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-cmd</code></td> <td></td> <td>Command to run to check health</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-interval</code></td> <td></td> <td>Time between running the check (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-retries</code></td> <td></td> <td>Consecutive failures needed to report unhealthy</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-start-period</code></td> <td></td> <td>Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-timeout</code></td> <td></td> <td>Maximum time to allow one check to run (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--help</code></td> <td></td> <td>Print usage</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--hostname</code> , <code class="language-plaintext highlighter-rouge">-h</code>
+</td> <td></td> <td>Container host name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--init</code></td> <td></td> <td>Run an init inside the container that forwards signals and reaps processes</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--interactive</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Keep STDIN open even if not attached</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--io-maxbandwidth</code></td> <td></td> <td>Maximum IO bandwidth limit for the system drive (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--io-maxiops</code></td> <td></td> <td>Maximum IOps limit for the system drive (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip</code></td> <td></td> <td>IPv4 address (e.g., 172.30.100.104)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip6</code></td> <td></td> <td>IPv6 address (e.g., 2001:db8::33)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ipc</code></td> <td></td> <td>IPC mode to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--isolation</code></td> <td></td> <td>Container isolation technology</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kernel-memory</code></td> <td></td> <td>Kernel memory limit</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--label</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Set meta data on a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label-file</code></td> <td></td> <td>Read in a line delimited file of labels</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link</code></td> <td></td> <td>Add link to another container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link-local-ip</code></td> <td></td> <td>Container IPv4/IPv6 link-local addresses</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-driver</code></td> <td></td> <td>Logging driver for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-opt</code></td> <td></td> <td>Log driver options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mac-address</code></td> <td></td> <td>Container MAC address (e.g., 92:d0:c6:0a:29:33)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--memory</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Memory limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-reservation</code></td> <td></td> <td>Memory soft limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swap</code></td> <td></td> <td>Swap limit equal to memory plus swap: '-1' to enable unlimited swap</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swappiness</code></td> <td><code class="language-plaintext highlighter-rouge">-1</code></td> <td>Tune container memory swappiness (0 to 100)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mount</code></td> <td></td> <td>Attach a filesystem mount to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--name</code></td> <td></td> <td>Assign a name to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--net</code></td> <td></td> <td>Connect a container to a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--net-alias</code></td> <td></td> <td>Add network-scoped alias for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network</code></td> <td></td> <td>Connect a container to a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network-alias</code></td> <td></td> <td>Add network-scoped alias for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-healthcheck</code></td> <td></td> <td>Disable any container-specified HEALTHCHECK</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--oom-kill-disable</code></td> <td></td> <td>Disable OOM Killer</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--oom-score-adj</code></td> <td></td> <td>Tune host's OOM preferences (-1000 to 1000)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pid</code></td> <td></td> <td>PID namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pids-limit</code></td> <td></td> <td>Tune container pids limit (set -1 for unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>Set platform if server is multi-platform capable</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--privileged</code></td> <td></td> <td>Give extended privileges to this container</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--publish</code> , <code class="language-plaintext highlighter-rouge">-p</code>
+</td> <td></td> <td>Publish a container's port(s) to the host</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--publish-all</code> , <code class="language-plaintext highlighter-rouge">-P</code>
+</td> <td></td> <td>Publish all exposed ports to random ports</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pull</code></td> <td><code class="language-plaintext highlighter-rouge">missing</code></td> <td>Pull image before creating ("always"|"missing"|"never")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--read-only</code></td> <td></td> <td>Mount the container's root filesystem as read only</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart</code></td> <td><code class="language-plaintext highlighter-rouge">no</code></td> <td>Restart policy to apply when a container exits</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rm</code></td> <td></td> <td>Automatically remove the container when it exits</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--runtime</code></td> <td></td> <td>Runtime to use for this container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--security-opt</code></td> <td></td> <td>Security Options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--shm-size</code></td> <td></td> <td>Size of /dev/shm</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-signal</code></td> <td><code class="language-plaintext highlighter-rouge">SIGTERM</code></td> <td>Signal to stop a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-timeout</code></td> <td></td> <td>Timeout (in seconds) to stop a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--storage-opt</code></td> <td></td> <td>Storage driver options for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sysctl</code></td> <td></td> <td>Sysctl options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--tmpfs</code></td> <td></td> <td>Mount a tmpfs directory</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tty</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Allocate a pseudo-TTY</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit</code></td> <td></td> <td>Ulimit options</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--user</code> , <code class="language-plaintext highlighter-rouge">-u</code>
+</td> <td></td> <td>Username or UID (format: &lt;name|uid&gt;[:&lt;group|gid&gt;])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--userns</code></td> <td></td> <td>User namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--uts</code></td> <td></td> <td>UTS namespace to use</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--volume</code> , <code class="language-plaintext highlighter-rouge">-v</code>
+</td> <td></td> <td>Bind mount a volume</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--volume-driver</code></td> <td></td> <td>Optional volume driver for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--volumes-from</code></td> <td></td> <td>Mount volumes from the specified container(s)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--workdir</code> , <code class="language-plaintext highlighter-rouge">-w</code>
+</td> <td></td> <td>Working directory inside the container</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="create-and-start-a-container">Create and start a container</h3> <p>The following example creates an interactive container with a pseudo-TTY attached, then starts the container and attaches to it:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker container create -i -t --name mycontainer alpine
+6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752
+
+$ docker container start --attach -i mycontainer
+/ # echo hello world
+hello world
+</pre></div> <p>The above is the equivalent of a <code class="language-plaintext highlighter-rouge">docker run</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --name mycontainer2 alpine
+/ # echo hello world
+hello world
+</pre></div> <h3 id="initialize-volumes">Initialize volumes</h3> <p>Container volumes are initialized during the <code class="language-plaintext highlighter-rouge">docker create</code> phase (i.e., <code class="language-plaintext highlighter-rouge">docker run</code> too). For example, this allows you to <code class="language-plaintext highlighter-rouge">create</code> the <code class="language-plaintext highlighter-rouge">data</code> volume container, and then use it from another container:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker create -v /data --name data ubuntu
+
+240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57
+
+$ docker run --rm --volumes-from data ubuntu ls -la /data
+
+total 8
+drwxr-xr-x  2 root root 4096 Dec  5 04:10 .
+drwxr-xr-x 48 root root 4096 Dec  5 04:11 ..
+</pre></div> <p>Similarly, <code class="language-plaintext highlighter-rouge">create</code> a host directory bind mounted volume container, which can then be used from the subsequent container:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker create -v /home/docker:/docker --name docker ubuntu
+
+9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03
+
+$ docker run --rm --volumes-from docker ubuntu ls -la /docker
+
+total 20
+drwxr-sr-x  5 1000 staff  180 Dec  5 04:00 .
+drwxr-xr-x 48 root root  4096 Dec  5 04:13 ..
+-rw-rw-r--  1 1000 staff 3833 Dec  5 04:01 .ash_history
+-rw-r--r--  1 1000 staff  446 Nov 28 11:51 .ashrc
+-rw-r--r--  1 1000 staff   25 Dec  5 04:00 .gitconfig
+drwxr-sr-x  3 1000 staff   60 Dec  1 03:28 .local
+-rw-r--r--  1 1000 staff  920 Nov 28 11:51 .profile
+drwx--S---  2 1000 staff  460 Dec  5 00:51 .ssh
+drwxr-xr-x 32 1000 staff 1140 Dec  5 04:01 docker
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fdiff%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fdiff%2Findex.html
new file mode 100644
index 00000000..a99adac7
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fdiff%2Findex.html
@@ -0,0 +1,28 @@
+<h1>docker diff</h1>  <p><br></p> <p>Inspect changes to files or directories on a container’s filesystem</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker diff CONTAINER
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">List the changed files and directories in a container᾿s filesystem since the container was created. Three different types of change are tracked:</p> <table> <thead> <tr> <th>Symbol</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">A</code></td> <td>A file or directory was added</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">D</code></td> <td>A file or directory was deleted</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">C</code></td> <td>A file or directory was changed</td> </tr> </tbody> </table> <p>You can use the full or shortened container ID or the container name set using <code class="language-plaintext highlighter-rouge">docker run --name</code> option.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <p>Inspect the changes to an <code class="language-plaintext highlighter-rouge">nginx</code> container:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker diff 1fdfd1f54c1b
+
+C /dev
+C /dev/console
+C /dev/core
+C /dev/stdout
+C /dev/fd
+C /dev/ptmx
+C /dev/stderr
+C /dev/stdin
+C /run
+A /run/nginx.pid
+C /var/lib/nginx/tmp
+A /var/lib/nginx/tmp/client_body
+A /var/lib/nginx/tmp/fastcgi
+A /var/lib/nginx/tmp/proxy
+A /var/lib/nginx/tmp/scgi
+A /var/lib/nginx/tmp/uwsgi
+C /var/log/nginx
+A /var/log/nginx/access.log
+A /var/log/nginx/error.log
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/diff/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/diff/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fdocker%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fdocker%2Findex.html
new file mode 100644
index 00000000..4644fc57
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fdocker%2Findex.html
@@ -0,0 +1,6 @@
+<h1>docker</h1>  <p><br></p> <p>The base command for the Docker CLI.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../attach/index">docker attach</a></td> <td>Attach local standard input, output, and error streams to a running container</td> </tr> <tr> <td><a href="../build/index">docker build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../builder/index">docker builder</a></td> <td>Manage builds</td> </tr> <tr> <td><a href="../checkpoint/index">docker checkpoint</a></td> <td>Manage checkpoints</td> </tr> <tr> <td><a href="../commit/index">docker commit</a></td> <td>Create a new image from a container’s changes</td> </tr> <tr> <td><a href="../config/index">docker config</a></td> <td>Manage Docker configs</td> </tr> <tr> <td><a href="../container/index">docker container</a></td> <td>Manage containers</td> </tr> <tr> <td><a href="../context/index">docker context</a></td> <td>Manage contexts</td> </tr> <tr> <td><a href="../cp/index">docker cp</a></td> <td>Copy files/folders between a container and the local filesystem</td> </tr> <tr> <td><a href="../create/index">docker create</a></td> <td>Create a new container</td> </tr> <tr> <td><a href="../diff/index">docker diff</a></td> <td>Inspect changes to files or directories on a container’s filesystem</td> </tr> <tr> <td><a href="../events/index">docker events</a></td> <td>Get real time events from the server</td> </tr> <tr> <td><a href="../exec/index">docker exec</a></td> <td>Run a command in a running container</td> </tr> <tr> <td><a href="../export/index">docker export</a></td> <td>Export a container’s filesystem as a tar archive</td> </tr> <tr> <td><a href="../history/index">docker history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image/index">docker image</a></td> <td>Manage images</td> </tr> <tr> <td><a href="../images/index">docker images</a></td> <td>List images</td> </tr> <tr> <td><a href="../import/index">docker import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../info/index">docker info</a></td> <td>Display system-wide information</td> </tr> <tr> <td><a href="../inspect/index">docker inspect</a></td> <td>Return low-level information on Docker objects</td> </tr> <tr> <td><a href="../kill/index">docker kill</a></td> <td>Kill one or more running containers</td> </tr> <tr> <td><a href="../load/index">docker load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../login/index">docker login</a></td> <td>Log in to a Docker registry</td> </tr> <tr> <td><a href="../logout/index">docker logout</a></td> <td>Log out from a Docker registry</td> </tr> <tr> <td><a href="../logs/index">docker logs</a></td> <td>Fetch the logs of a container</td> </tr> <tr> <td><a href="../manifest/index">docker manifest</a></td> <td>Manage Docker image manifests and manifest lists</td> </tr> <tr> <td><a href="../network/index">docker network</a></td> <td>Manage networks</td> </tr> <tr> <td><a href="../node/index">docker node</a></td> <td>Manage Swarm nodes</td> </tr> <tr> <td><a href="../pause/index">docker pause</a></td> <td>Pause all processes within one or more containers</td> </tr> <tr> <td><a href="../plugin/index">docker plugin</a></td> <td>Manage plugins</td> </tr> <tr> <td><a href="../port/index">docker port</a></td> <td>List port mappings or a specific mapping for the container</td> </tr> <tr> <td><a href="../ps/index">docker ps</a></td> <td>List containers</td> </tr> <tr> <td><a href="../pull/index">docker pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../push/index">docker push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../rename/index">docker rename</a></td> <td>Rename a container</td> </tr> <tr> <td><a href="../restart/index">docker restart</a></td> <td>Restart one or more containers</td> </tr> <tr> <td><a href="../rm/index">docker rm</a></td> <td>Remove one or more containers</td> </tr> <tr> <td><a href="../rmi/index">docker rmi</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../run/index">docker run</a></td> <td>Run a command in a new container</td> </tr> <tr> <td><a href="../save/index">docker save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../search/index">docker search</a></td> <td>Search the Docker Hub for images</td> </tr> <tr> <td><a href="../secret/index">docker secret</a></td> <td>Manage Docker secrets</td> </tr> <tr> <td><a href="../service/index">docker service</a></td> <td>Manage services</td> </tr> <tr> <td><a href="../stack/index">docker stack</a></td> <td>Manage Docker stacks</td> </tr> <tr> <td><a href="../start/index">docker start</a></td> <td>Start one or more stopped containers</td> </tr> <tr> <td><a href="../stats/index">docker stats</a></td> <td>Display a live stream of container(s) resource usage statistics</td> </tr> <tr> <td><a href="../stop/index">docker stop</a></td> <td>Stop one or more running containers</td> </tr> <tr> <td><a href="../swarm/index">docker swarm</a></td> <td>Manage Swarm</td> </tr> <tr> <td><a href="../system/index">docker system</a></td> <td>Manage Docker</td> </tr> <tr> <td><a href="../tag/index">docker tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> <tr> <td><a href="../top/index">docker top</a></td> <td>Display the running processes of a container</td> </tr> <tr> <td><a href="../trust/index">docker trust</a></td> <td>Manage trust on Docker images</td> </tr> <tr> <td><a href="../unpause/index">docker unpause</a></td> <td>Unpause all processes within one or more containers</td> </tr> <tr> <td><a href="../update/index">docker update</a></td> <td>Update configuration of one or more containers</td> </tr> <tr> <td><a href="../version/index">docker version</a></td> <td>Show the Docker version information</td> </tr> <tr> <td><a href="../volume/index">docker volume</a></td> <td>Manage volumes</td> </tr> <tr> <td><a href="../wait/index">docker wait</a></td> <td>Block until one or more containers stop, then print their exit codes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/docker/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/docker/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fdockerd%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fdockerd%2Findex.html
new file mode 100644
index 00000000..d8961c69
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fdockerd%2Findex.html
@@ -0,0 +1,428 @@
+<h1>dockerd</h1> <h2 id="daemon">daemon</h2> <div class="highlight"><pre class="highlight" data-language="">Usage: dockerd COMMAND
+
+A self-sufficient runtime for containers.
+
+Options:
+      --add-runtime runtime                   Register an additional OCI compatible runtime (default [])
+      --allow-nondistributable-artifacts list Allow push of nondistributable artifacts to registry
+      --api-cors-header string                Set CORS headers in the Engine API
+      --authorization-plugin list             Authorization plugins to load
+      --bip string                            Specify network bridge IP
+  -b, --bridge string                         Attach containers to a network bridge
+      --cgroup-parent string                  Set parent cgroup for all containers
+      --config-file string                    Daemon configuration file (default "/etc/docker/daemon.json")
+      --containerd string                     containerd grpc address
+      --containerd-namespace string           Containerd namespace to use (default "moby")
+      --containerd-plugins-namespace string   Containerd namespace to use for plugins (default "plugins.moby")
+      --cpu-rt-period int                     Limit the CPU real-time period in microseconds for the
+                                              parent cgroup for all containers
+      --cpu-rt-runtime int                    Limit the CPU real-time runtime in microseconds for the
+                                              parent cgroup for all containers
+      --cri-containerd                        start containerd with cri
+      --data-root string                      Root directory of persistent Docker state (default "/var/lib/docker")
+  -D, --debug                                 Enable debug mode
+      --default-address-pool pool-options     Default address pools for node specific local networks
+      --default-cgroupns-mode string          Default mode for containers cgroup namespace ("host" | "private") (default "host")
+      --default-gateway ip                    Container default gateway IPv4 address
+      --default-gateway-v6 ip                 Container default gateway IPv6 address
+      --default-ipc-mode string               Default mode for containers ipc ("shareable" | "private") (default "private")
+      --default-runtime string                Default OCI runtime for containers (default "runc")
+      --default-shm-size bytes                Default shm size for containers (default 64MiB)
+      --default-ulimit ulimit                 Default ulimits for containers (default [])
+      --dns list                              DNS server to use
+      --dns-opt list                          DNS options to use
+      --dns-search list                       DNS search domains to use
+      --exec-opt list                         Runtime execution options
+      --exec-root string                      Root directory for execution state files (default "/var/run/docker")
+      --experimental                          Enable experimental features
+      --fixed-cidr string                     IPv4 subnet for fixed IPs
+      --fixed-cidr-v6 string                  IPv6 subnet for fixed IPs
+  -G, --group string                          Group for the unix socket (default "docker")
+      --help                                  Print usage
+  -H, --host list                             Daemon socket(s) to connect to
+      --host-gateway-ip ip                    IP address that the special 'host-gateway' string in --add-host resolves to.
+                                              Defaults to the IP address of the default bridge
+      --icc                                   Enable inter-container communication (default true)
+      --init                                  Run an init in the container to forward signals and reap processes
+      --init-path string                      Path to the docker-init binary
+      --insecure-registry list                Enable insecure registry communication
+      --ip ip                                 Default IP when binding container ports (default 0.0.0.0)
+      --ip-forward                            Enable net.ipv4.ip_forward (default true)
+      --ip-masq                               Enable IP masquerading (default true)
+      --iptables                              Enable addition of iptables rules (default true)
+      --ip6tables                             Enable addition of ip6tables rules (default false)
+      --ipv6                                  Enable IPv6 networking
+      --label list                            Set key=value labels to the daemon
+      --live-restore                          Enable live restore of docker when containers are still running
+      --log-driver string                     Default driver for container logs (default "json-file")
+  -l, --log-level string                      Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
+      --log-opt map                           Default log driver options for containers (default map[])
+      --max-concurrent-downloads int          Set the max concurrent downloads for each pull (default 3)
+      --max-concurrent-uploads int            Set the max concurrent uploads for each push (default 5)
+      --max-download-attempts int             Set the max download attempts for each pull (default 5)
+      --metrics-addr string                   Set default address and port to serve the metrics api on
+      --mtu int                               Set the containers network MTU
+      --network-control-plane-mtu int         Network Control plane MTU (default 1500)
+      --no-new-privileges                     Set no-new-privileges by default for new containers
+      --node-generic-resource list            Advertise user-defined resource
+      --oom-score-adjust int                  Set the oom_score_adj for the daemon (default -500)
+  -p, --pidfile string                        Path to use for daemon PID file (default "/var/run/docker.pid")
+      --raw-logs                              Full timestamps without ANSI coloring
+      --registry-mirror list                  Preferred Docker registry mirror
+      --rootless                              Enable rootless mode; typically used with RootlessKit
+      --seccomp-profile string                Path to seccomp profile
+      --selinux-enabled                       Enable selinux support
+      --shutdown-timeout int                  Set the default shutdown timeout (default 15)
+  -s, --storage-driver string                 Storage driver to use
+      --storage-opt list                      Storage driver options
+      --swarm-default-advertise-addr string   Set default address or interface for swarm advertised address
+      --tls                                   Use TLS; implied by --tlsverify
+      --tlscacert string                      Trust certs signed only by this CA (default "~/.docker/ca.pem")
+      --tlscert string                        Path to TLS certificate file (default "~/.docker/cert.pem")
+      --tlskey string                         Path to TLS key file (default "~/.docker/key.pem")
+      --tlsverify                             Use TLS and verify the remote
+      --userland-proxy                        Use userland proxy for loopback traffic (default true)
+      --userland-proxy-path string            Path to the userland proxy binary
+      --userns-remap string                   User/Group setting for user namespaces
+  -v, --version                               Print version information and quit
+</pre></div> <p>Options with [] may be specified multiple times.</p> <h2 id="description">Description</h2> <p><code class="language-plaintext highlighter-rouge">dockerd</code> is the persistent process that manages containers. Docker uses different binaries for the daemon and client. To run the daemon you type <code class="language-plaintext highlighter-rouge">dockerd</code>.</p> <p>To run the daemon with debug output, use <code class="language-plaintext highlighter-rouge">dockerd --debug</code> or add <code class="language-plaintext highlighter-rouge">"debug": true</code> to <a href="#daemon-configuration-file">the <code class="language-plaintext highlighter-rouge">daemon.json</code> file</a>.</p> <blockquote> <p><strong>Enabling experimental features</strong></p> <p>Enable experimental features by starting <code class="language-plaintext highlighter-rouge">dockerd</code> with the <code class="language-plaintext highlighter-rouge">--experimental</code> flag or adding <code class="language-plaintext highlighter-rouge">"experimental": true</code> to the <code class="language-plaintext highlighter-rouge">daemon.json</code> file.</p> </blockquote> <h3 id="environment-variables">Environment variables</h3> <p>For easy reference, the following list of environment variables are supported by the <code class="language-plaintext highlighter-rouge">dockerd</code> command line:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">DOCKER_DRIVER</code> The graph driver to use.</li> <li>
+<code class="language-plaintext highlighter-rouge">DOCKER_NOWARN_KERNEL_VERSION</code> Prevent warnings that your Linux kernel is unsuitable for Docker.</li> <li>
+<code class="language-plaintext highlighter-rouge">DOCKER_RAMDISK</code> If set this will disable ‘pivot_root’.</li> <li>
+<code class="language-plaintext highlighter-rouge">DOCKER_TMPDIR</code> Location for temporary Docker files.</li> <li>
+<code class="language-plaintext highlighter-rouge">MOBY_DISABLE_PIGZ</code> Do not use <a href="https://linux.die.net/man/1/pigz"><code class="language-plaintext highlighter-rouge">unpigz</code></a> to decompress layers in parallel when pulling images, even if it is installed.</li> </ul> <h2 id="examples">Examples</h2> <h3 id="daemon-socket-option">Daemon socket option</h3> <p>The Docker daemon can listen for <a href="../../../api/index">Docker Engine API</a> requests via three different types of Socket: <code class="language-plaintext highlighter-rouge">unix</code>, <code class="language-plaintext highlighter-rouge">tcp</code>, and <code class="language-plaintext highlighter-rouge">fd</code>.</p> <p>By default, a <code class="language-plaintext highlighter-rouge">unix</code> domain socket (or IPC socket) is created at <code class="language-plaintext highlighter-rouge">/var/run/docker.sock</code>, requiring either <code class="language-plaintext highlighter-rouge">root</code> permission, or <code class="language-plaintext highlighter-rouge">docker</code> group membership.</p> <p>If you need to access the Docker daemon remotely, you need to enable the <code class="language-plaintext highlighter-rouge">tcp</code> Socket. Beware that the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon - and should be secured either using the <a href="../../../security/protect-access/index">built in HTTPS encrypted socket</a>, or by putting a secure web proxy in front of it. You can listen on port <code class="language-plaintext highlighter-rouge">2375</code> on all network interfaces with <code class="language-plaintext highlighter-rouge">-H tcp://0.0.0.0:2375</code>, or on a particular network interface using its IP address: <code class="language-plaintext highlighter-rouge">-H tcp://192.168.59.103:2375</code>. It is conventional to use port <code class="language-plaintext highlighter-rouge">2375</code> for un-encrypted, and port <code class="language-plaintext highlighter-rouge">2376</code> for encrypted communication with the daemon.</p> <blockquote> <p><strong>Note</strong></p> <p>If you’re using an HTTPS encrypted socket, keep in mind that only TLS1.0 and greater are supported. Protocols SSLv3 and under are not supported anymore for security reasons.</p> </blockquote> <p>On Systemd based systems, you can communicate with the daemon via <a href="https://0pointer.de/blog/projects/socket-activation.html">Systemd socket activation</a>, use <code class="language-plaintext highlighter-rouge">dockerd -H fd://</code>. Using <code class="language-plaintext highlighter-rouge">fd://</code> will work perfectly for most setups but you can also specify individual sockets: <code class="language-plaintext highlighter-rouge">dockerd -H fd://3</code>. If the specified socket activated files aren’t found, then Docker will exit. You can find examples of using Systemd socket activation with Docker and Systemd in the <a href="https://github.com/docker/docker/tree/master/contrib/init/systemd/">Docker source tree</a>.</p> <p>You can configure the Docker daemon to listen to multiple sockets at the same time using multiple <code class="language-plaintext highlighter-rouge">-H</code> options:</p> <p>The example below runs the daemon listenin on the default unix socket, and on 2 specific IP addresses on this host:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2
+</pre></div> <p>The Docker client will honor the <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code> environment variable to set the <code class="language-plaintext highlighter-rouge">-H</code> flag for the client. Use <strong>one</strong> of the following commands:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker -H tcp://0.0.0.0:2375 ps
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_HOST="tcp://0.0.0.0:2375"
+
+$ docker ps
+</pre></div> <p>Setting the <code class="language-plaintext highlighter-rouge">DOCKER_TLS_VERIFY</code> environment variable to any value other than the empty string is equivalent to setting the <code class="language-plaintext highlighter-rouge">--tlsverify</code> flag. The following are equivalent:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker --tlsverify ps
+# or
+$ export DOCKER_TLS_VERIFY=1
+$ docker ps
+</pre></div> <p>The Docker client will honor the <code class="language-plaintext highlighter-rouge">HTTP_PROXY</code>, <code class="language-plaintext highlighter-rouge">HTTPS_PROXY</code>, and <code class="language-plaintext highlighter-rouge">NO_PROXY</code> environment variables (or the lowercase versions thereof). <code class="language-plaintext highlighter-rouge">HTTPS_PROXY</code> takes precedence over <code class="language-plaintext highlighter-rouge">HTTP_PROXY</code>.</p> <p>The Docker client supports connecting to a remote daemon via SSH:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker -H ssh://me@example.com:22 ps
+$ docker -H ssh://me@example.com ps
+$ docker -H ssh://example.com ps
+</pre></div> <p>To use SSH connection, you need to set up <code class="language-plaintext highlighter-rouge">ssh</code> so that it can reach the remote host with public key authentication. Password authentication is not supported. If your key is protected with passphrase, you need to set up <code class="language-plaintext highlighter-rouge">ssh-agent</code>.</p> <h4 id="bind-docker-to-another-hostport-or-a-unix-socket">Bind Docker to another host/port or a Unix socket</h4> <blockquote class="warning"> <p><strong>Warning</strong></p> <p>Changing the default <code class="language-plaintext highlighter-rouge">docker</code> daemon binding to a TCP port or Unix <em>docker</em> user group will increase your security risks by allowing non-root users to gain <em>root</em> access on the host. Make sure you control access to <code class="language-plaintext highlighter-rouge">docker</code>. If you are binding to a TCP port, anyone with access to that port has full Docker access; so it is not advisable on an open network.</p> </blockquote> <p>With <code class="language-plaintext highlighter-rouge">-H</code> it is possible to make the Docker daemon to listen on a specific IP and port. By default, it will listen on <code class="language-plaintext highlighter-rouge">unix:///var/run/docker.sock</code> to allow only local connections by the <em>root</em> user. You <em>could</em> set it to <code class="language-plaintext highlighter-rouge">0.0.0.0:2375</code> or a specific host IP to give access to everybody, but that is <strong>not recommended</strong> because then it is trivial for someone to gain root access to the host where the daemon is running.</p> <p>Similarly, the Docker client can use <code class="language-plaintext highlighter-rouge">-H</code> to connect to a custom port. The Docker client will default to connecting to <code class="language-plaintext highlighter-rouge">unix:///var/run/docker.sock</code> on Linux, and <code class="language-plaintext highlighter-rouge">tcp://127.0.0.1:2376</code> on Windows.</p> <p><code class="language-plaintext highlighter-rouge">-H</code> accepts host and port assignment in the following format:</p> <div class="highlight"><pre class="highlight" data-language="">tcp://[host]:[port][path] or unix://path
+</pre></div> <p>For example:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">tcp://</code> -&gt; TCP connection to <code class="language-plaintext highlighter-rouge">127.0.0.1</code> on either port <code class="language-plaintext highlighter-rouge">2376</code> when TLS encryption is on, or port <code class="language-plaintext highlighter-rouge">2375</code> when communication is in plain text.</li> <li>
+<code class="language-plaintext highlighter-rouge">tcp://host:2375</code> -&gt; TCP connection on host:2375</li> <li>
+<code class="language-plaintext highlighter-rouge">tcp://host:2375/path</code> -&gt; TCP connection on host:2375 and prepend path to all requests</li> <li>
+<code class="language-plaintext highlighter-rouge">unix://path/to/socket</code> -&gt; Unix socket located at <code class="language-plaintext highlighter-rouge">path/to/socket</code>
+</li> </ul> <p><code class="language-plaintext highlighter-rouge">-H</code>, when empty, will default to the same value as when no <code class="language-plaintext highlighter-rouge">-H</code> was passed in.</p> <p><code class="language-plaintext highlighter-rouge">-H</code> also accepts short form for TCP bindings: <code class="language-plaintext highlighter-rouge">host:</code> or <code class="language-plaintext highlighter-rouge">host:port</code> or <code class="language-plaintext highlighter-rouge">:port</code></p> <p>Run Docker in daemon mode:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo &lt;path to&gt;/dockerd -H 0.0.0.0:5555 &amp;
+</pre></div> <p>Download an <code class="language-plaintext highlighter-rouge">ubuntu</code> image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker -H :5555 pull ubuntu
+</pre></div> <p>You can use multiple <code class="language-plaintext highlighter-rouge">-H</code>, for example, if you want to listen on both TCP and a Unix socket</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock &amp;
+# Download an ubuntu image, use default Unix socket
+$ docker pull ubuntu
+# OR use the TCP port
+$ docker -H tcp://127.0.0.1:2375 pull ubuntu
+</pre></div> <h3 id="daemon-storage-driver">Daemon storage-driver</h3> <p>On Linux, the Docker daemon has support for several different image layer storage drivers: <code class="language-plaintext highlighter-rouge">aufs</code>, <code class="language-plaintext highlighter-rouge">devicemapper</code>, <code class="language-plaintext highlighter-rouge">btrfs</code>, <code class="language-plaintext highlighter-rouge">zfs</code>, <code class="language-plaintext highlighter-rouge">overlay</code>, <code class="language-plaintext highlighter-rouge">overlay2</code>, and <code class="language-plaintext highlighter-rouge">fuse-overlayfs</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">aufs</code> driver is the oldest, but is based on a Linux kernel patch-set that is unlikely to be merged into the main kernel. These are also known to cause some serious kernel crashes. However <code class="language-plaintext highlighter-rouge">aufs</code> allows containers to share executable and shared library memory, so is a useful choice when running thousands of containers with the same program or libraries.</p> <p>The <code class="language-plaintext highlighter-rouge">devicemapper</code> driver uses thin provisioning and Copy on Write (CoW) snapshots. For each devicemapper graph location – typically <code class="language-plaintext highlighter-rouge">/var/lib/docker/devicemapper</code> – a thin pool is created based on two block devices, one for data and one for metadata. By default, these block devices are created automatically by using loopback mounts of automatically created sparse files. Refer to <a href="#devicemapper-options">Devicemapper options</a> below for a way how to customize this setup. <a href="https://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/">~jpetazzo/Resizing Docker containers with the Device Mapper plugin</a> article explains how to tune your existing setup without the use of options.</p> <p>The <code class="language-plaintext highlighter-rouge">btrfs</code> driver is very fast for <code class="language-plaintext highlighter-rouge">docker build</code> - but like <code class="language-plaintext highlighter-rouge">devicemapper</code> does not share executable memory between devices. Use <code class="language-plaintext highlighter-rouge">dockerd --storage-driver btrfs --data-root /mnt/btrfs_partition</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">zfs</code> driver is probably not as fast as <code class="language-plaintext highlighter-rouge">btrfs</code> but has a longer track record on stability. Thanks to <code class="language-plaintext highlighter-rouge">Single Copy ARC</code> shared blocks between clones will be cached only once. Use <code class="language-plaintext highlighter-rouge">dockerd -s zfs</code>. To select a different zfs filesystem set <code class="language-plaintext highlighter-rouge">zfs.fsname</code> option as described in <a href="#zfs-options">ZFS options</a>.</p> <p>The <code class="language-plaintext highlighter-rouge">overlay</code> is a very fast union filesystem. It is now merged in the main Linux kernel as of <a href="https://lkml.org/lkml/2014/10/26/137">3.18.0</a>. <code class="language-plaintext highlighter-rouge">overlay</code> also supports page cache sharing, this means multiple containers accessing the same file can share a single page cache entry (or entries), it makes <code class="language-plaintext highlighter-rouge">overlay</code> as efficient with memory as <code class="language-plaintext highlighter-rouge">aufs</code> driver. Call <code class="language-plaintext highlighter-rouge">dockerd -s overlay</code> to use it.</p> <p>The <code class="language-plaintext highlighter-rouge">overlay2</code> uses the same fast union filesystem but takes advantage of <a href="https://lkml.org/lkml/2015/2/11/106">additional features</a> added in Linux kernel 4.0 to avoid excessive inode consumption. Call <code class="language-plaintext highlighter-rouge">dockerd -s overlay2</code> to use it.</p> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">overlay</code> storage driver can cause excessive inode consumption (especially as the number of images grows). We recommend using the <code class="language-plaintext highlighter-rouge">overlay2</code> storage driver instead.</p> </blockquote> <blockquote> <p><strong>Note</strong></p> <p>Both <code class="language-plaintext highlighter-rouge">overlay</code> and <code class="language-plaintext highlighter-rouge">overlay2</code> are currently unsupported on <code class="language-plaintext highlighter-rouge">btrfs</code> or any Copy on Write filesystem and should only be used over <code class="language-plaintext highlighter-rouge">ext4</code> partitions.</p> </blockquote> <p>The <code class="language-plaintext highlighter-rouge">fuse-overlayfs</code> driver is similar to <code class="language-plaintext highlighter-rouge">overlay2</code> but works in userspace. The <code class="language-plaintext highlighter-rouge">fuse-overlayfs</code> driver is expected to be used for <a href="../../../security/rootless/index">Rootless mode</a>.</p> <p>On Windows, the Docker daemon supports a single image layer storage driver depending on the image platform: <code class="language-plaintext highlighter-rouge">windowsfilter</code> for Windows images, and <code class="language-plaintext highlighter-rouge">lcow</code> for Linux containers on Windows.</p> <h3 id="options-per-storage-driver">Options per storage driver</h3> <p>Particular storage-driver can be configured with options specified with <code class="language-plaintext highlighter-rouge">--storage-opt</code> flags. Options for <code class="language-plaintext highlighter-rouge">devicemapper</code> are prefixed with <code class="language-plaintext highlighter-rouge">dm</code>, options for <code class="language-plaintext highlighter-rouge">zfs</code> start with <code class="language-plaintext highlighter-rouge">zfs</code>, options for <code class="language-plaintext highlighter-rouge">btrfs</code> start with <code class="language-plaintext highlighter-rouge">btrfs</code> and options for <code class="language-plaintext highlighter-rouge">lcow</code> start with <code class="language-plaintext highlighter-rouge">lcow</code>.</p> <h4 id="devicemapper-options">Devicemapper options</h4> <p>This is an example of the configuration file for devicemapper on Linux:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "storage-driver": "devicemapper",
+  "storage-opts": [
+    "dm.thinpooldev=/dev/mapper/thin-pool",
+    "dm.use_deferred_deletion=true",
+    "dm.use_deferred_removal=true"
+  ]
+}
+</pre></div> <h5 id="dmthinpooldev"><code class="language-plaintext highlighter-rouge">dm.thinpooldev</code></h5> <p>Specifies a custom block storage device to use for the thin pool.</p> <p>If using a block device for device mapper storage, it is best to use <code class="language-plaintext highlighter-rouge">lvm</code> to create and manage the thin-pool volume. This volume is then handed to Docker to exclusively create snapshot volumes needed for images and containers.</p> <p>Managing the thin-pool outside of Engine makes for the most feature-rich method of having Docker utilize device mapper thin provisioning as the backing storage for Docker containers. The highlights of the lvm-based thin-pool management feature include: automatic or interactive thin-pool resize support, dynamically changing thin-pool features, automatic thinp metadata checking when lvm activates the thin-pool, etc.</p> <p>As a fallback if no thin pool is provided, loopback files are created. Loopback is very slow, but can be used without any pre-configuration of storage. It is strongly recommended that you do not use loopback in production. Ensure your Engine daemon has a <code class="language-plaintext highlighter-rouge">--storage-opt dm.thinpooldev</code> argument provided.</p> <h6 id="example">Example:</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool
+</pre></div> <h5 id="dmdirectlvm_device"><code class="language-plaintext highlighter-rouge">dm.directlvm_device</code></h5> <p>As an alternative to providing a thin pool as above, Docker can setup a block device for you.</p> <h6 id="example-1">Example:</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.directlvm_device=/dev/xvdf
+</pre></div> <h5 id="dmthinp_percent"><code class="language-plaintext highlighter-rouge">dm.thinp_percent</code></h5> <p>Sets the percentage of passed in block device to use for storage.</p> <h6 id="example-2">Example:</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.thinp_percent=95
+</pre></div> <h5 id="dmthinp_metapercent"><code class="language-plaintext highlighter-rouge">dm.thinp_metapercent</code></h5> <p>Sets the percentage of the passed in block device to use for metadata storage.</p> <h6 id="example-3">Example:</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.thinp_metapercent=1
+</pre></div> <h5 id="dmthinp_autoextend_threshold"><code class="language-plaintext highlighter-rouge">dm.thinp_autoextend_threshold</code></h5> <p>Sets the value of the percentage of space used before <code class="language-plaintext highlighter-rouge">lvm</code> attempts to autoextend the available space [100 = disabled]</p> <h6 id="example-4">Example:</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.thinp_autoextend_threshold=80
+</pre></div> <h5 id="dmthinp_autoextend_percent"><code class="language-plaintext highlighter-rouge">dm.thinp_autoextend_percent</code></h5> <p>Sets the value percentage value to increase the thin pool by when <code class="language-plaintext highlighter-rouge">lvm</code> attempts to autoextend the available space [100 = disabled]</p> <h6 id="example-5">Example:</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.thinp_autoextend_percent=20
+</pre></div> <h5 id="dmbasesize"><code class="language-plaintext highlighter-rouge">dm.basesize</code></h5> <p>Specifies the size to use when creating the base device, which limits the size of images and containers. The default value is 10G. Note, thin devices are inherently “sparse”, so a 10G device which is mostly empty doesn’t use 10 GB of space on the pool. However, the filesystem will use more space for the empty case the larger the device is.</p> <p>The base device size can be increased at daemon restart which will allow all future images and containers (based on those new images) to be of the new base device size.</p> <h6 id="examples-1">Examples</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.basesize=50G
+</pre></div> <p>This will increase the base device size to 50G. The Docker daemon will throw an error if existing base device size is larger than 50G. A user can use this option to expand the base device size however shrinking is not permitted.</p> <p>This value affects the system-wide “base” empty filesystem that may already be initialized and inherited by pulled images. Typically, a change to this value requires additional steps to take effect:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo service docker stop
+
+$ sudo rm -rf /var/lib/docker
+
+$ sudo service docker start
+</pre></div> <h5 id="dmloopdatasize"><code class="language-plaintext highlighter-rouge">dm.loopdatasize</code></h5> <blockquote> <p><strong>Note</strong></p> <p>This option configures devicemapper loopback, which should not be used in production.</p> </blockquote> <p>Specifies the size to use when creating the loopback file for the “data” device which is used for the thin pool. The default size is 100G. The file is sparse, so it will not initially take up this much space.</p> <h6 id="example-6">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.loopdatasize=200G
+</pre></div> <h5 id="dmloopmetadatasize"><code class="language-plaintext highlighter-rouge">dm.loopmetadatasize</code></h5> <blockquote> <p><strong>Note</strong></p> <p>This option configures devicemapper loopback, which should not be used in production.</p> </blockquote> <p>Specifies the size to use when creating the loopback file for the “metadata” device which is used for the thin pool. The default size is 2G. The file is sparse, so it will not initially take up this much space.</p> <h6 id="example-7">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.loopmetadatasize=4G
+</pre></div> <h5 id="dmfs"><code class="language-plaintext highlighter-rouge">dm.fs</code></h5> <p>Specifies the filesystem type to use for the base device. The supported options are “ext4” and “xfs”. The default is “xfs”</p> <h6 id="example-8">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.fs=ext4
+</pre></div> <h5 id="dmmkfsarg"><code class="language-plaintext highlighter-rouge">dm.mkfsarg</code></h5> <p>Specifies extra mkfs arguments to be used when creating the base device.</p> <h6 id="example-9">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt "dm.mkfsarg=-O ^has_journal"
+</pre></div> <h5 id="dmmountopt"><code class="language-plaintext highlighter-rouge">dm.mountopt</code></h5> <p>Specifies extra mount options used when mounting the thin devices.</p> <h6 id="example-10">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.mountopt=nodiscard
+</pre></div> <h5 id="dmdatadev"><code class="language-plaintext highlighter-rouge">dm.datadev</code></h5> <p>(Deprecated, use <code class="language-plaintext highlighter-rouge">dm.thinpooldev</code>)</p> <p>Specifies a custom blockdevice to use for data for the thin pool.</p> <p>If using a block device for device mapper storage, ideally both <code class="language-plaintext highlighter-rouge">datadev</code> and <code class="language-plaintext highlighter-rouge">metadatadev</code> should be specified to completely avoid using the loopback device.</p> <h6 id="example-11">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd \
+      --storage-opt dm.datadev=/dev/sdb1 \
+      --storage-opt dm.metadatadev=/dev/sdc1
+</pre></div> <h5 id="dmmetadatadev"><code class="language-plaintext highlighter-rouge">dm.metadatadev</code></h5> <p>(Deprecated, use <code class="language-plaintext highlighter-rouge">dm.thinpooldev</code>)</p> <p>Specifies a custom blockdevice to use for metadata for the thin pool.</p> <p>For best performance the metadata should be on a different spindle than the data, or even better on an SSD.</p> <p>If setting up a new metadata pool it is required to be valid. This can be achieved by zeroing the first 4k to indicate empty metadata, like this:</p> <div class="highlight"><pre class="highlight" data-language="">$ dd if=/dev/zero of=$metadata_dev bs=4096 count=1
+</pre></div> <h6 id="example-12">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd \
+      --storage-opt dm.datadev=/dev/sdb1 \
+      --storage-opt dm.metadatadev=/dev/sdc1
+</pre></div> <h5 id="dmblocksize"><code class="language-plaintext highlighter-rouge">dm.blocksize</code></h5> <p>Specifies a custom blocksize to use for the thin pool. The default blocksize is 64K.</p> <h6 id="example-13">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.blocksize=512K
+</pre></div> <h5 id="dmblkdiscard"><code class="language-plaintext highlighter-rouge">dm.blkdiscard</code></h5> <p>Enables or disables the use of <code class="language-plaintext highlighter-rouge">blkdiscard</code> when removing devicemapper devices. This is enabled by default (only) if using loopback devices and is required to resparsify the loopback file on image/container removal.</p> <p>Disabling this on loopback can lead to <em>much</em> faster container removal times, but will make the space used in <code class="language-plaintext highlighter-rouge">/var/lib/docker</code> directory not be returned to the system for other use when containers are removed.</p> <h6 id="examples-2">Examples</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.blkdiscard=false
+</pre></div> <h5 id="dmoverride_udev_sync_check"><code class="language-plaintext highlighter-rouge">dm.override_udev_sync_check</code></h5> <p>Overrides the <code class="language-plaintext highlighter-rouge">udev</code> synchronization checks between <code class="language-plaintext highlighter-rouge">devicemapper</code> and <code class="language-plaintext highlighter-rouge">udev</code>. <code class="language-plaintext highlighter-rouge">udev</code> is the device manager for the Linux kernel.</p> <p>To view the <code class="language-plaintext highlighter-rouge">udev</code> sync support of a Docker daemon that is using the <code class="language-plaintext highlighter-rouge">devicemapper</code> driver, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker info
+&lt;...&gt;
+Udev Sync Supported: true
+&lt;...&gt;
+</pre></div> <p>When <code class="language-plaintext highlighter-rouge">udev</code> sync support is <code class="language-plaintext highlighter-rouge">true</code>, then <code class="language-plaintext highlighter-rouge">devicemapper</code> and udev can coordinate the activation and deactivation of devices for containers.</p> <p>When <code class="language-plaintext highlighter-rouge">udev</code> sync support is <code class="language-plaintext highlighter-rouge">false</code>, a race condition occurs between the<code class="language-plaintext highlighter-rouge">devicemapper</code> and <code class="language-plaintext highlighter-rouge">udev</code> during create and cleanup. The race condition results in errors and failures. (For information on these failures, see <a href="https://github.com/docker/docker/issues/4036">docker#4036</a>)</p> <p>To allow the <code class="language-plaintext highlighter-rouge">docker</code> daemon to start, regardless of <code class="language-plaintext highlighter-rouge">udev</code> sync not being supported, set <code class="language-plaintext highlighter-rouge">dm.override_udev_sync_check</code> to true:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.override_udev_sync_check=true
+</pre></div> <p>When this value is <code class="language-plaintext highlighter-rouge">true</code>, the <code class="language-plaintext highlighter-rouge">devicemapper</code> continues and simply warns you the errors are happening.</p> <blockquote> <p><strong>Note</strong></p> <p>The ideal is to pursue a <code class="language-plaintext highlighter-rouge">docker</code> daemon and environment that does support synchronizing with <code class="language-plaintext highlighter-rouge">udev</code>. For further discussion on this topic, see <a href="https://github.com/docker/docker/issues/4036">docker#4036</a>. Otherwise, set this flag for migrating existing Docker daemons to a daemon with a supported environment.</p> </blockquote> <h5 id="dmuse_deferred_removal"><code class="language-plaintext highlighter-rouge">dm.use_deferred_removal</code></h5> <p>Enables use of deferred device removal if <code class="language-plaintext highlighter-rouge">libdm</code> and the kernel driver support the mechanism.</p> <p>Deferred device removal means that if device is busy when devices are being removed/deactivated, then a deferred removal is scheduled on device. And devices automatically go away when last user of the device exits.</p> <p>For example, when a container exits, its associated thin device is removed. If that device has leaked into some other mount namespace and can’t be removed, the container exit still succeeds and this option causes the system to schedule the device for deferred removal. It does not wait in a loop trying to remove a busy device.</p> <h6 id="example-14">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.use_deferred_removal=true
+</pre></div> <h5 id="dmuse_deferred_deletion"><code class="language-plaintext highlighter-rouge">dm.use_deferred_deletion</code></h5> <p>Enables use of deferred device deletion for thin pool devices. By default, thin pool device deletion is synchronous. Before a container is deleted, the Docker daemon removes any associated devices. If the storage driver can not remove a device, the container deletion fails and daemon returns.</p> <div class="highlight"><pre class="highlight" data-language="">Error deleting container: Error response from daemon: Cannot destroy container
+</pre></div> <p>To avoid this failure, enable both deferred device deletion and deferred device removal on the daemon.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd \
+      --storage-opt dm.use_deferred_deletion=true \
+      --storage-opt dm.use_deferred_removal=true
+</pre></div> <p>With these two options enabled, if a device is busy when the driver is deleting a container, the driver marks the device as deleted. Later, when the device isn’t in use, the driver deletes it.</p> <p>In general it should be safe to enable this option by default. It will help when unintentional leaking of mount point happens across multiple mount namespaces.</p> <h5 id="dmmin_free_space"><code class="language-plaintext highlighter-rouge">dm.min_free_space</code></h5> <p>Specifies the min free space percent in a thin pool require for new device creation to succeed. This check applies to both free data space as well as free metadata space. Valid values are from 0% - 99%. Value 0% disables free space checking logic. If user does not specify a value for this option, the Engine uses a default value of 10%.</p> <p>Whenever a new a thin pool device is created (during <code class="language-plaintext highlighter-rouge">docker pull</code> or during container creation), the Engine checks if the minimum free space is available. If sufficient space is unavailable, then device creation fails and any relevant <code class="language-plaintext highlighter-rouge">docker</code> operation fails.</p> <p>To recover from this error, you must create more free space in the thin pool to recover from the error. You can create free space by deleting some images and containers from the thin pool. You can also add more storage to the thin pool.</p> <p>To add more space to a LVM (logical volume management) thin pool, just add more storage to the volume group container thin pool; this should automatically resolve any errors. If your configuration uses loop devices, then stop the Engine daemon, grow the size of loop files and restart the daemon to resolve the issue.</p> <h6 id="example-15">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.min_free_space=10%
+</pre></div> <h5 id="dmxfs_nospace_max_retries"><code class="language-plaintext highlighter-rouge">dm.xfs_nospace_max_retries</code></h5> <p>Specifies the maximum number of retries XFS should attempt to complete IO when ENOSPC (no space) error is returned by underlying storage device.</p> <p>By default XFS retries infinitely for IO to finish and this can result in unkillable process. To change this behavior one can set xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting ENOSPC and will shutdown filesystem.</p> <h6 id="example-16">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0
+</pre></div> <h5 id="dmlibdm_log_level"><code class="language-plaintext highlighter-rouge">dm.libdm_log_level</code></h5> <p>Specifies the maxmimum <code class="language-plaintext highlighter-rouge">libdm</code> log level that will be forwarded to the <code class="language-plaintext highlighter-rouge">dockerd</code> log (as specified by <code class="language-plaintext highlighter-rouge">--log-level</code>). This option is primarily intended for debugging problems involving <code class="language-plaintext highlighter-rouge">libdm</code>. Using values other than the defaults may cause false-positive warnings to be logged.</p> <p>Values specified must fall within the range of valid <code class="language-plaintext highlighter-rouge">libdm</code> log levels. At the time of writing, the following is the list of <code class="language-plaintext highlighter-rouge">libdm</code> log levels as well as their corresponding levels when output by <code class="language-plaintext highlighter-rouge">dockerd</code>.</p> <table> <thead> <tr> <th>
+<code class="language-plaintext highlighter-rouge">libdm</code> Level</th> <th style="text-align: right">Value</th> <th><code class="language-plaintext highlighter-rouge">--log-level</code></th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">_LOG_FATAL</code></td> <td style="text-align: right">2</td> <td>error</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">_LOG_ERR</code></td> <td style="text-align: right">3</td> <td>error</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">_LOG_WARN</code></td> <td style="text-align: right">4</td> <td>warn</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">_LOG_NOTICE</code></td> <td style="text-align: right">5</td> <td>info</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">_LOG_INFO</code></td> <td style="text-align: right">6</td> <td>info</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">_LOG_DEBUG</code></td> <td style="text-align: right">7</td> <td>debug</td> </tr> </tbody> </table> <h6 id="example-17">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd \
+      --log-level debug \
+      --storage-opt dm.libdm_log_level=7
+</pre></div> <h4 id="zfs-options">ZFS options</h4> <h5 id="zfsfsname"><code class="language-plaintext highlighter-rouge">zfs.fsname</code></h5> <p>Set zfs filesystem under which docker will create its own datasets. By default docker will pick up the zfs filesystem where docker graph (<code class="language-plaintext highlighter-rouge">/var/lib/docker</code>) is located.</p> <h6 id="example-18">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd -s zfs --storage-opt zfs.fsname=zroot/docker
+</pre></div> <h4 id="btrfs-options">Btrfs options</h4> <h5 id="btrfsmin_space"><code class="language-plaintext highlighter-rouge">btrfs.min_space</code></h5> <p>Specifies the minimum size to use when creating the subvolume which is used for containers. If user uses disk quota for btrfs when creating or running a container with <strong>--storage-opt size</strong> option, docker should ensure the <strong>size</strong> cannot be smaller than <strong>btrfs.min_space</strong>.</p> <h6 id="example-19">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd -s btrfs --storage-opt btrfs.min_space=10G
+</pre></div> <h4 id="overlay2-options">Overlay2 options</h4> <h5 id="overlay2override_kernel_check"><code class="language-plaintext highlighter-rouge">overlay2.override_kernel_check</code></h5> <p>Overrides the Linux kernel version check allowing overlay2. Support for specifying multiple lower directories needed by overlay2 was added to the Linux kernel in 4.0.0. However, some older kernel versions may be patched to add multiple lower directory support for OverlayFS. This option should only be used after verifying this support exists in the kernel. Applying this option on a kernel without this support will cause failures on mount.</p> <h5 id="overlay2size"><code class="language-plaintext highlighter-rouge">overlay2.size</code></h5> <p>Sets the default max size of the container. It is supported only when the backing fs is <code class="language-plaintext highlighter-rouge">xfs</code> and mounted with <code class="language-plaintext highlighter-rouge">pquota</code> mount option. Under these conditions the user can pass any size less then the backing fs size.</p> <h6 id="example-20">Example</h6> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd -s overlay2 --storage-opt overlay2.size=1G
+</pre></div> <h4 id="windowsfilter-options">Windowsfilter options</h4> <h5 id="size"><code class="language-plaintext highlighter-rouge">size</code></h5> <p>Specifies the size to use when creating the sandbox which is used for containers. Defaults to 20G.</p> <h6 id="example-21">Example</h6> <div class="highlight"><pre class="highlight" data-language="">C:\&gt; dockerd --storage-opt size=40G
+</pre></div> <h4 id="lcow-linux-containers-on-windows-options">LCOW (Linux Containers on Windows) options</h4> <h5 id="lcowglobalmode"><code class="language-plaintext highlighter-rouge">lcow.globalmode</code></h5> <p>Specifies whether the daemon instantiates utility VM instances as required (recommended and default if omitted), or uses single global utility VM (better performance, but has security implications and not recommended for production deployments).</p> <h6 id="example-22">Example</h6> <div class="highlight"><pre class="highlight" data-language="">C:\&gt; dockerd --storage-opt lcow.globalmode=false
+</pre></div> <h5 id="lcowkirdpath"><code class="language-plaintext highlighter-rouge">lcow.kirdpath</code></h5> <p>Specifies the folder path to the location of a pair of kernel and initrd files used for booting a utility VM. Defaults to <code class="language-plaintext highlighter-rouge">%ProgramFiles%\Linux Containers</code>.</p> <h6 id="example-23">Example</h6> <div class="highlight"><pre class="highlight" data-language="">C:\&gt; dockerd --storage-opt lcow.kirdpath=c:\path\to\files
+</pre></div> <h5 id="lcowkernel"><code class="language-plaintext highlighter-rouge">lcow.kernel</code></h5> <p>Specifies the filename of a kernel file located in the <code class="language-plaintext highlighter-rouge">lcow.kirdpath</code> path. Defaults to <code class="language-plaintext highlighter-rouge">bootx64.efi</code>.</p> <h6 id="example-24">Example</h6> <div class="highlight"><pre class="highlight" data-language="">C:\&gt; dockerd --storage-opt lcow.kernel=kernel.efi
+</pre></div> <h5 id="lcowinitrd"><code class="language-plaintext highlighter-rouge">lcow.initrd</code></h5> <p>Specifies the filename of an initrd file located in the <code class="language-plaintext highlighter-rouge">lcow.kirdpath</code> path. Defaults to <code class="language-plaintext highlighter-rouge">initrd.img</code>.</p> <h6 id="example-25">Example</h6> <div class="highlight"><pre class="highlight" data-language="">C:\&gt; dockerd --storage-opt lcow.initrd=myinitrd.img
+</pre></div> <h5 id="lcowbootparameters"><code class="language-plaintext highlighter-rouge">lcow.bootparameters</code></h5> <p>Specifies additional boot parameters for booting utility VMs when in kernel/ initrd mode. Ignored if the utility VM is booting from VHD. These settings are kernel specific.</p> <h6 id="example-26">Example</h6> <div class="highlight"><pre class="highlight" data-language="">C:\&gt; dockerd --storage-opt "lcow.bootparameters='option=value'"
+</pre></div> <h5 id="lcowvhdx"><code class="language-plaintext highlighter-rouge">lcow.vhdx</code></h5> <p>Specifies a custom VHDX to boot a utility VM, as an alternate to kernel and initrd booting. Defaults to <code class="language-plaintext highlighter-rouge">uvm.vhdx</code> under <code class="language-plaintext highlighter-rouge">lcow.kirdpath</code>.</p> <h6 id="example-27">Example</h6> <div class="highlight"><pre class="highlight" data-language="">C:\&gt; dockerd --storage-opt lcow.vhdx=custom.vhdx
+</pre></div> <h5 id="lcowtimeout"><code class="language-plaintext highlighter-rouge">lcow.timeout</code></h5> <p>Specifies the timeout for utility VM operations in seconds. Defaults to 300.</p> <h6 id="example-28">Example</h6> <div class="highlight"><pre class="highlight" data-language="">C:\&gt; dockerd --storage-opt lcow.timeout=240
+</pre></div> <h5 id="lcowsandboxsize"><code class="language-plaintext highlighter-rouge">lcow.sandboxsize</code></h5> <p>Specifies the size in GB to use when creating the sandbox which is used for containers. Defaults to 20. Cannot be less than 20.</p> <h6 id="example-29">Example</h6> <div class="highlight"><pre class="highlight" data-language="">C:\&gt; dockerd --storage-opt lcow.sandboxsize=40
+</pre></div> <h3 id="docker-runtime-execution-options">Docker runtime execution options</h3> <p>The Docker daemon relies on a <a href="https://github.com/opencontainers/runtime-spec">OCI</a> compliant runtime (invoked via the <code class="language-plaintext highlighter-rouge">containerd</code> daemon) as its interface to the Linux kernel <code class="language-plaintext highlighter-rouge">namespaces</code>, <code class="language-plaintext highlighter-rouge">cgroups</code>, and <code class="language-plaintext highlighter-rouge">SELinux</code>.</p> <p>By default, the Docker daemon automatically starts <code class="language-plaintext highlighter-rouge">containerd</code>. If you want to control <code class="language-plaintext highlighter-rouge">containerd</code> startup, manually start <code class="language-plaintext highlighter-rouge">containerd</code> and pass the path to the <code class="language-plaintext highlighter-rouge">containerd</code> socket using the <code class="language-plaintext highlighter-rouge">--containerd</code> flag. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --containerd /var/run/dev/docker-containerd.sock
+</pre></div> <p>Runtimes can be registered with the daemon either via the configuration file or using the <code class="language-plaintext highlighter-rouge">--add-runtime</code> command line argument.</p> <p>The following is an example adding 2 runtimes via the configuration:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "default-runtime": "runc",
+  "runtimes": {
+    "custom": {
+      "path": "/usr/local/bin/my-runc-replacement",
+      "runtimeArgs": [
+        "--debug"
+      ]
+    },
+    "runc": {
+      "path": "runc"
+    }
+  }
+}
+</pre></div> <p>This is the same example via the command line:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Defining runtime arguments via the command line is not supported.</p> </blockquote> <h4 id="options-for-the-runtime">Options for the runtime</h4> <p>You can configure the runtime using options specified with the <code class="language-plaintext highlighter-rouge">--exec-opt</code> flag. All the flag’s options have the <code class="language-plaintext highlighter-rouge">native</code> prefix. A single <code class="language-plaintext highlighter-rouge">native.cgroupdriver</code> option is available.</p> <p>The <code class="language-plaintext highlighter-rouge">native.cgroupdriver</code> option specifies the management of the container’s cgroups. You can only specify <code class="language-plaintext highlighter-rouge">cgroupfs</code> or <code class="language-plaintext highlighter-rouge">systemd</code>. If you specify <code class="language-plaintext highlighter-rouge">systemd</code> and it is not available, the system errors out. If you omit the <code class="language-plaintext highlighter-rouge">native.cgroupdriver</code> option,<code class="language-plaintext highlighter-rouge">cgroupfs</code> is used on cgroup v1 hosts, <code class="language-plaintext highlighter-rouge">systemd</code> is used on cgroup v2 hosts with systemd available.</p> <p>This example sets the <code class="language-plaintext highlighter-rouge">cgroupdriver</code> to <code class="language-plaintext highlighter-rouge">systemd</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --exec-opt native.cgroupdriver=systemd
+</pre></div> <p>Setting this option applies to all containers the daemon launches.</p> <p>Also Windows Container makes use of <code class="language-plaintext highlighter-rouge">--exec-opt</code> for special purpose. Docker user can specify default container isolation technology with this, for example:</p> <div class="highlight"><pre class="highlight" data-language="">&gt; dockerd --exec-opt isolation=hyperv
+</pre></div> <p>Will make <code class="language-plaintext highlighter-rouge">hyperv</code> the default isolation technology on Windows. If no isolation value is specified on daemon start, on Windows client, the default is <code class="language-plaintext highlighter-rouge">hyperv</code>, and on Windows server, the default is <code class="language-plaintext highlighter-rouge">process</code>.</p> <h3 id="daemon-dns-options">Daemon DNS options</h3> <p>To set the DNS server for all Docker containers, use:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --dns 8.8.8.8
+</pre></div> <p>To set the DNS search domain for all Docker containers, use:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --dns-search example.com
+</pre></div> <h3 id="allow-push-of-nondistributable-artifacts">Allow push of nondistributable artifacts</h3> <p>Some images (e.g., Windows base images) contain artifacts whose distribution is restricted by license. When these images are pushed to a registry, restricted artifacts are not included.</p> <p>To override this behavior for specific registries, use the <code class="language-plaintext highlighter-rouge">--allow-nondistributable-artifacts</code> option in one of the following forms:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">--allow-nondistributable-artifacts myregistry:5000</code> tells the Docker daemon to push nondistributable artifacts to myregistry:5000.</li> <li>
+<code class="language-plaintext highlighter-rouge">--allow-nondistributable-artifacts 10.1.0.0/16</code> tells the Docker daemon to push nondistributable artifacts to all registries whose resolved IP address is within the subnet described by the CIDR syntax.</li> </ul> <p>This option can be used multiple times.</p> <p>This option is useful when pushing images containing nondistributable artifacts to a registry on an air-gapped network so hosts on that network can pull the images without connecting to another server.</p> <blockquote> <p><strong>Warning</strong>: Nondistributable artifacts typically have restrictions on how and where they can be distributed and shared. Only use this feature to push artifacts to private registries and ensure that you are in compliance with any terms that cover redistributing nondistributable artifacts.</p> </blockquote> <h3 id="insecure-registries">Insecure registries</h3> <p>Docker considers a private registry either secure or insecure. In the rest of this section, <em>registry</em> is used for <em>private registry</em>, and <code class="language-plaintext highlighter-rouge">myregistry:5000</code> is a placeholder example for a private registry.</p> <p>A secure registry uses TLS and a copy of its CA certificate is placed on the Docker host at <code class="language-plaintext highlighter-rouge">/etc/docker/certs.d/myregistry:5000/ca.crt</code>. An insecure registry is either not using TLS (i.e., listening on plain text HTTP), or is using TLS with a CA certificate not known by the Docker daemon. The latter can happen when the certificate was not found under <code class="language-plaintext highlighter-rouge">/etc/docker/certs.d/myregistry:5000/</code>, or if the certificate verification failed (i.e., wrong CA).</p> <p>By default, Docker assumes all, but local (see local registries below), registries are secure. Communicating with an insecure registry is not possible if Docker assumes that registry is secure. In order to communicate with an insecure registry, the Docker daemon requires <code class="language-plaintext highlighter-rouge">--insecure-registry</code> in one of the following two forms:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">--insecure-registry myregistry:5000</code> tells the Docker daemon that myregistry:5000 should be considered insecure.</li> <li>
+<code class="language-plaintext highlighter-rouge">--insecure-registry 10.1.0.0/16</code> tells the Docker daemon that all registries whose domain resolve to an IP address is part of the subnet described by the CIDR syntax, should be considered insecure.</li> </ul> <p>The flag can be used multiple times to allow multiple registries to be marked as insecure.</p> <p>If an insecure registry is not marked as insecure, <code class="language-plaintext highlighter-rouge">docker pull</code>, <code class="language-plaintext highlighter-rouge">docker push</code>, and <code class="language-plaintext highlighter-rouge">docker search</code> will result in an error message prompting the user to either secure or pass the <code class="language-plaintext highlighter-rouge">--insecure-registry</code> flag to the Docker daemon as described above.</p> <p>Local registries, whose IP address falls in the 127.0.0.0/8 range, are automatically marked as insecure as of Docker 1.3.2. It is not recommended to rely on this, as it may change in the future.</p> <p>Enabling <code class="language-plaintext highlighter-rouge">--insecure-registry</code>, i.e., allowing un-encrypted and/or untrusted communication, can be useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system’s list of trusted CAs instead of enabling <code class="language-plaintext highlighter-rouge">--insecure-registry</code>.</p> <h4 id="legacy-registries">Legacy Registries</h4> <p>Operations against registries supporting only the legacy v1 protocol are no longer supported. Specifically, the daemon will not attempt <code class="language-plaintext highlighter-rouge">push</code>, <code class="language-plaintext highlighter-rouge">pull</code> and <code class="language-plaintext highlighter-rouge">login</code> to v1 registries. The exception to this is <code class="language-plaintext highlighter-rouge">search</code> which can still be performed on v1 registries.</p> <h3 id="running-a-docker-daemon-behind-an-https_proxy">Running a Docker daemon behind an HTTPS_PROXY</h3> <p>When running inside a LAN that uses an <code class="language-plaintext highlighter-rouge">HTTPS</code> proxy, the Docker Hub certificates will be replaced by the proxy’s certificates. These certificates need to be added to your Docker host’s configuration:</p> <ol> <li>Install the <code class="language-plaintext highlighter-rouge">ca-certificates</code> package for your distribution</li> <li>Ask your network admin for the proxy’s CA certificate and append them to <code class="language-plaintext highlighter-rouge">/etc/pki/tls/certs/ca-bundle.crt</code>
+</li> <li>Then start your Docker daemon with <code class="language-plaintext highlighter-rouge">HTTPS_PROXY=http://username:password@proxy:port/ dockerd</code>. The <code class="language-plaintext highlighter-rouge">username:</code> and <code class="language-plaintext highlighter-rouge">password@</code> are optional - and are only needed if your proxy is set up to require authentication.</li> </ol> <p>This will only add the proxy and authentication to the Docker daemon’s requests - your <code class="language-plaintext highlighter-rouge">docker build</code>s and running containers will need extra configuration to use the proxy</p> <h3 id="default-ulimit-settings">Default <code class="language-plaintext highlighter-rouge">ulimit</code> settings</h3> <p><code class="language-plaintext highlighter-rouge">--default-ulimit</code> allows you to set the default <code class="language-plaintext highlighter-rouge">ulimit</code> options to use for all containers. It takes the same options as <code class="language-plaintext highlighter-rouge">--ulimit</code> for <code class="language-plaintext highlighter-rouge">docker run</code>. If these defaults are not set, <code class="language-plaintext highlighter-rouge">ulimit</code> settings will be inherited, if not set on <code class="language-plaintext highlighter-rouge">docker run</code>, from the Docker daemon. Any <code class="language-plaintext highlighter-rouge">--ulimit</code> options passed to <code class="language-plaintext highlighter-rouge">docker run</code> will overwrite these defaults.</p> <p>Be careful setting <code class="language-plaintext highlighter-rouge">nproc</code> with the <code class="language-plaintext highlighter-rouge">ulimit</code> flag as <code class="language-plaintext highlighter-rouge">nproc</code> is designed by Linux to set the maximum number of processes available to a user, not to a container. For details please check the <a href="../run/index">run</a> reference.</p> <h3 id="node-discovery">Node discovery</h3> <p>The <code class="language-plaintext highlighter-rouge">--cluster-advertise</code> option specifies the <code class="language-plaintext highlighter-rouge">host:port</code> or <code class="language-plaintext highlighter-rouge">interface:port</code> combination that this particular daemon instance should use when advertising itself to the cluster. The daemon is reached by remote hosts through this value. If you specify an interface, make sure it includes the IP address of the actual Docker host. For Engine installation created through <code class="language-plaintext highlighter-rouge">docker-machine</code>, the interface is typically <code class="language-plaintext highlighter-rouge">eth1</code>.</p> <p>The daemon uses <a href="https://github.com/docker/libkv/">libkv</a> to advertise the node within the cluster. Some key-value backends support mutual TLS. To configure the client TLS settings used by the daemon can be configured using the <code class="language-plaintext highlighter-rouge">--cluster-store-opt</code> flag, specifying the paths to PEM encoded files. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd \
+    --cluster-advertise 192.168.1.2:2376 \
+    --cluster-store etcd://192.168.1.2:2379 \
+    --cluster-store-opt kv.cacertfile=/path/to/ca.pem \
+    --cluster-store-opt kv.certfile=/path/to/cert.pem \
+    --cluster-store-opt kv.keyfile=/path/to/key.pem
+</pre></div> <p>The currently supported cluster store options are:</p> <table> <thead> <tr> <th style="text-align: left">Option</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">discovery.heartbeat</code></td> <td style="text-align: left">Specifies the heartbeat timer in seconds which is used by the daemon as a <code class="language-plaintext highlighter-rouge">keepalive</code> mechanism to make sure discovery module treats the node as alive in the cluster. If not configured, the default value is 20 seconds.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">discovery.ttl</code></td> <td style="text-align: left">Specifies the TTL (time-to-live) in seconds which is used by the discovery module to timeout a node if a valid heartbeat is not received within the configured ttl value. If not configured, the default value is 60 seconds.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">kv.cacertfile</code></td> <td style="text-align: left">Specifies the path to a local file with PEM encoded CA certificates to trust.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">kv.certfile</code></td> <td style="text-align: left">Specifies the path to a local file with a PEM encoded certificate. This certificate is used as the client cert for communication with the Key/Value store.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">kv.keyfile</code></td> <td style="text-align: left">Specifies the path to a local file with a PEM encoded private key. This private key is used as the client key for communication with the Key/Value store.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">kv.path</code></td> <td style="text-align: left">Specifies the path in the Key/Value store. If not configured, the default value is ‘docker/nodes’.</td> </tr> </tbody> </table> <h3 id="access-authorization">Access authorization</h3> <p>Docker’s access authorization can be extended by authorization plugins that your organization can purchase or build themselves. You can install one or more authorization plugins when you start the Docker <code class="language-plaintext highlighter-rouge">daemon</code> using the <code class="language-plaintext highlighter-rouge">--authorization-plugin=PLUGIN_ID</code> option.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">PLUGIN_ID</code> value is either the plugin’s name or a path to its specification file. The plugin’s implementation determines whether you can specify a name or path. Consult with your Docker administrator to get information about the plugins available to you.</p> <p>Once a plugin is installed, requests made to the <code class="language-plaintext highlighter-rouge">daemon</code> through the command line or Docker’s Engine API are allowed or denied by the plugin. If you have multiple plugins installed, each plugin, in order, must allow the request for it to complete.</p> <p>For information about how to create an authorization plugin, refer to the <a href="../../../extend/plugins_authorization/index">authorization plugin</a> section.</p> <h3 id="daemon-user-namespace-options">Daemon user namespace options</h3> <p>The Linux kernel <a href="https://man7.org/linux/man-pages/man7/user_namespaces.7.html">user namespace support</a> provides additional security by enabling a process, and therefore a container, to have a unique range of user and group IDs which are outside the traditional user and group range utilized by the host system. Potentially the most important security improvement is that, by default, container processes running as the <code class="language-plaintext highlighter-rouge">root</code> user will have expected administrative privilege (with some restrictions) inside the container but will effectively be mapped to an unprivileged <code class="language-plaintext highlighter-rouge">uid</code> on the host.</p> <p>For details about how to use this feature, as well as limitations, see <a href="../../../security/userns-remap/index">Isolate containers with a user namespace</a>.</p> <h3 id="miscellaneous-options">Miscellaneous options</h3> <p>IP masquerading uses address translation to allow containers without a public IP to talk to other machines on the Internet. This may interfere with some network topologies and can be disabled with <code class="language-plaintext highlighter-rouge">--ip-masq=false</code>.</p> <p>Docker supports softlinks for the Docker data directory (<code class="language-plaintext highlighter-rouge">/var/lib/docker</code>) and for <code class="language-plaintext highlighter-rouge">/var/lib/docker/tmp</code>. The <code class="language-plaintext highlighter-rouge">DOCKER_TMPDIR</code> and the data directory can be set like this:</p> <div class="highlight"><pre class="highlight" data-language="">$ DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/dockerd --data-root /var/lib/docker -H unix:// &gt; /var/lib/docker-machine/docker.log 2&gt;&amp;1
+</pre></div> <p>or</p> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_TMPDIR=/mnt/disk2/tmp
+$ /usr/local/bin/dockerd --data-root /var/lib/docker -H unix:// &gt; /var/lib/docker-machine/docker.log 2&gt;&amp;1
+</pre></div> <h4 id="default-cgroup-parent">Default cgroup parent</h4> <p>The <code class="language-plaintext highlighter-rouge">--cgroup-parent</code> option allows you to set the default cgroup parent to use for containers. If this option is not set, it defaults to <code class="language-plaintext highlighter-rouge">/docker</code> for fs cgroup driver and <code class="language-plaintext highlighter-rouge">system.slice</code> for systemd cgroup driver.</p> <p>If the cgroup has a leading forward slash (<code class="language-plaintext highlighter-rouge">/</code>), the cgroup is created under the root cgroup, otherwise the cgroup is created under the daemon cgroup.</p> <p>Assuming the daemon is running in cgroup <code class="language-plaintext highlighter-rouge">daemoncgroup</code>, <code class="language-plaintext highlighter-rouge">--cgroup-parent=/foobar</code> creates a cgroup in <code class="language-plaintext highlighter-rouge">/sys/fs/cgroup/memory/foobar</code>, whereas using <code class="language-plaintext highlighter-rouge">--cgroup-parent=foobar</code> creates the cgroup in <code class="language-plaintext highlighter-rouge">/sys/fs/cgroup/memory/daemoncgroup/foobar</code></p> <p>The systemd cgroup driver has different rules for <code class="language-plaintext highlighter-rouge">--cgroup-parent</code>. Systemd represents hierarchy by slice and the name of the slice encodes the location in the tree. So <code class="language-plaintext highlighter-rouge">--cgroup-parent</code> for systemd cgroups should be a slice name. A name can consist of a dash-separated series of names, which describes the path to the slice from the root slice. For example, <code class="language-plaintext highlighter-rouge">--cgroup-parent=user-a-b.slice</code> means the memory cgroup for the container is created in <code class="language-plaintext highlighter-rouge">/sys/fs/cgroup/memory/user.slice/user-a.slice/user-a-b.slice/docker-&lt;id&gt;.scope</code>.</p> <p>This setting can also be set per container, using the <code class="language-plaintext highlighter-rouge">--cgroup-parent</code> option on <code class="language-plaintext highlighter-rouge">docker create</code> and <code class="language-plaintext highlighter-rouge">docker run</code>, and takes precedence over the <code class="language-plaintext highlighter-rouge">--cgroup-parent</code> option on the daemon.</p> <h4 id="daemon-metrics">Daemon metrics</h4> <p>The <code class="language-plaintext highlighter-rouge">--metrics-addr</code> option takes a tcp address to serve the metrics API. This feature is still experimental, therefore, the daemon must be running in experimental mode for this feature to work.</p> <p>To serve the metrics API on <code class="language-plaintext highlighter-rouge">localhost:9323</code> you would specify <code class="language-plaintext highlighter-rouge">--metrics-addr 127.0.0.1:9323</code>, allowing you to make requests on the API at <code class="language-plaintext highlighter-rouge">127.0.0.1:9323/metrics</code> to receive metrics in the <a href="https://prometheus.io/docs/instrumenting/exposition_formats/">prometheus</a> format.</p> <p>Port <code class="language-plaintext highlighter-rouge">9323</code> is the <a href="https://github.com/prometheus/prometheus/wiki/Default-port-allocations">default port associated with Docker metrics</a> to avoid collisions with other prometheus exporters and services.</p> <p>If you are running a prometheus server you can add this address to your scrape configs to have prometheus collect metrics on Docker. For more information on prometheus refer to the <a href="https://prometheus.io/">prometheus website</a>.</p> <div class="highlight"><pre class="highlight" data-language="">scrape_configs:
+  - job_name: 'docker'
+    static_configs:
+      - targets: ['127.0.0.1:9323']
+</pre></div> <p>Please note that this feature is still marked as experimental as metrics and metric names could change while this feature is still in experimental. Please provide feedback on what you would like to see collected in the API.</p> <h4 id="node-generic-resources">Node Generic Resources</h4> <p>The <code class="language-plaintext highlighter-rouge">--node-generic-resources</code> option takes a list of key-value pair (<code class="language-plaintext highlighter-rouge">key=value</code>) that allows you to advertise user defined resources in a swarm cluster.</p> <p>The current expected use case is to advertise NVIDIA GPUs so that services requesting <code class="language-plaintext highlighter-rouge">NVIDIA-GPU=[0-16]</code> can land on a node that has enough GPUs for the task to run.</p> <p>Example of usage:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "node-generic-resources": [
+    "NVIDIA-GPU=UUID1",
+    "NVIDIA-GPU=UUID2"
+  ]
+}
+</pre></div> <h3 id="daemon-configuration-file">Daemon configuration file</h3> <p>The <code class="language-plaintext highlighter-rouge">--config-file</code> option allows you to set any configuration option for the daemon in a JSON format. This file uses the same flag names as keys, except for flags that allow several entries, where it uses the plural of the flag name, e.g., <code class="language-plaintext highlighter-rouge">labels</code> for the <code class="language-plaintext highlighter-rouge">label</code> flag.</p> <p>The options set in the configuration file must not conflict with options set via flags. The docker daemon fails to start if an option is duplicated between the file and the flags, regardless their value. We do this to avoid silently ignore changes introduced in configuration reloads. For example, the daemon fails to start if you set daemon labels in the configuration file and also set daemon labels via the <code class="language-plaintext highlighter-rouge">--label</code> flag. Options that are not present in the file are ignored when the daemon starts.</p> <h5 id="on-linux">On Linux</h5> <p>The default location of the configuration file on Linux is <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code>. The <code class="language-plaintext highlighter-rouge">--config-file</code> flag can be used to specify a non-default location.</p> <p>This is a full example of the allowed configuration options on Linux:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "allow-nondistributable-artifacts": [],
+  "api-cors-header": "",
+  "authorization-plugins": [],
+  "bip": "",
+  "bridge": "",
+  "cgroup-parent": "",
+  "cluster-advertise": "",
+  "cluster-store": "",
+  "cluster-store-opts": {},
+  "containerd": "/run/containerd/containerd.sock",
+  "containerd-namespace": "docker",
+  "containerd-plugin-namespace": "docker-plugins",
+  "data-root": "",
+  "debug": true,
+  "default-address-pools": [
+    {
+      "base": "172.30.0.0/16",
+      "size": 24
+    },
+    {
+      "base": "172.31.0.0/16",
+      "size": 24
+    }
+  ],
+  "default-cgroupns-mode": "private",
+  "default-gateway": "",
+  "default-gateway-v6": "",
+  "default-runtime": "runc",
+  "default-shm-size": "64M",
+  "default-ulimits": {
+    "nofile": {
+      "Hard": 64000,
+      "Name": "nofile",
+      "Soft": 64000
+    }
+  },
+  "dns": [],
+  "dns-opts": [],
+  "dns-search": [],
+  "exec-opts": [],
+  "exec-root": "",
+  "experimental": false,
+  "features": {},
+  "fixed-cidr": "",
+  "fixed-cidr-v6": "",
+  "group": "",
+  "hosts": [],
+  "icc": false,
+  "init": false,
+  "init-path": "/usr/libexec/docker-init",
+  "insecure-registries": [],
+  "ip": "0.0.0.0",
+  "ip-forward": false,
+  "ip-masq": false,
+  "iptables": false,
+  "ip6tables": false,
+  "ipv6": false,
+  "labels": [],
+  "live-restore": true,
+  "log-driver": "json-file",
+  "log-level": "",
+  "log-opts": {
+    "cache-disabled": "false",
+    "cache-max-file": "5",
+    "cache-max-size": "20m",
+    "cache-compress": "true",
+    "env": "os,customer",
+    "labels": "somelabel",
+    "max-file": "5",
+    "max-size": "10m"
+  },
+  "max-concurrent-downloads": 3,
+  "max-concurrent-uploads": 5,
+  "max-download-attempts": 5,
+  "mtu": 0,
+  "no-new-privileges": false,
+  "node-generic-resources": [
+    "NVIDIA-GPU=UUID1",
+    "NVIDIA-GPU=UUID2"
+  ],
+  "oom-score-adjust": -500,
+  "pidfile": "",
+  "raw-logs": false,
+  "registry-mirrors": [],
+  "runtimes": {
+    "cc-runtime": {
+      "path": "/usr/bin/cc-runtime"
+    },
+    "custom": {
+      "path": "/usr/local/bin/my-runc-replacement",
+      "runtimeArgs": [
+        "--debug"
+      ]
+    }
+  },
+  "seccomp-profile": "",
+  "selinux-enabled": false,
+  "shutdown-timeout": 15,
+  "storage-driver": "",
+  "storage-opts": [],
+  "swarm-default-advertise-addr": "",
+  "tls": true,
+  "tlscacert": "",
+  "tlscert": "",
+  "tlskey": "",
+  "tlsverify": true,
+  "userland-proxy": false,
+  "userland-proxy-path": "/usr/libexec/docker-proxy",
+  "userns-remap": ""
+}
+</pre></div> <blockquote> <p><strong>Note:</strong></p> <p>You cannot set options in <code class="language-plaintext highlighter-rouge">daemon.json</code> that have already been set on daemon startup as a flag. On systems that use <code class="language-plaintext highlighter-rouge">systemd</code> to start the Docker daemon, <code class="language-plaintext highlighter-rouge">-H</code> is already set, so you cannot use the <code class="language-plaintext highlighter-rouge">hosts</code> key in <code class="language-plaintext highlighter-rouge">daemon.json</code> to add listening addresses. See <a href="https://docs.docker.com/config/daemon/systemd/#custom-docker-daemon-options">“custom Docker daemon options”</a> for how to accomplish this task with a systemd drop-in file.</p> </blockquote> <h5 id="on-windows">On Windows</h5> <p>The default location of the configuration file on Windows is <code class="language-plaintext highlighter-rouge">%programdata%\docker\config\daemon.json</code>. The <code class="language-plaintext highlighter-rouge">--config-file</code> flag can be used to specify a non-default location.</p> <p>This is a full example of the allowed configuration options on Windows:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "allow-nondistributable-artifacts": [],
+  "authorization-plugins": [],
+  "bridge": "",
+  "cluster-advertise": "",
+  "cluster-store": "",
+  "containerd": "\\\\.\\pipe\\containerd-containerd",
+  "containerd-namespace": "docker",
+  "containerd-plugin-namespace": "docker-plugins",
+  "data-root": "",
+  "debug": true,
+  "default-ulimits": {},
+  "dns": [],
+  "dns-opts": [],
+  "dns-search": [],
+  "exec-opts": [],
+  "experimental": false,
+  "features": {},
+  "fixed-cidr": "",
+  "group": "",
+  "hosts": [],
+  "insecure-registries": [],
+  "labels": [],
+  "log-driver": "",
+  "log-level": "",
+  "max-concurrent-downloads": 3,
+  "max-concurrent-uploads": 5,
+  "max-download-attempts": 5,
+  "mtu": 0,
+  "pidfile": "",
+  "raw-logs": false,
+  "registry-mirrors": [],
+  "shutdown-timeout": 15,
+  "storage-driver": "",
+  "storage-opts": [],
+  "swarm-default-advertise-addr": "",
+  "tlscacert": "",
+  "tlscert": "",
+  "tlskey": "",
+  "tlsverify": true
+}
+</pre></div> <h4 id="feature-options">Feature options</h4> <p>The optional field <code class="language-plaintext highlighter-rouge">features</code> in <code class="language-plaintext highlighter-rouge">daemon.json</code> allows users to enable or disable specific daemon features. For example, <code class="language-plaintext highlighter-rouge">{"features":{"buildkit": true}}</code> enables <code class="language-plaintext highlighter-rouge">buildkit</code> as the default docker image builder.</p> <p>The list of currently supported feature options:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">buildkit</code>: It enables <code class="language-plaintext highlighter-rouge">buildkit</code> as default builder when set to <code class="language-plaintext highlighter-rouge">true</code> or disables it by <code class="language-plaintext highlighter-rouge">false</code>. Note that if this option is not explicitly set in the daemon config file, then it is up to the cli to determine which builder to invoke.</li> </ul> <h4 id="configuration-reload-behavior">Configuration reload behavior</h4> <p>Some options can be reconfigured when the daemon is running without requiring to restart the process. We use the <code class="language-plaintext highlighter-rouge">SIGHUP</code> signal in Linux to reload, and a global event in Windows with the key <code class="language-plaintext highlighter-rouge">Global\docker-daemon-config-$PID</code>. The options can be modified in the configuration file but still will check for conflicts with the provided flags. The daemon fails to reconfigure itself if there are conflicts, but it won’t stop execution.</p> <p>The list of currently supported options that can be reconfigured is this:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">debug</code>: it changes the daemon to debug mode when set to true.</li> <li>
+<code class="language-plaintext highlighter-rouge">cluster-store</code>: it reloads the discovery store with the new address.</li> <li>
+<code class="language-plaintext highlighter-rouge">cluster-store-opts</code>: it uses the new options to reload the discovery store.</li> <li>
+<code class="language-plaintext highlighter-rouge">cluster-advertise</code>: it modifies the address advertised after reloading.</li> <li>
+<code class="language-plaintext highlighter-rouge">labels</code>: it replaces the daemon labels with a new set of labels.</li> <li>
+<code class="language-plaintext highlighter-rouge">live-restore</code>: Enables <a href="https://docs.docker.com/config/containers/live-restore/">keeping containers alive during daemon downtime</a>.</li> <li>
+<code class="language-plaintext highlighter-rouge">max-concurrent-downloads</code>: it updates the max concurrent downloads for each pull.</li> <li>
+<code class="language-plaintext highlighter-rouge">max-concurrent-uploads</code>: it updates the max concurrent uploads for each push.</li> <li>
+<code class="language-plaintext highlighter-rouge">max-download-attempts</code>: it updates the max download attempts for each pull.</li> <li>
+<code class="language-plaintext highlighter-rouge">default-runtime</code>: it updates the runtime to be used if not is specified at container creation. It defaults to “default” which is the runtime shipped with the official docker packages.</li> <li>
+<code class="language-plaintext highlighter-rouge">runtimes</code>: it updates the list of available OCI runtimes that can be used to run containers.</li> <li>
+<code class="language-plaintext highlighter-rouge">authorization-plugin</code>: it specifies the authorization plugins to use.</li> <li>
+<code class="language-plaintext highlighter-rouge">allow-nondistributable-artifacts</code>: Replaces the set of registries to which the daemon will push nondistributable artifacts with a new set of registries.</li> <li>
+<code class="language-plaintext highlighter-rouge">insecure-registries</code>: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon’s configuration are not in newly reloaded insecure registries, these existing ones will be removed from daemon’s config.</li> <li>
+<code class="language-plaintext highlighter-rouge">registry-mirrors</code>: it replaces the daemon registry mirrors with a new set of registry mirrors. If some existing registry mirrors in daemon’s configuration are not in newly reloaded registry mirrors, these existing ones will be removed from daemon’s config.</li> <li>
+<code class="language-plaintext highlighter-rouge">shutdown-timeout</code>: it replaces the daemon’s existing configuration timeout with a new timeout for shutting down all containers.</li> <li>
+<code class="language-plaintext highlighter-rouge">features</code>: it explicitly enables or disables specific features.</li> </ul> <p>Updating and reloading the cluster configurations such as <code class="language-plaintext highlighter-rouge">--cluster-store</code>, <code class="language-plaintext highlighter-rouge">--cluster-advertise</code> and <code class="language-plaintext highlighter-rouge">--cluster-store-opts</code> will take effect only if these configurations were not previously configured. If <code class="language-plaintext highlighter-rouge">--cluster-store</code> has been provided in flags and <code class="language-plaintext highlighter-rouge">cluster-advertise</code> not, <code class="language-plaintext highlighter-rouge">cluster-advertise</code> can be added in the configuration file without accompanied by <code class="language-plaintext highlighter-rouge">--cluster-store</code>. Configuration reload will log a warning message if it detects a change in previously configured cluster configurations.</p> <h3 id="run-multiple-daemons">Run multiple daemons</h3> <blockquote> <p><strong>Note:</strong></p> <p>Running multiple daemons on a single host is considered as “experimental”. The user should be aware of unsolved problems. This solution may not work properly in some cases. Solutions are currently under development and will be delivered in the near future.</p> </blockquote> <p>This section describes how to run multiple Docker daemons on a single host. To run multiple daemons, you must configure each daemon so that it does not conflict with other daemons on the same host. You can set these options either by providing them as flags, or by using a <a href="#daemon-configuration-file">daemon configuration file</a>.</p> <p>The following daemon options must be configured for each daemon:</p> <div class="highlight"><pre class="highlight" data-language="">-b, --bridge=                          Attach containers to a network bridge
+--exec-root=/var/run/docker            Root of the Docker execdriver
+--data-root=/var/lib/docker            Root of persisted Docker data
+-p, --pidfile=/var/run/docker.pid      Path to use for daemon PID file
+-H, --host=[]                          Daemon socket(s) to connect to
+--iptables=true                        Enable addition of iptables rules
+--config-file=/etc/docker/daemon.json  Daemon configuration file
+--tlscacert="~/.docker/ca.pem"         Trust certs signed only by this CA
+--tlscert="~/.docker/cert.pem"         Path to TLS certificate file
+--tlskey="~/.docker/key.pem"           Path to TLS key file
+</pre></div> <p>When your daemons use different values for these flags, you can run them on the same host without any problems. It is very important to properly understand the meaning of those options and to use them correctly.</p> <ul> <li>The <code class="language-plaintext highlighter-rouge">-b, --bridge=</code> flag is set to <code class="language-plaintext highlighter-rouge">docker0</code> as default bridge network. It is created automatically when you install Docker. If you are not using the default, you must create and configure the bridge manually or just set it to ‘none’: <code class="language-plaintext highlighter-rouge">--bridge=none</code>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">--exec-root</code> is the path where the container state is stored. The default value is <code class="language-plaintext highlighter-rouge">/var/run/docker</code>. Specify the path for your running daemon here.</li> <li>
+<code class="language-plaintext highlighter-rouge">--data-root</code> is the path where persisted data such as images, volumes, and cluster state are stored. The default value is <code class="language-plaintext highlighter-rouge">/var/lib/docker</code>. To avoid any conflict with other daemons, set this parameter separately for each daemon.</li> <li>
+<code class="language-plaintext highlighter-rouge">-p, --pidfile=/var/run/docker.pid</code> is the path where the process ID of the daemon is stored. Specify the path for your pid file here.</li> <li>
+<code class="language-plaintext highlighter-rouge">--host=[]</code> specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to <code class="language-plaintext highlighter-rouge">/var/run/docker.sock</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">--iptables=false</code> prevents the Docker daemon from adding iptables rules. If multiple daemons manage iptables rules, they may overwrite rules set by another daemon. Be aware that disabling this option requires you to manually add iptables rules to expose container ports. If you prevent Docker from adding iptables rules, Docker will also not add IP masquerading rules, even if you set <code class="language-plaintext highlighter-rouge">--ip-masq</code> to <code class="language-plaintext highlighter-rouge">true</code>. Without IP masquerading rules, Docker containers will not be able to connect to external hosts or the internet when using network other than default bridge.</li> <li>
+<code class="language-plaintext highlighter-rouge">--config-file=/etc/docker/daemon.json</code> is the path where configuration file is stored. You can use it instead of daemon flags. Specify the path for each daemon.</li> <li>
+<code class="language-plaintext highlighter-rouge">--tls*</code> Docker daemon supports <code class="language-plaintext highlighter-rouge">--tlsverify</code> mode that enforces encrypted and authenticated remote connections. The <code class="language-plaintext highlighter-rouge">--tls*</code> options enable use of specific certificates for individual daemons.</li> </ul> <p>Example script for a separate “bootstrap” instance of the Docker daemon without network:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dockerd \
+        -H unix:///var/run/docker-bootstrap.sock \
+        -p /var/run/docker-bootstrap.pid \
+        --iptables=false \
+        --ip-masq=false \
+        --bridge=none \
+        --data-root=/var/lib/docker-bootstrap \
+        --exec-root=/var/run/docker-bootstrap
+</pre></div> 
+<p><a href="https://docs.docker.com/search/?q=container">container</a>, <a href="https://docs.docker.com/search/?q=daemon">daemon</a>, <a href="https://docs.docker.com/search/?q=runtime">runtime</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/dockerd/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/dockerd/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fevents%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fevents%2Findex.html
new file mode 100644
index 00000000..c9aa36c1
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fevents%2Findex.html
@@ -0,0 +1,171 @@
+<h1>docker events</h1>  <p><br></p> <p>Get real time events from the server</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker events [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Use <code class="language-plaintext highlighter-rouge">docker events</code> to get real-time events from the server. These events differ per Docker object type. Different event types have different scopes. Local scoped events are only seen on the node they take place on, and swarm scoped events are seen on all managers.</p> <p>Only the last 1000 log events are returned. You can use filters to further limit the number of events returned.</p> <h3 id="object-types">Object types</h3> <h4 id="containers">Containers</h4> <p>Docker containers report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">attach</code></li> <li><code class="language-plaintext highlighter-rouge">commit</code></li> <li><code class="language-plaintext highlighter-rouge">copy</code></li> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">destroy</code></li> <li><code class="language-plaintext highlighter-rouge">detach</code></li> <li><code class="language-plaintext highlighter-rouge">die</code></li> <li><code class="language-plaintext highlighter-rouge">exec_create</code></li> <li><code class="language-plaintext highlighter-rouge">exec_detach</code></li> <li><code class="language-plaintext highlighter-rouge">exec_die</code></li> <li><code class="language-plaintext highlighter-rouge">exec_start</code></li> <li><code class="language-plaintext highlighter-rouge">export</code></li> <li><code class="language-plaintext highlighter-rouge">health_status</code></li> <li><code class="language-plaintext highlighter-rouge">kill</code></li> <li><code class="language-plaintext highlighter-rouge">oom</code></li> <li><code class="language-plaintext highlighter-rouge">pause</code></li> <li><code class="language-plaintext highlighter-rouge">rename</code></li> <li><code class="language-plaintext highlighter-rouge">resize</code></li> <li><code class="language-plaintext highlighter-rouge">restart</code></li> <li><code class="language-plaintext highlighter-rouge">start</code></li> <li><code class="language-plaintext highlighter-rouge">stop</code></li> <li><code class="language-plaintext highlighter-rouge">top</code></li> <li><code class="language-plaintext highlighter-rouge">unpause</code></li> <li><code class="language-plaintext highlighter-rouge">update</code></li> </ul> <h4 id="images">Images</h4> <p>Docker images report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">delete</code></li> <li><code class="language-plaintext highlighter-rouge">import</code></li> <li><code class="language-plaintext highlighter-rouge">load</code></li> <li><code class="language-plaintext highlighter-rouge">pull</code></li> <li><code class="language-plaintext highlighter-rouge">push</code></li> <li><code class="language-plaintext highlighter-rouge">save</code></li> <li><code class="language-plaintext highlighter-rouge">tag</code></li> <li><code class="language-plaintext highlighter-rouge">untag</code></li> </ul> <h4 id="plugins">Plugins</h4> <p>Docker plugins report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">enable</code></li> <li><code class="language-plaintext highlighter-rouge">disable</code></li> <li><code class="language-plaintext highlighter-rouge">install</code></li> <li><code class="language-plaintext highlighter-rouge">remove</code></li> </ul> <h4 id="volumes">Volumes</h4> <p>Docker volumes report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">destroy</code></li> <li><code class="language-plaintext highlighter-rouge">mount</code></li> <li><code class="language-plaintext highlighter-rouge">unmount</code></li> </ul> <h4 id="networks">Networks</h4> <p>Docker networks report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">connect</code></li> <li><code class="language-plaintext highlighter-rouge">destroy</code></li> <li><code class="language-plaintext highlighter-rouge">disconnect</code></li> <li><code class="language-plaintext highlighter-rouge">remove</code></li> </ul> <h4 id="daemons">Daemons</h4> <p>Docker daemons report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">reload</code></li> </ul> <h4 id="services">Services</h4> <p>Docker services report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">remove</code></li> <li><code class="language-plaintext highlighter-rouge">update</code></li> </ul> <h4 id="nodes">Nodes</h4> <p>Docker nodes report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">remove</code></li> <li><code class="language-plaintext highlighter-rouge">update</code></li> </ul> <h4 id="secrets">Secrets</h4> <p>Docker secrets report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">remove</code></li> <li><code class="language-plaintext highlighter-rouge">update</code></li> </ul> <h4 id="configs">Configs</h4> <p>Docker configs report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">remove</code></li> <li><code class="language-plaintext highlighter-rouge">update</code></li> </ul> <h3 id="limiting-filtering-and-formatting-the-output">Limiting, filtering, and formatting the output</h3> <h4 id="limit-events-by-time">Limit events by time</h4> <p>The <code class="language-plaintext highlighter-rouge">--since</code> and <code class="language-plaintext highlighter-rouge">--until</code> parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. <code class="language-plaintext highlighter-rouge">10m</code>, <code class="language-plaintext highlighter-rouge">1h30m</code>) computed relative to the client machine’s time. If you do not provide the <code class="language-plaintext highlighter-rouge">--since</code> option, the command returns only new and/or live events. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05</code>, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05.999999999</code>, <code class="language-plaintext highlighter-rouge">2006-01-02Z07:00</code>, and <code class="language-plaintext highlighter-rouge">2006-01-02</code>. The local timezone on the client will be used if you do not provide either a <code class="language-plaintext highlighter-rouge">Z</code> or a <code class="language-plaintext highlighter-rouge">+-00:00</code> timezone offset at the end of the timestamp. When providing Unix timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long.</p> <p>Only the last 1000 log events are returned. You can use filters to further limit the number of events returned.</p> <h4 id="filtering">Filtering</h4> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If you would like to use multiple filters, pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>Using the same filter multiple times will be handled as a <em>OR</em>; for example <code class="language-plaintext highlighter-rouge">--filter container=588a23dac085 --filter container=a8f7720b8c22</code> will display events for container 588a23dac085 <em>OR</em> container a8f7720b8c22</p> <p>Using multiple filters will be handled as a <em>AND</em>; for example <code class="language-plaintext highlighter-rouge">--filter container=588a23dac085 --filter event=start</code> will display events for container container 588a23dac085 <em>AND</em> the event type is <em>start</em></p> <p>The currently supported filters are:</p> <ul> <li>config (<code class="language-plaintext highlighter-rouge">config=&lt;name or id&gt;</code>)</li> <li>container (<code class="language-plaintext highlighter-rouge">container=&lt;name or id&gt;</code>)</li> <li>daemon (<code class="language-plaintext highlighter-rouge">daemon=&lt;name or id&gt;</code>)</li> <li>event (<code class="language-plaintext highlighter-rouge">event=&lt;event action&gt;</code>)</li> <li>image (<code class="language-plaintext highlighter-rouge">image=&lt;repository or tag&gt;</code>)</li> <li>label (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>)</li> <li>network (<code class="language-plaintext highlighter-rouge">network=&lt;name or id&gt;</code>)</li> <li>node (<code class="language-plaintext highlighter-rouge">node=&lt;id&gt;</code>)</li> <li>plugin (<code class="language-plaintext highlighter-rouge">plugin=&lt;name or id&gt;</code>)</li> <li>scope (<code class="language-plaintext highlighter-rouge">scope=&lt;local or swarm&gt;</code>)</li> <li>secret (<code class="language-plaintext highlighter-rouge">secret=&lt;name or id&gt;</code>)</li> <li>service (<code class="language-plaintext highlighter-rouge">service=&lt;name or id&gt;</code>)</li> <li>type (<code class="language-plaintext highlighter-rouge">type=&lt;container or image or volume or network or daemon or plugin or service or node or secret or config&gt;</code>)</li> <li>volume (<code class="language-plaintext highlighter-rouge">volume=&lt;name&gt;</code>)</li> </ul> <h4 id="format">Format</h4> <p>If a format (<code class="language-plaintext highlighter-rouge">--format</code>) is specified, the given template will be executed instead of the default format. Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package describes all the details of the format.</p> <p>If a format is set to <code class="language-plaintext highlighter-rouge">{{json .}}</code>, the events are streamed as valid JSON Lines. For information about JSON Lines, please refer to https://jsonlines.org/.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--since</code></td> <td></td> <td>Show all events created since timestamp</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--until</code></td> <td></td> <td>Stream events until this timestamp</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="basic-example">Basic example</h3> <p>You’ll need two shells for this example.</p> <p><strong>Shell 1: Listening for events:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker events
+</pre></div> <p><strong>Shell 2: Start and Stop containers:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker create --name test alpine:latest top
+$ docker start test
+$ docker stop test
+</pre></div> <p><strong>Shell 1: (Again .. now showing events):</strong></p> <div class="highlight"><pre class="highlight" data-language="">2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+</pre></div> <p>To exit the <code class="language-plaintext highlighter-rouge">docker events</code> command, use <code class="language-plaintext highlighter-rouge">CTRL+C</code>.</p> <h3 id="filter-events-by-time">Filter events by time</h3> <p>You can filter the output by an absolute timestamp or relative time on the host machine, using the following different time syntaxes:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker events --since 1483283804
+2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
+2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker events --since '2017-01-05'
+2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
+2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker events --since '2013-09-03T15:49:29'
+2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
+2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker events --since '10m'
+2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
+2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker events --since '2017-01-05T00:35:30' --until '2017-01-05T00:36:05'
+2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
+2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+</pre></div> <h3 id="filter-events-by-criteria">Filter events by criteria</h3> <p>The following commands show several different ways to filter the <code class="language-plaintext highlighter-rouge">docker event</code> output.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker events --filter 'event=stop'
+
+2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain)
+
+$ docker events --filter 'image=alpine'
+
+2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner)
+2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner)
+2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15)
+2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9)
+2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner)
+2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner)
+
+$ docker events --filter 'container=test'
+
+2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker events --filter 'container=test' --filter 'container=d9cdb1525ea8'
+
+2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner)
+2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9)
+2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test)
+2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker events --filter 'container=test' --filter 'event=stop'
+
+2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test)
+
+$ docker events --filter 'type=volume'
+
+2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local)
+2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate)
+2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local)
+2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local)
+
+$ docker events --filter 'type=network'
+
+2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge)
+2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge)
+
+$ docker events --filter 'container=container_1' --filter 'container=container_2'
+
+2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8)
+2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+$ docker events --filter 'type=volume'
+
+2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local)
+2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate)
+2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local)
+2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local)
+
+$ docker events --filter 'type=network'
+
+2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge)
+2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge)
+
+$ docker events --filter 'type=plugin'
+
+2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
+2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
+
+$ docker events -f type=service
+
+2017-07-12T06:34:07.999446625Z service create wj64st89fzgchxnhiqpn8p4oj (name=reverent_albattani)
+2017-07-12T06:34:21.405496207Z service remove wj64st89fzgchxnhiqpn8p4oj (name=reverent_albattani)
+
+$ docker events -f type=node
+
+2017-07-12T06:21:51.951586759Z node update 3xyz5ttp1a253q74z1thwywk9 (name=ip-172-31-23-42, state.new=ready, state.old=unknown)
+
+$ docker events -f type=secret
+
+2017-07-12T06:32:13.915704367Z secret create s8o6tmlnndrgzbmdilyy5ymju (name=new_secret)
+2017-07-12T06:32:37.052647783Z secret remove s8o6tmlnndrgzbmdilyy5ymju (name=new_secret)
+
+$  docker events -f type=config
+2017-07-12T06:44:13.349037127Z config create u96zlvzdfsyb9sg4mhyxfh3rl (name=abc)
+2017-07-12T06:44:36.327694184Z config remove u96zlvzdfsyb9sg4mhyxfh3rl (name=abc)
+
+$ docker events --filter 'scope=swarm'
+
+2017-07-10T07:46:50.250024503Z service create m8qcxu8081woyof7w3jaax6gk (name=affectionate_wilson)
+2017-07-10T07:47:31.093797134Z secret create 6g5pufzsv438p9tbvl9j94od4 (name=new_secret)
+</pre></div> <h3 id="format-the-output">Format the output</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker events --filter 'type=container' --format 'Type={{.Type}}  Status={{.Status}}  ID={{.ID}}'
+
+Type=container  Status=create  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=attach  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=start  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=resize  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=die  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=destroy  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+</pre></div> <h4 id="format-as-json">Format as JSON</h4> <div class="highlight"><pre class="highlight" data-language="">$ docker events --format '{{json .}}'
+
+{"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+{"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+{"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
+{"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
+{"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/events/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/events/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fexec%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fexec%2Findex.html
new file mode 100644
index 00000000..9e9de22f
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fexec%2Findex.html
@@ -0,0 +1,42 @@
+<h1>docker exec</h1>  <p><br></p> <p>Run a command in a running container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker exec</code> command runs a new command in a running container.</p> <p>The command started using <code class="language-plaintext highlighter-rouge">docker exec</code> only runs while the container’s primary process (<code class="language-plaintext highlighter-rouge">PID 1</code>) is running, and it is not restarted if the container is restarted.</p> <p>COMMAND will run in the default directory of the container. If the underlying image has a custom directory specified with the WORKDIR directive in its Dockerfile, this will be used instead.</p> <p>COMMAND should be an executable, a chained or a quoted command will not work. Example: <code class="language-plaintext highlighter-rouge">docker exec -ti my_container "echo a &amp;&amp; echo b"</code> will not work, but <code class="language-plaintext highlighter-rouge">docker exec -ti my_container sh -c "echo a &amp;&amp; echo b"</code> will.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--detach</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Detached mode: run command in the background</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--detach-keys</code></td> <td></td> <td>Override the key sequence for detaching a container</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--env</code> , <code class="language-plaintext highlighter-rouge">-e</code>
+</td> <td></td> <td>Set environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--env-file</code></td> <td></td> <td>Read in a file of environment variables</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--interactive</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Keep STDIN open even if not attached</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--privileged</code></td> <td></td> <td>Give extended privileges to the command</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tty</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Allocate a pseudo-TTY</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--user</code> , <code class="language-plaintext highlighter-rouge">-u</code>
+</td> <td></td> <td>Username or UID (format: &lt;name|uid&gt;[:&lt;group|gid&gt;])</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--workdir</code> , <code class="language-plaintext highlighter-rouge">-w</code>
+</td> <td></td> <td>Working directory inside the container</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="run-docker-exec-on-a-running-container">Run <code class="language-plaintext highlighter-rouge">docker exec</code> on a running container</h3> <p>First, start a container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --name ubuntu_bash --rm -i -t ubuntu bash
+</pre></div> <p>This will create a container named <code class="language-plaintext highlighter-rouge">ubuntu_bash</code> and start a Bash session.</p> <p>Next, execute a command on the container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker exec -d ubuntu_bash touch /tmp/execWorks
+</pre></div> <p>This will create a new file <code class="language-plaintext highlighter-rouge">/tmp/execWorks</code> inside the running container <code class="language-plaintext highlighter-rouge">ubuntu_bash</code>, in the background.</p> <p>Next, execute an interactive <code class="language-plaintext highlighter-rouge">bash</code> shell on the container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker exec -it ubuntu_bash bash
+</pre></div> <p>This will create a new Bash session in the container <code class="language-plaintext highlighter-rouge">ubuntu_bash</code>.</p> <p>Next, set an environment variable in the current bash session.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker exec -it -e VAR=1 ubuntu_bash bash
+</pre></div> <p>This will create a new Bash session in the container <code class="language-plaintext highlighter-rouge">ubuntu_bash</code> with environment variable <code class="language-plaintext highlighter-rouge">$VAR</code> set to “1”. Note that this environment variable will only be valid on the current Bash session.</p> <p>By default <code class="language-plaintext highlighter-rouge">docker exec</code> command runs in the same working directory set when container was created.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker exec -it ubuntu_bash pwd
+/
+</pre></div> <p>You can select working directory for the command to execute into</p> <div class="highlight"><pre class="highlight" data-language="">$ docker exec -it -w /root ubuntu_bash pwd
+/root
+</pre></div> <h3 id="try-to-run-docker-exec-on-a-paused-container">Try to run <code class="language-plaintext highlighter-rouge">docker exec</code> on a paused container</h3> <p>If the container is paused, then the <code class="language-plaintext highlighter-rouge">docker exec</code> command will fail with an error:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pause test
+
+test
+
+$ docker ps
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                   PORTS               NAMES
+1ae3b36715d2        ubuntu:latest       "bash"              17 seconds ago      Up 16 seconds (Paused)                       test
+
+$ docker exec test ls
+
+FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec
+
+$ echo $?
+1
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/exec/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/exec/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fexport%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fexport%2Findex.html
new file mode 100644
index 00000000..39edbb15
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fexport%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker export</h1>  <p><br></p> <p>Export a container’s filesystem as a tar archive</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker export [OPTIONS] CONTAINER
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker export</code> command does not export the contents of volumes associated with the container. If a volume is mounted on top of an existing directory in the container, <code class="language-plaintext highlighter-rouge">docker export</code> will export the contents of the <em>underlying</em> directory, not the contents of the volume.</p> <p>Refer to <a href="https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes">Backup, restore, or migrate data volumes</a> in the user guide for examples on exporting data in a volume.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--output</code> , <code class="language-plaintext highlighter-rouge">-o</code>
+</td> <td></td> <td>Write to a file, instead of STDOUT</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>Each of these commands has the same result.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker export red_panda &gt; latest.tar
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker export --output="latest.tar" red_panda
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/export/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/export/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fhistory%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fhistory%2Findex.html
new file mode 100644
index 00000000..143f8012
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fhistory%2Findex.html
@@ -0,0 +1,30 @@
+<h1>docker history</h1>  <p><br></p> <p>Show the history of an image</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker history [OPTIONS] IMAGE
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print images using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--human</code> , <code class="language-plaintext highlighter-rouge">-H</code>
+</td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Print sizes and dates in human readable format</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Don't truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only show image IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>To see how the <code class="language-plaintext highlighter-rouge">docker:latest</code> image was built:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker history docker
+
+IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
+3e23a5875458        8 days ago          /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8            0 B
+8578938dd170        8 days ago          /bin/sh -c dpkg-reconfigure locales &amp;&amp;    loc   1.245 MB
+be51b77efb42        8 days ago          /bin/sh -c apt-get update &amp;&amp; apt-get install    338.3 MB
+4b137612be55        6 weeks ago         /bin/sh -c #(nop) ADD jessie.tar.xz in /        121 MB
+750d58736b4b        6 weeks ago         /bin/sh -c #(nop) MAINTAINER Tianon Gravi &lt;ad   0 B
+511136ea3c5a        9 months ago                                                        0 B                 Imported from -
+</pre></div> <p>To see how the <code class="language-plaintext highlighter-rouge">docker:apache</code> image was added to a container’s base image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker history docker:scm
+IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
+2ac9d1098bf1        3 months ago        /bin/bash                                       241.4 MB            Added Apache to Fedora base image
+88b42ffd1f7c        5 months ago        /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7   373.7 MB
+c69cab00d6ef        5 months ago        /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar   0 B
+511136ea3c5a        19 months ago                                                       0 B                 Imported from -
+</pre></div> <h3 id="format-the-output">Format the output</h3> <p>The formatting option (<code class="language-plaintext highlighter-rouge">--format</code>) will pretty-prints history output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Image ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CreatedSince</code></td> <td>Elapsed time since the image was created if <code class="language-plaintext highlighter-rouge">--human=true</code>, otherwise timestamp of when image was created</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CreatedAt</code></td> <td>Timestamp of when image was created</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CreatedBy</code></td> <td>Command that was used to create the image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Size</code></td> <td>Image disk size</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Comment</code></td> <td>Comment for image</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">history</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, will include column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code> and <code class="language-plaintext highlighter-rouge">CreatedSince</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for the <code class="language-plaintext highlighter-rouge">busybox</code> image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker history --format "{{.ID}}: {{.CreatedSince}}" busybox
+
+f6e427c148a7: 4 weeks ago
+&lt;missing&gt;: 4 weeks ago
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/history/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/history/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage%2Findex.html
new file mode 100644
index 00000000..c7ca0434
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker image</h1>  <p><br></p> <p>Manage images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage images.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_build%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_build%2Findex.html
new file mode 100644
index 00000000..a423f48c
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_build%2Findex.html
@@ -0,0 +1,22 @@
+<h1>docker image build</h1>  <p><br></p> <p>Build an image from a Dockerfile</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image build [OPTIONS] PATH | URL | -
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--add-host</code></td> <td></td> <td>Add a custom host-to-IP mapping (host:ip)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--build-arg</code></td> <td></td> <td>Set build-time variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cache-from</code></td> <td></td> <td>Images to consider as cache sources</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroup-parent</code></td> <td></td> <td>Optional parent cgroup for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--compress</code></td> <td></td> <td>Compress the build context using gzip</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-period</code></td> <td></td> <td>Limit the CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-quota</code></td> <td></td> <td>Limit the CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--cpu-shares</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>CPU shares (relative weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-cpus</code></td> <td></td> <td>CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-mems</code></td> <td></td> <td>MEMs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--file</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Name of the Dockerfile (Default is 'PATH/Dockerfile')</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--force-rm</code></td> <td></td> <td>Always remove intermediate containers</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--iidfile</code></td> <td></td> <td>Write the image ID to the file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--isolation</code></td> <td></td> <td>Container isolation technology</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label</code></td> <td></td> <td>Set metadata for an image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--memory</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Memory limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swap</code></td> <td></td> <td>Swap limit equal to memory plus swap: '-1' to enable unlimited swap</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network</code></td> <td></td> <td>Set the networking mode for the RUN instructions during build</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-cache</code></td> <td></td> <td>Do not use cache when building the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--output</code> , <code class="language-plaintext highlighter-rouge">-o</code>
+</td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>Output destination (format: type=local,dest=path)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>Set platform if server is multi-platform capable</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--progress</code></td> <td><code class="language-plaintext highlighter-rouge">auto</code></td> <td>Set type of progress output (auto, plain, tty). Use plain to show container output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pull</code></td> <td></td> <td>Always attempt to pull a newer version of the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress the build output and print image ID on success</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rm</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Remove intermediate containers after a successful build</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--secret</code></td> <td></td> <td>Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--security-opt</code></td> <td></td> <td>Security options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--shm-size</code></td> <td></td> <td>Size of /dev/shm</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--squash</code></td> <td></td> <td>
+<a href="../dockerd/index#daemon-configuration-file" target="_blank" rel="noopener" class="_"><span class="badge badge-warning" data-toggle="tooltip" title="Read about experimental daemon options (in a new window).">experimental (daemon)</span></a><br>Squash newly built layers into a single new layer</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ssh</code></td> <td></td> <td>SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|&lt;id&gt;[=&lt;socket&gt;|&lt;key&gt;[,&lt;key&gt;]])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stream</code></td> <td></td> <td>Stream attaches to server to negotiate build context</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tag</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Name and optionally a tag in the 'name:tag' format</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--target</code></td> <td></td> <td>Set the target build stage to build.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit</code></td> <td></td> <td>Ulimit options</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_build/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_build/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_history%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_history%2Findex.html
new file mode 100644
index 00000000..afc02e45
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_history%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker image history</h1>  <p><br></p> <p>Show the history of an image</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image history [OPTIONS] IMAGE
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print images using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--human</code> , <code class="language-plaintext highlighter-rouge">-H</code>
+</td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Print sizes and dates in human readable format</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Don't truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only show image IDs</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_history/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_history/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_import%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_import%2Findex.html
new file mode 100644
index 00000000..70b4fdc7
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_import%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker image import</h1>  <p><br></p> <p>Import the contents from a tarball to create a filesystem image</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--change</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>Apply Dockerfile instruction to the created image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--message</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Set commit message for imported image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>Set platform if server is multi-platform capable</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_import/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_import/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_inspect%2Findex.html
new file mode 100644
index 00000000..3c810158
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_inspect%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker image inspect</h1>  <p><br></p> <p>Display detailed information on one or more images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image inspect [OPTIONS] IMAGE [IMAGE...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_load%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_load%2Findex.html
new file mode 100644
index 00000000..000408b7
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_load%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker image load</h1>  <p><br></p> <p>Load an image from a tar archive or STDIN</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image load [OPTIONS]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--input</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Read from tar archive file, instead of STDIN</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress the load output</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_load/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_load/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_ls%2Findex.html
new file mode 100644
index 00000000..10114c1b
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_ls%2Findex.html
@@ -0,0 +1,13 @@
+<h1>docker image ls</h1>  <p><br></p> <p>List images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image ls [OPTIONS] [REPOSITORY[:TAG]]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Show all images (default hides intermediate images)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--digests</code></td> <td></td> <td>Show digests</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print images using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Don't truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only show image IDs</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_prune%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_prune%2Findex.html
new file mode 100644
index 00000000..d321382d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_prune%2Findex.html
@@ -0,0 +1,102 @@
+<h1>docker image prune</h1>  <p><br></p> <p>Remove unused images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image prune [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Remove all dangling images. If <code class="language-plaintext highlighter-rouge">-a</code> is specified, will also remove all images not referenced by any container.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Remove all unused images, not just dangling ones</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--filter</code></td> <td></td> <td>Provide filter values (e.g. 'until=&lt;timestamp&gt;')</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Do not prompt for confirmation</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>Example output:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image prune -a
+
+WARNING! This will remove all images without at least one container associated to them.
+Are you sure you want to continue? [y/N] y
+Deleted Images:
+untagged: alpine:latest
+untagged: alpine@sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a
+deleted: sha256:4e38e38c8ce0b8d9041a9c4fefe786631d1416225e13b0bfe8cfa2321aec4bba
+deleted: sha256:4fe15f8d0ae69e169824f25f1d4da3015a48feeeeebb265cd2e328e15c6a869f
+untagged: alpine:3.3
+untagged: alpine@sha256:4fa633f4feff6a8f02acfc7424efd5cb3e76686ed3218abf4ca0fa4a2a358423
+untagged: my-jq:latest
+deleted: sha256:ae67841be6d008a374eff7c2a974cde3934ffe9536a7dc7ce589585eddd83aff
+deleted: sha256:34f6f1261650bc341eb122313372adc4512b4fceddc2a7ecbb84f0958ce5ad65
+deleted: sha256:cf4194e8d8db1cb2d117df33f2c75c0369c3a26d96725efb978cc69e046b87e7
+untagged: my-curl:latest
+deleted: sha256:b2789dd875bf427de7f9f6ae001940073b3201409b14aba7e5db71f408b8569e
+deleted: sha256:96daac0cb203226438989926fc34dd024f365a9a8616b93e168d303cfe4cb5e9
+deleted: sha256:5cbd97a14241c9cd83250d6b6fc0649833c4a3e84099b968dd4ba403e609945e
+deleted: sha256:a0971c4015c1e898c60bf95781c6730a05b5d8a2ae6827f53837e6c9d38efdec
+deleted: sha256:d8359ca3b681cc5396a4e790088441673ed3ce90ebc04de388bfcd31a0716b06
+deleted: sha256:83fc9ba8fb70e1da31dfcc3c88d093831dbd4be38b34af998df37e8ac538260c
+deleted: sha256:ae7041a4cc625a9c8e6955452f7afe602b401f662671cea3613f08f3d9343b35
+deleted: sha256:35e0f43a37755b832f0bbea91a2360b025ee351d7309dae0d9737bc96b6d0809
+deleted: sha256:0af941dd29f00e4510195dd00b19671bc591e29d1495630e7e0f7c44c1e6a8c0
+deleted: sha256:9fc896fc2013da84f84e45b3096053eb084417b42e6b35ea0cce5a3529705eac
+deleted: sha256:47cf20d8c26c46fff71be614d9f54997edacfe8d46d51769706e5aba94b16f2b
+deleted: sha256:2c675ee9ed53425e31a13e3390bf3f539bf8637000e4bcfbb85ee03ef4d910a1
+
+Total reclaimed space: 16.43 MB
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li>until (<code class="language-plaintext highlighter-rouge">&lt;timestamp&gt;</code>) - only remove images created before given timestamp</li> <li>label (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code>, <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>, <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;</code>, or <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;=&lt;value&gt;</code>) - only remove images with (or without, in case <code class="language-plaintext highlighter-rouge">label!=...</code> is used) the specified labels.</li> </ul> <p>The <code class="language-plaintext highlighter-rouge">until</code> filter can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. <code class="language-plaintext highlighter-rouge">10m</code>, <code class="language-plaintext highlighter-rouge">1h30m</code>) computed relative to the daemon machine’s time. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05</code>, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05.999999999</code>, <code class="language-plaintext highlighter-rouge">2006-01-02Z07:00</code>, and <code class="language-plaintext highlighter-rouge">2006-01-02</code>. The local timezone on the daemon will be used if you do not provide either a <code class="language-plaintext highlighter-rouge">Z</code> or a <code class="language-plaintext highlighter-rouge">+-00:00</code> timezone offset at the end of the timestamp. When providing Unix timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long.</p> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter accepts two formats. One is the <code class="language-plaintext highlighter-rouge">label=...</code> (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>), which removes images with the specified labels. The other format is the <code class="language-plaintext highlighter-rouge">label!=...</code> (<code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;=&lt;value&gt;</code>), which removes images without the specified labels.</p> <blockquote> <p><strong>Predicting what will be removed</strong></p> <p>If you are using positive filtering (testing for the existence of a label or that a label has a specific value), you can use <code class="language-plaintext highlighter-rouge">docker image ls</code> with the same filtering syntax to see which images match your filter.</p> <p>However, if you are using negative filtering (testing for the absence of a label or that a label does <em>not</em> have a specific value), this type of filter does not work with <code class="language-plaintext highlighter-rouge">docker image ls</code> so you cannot easily predict which images will be removed. In addition, the confirmation prompt for <code class="language-plaintext highlighter-rouge">docker image prune</code> always warns that <em>all</em> dangling images will be removed, even if you are using <code class="language-plaintext highlighter-rouge">--filter</code>.</p> </blockquote> <p>The following removes images created before <code class="language-plaintext highlighter-rouge">2017-01-04T00:00:00</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}'
+REPOSITORY          TAG                 IMAGE ID            CREATED AT                      SIZE
+foo                 latest              2f287ac753da        2017-01-04 13:42:23 -0800 PST   3.98 MB
+alpine              latest              88e169ea8f46        2016-12-27 10:17:25 -0800 PST   3.98 MB
+busybox             latest              e02e811dd08f        2016-10-07 14:03:58 -0700 PDT   1.09 MB
+
+$ docker image prune -a --force --filter "until=2017-01-04T00:00:00"
+
+Deleted Images:
+untagged: alpine:latest
+untagged: alpine@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
+untagged: busybox:latest
+untagged: busybox@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912
+deleted: sha256:e02e811dd08fd49e7f6032625495118e63f597eb150403d02e3238af1df240ba
+deleted: sha256:e88b3f82283bc59d5e0df427c824e9f95557e661fcb0ea15fb0fb6f97760f9d9
+
+Total reclaimed space: 1.093 MB
+
+$ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}'
+
+REPOSITORY          TAG                 IMAGE ID            CREATED AT                      SIZE
+foo                 latest              2f287ac753da        2017-01-04 13:42:23 -0800 PST   3.98 MB
+</pre></div> <p>The following removes images created more than 10 days (<code class="language-plaintext highlighter-rouge">240h</code>) ago:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+foo                 latest              2f287ac753da        14 seconds ago      3.98 MB
+alpine              latest              88e169ea8f46        8 days ago          3.98 MB
+debian              jessie              7b0a06c805e8        2 months ago        123 MB
+busybox             latest              e02e811dd08f        2 months ago        1.09 MB
+golang              1.7.0               138c2e655421        4 months ago        670 MB
+
+$ docker image prune -a --force --filter "until=240h"
+
+Deleted Images:
+untagged: golang:1.7.0
+untagged: golang@sha256:6765038c2b8f407fd6e3ecea043b44580c229ccfa2a13f6d85866cf2b4a9628e
+deleted: sha256:138c2e6554219de65614d88c15521bfb2da674cbb0bf840de161f89ff4264b96
+deleted: sha256:ec353c2e1a673f456c4b78906d0d77f9d9456cfb5229b78c6a960bfb7496b76a
+deleted: sha256:fe22765feaf3907526b4921c73ea6643ff9e334497c9b7e177972cf22f68ee93
+deleted: sha256:ff845959c80148421a5c3ae11cc0e6c115f950c89bc949646be55ed18d6a2912
+deleted: sha256:a4320831346648c03db64149eafc83092e2b34ab50ca6e8c13112388f25899a7
+deleted: sha256:4c76020202ee1d9709e703b7c6de367b325139e74eebd6b55b30a63c196abaf3
+deleted: sha256:d7afd92fb07236c8a2045715a86b7d5f0066cef025018cd3ca9a45498c51d1d6
+deleted: sha256:9e63c5bce4585dd7038d830a1f1f4e44cb1a1515b00e620ac718e934b484c938
+untagged: debian:jessie
+untagged: debian@sha256:c1af755d300d0c65bb1194d24bce561d70c98a54fb5ce5b1693beb4f7988272f
+deleted: sha256:7b0a06c805e8f23807fb8856621c60851727e85c7bcb751012c813f122734c8d
+deleted: sha256:f96222d75c5563900bc4dd852179b720a0885de8f7a0619ba0ac76e92542bbc8
+
+Total reclaimed space: 792.6 MB
+
+$ docker images
+
+REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+foo                 latest              2f287ac753da        About a minute ago   3.98 MB
+alpine              latest              88e169ea8f46        8 days ago           3.98 MB
+busybox             latest              e02e811dd08f        2 months ago         1.09 MB
+</pre></div> <p>The following example removes images with the label <code class="language-plaintext highlighter-rouge">deprecated</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image prune --filter="label=deprecated"
+</pre></div> <p>The following example removes images with the label <code class="language-plaintext highlighter-rouge">maintainer</code> set to <code class="language-plaintext highlighter-rouge">john</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image prune --filter="label=maintainer=john"
+</pre></div> <p>This example removes images which have no <code class="language-plaintext highlighter-rouge">maintainer</code> label:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image prune --filter="label!=maintainer"
+</pre></div> <p>This example removes images which have a maintainer label not set to <code class="language-plaintext highlighter-rouge">john</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image prune --filter="label!=maintainer=john"
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>You are prompted for confirmation before the <code class="language-plaintext highlighter-rouge">prune</code> removes anything, but you are not shown a list of what will potentially be removed. In addition, <code class="language-plaintext highlighter-rouge">docker image ls</code> does not support negative filtering, so it difficult to predict what images will actually be removed.</p> </blockquote> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_prune/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_prune/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_pull%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_pull%2Findex.html
new file mode 100644
index 00000000..ed66a3cd
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_pull%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker image pull</h1>  <p><br></p> <p>Pull an image or a repository from a registry</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image pull [OPTIONS] NAME[:TAG|@DIGEST]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all-tags</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Download all tagged images in the repository</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>Set platform if server is multi-platform capable</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress verbose output</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_pull/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_pull/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_push%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_push%2Findex.html
new file mode 100644
index 00000000..7a0e18ca
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_push%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker image push</h1>  <p><br></p> <p>Push an image or a repository to a registry</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image push [OPTIONS] NAME[:TAG]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all-tags</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Push all tagged images in the repository</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image signing</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress verbose output</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_push/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_push/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_rm%2Findex.html
new file mode 100644
index 00000000..6e96ddc7
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_rm%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker image rm</h1>  <p><br></p> <p>Remove one or more images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image rm [OPTIONS] IMAGE [IMAGE...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force removal of the image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-prune</code></td> <td></td> <td>Do not delete untagged parents</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_save%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_save%2Findex.html
new file mode 100644
index 00000000..06e16c07
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_save%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker image save</h1>  <p><br></p> <p>Save one or more images to a tar archive (streamed to STDOUT by default)</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image save [OPTIONS] IMAGE [IMAGE...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--output</code> , <code class="language-plaintext highlighter-rouge">-o</code>
+</td> <td></td> <td>Write to a file, instead of STDOUT</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="../image_tag/index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_save/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_save/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_tag%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_tag%2Findex.html
new file mode 100644
index 00000000..80efa30d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimage_tag%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker image tag</h1>  <p><br></p> <p>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../image/index">docker image</a></td> <td style="text-align: left">Manage images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../image_build/index">docker image build</a></td> <td>Build an image from a Dockerfile</td> </tr> <tr> <td><a href="../image_history/index">docker image history</a></td> <td>Show the history of an image</td> </tr> <tr> <td><a href="../image_import/index">docker image import</a></td> <td>Import the contents from a tarball to create a filesystem image</td> </tr> <tr> <td><a href="../image_inspect/index">docker image inspect</a></td> <td>Display detailed information on one or more images</td> </tr> <tr> <td><a href="../image_load/index">docker image load</a></td> <td>Load an image from a tar archive or STDIN</td> </tr> <tr> <td><a href="../image_ls/index">docker image ls</a></td> <td>List images</td> </tr> <tr> <td><a href="../image_prune/index">docker image prune</a></td> <td>Remove unused images</td> </tr> <tr> <td><a href="../image_pull/index">docker image pull</a></td> <td>Pull an image or a repository from a registry</td> </tr> <tr> <td><a href="../image_push/index">docker image push</a></td> <td>Push an image or a repository to a registry</td> </tr> <tr> <td><a href="../image_rm/index">docker image rm</a></td> <td>Remove one or more images</td> </tr> <tr> <td><a href="../image_save/index">docker image save</a></td> <td>Save one or more images to a tar archive (streamed to STDOUT by default)</td> </tr> <tr> <td><a href="index">docker image tag</a></td> <td>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/image_tag/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/image_tag/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimages%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimages%2Findex.html
new file mode 100644
index 00000000..018d1bd2
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimages%2Findex.html
@@ -0,0 +1,136 @@
+<h1>docker images</h1>  <p><br></p> <p>List images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker images [OPTIONS] [REPOSITORY[:TAG]]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The default <code class="language-plaintext highlighter-rouge">docker images</code> will show all top level images, their repository and tags, and their size.</p> <p>Docker images have intermediate layers that increase reusability, decrease disk usage, and speed up <code class="language-plaintext highlighter-rouge">docker build</code> by allowing each step to be cached. These intermediate layers are not shown by default.</p> <p>The <code class="language-plaintext highlighter-rouge">SIZE</code> is the cumulative space taken up by the image and all its parent images. This is also the disk space used by the contents of the Tar file created when you <code class="language-plaintext highlighter-rouge">docker save</code> an image.</p> <p>An image will be listed more than once if it has multiple repository names or tags. This single image (identifiable by its matching <code class="language-plaintext highlighter-rouge">IMAGE ID</code>) uses up the <code class="language-plaintext highlighter-rouge">SIZE</code> listed only once.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Show all images (default hides intermediate images)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--digests</code></td> <td></td> <td>Show digests</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print images using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Don't truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only show image IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="list-the-most-recently-created-images">List the most recently created images</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker images
+
+REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
+&lt;none&gt;                    &lt;none&gt;              77af4d6b9913        19 hours ago        1.089 GB
+committ                   latest              b6fa739cedf5        19 hours ago        1.089 GB
+&lt;none&gt;                    &lt;none&gt;              78a85c484f71        19 hours ago        1.089 GB
+docker                    latest              30557a29d5ab        20 hours ago        1.089 GB
+&lt;none&gt;                    &lt;none&gt;              5ed6274db6ce        24 hours ago        1.089 GB
+postgres                  9                   746b819f315e        4 days ago          213.4 MB
+postgres                  9.3                 746b819f315e        4 days ago          213.4 MB
+postgres                  9.3.5               746b819f315e        4 days ago          213.4 MB
+postgres                  latest              746b819f315e        4 days ago          213.4 MB
+</pre></div> <h3 id="list-images-by-name-and-tag">List images by name and tag</h3> <p>The <code class="language-plaintext highlighter-rouge">docker images</code> command takes an optional <code class="language-plaintext highlighter-rouge">[REPOSITORY[:TAG]]</code> argument that restricts the list to images that match the argument. If you specify <code class="language-plaintext highlighter-rouge">REPOSITORY</code>but no <code class="language-plaintext highlighter-rouge">TAG</code>, the <code class="language-plaintext highlighter-rouge">docker images</code> command lists all images in the given repository.</p> <p>For example, to list all images in the “java” repository, run this command :</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images java
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+java                8                   308e519aac60        6 days ago          824.5 MB
+java                7                   493d82594c15        3 months ago        656.3 MB
+java                latest              2711b1d6f3aa        5 months ago        603.9 MB
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">[REPOSITORY[:TAG]]</code> value must be an “exact match”. This means that, for example, <code class="language-plaintext highlighter-rouge">docker images jav</code> does not match the image <code class="language-plaintext highlighter-rouge">java</code>.</p> <p>If both <code class="language-plaintext highlighter-rouge">REPOSITORY</code> and <code class="language-plaintext highlighter-rouge">TAG</code> are provided, only images matching that repository and tag are listed. To find all local images in the “java” repository with tag “8” you can use:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images java:8
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+java                8                   308e519aac60        6 days ago          824.5 MB
+</pre></div> <p>If nothing matches <code class="language-plaintext highlighter-rouge">REPOSITORY[:TAG]</code>, the list is empty.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images java:0
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+</pre></div> <h3 id="list-the-full-length-image-ids">List the full length image IDs</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker images --no-trunc
+
+REPOSITORY                    TAG                 IMAGE ID                                                                  CREATED             SIZE
+&lt;none&gt;                        &lt;none&gt;              sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182   19 hours ago        1.089 GB
+committest                    latest              sha256:b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f   19 hours ago        1.089 GB
+&lt;none&gt;                        &lt;none&gt;              sha256:78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921   19 hours ago        1.089 GB
+docker                        latest              sha256:30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4   20 hours ago        1.089 GB
+&lt;none&gt;                        &lt;none&gt;              sha256:0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5   20 hours ago        1.089 GB
+&lt;none&gt;                        &lt;none&gt;              sha256:18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b   22 hours ago        1.082 GB
+&lt;none&gt;                        &lt;none&gt;              sha256:f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a   23 hours ago        1.089 GB
+tryout                        latest              sha256:2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074   23 hours ago        131.5 MB
+&lt;none&gt;                        &lt;none&gt;              sha256:5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df   24 hours ago        1.089 GB
+</pre></div> <h3 id="list-image-digests">List image digests</h3> <p>Images that use the v2 or later format have a content-addressable identifier called a <code class="language-plaintext highlighter-rouge">digest</code>. As long as the input used to generate the image is unchanged, the digest value is predictable. To list image digest values, use the <code class="language-plaintext highlighter-rouge">--digests</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --digests
+REPOSITORY                         TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
+localhost:5000/test/busybox        &lt;none&gt;              sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   4986bf8c1536        9 weeks ago         2.43 MB
+</pre></div> <p>When pushing or pulling to a 2.0 registry, the <code class="language-plaintext highlighter-rouge">push</code> or <code class="language-plaintext highlighter-rouge">pull</code> command output includes the image digest. You can <code class="language-plaintext highlighter-rouge">pull</code> using a digest value. You can also reference by digest in <code class="language-plaintext highlighter-rouge">create</code>, <code class="language-plaintext highlighter-rouge">run</code>, and <code class="language-plaintext highlighter-rouge">rmi</code> commands, as well as the <code class="language-plaintext highlighter-rouge">FROM</code> image reference in a Dockerfile.</p> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li>dangling (boolean - true or false)</li> <li>label (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>)</li> <li>before (<code class="language-plaintext highlighter-rouge">&lt;image-name&gt;[:&lt;tag&gt;]</code>, <code class="language-plaintext highlighter-rouge">&lt;image id&gt;</code> or <code class="language-plaintext highlighter-rouge">&lt;image@digest&gt;</code>) - filter images created before given id or references</li> <li>since (<code class="language-plaintext highlighter-rouge">&lt;image-name&gt;[:&lt;tag&gt;]</code>, <code class="language-plaintext highlighter-rouge">&lt;image id&gt;</code> or <code class="language-plaintext highlighter-rouge">&lt;image@digest&gt;</code>) - filter images created since given id or references</li> <li>reference (pattern of an image reference) - filter images whose reference matches the specified pattern</li> </ul> <h4 id="show-untagged-images-dangling">Show untagged images (dangling)</h4> <div class="highlight"><pre class="highlight" data-language="">$ docker images --filter "dangling=true"
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+&lt;none&gt;              &lt;none&gt;              8abc22fbb042        4 weeks ago         0 B
+&lt;none&gt;              &lt;none&gt;              48e5f45168b9        4 weeks ago         2.489 MB
+&lt;none&gt;              &lt;none&gt;              bf747efa0e2f        4 weeks ago         0 B
+&lt;none&gt;              &lt;none&gt;              980fe10e5736        12 weeks ago        101.4 MB
+&lt;none&gt;              &lt;none&gt;              dea752e4e117        12 weeks ago        101.4 MB
+&lt;none&gt;              &lt;none&gt;              511136ea3c5a        8 months ago        0 B
+</pre></div> <p>This will display untagged images that are the leaves of the images tree (not intermediary layers). These images occur when a new build of an image takes the <code class="language-plaintext highlighter-rouge">repo:tag</code> away from the image ID, leaving it as <code class="language-plaintext highlighter-rouge">&lt;none&gt;:&lt;none&gt;</code> or untagged. A warning will be issued if trying to remove an image when a container is presently using it. By having this flag it allows for batch cleanup.</p> <p>You can use this in conjunction with <code class="language-plaintext highlighter-rouge">docker rmi ...</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker rmi $(docker images -f "dangling=true" -q)
+
+8abc22fbb042
+48e5f45168b9
+bf747efa0e2f
+980fe10e5736
+dea752e4e117
+511136ea3c5a
+</pre></div> <p>Docker warns you if any containers exist that are using these untagged images.</p> <h4 id="show-images-with-a-given-label">Show images with a given label</h4> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter matches images based on the presence of a <code class="language-plaintext highlighter-rouge">label</code> alone or a <code class="language-plaintext highlighter-rouge">label</code> and a value.</p> <p>The following filter matches images with the <code class="language-plaintext highlighter-rouge">com.example.version</code> label regardless of its value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --filter "label=com.example.version"
+
+REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+match-me-1          latest              eeae25ada2aa        About a minute ago   188.3 MB
+match-me-2          latest              dea752e4e117        About a minute ago   188.3 MB
+</pre></div> <p>The following filter matches images with the <code class="language-plaintext highlighter-rouge">com.example.version</code> label with the <code class="language-plaintext highlighter-rouge">1.0</code> value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --filter "label=com.example.version=1.0"
+
+REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+match-me            latest              511136ea3c5a        About a minute ago   188.3 MB
+</pre></div> <p>In this example, with the <code class="language-plaintext highlighter-rouge">0.1</code> value, it returns an empty set because no matches were found.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --filter "label=com.example.version=0.1"
+REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+</pre></div> <h4 id="filter-images-by-time">Filter images by time</h4> <p>The <code class="language-plaintext highlighter-rouge">before</code> filter shows only images created before the image with given id or reference. For example, having these images:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images
+
+REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+image1              latest              eeae25ada2aa        4 minutes ago        188.3 MB
+image2              latest              dea752e4e117        9 minutes ago        188.3 MB
+image3              latest              511136ea3c5a        25 minutes ago       188.3 MB
+</pre></div> <p>Filtering with <code class="language-plaintext highlighter-rouge">before</code> would give:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --filter "before=image1"
+
+REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+image2              latest              dea752e4e117        9 minutes ago        188.3 MB
+image3              latest              511136ea3c5a        25 minutes ago       188.3 MB
+</pre></div> <p>Filtering with <code class="language-plaintext highlighter-rouge">since</code> would give:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --filter "since=image3"
+REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
+image1              latest              eeae25ada2aa        4 minutes ago        188.3 MB
+image2              latest              dea752e4e117        9 minutes ago        188.3 MB
+</pre></div> <h4 id="filter-images-by-reference">Filter images by reference</h4> <p>The <code class="language-plaintext highlighter-rouge">reference</code> filter shows only images whose reference matches the specified pattern.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+busybox             latest              e02e811dd08f        5 weeks ago         1.09 MB
+busybox             uclibc              e02e811dd08f        5 weeks ago         1.09 MB
+busybox             musl                733eb3059dce        5 weeks ago         1.21 MB
+busybox             glibc               21c16b6787c6        5 weeks ago         4.19 MB
+</pre></div> <p>Filtering with <code class="language-plaintext highlighter-rouge">reference</code> would give:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --filter=reference='busy*:*libc'
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+busybox             uclibc              e02e811dd08f        5 weeks ago         1.09 MB
+busybox             glibc               21c16b6787c6        5 weeks ago         4.19 MB
+</pre></div> <p>Filtering with multiple <code class="language-plaintext highlighter-rouge">reference</code> would give, either match A or B:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --filter=reference='busy*:uclibc' --filter=reference='busy*:glibc'
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+busybox             uclibc              e02e811dd08f        5 weeks ago         1.09 MB
+busybox             glibc               21c16b6787c6        5 weeks ago         4.19 MB
+</pre></div> <h3 id="format-the-output">Format the output</h3> <p>The formatting option (<code class="language-plaintext highlighter-rouge">--format</code>) will pretty print container output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Image ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Repository</code></td> <td>Image repository</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Tag</code></td> <td>Image tag</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Digest</code></td> <td>Image digest</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CreatedSince</code></td> <td>Elapsed time since the image was created</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CreatedAt</code></td> <td>Time when the image was created</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Size</code></td> <td>Image disk size</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">image</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, will include column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code> and <code class="language-plaintext highlighter-rouge">Repository</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all images:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --format "{{.ID}}: {{.Repository}}"
+
+77af4d6b9913: &lt;none&gt;
+b6fa739cedf5: committ
+78a85c484f71: &lt;none&gt;
+30557a29d5ab: docker
+5ed6274db6ce: &lt;none&gt;
+746b819f315e: postgres
+746b819f315e: postgres
+746b819f315e: postgres
+746b819f315e: postgres
+</pre></div> <p>To list all images with their repository and tag in a table format you can use:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"
+
+IMAGE ID            REPOSITORY                TAG
+77af4d6b9913        &lt;none&gt;                    &lt;none&gt;
+b6fa739cedf5        committ                   latest
+78a85c484f71        &lt;none&gt;                    &lt;none&gt;
+30557a29d5ab        docker                    latest
+5ed6274db6ce        &lt;none&gt;                    &lt;none&gt;
+746b819f315e        postgres                  9
+746b819f315e        postgres                  9.3
+746b819f315e        postgres                  9.3.5
+746b819f315e        postgres                  latest
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/images/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/images/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fimport%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimport%2Findex.html
new file mode 100644
index 00000000..477eb5c3
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fimport%2Findex.html
@@ -0,0 +1,17 @@
+<h1>docker import</h1>  <p><br></p> <p>Import the contents from a tarball to create a filesystem image</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">You can specify a <code class="language-plaintext highlighter-rouge">URL</code> or <code class="language-plaintext highlighter-rouge">-</code> (dash) to take data directly from <code class="language-plaintext highlighter-rouge">STDIN</code>. The <code class="language-plaintext highlighter-rouge">URL</code> can point to an archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a filesystem or to an individual file on the Docker host. If you specify an archive, Docker untars it in the container relative to the <code class="language-plaintext highlighter-rouge">/</code> (root). If you specify an individual file, you must specify the full path within the host. To import from a remote location, specify a <code class="language-plaintext highlighter-rouge">URI</code> that begins with the <code class="language-plaintext highlighter-rouge">http://</code> or <code class="language-plaintext highlighter-rouge">https://</code> protocol.</p> <p>The <code class="language-plaintext highlighter-rouge">--change</code> option applies <code class="language-plaintext highlighter-rouge">Dockerfile</code> instructions to the image that is created. Supported <code class="language-plaintext highlighter-rouge">Dockerfile</code> instructions: <code class="language-plaintext highlighter-rouge">CMD</code>|<code class="language-plaintext highlighter-rouge">ENTRYPOINT</code>|<code class="language-plaintext highlighter-rouge">ENV</code>|<code class="language-plaintext highlighter-rouge">EXPOSE</code>|<code class="language-plaintext highlighter-rouge">ONBUILD</code>|<code class="language-plaintext highlighter-rouge">USER</code>|<code class="language-plaintext highlighter-rouge">VOLUME</code>|<code class="language-plaintext highlighter-rouge">WORKDIR</code></p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--change</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>Apply Dockerfile instruction to the created image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--message</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Set commit message for imported image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>Set platform if server is multi-platform capable</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="import-from-a-remote-location">Import from a remote location</h3> <p>This creates a new untagged image.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker import https://example.com/exampleimage.tgz
+</pre></div> <h3 id="import-from-a-local-file">Import from a local file</h3> <p>Import to docker via pipe and <code class="language-plaintext highlighter-rouge">STDIN</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ cat exampleimage.tgz | docker import - exampleimagelocal:new
+</pre></div> <p>Import with a commit message.</p> <div class="highlight"><pre class="highlight" data-language="">$ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new
+</pre></div> <p>Import to docker from a local archive.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker import /path/to/exampleimage.tgz
+</pre></div> <h3 id="import-from-a-local-directory">Import from a local directory</h3> <div class="highlight"><pre class="highlight" data-language="">$ sudo tar -c . | docker import - exampleimagedir
+</pre></div> <h3 id="import-from-a-local-directory-with-new-configurations">Import from a local directory with new configurations</h3> <div class="highlight"><pre class="highlight" data-language="">$ sudo tar -c . | docker import --change "ENV DEBUG=true" - exampleimagedir
+</pre></div> <p>Note the <code class="language-plaintext highlighter-rouge">sudo</code> in this example – you must preserve the ownership of the files (especially root ownership) during the archiving with tar. If you are not root (or the sudo command) when you tar, then the ownerships might not get preserved.</p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/import/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/import/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Finfo%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Finfo%2Findex.html
new file mode 100644
index 00000000..684cda55
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Finfo%2Findex.html
@@ -0,0 +1,186 @@
+<h1>docker info</h1>  <p><br></p> <p>Display system-wide information</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker info [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">This command displays system wide information regarding the Docker installation. Information displayed includes the kernel version, number of containers and images. The number of images shown is the number of unique images. The same image tagged under different names is counted only once.</p> <p>If a format is specified, the given template will be executed instead of the default format. Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package describes all the details of the format.</p> <p>Depending on the storage driver in use, additional information can be shown, such as pool name, data file, metadata file, data space used, total data space, metadata space used, and total metadata space.</p> <p>The data file is where the images are stored and the metadata file is where the meta data regarding those images are stored. When run for the first time Docker allocates a certain amount of data space and meta data space from the space available on the volume where <code class="language-plaintext highlighter-rouge">/var/lib/docker</code> is mounted.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="show-output">Show output</h3> <p>The example below shows the output for a daemon running on Red Hat Enterprise Linux, using the <code class="language-plaintext highlighter-rouge">devicemapper</code> storage driver. As can be seen in the output, additional information about the <code class="language-plaintext highlighter-rouge">devicemapper</code> storage driver is shown:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker info
+
+Client:
+ Context:    default
+ Debug Mode: false
+
+Server:
+ Containers: 14
+  Running: 3
+  Paused: 1
+  Stopped: 10
+ Images: 52
+ Server Version: 1.10.3
+ Storage Driver: devicemapper
+  Pool Name: docker-202:2-25583803-pool
+  Pool Blocksize: 65.54 kB
+  Base Device Size: 10.74 GB
+  Backing Filesystem: xfs
+  Data file: /dev/loop0
+  Metadata file: /dev/loop1
+  Data Space Used: 1.68 GB
+  Data Space Total: 107.4 GB
+  Data Space Available: 7.548 GB
+  Metadata Space Used: 2.322 MB
+  Metadata Space Total: 2.147 GB
+  Metadata Space Available: 2.145 GB
+  Udev Sync Supported: true
+  Deferred Removal Enabled: false
+  Deferred Deletion Enabled: false
+  Deferred Deleted Device Count: 0
+  Data loop file: /var/lib/docker/devicemapper/devicemapper/data
+  Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
+  Library Version: 1.02.107-RHEL7 (2015-12-01)
+ Execution Driver: native-0.2
+ Logging Driver: json-file
+ Plugins:
+  Volume: local
+  Network: null host bridge
+ Kernel Version: 3.10.0-327.el7.x86_64
+ Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo)
+ OSType: linux
+ Architecture: x86_64
+ CPUs: 1
+ Total Memory: 991.7 MiB
+ Name: ip-172-30-0-91.ec2.internal
+ ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S
+ Docker Root Dir: /var/lib/docker
+ Debug Mode: false
+ Username: gordontheturtle
+ Registry: https://index.docker.io/v1/
+ Insecure registries:
+  myinsecurehost:5000
+  127.0.0.0/8
+</pre></div> <h3 id="show-debugging-output">Show debugging output</h3> <p>Here is a sample output for a daemon running on Ubuntu, using the overlay2 storage driver and a node that is part of a 2-node swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker --debug info
+
+Client:
+ Context:    default
+ Debug Mode: true
+
+Server:
+ Containers: 14
+  Running: 3
+  Paused: 1
+  Stopped: 10
+ Images: 52
+ Server Version: 1.13.0
+ Storage Driver: overlay2
+  Backing Filesystem: extfs
+  Supports d_type: true
+  Native Overlay Diff: false
+ Logging Driver: json-file
+ Cgroup Driver: cgroupfs
+ Plugins:
+  Volume: local
+  Network: bridge host macvlan null overlay
+ Swarm: active
+  NodeID: rdjq45w1op418waxlairloqbm
+  Is Manager: true
+  ClusterID: te8kdyw33n36fqiz74bfjeixd
+  Managers: 1
+  Nodes: 2
+  Orchestration:
+   Task History Retention Limit: 5
+  Raft:
+   Snapshot Interval: 10000
+   Number of Old Snapshots to Retain: 0
+   Heartbeat Tick: 1
+   Election Tick: 3
+  Dispatcher:
+   Heartbeat Period: 5 seconds
+  CA Configuration:
+   Expiry Duration: 3 months
+  Root Rotation In Progress: false
+  Node Address: 172.16.66.128 172.16.66.129
+  Manager Addresses:
+   172.16.66.128:2477
+ Runtimes: runc
+ Default Runtime: runc
+ Init Binary: docker-init
+ containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531
+ runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2
+ init version: N/A (expected: v0.13.0)
+ Security Options:
+  apparmor
+  seccomp
+   Profile: default
+ Kernel Version: 4.4.0-31-generic
+ Operating System: Ubuntu 16.04.1 LTS
+ OSType: linux
+ Architecture: x86_64
+ CPUs: 2
+ Total Memory: 1.937 GiB
+ Name: ubuntu
+ ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326
+ Docker Root Dir: /var/lib/docker
+ Debug Mode: true
+  File Descriptors: 30
+  Goroutines: 123
+  System Time: 2016-11-12T17:24:37.955404361-08:00
+  EventsListeners: 0
+ Http Proxy: http://test:test@proxy.example.com:8080
+ Https Proxy: https://test:test@proxy.example.com:8080
+ No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com
+ Registry: https://index.docker.io/v1/
+ WARNING: No swap limit support
+ Labels:
+  storage=ssd
+  staging=true
+ Experimental: false
+ Insecure Registries:
+  127.0.0.0/8
+ Registry Mirrors:
+   http://192.168.1.2/
+   http://registry-mirror.example.com:5000/
+ Live Restore Enabled: false
+</pre></div> <p>The global <code class="language-plaintext highlighter-rouge">-D</code> option causes all <code class="language-plaintext highlighter-rouge">docker</code> commands to output debug information.</p> <h3 id="format-the-output">Format the output</h3> <p>You can also specify the output format:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker info --format '{{json .}}'
+
+{"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...}
+</pre></div> <h3 id="run-docker-info-on-windows">Run <code class="language-plaintext highlighter-rouge">docker info</code> on Windows</h3> <p>Here is a sample output for a daemon running on Windows Server 2016:</p> <div class="highlight"><pre class="highlight" data-language="">E:\docker&gt;docker info
+Client:
+ Context:    default
+ Debug Mode: false
+
+Server:
+ Containers: 1
+  Running: 0
+  Paused: 0
+  Stopped: 1
+ Images: 17
+ Server Version: 1.13.0
+ Storage Driver: windowsfilter
+  Windows:
+ Logging Driver: json-file
+ Plugins:
+  Volume: local
+  Network: nat null overlay
+ Swarm: inactive
+ Default Isolation: process
+ Kernel Version: 10.0 14393 (14393.206.amd64fre.rs1_release.160912-1937)
+ Operating System: Windows Server 2016 Datacenter
+ OSType: windows
+ Architecture: x86_64
+ CPUs: 8
+ Total Memory: 3.999 GiB
+ Name: WIN-V0V70C0LU5P
+ ID: NYMS:B5VK:UMSL:FVDZ:EWB5:FKVK:LPFL:FJMQ:H6FT:BZJ6:L2TD:XH62
+ Docker Root Dir: C:\control
+ Debug Mode: false
+ Registry: https://index.docker.io/v1/
+ Insecure Registries:
+  127.0.0.0/8
+ Registry Mirrors:
+   http://192.168.1.2/
+   http://registry-mirror.example.com:5000/
+ Live Restore Enabled: false
+</pre></div> <h2 id="warnings-about-kernel-support">Warnings about kernel support</h2> <p>If your operating system does not enable certain capabilities, you may see warnings such as one of the following, when you run <code class="language-plaintext highlighter-rouge">docker info</code>:</p> <pre data-language="">WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.
+</pre> <pre data-language="">WARNING: No swap limit support
+</pre> <p>You can ignore these warnings unless you actually need the ability to <a href="https://docs.docker.com/config/containers/resource_constraints/">limit these resources</a>, in which case you should consult your operating system’s documentation for enabling them. <a href="../../../install/linux-postinstall/index#your-kernel-does-not-support-cgroup-swap-limit-capabilities">Learn more</a>.</p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/info/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/info/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Finspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Finspect%2Findex.html
new file mode 100644
index 00000000..c999cd8d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Finspect%2Findex.html
@@ -0,0 +1,18 @@
+<h1>docker inspect</h1>  <p><br></p> <p>Return low-level information on Docker objects</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect [OPTIONS] NAME|ID [NAME|ID...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Docker inspect provides detailed information on constructs controlled by Docker.</p> <p>By default, <code class="language-plaintext highlighter-rouge">docker inspect</code> will render results in a JSON array.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--size</code> , <code class="language-plaintext highlighter-rouge">-s</code>
+</td> <td></td> <td>Display total file sizes if the type is container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--type</code></td> <td></td> <td>Return JSON for specified type</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="get-an-instances-ip-address">Get an instance’s IP address</h3> <p>For the most part, you can pick out any field from the JSON in a fairly straightforward manner.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID
+</pre></div> <h3 id="get-an-instances-mac-address">Get an instance’s MAC address</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID
+</pre></div> <h3 id="get-an-instances-log-path">Get an instance’s log path</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect --format='{{.LogPath}}' $INSTANCE_ID
+</pre></div> <h3 id="get-an-instances-image-name">Get an instance’s image name</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect --format='{{.Config.Image}}' $INSTANCE_ID
+</pre></div> <h3 id="list-all-port-bindings">List all port bindings</h3> <p>You can loop over arrays and maps in the results to produce simple text output:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -&gt; {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
+</pre></div> <h3 id="find-a-specific-port-mapping">Find a specific port mapping</h3> <p>The <code class="language-plaintext highlighter-rouge">.Field</code> syntax doesn’t work when the field name begins with a number, but the template language’s <code class="language-plaintext highlighter-rouge">index</code> function does. The <code class="language-plaintext highlighter-rouge">.NetworkSettings.Ports</code> section contains a map of the internal port mappings to a list of external address/port objects. To grab just the numeric public port, you use <code class="language-plaintext highlighter-rouge">index</code> to find the specific port map, and then <code class="language-plaintext highlighter-rouge">index</code> 0 contains the first object inside of that. Then we ask for the <code class="language-plaintext highlighter-rouge">HostPort</code> field to get the public address.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
+</pre></div> <h3 id="get-a-subsection-in-json-format">Get a subsection in JSON format</h3> <p>If you request a field which is itself a structure containing other fields, by default you get a Go-style dump of the inner values. Docker adds a template function, <code class="language-plaintext highlighter-rouge">json</code>, which can be applied to get results in JSON format.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect --format='{{json .Config}}' $INSTANCE_ID
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fkill%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fkill%2Findex.html
new file mode 100644
index 00000000..4d96197d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fkill%2Findex.html
@@ -0,0 +1,14 @@
+<h1>docker kill</h1>  <p><br></p> <p>Kill one or more running containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker kill [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker kill</code> subcommand kills one or more containers. The main process inside the container is sent <code class="language-plaintext highlighter-rouge">SIGKILL</code> signal (default), or the signal that is specified with the <code class="language-plaintext highlighter-rouge">--signal</code> option. You can reference a container by its ID, ID-prefix, or name.</p> <p>The <code class="language-plaintext highlighter-rouge">--signal</code> (or <code class="language-plaintext highlighter-rouge">-s</code> shorthand) flag sets the system call signal that is sent to the container. This signal can be a signal name in the format <code class="language-plaintext highlighter-rouge">SIG&lt;NAME&gt;</code>, for instance <code class="language-plaintext highlighter-rouge">SIGINT</code>, or an unsigned number that matches a position in the kernel’s syscall table, for instance <code class="language-plaintext highlighter-rouge">2</code>.</p> <p>While the default (<code class="language-plaintext highlighter-rouge">SIGKILL</code>) signal will terminate the container, the signal set through <code class="language-plaintext highlighter-rouge">--signal</code> may be non-terminal, depending on the container’s main process. For example, the <code class="language-plaintext highlighter-rouge">SIGHUP</code> signal in most cases will be non-terminal, and the container will continue running after receiving the signal.</p> <blockquote> <p><strong>Note</strong></p> <p><code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> and <code class="language-plaintext highlighter-rouge">CMD</code> in the <em>shell</em> form run as a child process of <code class="language-plaintext highlighter-rouge">/bin/sh -c</code>, which does not pass signals. This means that the executable is not the container’s PID 1 and does not receive Unix signals.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--signal</code> , <code class="language-plaintext highlighter-rouge">-s</code>
+</td> <td><code class="language-plaintext highlighter-rouge">KILL</code></td> <td>Signal to send to the container</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="send-a-kill-signal-to-a-container">Send a KILL signal to a container</h3> <p>The following example sends the default <code class="language-plaintext highlighter-rouge">SIGKILL</code> signal to the container named <code class="language-plaintext highlighter-rouge">my_container</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker kill my_container
+</pre></div> <h3 id="send-a-custom-signal-to-a-container">Send a custom signal to a container</h3> <p>The following example sends a <code class="language-plaintext highlighter-rouge">SIGHUP</code> signal to the container named <code class="language-plaintext highlighter-rouge">my_container</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker kill --signal=SIGHUP  my_container
+</pre></div> <p>You can specify a custom signal either by <em>name</em>, or <em>number</em>. The <code class="language-plaintext highlighter-rouge">SIG</code> prefix is optional, so the following examples are equivalent:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker kill --signal=SIGHUP my_container
+$ docker kill --signal=HUP my_container
+$ docker kill --signal=1 my_container
+</pre></div> <p>Refer to the <a href="https://man7.org/linux/man-pages/man7/signal.7.html"><code class="language-plaintext highlighter-rouge">signal(7)</code></a> man-page for a list of standard Linux signals.</p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/kill/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/kill/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fload%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fload%2Findex.html
new file mode 100644
index 00000000..ab5d832b
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fload%2Findex.html
@@ -0,0 +1,36 @@
+<h1>docker load</h1>  <p><br></p> <p>Load an image from a tar archive or STDIN</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker load [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Load an image or repository from a tar archive (even if compressed with gzip, bzip2, or xz) from a file or STDIN. It restores both images and tags.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--input</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Read from tar archive file, instead of STDIN</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress the load output</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker image ls
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+
+$ docker load &lt; busybox.tar.gz
+
+Loaded image: busybox:latest
+$ docker images
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+busybox             latest              769b9341d937        7 weeks ago         2.489 MB
+
+$ docker load --input fedora.tar
+
+Loaded image: fedora:rawhide
+
+Loaded image: fedora:20
+
+$ docker images
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+busybox             latest              769b9341d937        7 weeks ago         2.489 MB
+fedora              rawhide             0d20aec6529d        7 weeks ago         387 MB
+fedora              20                  58394af37342        7 weeks ago         385.5 MB
+fedora              heisenbug           58394af37342        7 weeks ago         385.5 MB
+fedora              latest              58394af37342        7 weeks ago         385.5 MB
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/load/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/load/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Flogin%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Flogin%2Findex.html
new file mode 100644
index 00000000..047c0030
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Flogin%2Findex.html
@@ -0,0 +1,33 @@
+<h1>docker login</h1>  <p><br></p> <p>Log in to a Docker registry</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker login [OPTIONS] [SERVER]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Login to a registry.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--password</code> , <code class="language-plaintext highlighter-rouge">-p</code>
+</td> <td></td> <td>Password</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--password-stdin</code></td> <td></td> <td>Take the password from stdin</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--username</code> , <code class="language-plaintext highlighter-rouge">-u</code>
+</td> <td></td> <td>Username</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="login-to-a-self-hosted-registry">Login to a self-hosted registry</h3> <p>If you want to login to a self-hosted registry you can specify this by adding the server name.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker login localhost:8080
+</pre></div> <h3 id="provide-a-password-using-stdin">Provide a password using STDIN</h3> <p>To run the <code class="language-plaintext highlighter-rouge">docker login</code> command non-interactively, you can set the <code class="language-plaintext highlighter-rouge">--password-stdin</code> flag to provide a password through <code class="language-plaintext highlighter-rouge">STDIN</code>. Using <code class="language-plaintext highlighter-rouge">STDIN</code> prevents the password from ending up in the shell’s history, or log-files.</p> <p>The following example reads a password from a file, and passes it to the <code class="language-plaintext highlighter-rouge">docker login</code> command using <code class="language-plaintext highlighter-rouge">STDIN</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ cat ~/my_password.txt | docker login --username foo --password-stdin
+</pre></div> <h3 id="privileged-user-requirement">Privileged user requirement</h3> <p><code class="language-plaintext highlighter-rouge">docker login</code> requires user to use <code class="language-plaintext highlighter-rouge">sudo</code> or be <code class="language-plaintext highlighter-rouge">root</code>, except when:</p> <ol> <li>connecting to a remote daemon, such as a <code class="language-plaintext highlighter-rouge">docker-machine</code> provisioned <code class="language-plaintext highlighter-rouge">docker engine</code>.</li> <li>user is added to the <code class="language-plaintext highlighter-rouge">docker</code> group. This will impact the security of your system; the <code class="language-plaintext highlighter-rouge">docker</code> group is <code class="language-plaintext highlighter-rouge">root</code> equivalent. See <a href="../../../security/index#docker-daemon-attack-surface">Docker Daemon Attack Surface</a> for details.</li> </ol> <p>You can log into any public or private repository for which you have credentials. When you log in, the command stores credentials in <code class="language-plaintext highlighter-rouge">$HOME/.docker/config.json</code> on Linux or <code class="language-plaintext highlighter-rouge">%USERPROFILE%/.docker/config.json</code> on Windows, via the procedure described below.</p> <h3 id="credentials-store">Credentials store</h3> <p>The Docker Engine can keep user credentials in an external credentials store, such as the native keychain of the operating system. Using an external store is more secure than storing credentials in the Docker configuration file.</p> <p>To use a credentials store, you need an external helper program to interact with a specific keychain or external store. Docker requires the helper program to be in the client’s host <code class="language-plaintext highlighter-rouge">$PATH</code>.</p> <p>This is the list of currently available credentials helpers and where you can download them from:</p> <ul> <li>D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases</li> <li>Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases</li> <li>Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases</li> <li>
+<a href="https://www.passwordstore.org/">pass</a>: https://github.com/docker/docker-credential-helpers/releases</li> </ul> <h4 id="configure-the-credentials-store">Configure the credentials store</h4> <p>You need to specify the credentials store in <code class="language-plaintext highlighter-rouge">$HOME/.docker/config.json</code> to tell the docker engine to use it. The value of the config property should be the suffix of the program to use (i.e. everything after <code class="language-plaintext highlighter-rouge">docker-credential-</code>). For example, to use <code class="language-plaintext highlighter-rouge">docker-credential-osxkeychain</code>:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "credsStore": "osxkeychain"
+}
+</pre></div> <p>If you are currently logged in, run <code class="language-plaintext highlighter-rouge">docker logout</code> to remove the credentials from the file and run <code class="language-plaintext highlighter-rouge">docker login</code> again.</p> <h4 id="default-behavior">Default behavior</h4> <p>By default, Docker looks for the native binary on each of the platforms, i.e. “osxkeychain” on macOS, “wincred” on windows, and “pass” on Linux. A special case is that on Linux, Docker will fall back to the “secretservice” binary if it cannot find the “pass” binary. If none of these binaries are present, it stores the credentials (i.e. password) in base64 encoding in the config files described above.</p> <h4 id="credential-helper-protocol">Credential helper protocol</h4> <p>Credential helpers can be any program or script that follows a very simple protocol. This protocol is heavily inspired by Git, but it differs in the information shared.</p> <p>The helpers always use the first argument in the command to identify the action. There are only three possible values for that argument: <code class="language-plaintext highlighter-rouge">store</code>, <code class="language-plaintext highlighter-rouge">get</code>, and <code class="language-plaintext highlighter-rouge">erase</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">store</code> command takes a JSON payload from the standard input. That payload carries the server address, to identify the credential, the user name, and either a password or an identity token.</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "ServerURL": "https://index.docker.io/v1",
+  "Username": "david",
+  "Secret": "passw0rd1"
+}
+</pre></div> <p>If the secret being stored is an identity token, the Username should be set to <code class="language-plaintext highlighter-rouge">&lt;token&gt;</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">store</code> command can write error messages to <code class="language-plaintext highlighter-rouge">STDOUT</code> that the docker engine will show if there was an issue.</p> <p>The <code class="language-plaintext highlighter-rouge">get</code> command takes a string payload from the standard input. That payload carries the server address that the docker engine needs credentials for. This is an example of that payload: <code class="language-plaintext highlighter-rouge">https://index.docker.io/v1</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">get</code> command writes a JSON payload to <code class="language-plaintext highlighter-rouge">STDOUT</code>. Docker reads the user name and password from this payload:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "Username": "david",
+  "Secret": "passw0rd1"
+}
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">erase</code> command takes a string payload from <code class="language-plaintext highlighter-rouge">STDIN</code>. That payload carries the server address that the docker engine wants to remove credentials for. This is an example of that payload: <code class="language-plaintext highlighter-rouge">https://index.docker.io/v1</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">erase</code> command can write error messages to <code class="language-plaintext highlighter-rouge">STDOUT</code> that the docker engine will show if there was an issue.</p> <h3 id="credential-helpers">Credential helpers</h3> <p>Credential helpers are similar to the credential store above, but act as the designated programs to handle credentials for <em>specific registries</em>. The default credential store (<code class="language-plaintext highlighter-rouge">credsStore</code> or the config file itself) will not be used for operations concerning credentials of the specified registries.</p> <h4 id="configure-credential-helpers">Configure credential helpers</h4> <p>If you are currently logged in, run <code class="language-plaintext highlighter-rouge">docker logout</code> to remove the credentials from the default store.</p> <p>Credential helpers are specified in a similar way to <code class="language-plaintext highlighter-rouge">credsStore</code>, but allow for multiple helpers to be configured at a time. Keys specify the registry domain, and values specify the suffix of the program to use (i.e. everything after <code class="language-plaintext highlighter-rouge">docker-credential-</code>). For example:</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "credHelpers": {
+    "registry.example.com": "registryhelper",
+    "awesomereg.example.org": "hip-star",
+    "unicorn.example.io": "vcbait"
+  }
+}
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/login/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/login/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Flogout%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Flogout%2Findex.html
new file mode 100644
index 00000000..225c2784
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Flogout%2Findex.html
@@ -0,0 +1,8 @@
+<h1>docker logout</h1>  <p><br></p> <p>Log out from a Docker registry</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker logout [SERVER]
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker logout localhost:8080
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/logout/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/logout/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Flogs%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Flogs%2Findex.html
new file mode 100644
index 00000000..0600b331
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Flogs%2Findex.html
@@ -0,0 +1,20 @@
+<h1>docker logs</h1>  <p><br></p> <p>Fetch the logs of a container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker logs [OPTIONS] CONTAINER
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker logs</code> command batch-retrieves logs present at the time of execution.</p> <blockquote> <p><strong>Note</strong></p> <p>This command is only functional for containers that are started with the <code class="language-plaintext highlighter-rouge">json-file</code> or <code class="language-plaintext highlighter-rouge">journald</code> logging driver.</p> </blockquote> <p>For more information about selecting and configuring logging drivers, refer to <a href="https://docs.docker.com/config/containers/logging/configure/">Configure logging drivers</a>.</p> <p>The <code class="language-plaintext highlighter-rouge">docker logs --follow</code> command will continue streaming the new output from the container’s <code class="language-plaintext highlighter-rouge">STDOUT</code> and <code class="language-plaintext highlighter-rouge">STDERR</code>.</p> <p>Passing a negative number or a non-integer to <code class="language-plaintext highlighter-rouge">--tail</code> is invalid and the value is set to <code class="language-plaintext highlighter-rouge">all</code> in that case.</p> <p>The <code class="language-plaintext highlighter-rouge">docker logs --timestamps</code> command will add an <a href="https://golang.org/pkg/time/#pkg-constants">RFC3339Nano timestamp</a> , for example <code class="language-plaintext highlighter-rouge">2014-09-16T06:17:46.000000000Z</code>, to each log entry. To ensure that the timestamps are aligned the nano-second part of the timestamp will be padded with zero when necessary.</p> <p>The <code class="language-plaintext highlighter-rouge">docker logs --details</code> command will add on extra attributes, such as environment variables and labels, provided to <code class="language-plaintext highlighter-rouge">--log-opt</code> when creating the container.</p> <p>The <code class="language-plaintext highlighter-rouge">--since</code> option shows only the container logs generated after a given date. You can specify the date as an RFC 3339 date, a UNIX timestamp, or a Go duration string (e.g. <code class="language-plaintext highlighter-rouge">1m30s</code>, <code class="language-plaintext highlighter-rouge">3h</code>). Besides RFC3339 date format you may also use RFC3339Nano, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05</code>, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05.999999999</code>, <code class="language-plaintext highlighter-rouge">2006-01-02Z07:00</code>, and <code class="language-plaintext highlighter-rouge">2006-01-02</code>. The local timezone on the client will be used if you do not provide either a <code class="language-plaintext highlighter-rouge">Z</code> or a <code class="language-plaintext highlighter-rouge">+-00:00</code> timezone offset at the end of the timestamp. When providing Unix timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. You can combine the <code class="language-plaintext highlighter-rouge">--since</code> option with either or both of the <code class="language-plaintext highlighter-rouge">--follow</code> or <code class="language-plaintext highlighter-rouge">--tail</code> options.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--details</code></td> <td></td> <td>Show extra details provided to logs</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--follow</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Follow log output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--since</code></td> <td></td> <td>Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tail</code> , <code class="language-plaintext highlighter-rouge">-n</code>
+</td> <td><code class="language-plaintext highlighter-rouge">all</code></td> <td>Number of lines to show from the end of the logs</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--timestamps</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Show timestamps</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--until</code></td> <td></td> <td>Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="retrieve-logs-until-a-specific-point-in-time">Retrieve logs until a specific point in time</h3> <p>In order to retrieve logs before a specific point in time, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --name test -d busybox sh -c "while true; do $(echo date); sleep 1; done"
+$ date
+Tue 14 Nov 2017 16:40:00 CET
+$ docker logs -f --until=2s test
+Tue 14 Nov 2017 16:40:00 CET
+Tue 14 Nov 2017 16:40:01 CET
+Tue 14 Nov 2017 16:40:02 CET
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/logs/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/logs/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest%2Findex.html
new file mode 100644
index 00000000..5ba7db4a
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest%2Findex.html
@@ -0,0 +1,154 @@
+<h1>docker manifest</h1>  <p><br></p> <p>Manage Docker image manifests and manifest lists</p> <blockquote class="important"> <p>This command is experimental.</p> <p><a href="../cli/index#experimental-features">Experimental features</a> are intended for testing and feedback as their functionality or UX may change between releases without warning or can be removed entirely in a future release.</p> </blockquote> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest COMMAND COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker manifest</code> command by itself performs no action. In order to operate on a manifest or manifest list, one of the subcommands must be used.</p> <p>A single manifest is information about an image, such as layers, size, and digest. The docker manifest command also gives users additional information such as the os and architecture an image was built for.</p> <p>A manifest list is a list of image layers that is created by specifying one or more (ideally more than one) image names. It can then be used in the same way as an image name in <code class="language-plaintext highlighter-rouge">docker pull</code> and <code class="language-plaintext highlighter-rouge">docker run</code> commands, for example.</p> <p>Ideally a manifest list is created from images that are identical in function for different os/arch combinations. For this reason, manifest lists are often referred to as “multi-arch images”. However, a user could create a manifest list that points to two images -- one for windows on amd64, and one for darwin on amd64.</p> <h3 id="manifest-inspect">manifest inspect</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest inspect --help
+
+Usage:  docker manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST
+
+Display an image manifest, or manifest list
+
+Options:
+      --help       Print usage
+      --insecure   Allow communication with an insecure registry
+  -v, --verbose    Output additional info including layers and platform
+</pre></div> <h3 id="manifest-create">manifest create</h3> <div class="highlight"><pre class="highlight" data-language="">Usage:  docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]
+
+Create a local manifest list for annotating and pushing to a registry
+
+Options:
+  -a, --amend      Amend an existing manifest list
+      --insecure   Allow communication with an insecure registry
+      --help       Print usage
+</pre></div> <h3 id="manifest-annotate">manifest annotate</h3> <div class="highlight"><pre class="highlight" data-language="">Usage:  docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST
+
+Add additional information to a local image manifest
+
+Options:
+      --arch string               Set architecture
+      --help                      Print usage
+      --os string                 Set operating system
+      --os-version string         Set operating system version
+      --os-features stringSlice   Set operating system feature
+      --variant string            Set architecture variant
+
+</pre></div> <h3 id="manifest-push">manifest push</h3> <div class="highlight"><pre class="highlight" data-language="">Usage:  docker manifest push [OPTIONS] MANIFEST_LIST
+
+Push a manifest list to a repository
+
+Options:
+      --help       Print usage
+      --insecure   Allow push to an insecure registry
+  -p, --purge      Remove the local manifest list after push
+</pre></div> <h3 id="working-with-insecure-registries">Working with insecure registries</h3> <p>The manifest command interacts solely with a Docker registry. Because of this, it has no way to query the engine for the list of allowed insecure registries. To allow the CLI to interact with an insecure registry, some <code class="language-plaintext highlighter-rouge">docker manifest</code> commands have an <code class="language-plaintext highlighter-rouge">--insecure</code> flag. For each transaction, such as a <code class="language-plaintext highlighter-rouge">create</code>, which queries a registry, the <code class="language-plaintext highlighter-rouge">--insecure</code> flag must be specified. This flag tells the CLI that this registry call may ignore security concerns like missing or self-signed certificates. Likewise, on a <code class="language-plaintext highlighter-rouge">manifest push</code> to an insecure registry, the <code class="language-plaintext highlighter-rouge">--insecure</code> flag must be specified. If this is not used with an insecure registry, the manifest command fails to find a registry that meets the default requirements.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <h3 id="inspect-an-images-manifest-object">Inspect an image’s manifest object</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest inspect hello-world
+{
+        "schemaVersion": 2,
+        "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+        "config": {
+                "mediaType": "application/vnd.docker.container.image.v1+json",
+                "size": 1520,
+                "digest": "sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57"
+        },
+        "layers": [
+                {
+                        "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+                        "size": 972,
+                        "digest": "sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28"
+                }
+        ]
+}
+</pre></div> <h3 id="inspect-an-images-manifest-and-get-the-osarch-info">Inspect an image’s manifest and get the os/arch info</h3> <p>The <code class="language-plaintext highlighter-rouge">docker manifest inspect</code> command takes an optional <code class="language-plaintext highlighter-rouge">--verbose</code> flag that gives you the image’s name (Ref), and architecture and os (Platform).</p> <p>Just as with other docker commands that take image names, you can refer to an image with or without a tag, or by digest (e.g. <code class="language-plaintext highlighter-rouge">hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f</code>).</p> <p>Here is an example of inspecting an image’s manifest with the <code class="language-plaintext highlighter-rouge">--verbose</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest inspect --verbose hello-world
+{
+        "Ref": "docker.io/library/hello-world:latest",
+        "Digest": "sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f",
+        "SchemaV2Manifest": {
+                "schemaVersion": 2,
+                "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+                "config": {
+                        "mediaType": "application/vnd.docker.container.image.v1+json",
+                        "size": 1520,
+                        "digest": "sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57"
+                },
+                "layers": [
+                        {
+                                "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+                                "size": 972,
+                                "digest": "sha256:b04784fba78d739b526e27edc02a5a8cd07b1052e9283f5fc155828f4b614c28"
+                        }
+                ]
+        },
+        "Platform": {
+                "architecture": "amd64",
+                "os": "linux"
+        }
+}
+</pre></div> <h3 id="create-and-push-a-manifest-list">Create and push a manifest list</h3> <p>To create a manifest list, you first <code class="language-plaintext highlighter-rouge">create</code> the manifest list locally by specifying the constituent images you would like to have included in your manifest list. Keep in mind that this is pushed to a registry, so if you want to push to a registry other than the docker registry, you need to create your manifest list with the registry name or IP and port. This is similar to tagging an image and pushing it to a foreign registry.</p> <p>After you have created your local copy of the manifest list, you may optionally <code class="language-plaintext highlighter-rouge">annotate</code> it. Annotations allowed are the architecture and operating system (overriding the image’s current values), os features, and an architecture variant.</p> <p>Finally, you need to <code class="language-plaintext highlighter-rouge">push</code> your manifest list to the desired registry. Below are descriptions of these three commands, and an example putting them all together.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest create 45.55.81.106:5000/coolapp:v1 \
+    45.55.81.106:5000/coolapp-ppc64le-linux:v1 \
+    45.55.81.106:5000/coolapp-arm-linux:v1 \
+    45.55.81.106:5000/coolapp-amd64-linux:v1 \
+    45.55.81.106:5000/coolapp-amd64-windows:v1
+
+Created manifest list 45.55.81.106:5000/coolapp:v1
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest annotate 45.55.81.106:5000/coolapp:v1 45.55.81.106:5000/coolapp-arm-linux --arch arm
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest push 45.55.81.106:5000/coolapp:v1
+Pushed manifest 45.55.81.106:5000/coolapp@sha256:9701edc932223a66e49dd6c894a11db8c2cf4eccd1414f1ec105a623bf16b426 with digest: sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b
+Pushed manifest 45.55.81.106:5000/coolapp@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f with digest: sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a
+Pushed manifest 45.55.81.106:5000/coolapp@sha256:39dc41c658cf25f33681a41310372f02728925a54aac3598310bfb1770615fc9 with digest: sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8
+Pushed manifest 45.55.81.106:5000/coolapp@sha256:f91b1145cd4ac800b28122313ae9e88ac340bb3f1e3a4cd3e59a3648650f3275 with digest: sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62
+sha256:050b213d49d7673ba35014f21454c573dcbec75254a08f4a7c34f66a47c06aba
+
+</pre></div> <h3 id="inspect-a-manifest-list">Inspect a manifest list</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest inspect coolapp:v1
+{
+   "schemaVersion": 2,
+   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
+   "manifests": [
+      {
+         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+         "size": 424,
+         "digest": "sha256:f67dcc5fc786f04f0743abfe0ee5dae9bd8caf8efa6c8144f7f2a43889dc513b",
+         "platform": {
+            "architecture": "arm",
+            "os": "linux"
+         }
+      },
+      {
+         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+         "size": 424,
+         "digest": "sha256:b64ca0b60356a30971f098c92200b1271257f100a55b351e6bbe985638352f3a",
+         "platform": {
+            "architecture": "amd64",
+            "os": "linux"
+         }
+      },
+      {
+         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+         "size": 425,
+         "digest": "sha256:df436846483aff62bad830b730a0d3b77731bcf98ba5e470a8bbb8e9e346e4e8",
+         "platform": {
+            "architecture": "ppc64le",
+            "os": "linux"
+         }
+      },
+      {
+         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+         "size": 425,
+         "digest": "sha256:5bb8e50aa2edd408bdf3ddf61efb7338ff34a07b762992c9432f1c02fc0e5e62",
+         "platform": {
+            "architecture": "s390x",
+            "os": "linux"
+         }
+      }
+   ]
+}
+</pre></div> <h3 id="push-to-an-insecure-registry">Push to an insecure registry</h3> <p>Here is an example of creating and pushing a manifest list using a known insecure registry.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \
+    myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \
+    myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \
+    myprivateregistry.mycompany.com/repo/image-linux-arm:1.0 \
+    myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \
+    myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \
+    myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0
+
+$ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--insecure</code> flag is not required to annotate a manifest list, since annotations are to a locally-stored copy of a manifest list. You may also skip the <code class="language-plaintext highlighter-rouge">--insecure</code> flag if you are performing a <code class="language-plaintext highlighter-rouge">docker manifest inspect</code> on a locally-stored manifest list. Be sure to keep in mind that locally-stored manifest lists are never used by the engine on a <code class="language-plaintext highlighter-rouge">docker pull</code>.</p> </blockquote> <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../manifest_annotate/index">docker manifest annotate</a></td> <td>Add additional information to a local image manifest</td> </tr> <tr> <td><a href="../manifest_create/index">docker manifest create</a></td> <td>Create a local manifest list for annotating and pushing to a registry</td> </tr> <tr> <td><a href="../manifest_inspect/index">docker manifest inspect</a></td> <td>Display an image manifest, or manifest list</td> </tr> <tr> <td><a href="../manifest_push/index">docker manifest push</a></td> <td>Push a manifest list to a repository</td> </tr> <tr> <td><a href="../manifest_rm/index">docker manifest rm</a></td> <td>Delete one or more manifest lists from local storage</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/manifest/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/manifest/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_annotate%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_annotate%2Findex.html
new file mode 100644
index 00000000..e4a1af93
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_annotate%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker manifest annotate</h1>  <p><br></p> <p>Add additional information to a local image manifest</p> <blockquote class="important"> <p>This command is experimental.</p> <p><a href="../cli/index#experimental-features">Experimental features</a> are intended for testing and feedback as their functionality or UX may change between releases without warning or can be removed entirely in a future release.</p> </blockquote> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--arch</code></td> <td></td> <td>Set architecture</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--os</code></td> <td></td> <td>Set operating system</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--os-features</code></td> <td></td> <td>Set operating system feature</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--os-version</code></td> <td></td> <td>Set operating system version</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--variant</code></td> <td></td> <td>Set architecture variant</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../manifest/index">docker manifest</a></td> <td style="text-align: left">Manage Docker image manifests and manifest lists</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker manifest annotate</a></td> <td>Add additional information to a local image manifest</td> </tr> <tr> <td><a href="../manifest_create/index">docker manifest create</a></td> <td>Create a local manifest list for annotating and pushing to a registry</td> </tr> <tr> <td><a href="../manifest_inspect/index">docker manifest inspect</a></td> <td>Display an image manifest, or manifest list</td> </tr> <tr> <td><a href="../manifest_push/index">docker manifest push</a></td> <td>Push a manifest list to a repository</td> </tr> <tr> <td><a href="../manifest_rm/index">docker manifest rm</a></td> <td>Delete one or more manifest lists from local storage</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/manifest_annotate/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/manifest_annotate/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_create%2Findex.html
new file mode 100644
index 00000000..67e1cc7c
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_create%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker manifest create</h1>  <p><br></p> <p>Create a local manifest list for annotating and pushing to a registry</p> <blockquote class="important"> <p>This command is experimental.</p> <p><a href="../cli/index#experimental-features">Experimental features</a> are intended for testing and feedback as their functionality or UX may change between releases without warning or can be removed entirely in a future release.</p> </blockquote> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--amend</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Amend an existing manifest list</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--insecure</code></td> <td></td> <td>Allow communication with an insecure registry</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../manifest/index">docker manifest</a></td> <td style="text-align: left">Manage Docker image manifests and manifest lists</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../manifest_annotate/index">docker manifest annotate</a></td> <td>Add additional information to a local image manifest</td> </tr> <tr> <td><a href="index">docker manifest create</a></td> <td>Create a local manifest list for annotating and pushing to a registry</td> </tr> <tr> <td><a href="../manifest_inspect/index">docker manifest inspect</a></td> <td>Display an image manifest, or manifest list</td> </tr> <tr> <td><a href="../manifest_push/index">docker manifest push</a></td> <td>Push a manifest list to a repository</td> </tr> <tr> <td><a href="../manifest_rm/index">docker manifest rm</a></td> <td>Delete one or more manifest lists from local storage</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/manifest_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/manifest_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_inspect%2Findex.html
new file mode 100644
index 00000000..5f2dbe16
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_inspect%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker manifest inspect</h1>  <p><br></p> <p>Display an image manifest, or manifest list</p> <blockquote class="important"> <p>This command is experimental.</p> <p><a href="../cli/index#experimental-features">Experimental features</a> are intended for testing and feedback as their functionality or UX may change between releases without warning or can be removed entirely in a future release.</p> </blockquote> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest inspect [OPTIONS] [MANIFEST_LIST] MANIFEST
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--insecure</code></td> <td></td> <td>Allow communication with an insecure registry</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--verbose</code> , <code class="language-plaintext highlighter-rouge">-v</code>
+</td> <td></td> <td>Output additional info including layers and platform</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../manifest/index">docker manifest</a></td> <td style="text-align: left">Manage Docker image manifests and manifest lists</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../manifest_annotate/index">docker manifest annotate</a></td> <td>Add additional information to a local image manifest</td> </tr> <tr> <td><a href="../manifest_create/index">docker manifest create</a></td> <td>Create a local manifest list for annotating and pushing to a registry</td> </tr> <tr> <td><a href="index">docker manifest inspect</a></td> <td>Display an image manifest, or manifest list</td> </tr> <tr> <td><a href="../manifest_push/index">docker manifest push</a></td> <td>Push a manifest list to a repository</td> </tr> <tr> <td><a href="../manifest_rm/index">docker manifest rm</a></td> <td>Delete one or more manifest lists from local storage</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/manifest_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/manifest_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_push%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_push%2Findex.html
new file mode 100644
index 00000000..2c5e4949
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_push%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker manifest push</h1>  <p><br></p> <p>Push a manifest list to a repository</p> <blockquote class="important"> <p>This command is experimental.</p> <p><a href="../cli/index#experimental-features">Experimental features</a> are intended for testing and feedback as their functionality or UX may change between releases without warning or can be removed entirely in a future release.</p> </blockquote> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest push [OPTIONS] MANIFEST_LIST
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--insecure</code></td> <td></td> <td>Allow push to an insecure registry</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--purge</code> , <code class="language-plaintext highlighter-rouge">-p</code>
+</td> <td></td> <td>Remove the local manifest list after push</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../manifest/index">docker manifest</a></td> <td style="text-align: left">Manage Docker image manifests and manifest lists</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../manifest_annotate/index">docker manifest annotate</a></td> <td>Add additional information to a local image manifest</td> </tr> <tr> <td><a href="../manifest_create/index">docker manifest create</a></td> <td>Create a local manifest list for annotating and pushing to a registry</td> </tr> <tr> <td><a href="../manifest_inspect/index">docker manifest inspect</a></td> <td>Display an image manifest, or manifest list</td> </tr> <tr> <td><a href="index">docker manifest push</a></td> <td>Push a manifest list to a repository</td> </tr> <tr> <td><a href="../manifest_rm/index">docker manifest rm</a></td> <td>Delete one or more manifest lists from local storage</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/manifest_push/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/manifest_push/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_rm%2Findex.html
new file mode 100644
index 00000000..b7d254b9
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fmanifest_rm%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker manifest rm</h1>  <p><br></p> <p>Delete one or more manifest lists from local storage</p> <blockquote class="important"> <p>This command is experimental.</p> <p><a href="../cli/index#experimental-features">Experimental features</a> are intended for testing and feedback as their functionality or UX may change between releases without warning or can be removed entirely in a future release.</p> </blockquote> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker manifest rm MANIFEST_LIST [MANIFEST_LIST...]
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../manifest/index">docker manifest</a></td> <td style="text-align: left">Manage Docker image manifests and manifest lists</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../manifest_annotate/index">docker manifest annotate</a></td> <td>Add additional information to a local image manifest</td> </tr> <tr> <td><a href="../manifest_create/index">docker manifest create</a></td> <td>Create a local manifest list for annotating and pushing to a registry</td> </tr> <tr> <td><a href="../manifest_inspect/index">docker manifest inspect</a></td> <td>Display an image manifest, or manifest list</td> </tr> <tr> <td><a href="../manifest_push/index">docker manifest push</a></td> <td>Push a manifest list to a repository</td> </tr> <tr> <td><a href="index">docker manifest rm</a></td> <td>Delete one or more manifest lists from local storage</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/manifest_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/manifest_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork%2Findex.html
new file mode 100644
index 00000000..7c8b391d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker network</h1>  <p><br></p> <p>Manage networks</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage networks. You can use subcommands to create, inspect, list, remove, prune, connect, and disconnect networks.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../network_connect/index">docker network connect</a></td> <td>Connect a container to a network</td> </tr> <tr> <td><a href="../network_create/index">docker network create</a></td> <td>Create a network</td> </tr> <tr> <td><a href="../network_disconnect/index">docker network disconnect</a></td> <td>Disconnect a container from a network</td> </tr> <tr> <td><a href="../network_inspect/index">docker network inspect</a></td> <td>Display detailed information on one or more networks</td> </tr> <tr> <td><a href="../network_ls/index">docker network ls</a></td> <td>List networks</td> </tr> <tr> <td><a href="../network_prune/index">docker network prune</a></td> <td>Remove all unused networks</td> </tr> <tr> <td><a href="../network_rm/index">docker network rm</a></td> <td>Remove one or more networks</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/network/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/network/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_connect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_connect%2Findex.html
new file mode 100644
index 00000000..9ceb8149
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_connect%2Findex.html
@@ -0,0 +1,14 @@
+<h1>docker network connect</h1>  <p><br></p> <p>Connect a container to a network</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network connect [OPTIONS] NETWORK CONTAINER
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in the same network.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--alias</code></td> <td></td> <td>Add network-scoped alias for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--driver-opt</code></td> <td></td> <td>driver options for the network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip</code></td> <td></td> <td>IPv4 address (e.g., 172.30.100.104)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip6</code></td> <td></td> <td>IPv6 address (e.g., 2001:db8::33)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link</code></td> <td></td> <td>Add link to another container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link-local-ip</code></td> <td></td> <td>Add a link-local address for the container</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="connect-a-running-container-to-a-network">Connect a running container to a network</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker network connect multi-host-network container1
+</pre></div> <h3 id="connect-a-container-to-a-network-when-it-starts">Connect a container to a network when it starts</h3> <p>You can also use the <code class="language-plaintext highlighter-rouge">docker run --network=&lt;network-name&gt;</code> option to start a container and immediately connect it to a network.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -itd --network=multi-host-network busybox
+</pre></div> <h3 id="specify-the-ip-address-a-container-will-use-on-a-given-network">Specify the IP address a container will use on a given network</h3> <p>You can specify the IP address you want to be assigned to the container’s interface.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network connect --ip 10.10.36.122 multi-host-network container2
+</pre></div> <h3 id="use-the-legacy---link-option">Use the legacy <code class="language-plaintext highlighter-rouge">--link</code> option</h3> <p>You can use <code class="language-plaintext highlighter-rouge">--link</code> option to link another container with a preferred alias</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network connect --link container1:c1 multi-host-network container2
+</pre></div> <h3 id="create-a-network-alias-for-a-container">Create a network alias for a container</h3> <p><code class="language-plaintext highlighter-rouge">--alias</code> option can be used to resolve the container by another name in the network being connected to.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network connect --alias db --alias mysql multi-host-network container2
+</pre></div> <h3 id="network-implications-of-stopping-pausing-or-restarting-containers">Network implications of stopping, pausing, or restarting containers</h3> <p>You can pause, restart, and stop containers that are connected to a network. A container connects to its configured networks when it runs.</p> <p>If specified, the container’s IP address(es) is reapplied when a stopped container is restarted. If the IP address is no longer available, the container fails to start. One way to guarantee that the IP address is available is to specify an <code class="language-plaintext highlighter-rouge">--ip-range</code> when creating the network, and choose the static IP address(es) from outside that range. This ensures that the IP address is not given to another container while this container is not on the network.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker network connect --ip 172.20.128.2 multi-host-network container2
+</pre></div> <p>To verify the container is connected, use the <code class="language-plaintext highlighter-rouge">docker network inspect</code> command. Use <code class="language-plaintext highlighter-rouge">docker network disconnect</code> to remove a container from the network.</p> <p>Once connected in network, containers can communicate using only another container’s IP address or name. For <code class="language-plaintext highlighter-rouge">overlay</code> networks or custom plugins that support multi-host connectivity, containers connected to the same multi-host network but launched from different Engines can also communicate in this way.</p> <p>You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../network/index">docker network</a></td> <td style="text-align: left">Manage networks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker network connect</a></td> <td>Connect a container to a network</td> </tr> <tr> <td><a href="../network_create/index">docker network create</a></td> <td>Create a network</td> </tr> <tr> <td><a href="../network_disconnect/index">docker network disconnect</a></td> <td>Disconnect a container from a network</td> </tr> <tr> <td><a href="../network_inspect/index">docker network inspect</a></td> <td>Display detailed information on one or more networks</td> </tr> <tr> <td><a href="../network_ls/index">docker network ls</a></td> <td>List networks</td> </tr> <tr> <td><a href="../network_prune/index">docker network prune</a></td> <td>Remove all unused networks</td> </tr> <tr> <td><a href="../network_rm/index">docker network rm</a></td> <td>Remove one or more networks</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/network_connect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/network_connect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_create%2Findex.html
new file mode 100644
index 00000000..f9a8a723
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_create%2Findex.html
@@ -0,0 +1,38 @@
+<h1>docker network create</h1>  <p><br></p> <p>Create a network</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network create [OPTIONS] NETWORK
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Creates a new network. The <code class="language-plaintext highlighter-rouge">DRIVER</code> accepts <code class="language-plaintext highlighter-rouge">bridge</code> or <code class="language-plaintext highlighter-rouge">overlay</code> which are the built-in network drivers. If you have installed a third party or your own custom network driver you can specify that <code class="language-plaintext highlighter-rouge">DRIVER</code> here also. If you don’t specify the <code class="language-plaintext highlighter-rouge">--driver</code> option, the command automatically creates a <code class="language-plaintext highlighter-rouge">bridge</code> network for you. When you install Docker Engine it creates a <code class="language-plaintext highlighter-rouge">bridge</code> network automatically. This network corresponds to the <code class="language-plaintext highlighter-rouge">docker0</code> bridge that Engine has traditionally relied on. When you launch a new container with <code class="language-plaintext highlighter-rouge">docker run</code> it automatically connects to this bridge network. You cannot remove this default bridge network, but you can create new ones using the <code class="language-plaintext highlighter-rouge">network create</code> command.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create -d bridge my-bridge-network
+</pre></div> <p>Bridge networks are isolated networks on a single Engine installation. If you want to create a network that spans multiple Docker hosts each running an Engine, you must create an <code class="language-plaintext highlighter-rouge">overlay</code> network. Unlike <code class="language-plaintext highlighter-rouge">bridge</code> networks, overlay networks require some pre-existing conditions before you can create one. These conditions are:</p> <ul> <li>Access to a key-value store. Engine supports Consul, Etcd, and ZooKeeper (Distributed store) key-value stores.</li> <li>A cluster of hosts with connectivity to the key-value store.</li> <li>A properly configured Engine <code class="language-plaintext highlighter-rouge">daemon</code> on each host in the cluster.</li> </ul> <p>The <code class="language-plaintext highlighter-rouge">dockerd</code> options that support the <code class="language-plaintext highlighter-rouge">overlay</code> network are:</p> <ul> <li><code class="language-plaintext highlighter-rouge">--cluster-store</code></li> <li><code class="language-plaintext highlighter-rouge">--cluster-store-opt</code></li> <li><code class="language-plaintext highlighter-rouge">--cluster-advertise</code></li> </ul> <p>To read more about these options and how to configure them, see <a href="https://docs.docker.com/engine/userguide/networking/get-started-overlay">“<em>Get started with multi-host network</em>”</a>.</p> <p>While not required, it is a good idea to install Docker Swarm to manage the cluster that makes up your network. Swarm provides sophisticated discovery and server management tools that can assist your implementation.</p> <p>Once you have prepared the <code class="language-plaintext highlighter-rouge">overlay</code> network prerequisites you simply choose a Docker host in the cluster and issue the following to create the network:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create -d overlay my-multihost-network
+</pre></div> <p>Network names must be unique. The Docker daemon attempts to identify naming conflicts but this is not guaranteed. It is the user’s responsibility to avoid name conflicts.</p> <h3 id="overlay-network-limitations">Overlay network limitations</h3> <p>You should create overlay networks with <code class="language-plaintext highlighter-rouge">/24</code> blocks (the default), which limits you to 256 IP addresses, when you create networks using the default VIP-based endpoint-mode. This recommendation addresses <a href="https://github.com/moby/moby/issues/30820">limitations with swarm mode</a>. If you need more than 256 IP addresses, do not increase the IP block size. You can either use <code class="language-plaintext highlighter-rouge">dnsrr</code> endpoint mode with an external load balancer, or use multiple smaller overlay networks. See <a href="https://docs.docker.com/network/overlay#configure-service-discovery">Configure service discovery</a> for more information about different endpoint modes.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--attachable</code></td> <td></td> <td>Enable manual container attachment</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--aux-address</code></td> <td></td> <td>Auxiliary IPv4 or IPv6 addresses used by Network driver</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--config-from</code></td> <td></td> <td>The network from which to copy the configuration</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--config-only</code></td> <td></td> <td>Create a configuration only network</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--driver</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td><code class="language-plaintext highlighter-rouge">bridge</code></td> <td>Driver to manage the Network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--gateway</code></td> <td></td> <td>IPv4 or IPv6 Gateway for the master subnet</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ingress</code></td> <td></td> <td>Create swarm routing-mesh network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--internal</code></td> <td></td> <td>Restrict external access to the network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip-range</code></td> <td></td> <td>Allocate container ip from a sub-range</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ipam-driver</code></td> <td></td> <td>IP Address Management Driver</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ipam-opt</code></td> <td></td> <td>Set IPAM driver specific options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ipv6</code></td> <td></td> <td>Enable IPv6 networking</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label</code></td> <td></td> <td>Set metadata on a network</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--opt</code> , <code class="language-plaintext highlighter-rouge">-o</code>
+</td> <td></td> <td>Set driver specific options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--scope</code></td> <td></td> <td>Control the network's scope</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--subnet</code></td> <td></td> <td>Subnet in CIDR format that represents a network segment</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="connect-containers">Connect containers</h3> <p>When you start a container, use the <code class="language-plaintext highlighter-rouge">--network</code> flag to connect it to a network. This example adds the <code class="language-plaintext highlighter-rouge">busybox</code> container to the <code class="language-plaintext highlighter-rouge">mynet</code> network:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -itd --network=mynet busybox
+</pre></div> <p>If you want to add a container to a network after the container is already running, use the <code class="language-plaintext highlighter-rouge">docker network connect</code> subcommand.</p> <p>You can connect multiple containers to the same network. Once connected, the containers can communicate using only another container’s IP address or name. For <code class="language-plaintext highlighter-rouge">overlay</code> networks or custom plugins that support multi-host connectivity, containers connected to the same multi-host network but launched from different Engines can also communicate in this way.</p> <p>You can disconnect a container from a network using the <code class="language-plaintext highlighter-rouge">docker network disconnect</code> command.</p> <h3 id="specify-advanced-options">Specify advanced options</h3> <p>When you create a network, Engine creates a non-overlapping subnetwork for the network by default. This subnetwork is not a subdivision of an existing network. It is purely for ip-addressing purposes. You can override this default and specify subnetwork values directly using the <code class="language-plaintext highlighter-rouge">--subnet</code> option. On a <code class="language-plaintext highlighter-rouge">bridge</code> network you can only create a single subnet:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create --driver=bridge --subnet=192.168.0.0/16 br0
+</pre></div> <p>Additionally, you also specify the <code class="language-plaintext highlighter-rouge">--gateway</code> <code class="language-plaintext highlighter-rouge">--ip-range</code> and <code class="language-plaintext highlighter-rouge">--aux-address</code> options.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create \
+  --driver=bridge \
+  --subnet=172.28.0.0/16 \
+  --ip-range=172.28.5.0/24 \
+  --gateway=172.28.5.254 \
+  br0
+</pre></div> <p>If you omit the <code class="language-plaintext highlighter-rouge">--gateway</code> flag the Engine selects one for you from inside a preferred pool. For <code class="language-plaintext highlighter-rouge">overlay</code> networks and for network driver plugins that support it you can create multiple subnetworks. This example uses two <code class="language-plaintext highlighter-rouge">/25</code> subnet mask to adhere to the current guidance of not having more than 256 IPs in a single overlay network. Each of the subnetworks has 126 usable addresses.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create -d overlay \
+  --subnet=192.168.10.0/25 \
+  --subnet=192.168.20.0/25 \
+  --gateway=192.168.10.100 \
+  --gateway=192.168.20.100 \
+  --aux-address="my-router=192.168.10.5" --aux-address="my-switch=192.168.10.6" \
+  --aux-address="my-printer=192.168.20.5" --aux-address="my-nas=192.168.20.6" \
+  my-multihost-network
+</pre></div> <p>Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error.</p> <h3 id="bridge-driver-options">Bridge driver options</h3> <p>When creating a custom network, the default network driver (i.e. <code class="language-plaintext highlighter-rouge">bridge</code>) has additional options that can be passed. The following are those options and the equivalent docker daemon flags used for docker0 bridge:</p> <table> <thead> <tr> <th>Option</th> <th>Equivalent</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">com.docker.network.bridge.name</code></td> <td>-</td> <td>Bridge name to be used when creating the Linux bridge</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">com.docker.network.bridge.enable_ip_masquerade</code></td> <td><code class="language-plaintext highlighter-rouge">--ip-masq</code></td> <td>Enable IP masquerading</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">com.docker.network.bridge.enable_icc</code></td> <td><code class="language-plaintext highlighter-rouge">--icc</code></td> <td>Enable or Disable Inter Container Connectivity</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">com.docker.network.bridge.host_binding_ipv4</code></td> <td><code class="language-plaintext highlighter-rouge">--ip</code></td> <td>Default IP when binding container ports</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">com.docker.network.driver.mtu</code></td> <td><code class="language-plaintext highlighter-rouge">--mtu</code></td> <td>Set the containers network MTU</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">com.docker.network.container_iface_prefix</code></td> <td>-</td> <td>Set a custom prefix for container interfaces</td> </tr> </tbody> </table> <p>The following arguments can be passed to <code class="language-plaintext highlighter-rouge">docker network create</code> for any network driver, again with their approximate equivalents to <code class="language-plaintext highlighter-rouge">docker daemon</code>.</p> <table> <thead> <tr> <th>Argument</th> <th>Equivalent</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--gateway</code></td> <td>-</td> <td>IPv4 or IPv6 Gateway for the master subnet</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip-range</code></td> <td><code class="language-plaintext highlighter-rouge">--fixed-cidr</code></td> <td>Allocate IPs from a range</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--internal</code></td> <td>-</td> <td>Restrict external access to the network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ipv6</code></td> <td><code class="language-plaintext highlighter-rouge">--ipv6</code></td> <td>Enable IPv6 networking</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--subnet</code></td> <td><code class="language-plaintext highlighter-rouge">--bip</code></td> <td>Subnet for network</td> </tr> </tbody> </table> <p>For example, let’s use <code class="language-plaintext highlighter-rouge">-o</code> or <code class="language-plaintext highlighter-rouge">--opt</code> options to specify an IP address binding when publishing ports:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create \
+    -o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" \
+    simple-network
+</pre></div> <h3 id="network-internal-mode">Network internal mode</h3> <p>By default, when you connect a container to an <code class="language-plaintext highlighter-rouge">overlay</code> network, Docker also connects a bridge network to it to provide external connectivity. If you want to create an externally isolated <code class="language-plaintext highlighter-rouge">overlay</code> network, you can specify the <code class="language-plaintext highlighter-rouge">--internal</code> option.</p> <h3 id="network-ingress-mode">Network ingress mode</h3> <p>You can create the network which will be used to provide the routing-mesh in the swarm cluster. You do so by specifying <code class="language-plaintext highlighter-rouge">--ingress</code> when creating the network. Only one ingress network can be created at the time. The network can be removed only if no services depend on it. Any option available when creating an overlay network is also available when creating the ingress network, besides the <code class="language-plaintext highlighter-rouge">--attachable</code> option.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create -d overlay \
+  --subnet=10.11.0.0/16 \
+  --ingress \
+  --opt com.docker.network.driver.mtu=9216 \
+  --opt encrypted=true \
+  my-ingress-network
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../network/index">docker network</a></td> <td style="text-align: left">Manage networks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../network_connect/index">docker network connect</a></td> <td>Connect a container to a network</td> </tr> <tr> <td><a href="index">docker network create</a></td> <td>Create a network</td> </tr> <tr> <td><a href="../network_disconnect/index">docker network disconnect</a></td> <td>Disconnect a container from a network</td> </tr> <tr> <td><a href="../network_inspect/index">docker network inspect</a></td> <td>Display detailed information on one or more networks</td> </tr> <tr> <td><a href="../network_ls/index">docker network ls</a></td> <td>List networks</td> </tr> <tr> <td><a href="../network_prune/index">docker network prune</a></td> <td>Remove all unused networks</td> </tr> <tr> <td><a href="../network_rm/index">docker network rm</a></td> <td>Remove one or more networks</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/network_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/network_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_disconnect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_disconnect%2Findex.html
new file mode 100644
index 00000000..ec024942
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_disconnect%2Findex.html
@@ -0,0 +1,10 @@
+<h1>docker network disconnect</h1>  <p><br></p> <p>Disconnect a container from a network</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network disconnect [OPTIONS] NETWORK CONTAINER
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Disconnects a container from a network. The container must be running to disconnect it from the network.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force the container to disconnect from a network</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network disconnect multi-host-network container1
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../network/index">docker network</a></td> <td style="text-align: left">Manage networks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../network_connect/index">docker network connect</a></td> <td>Connect a container to a network</td> </tr> <tr> <td><a href="../network_create/index">docker network create</a></td> <td>Create a network</td> </tr> <tr> <td><a href="index">docker network disconnect</a></td> <td>Disconnect a container from a network</td> </tr> <tr> <td><a href="../network_inspect/index">docker network inspect</a></td> <td>Display detailed information on one or more networks</td> </tr> <tr> <td><a href="../network_ls/index">docker network ls</a></td> <td>List networks</td> </tr> <tr> <td><a href="../network_prune/index">docker network prune</a></td> <td>Remove all unused networks</td> </tr> <tr> <td><a href="../network_rm/index">docker network rm</a></td> <td>Remove one or more networks</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/network_disconnect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/network_disconnect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_inspect%2Findex.html
new file mode 100644
index 00000000..e7946091
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_inspect%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker network inspect</h1>  <p><br></p> <p>Display detailed information on one or more networks</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network inspect [OPTIONS] NETWORK [NETWORK...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Returns information about one or more networks. By default, this command renders all results in a JSON object.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--verbose</code> , <code class="language-plaintext highlighter-rouge">-v</code>
+</td> <td></td> <td>Verbose output for diagnostics</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../network/index">docker network</a></td> <td style="text-align: left">Manage networks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../network_connect/index">docker network connect</a></td> <td>Connect a container to a network</td> </tr> <tr> <td><a href="../network_create/index">docker network create</a></td> <td>Create a network</td> </tr> <tr> <td><a href="../network_disconnect/index">docker network disconnect</a></td> <td>Disconnect a container from a network</td> </tr> <tr> <td><a href="index">docker network inspect</a></td> <td>Display detailed information on one or more networks</td> </tr> <tr> <td><a href="../network_ls/index">docker network ls</a></td> <td>List networks</td> </tr> <tr> <td><a href="../network_prune/index">docker network prune</a></td> <td>Remove all unused networks</td> </tr> <tr> <td><a href="../network_rm/index">docker network rm</a></td> <td>Remove one or more networks</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/network_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/network_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_ls%2Findex.html
new file mode 100644
index 00000000..44e6cc6b
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_ls%2Findex.html
@@ -0,0 +1,72 @@
+<h1>docker network ls</h1>  <p><br></p> <p>List networks</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Lists all the networks the Engine <code class="language-plaintext highlighter-rouge">daemon</code> knows about. This includes the networks that span across multiple hosts in a cluster.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Provide filter values (e.g. 'driver=bridge')</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print networks using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Do not truncate the output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display network IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="list-all-networks">List all networks</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls
+NETWORK ID          NAME                DRIVER          SCOPE
+7fca4eb8c647        bridge              bridge          local
+9f904ee27bf5        none                null            local
+cf03ee007fb4        host                host            local
+78b03ee04fc4        multi-host          overlay         swarm
+</pre></div> <p>Use the <code class="language-plaintext highlighter-rouge">--no-trunc</code> option to display the full network id:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --no-trunc
+NETWORK ID                                                         NAME                DRIVER           SCOPE
+18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3   none                null             local
+c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47   host                host             local
+7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185   bridge              bridge           local
+95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd   foo                 bridge           local
+63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161   dev                 bridge           local
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is a <code class="language-plaintext highlighter-rouge">key=value</code> pair. If there is more than one filter, then pass multiple flags (e.g. <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>). Multiple filter flags are combined as an <code class="language-plaintext highlighter-rouge">OR</code> filter. For example, <code class="language-plaintext highlighter-rouge">-f type=custom -f type=builtin</code> returns both <code class="language-plaintext highlighter-rouge">custom</code> and <code class="language-plaintext highlighter-rouge">builtin</code> networks.</p> <p>The currently supported filters are:</p> <ul> <li>driver</li> <li>id (network’s id)</li> <li>label (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>)</li> <li>name (network’s name)</li> <li>scope (<code class="language-plaintext highlighter-rouge">swarm|global|local</code>)</li> <li>type (<code class="language-plaintext highlighter-rouge">custom|builtin</code>)</li> </ul> <h4 id="driver">Driver</h4> <p>The <code class="language-plaintext highlighter-rouge">driver</code> filter matches networks based on their driver.</p> <p>The following example matches networks with the <code class="language-plaintext highlighter-rouge">bridge</code> driver:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --filter driver=bridge
+NETWORK ID          NAME                DRIVER            SCOPE
+db9db329f835        test1               bridge            local
+f6e212da9dfd        test2               bridge            local
+</pre></div> <h4 id="id">ID</h4> <p>The <code class="language-plaintext highlighter-rouge">id</code> filter matches on all or part of a network’s ID.</p> <p>The following filter matches all networks with an ID containing the <code class="language-plaintext highlighter-rouge">63d1ff1f77b0...</code> string.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161
+NETWORK ID          NAME                DRIVER           SCOPE
+63d1ff1f77b0        dev                 bridge           local
+</pre></div> <p>You can also filter for a substring in an ID as this shows:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --filter id=95e74588f40d
+NETWORK ID          NAME                DRIVER          SCOPE
+95e74588f40d        foo                 bridge          local
+
+$ docker network ls --filter id=95e
+NETWORK ID          NAME                DRIVER          SCOPE
+95e74588f40d        foo                 bridge          local
+</pre></div> <h4 id="label">Label</h4> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter matches networks based on the presence of a <code class="language-plaintext highlighter-rouge">label</code> alone or a <code class="language-plaintext highlighter-rouge">label</code> and a value.</p> <p>The following filter matches networks with the <code class="language-plaintext highlighter-rouge">usage</code> label regardless of its value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls -f "label=usage"
+NETWORK ID          NAME                DRIVER         SCOPE
+db9db329f835        test1               bridge         local
+f6e212da9dfd        test2               bridge         local
+</pre></div> <p>The following filter matches networks with the <code class="language-plaintext highlighter-rouge">usage</code> label with the <code class="language-plaintext highlighter-rouge">prod</code> value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls -f "label=usage=prod"
+NETWORK ID          NAME                DRIVER        SCOPE
+f6e212da9dfd        test2               bridge        local
+</pre></div> <h4 id="name">Name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on all or part of a network’s name.</p> <p>The following filter matches all networks with a name containing the <code class="language-plaintext highlighter-rouge">foobar</code> string.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --filter name=foobar
+NETWORK ID          NAME                DRIVER       SCOPE
+06e7eef0a170        foobar              bridge       local
+</pre></div> <p>You can also filter for a substring in a name as this shows:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --filter name=foo
+NETWORK ID          NAME                DRIVER       SCOPE
+95e74588f40d        foo                 bridge       local
+06e7eef0a170        foobar              bridge       local
+</pre></div> <h4 id="scope">Scope</h4> <p>The <code class="language-plaintext highlighter-rouge">scope</code> filter matches networks based on their scope.</p> <p>The following example matches networks with the <code class="language-plaintext highlighter-rouge">swarm</code> scope:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --filter scope=swarm
+NETWORK ID          NAME                DRIVER              SCOPE
+xbtm0v4f1lfh        ingress             overlay             swarm
+ic6r88twuu92        swarmnet            overlay             swarm
+</pre></div> <p>The following example matches networks with the <code class="language-plaintext highlighter-rouge">local</code> scope:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --filter scope=local
+NETWORK ID          NAME                DRIVER              SCOPE
+e85227439ac7        bridge              bridge              local
+0ca0e19443ed        host                host                local
+ca13cc149a36        localnet            bridge              local
+f9e115d2de35        none                null                local
+</pre></div> <h4 id="type">Type</h4> <p>The <code class="language-plaintext highlighter-rouge">type</code> filter supports two values; <code class="language-plaintext highlighter-rouge">builtin</code> displays predefined networks (<code class="language-plaintext highlighter-rouge">bridge</code>, <code class="language-plaintext highlighter-rouge">none</code>, <code class="language-plaintext highlighter-rouge">host</code>), whereas <code class="language-plaintext highlighter-rouge">custom</code> displays user defined networks.</p> <p>The following filter matches all user defined networks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --filter type=custom
+NETWORK ID          NAME                DRIVER       SCOPE
+95e74588f40d        foo                 bridge       local
+63d1ff1f77b0        dev                 bridge       local
+</pre></div> <p>By having this flag it allows for batch cleanup. For example, use this filter to delete all user defined networks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network rm `docker network ls --filter type=custom -q`
+</pre></div> <p>A warning will be issued when trying to remove a network that has containers attached.</p> <h3 id="formatting">Formatting</h3> <p>The formatting options (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints networks output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Network ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Network name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Driver</code></td> <td>Network driver</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Scope</code></td> <td>Network scope (local, global)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.IPv6</code></td> <td>Whether IPv6 is enabled on the network or not.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Internal</code></td> <td>Whether the network is internal or not.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Labels</code></td> <td>All labels assigned to the network.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Label</code></td> <td>Value of a specific label for this network. For example <code class="language-plaintext highlighter-rouge">{{.Label "project.version"}}</code>
+</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CreatedAt</code></td> <td>Time when the network was created</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">network ls</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code> and <code class="language-plaintext highlighter-rouge">Driver</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all networks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls --format "{{.ID}}: {{.Driver}}"
+afaaab448eb2: bridge
+d1584f8dc718: host
+391df270dc66: null
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../network/index">docker network</a></td> <td style="text-align: left">Manage networks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../network_connect/index">docker network connect</a></td> <td>Connect a container to a network</td> </tr> <tr> <td><a href="../network_create/index">docker network create</a></td> <td>Create a network</td> </tr> <tr> <td><a href="../network_disconnect/index">docker network disconnect</a></td> <td>Disconnect a container from a network</td> </tr> <tr> <td><a href="../network_inspect/index">docker network inspect</a></td> <td>Display detailed information on one or more networks</td> </tr> <tr> <td><a href="index">docker network ls</a></td> <td>List networks</td> </tr> <tr> <td><a href="../network_prune/index">docker network prune</a></td> <td>Remove all unused networks</td> </tr> <tr> <td><a href="../network_rm/index">docker network rm</a></td> <td>Remove one or more networks</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/network_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/network_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_prune%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_prune%2Findex.html
new file mode 100644
index 00000000..cd81b45a
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_prune%2Findex.html
@@ -0,0 +1,37 @@
+<h1>docker network prune</h1>  <p><br></p> <p>Remove all unused networks</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network prune [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Remove all unused networks. Unused networks are those which are not referenced by any containers.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--filter</code></td> <td></td> <td>Provide filter values (e.g. 'until=&lt;timestamp&gt;')</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Do not prompt for confirmation</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network prune
+
+WARNING! This will remove all custom networks not used by at least one container.
+Are you sure you want to continue? [y/N] y
+Deleted Networks:
+n1
+n2
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li>until (<code class="language-plaintext highlighter-rouge">&lt;timestamp&gt;</code>) - only remove networks created before given timestamp</li> <li>label (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code>, <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>, <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;</code>, or <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;=&lt;value&gt;</code>) - only remove networks with (or without, in case <code class="language-plaintext highlighter-rouge">label!=...</code> is used) the specified labels.</li> </ul> <p>The <code class="language-plaintext highlighter-rouge">until</code> filter can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. <code class="language-plaintext highlighter-rouge">10m</code>, <code class="language-plaintext highlighter-rouge">1h30m</code>) computed relative to the daemon machine’s time. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05</code>, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05.999999999</code>, <code class="language-plaintext highlighter-rouge">2006-01-02Z07:00</code>, and <code class="language-plaintext highlighter-rouge">2006-01-02</code>. The local timezone on the daemon will be used if you do not provide either a <code class="language-plaintext highlighter-rouge">Z</code> or a <code class="language-plaintext highlighter-rouge">+-00:00</code> timezone offset at the end of the timestamp. When providing Unix timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long.</p> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter accepts two formats. One is the <code class="language-plaintext highlighter-rouge">label=...</code> (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>), which removes networks with the specified labels. The other format is the <code class="language-plaintext highlighter-rouge">label!=...</code> (<code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;=&lt;value&gt;</code>), which removes networks without the specified labels.</p> <p>The following removes networks created more than 5 minutes ago. Note that system networks such as <code class="language-plaintext highlighter-rouge">bridge</code>, <code class="language-plaintext highlighter-rouge">host</code>, and <code class="language-plaintext highlighter-rouge">none</code> will never be pruned:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network ls
+
+NETWORK ID          NAME                DRIVER              SCOPE
+7430df902d7a        bridge              bridge              local
+ea92373fd499        foo-1-day-ago       bridge              local
+ab53663ed3c7        foo-1-min-ago       bridge              local
+97b91972bc3b        host                host                local
+f949d337b1f5        none                null                local
+
+$ docker network prune --force --filter until=5m
+
+Deleted Networks:
+foo-1-day-ago
+
+$ docker network ls
+
+NETWORK ID          NAME                DRIVER              SCOPE
+7430df902d7a        bridge              bridge              local
+ab53663ed3c7        foo-1-min-ago       bridge              local
+97b91972bc3b        host                host                local
+f949d337b1f5        none                null                local
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../network/index">docker network</a></td> <td style="text-align: left">Manage networks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../network_connect/index">docker network connect</a></td> <td>Connect a container to a network</td> </tr> <tr> <td><a href="../network_create/index">docker network create</a></td> <td>Create a network</td> </tr> <tr> <td><a href="../network_disconnect/index">docker network disconnect</a></td> <td>Disconnect a container from a network</td> </tr> <tr> <td><a href="../network_inspect/index">docker network inspect</a></td> <td>Display detailed information on one or more networks</td> </tr> <tr> <td><a href="../network_ls/index">docker network ls</a></td> <td>List networks</td> </tr> <tr> <td><a href="index">docker network prune</a></td> <td>Remove all unused networks</td> </tr> <tr> <td><a href="../network_rm/index">docker network rm</a></td> <td>Remove one or more networks</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/network_prune/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/network_prune/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_rm%2Findex.html
new file mode 100644
index 00000000..d492fc53
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnetwork_rm%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker network rm</h1>  <p><br></p> <p>Remove one or more networks</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker network rm NETWORK [NETWORK...]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Removes one or more networks by name or identifier. To remove a network, you must first disconnect any containers connected to it.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <h3 id="remove-a-network">Remove a network</h3> <p>To remove the network named ‘my-network’:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network rm my-network
+</pre></div> <h3 id="remove-multiple-networks">Remove multiple networks</h3> <p>To delete multiple networks in a single <code class="language-plaintext highlighter-rouge">docker network rm</code> command, provide multiple network names or ids. The following example deletes a network with id <code class="language-plaintext highlighter-rouge">3695c422697f</code> and a network named <code class="language-plaintext highlighter-rouge">my-network</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network rm 3695c422697f my-network
+</pre></div> <p>When you specify multiple networks, the command attempts to delete each in turn. If the deletion of one network fails, the command continues to the next on the list and tries to delete that. The command reports success or failure for each deletion.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../network/index">docker network</a></td> <td style="text-align: left">Manage networks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../network_connect/index">docker network connect</a></td> <td>Connect a container to a network</td> </tr> <tr> <td><a href="../network_create/index">docker network create</a></td> <td>Create a network</td> </tr> <tr> <td><a href="../network_disconnect/index">docker network disconnect</a></td> <td>Disconnect a container from a network</td> </tr> <tr> <td><a href="../network_inspect/index">docker network inspect</a></td> <td>Display detailed information on one or more networks</td> </tr> <tr> <td><a href="../network_ls/index">docker network ls</a></td> <td>List networks</td> </tr> <tr> <td><a href="../network_prune/index">docker network prune</a></td> <td>Remove all unused networks</td> </tr> <tr> <td><a href="index">docker network rm</a></td> <td>Remove one or more networks</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/network_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/network_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode%2Findex.html
new file mode 100644
index 00000000..d182dc14
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker node</h1>  <p><br></p> <p>Manage Swarm nodes</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage nodes.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../node_demote/index">docker node demote</a></td> <td>Demote one or more nodes from manager in the swarm</td> </tr> <tr> <td><a href="../node_inspect/index">docker node inspect</a></td> <td>Display detailed information on one or more nodes</td> </tr> <tr> <td><a href="../node_ls/index">docker node ls</a></td> <td>List nodes in the swarm</td> </tr> <tr> <td><a href="../node_promote/index">docker node promote</a></td> <td>Promote one or more nodes to manager in the swarm</td> </tr> <tr> <td><a href="../node_ps/index">docker node ps</a></td> <td>List tasks running on one or more nodes, defaults to current node</td> </tr> <tr> <td><a href="../node_rm/index">docker node rm</a></td> <td>Remove one or more nodes from the swarm</td> </tr> <tr> <td><a href="../node_update/index">docker node update</a></td> <td>Update a node</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/node/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/node/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_demote%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_demote%2Findex.html
new file mode 100644
index 00000000..659917c1
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_demote%2Findex.html
@@ -0,0 +1,8 @@
+<h1>docker node demote</h1>  <p><br></p> <p>Demote one or more nodes from manager in the swarm</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node demote NODE [NODE...]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Demotes an existing manager so that it is no longer a manager.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node demote &lt;node name&gt;
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../node/index">docker node</a></td> <td style="text-align: left">Manage Swarm nodes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker node demote</a></td> <td>Demote one or more nodes from manager in the swarm</td> </tr> <tr> <td><a href="../node_inspect/index">docker node inspect</a></td> <td>Display detailed information on one or more nodes</td> </tr> <tr> <td><a href="../node_ls/index">docker node ls</a></td> <td>List nodes in the swarm</td> </tr> <tr> <td><a href="../node_promote/index">docker node promote</a></td> <td>Promote one or more nodes to manager in the swarm</td> </tr> <tr> <td><a href="../node_ps/index">docker node ps</a></td> <td>List tasks running on one or more nodes, defaults to current node</td> </tr> <tr> <td><a href="../node_rm/index">docker node rm</a></td> <td>Remove one or more nodes from the swarm</td> </tr> <tr> <td><a href="../node_update/index">docker node update</a></td> <td>Update a node</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/node_demote/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/node_demote/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_inspect%2Findex.html
new file mode 100644
index 00000000..1925d228
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_inspect%2Findex.html
@@ -0,0 +1,119 @@
+<h1>docker node inspect</h1>  <p><br></p> <p>Display detailed information on one or more nodes</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node inspect [OPTIONS] self|NODE [NODE...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Returns information about a node. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a given template for each result. Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package describes all the details of the format.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pretty</code></td> <td></td> <td>Print the information in a human friendly format</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="inspect-a-node">Inspect a node</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker node inspect swarm-manager
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "ID": "e216jshn25ckzbvmwlnh5jr3g",
+    "Version": {
+      "Index": 10
+    },
+    "CreatedAt": "2017-05-16T22:52:44.9910662Z",
+    "UpdatedAt": "2017-05-16T22:52:45.230878043Z",
+    "Spec": {
+      "Role": "manager",
+      "Availability": "active"
+    },
+    "Description": {
+      "Hostname": "swarm-manager",
+      "Platform": {
+        "Architecture": "x86_64",
+        "OS": "linux"
+      },
+      "Resources": {
+        "NanoCPUs": 1000000000,
+        "MemoryBytes": 1039843328
+      },
+      "Engine": {
+        "EngineVersion": "17.06.0-ce",
+        "Plugins": [
+          {
+            "Type": "Volume",
+            "Name": "local"
+          },
+          {
+            "Type": "Network",
+            "Name": "overlay"
+          },
+          {
+            "Type": "Network",
+            "Name": "null"
+          },
+          {
+            "Type": "Network",
+            "Name": "host"
+          },
+          {
+            "Type": "Network",
+            "Name": "bridge"
+          },
+          {
+            "Type": "Network",
+            "Name": "overlay"
+          }
+        ]
+      },
+      "TLSInfo": {
+        "TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n",
+        "CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh",
+        "CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ=="
+      }
+    },
+    "Status": {
+      "State": "ready",
+      "Addr": "168.0.32.137"
+    },
+    "ManagerStatus": {
+      "Leader": true,
+      "Reachability": "reachable",
+      "Addr": "168.0.32.137:2377"
+    }
+  }
+]
+</pre></div> <h3 id="specify-an-output-format">Specify an output format</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker node inspect --format '{{ .ManagerStatus.Leader }}' self
+
+false
+</pre></div> <p>Use <code class="language-plaintext highlighter-rouge">--format=pretty</code> or the <code class="language-plaintext highlighter-rouge">--pretty</code> shorthand to pretty-print the output:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node inspect --format=pretty self
+
+ID:                     e216jshn25ckzbvmwlnh5jr3g
+Hostname:               swarm-manager
+Joined at:              2017-05-16 22:52:44.9910662 +0000 utc
+Status:
+ State:                 Ready
+ Availability:          Active
+ Address:               172.17.0.2
+Manager Status:
+ Address:               172.17.0.2:2377
+ Raft Status:           Reachable
+ Leader:                Yes
+Platform:
+ Operating System:      linux
+ Architecture:          x86_64
+Resources:
+ CPUs:                  4
+ Memory:                7.704 GiB
+Plugins:
+  Network:              overlay, bridge, null, host, overlay
+  Volume:               local
+Engine Version:         17.06.0-ce
+TLS Info:
+ TrustRoot:
+-----BEGIN CERTIFICATE-----
+MIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw
+EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy
+NDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g
+Ah8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+Af8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO
+PQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3
+zONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==
+-----END CERTIFICATE-----
+
+ Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==
+ Issuer Subject:    MBMxETAPBgNVBAMTCHN3YXJtLWNh
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../node/index">docker node</a></td> <td style="text-align: left">Manage Swarm nodes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../node_demote/index">docker node demote</a></td> <td>Demote one or more nodes from manager in the swarm</td> </tr> <tr> <td><a href="index">docker node inspect</a></td> <td>Display detailed information on one or more nodes</td> </tr> <tr> <td><a href="../node_ls/index">docker node ls</a></td> <td>List nodes in the swarm</td> </tr> <tr> <td><a href="../node_promote/index">docker node promote</a></td> <td>Promote one or more nodes to manager in the swarm</td> </tr> <tr> <td><a href="../node_ps/index">docker node ps</a></td> <td>List tasks running on one or more nodes, defaults to current node</td> </tr> <tr> <td><a href="../node_rm/index">docker node rm</a></td> <td>Remove one or more nodes from the swarm</td> </tr> <tr> <td><a href="../node_update/index">docker node update</a></td> <td>Update a node</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/node_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/node_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_ls%2Findex.html
new file mode 100644
index 00000000..807a2495
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_ls%2Findex.html
@@ -0,0 +1,58 @@
+<h1>docker node ls</h1>  <p><br></p> <p>List nodes in the swarm</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Lists all the nodes that the Docker Swarm manager knows about. You can filter using the <code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code> flag. Refer to the <a href="#filtering">filtering</a> section for more information about available filter options.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print nodes using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls
+
+ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
+1bcef6utixb0l0ca7gxuivsj0    swarm-worker2   Ready   Active
+38ciaotwjuritcdtn9npbnkuz    swarm-worker1   Ready   Active
+e216jshn25ckzbvmwlnh5jr3g *  swarm-manager1  Ready   Active        Leader
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>In the above example output, there is a hidden column of <code class="language-plaintext highlighter-rouge">.Self</code> that indicates if the node is the same node as the current docker daemon. A <code class="language-plaintext highlighter-rouge">*</code> (e.g., <code class="language-plaintext highlighter-rouge">e216jshn25ckzbvmwlnh5jr3g *</code>) means this node is the current docker daemon.</p> </blockquote> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li><a href="#id">id</a></li> <li><a href="#label">label</a></li> <li><a href="#nodelabel">node.label</a></li> <li><a href="#membership">membership</a></li> <li><a href="#name">name</a></li> <li><a href="#role">role</a></li> </ul> <h4 id="id">id</h4> <p>The <code class="language-plaintext highlighter-rouge">id</code> filter matches all or part of a node’s id.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls -f id=1
+
+ID                         HOSTNAME       STATUS  AVAILABILITY  MANAGER STATUS
+1bcef6utixb0l0ca7gxuivsj0  swarm-worker2  Ready   Active
+</pre></div> <h4 id="label">label</h4> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter matches nodes based on engine labels and on the presence of a <code class="language-plaintext highlighter-rouge">label</code> alone or a <code class="language-plaintext highlighter-rouge">label</code> and a value. Engine labels are configured in the <a href="../dockerd/index#daemon-configuration-file">daemon configuration</a>. To filter on Swarm <code class="language-plaintext highlighter-rouge">node</code> labels, use <a href="#nodelabel"><code class="language-plaintext highlighter-rouge">node.label</code> instead</a>.</p> <p>The following filter matches nodes with the <code class="language-plaintext highlighter-rouge">foo</code> label regardless of its value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls -f "label=foo"
+
+ID                         HOSTNAME       STATUS  AVAILABILITY  MANAGER STATUS
+1bcef6utixb0l0ca7gxuivsj0  swarm-worker2  Ready   Active
+</pre></div> <h4 id="nodelabel">node.label</h4> <p>The <code class="language-plaintext highlighter-rouge">node.label</code> filter matches nodes based on node labels and on the presence of a <code class="language-plaintext highlighter-rouge">node.label</code> alone or a <code class="language-plaintext highlighter-rouge">node.label</code> and a value.</p> <p>The following filter updates nodes to have a <code class="language-plaintext highlighter-rouge">region</code> node label:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --label-add region=region-a swarm-test-01
+$ docker node update --label-add region=region-a swarm-test-02
+$ docker node update --label-add region=region-b swarm-test-03
+$ docker node update --label-add region=region-b swarm-test-04
+</pre></div> <p>Show all nodes that have a <code class="language-plaintext highlighter-rouge">region</code> node label set:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls --filter node.label=region
+
+ID                            HOSTNAME        STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
+yg550ettvsjn6g6t840iaiwgb *   swarm-test-01   Ready     Active         Leader           20.10.2
+2lm9w9kbepgvkzkkeyku40e65     swarm-test-02   Ready     Active         Reachable        20.10.2
+hc0pu7ntc7s4uvj4pv7z7pz15     swarm-test-03   Ready     Active         Reachable        20.10.2
+n41b2cijmhifxxvz56vwrs12q     swarm-test-04   Ready     Active                          20.10.2
+</pre></div> <p>Show all nodes that have a <code class="language-plaintext highlighter-rouge">region</code> node label, with value <code class="language-plaintext highlighter-rouge">region-a</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls --filter node.label=region=region-a
+
+ID                            HOSTNAME        STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
+yg550ettvsjn6g6t840iaiwgb *   swarm-test-01   Ready     Active         Leader           20.10.2
+2lm9w9kbepgvkzkkeyku40e65     swarm-test-02   Ready     Active         Reachable        20.10.2
+</pre></div> <h4 id="membership">membership</h4> <p>The <code class="language-plaintext highlighter-rouge">membership</code> filter matches nodes based on the presence of a <code class="language-plaintext highlighter-rouge">membership</code> and a value <code class="language-plaintext highlighter-rouge">accepted</code> or <code class="language-plaintext highlighter-rouge">pending</code>.</p> <p>The following filter matches nodes with the <code class="language-plaintext highlighter-rouge">membership</code> of <code class="language-plaintext highlighter-rouge">accepted</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls -f "membership=accepted"
+
+ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
+1bcef6utixb0l0ca7gxuivsj0    swarm-worker2   Ready   Active
+38ciaotwjuritcdtn9npbnkuz    swarm-worker1   Ready   Active
+</pre></div> <h4 id="name">name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on all or part of a node hostname.</p> <p>The following filter matches the nodes with a name equal to <code class="language-plaintext highlighter-rouge">swarm-master</code> string.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls -f name=swarm-manager1
+
+ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
+e216jshn25ckzbvmwlnh5jr3g *  swarm-manager1  Ready   Active        Leader
+</pre></div> <h4 id="role">role</h4> <p>The <code class="language-plaintext highlighter-rouge">role</code> filter matches nodes based on the presence of a <code class="language-plaintext highlighter-rouge">role</code> and a value <code class="language-plaintext highlighter-rouge">worker</code> or <code class="language-plaintext highlighter-rouge">manager</code>.</p> <p>The following filter matches nodes with the <code class="language-plaintext highlighter-rouge">manager</code> role.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls -f "role=manager"
+
+ID                           HOSTNAME        STATUS  AVAILABILITY  MANAGER STATUS
+e216jshn25ckzbvmwlnh5jr3g *  swarm-manager1  Ready   Active        Leader
+</pre></div> <h3 id="formatting">Formatting</h3> <p>The formatting options (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints nodes output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Node ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Self</code></td> <td>Node of the daemon (<code class="language-plaintext highlighter-rouge">true/false</code>, <code class="language-plaintext highlighter-rouge">true</code>indicates that the node is the same as current docker daemon)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Hostname</code></td> <td>Node hostname</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Status</code></td> <td>Node status</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Availability</code></td> <td>Node availability (“active”, “pause”, or “drain”)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.ManagerStatus</code></td> <td>Manager status of the node</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.TLSStatus</code></td> <td>TLS status of the node (“Ready”, or “Needs Rotation” has TLS certificate signed by an old CA)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.EngineVersion</code></td> <td>Engine version</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">node ls</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code>, <code class="language-plaintext highlighter-rouge">Hostname</code>, and <code class="language-plaintext highlighter-rouge">TLS Status</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all nodes:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}"
+
+e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready
+35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../node/index">docker node</a></td> <td style="text-align: left">Manage Swarm nodes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../node_demote/index">docker node demote</a></td> <td>Demote one or more nodes from manager in the swarm</td> </tr> <tr> <td><a href="../node_inspect/index">docker node inspect</a></td> <td>Display detailed information on one or more nodes</td> </tr> <tr> <td><a href="index">docker node ls</a></td> <td>List nodes in the swarm</td> </tr> <tr> <td><a href="../node_promote/index">docker node promote</a></td> <td>Promote one or more nodes to manager in the swarm</td> </tr> <tr> <td><a href="../node_ps/index">docker node ps</a></td> <td>List tasks running on one or more nodes, defaults to current node</td> </tr> <tr> <td><a href="../node_rm/index">docker node rm</a></td> <td>Remove one or more nodes from the swarm</td> </tr> <tr> <td><a href="../node_update/index">docker node update</a></td> <td>Update a node</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/node_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/node_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_promote%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_promote%2Findex.html
new file mode 100644
index 00000000..f7f298cc
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_promote%2Findex.html
@@ -0,0 +1,8 @@
+<h1>docker node promote</h1>  <p><br></p> <p>Promote one or more nodes to manager in the swarm</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node promote NODE [NODE...]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Promotes a node to manager. This command can only be executed on a manager node.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node promote &lt;node name&gt;
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../node/index">docker node</a></td> <td style="text-align: left">Manage Swarm nodes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../node_demote/index">docker node demote</a></td> <td>Demote one or more nodes from manager in the swarm</td> </tr> <tr> <td><a href="../node_inspect/index">docker node inspect</a></td> <td>Display detailed information on one or more nodes</td> </tr> <tr> <td><a href="../node_ls/index">docker node ls</a></td> <td>List nodes in the swarm</td> </tr> <tr> <td><a href="index">docker node promote</a></td> <td>Promote one or more nodes to manager in the swarm</td> </tr> <tr> <td><a href="../node_ps/index">docker node ps</a></td> <td>List tasks running on one or more nodes, defaults to current node</td> </tr> <tr> <td><a href="../node_rm/index">docker node rm</a></td> <td>Remove one or more nodes from the swarm</td> </tr> <tr> <td><a href="../node_update/index">docker node update</a></td> <td>Update a node</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/node_promote/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/node_promote/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_ps%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_ps%2Findex.html
new file mode 100644
index 00000000..d410f8d0
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_ps%2Findex.html
@@ -0,0 +1,41 @@
+<h1>docker node ps</h1>  <p><br></p> <p>List tasks running on one or more nodes, defaults to current node</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node ps [OPTIONS] [NODE...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Lists all the tasks on a Node that Docker knows about. You can filter using the <code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code> flag. Refer to the <a href="#filtering">filtering</a> section for more information about available filter options.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print tasks using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-resolve</code></td> <td></td> <td>Do not map IDs to Names</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Do not truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display task IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node ps swarm-manager1
+
+NAME                                IMAGE        NODE            DESIRED STATE  CURRENT STATE
+redis.1.7q92v0nr1hcgts2amcjyqg3pq   redis:3.0.6  swarm-manager1  Running        Running 5 hours
+redis.6.b465edgho06e318egmgjbqo4o   redis:3.0.6  swarm-manager1  Running        Running 29 seconds
+redis.7.bg8c07zzg87di2mufeq51a2qp   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+redis.9.dkkual96p4bb3s6b10r7coxxt   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+redis.10.0tgctg8h8cech4w0k0gwrmr23  redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li><a href="#name">name</a></li> <li><a href="#id">id</a></li> <li><a href="#label">label</a></li> <li><a href="#desired-state">desired-state</a></li> </ul> <h4 id="name">name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on all or part of a task’s name.</p> <p>The following filter matches all tasks with a name containing the <code class="language-plaintext highlighter-rouge">redis</code> string.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ps -f name=redis swarm-manager1
+
+NAME                                IMAGE        NODE            DESIRED STATE  CURRENT STATE
+redis.1.7q92v0nr1hcgts2amcjyqg3pq   redis:3.0.6  swarm-manager1  Running        Running 5 hours
+redis.6.b465edgho06e318egmgjbqo4o   redis:3.0.6  swarm-manager1  Running        Running 29 seconds
+redis.7.bg8c07zzg87di2mufeq51a2qp   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+redis.9.dkkual96p4bb3s6b10r7coxxt   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+redis.10.0tgctg8h8cech4w0k0gwrmr23  redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+</pre></div> <h4 id="id">id</h4> <p>The <code class="language-plaintext highlighter-rouge">id</code> filter matches a task’s id.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1
+
+NAME                                IMAGE        NODE            DESIRED STATE  CURRENT STATE
+redis.7.bg8c07zzg87di2mufeq51a2qp   redis:3.0.6  swarm-manager1  Running        Running 5 seconds
+</pre></div> <h4 id="label">label</h4> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter matches tasks based on the presence of a <code class="language-plaintext highlighter-rouge">label</code> alone or a <code class="language-plaintext highlighter-rouge">label</code> and a value.</p> <p>The following filter matches tasks with the <code class="language-plaintext highlighter-rouge">usage</code> label regardless of its value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ps -f "label=usage"
+
+NAME                               IMAGE        NODE            DESIRED STATE  CURRENT STATE
+redis.6.b465edgho06e318egmgjbqo4o  redis:3.0.6  swarm-manager1  Running        Running 10 minutes
+redis.7.bg8c07zzg87di2mufeq51a2qp  redis:3.0.6  swarm-manager1  Running        Running 9 minutes
+</pre></div> <h4 id="desired-state">desired-state</h4> <p>The <code class="language-plaintext highlighter-rouge">desired-state</code> filter can take the values <code class="language-plaintext highlighter-rouge">running</code>, <code class="language-plaintext highlighter-rouge">shutdown</code>, or <code class="language-plaintext highlighter-rouge">accepted</code>.</p> <h3 id="formatting">Formatting</h3> <p>The formatting options (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints tasks output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Task ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Task name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Image</code></td> <td>Task image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Node</code></td> <td>Node ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.DesiredState</code></td> <td>Desired state of the task (<code class="language-plaintext highlighter-rouge">running</code>, <code class="language-plaintext highlighter-rouge">shutdown</code>, or <code class="language-plaintext highlighter-rouge">accepted</code>)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CurrentState</code></td> <td>Current state of the task</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Error</code></td> <td>Error</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Ports</code></td> <td>Task published ports</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">node ps</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">Name</code> and <code class="language-plaintext highlighter-rouge">Image</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all tasks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ps --format "{{.Name}}: {{.Image}}"
+
+top.1: busybox
+top.2: busybox
+top.3: busybox
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../node/index">docker node</a></td> <td style="text-align: left">Manage Swarm nodes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../node_demote/index">docker node demote</a></td> <td>Demote one or more nodes from manager in the swarm</td> </tr> <tr> <td><a href="../node_inspect/index">docker node inspect</a></td> <td>Display detailed information on one or more nodes</td> </tr> <tr> <td><a href="../node_ls/index">docker node ls</a></td> <td>List nodes in the swarm</td> </tr> <tr> <td><a href="../node_promote/index">docker node promote</a></td> <td>Promote one or more nodes to manager in the swarm</td> </tr> <tr> <td><a href="index">docker node ps</a></td> <td>List tasks running on one or more nodes, defaults to current node</td> </tr> <tr> <td><a href="../node_rm/index">docker node rm</a></td> <td>Remove one or more nodes from the swarm</td> </tr> <tr> <td><a href="../node_update/index">docker node update</a></td> <td>Update a node</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/node_ps/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/node_ps/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_rm%2Findex.html
new file mode 100644
index 00000000..d747fce2
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_rm%2Findex.html
@@ -0,0 +1,19 @@
+<h1>docker node rm</h1>  <p><br></p> <p>Remove one or more nodes from the swarm</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node rm [OPTIONS] NODE [NODE...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Removes the specified nodes from a swarm.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force remove a node from the swarm</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="remove-a-stopped-node-from-the-swarm">Remove a stopped node from the swarm</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker node rm swarm-node-02
+
+Node swarm-node-02 removed from swarm
+</pre></div> <h3 id="attempt-to-remove-a-running-node-from-a-swarm">Attempt to remove a running node from a swarm</h3> <p>Removes the specified nodes from the swarm, but only if the nodes are in the down state. If you attempt to remove an active node you will receive an error:</p> <pre data-language="">$ docker node rm swarm-node-03
+
+Error response from daemon: rpc error: code = 9 desc = node swarm-node-03 is not
+down and can't be removed
+</pre> <h3 id="forcibly-remove-an-inaccessible-node-from-a-swarm">Forcibly remove an inaccessible node from a swarm</h3> <p>If you lose access to a worker node or need to shut it down because it has been compromised or is not behaving as expected, you can use the <code class="language-plaintext highlighter-rouge">--force</code> option. This may cause transient errors or interruptions, depending on the type of task being run on the node.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node rm --force swarm-node-03
+
+Node swarm-node-03 removed from swarm
+</pre></div> <p>A manager node must be demoted to a worker node (using <code class="language-plaintext highlighter-rouge">docker node demote</code>) before you can remove it from the swarm.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../node/index">docker node</a></td> <td style="text-align: left">Manage Swarm nodes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../node_demote/index">docker node demote</a></td> <td>Demote one or more nodes from manager in the swarm</td> </tr> <tr> <td><a href="../node_inspect/index">docker node inspect</a></td> <td>Display detailed information on one or more nodes</td> </tr> <tr> <td><a href="../node_ls/index">docker node ls</a></td> <td>List nodes in the swarm</td> </tr> <tr> <td><a href="../node_promote/index">docker node promote</a></td> <td>Promote one or more nodes to manager in the swarm</td> </tr> <tr> <td><a href="../node_ps/index">docker node ps</a></td> <td>List tasks running on one or more nodes, defaults to current node</td> </tr> <tr> <td><a href="index">docker node rm</a></td> <td>Remove one or more nodes from the swarm</td> </tr> <tr> <td><a href="../node_update/index">docker node update</a></td> <td>Update a node</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/node_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/node_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_update%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_update%2Findex.html
new file mode 100644
index 00000000..41b5deb8
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fnode_update%2Findex.html
@@ -0,0 +1,10 @@
+<h1>docker node update</h1>  <p><br></p> <p>Update a node</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker node update [OPTIONS] NODE
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Update metadata about a node, such as its availability, labels, or roles.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--availability</code></td> <td></td> <td>Availability of the node ("active"|"pause"|"drain")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label-add</code></td> <td></td> <td>Add or update a node label (key=value)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label-rm</code></td> <td></td> <td>Remove a node label if exists</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--role</code></td> <td></td> <td>Role of the node ("worker"|"manager")</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="add-label-metadata-to-a-node">Add label metadata to a node</h3> <p>Add metadata to a swarm node using node labels. You can specify a node label as a key with an empty value:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --label-add foo worker1
+</pre></div> <p>To add multiple labels to a node, pass the <code class="language-plaintext highlighter-rouge">--label-add</code> flag for each label:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --label-add foo --label-add bar worker1
+</pre></div> <p>When you <a href="../service_create/index">create a service</a>, you can use node labels as a constraint. A constraint limits the nodes where the scheduler deploys tasks for a service.</p> <p>For example, to add a <code class="language-plaintext highlighter-rouge">type</code> label to identify nodes where the scheduler should deploy message queue service tasks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --label-add type=queue worker1
+</pre></div> <p>The labels you set for nodes using <code class="language-plaintext highlighter-rouge">docker node update</code> apply only to the node entity within the swarm. Do not confuse them with the docker daemon labels for <a href="../dockerd/index">dockerd</a>.</p> <p>For more information about labels, refer to <a href="https://docs.docker.com/config">apply custom metadata</a>.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../node/index">docker node</a></td> <td style="text-align: left">Manage Swarm nodes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../node_demote/index">docker node demote</a></td> <td>Demote one or more nodes from manager in the swarm</td> </tr> <tr> <td><a href="../node_inspect/index">docker node inspect</a></td> <td>Display detailed information on one or more nodes</td> </tr> <tr> <td><a href="../node_ls/index">docker node ls</a></td> <td>List nodes in the swarm</td> </tr> <tr> <td><a href="../node_promote/index">docker node promote</a></td> <td>Promote one or more nodes to manager in the swarm</td> </tr> <tr> <td><a href="../node_ps/index">docker node ps</a></td> <td>List tasks running on one or more nodes, defaults to current node</td> </tr> <tr> <td><a href="../node_rm/index">docker node rm</a></td> <td>Remove one or more nodes from the swarm</td> </tr> <tr> <td><a href="index">docker node update</a></td> <td>Update a node</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/node_update/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/node_update/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fpause%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fpause%2Findex.html
new file mode 100644
index 00000000..27a21f98
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fpause%2Findex.html
@@ -0,0 +1,8 @@
+<h1>docker pause</h1>  <p><br></p> <p>Pause all processes within one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker pause CONTAINER [CONTAINER...]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker pause</code> command suspends all processes in the specified containers. On Linux, this uses the freezer cgroup. Traditionally, when suspending a process the <code class="language-plaintext highlighter-rouge">SIGSTOP</code> signal is used, which is observable by the process being suspended. With the freezer cgroup the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed. On Windows, only Hyper-V containers can be paused.</p> <p>See the <a href="https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt">freezer cgroup documentation</a> for further details.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker pause my_container
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/pause/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/pause/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin%2Findex.html
new file mode 100644
index 00000000..c85edb41
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker plugin</h1>  <p><br></p> <p>Manage plugins</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage plugins.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_create%2Findex.html
new file mode 100644
index 00000000..2d445651
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_create%2Findex.html
@@ -0,0 +1,21 @@
+<h1>docker plugin create</h1>  <p><br></p> <p>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin create [OPTIONS] PLUGIN PLUGIN-DATA-DIR
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Creates a plugin. Before creating the plugin, prepare the plugin’s root filesystem as well as <a href="../../../extend/config/index">the config.json</a></p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--compress</code></td> <td></td> <td>Compress the context using gzip</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following example shows how to create a sample <code class="language-plaintext highlighter-rouge">plugin</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ ls -ls /home/pluginDir
+
+total 4
+4 -rw-r--r--  1 root root 431 Nov  7 01:40 config.json
+0 drwxr-xr-x 19 root root 420 Nov  7 01:40 rootfs
+
+$ docker plugin create plugin /home/pluginDir
+
+plugin
+
+$ docker plugin ls
+
+ID              NAME            DESCRIPTION                  ENABLED
+672d8144ec02    plugin:latest   A sample plugin for Docker   false
+</pre></div> <p>The plugin can subsequently be enabled for local use or pushed to the public registry.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_disable%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_disable%2Findex.html
new file mode 100644
index 00000000..682a8991
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_disable%2Findex.html
@@ -0,0 +1,21 @@
+<h1>docker plugin disable</h1>  <p><br></p> <p>Disable a plugin</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin disable [OPTIONS] PLUGIN
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Disables a plugin. The plugin must be installed before it can be disabled, see <a href="../plugin_install/index"><code class="language-plaintext highlighter-rouge">docker plugin install</code></a>. Without the <code class="language-plaintext highlighter-rouge">-f</code> option, a plugin that has references (e.g., volumes, networks) cannot be disabled.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force the disable of an active plugin</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following example shows that the <code class="language-plaintext highlighter-rouge">sample-volume-plugin</code> plugin is installed and enabled:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin ls
+
+ID            NAME                                    DESCRIPTION                ENABLED
+69553ca1d123  tiborvass/sample-volume-plugin:latest   A test plugin for Docker   true
+</pre></div> <p>To disable the plugin, use the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin disable tiborvass/sample-volume-plugin
+
+tiborvass/sample-volume-plugin
+
+$ docker plugin ls
+
+ID            NAME                                    DESCRIPTION                ENABLED
+69553ca1d123  tiborvass/sample-volume-plugin:latest   A test plugin for Docker   false
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_disable/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_disable/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_enable%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_enable%2Findex.html
new file mode 100644
index 00000000..c8f5e727
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_enable%2Findex.html
@@ -0,0 +1,19 @@
+<h1>docker plugin enable</h1>  <p><br></p> <p>Enable a plugin</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin enable [OPTIONS] PLUGIN
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Enables a plugin. The plugin must be installed before it can be enabled, see <a href="../plugin_install/index"><code class="language-plaintext highlighter-rouge">docker plugin install</code></a>.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--timeout</code></td> <td><code class="language-plaintext highlighter-rouge">30</code></td> <td>HTTP client timeout (in seconds)</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following example shows that the <code class="language-plaintext highlighter-rouge">sample-volume-plugin</code> plugin is installed, but disabled:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin ls
+
+ID            NAME                                    DESCRIPTION                ENABLED
+69553ca1d123  tiborvass/sample-volume-plugin:latest   A test plugin for Docker   false
+</pre></div> <p>To enable the plugin, use the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin enable tiborvass/sample-volume-plugin
+
+tiborvass/sample-volume-plugin
+
+$ docker plugin ls
+
+ID            NAME                                    DESCRIPTION                ENABLED
+69553ca1d123  tiborvass/sample-volume-plugin:latest   A test plugin for Docker   true
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_enable/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_enable/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_inspect%2Findex.html
new file mode 100644
index 00000000..60c7b0eb
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_inspect%2Findex.html
@@ -0,0 +1,118 @@
+<h1>docker plugin inspect</h1>  <p><br></p> <p>Display detailed information on one or more plugins</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Returns information about a plugin. By default, this command renders all results in a JSON array.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="inspect-a-plugin">Inspect a plugin</h3> <p>The following example example inspects the <code class="language-plaintext highlighter-rouge">tiborvass/sample-volume-plugin</code> plugin:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin inspect tiborvass/sample-volume-plugin:latest
+</pre></div> <p>Output is in JSON format (output below is formatted for readability):</p> <div class="highlight"><pre class="highlight" data-language="">{
+  "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21",
+  "Name": "tiborvass/sample-volume-plugin:latest",
+  "PluginReference": "tiborvas/sample-volume-plugin:latest",
+  "Enabled": true,
+  "Config": {
+    "Mounts": [
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": "/data",
+        "Destination": "/data",
+        "Type": "bind",
+        "Options": [
+          "shared",
+          "rbind"
+        ]
+      },
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": null,
+        "Destination": "/foobar",
+        "Type": "tmpfs",
+        "Options": null
+      }
+    ],
+    "Env": [
+      "DEBUG=1"
+    ],
+    "Args": null,
+    "Devices": null
+  },
+  "Manifest": {
+    "ManifestVersion": "v0",
+    "Description": "A test plugin for Docker",
+    "Documentation": "https://docs.docker.com/engine/extend/plugins/",
+    "Interface": {
+      "Types": [
+        "docker.volumedriver/1.0"
+      ],
+      "Socket": "plugins.sock"
+    },
+    "Entrypoint": [
+      "plugin-sample-volume-plugin",
+      "/data"
+    ],
+    "Workdir": "",
+    "User": {
+    },
+    "Network": {
+      "Type": "host"
+    },
+    "Capabilities": null,
+    "Mounts": [
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": "/data",
+        "Destination": "/data",
+        "Type": "bind",
+        "Options": [
+          "shared",
+          "rbind"
+        ]
+      },
+      {
+        "Name": "",
+        "Description": "",
+        "Settable": null,
+        "Source": null,
+        "Destination": "/foobar",
+        "Type": "tmpfs",
+        "Options": null
+      }
+    ],
+    "Devices": [
+      {
+        "Name": "device",
+        "Description": "a host device to mount",
+        "Settable": null,
+        "Path": "/dev/cpu_dma_latency"
+      }
+    ],
+    "Env": [
+      {
+        "Name": "DEBUG",
+        "Description": "If set, prints debug messages",
+        "Settable": null,
+        "Value": "1"
+      }
+    ],
+    "Args": {
+      "Name": "args",
+      "Description": "command line arguments",
+      "Settable": null,
+      "Value": [
+
+      ]
+    }
+  }
+}
+</pre></div> <h3 id="formatting-the-output">Formatting the output</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest
+
+8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_install%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_install%2Findex.html
new file mode 100644
index 00000000..8ea4c487
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_install%2Findex.html
@@ -0,0 +1,19 @@
+<h1>docker plugin install</h1>  <p><br></p> <p>Install a plugin</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin install [OPTIONS] PLUGIN [KEY=VALUE...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Installs and enables a plugin. Docker looks first for the plugin on your Docker host. If the plugin does not exist locally, then the plugin is pulled from the registry. Note that the minimum required registry version to distribute plugins is 2.3.0</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--alias</code></td> <td></td> <td>Local name for plugin</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable</code></td> <td></td> <td>Do not enable the plugin on install</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--grant-all-permissions</code></td> <td></td> <td>Grant all permissions necessary to run the plugin</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following example installs <code class="language-plaintext highlighter-rouge">vieus/sshfs</code> plugin and <a href="../plugin_set/index">sets</a> its <code class="language-plaintext highlighter-rouge">DEBUG</code> environment variable to <code class="language-plaintext highlighter-rouge">1</code>. To install, <code class="language-plaintext highlighter-rouge">pull</code> the plugin from Docker Hub and prompt the user to accept the list of privileges that the plugin needs, set the plugin’s parameters and enable the plugin.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin install vieux/sshfs DEBUG=1
+
+Plugin "vieux/sshfs" is requesting the following privileges:
+ - network: [host]
+ - device: [/dev/fuse]
+ - capabilities: [CAP_SYS_ADMIN]
+Do you grant the above permissions? [y/N] y
+vieux/sshfs
+</pre></div> <p>After the plugin is installed, it appears in the list of plugins:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin ls
+
+ID             NAME                  DESCRIPTION                ENABLED
+69553ca1d123   vieux/sshfs:latest    sshFS plugin for Docker    true
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_install/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_install/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_ls%2Findex.html
new file mode 100644
index 00000000..225f90a0
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_ls%2Findex.html
@@ -0,0 +1,25 @@
+<h1>docker plugin ls</h1>  <p><br></p> <p>List plugins</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin ls [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Lists all the plugins that are currently installed. You can install plugins using the <a href="../plugin_install/index"><code class="language-plaintext highlighter-rouge">docker plugin install</code></a> command. You can also filter using the <code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code> flag. Refer to the <a href="#filtering">filtering</a> section for more information about available filter options.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Provide filter values (e.g. 'enabled=true')</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print plugins using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Don't truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display plugin IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin ls
+
+ID            NAME                                    DESCRIPTION                ENABLED
+69553ca1d123  tiborvass/sample-volume-plugin:latest   A test plugin for Docker   true
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li>enabled (boolean - true or false, 0 or 1)</li> <li>capability (string - currently <code class="language-plaintext highlighter-rouge">volumedriver</code>, <code class="language-plaintext highlighter-rouge">networkdriver</code>, <code class="language-plaintext highlighter-rouge">ipamdriver</code>, <code class="language-plaintext highlighter-rouge">logdriver</code>, <code class="language-plaintext highlighter-rouge">metricscollector</code>, or <code class="language-plaintext highlighter-rouge">authz</code>)</li> </ul> <h4 id="enabled">enabled</h4> <p>The <code class="language-plaintext highlighter-rouge">enabled</code> filter matches on plugins enabled or disabled.</p> <h4 id="capability">capability</h4> <p>The <code class="language-plaintext highlighter-rouge">capability</code> filter matches on plugin capabilities. One plugin might have multiple capabilities. Currently <code class="language-plaintext highlighter-rouge">volumedriver</code>, <code class="language-plaintext highlighter-rouge">networkdriver</code>, <code class="language-plaintext highlighter-rouge">ipamdriver</code>, <code class="language-plaintext highlighter-rouge">logdriver</code>, <code class="language-plaintext highlighter-rouge">metricscollector</code>, and <code class="language-plaintext highlighter-rouge">authz</code> are supported capabilities.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin install --disable vieux/sshfs
+
+Installed plugin vieux/sshfs
+
+$ docker plugin ls --filter enabled=true
+
+ID                  NAME                DESCRIPTION         ENABLED
+</pre></div> <h3 id="formatting">Formatting</h3> <p>The formatting options (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints plugins output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Plugin ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Plugin name and tag</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Description</code></td> <td>Plugin description</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Enabled</code></td> <td>Whether plugin is enabled or not</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.PluginReference</code></td> <td>The reference used to push/pull from a registry</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">plugin ls</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code> and <code class="language-plaintext highlighter-rouge">Name</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all plugins:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin ls --format "{{.ID}}: {{.Name}}"
+
+4be01827a72e: vieux/sshfs:latest
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_push%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_push%2Findex.html
new file mode 100644
index 00000000..ff857723
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_push%2Findex.html
@@ -0,0 +1,13 @@
+<h1>docker plugin push</h1>  <p><br></p> <p>Push a plugin to a registry</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin push [OPTIONS] PLUGIN[:TAG]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">After you have created a plugin using <code class="language-plaintext highlighter-rouge">docker plugin create</code> and the plugin is ready for distribution, use <code class="language-plaintext highlighter-rouge">docker plugin push</code> to share your images to Docker Hub or a self-hosted registry.</p> <p>Registry credentials are managed by <a href="../login/index">docker login</a>.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image signing</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following example shows how to push a sample <code class="language-plaintext highlighter-rouge">user/plugin</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin ls
+
+ID             NAME                    DESCRIPTION                  ENABLED
+69553ca1d456   user/plugin:latest      A sample plugin for Docker   false
+
+$ docker plugin push user/plugin
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_push/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_push/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_rm%2Findex.html
new file mode 100644
index 00000000..5475811b
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_rm%2Findex.html
@@ -0,0 +1,16 @@
+<h1>docker plugin rm</h1>  <p><br></p> <p>Remove one or more plugins</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin rm [OPTIONS] PLUGIN [PLUGIN...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Removes a plugin. You cannot remove a plugin if it is enabled, you must disable a plugin using the <a href="../plugin_disable/index"><code class="language-plaintext highlighter-rouge">docker plugin disable</code></a> before removing it (or use --force, use of force is not recommended, since it can affect functioning of running containers using the plugin).</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force the removal of an active plugin</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following example disables and removes the <code class="language-plaintext highlighter-rouge">sample-volume-plugin:latest</code> plugin:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin disable tiborvass/sample-volume-plugin
+
+tiborvass/sample-volume-plugin
+
+$ docker plugin rm tiborvass/sample-volume-plugin:latest
+
+tiborvass/sample-volume-plugin
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_set%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_set%2Findex.html
new file mode 100644
index 00000000..0476182a
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_set%2Findex.html
@@ -0,0 +1,39 @@
+<h1>docker plugin set</h1>  <p><br></p> <p>Change settings for a plugin</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin set PLUGIN KEY=VALUE [KEY=VALUE...]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Change settings for a plugin. The plugin must be disabled.</p> <p>The settings currently supported are:</p> <ul> <li>env variables</li> <li>source of mounts</li> <li>path of devices</li> <li>args</li> </ul> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <h3 id="change-an-environment-variable">Change an environment variable</h3> <p>The following example change the env variable <code class="language-plaintext highlighter-rouge">DEBUG</code> on the <code class="language-plaintext highlighter-rouge">sample-volume-plugin</code> plugin.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin
+[DEBUG=0]
+
+$ docker plugin set tiborvass/sample-volume-plugin DEBUG=1
+
+$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin
+[DEBUG=1]
+</pre></div> <h3 id="change-the-source-of-a-mount">Change the source of a mount</h3> <p>The following example change the source of the <code class="language-plaintext highlighter-rouge">mymount</code> mount on the <code class="language-plaintext highlighter-rouge">myplugin</code> plugin.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin
+/foo
+
+$ docker plugins set myplugin mymount.source=/bar
+
+$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin
+/bar
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Since only <code class="language-plaintext highlighter-rouge">source</code> is settable in <code class="language-plaintext highlighter-rouge">mymount</code>, <code class="language-plaintext highlighter-rouge">docker plugins set mymount=/bar myplugin</code> would work too.</p> </blockquote> <h3 id="change-a-device-path">Change a device path</h3> <p>The following example change the path of the <code class="language-plaintext highlighter-rouge">mydevice</code> device on the <code class="language-plaintext highlighter-rouge">myplugin</code> plugin.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin
+
+/dev/foo
+
+$ docker plugins set myplugin mydevice.path=/dev/bar
+
+$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin
+
+/dev/bar
+</pre></div> <blockquote> <p><strong>Note</strong> Since only <code class="language-plaintext highlighter-rouge">path</code> is settable in <code class="language-plaintext highlighter-rouge">mydevice</code>, <code class="language-plaintext highlighter-rouge">docker plugins set mydevice=/dev/bar myplugin</code> would work too.</p> </blockquote> <h3 id="change-the-source-of-the-arguments">Change the source of the arguments</h3> <p>The following example change the value of the args on the <code class="language-plaintext highlighter-rouge">myplugin</code> plugin.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin inspect -f '{{.Settings.Args}}' myplugin
+
+["foo", "bar"]
+
+$ docker plugins set myplugin myargs="foo bar baz"
+
+$ docker plugin inspect -f '{{.Settings.Args}}' myplugin
+
+["foo", "bar", "baz"]
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="../plugin_upgrade/index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_set/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_set/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_upgrade%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_upgrade%2Findex.html
new file mode 100644
index 00000000..cdc99b44
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fplugin_upgrade%2Findex.html
@@ -0,0 +1,52 @@
+<h1>docker plugin upgrade</h1>  <p><br></p> <p>Upgrade an existing plugin</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin upgrade [OPTIONS] PLUGIN [REMOTE]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Upgrades an existing plugin to the specified remote plugin image. If no remote is specified, Docker will re-pull the current image and use the updated version. All existing references to the plugin will continue to work. The plugin must be disabled before running the upgrade.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--grant-all-permissions</code></td> <td></td> <td>Grant all permissions necessary to run the plugin</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--skip-remote-check</code></td> <td></td> <td>Do not check if specified remote plugin matches existing plugin image</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following example installs <code class="language-plaintext highlighter-rouge">vieus/sshfs</code> plugin, uses it to create and use a volume, then upgrades the plugin.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker plugin install vieux/sshfs DEBUG=1
+
+Plugin "vieux/sshfs:next" is requesting the following privileges:
+ - network: [host]
+ - device: [/dev/fuse]
+ - capabilities: [CAP_SYS_ADMIN]
+Do you grant the above permissions? [y/N] y
+vieux/sshfs:next
+
+$ docker volume create -d vieux/sshfs:next -o sshcmd=root@1.2.3.4:/tmp/shared -o password=XXX sshvolume
+
+sshvolume
+
+$ docker run -it -v sshvolume:/data alpine sh -c "touch /data/hello"
+
+$ docker plugin disable -f vieux/sshfs:next
+
+viex/sshfs:next
+
+# Here docker volume ls doesn't show 'sshfsvolume', since the plugin is disabled
+$ docker volume ls
+
+DRIVER              VOLUME NAME
+
+$ docker plugin upgrade vieux/sshfs:next vieux/sshfs:next
+
+Plugin "vieux/sshfs:next" is requesting the following privileges:
+ - network: [host]
+ - device: [/dev/fuse]
+ - capabilities: [CAP_SYS_ADMIN]
+Do you grant the above permissions? [y/N] y
+Upgrade plugin vieux/sshfs:next to vieux/sshfs:next
+
+$ docker plugin enable vieux/sshfs:next
+
+viex/sshfs:next
+
+$ docker volume ls
+
+DRIVER              VOLUME NAME
+viuex/sshfs:next    sshvolume
+
+$ docker run -it -v sshvolume:/data alpine sh -c "ls /data"
+
+hello
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../plugin/index">docker plugin</a></td> <td style="text-align: left">Manage plugins</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../plugin_create/index">docker plugin create</a></td> <td>Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory.</td> </tr> <tr> <td><a href="../plugin_disable/index">docker plugin disable</a></td> <td>Disable a plugin</td> </tr> <tr> <td><a href="../plugin_enable/index">docker plugin enable</a></td> <td>Enable a plugin</td> </tr> <tr> <td><a href="../plugin_inspect/index">docker plugin inspect</a></td> <td>Display detailed information on one or more plugins</td> </tr> <tr> <td><a href="../plugin_install/index">docker plugin install</a></td> <td>Install a plugin</td> </tr> <tr> <td><a href="../plugin_ls/index">docker plugin ls</a></td> <td>List plugins</td> </tr> <tr> <td><a href="../plugin_push/index">docker plugin push</a></td> <td>Push a plugin to a registry</td> </tr> <tr> <td><a href="../plugin_rm/index">docker plugin rm</a></td> <td>Remove one or more plugins</td> </tr> <tr> <td><a href="../plugin_set/index">docker plugin set</a></td> <td>Change settings for a plugin</td> </tr> <tr> <td><a href="index">docker plugin upgrade</a></td> <td>Upgrade an existing plugin</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/plugin_upgrade/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/plugin_upgrade/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fport%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fport%2Findex.html
new file mode 100644
index 00000000..122a0db5
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fport%2Findex.html
@@ -0,0 +1,28 @@
+<h1>docker port</h1>  <p><br></p> <p>List port mappings or a specific mapping for the container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker port CONTAINER [PRIVATE_PORT[/PROTO]]
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <h3 id="show-all-mapped-ports">Show all mapped ports</h3> <p>You can find out all the ports mapped by not specifying a <code class="language-plaintext highlighter-rouge">PRIVATE_PORT</code>, or just a specific mapping:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                            NAMES
+b650456536c7        busybox:latest      top                 54 minutes ago      Up 54 minutes       0.0.0.0:1234-&gt;9876/tcp, 0.0.0.0:4321-&gt;7890/tcp   test
+
+$ docker port test
+
+7890/tcp -&gt; 0.0.0.0:4321
+9876/tcp -&gt; 0.0.0.0:1234
+
+$ docker port test 7890/tcp
+
+0.0.0.0:4321
+
+$ docker port test 7890/udp
+
+2014/06/24 11:53:36 Error: No public port '7890/udp' published for test
+
+$ docker port test 7890
+
+0.0.0.0:4321
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/port/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/port/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fps%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fps%2Findex.html
new file mode 100644
index 00000000..72e25f21
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fps%2Findex.html
@@ -0,0 +1,172 @@
+<h1>docker ps</h1>  <p><br></p> <p>List containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker ps [OPTIONS]
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Show all containers (default shows just running)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print containers using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--last</code> , <code class="language-plaintext highlighter-rouge">-n</code>
+</td> <td><code class="language-plaintext highlighter-rouge">-1</code></td> <td>Show n last created containers (includes all states)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--latest</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Show the latest created container (includes all states)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Don't truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display container IDs</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--size</code> , <code class="language-plaintext highlighter-rouge">-s</code>
+</td> <td></td> <td>Display total file sizes</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="prevent-truncating-output">Prevent truncating output</h3> <p>Running <code class="language-plaintext highlighter-rouge">docker ps --no-trunc</code> showing 2 linked containers.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps
+
+CONTAINER ID        IMAGE                        COMMAND                CREATED              STATUS              PORTS               NAMES
+4c01db0b339c        ubuntu:12.04                 bash                   17 seconds ago       Up 16 seconds       3300-3310/tcp       webapp
+d7886598dbe2        crosbymichael/redis:latest   /redis-server --dir    33 minutes ago       Up 33 minutes       6379/tcp            redis,webapp/db
+</pre></div> <h3 id="show-both-running-and-stopped-containers">Show both running and stopped containers</h3> <p>The <code class="language-plaintext highlighter-rouge">docker ps</code> command only shows running containers by default. To see all containers, use the <code class="language-plaintext highlighter-rouge">-a</code> (or <code class="language-plaintext highlighter-rouge">--all</code>) flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps -a
+</pre></div> <p><code class="language-plaintext highlighter-rouge">docker ps</code> groups exposed ports into a single range if possible. E.g., a container that exposes TCP ports <code class="language-plaintext highlighter-rouge">100, 101, 102</code> displays <code class="language-plaintext highlighter-rouge">100-102/tcp</code> in the <code class="language-plaintext highlighter-rouge">PORTS</code> column.</p> <h3 id="show-disk-usage-by-container">Show disk usage by container</h3> <p>The <code class="language-plaintext highlighter-rouge">docker ps -s</code> command displays two different on-disk-sizes for each container:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps -s
+
+CONTAINER ID   IMAGE          COMMAND                  CREATED        STATUS       PORTS   NAMES        SIZE                                                                                      SIZE
+e90b8831a4b8   nginx          "/bin/bash -c 'mkdir "   11 weeks ago   Up 4 hours           my_nginx     35.58 kB (virtual 109.2 MB)
+00c6131c5e30   telegraf:1.5   "/entrypoint.sh"         11 weeks ago   Up 11 weeks          my_telegraf  0 B (virtual 209.5 MB)
+</pre></div> <ul> <li>The “size” information shows the amount of data (on disk) that is used for the <em>writable</em> layer of each container</li> <li>The “virtual size” is the total amount of disk-space used for the read-only <em>image</em> data used by the container and the writable layer.</li> </ul> <p>For more information, refer to the <a href="https://docs.docker.com/storage/storagedriver/#container-size-on-disk">container size on disk</a> section.</p> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is a <code class="language-plaintext highlighter-rouge">key=value</code> pair. If there is more than one filter, then pass multiple flags (e.g. <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <table> <thead> <tr> <th style="text-align: left">Filter</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">id</code></td> <td style="text-align: left">Container’s ID</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">name</code></td> <td style="text-align: left">Container’s name</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">label</code></td> <td style="text-align: left">An arbitrary string representing either a key or a key-value pair. Expressed as <code class="language-plaintext highlighter-rouge">&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">&lt;key&gt;=&lt;value&gt;</code>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">exited</code></td> <td style="text-align: left">An integer representing the container’s exit code. Only useful with <code class="language-plaintext highlighter-rouge">--all</code>.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">status</code></td> <td style="text-align: left">One of <code class="language-plaintext highlighter-rouge">created</code>, <code class="language-plaintext highlighter-rouge">restarting</code>, <code class="language-plaintext highlighter-rouge">running</code>, <code class="language-plaintext highlighter-rouge">removing</code>, <code class="language-plaintext highlighter-rouge">paused</code>, <code class="language-plaintext highlighter-rouge">exited</code>, or <code class="language-plaintext highlighter-rouge">dead</code>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">ancestor</code></td> <td style="text-align: left">Filters containers which share a given image as an ancestor. Expressed as <code class="language-plaintext highlighter-rouge">&lt;image-name&gt;[:&lt;tag&gt;]</code>, <code class="language-plaintext highlighter-rouge">&lt;image id&gt;</code>, or <code class="language-plaintext highlighter-rouge">&lt;image@digest&gt;</code>
+</td> </tr> <tr> <td style="text-align: left">
+<code class="language-plaintext highlighter-rouge">before</code> or <code class="language-plaintext highlighter-rouge">since</code>
+</td> <td style="text-align: left">Filters containers created before or after a given container ID or name</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">volume</code></td> <td style="text-align: left">Filters running containers which have mounted a given volume or bind mount.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">network</code></td> <td style="text-align: left">Filters running containers connected to a given network.</td> </tr> <tr> <td style="text-align: left">
+<code class="language-plaintext highlighter-rouge">publish</code> or <code class="language-plaintext highlighter-rouge">expose</code>
+</td> <td style="text-align: left">Filters containers which publish or expose a given port. Expressed as <code class="language-plaintext highlighter-rouge">&lt;port&gt;[/&lt;proto&gt;]</code> or <code class="language-plaintext highlighter-rouge">&lt;startport-endport&gt;/[&lt;proto&gt;]</code>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">health</code></td> <td style="text-align: left">Filters containers based on their healthcheck status. One of <code class="language-plaintext highlighter-rouge">starting</code>, <code class="language-plaintext highlighter-rouge">healthy</code>, <code class="language-plaintext highlighter-rouge">unhealthy</code> or <code class="language-plaintext highlighter-rouge">none</code>.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">isolation</code></td> <td style="text-align: left">Windows daemon only. One of <code class="language-plaintext highlighter-rouge">default</code>, <code class="language-plaintext highlighter-rouge">process</code>, or <code class="language-plaintext highlighter-rouge">hyperv</code>.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">is-task</code></td> <td style="text-align: left">Filters containers that are a “task” for a service. Boolean option (<code class="language-plaintext highlighter-rouge">true</code> or <code class="language-plaintext highlighter-rouge">false</code>)</td> </tr> </tbody> </table> <h4 id="label">label</h4> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter matches containers based on the presence of a <code class="language-plaintext highlighter-rouge">label</code> alone or a <code class="language-plaintext highlighter-rouge">label</code> and a value.</p> <p>The following filter matches containers with the <code class="language-plaintext highlighter-rouge">color</code> label regardless of its value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter "label=color"
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+673394ef1d4c        busybox             "top"               47 seconds ago      Up 45 seconds                           nostalgic_shockley
+d85756f57265        busybox             "top"               52 seconds ago      Up 51 seconds                           high_albattani
+</pre></div> <p>The following filter matches containers with the <code class="language-plaintext highlighter-rouge">color</code> label with the <code class="language-plaintext highlighter-rouge">blue</code> value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter "label=color=blue"
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+d85756f57265        busybox             "top"               About a minute ago   Up About a minute                       high_albattani
+</pre></div> <h4 id="name">name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on all or part of a container’s name.</p> <p>The following filter matches all containers with a name containing the <code class="language-plaintext highlighter-rouge">nostalgic_stallman</code> string.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter "name=nostalgic_stallman"
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+9b6247364a03        busybox             "top"               2 minutes ago       Up 2 minutes                            nostalgic_stallman
+</pre></div> <p>You can also filter for a substring in a name as this shows:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter "name=nostalgic"
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+715ebfcee040        busybox             "top"               3 seconds ago       Up 1 second                             i_am_nostalgic
+9b6247364a03        busybox             "top"               7 minutes ago       Up 7 minutes                            nostalgic_stallman
+673394ef1d4c        busybox             "top"               38 minutes ago      Up 38 minutes                           nostalgic_shockley
+</pre></div> <h4 id="exited">exited</h4> <p>The <code class="language-plaintext highlighter-rouge">exited</code> filter matches containers by exist status code. For example, to filter for containers that have exited successfully:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps -a --filter 'exited=0'
+
+CONTAINER ID        IMAGE             COMMAND                CREATED             STATUS                   PORTS                      NAMES
+ea09c3c82f6e        registry:latest   /srv/run.sh            2 weeks ago         Exited (0) 2 weeks ago   127.0.0.1:5000-&gt;5000/tcp   desperate_leakey
+106ea823fe4e        fedora:latest     /bin/sh -c 'bash -l'   2 weeks ago         Exited (0) 2 weeks ago                              determined_albattani
+48ee228c9464        fedora:20         bash                   2 weeks ago         Exited (0) 2 weeks ago                              tender_torvalds
+</pre></div> <h4 id="filter-by-exit-signal">Filter by exit signal</h4> <p>You can use a filter to locate containers that exited with status of <code class="language-plaintext highlighter-rouge">137</code> meaning a <code class="language-plaintext highlighter-rouge">SIGKILL(9)</code> killed them.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps -a --filter 'exited=137'
+
+CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                       PORTS               NAMES
+b3e1c0ed5bfe        ubuntu:latest       "sleep 1000"           12 seconds ago      Exited (137) 5 seconds ago                       grave_kowalevski
+a2eb5558d669        redis:latest        "/entrypoint.sh redi   2 hours ago         Exited (137) 2 hours ago                         sharp_lalande
+</pre></div> <p>Any of these events result in a <code class="language-plaintext highlighter-rouge">137</code> status:</p> <ul> <li>the <code class="language-plaintext highlighter-rouge">init</code> process of the container is killed manually</li> <li>
+<code class="language-plaintext highlighter-rouge">docker kill</code> kills the container</li> <li>Docker daemon restarts which kills all running containers</li> </ul> <h4 id="status">status</h4> <p>The <code class="language-plaintext highlighter-rouge">status</code> filter matches containers by status. You can filter using <code class="language-plaintext highlighter-rouge">created</code>, <code class="language-plaintext highlighter-rouge">restarting</code>, <code class="language-plaintext highlighter-rouge">running</code>, <code class="language-plaintext highlighter-rouge">removing</code>, <code class="language-plaintext highlighter-rouge">paused</code>, <code class="language-plaintext highlighter-rouge">exited</code> and <code class="language-plaintext highlighter-rouge">dead</code>. For example, to filter for <code class="language-plaintext highlighter-rouge">running</code> containers:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter status=running
+
+CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS              PORTS               NAMES
+715ebfcee040        busybox                "top"               16 minutes ago      Up 16 minutes                           i_am_nostalgic
+d5c976d3c462        busybox                "top"               23 minutes ago      Up 23 minutes                           top
+9b6247364a03        busybox                "top"               24 minutes ago      Up 24 minutes                           nostalgic_stallman
+</pre></div> <p>To filter for <code class="language-plaintext highlighter-rouge">paused</code> containers:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter status=paused
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
+673394ef1d4c        busybox             "top"               About an hour ago   Up About an hour (Paused)                       nostalgic_shockley
+</pre></div> <h4 id="ancestor">ancestor</h4> <p>The <code class="language-plaintext highlighter-rouge">ancestor</code> filter matches containers based on its image or a descendant of it. The filter supports the following image representation:</p> <ul> <li><code class="language-plaintext highlighter-rouge">image</code></li> <li><code class="language-plaintext highlighter-rouge">image:tag</code></li> <li><code class="language-plaintext highlighter-rouge">image:tag@digest</code></li> <li><code class="language-plaintext highlighter-rouge">short-id</code></li> <li><code class="language-plaintext highlighter-rouge">full-id</code></li> </ul> <p>If you don’t specify a <code class="language-plaintext highlighter-rouge">tag</code>, the <code class="language-plaintext highlighter-rouge">latest</code> tag is used. For example, to filter for containers that use the latest <code class="language-plaintext highlighter-rouge">ubuntu</code> image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter ancestor=ubuntu
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+919e1179bdb8        ubuntu-c1           "top"               About a minute ago   Up About a minute                       admiring_lovelace
+5d1e4a540723        ubuntu-c2           "top"               About a minute ago   Up About a minute                       admiring_sammet
+82a598284012        ubuntu              "top"               3 minutes ago        Up 3 minutes                            sleepy_bose
+bab2a34ba363        ubuntu              "top"               3 minutes ago        Up 3 minutes                            focused_yonath
+</pre></div> <p>Match containers based on the <code class="language-plaintext highlighter-rouge">ubuntu-c1</code> image which, in this case, is a child of <code class="language-plaintext highlighter-rouge">ubuntu</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter ancestor=ubuntu-c1
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+919e1179bdb8        ubuntu-c1           "top"               About a minute ago   Up About a minute                       admiring_lovelace
+</pre></div> <p>Match containers based on the <code class="language-plaintext highlighter-rouge">ubuntu</code> version <code class="language-plaintext highlighter-rouge">12.04.5</code> image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter ancestor=ubuntu:12.04.5
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+82a598284012        ubuntu:12.04.5      "top"               3 minutes ago        Up 3 minutes                            sleepy_bose
+</pre></div> <p>The following matches containers based on the layer <code class="language-plaintext highlighter-rouge">d0e008c6cf02</code> or an image that have this layer in its layer stack.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter ancestor=d0e008c6cf02
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
+82a598284012        ubuntu:12.04.5      "top"               3 minutes ago        Up 3 minutes                            sleepy_bose
+</pre></div> <h4 id="create-time">Create time</h4> <h5 id="before">before</h5> <p>The <code class="language-plaintext highlighter-rouge">before</code> filter shows only containers created before the container with given id or name. For example, having these containers created:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps
+
+CONTAINER ID        IMAGE       COMMAND       CREATED              STATUS              PORTS              NAMES
+9c3527ed70ce        busybox     "top"         14 seconds ago       Up 15 seconds                          desperate_dubinsky
+4aace5031105        busybox     "top"         48 seconds ago       Up 49 seconds                          focused_hamilton
+6e63f6ff38b0        busybox     "top"         About a minute ago   Up About a minute                      distracted_fermat
+</pre></div> <p>Filtering with <code class="language-plaintext highlighter-rouge">before</code> would give:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps -f before=9c3527ed70ce
+
+CONTAINER ID        IMAGE       COMMAND       CREATED              STATUS              PORTS              NAMES
+4aace5031105        busybox     "top"         About a minute ago   Up About a minute                      focused_hamilton
+6e63f6ff38b0        busybox     "top"         About a minute ago   Up About a minute                      distracted_fermat
+</pre></div> <h5 id="since">since</h5> <p>The <code class="language-plaintext highlighter-rouge">since</code> filter shows only containers created since the container with given id or name. For example, with the same containers as in <code class="language-plaintext highlighter-rouge">before</code> filter:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps -f since=6e63f6ff38b0
+
+CONTAINER ID        IMAGE       COMMAND       CREATED             STATUS              PORTS               NAMES
+9c3527ed70ce        busybox     "top"         10 minutes ago      Up 10 minutes                           desperate_dubinsky
+4aace5031105        busybox     "top"         10 minutes ago      Up 10 minutes                           focused_hamilton
+</pre></div> <h4 id="volume">volume</h4> <p>The <code class="language-plaintext highlighter-rouge">volume</code> filter shows only containers that mount a specific volume or have a volume mounted in a specific path:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}"
+
+CONTAINER ID        MOUNTS
+9c3527ed70ce        remote-volume
+
+$ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}"
+
+CONTAINER ID        MOUNTS
+9c3527ed70ce        remote-volume
+</pre></div> <h4 id="network">network</h4> <p>The <code class="language-plaintext highlighter-rouge">network</code> filter shows only containers that are connected to a network with a given name or id.</p> <p>The following filter matches all containers that are connected to a network with a name containing <code class="language-plaintext highlighter-rouge">net1</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d --net=net1 --name=test1 ubuntu top
+$ docker run -d --net=net2 --name=test2 ubuntu top
+
+$ docker ps --filter network=net1
+
+CONTAINER ID        IMAGE       COMMAND       CREATED             STATUS              PORTS               NAMES
+9d4893ed80fe        ubuntu      "top"         10 minutes ago      Up 10 minutes                           test1
+</pre></div> <p>The network filter matches on both the network’s name and id. The following example shows all containers that are attached to the <code class="language-plaintext highlighter-rouge">net1</code> network, using the network id as a filter;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network inspect --format "{{.ID}}" net1
+
+8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5
+
+$ docker ps --filter network=8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5
+
+CONTAINER ID        IMAGE       COMMAND       CREATED             STATUS              PORTS               NAMES
+9d4893ed80fe        ubuntu      "top"         10 minutes ago      Up 10 minutes                           test1
+</pre></div> <h4 id="publish-and-expose">publish and expose</h4> <p>The <code class="language-plaintext highlighter-rouge">publish</code> and <code class="language-plaintext highlighter-rouge">expose</code> filters show only containers that have published or exposed port with a given port number, port range, and/or protocol. The default protocol is <code class="language-plaintext highlighter-rouge">tcp</code> when not specified.</p> <p>The following filter matches all containers that have published port of 80:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d --publish=80 busybox top
+$ docker run -d --expose=8080 busybox top
+
+$ docker ps -a
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
+9833437217a5        busybox             "top"               5 seconds ago       Up 4 seconds        8080/tcp                dreamy_mccarthy
+fc7e477723b7        busybox             "top"               50 seconds ago      Up 50 seconds       0.0.0.0:32768-&gt;80/tcp   admiring_roentgen
+
+$ docker ps --filter publish=80
+
+CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS                   NAMES
+fc7e477723b7        busybox             "top"               About a minute ago   Up About a minute   0.0.0.0:32768-&gt;80/tcp   admiring_roentgen
+</pre></div> <p>The following filter matches all containers that have exposed TCP port in the range of <code class="language-plaintext highlighter-rouge">8000-8080</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter expose=8000-8080/tcp
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+9833437217a5        busybox             "top"               21 seconds ago      Up 19 seconds       8080/tcp            dreamy_mccarthy
+</pre></div> <p>The following filter matches all containers that have exposed UDP port <code class="language-plaintext highlighter-rouge">80</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter publish=80/udp
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+</pre></div> <h3 id="formatting">Formatting</h3> <p>The formatting option (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints container output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th style="text-align: left">Placeholder</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.ID</code></td> <td style="text-align: left">Container ID</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Image</code></td> <td style="text-align: left">Image ID</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Command</code></td> <td style="text-align: left">Quoted command</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.CreatedAt</code></td> <td style="text-align: left">Time when the container was created.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.RunningFor</code></td> <td style="text-align: left">Elapsed time since the container was started.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Ports</code></td> <td style="text-align: left">Exposed ports.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.State</code></td> <td style="text-align: left">Container status (for example; “created”, “running”, “exited”).</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Status</code></td> <td style="text-align: left">Container status with details about duration and health-status.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Size</code></td> <td style="text-align: left">Container disk size.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Names</code></td> <td style="text-align: left">Container names.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Labels</code></td> <td style="text-align: left">All labels assigned to the container.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Label</code></td> <td style="text-align: left">Value of a specific label for this container. For example <code class="language-plaintext highlighter-rouge">'{{.Label "com.docker.swarm.cpu"}}'</code>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Mounts</code></td> <td style="text-align: left">Names of the volumes mounted in this container.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Networks</code></td> <td style="text-align: left">Names of the networks attached to this container.</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">ps</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code> and <code class="language-plaintext highlighter-rouge">Command</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all running containers:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --format "{{.ID}}: {{.Command}}"
+
+a87ecb4f327c: /bin/sh -c #(nop) MA
+01946d9d34d8: /bin/sh -c #(nop) MA
+c1d3b0166030: /bin/sh -c yum -y up
+41d50ecd2f57: /bin/sh -c #(nop) MA
+</pre></div> <p>To list all running containers with their labels in a table format you can use:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --format "table {{.ID}}\t{{.Labels}}"
+
+CONTAINER ID        LABELS
+a87ecb4f327c        com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd
+01946d9d34d8
+c1d3b0166030        com.docker.swarm.node=debian,com.docker.swarm.cpu=6
+41d50ecd2f57        com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/ps/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/ps/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fpull%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fpull%2Findex.html
new file mode 100644
index 00000000..72672345
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fpull%2Findex.html
@@ -0,0 +1,72 @@
+<h1>docker pull</h1>  <p><br></p> <p>Pull an image or a repository from a registry</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker pull [OPTIONS] NAME[:TAG|@DIGEST]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Most of your images will be created on top of a base image from the <a href="https://hub.docker.com">Docker Hub</a> registry.</p> <p><a href="https://hub.docker.com">Docker Hub</a> contains many pre-built images that you can <code class="language-plaintext highlighter-rouge">pull</code> and try without needing to define and configure your own.</p> <p>To download a particular image, or set of images (i.e., a repository), use <code class="language-plaintext highlighter-rouge">docker pull</code>.</p> <h3 id="proxy-configuration">Proxy configuration</h3> <p>If you are behind an HTTP proxy server, for example in corporate settings, before open a connect to registry, you may need to configure the Docker daemon’s proxy settings, using the <code class="language-plaintext highlighter-rouge">HTTP_PROXY</code>, <code class="language-plaintext highlighter-rouge">HTTPS_PROXY</code>, and <code class="language-plaintext highlighter-rouge">NO_PROXY</code> environment variables. To set these environment variables on a host using <code class="language-plaintext highlighter-rouge">systemd</code>, refer to the <a href="https://docs.docker.com/config/daemon/systemd/#httphttps-proxy">control and configure Docker with systemd</a> for variables configuration.</p> <h3 id="concurrent-downloads">Concurrent downloads</h3> <p>By default the Docker daemon will pull three layers of an image at a time. If you are on a low bandwidth connection this may cause timeout issues and you may want to lower this via the <code class="language-plaintext highlighter-rouge">--max-concurrent-downloads</code> daemon option. See the <a href="../dockerd/index">daemon documentation</a> for more details.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all-tags</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Download all tagged images in the repository</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>Set platform if server is multi-platform capable</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress verbose output</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="pull-an-image-from-docker-hub">Pull an image from Docker Hub</h3> <p>To download a particular image, or set of images (i.e., a repository), use <code class="language-plaintext highlighter-rouge">docker pull</code>. If no tag is provided, Docker Engine uses the <code class="language-plaintext highlighter-rouge">:latest</code> tag as a default. This command pulls the <code class="language-plaintext highlighter-rouge">debian:latest</code> image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pull debian
+
+Using default tag: latest
+latest: Pulling from library/debian
+fdd5d7827f33: Pull complete
+a3ed95caeb02: Pull complete
+Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa
+Status: Downloaded newer image for debian:latest
+</pre></div> <p>Docker images can consist of multiple layers. In the example above, the image consists of two layers; <code class="language-plaintext highlighter-rouge">fdd5d7827f33</code> and <code class="language-plaintext highlighter-rouge">a3ed95caeb02</code>.</p> <p>Layers can be reused by images. For example, the <code class="language-plaintext highlighter-rouge">debian:jessie</code> image shares both layers with <code class="language-plaintext highlighter-rouge">debian:latest</code>. Pulling the <code class="language-plaintext highlighter-rouge">debian:jessie</code> image therefore only pulls its metadata, but not its layers, because all layers are already present locally:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pull debian:jessie
+
+jessie: Pulling from library/debian
+fdd5d7827f33: Already exists
+a3ed95caeb02: Already exists
+Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e
+Status: Downloaded newer image for debian:jessie
+</pre></div> <p>To see which images are present locally, use the <a href="../images/index"><code class="language-plaintext highlighter-rouge">docker images</code></a> command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images
+
+REPOSITORY   TAG      IMAGE ID        CREATED      SIZE
+debian       jessie   f50f9524513f    5 days ago   125.1 MB
+debian       latest   f50f9524513f    5 days ago   125.1 MB
+</pre></div> <p>Docker uses a content-addressable image store, and the image ID is a SHA256 digest covering the image’s configuration and layers. In the example above, <code class="language-plaintext highlighter-rouge">debian:jessie</code> and <code class="language-plaintext highlighter-rouge">debian:latest</code> have the same image ID because they are actually the <em>same</em> image tagged with different names. Because they are the same image, their layers are stored only once and do not consume extra disk space.</p> <p>For more information about images, layers, and the content-addressable store, refer to <a href="https://docs.docker.com/storage/storagedriver/">understand images, containers, and storage drivers</a>.</p> <h3 id="pull-an-image-by-digest-immutable-identifier">Pull an image by digest (immutable identifier)</h3> <p>So far, you’ve pulled images by their name (and “tag”). Using names and tags is a convenient way to work with images. When using tags, you can <code class="language-plaintext highlighter-rouge">docker pull</code> an image again to make sure you have the most up-to-date version of that image. For example, <code class="language-plaintext highlighter-rouge">docker pull ubuntu:20.04</code> pulls the latest version of the Ubuntu 20.04 image.</p> <p>In some cases you don’t want images to be updated to newer versions, but prefer to use a fixed version of an image. Docker enables you to pull an image by its <em>digest</em>. When pulling an image by digest, you specify <em>exactly</em> which version of an image to pull. Doing so, allows you to “pin” an image to that version, and guarantee that the image you’re using is always the same.</p> <p>To know the digest of an image, pull the image first. Let’s pull the latest <code class="language-plaintext highlighter-rouge">ubuntu:20.04</code> image from Docker Hub:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pull ubuntu:20.04
+
+20.04: Pulling from library/ubuntu
+16ec32c2132b: Pull complete
+Digest: sha256:82becede498899ec668628e7cb0ad87b6e1c371cb8a1e597d83a47fac21d6af3
+Status: Downloaded newer image for ubuntu:20.04
+docker.io/library/ubuntu:20.04
+</pre></div> <p>Docker prints the digest of the image after the pull has finished. In the example above, the digest of the image is:</p> <div class="highlight"><pre class="highlight" data-language="">sha256:82becede498899ec668628e7cb0ad87b6e1c371cb8a1e597d83a47fac21d6af3
+</pre></div> <p>Docker also prints the digest of an image when <em>pushing</em> to a registry. This may be useful if you want to pin to a version of the image you just pushed.</p> <p>A digest takes the place of the tag when pulling an image, for example, to pull the above image by digest, run the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pull ubuntu@sha256:82becede498899ec668628e7cb0ad87b6e1c371cb8a1e597d83a47fac21d6af3
+
+docker.io/library/ubuntu@sha256:82becede498899ec668628e7cb0ad87b6e1c371cb8a1e597d83a47fac21d6af3: Pulling from library/ubuntu
+Digest: sha256:82becede498899ec668628e7cb0ad87b6e1c371cb8a1e597d83a47fac21d6af3
+Status: Image is up to date for ubuntu@sha256:82becede498899ec668628e7cb0ad87b6e1c371cb8a1e597d83a47fac21d6af3
+docker.io/library/ubuntu@sha256:82becede498899ec668628e7cb0ad87b6e1c371cb8a1e597d83a47fac21d6af3
+</pre></div> <p>Digest can also be used in the <code class="language-plaintext highlighter-rouge">FROM</code> of a Dockerfile, for example:</p> <div class="highlight"><pre class="highlight" data-language="">FROM ubuntu@sha256:82becede498899ec668628e7cb0ad87b6e1c371cb8a1e597d83a47fac21d6af3
+LABEL org.opencontainers.image.authors="some maintainer &lt;maintainer@example.com&gt;"
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Using this feature “pins” an image to a specific version in time. Docker will therefore not pull updated versions of an image, which may include security updates. If you want to pull an updated image, you need to change the digest accordingly.</p> </blockquote> <h3 id="pull-from-a-different-registry">Pull from a different registry</h3> <p>By default, <code class="language-plaintext highlighter-rouge">docker pull</code> pulls images from <a href="https://hub.docker.com">Docker Hub</a>. It is also possible to manually specify the path of a registry to pull from. For example, if you have set up a local registry, you can specify its path to pull from it. A registry path is similar to a URL, but does not contain a protocol specifier (<code class="language-plaintext highlighter-rouge">https://</code>).</p> <p>The following command pulls the <code class="language-plaintext highlighter-rouge">testing/test-image</code> image from a local registry listening on port 5000 (<code class="language-plaintext highlighter-rouge">myregistry.local:5000</code>):</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pull myregistry.local:5000/testing/test-image
+</pre></div> <p>Registry credentials are managed by <a href="../login/index">docker login</a>.</p> <p>Docker uses the <code class="language-plaintext highlighter-rouge">https://</code> protocol to communicate with a registry, unless the registry is allowed to be accessed over an insecure connection. Refer to the <a href="../dockerd/index#insecure-registries">insecure registries</a> section for more information.</p> <h3 id="pull-a-repository-with-multiple-images">Pull a repository with multiple images</h3> <p>By default, <code class="language-plaintext highlighter-rouge">docker pull</code> pulls a <em>single</em> image from the registry. A repository can contain multiple images. To pull all images from a repository, provide the <code class="language-plaintext highlighter-rouge">-a</code> (or <code class="language-plaintext highlighter-rouge">--all-tags</code>) option when using <code class="language-plaintext highlighter-rouge">docker pull</code>.</p> <p>This command pulls all images from the <code class="language-plaintext highlighter-rouge">fedora</code> repository:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pull --all-tags fedora
+
+Pulling repository fedora
+ad57ef8d78d7: Download complete
+105182bb5e8b: Download complete
+511136ea3c5a: Download complete
+73bd853d2ea5: Download complete
+....
+
+Status: Downloaded newer image for fedora
+</pre></div> <p>After the pull has completed use the <code class="language-plaintext highlighter-rouge">docker images</code> command to see the images that were pulled. The example below shows all the <code class="language-plaintext highlighter-rouge">fedora</code> images that are present locally:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images fedora
+
+REPOSITORY   TAG         IMAGE ID        CREATED      SIZE
+fedora       rawhide     ad57ef8d78d7    5 days ago   359.3 MB
+fedora       20          105182bb5e8b    5 days ago   372.7 MB
+fedora       heisenbug   105182bb5e8b    5 days ago   372.7 MB
+fedora       latest      105182bb5e8b    5 days ago   372.7 MB
+</pre></div> <h3 id="cancel-a-pull">Cancel a pull</h3> <p>Killing the <code class="language-plaintext highlighter-rouge">docker pull</code> process, for example by pressing <code class="language-plaintext highlighter-rouge">CTRL-c</code> while it is running in a terminal, will terminate the pull operation.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pull fedora
+
+Using default tag: latest
+latest: Pulling from library/fedora
+a3ed95caeb02: Pulling fs layer
+236608c7b546: Pulling fs layer
+^C
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>The Engine terminates a pull operation when the connection between the Docker Engine daemon and the Docker Engine client initiating the pull is lost. If the connection with the Engine daemon is lost for other reasons than a manual interaction, the pull is also aborted.</p> </blockquote> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/pull/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/pull/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fpush%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fpush%2Findex.html
new file mode 100644
index 00000000..bcac30ba
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fpush%2Findex.html
@@ -0,0 +1,39 @@
+<h1>docker push</h1>  <p><br></p> <p>Push an image or a repository to a registry</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker push [OPTIONS] NAME[:TAG]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Use <code class="language-plaintext highlighter-rouge">docker image push</code> to share your images to the <a href="https://hub.docker.com">Docker Hub</a> registry or to a self-hosted one.</p> <p>Refer to the <a href="../tag/index"><code class="language-plaintext highlighter-rouge">docker image tag</code></a> reference for more information about valid image and tag names.</p> <p>Killing the <code class="language-plaintext highlighter-rouge">docker image push</code> process, for example by pressing <code class="language-plaintext highlighter-rouge">CTRL-c</code> while it is running in a terminal, terminates the push operation.</p> <p>Progress bars are shown during docker push, which show the uncompressed size. The actual amount of data that’s pushed will be compressed before sending, so the uploaded size will not be reflected by the progress bar.</p> <p>Registry credentials are managed by <a href="../login/index">docker login</a>.</p> <h3 id="concurrent-uploads">Concurrent uploads</h3> <p>By default the Docker daemon will push five layers of an image at a time. If you are on a low bandwidth connection this may cause timeout issues and you may want to lower this via the <code class="language-plaintext highlighter-rouge">--max-concurrent-uploads</code> daemon option. See the <a href="../dockerd/index">daemon documentation</a> for more details.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all-tags</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Push all tagged images in the repository</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image signing</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress verbose output</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="push-a-new-image-to-a-registry">Push a new image to a registry</h3> <p>First save the new image by finding the container ID (using <a href="../ps/index"><code class="language-plaintext highlighter-rouge">docker container ls</code></a>) and then committing it to a new image name. Note that only <code class="language-plaintext highlighter-rouge">a-z0-9-_.</code> are allowed when naming images:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker container commit c16378f943fe rhel-httpd:latest
+</pre></div> <p>Now, push the image to the registry using the image ID. In this example the registry is on host named <code class="language-plaintext highlighter-rouge">registry-host</code> and listening on port <code class="language-plaintext highlighter-rouge">5000</code>. To do this, tag the image with the host name or IP address, and the port of the registry:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image tag rhel-httpd:latest registry-host:5000/myadmin/rhel-httpd:latest
+
+$ docker image push registry-host:5000/myadmin/rhel-httpd:latest
+</pre></div> <p>Check that this worked by running:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image ls
+</pre></div> <p>You should see both <code class="language-plaintext highlighter-rouge">rhel-httpd</code> and <code class="language-plaintext highlighter-rouge">registry-host:5000/myadmin/rhel-httpd</code> listed.</p> <h3 id="push-all-tags-of-an-image">Push all tags of an image</h3> <p>Use the <code class="language-plaintext highlighter-rouge">-a</code> (or <code class="language-plaintext highlighter-rouge">--all-tags</code>) option to push all tags of a local image.</p> <p>The following example creates multiple tags for an image, and pushes all those tags to Docker Hub.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image tag myimage registry-host:5000/myname/myimage:latest
+$ docker image tag myimage registry-host:5000/myname/myimage:v1.0.1
+$ docker image tag myimage registry-host:5000/myname/myimage:v1.0
+$ docker image tag myimage registry-host:5000/myname/myimage:v1
+</pre></div> <p>The image is now tagged under multiple names:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image ls
+
+REPOSITORY                          TAG        IMAGE ID       CREATED      SIZE
+myimage                             latest     6d5fcfe5ff17   2 hours ago  1.22MB
+registry-host:5000/myname/myimage   latest     6d5fcfe5ff17   2 hours ago  1.22MB
+registry-host:5000/myname/myimage   v1         6d5fcfe5ff17   2 hours ago  1.22MB
+registry-host:5000/myname/myimage   v1.0       6d5fcfe5ff17   2 hours ago  1.22MB
+registry-host:5000/myname/myimage   v1.0.1     6d5fcfe5ff17   2 hours ago  1.22MB
+</pre></div> <p>When pushing with the <code class="language-plaintext highlighter-rouge">--all-tags</code> option, all tags of the <code class="language-plaintext highlighter-rouge">registry-host:5000/myname/myimage</code> image are pushed:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker image push --all-tags registry-host:5000/myname/myimage
+
+The push refers to repository [registry-host:5000/myname/myimage]
+195be5f8be1d: Pushed
+latest: digest: sha256:edafc0a0fb057813850d1ba44014914ca02d671ae247107ca70c94db686e7de6 size: 4527
+195be5f8be1d: Layer already exists
+v1: digest: sha256:edafc0a0fb057813850d1ba44014914ca02d671ae247107ca70c94db686e7de6 size: 4527
+195be5f8be1d: Layer already exists
+v1.0: digest: sha256:edafc0a0fb057813850d1ba44014914ca02d671ae247107ca70c94db686e7de6 size: 4527
+195be5f8be1d: Layer already exists
+v1.0.1: digest: sha256:edafc0a0fb057813850d1ba44014914ca02d671ae247107ca70c94db686e7de6 size: 4527
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/push/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/push/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Frename%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Frename%2Findex.html
new file mode 100644
index 00000000..a8837f70
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Frename%2Findex.html
@@ -0,0 +1,8 @@
+<h1>docker rename</h1>  <p><br></p> <p>Rename a container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker rename CONTAINER NEW_NAME
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker rename</code> command renames a container.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker rename my_container my_new_container
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/rename/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/rename/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Frestart%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Frestart%2Findex.html
new file mode 100644
index 00000000..ac6eb2af
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Frestart%2Findex.html
@@ -0,0 +1,10 @@
+<h1>docker restart</h1>  <p><br></p> <p>Restart one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker restart [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--time</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td><code class="language-plaintext highlighter-rouge">10</code></td> <td>Seconds to wait for stop before killing the container</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker restart my_container
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/restart/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/restart/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Frm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Frm%2Findex.html
new file mode 100644
index 00000000..f75661b0
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Frm%2Findex.html
@@ -0,0 +1,30 @@
+<h1>docker rm</h1>  <p><br></p> <p>Remove one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker rm [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force the removal of a running container (uses SIGKILL)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--link</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Remove the specified link</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--volumes</code> , <code class="language-plaintext highlighter-rouge">-v</code>
+</td> <td></td> <td>Remove anonymous volumes associated with the container</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="remove-a-container">Remove a container</h3> <p>This removes the container referenced under the link <code class="language-plaintext highlighter-rouge">/redis</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker rm /redis
+
+/redis
+</pre></div> <h3 id="remove-a-link-specified-with---link-on-the-default-bridge-network">Remove a link specified with <code class="language-plaintext highlighter-rouge">--link</code> on the default bridge network</h3> <p>This removes the underlying link between <code class="language-plaintext highlighter-rouge">/webapp</code> and the <code class="language-plaintext highlighter-rouge">/redis</code> containers on the default bridge network, removing all network communication between the two containers. This does not apply when <code class="language-plaintext highlighter-rouge">--link</code> is used with user-specified networks.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker rm --link /webapp/redis
+
+/webapp/redis
+</pre></div> <h3 id="force-remove-a-running-container">Force-remove a running container</h3> <p>This command force-removes a running container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker rm --force redis
+
+redis
+</pre></div> <p>The main process inside the container referenced under the link <code class="language-plaintext highlighter-rouge">redis</code> will receive <code class="language-plaintext highlighter-rouge">SIGKILL</code>, then the container will be removed.</p> <h3 id="remove-all-stopped-containers">Remove all stopped containers</h3> <p>Use the <a href="../container_prune/index"><code class="language-plaintext highlighter-rouge">docker container prune</code></a> command to remove all stopped containers, or refer to the <a href="../system_prune/index"><code class="language-plaintext highlighter-rouge">docker system prune</code></a> command to remove unused containers in addition to other Docker resources, such as (unused) images and networks.</p> <p>Alternatively, you can use the <code class="language-plaintext highlighter-rouge">docker ps</code> with the <code class="language-plaintext highlighter-rouge">-q</code> / <code class="language-plaintext highlighter-rouge">--quiet</code> option to generate a list of container IDs to remove, and use that list as argument for the <code class="language-plaintext highlighter-rouge">docker rm</code> command.</p> <p>Combining commands can be more flexible, but is less portable as it depends on features provided by the shell, and the exact syntax may differ depending on what shell is used. To use this approach on Windows, consider using PowerShell or Bash.</p> <p>The example below uses <code class="language-plaintext highlighter-rouge">docker ps -q</code> to print the IDs of all containers that have exited (<code class="language-plaintext highlighter-rouge">--filter status=exited</code>), and removes those containers with the <code class="language-plaintext highlighter-rouge">docker rm</code> command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker rm $(docker ps --filter status=exited -q)
+</pre></div> <p>Or, using the <code class="language-plaintext highlighter-rouge">xargs</code> Linux utility;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter status=exited -q | xargs docker rm
+</pre></div> <h3 id="remove-a-container-and-its-volumes">Remove a container and its volumes</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker rm -v redis
+redis
+</pre></div> <p>This command removes the container and any volumes associated with it. Note that if a volume was specified with a name, it will not be removed.</p> <h3 id="remove-a-container-and-selectively-remove-volumes">Remove a container and selectively remove volumes</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker create -v awesome:/foo -v /bar --name hello redis
+hello
+
+$ docker rm -v hello
+</pre></div> <p>In this example, the volume for <code class="language-plaintext highlighter-rouge">/foo</code> remains intact, but the volume for <code class="language-plaintext highlighter-rouge">/bar</code> is removed. The same behavior holds for volumes inherited with <code class="language-plaintext highlighter-rouge">--volumes-from</code>.</p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Frmi%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Frmi%2Findex.html
new file mode 100644
index 00000000..042c8e7d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Frmi%2Findex.html
@@ -0,0 +1,61 @@
+<h1>docker rmi</h1>  <p><br></p> <p>Remove one or more images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker rmi [OPTIONS] IMAGE [IMAGE...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Removes (and un-tags) one or more images from the host node. If an image has multiple tags, using this command with the tag as a parameter only removes the tag. If the tag is the only one for the image, both the image and the tag are removed.</p> <p>This does not remove images from a registry. You cannot remove an image of a running container unless you use the <code class="language-plaintext highlighter-rouge">-f</code> option. To see all images on a host use the <a href="../images/index"><code class="language-plaintext highlighter-rouge">docker image ls</code></a> command.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force removal of the image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-prune</code></td> <td></td> <td>Do not delete untagged parents</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>You can remove an image using its short or long ID, its tag, or its digest. If an image has one or more tags referencing it, you must remove all of them before the image is removed. Digest references are removed automatically when an image is removed by tag.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images
+
+REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
+test1                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+test2                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+
+$ docker rmi fd484f19954f
+
+Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories, use -f to force
+2013/12/11 05:47:16 Error: failed to remove one or more images
+
+$ docker rmi test1:latest
+
+Untagged: test1:latest
+
+$ docker rmi test2:latest
+
+Untagged: test2:latest
+
+
+$ docker images
+
+REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
+test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+
+$ docker rmi test:latest
+
+Untagged: test:latest
+Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
+</pre></div> <p>If you use the <code class="language-plaintext highlighter-rouge">-f</code> flag and specify the image’s short or long ID, then this command untags and removes all images that match the specified ID.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images
+
+REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
+test1                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+test                      latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+test2                     latest              fd484f19954f        23 seconds ago      7 B (virtual 4.964 MB)
+
+$ docker rmi -f fd484f19954f
+
+Untagged: test1:latest
+Untagged: test:latest
+Untagged: test2:latest
+Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
+</pre></div> <p>An image pulled by digest has no tag associated with it:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker images --digests
+
+REPOSITORY                     TAG       DIGEST                                                                    IMAGE ID        CREATED         SIZE
+localhost:5000/test/busybox    &lt;none&gt;    sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   4986bf8c1536    9 weeks ago     2.43 MB
+</pre></div> <p>To remove an image using its digest:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
+Untagged: localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
+Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125
+Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2
+Deleted: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/rmi/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/rmi/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Frun%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Frun%2Findex.html
new file mode 100644
index 00000000..908fe24a
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Frun%2Findex.html
@@ -0,0 +1,196 @@
+<h1>docker run</h1>  <p><br></p> <p>Run a command in a new container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker run</code> command first <code class="language-plaintext highlighter-rouge">creates</code> a writeable container layer over the specified image, and then <code class="language-plaintext highlighter-rouge">starts</code> it using the specified command. That is, <code class="language-plaintext highlighter-rouge">docker run</code> is equivalent to the API <code class="language-plaintext highlighter-rouge">/containers/create</code> then <code class="language-plaintext highlighter-rouge">/containers/(id)/start</code>. A stopped container can be restarted with all its previous changes intact using <code class="language-plaintext highlighter-rouge">docker start</code>. See <code class="language-plaintext highlighter-rouge">docker ps -a</code> to view a list of all containers.</p> <p>The <code class="language-plaintext highlighter-rouge">docker run</code> command can be used in combination with <code class="language-plaintext highlighter-rouge">docker commit</code> to <a href="../commit/index"><em>change the command that a container runs</em></a>. There is additional detailed information about <code class="language-plaintext highlighter-rouge">docker run</code> in the <a href="../../run/index">Docker run reference</a>.</p> <p>For information on connecting a container to a network, see the <a href="https://docs.docker.com/network/">“<em>Docker network overview</em>”</a>.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--add-host</code></td> <td></td> <td>Add a custom host-to-IP mapping (host:ip)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--attach</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Attach to STDIN, STDOUT or STDERR</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight</code></td> <td></td> <td>Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight-device</code></td> <td></td> <td>Block IO weight (relative device weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-add</code></td> <td></td> <td>Add Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-drop</code></td> <td></td> <td>Drop Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroup-parent</code></td> <td></td> <td>Optional parent cgroup for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cgroupns</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.41+</span></a><br>Cgroup namespace to use (host|private) 'host': Run the container in the Docker host's cgroup namespace 'private': Run the container in its own private cgroup namespace '': Use the cgroup namespace as configured by the default-cgroupns-mode option on the daemon (default)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cidfile</code></td> <td></td> <td>Write the container ID to the file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-count</code></td> <td></td> <td>CPU count (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-percent</code></td> <td></td> <td>CPU percent (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-period</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-quota</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-period</code></td> <td></td> <td>Limit CPU real-time period in microseconds</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-runtime</code></td> <td></td> <td>Limit CPU real-time runtime in microseconds</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--cpu-shares</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>CPU shares (relative weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpus</code></td> <td></td> <td>Number of CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-cpus</code></td> <td></td> <td>CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-mems</code></td> <td></td> <td>MEMs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--detach</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Run container in background and print container ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--detach-keys</code></td> <td></td> <td>Override the key sequence for detaching a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device</code></td> <td></td> <td>Add a host device to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-cgroup-rule</code></td> <td></td> <td>Add a rule to the cgroup allowed devices list</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-read-bps</code></td> <td></td> <td>Limit read rate (bytes per second) from a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-read-iops</code></td> <td></td> <td>Limit read rate (IO per second) from a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-write-bps</code></td> <td></td> <td>Limit write rate (bytes per second) to a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--device-write-iops</code></td> <td></td> <td>Limit write rate (IO per second) to a device</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--disable-content-trust</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Skip image verification</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns</code></td> <td></td> <td>Set custom DNS servers</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-opt</code></td> <td></td> <td>Set DNS options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-option</code></td> <td></td> <td>Set DNS options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-search</code></td> <td></td> <td>Set custom DNS search domains</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--domainname</code></td> <td></td> <td>Container NIS domain name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--entrypoint</code></td> <td></td> <td>Overwrite the default ENTRYPOINT of the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--env</code> , <code class="language-plaintext highlighter-rouge">-e</code>
+</td> <td></td> <td>Set environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--env-file</code></td> <td></td> <td>Read in a file of environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--expose</code></td> <td></td> <td>Expose a port or a range of ports</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--gpus</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>GPU devices to add to the container ('all' to pass all GPUs)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--group-add</code></td> <td></td> <td>Add additional groups to join</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-cmd</code></td> <td></td> <td>Command to run to check health</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-interval</code></td> <td></td> <td>Time between running the check (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-retries</code></td> <td></td> <td>Consecutive failures needed to report unhealthy</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-start-period</code></td> <td></td> <td>Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-timeout</code></td> <td></td> <td>Maximum time to allow one check to run (ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--help</code></td> <td></td> <td>Print usage</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--hostname</code> , <code class="language-plaintext highlighter-rouge">-h</code>
+</td> <td></td> <td>Container host name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--init</code></td> <td></td> <td>Run an init inside the container that forwards signals and reaps processes</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--interactive</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Keep STDIN open even if not attached</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--io-maxbandwidth</code></td> <td></td> <td>Maximum IO bandwidth limit for the system drive (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--io-maxiops</code></td> <td></td> <td>Maximum IOps limit for the system drive (Windows only)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip</code></td> <td></td> <td>IPv4 address (e.g., 172.30.100.104)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ip6</code></td> <td></td> <td>IPv6 address (e.g., 2001:db8::33)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ipc</code></td> <td></td> <td>IPC mode to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--isolation</code></td> <td></td> <td>Container isolation technology</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kernel-memory</code></td> <td></td> <td>Kernel memory limit</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--label</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Set meta data on a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label-file</code></td> <td></td> <td>Read in a line delimited file of labels</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link</code></td> <td></td> <td>Add link to another container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--link-local-ip</code></td> <td></td> <td>Container IPv4/IPv6 link-local addresses</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-driver</code></td> <td></td> <td>Logging driver for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-opt</code></td> <td></td> <td>Log driver options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mac-address</code></td> <td></td> <td>Container MAC address (e.g., 92:d0:c6:0a:29:33)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--memory</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Memory limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-reservation</code></td> <td></td> <td>Memory soft limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swap</code></td> <td></td> <td>Swap limit equal to memory plus swap: '-1' to enable unlimited swap</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swappiness</code></td> <td><code class="language-plaintext highlighter-rouge">-1</code></td> <td>Tune container memory swappiness (0 to 100)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mount</code></td> <td></td> <td>Attach a filesystem mount to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--name</code></td> <td></td> <td>Assign a name to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--net</code></td> <td></td> <td>Connect a container to a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--net-alias</code></td> <td></td> <td>Add network-scoped alias for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network</code></td> <td></td> <td>Connect a container to a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network-alias</code></td> <td></td> <td>Add network-scoped alias for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-healthcheck</code></td> <td></td> <td>Disable any container-specified HEALTHCHECK</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--oom-kill-disable</code></td> <td></td> <td>Disable OOM Killer</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--oom-score-adj</code></td> <td></td> <td>Tune host's OOM preferences (-1000 to 1000)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pid</code></td> <td></td> <td>PID namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pids-limit</code></td> <td></td> <td>Tune container pids limit (set -1 for unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--platform</code></td> <td></td> <td>Set platform if server is multi-platform capable</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--privileged</code></td> <td></td> <td>Give extended privileges to this container</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--publish</code> , <code class="language-plaintext highlighter-rouge">-p</code>
+</td> <td></td> <td>Publish a container's port(s) to the host</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--publish-all</code> , <code class="language-plaintext highlighter-rouge">-P</code>
+</td> <td></td> <td>Publish all exposed ports to random ports</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pull</code></td> <td><code class="language-plaintext highlighter-rouge">missing</code></td> <td>Pull image before running ("always"|"missing"|"never")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--read-only</code></td> <td></td> <td>Mount the container's root filesystem as read only</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart</code></td> <td><code class="language-plaintext highlighter-rouge">no</code></td> <td>Restart policy to apply when a container exits</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rm</code></td> <td></td> <td>Automatically remove the container when it exits</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--runtime</code></td> <td></td> <td>Runtime to use for this container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--security-opt</code></td> <td></td> <td>Security Options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--shm-size</code></td> <td></td> <td>Size of /dev/shm</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sig-proxy</code></td> <td><code class="language-plaintext highlighter-rouge">true</code></td> <td>Proxy received signals to the process</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-signal</code></td> <td><code class="language-plaintext highlighter-rouge">SIGTERM</code></td> <td>Signal to stop a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-timeout</code></td> <td></td> <td>Timeout (in seconds) to stop a container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--storage-opt</code></td> <td></td> <td>Storage driver options for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sysctl</code></td> <td></td> <td>Sysctl options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--tmpfs</code></td> <td></td> <td>Mount a tmpfs directory</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tty</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Allocate a pseudo-TTY</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit</code></td> <td></td> <td>Ulimit options</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--user</code> , <code class="language-plaintext highlighter-rouge">-u</code>
+</td> <td></td> <td>Username or UID (format: &lt;name|uid&gt;[:&lt;group|gid&gt;])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--userns</code></td> <td></td> <td>User namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--uts</code></td> <td></td> <td>UTS namespace to use</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--volume</code> , <code class="language-plaintext highlighter-rouge">-v</code>
+</td> <td></td> <td>Bind mount a volume</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--volume-driver</code></td> <td></td> <td>Optional volume driver for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--volumes-from</code></td> <td></td> <td>Mount volumes from the specified container(s)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--workdir</code> , <code class="language-plaintext highlighter-rouge">-w</code>
+</td> <td></td> <td>Working directory inside the container</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="assign-name-and-allocate-pseudo-tty---name--it">Assign name and allocate pseudo-TTY (--name, -it)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run --name test -it debian
+
+root@d6c0fe130dba:/# exit 13
+$ echo $?
+13
+$ docker ps -a | grep test
+d6c0fe130dba        debian:7            "/bin/bash"         26 seconds ago      Exited (13) 17 seconds ago                         test
+</pre></div> <p>This example runs a container named <code class="language-plaintext highlighter-rouge">test</code> using the <code class="language-plaintext highlighter-rouge">debian:latest</code> image. The <code class="language-plaintext highlighter-rouge">-it</code> instructs Docker to allocate a pseudo-TTY connected to the container’s stdin; creating an interactive <code class="language-plaintext highlighter-rouge">bash</code> shell in the container. In the example, the <code class="language-plaintext highlighter-rouge">bash</code> shell is quit by entering <code class="language-plaintext highlighter-rouge">exit 13</code>. This exit code is passed on to the caller of <code class="language-plaintext highlighter-rouge">docker run</code>, and is recorded in the <code class="language-plaintext highlighter-rouge">test</code> container’s metadata.</p> <h3 id="capture-container-id---cidfile">Capture container ID (--cidfile)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test"
+</pre></div> <p>This will create a container and print <code class="language-plaintext highlighter-rouge">test</code> to the console. The <code class="language-plaintext highlighter-rouge">cidfile</code> flag makes Docker attempt to create a new file and write the container ID to it. If the file exists already, Docker will return an error. Docker will close this file when <code class="language-plaintext highlighter-rouge">docker run</code> exits.</p> <h3 id="full-container-capabilities---privileged">Full container capabilities (--privileged)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run -t -i --rm ubuntu bash
+root@bc338942ef20:/# mount -t tmpfs none /mnt
+mount: permission denied
+</pre></div> <p>This will <em>not</em> work, because by default, most potentially dangerous kernel capabilities are dropped; including <code class="language-plaintext highlighter-rouge">cap_sys_admin</code> (which is required to mount filesystems). However, the <code class="language-plaintext highlighter-rouge">--privileged</code> flag will allow it to run:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -t -i --privileged ubuntu bash
+root@50e3f57e16e6:/# mount -t tmpfs none /mnt
+root@50e3f57e16e6:/# df -h
+Filesystem      Size  Used Avail Use% Mounted on
+none            1.9G     0  1.9G   0% /mnt
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">--privileged</code> flag gives <em>all</em> capabilities to the container, and it also lifts all the limitations enforced by the <code class="language-plaintext highlighter-rouge">device</code> cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.</p> <h3 id="set-working-directory--w">Set working directory (-w)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker  run -w /path/to/dir/ -i -t  ubuntu pwd
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">-w</code> lets the command being executed inside directory given, here <code class="language-plaintext highlighter-rouge">/path/to/dir/</code>. If the path does not exist it is created inside the container.</p> <h3 id="set-storage-driver-options-per-container">Set storage driver options per container</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --storage-opt size=120G fedora /bin/bash
+</pre></div> <p>This (size) will allow to set the container rootfs size to 120G at creation time. This option is only available for the <code class="language-plaintext highlighter-rouge">devicemapper</code>, <code class="language-plaintext highlighter-rouge">btrfs</code>, <code class="language-plaintext highlighter-rouge">overlay2</code>, <code class="language-plaintext highlighter-rouge">windowsfilter</code> and <code class="language-plaintext highlighter-rouge">zfs</code> graph drivers. For the <code class="language-plaintext highlighter-rouge">devicemapper</code>, <code class="language-plaintext highlighter-rouge">btrfs</code>, <code class="language-plaintext highlighter-rouge">windowsfilter</code> and <code class="language-plaintext highlighter-rouge">zfs</code> graph drivers, user cannot pass a size less than the Default BaseFS Size. For the <code class="language-plaintext highlighter-rouge">overlay2</code> storage driver, the size option is only available if the backing fs is <code class="language-plaintext highlighter-rouge">xfs</code> and mounted with the <code class="language-plaintext highlighter-rouge">pquota</code> mount option. Under these conditions, user can pass any size less than the backing fs size.</p> <h3 id="mount-tmpfs---tmpfs">Mount tmpfs (--tmpfs)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">--tmpfs</code> flag mounts an empty tmpfs into the container with the <code class="language-plaintext highlighter-rouge">rw</code>, <code class="language-plaintext highlighter-rouge">noexec</code>, <code class="language-plaintext highlighter-rouge">nosuid</code>, <code class="language-plaintext highlighter-rouge">size=65536k</code> options.</p> <h3 id="mount-volume--v---read-only">Mount volume (-v, --read-only)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker  run  -v `pwd`:`pwd` -w `pwd` -i -t  ubuntu pwd
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">-v</code> flag mounts the current working directory into the container. The <code class="language-plaintext highlighter-rouge">-w</code> lets the command being executed inside the current working directory, by changing into the directory to the value returned by <code class="language-plaintext highlighter-rouge">pwd</code>. So this combination executes the command using the container, but inside the current working directory.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash
+</pre></div> <p>When the host directory of a bind-mounted volume doesn’t exist, Docker will automatically create this directory on the host for you. In the example above, Docker will create the <code class="language-plaintext highlighter-rouge">/doesnt/exist</code> folder before starting your container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --read-only -v /icanwrite busybox touch /icanwrite/here
+</pre></div> <p>Volumes can be used in combination with <code class="language-plaintext highlighter-rouge">--read-only</code> to control where a container writes files. The <code class="language-plaintext highlighter-rouge">--read-only</code> flag mounts the container’s root filesystem as read only prohibiting writes to locations other than the specified volumes for the container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/static-docker-binary:/usr/bin/docker busybox sh
+</pre></div> <p>By bind-mounting the docker unix socket and statically linked docker binary (refer to <a href="../../../install/binaries/index#install-static-binaries">get the linux binary</a>), you give the container the full access to create and manipulate the host’s Docker daemon.</p> <p>On Windows, the paths must be specified using Windows-style semantics.</p> <div class="highlight"><pre class="highlight" data-language="">PS C:\&gt; docker run -v c:\foo:c:\dest microsoft/nanoserver cmd /s /c type c:\dest\somefile.txt
+Contents of file
+
+PS C:\&gt; docker run -v c:\foo:d: microsoft/nanoserver cmd /s /c type d:\somefile.txt
+Contents of file
+</pre></div> <p>The following examples will fail when using Windows-based containers, as the destination of a volume or bind mount inside the container must be one of: a non-existing or empty directory; or a drive other than C:. Further, the source of a bind mount must be a local directory, not a file.</p> <div class="highlight"><pre class="highlight" data-language="">net use z: \\remotemachine\share
+docker run -v z:\foo:c:\dest ...
+docker run -v \\uncpath\to\directory:c:\dest ...
+docker run -v c:\foo\somefile.txt:c:\dest ...
+docker run -v c:\foo:c: ...
+docker run -v c:\foo:c:\existing-directory-with-contents ...
+</pre></div> <p>For in-depth information about volumes, refer to <a href="https://docs.docker.com/storage/volumes/">manage data in containers</a></p> <h3 id="add-bind-mounts-or-volumes-using-the---mount-flag">Add bind mounts or volumes using the --mount flag</h3> <p>The <code class="language-plaintext highlighter-rouge">--mount</code> flag allows you to mount volumes, host-directories and <code class="language-plaintext highlighter-rouge">tmpfs</code> mounts in a container.</p> <p>The <code class="language-plaintext highlighter-rouge">--mount</code> flag supports most options that are supported by the <code class="language-plaintext highlighter-rouge">-v</code> or the <code class="language-plaintext highlighter-rouge">--volume</code> flag, but uses a different syntax. For in-depth information on the <code class="language-plaintext highlighter-rouge">--mount</code> flag, and a comparison between <code class="language-plaintext highlighter-rouge">--volume</code> and <code class="language-plaintext highlighter-rouge">--mount</code>, refer to the <a href="../service_create/index#add-bind-mounts-volumes-or-memory-filesystems">service create command reference</a>.</p> <p>Even though there is no plan to deprecate <code class="language-plaintext highlighter-rouge">--volume</code>, usage of <code class="language-plaintext highlighter-rouge">--mount</code> is recommended.</p> <p>Examples:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --read-only --mount type=volume,target=/icanwrite busybox touch /icanwrite/here
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker run -t -i --mount type=bind,src=/data,dst=/data busybox sh
+</pre></div> <h3 id="publish-or-expose-port--p---expose">Publish or expose port (-p, --expose)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run -p 127.0.0.1:80:8080/tcp ubuntu bash
+</pre></div> <p>This binds port <code class="language-plaintext highlighter-rouge">8080</code> of the container to TCP port <code class="language-plaintext highlighter-rouge">80</code> on <code class="language-plaintext highlighter-rouge">127.0.0.1</code> of the host machine. You can also specify <code class="language-plaintext highlighter-rouge">udp</code> and <code class="language-plaintext highlighter-rouge">sctp</code> ports. The <a href="https://docs.docker.com/network/links/">Docker User Guide</a> explains in detail how to manipulate ports in Docker.</p> <p>Note that ports which are not bound to the host (i.e., <code class="language-plaintext highlighter-rouge">-p 80:80</code> instead of <code class="language-plaintext highlighter-rouge">-p 127.0.0.1:80:80</code>) will be accessible from the outside. This also applies if you configured UFW to block this specific port, as Docker manages its own iptables rules. <a href="https://docs.docker.com/network/iptables/">Read more</a></p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --expose 80 ubuntu bash
+</pre></div> <p>This exposes port <code class="language-plaintext highlighter-rouge">80</code> of the container without publishing the port to the host system’s interfaces.</p> <h3 id="-set-the-pull-policy---pull">
+ Set the pull policy (--pull)</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--pull</code> flag to set the image pull policy when creating (and running) the container.</p> <p>The <code class="language-plaintext highlighter-rouge">--pull</code> flag can take one of these values:</p> <table> <thead> <tr> <th style="text-align: left">Value</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">
+<code class="language-plaintext highlighter-rouge">missing</code> (default)</td> <td style="text-align: left">Pull the image if it was not found in the image cache, or use the cached image otherwise.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">never</code></td> <td style="text-align: left">Do not pull the image, even if it’s missing, and produce an error if the image does not exist in the image cache.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">always</code></td> <td style="text-align: left">Always perform a pull before creating the container.</td> </tr> </tbody> </table> <p>When creating (and running) a container from an image, the daemon checks if the image exists in the local image cache. If the image is missing, an error is returned to the cli, allowing it to initiate a pull.</p> <p>The default (<code class="language-plaintext highlighter-rouge">missing</code>) is to only pull the image if it is not present in the daemon’s image cache. This default allows you to run images that only exist locally (for example, images you built from a Dockerfile, but that have not been pushed to a registry), and reduces networking.</p> <p>The <code class="language-plaintext highlighter-rouge">always</code> option always initiates a pull before creating the container. This option makes sure the image is up-to-date, and prevents you from using outdated images, but may not be suitable in situations where you want to test a locally built image before pushing (as pulling the image overwrites the existing image in the image cache).</p> <p>The <code class="language-plaintext highlighter-rouge">never</code> option disables (implicit) pulling images when creating containers, and only uses images that are available in the image cache. If the specified image is not found, an error is produced, and the container is not created. This option is useful in situations where networking is not available, or to prevent images from being pulled implicitly when creating containers.</p> <p>The following example shows <code class="language-plaintext highlighter-rouge">docker run</code> with the <code class="language-plaintext highlighter-rouge">--pull=never</code> option set, which produces en error as the image is missing in the image-cache:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --pull=never hello-world
+docker: Error response from daemon: No such image: hello-world:latest.
+</pre></div> <h3 id="set-environment-variables--e---env---env-file">Set environment variables (-e, --env, --env-file)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash
+</pre></div> <p>Use the <code class="language-plaintext highlighter-rouge">-e</code>, <code class="language-plaintext highlighter-rouge">--env</code>, and <code class="language-plaintext highlighter-rouge">--env-file</code> flags to set simple (non-array) environment variables in the container you’re running, or overwrite variables that are defined in the Dockerfile of the image you’re running.</p> <p>You can define the variable and its value when running the container:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --env VAR1=value1 --env VAR2=value2 ubuntu env | grep VAR
+VAR1=value1
+VAR2=value2
+</pre></div> <p>You can also use variables that you’ve exported to your local environment:</p> <div class="highlight"><pre class="highlight" data-language="">export VAR1=value1
+export VAR2=value2
+
+$ docker run --env VAR1 --env VAR2 ubuntu env | grep VAR
+VAR1=value1
+VAR2=value2
+</pre></div> <p>When running the command, the Docker CLI client checks the value the variable has in your local environment and passes it to the container. If no <code class="language-plaintext highlighter-rouge">=</code> is provided and that variable is not exported in your local environment, the variable won’t be set in the container.</p> <p>You can also load the environment variables from a file. This file should use the syntax <code class="language-plaintext highlighter-rouge">&lt;variable&gt;=value</code> (which sets the variable to the given value) or <code class="language-plaintext highlighter-rouge">&lt;variable&gt;</code> (which takes the value from the local environment), and <code class="language-plaintext highlighter-rouge">#</code> for comments.</p> <div class="highlight"><pre class="highlight" data-language="">$ cat env.list
+# This is a comment
+VAR1=value1
+VAR2=value2
+USER
+
+$ docker run --env-file env.list ubuntu env | grep -E 'VAR|USER'
+VAR1=value1
+VAR2=value2
+USER=jonzeolla
+</pre></div> <h3 id="set-metadata-on-container--l---label---label-file">Set metadata on container (-l, --label, --label-file)</h3> <p>A label is a <code class="language-plaintext highlighter-rouge">key=value</code> pair that applies metadata to a container. To label a container with two labels:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -l my-label --label com.example.foo=bar ubuntu bash
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">my-label</code> key doesn’t specify a value so the label defaults to an empty string (<code class="language-plaintext highlighter-rouge">""</code>). To add multiple labels, repeat the label flag (<code class="language-plaintext highlighter-rouge">-l</code> or <code class="language-plaintext highlighter-rouge">--label</code>).</p> <p>The <code class="language-plaintext highlighter-rouge">key=value</code> must be unique to avoid overwriting the label value. If you specify labels with identical keys but different values, each subsequent value overwrites the previous. Docker uses the last <code class="language-plaintext highlighter-rouge">key=value</code> you supply.</p> <p>Use the <code class="language-plaintext highlighter-rouge">--label-file</code> flag to load multiple labels from a file. Delimit each label in the file with an EOL mark. The example below loads labels from a labels file in the current directory:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --label-file ./labels ubuntu bash
+</pre></div> <p>The label-file format is similar to the format for loading environment variables. (Unlike environment variables, labels are not visible to processes running inside a container.) The following example illustrates a label-file format:</p> <div class="highlight"><pre class="highlight" data-language="">com.example.label1="a label"
+
+# this is a comment
+com.example.label2=another\ label
+com.example.label3
+</pre></div> <p>You can load multiple label-files by supplying multiple <code class="language-plaintext highlighter-rouge">--label-file</code> flags.</p> <p>For additional information on working with labels, see <a href="https://docs.docker.com/config/labels-custom-metadata/"><em>Labels - custom metadata in Docker</em></a> in the Docker User Guide.</p> <h3 id="connect-a-container-to-a-network---network">Connect a container to a network (--network)</h3> <p>When you start a container use the <code class="language-plaintext highlighter-rouge">--network</code> flag to connect it to a network. This adds the <code class="language-plaintext highlighter-rouge">busybox</code> container to the <code class="language-plaintext highlighter-rouge">my-net</code> network.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -itd --network=my-net busybox
+</pre></div> <p>You can also choose the IP addresses for the container with <code class="language-plaintext highlighter-rouge">--ip</code> and <code class="language-plaintext highlighter-rouge">--ip6</code> flags when you start the container on a user-defined network.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -itd --network=my-net --ip=10.10.9.75 busybox
+</pre></div> <p>If you want to add a running container to a network use the <code class="language-plaintext highlighter-rouge">docker network connect</code> subcommand.</p> <p>You can connect multiple containers to the same network. Once connected, the containers can communicate easily using only another container’s IP address or name. For <code class="language-plaintext highlighter-rouge">overlay</code> networks or custom plugins that support multi-host connectivity, containers connected to the same multi-host network but launched from different Engines can also communicate in this way.</p> <blockquote> <p><strong>Note</strong></p> <p>Service discovery is unavailable on the default bridge network. Containers can communicate via their IP addresses by default. To communicate by name, they must be linked.</p> </blockquote> <p>You can disconnect a container from a network using the <code class="language-plaintext highlighter-rouge">docker network disconnect</code> command.</p> <h3 id="mount-volumes-from-container---volumes-from">Mount volumes from container (--volumes-from)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">--volumes-from</code> flag mounts all the defined volumes from the referenced containers. Containers can be specified by repetitions of the <code class="language-plaintext highlighter-rouge">--volumes-from</code> argument. The container ID may be optionally suffixed with <code class="language-plaintext highlighter-rouge">:ro</code> or <code class="language-plaintext highlighter-rouge">:rw</code> to mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted in the same mode (read write or read only) as the reference container.</p> <p>Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside the container from using the content. By default, Docker does not change the labels set by the OS.</p> <p>To change the label in the container context, you can add either of two suffixes <code class="language-plaintext highlighter-rouge">:z</code> or <code class="language-plaintext highlighter-rouge">:Z</code> to the volume mount. These suffixes tell Docker to relabel file objects on the shared volumes. The <code class="language-plaintext highlighter-rouge">z</code> option tells Docker that two containers share the volume content. As a result, Docker labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The <code class="language-plaintext highlighter-rouge">Z</code> option tells Docker to label the content with a private unshared label. Only the current container can use a private volume.</p> <h3 id="attach-to-stdinstdoutstderr--a">Attach to STDIN/STDOUT/STDERR (-a)</h3> <p>The <code class="language-plaintext highlighter-rouge">-a</code> flag tells <code class="language-plaintext highlighter-rouge">docker run</code> to bind to the container’s <code class="language-plaintext highlighter-rouge">STDIN</code>, <code class="language-plaintext highlighter-rouge">STDOUT</code> or <code class="language-plaintext highlighter-rouge">STDERR</code>. This makes it possible to manipulate the output and input as needed.</p> <div class="highlight"><pre class="highlight" data-language="">$ echo "test" | docker run -i -a stdin ubuntu cat -
+</pre></div> <p>This pipes data into a container and prints the container’s ID by attaching only to the container’s <code class="language-plaintext highlighter-rouge">STDIN</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -a stderr ubuntu echo test
+</pre></div> <p>This isn’t going to print anything unless there’s an error because we’ve only attached to the <code class="language-plaintext highlighter-rouge">STDERR</code> of the container. The container’s logs still store what’s been written to <code class="language-plaintext highlighter-rouge">STDERR</code> and <code class="language-plaintext highlighter-rouge">STDOUT</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ cat somefile | docker run -i -a stdin mybuilder dobuild
+</pre></div> <p>This is how piping a file into a container could be done for a build. The container’s ID will be printed after the build is done and the build logs could be retrieved using <code class="language-plaintext highlighter-rouge">docker logs</code>. This is useful if you need to pipe a file or something else into a container and retrieve the container’s ID once the container has finished running.</p> <h3 id="add-host-device-to-container---device">Add host device to container (--device)</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run --device=/dev/sdc:/dev/xvdc \
+             --device=/dev/sdd --device=/dev/zero:/dev/nulo \
+             -i -t \
+             ubuntu ls -l /dev/{xvdc,sdd,nulo}
+
+brw-rw---- 1 root disk 8, 2 Feb  9 16:05 /dev/xvdc
+brw-rw---- 1 root disk 8, 3 Feb  9 16:05 /dev/sdd
+crw-rw-rw- 1 root root 1, 5 Feb  9 16:05 /dev/nulo
+</pre></div> <p>It is often necessary to directly expose devices to a container. The <code class="language-plaintext highlighter-rouge">--device</code> option enables that. For example, a specific block storage device or loop device or audio device can be added to an otherwise unprivileged container (without the <code class="language-plaintext highlighter-rouge">--privileged</code> flag) and have the application directly access it.</p> <p>By default, the container will be able to <code class="language-plaintext highlighter-rouge">read</code>, <code class="language-plaintext highlighter-rouge">write</code> and <code class="language-plaintext highlighter-rouge">mknod</code> these devices. This can be overridden using a third <code class="language-plaintext highlighter-rouge">:rwm</code> set of options to each <code class="language-plaintext highlighter-rouge">--device</code> flag. If the container is running in privileged mode, then the permissions specified will be ignored.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk  /dev/xvdc
+
+Command (m for help): q
+$ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk  /dev/xvdc
+You will not be able to write the partition table.
+
+Command (m for help): q
+
+$ docker run --device=/dev/sda:/dev/xvdc:rw --rm -it ubuntu fdisk  /dev/xvdc
+
+Command (m for help): q
+
+$ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk  /dev/xvdc
+fdisk: unable to open /dev/xvdc: Operation not permitted
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--device</code> option cannot be safely used with ephemeral devices. Block devices that may be removed should not be added to untrusted containers with <code class="language-plaintext highlighter-rouge">--device</code>.</p> </blockquote> <p>For Windows, the format of the string passed to the <code class="language-plaintext highlighter-rouge">--device</code> option is in the form of <code class="language-plaintext highlighter-rouge">--device=&lt;IdType&gt;/&lt;Id&gt;</code>. Beginning with Windows Server 2019 and Windows 10 October 2018 Update, Windows only supports an IdType of <code class="language-plaintext highlighter-rouge">class</code> and the Id as a <a href="https://docs.microsoft.com/en-us/windows-hardware/drivers/install/overview-of-device-interface-classes">device interface class GUID</a>. Refer to the table defined in the <a href="https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/hardware-devices-in-containers">Windows container docs</a> for a list of container-supported device interface class GUIDs.</p> <p>If this option is specified for a process-isolated Windows container, <em>all</em> devices that implement the requested device interface class GUID are made available in the container. For example, the command below makes all COM ports on the host visible in the container.</p> <div class="highlight"><pre class="highlight" data-language="">PS C:\&gt; docker run --device=class/86E0D1E0-8089-11D0-9CE4-08003E301F73 mcr.microsoft.com/windows/servercore:ltsc2019
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--device</code> option is only supported on process-isolated Windows containers. This option fails if the container isolation is <code class="language-plaintext highlighter-rouge">hyperv</code> or when running Linux Containers on Windows (LCOW).</p> </blockquote> <h3 id="-using-dynamically-created-devices---device-cgroup-rule">
+ Using dynamically created devices (--device-cgroup-rule)</h3> <p>Devices available to a container are assigned at creation time. The assigned devices will both be added to the cgroup.allow file and created into the container once it is run. This poses a problem when a new device needs to be added to running container.</p> <p>One of the solutions is to add a more permissive rule to a container allowing it access to a wider range of devices. For example, supposing our container needs access to a character device with major <code class="language-plaintext highlighter-rouge">42</code> and any number of minor number (added as new devices appear), the following rule would be added:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d --device-cgroup-rule='c 42:* rmw' -name my-container my-image
+</pre></div> <p>Then, a user could ask <code class="language-plaintext highlighter-rouge">udev</code> to execute a script that would <code class="language-plaintext highlighter-rouge">docker exec my-container mknod newDevX c 42 &lt;minor&gt;</code> the required device when it is added.</p> <blockquote> <p><strong>Note</strong>: initially present devices still need to be explicitly added to the <code class="language-plaintext highlighter-rouge">docker run</code> / <code class="language-plaintext highlighter-rouge">docker create</code> command.</p> </blockquote> <h3 id="access-an-nvidia-gpu">Access an NVIDIA GPU</h3> <p>The <code class="language-plaintext highlighter-rouge">--gpus</code> flag allows you to access NVIDIA GPU resources. First you need to install <a href="https://nvidia.github.io/nvidia-container-runtime/">nvidia-container-runtime</a>. Visit <a href="https://docs.docker.com/config/containers/resource_constraints/">Specify a container’s resources</a> for more information.</p> <p>To use <code class="language-plaintext highlighter-rouge">--gpus</code>, specify which GPUs (or all) to use. If no value is provied, all available GPUs are used. The example below exposes all available GPUs.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --rm --gpus all ubuntu nvidia-smi
+</pre></div> <p>Use the <code class="language-plaintext highlighter-rouge">device</code> option to specify GPUs. The example below exposes a specific GPU.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --rm --gpus device=GPU-3a23c669-1f69-c64e-cf85-44e9b07e7a2a ubuntu nvidia-smi
+</pre></div> <p>The example below exposes the first and third GPUs.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --rm --gpus '"device=0,2"' nvidia-smi
+</pre></div> <h3 id="restart-policies---restart">Restart policies (--restart)</h3> <p>Use Docker’s <code class="language-plaintext highlighter-rouge">--restart</code> to specify a container’s <em>restart policy</em>. A restart policy controls whether the Docker daemon restarts a container after exit. Docker supports the following restart policies:</p> <table> <thead> <tr> <th style="text-align: left">Policy</th> <th style="text-align: left">Result</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">no</code></td> <td style="text-align: left">Do not automatically restart the container when it exits. This is the default.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">on-failure[:max-retries]</code></td> <td style="text-align: left">Restart only if the container exits with a non-zero exit status. Optionally, limit the number of restart retries the Docker daemon attempts.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">unless-stopped</code></td> <td style="text-align: left">Restart the container unless it is explicitly stopped or Docker itself is stopped or restarted.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">always</code></td> <td style="text-align: left">Always restart the container regardless of the exit status. When you specify always, the Docker daemon will try to restart the container indefinitely. The container will also always start on daemon startup, regardless of the current state of the container.</td> </tr> </tbody> </table> <div class="highlight"><pre class="highlight" data-language="">$ docker run --restart=always redis
+</pre></div> <p>This will run the <code class="language-plaintext highlighter-rouge">redis</code> container with a restart policy of <strong>always</strong> so that if the container exits, Docker will restart it.</p> <p>More detailed information on restart policies can be found in the <a href="../../run/index#restart-policies---restart">Restart Policies (--restart)</a> section of the Docker run reference page.</p> <h3 id="add-entries-to-container-hosts-file---add-host">Add entries to container hosts file (--add-host)</h3> <p>You can add other hosts into a container’s <code class="language-plaintext highlighter-rouge">/etc/hosts</code> file by using one or more <code class="language-plaintext highlighter-rouge">--add-host</code> flags. This example adds a static address for a host named <code class="language-plaintext highlighter-rouge">docker</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --add-host=docker:93.184.216.34 --rm -it alpine
+
+/ # ping docker
+PING docker (93.184.216.34): 56 data bytes
+64 bytes from 93.184.216.34: seq=0 ttl=37 time=93.052 ms
+64 bytes from 93.184.216.34: seq=1 ttl=37 time=92.467 ms
+64 bytes from 93.184.216.34: seq=2 ttl=37 time=92.252 ms
+^C
+--- docker ping statistics ---
+4 packets transmitted, 4 packets received, 0% packet loss
+round-trip min/avg/max = 92.209/92.495/93.052 ms
+</pre></div> <p>Sometimes you need to connect to the Docker host from within your container. To enable this, pass the Docker host’s IP address to the container using the <code class="language-plaintext highlighter-rouge">--add-host</code> flag. To find the host’s address, use the <code class="language-plaintext highlighter-rouge">ip addr show</code> command.</p> <p>The flags you pass to <code class="language-plaintext highlighter-rouge">ip addr show</code> depend on whether you are using IPv4 or IPv6 networking in your containers. Use the following flags for IPv4 address retrieval for a network device named <code class="language-plaintext highlighter-rouge">eth0</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print $2}' | cut -d / -f 1 | sed -n 1p`
+$ docker run  --add-host=docker:${HOSTIP} --rm -it debian
+</pre></div> <p>For IPv6 use the <code class="language-plaintext highlighter-rouge">-6</code> flag instead of the <code class="language-plaintext highlighter-rouge">-4</code> flag. For other network devices, replace <code class="language-plaintext highlighter-rouge">eth0</code> with the correct device name (for example <code class="language-plaintext highlighter-rouge">docker0</code> for the bridge device).</p> <h3 id="set-ulimits-in-container---ulimit">Set ulimits in container (--ulimit)</h3> <p>Since setting <code class="language-plaintext highlighter-rouge">ulimit</code> settings in a container requires extra privileges not available in the default container, you can set these using the <code class="language-plaintext highlighter-rouge">--ulimit</code> flag. <code class="language-plaintext highlighter-rouge">--ulimit</code> is specified with a soft and hard limit as such: <code class="language-plaintext highlighter-rouge">&lt;type&gt;=&lt;soft limit&gt;[:&lt;hard limit&gt;]</code>, for example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n"
+1024
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If you do not provide a <code class="language-plaintext highlighter-rouge">hard limit</code>, the <code class="language-plaintext highlighter-rouge">soft limit</code> is used for both values. If no <code class="language-plaintext highlighter-rouge">ulimits</code> are set, they are inherited from the default <code class="language-plaintext highlighter-rouge">ulimits</code> set on the daemon. The <code class="language-plaintext highlighter-rouge">as</code> option is disabled now. In other words, the following script is not supported:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --ulimit as=1024 fedora /bin/bash
+</pre></div>  </blockquote> <p>The values are sent to the appropriate <code class="language-plaintext highlighter-rouge">syscall</code> as they are set. Docker doesn’t perform any byte conversion. Take this into account when setting the values.</p> <h4 id="for-nproc-usage">For <code class="language-plaintext highlighter-rouge">nproc</code> usage</h4> <p>Be careful setting <code class="language-plaintext highlighter-rouge">nproc</code> with the <code class="language-plaintext highlighter-rouge">ulimit</code> flag as <code class="language-plaintext highlighter-rouge">nproc</code> is designed by Linux to set the maximum number of processes available to a user, not to a container. For example, start four containers with <code class="language-plaintext highlighter-rouge">daemon</code> user:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d -u daemon --ulimit nproc=3 busybox top
+
+$ docker run -d -u daemon --ulimit nproc=3 busybox top
+
+$ docker run -d -u daemon --ulimit nproc=3 busybox top
+
+$ docker run -d -u daemon --ulimit nproc=3 busybox top
+</pre></div> <p>The 4th container fails and reports “[8] System error: resource temporarily unavailable” error. This fails because the caller set <code class="language-plaintext highlighter-rouge">nproc=3</code> resulting in the first three containers using up the three processes quota set for the <code class="language-plaintext highlighter-rouge">daemon</code> user.</p> <h3 id="stop-container-with-signal---stop-signal">Stop container with signal (--stop-signal)</h3> <p>The <code class="language-plaintext highlighter-rouge">--stop-signal</code> flag sets the system call signal that will be sent to the container to exit. This signal can be a signal name in the format <code class="language-plaintext highlighter-rouge">SIG&lt;NAME&gt;</code>, for instance <code class="language-plaintext highlighter-rouge">SIGKILL</code>, or an unsigned number that matches a position in the kernel’s syscall table, for instance <code class="language-plaintext highlighter-rouge">9</code>.</p> <p>The default is <code class="language-plaintext highlighter-rouge">SIGTERM</code> if not specified.</p> <h3 id="optional-security-options---security-opt">Optional security options (--security-opt)</h3> <p>On Windows, this flag can be used to specify the <code class="language-plaintext highlighter-rouge">credentialspec</code> option. The <code class="language-plaintext highlighter-rouge">credentialspec</code> must be in the format <code class="language-plaintext highlighter-rouge">file://spec.txt</code> or <code class="language-plaintext highlighter-rouge">registry://keyname</code>.</p> <h3 id="stop-container-with-timeout---stop-timeout">Stop container with timeout (--stop-timeout)</h3> <p>The <code class="language-plaintext highlighter-rouge">--stop-timeout</code> flag sets the number of seconds to wait for the container to stop after sending the pre-defined (see <code class="language-plaintext highlighter-rouge">--stop-signal</code>) system call signal. If the container does not exit after the timeout elapses, it is forcibly killed with a <code class="language-plaintext highlighter-rouge">SIGKILL</code> signal.</p> <p>If <code class="language-plaintext highlighter-rouge">--stop-timeout</code> is set to <code class="language-plaintext highlighter-rouge">-1</code>, no timeout is applied, and the daemon will wait indefinitely for the container to exit.</p> <p>The default is determined by the daemon, and is 10 seconds for Linux containers, and 30 seconds for Windows containers.</p> <h3 id="specify-isolation-technology-for-container---isolation">Specify isolation technology for container (--isolation)</h3> <p>This option is useful in situations where you are running Docker containers on Windows. The <code class="language-plaintext highlighter-rouge">--isolation=&lt;value&gt;</code> option sets a container’s isolation technology. On Linux, the only supported is the <code class="language-plaintext highlighter-rouge">default</code> option which uses Linux namespaces. These two commands are equivalent on Linux:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d busybox top
+$ docker run -d --isolation default busybox top
+</pre></div> <p>On Windows, <code class="language-plaintext highlighter-rouge">--isolation</code> can take one of these values:</p> <table> <thead> <tr> <th style="text-align: left">Value</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">default</code></td> <td style="text-align: left">Use the value specified by the Docker daemon’s <code class="language-plaintext highlighter-rouge">--exec-opt</code> or system default (see below).</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">process</code></td> <td style="text-align: left">Shared-kernel namespace isolation.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">hyperv</code></td> <td style="text-align: left">Hyper-V hypervisor partition-based isolation.</td> </tr> </tbody> </table> <p>The default isolation on Windows server operating systems is <code class="language-plaintext highlighter-rouge">process</code>, and <code class="language-plaintext highlighter-rouge">hyperv</code> on Windows client operating systems, such as Windows 10. Process isolation is more performant, but requires the image to</p> <p>On Windows server, assuming the default configuration, these commands are equivalent and result in <code class="language-plaintext highlighter-rouge">process</code> isolation:</p> <div class="highlight"><pre class="highlight" data-language="">PS C:\&gt; docker run -d microsoft/nanoserver powershell echo process
+PS C:\&gt; docker run -d --isolation default microsoft/nanoserver powershell echo process
+PS C:\&gt; docker run -d --isolation process microsoft/nanoserver powershell echo process
+</pre></div> <p>If you have set the <code class="language-plaintext highlighter-rouge">--exec-opt isolation=hyperv</code> option on the Docker <code class="language-plaintext highlighter-rouge">daemon</code>, or are running against a Windows client-based daemon, these commands are equivalent and result in <code class="language-plaintext highlighter-rouge">hyperv</code> isolation:</p> <div class="highlight"><pre class="highlight" data-language="">PS C:\&gt; docker run -d microsoft/nanoserver powershell echo hyperv
+PS C:\&gt; docker run -d --isolation default microsoft/nanoserver powershell echo hyperv
+PS C:\&gt; docker run -d --isolation hyperv microsoft/nanoserver powershell echo hyperv
+</pre></div> <h3 id="specify-hard-limits-on-memory-available-to-containers--m---memory">Specify hard limits on memory available to containers (-m, --memory)</h3> <p>These parameters always set an upper limit on the memory available to the container. On Linux, this is set on the cgroup and applications in a container can query it at <code class="language-plaintext highlighter-rouge">/sys/fs/cgroup/memory/memory.limit_in_bytes</code>.</p> <p>On Windows, this will affect containers differently depending on what type of isolation is used.</p> <ul> <li> <p>With <code class="language-plaintext highlighter-rouge">process</code> isolation, Windows will report the full memory of the host system, not the limit to applications running inside the container</p> <div class="highlight"><pre class="highlight" data-language="">  PS C:\&gt; docker run -it -m 2GB --isolation=process microsoft/nanoserver powershell Get-ComputerInfo *memory*
+
+  CsTotalPhysicalMemory      : 17064509440
+  CsPhyicallyInstalledMemory : 16777216
+  OsTotalVisibleMemorySize   : 16664560
+  OsFreePhysicalMemory       : 14646720
+  OsTotalVirtualMemorySize   : 19154928
+  OsFreeVirtualMemory        : 17197440
+  OsInUseVirtualMemory       : 1957488
+  OsMaxProcessMemorySize     : 137438953344
+</pre></div>  </li> <li> <p>With <code class="language-plaintext highlighter-rouge">hyperv</code> isolation, Windows will create a utility VM that is big enough to hold the memory limit, plus the minimal OS needed to host the container. That size is reported as “Total Physical Memory.”</p> <div class="highlight"><pre class="highlight" data-language="">  PS C:\&gt; docker run -it -m 2GB --isolation=hyperv microsoft/nanoserver powershell Get-ComputerInfo *memory*
+
+  CsTotalPhysicalMemory      : 2683355136
+  CsPhyicallyInstalledMemory :
+  OsTotalVisibleMemorySize   : 2620464
+  OsFreePhysicalMemory       : 2306552
+  OsTotalVirtualMemorySize   : 2620464
+  OsFreeVirtualMemory        : 2356692
+  OsInUseVirtualMemory       : 263772
+  OsMaxProcessMemorySize     : 137438953344
+</pre></div>  </li> </ul> <h3 id="configure-namespaced-kernel-parameters-sysctls-at-runtime">Configure namespaced kernel parameters (sysctls) at runtime</h3> <p>The <code class="language-plaintext highlighter-rouge">--sysctl</code> sets namespaced kernel parameters (sysctls) in the container. For example, to turn on IP forwarding in the containers network namespace, run this command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --sysctl net.ipv4.ip_forward=1 someimage
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Not all sysctls are namespaced. Docker does not support changing sysctls inside of a container that also modify the host system. As the kernel evolves we expect to see more sysctls become namespaced.</p> </blockquote> <h4 id="currently-supported-sysctls">Currently supported sysctls</h4> <p>IPC Namespace:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">kernel.msgmax</code>, <code class="language-plaintext highlighter-rouge">kernel.msgmnb</code>, <code class="language-plaintext highlighter-rouge">kernel.msgmni</code>, <code class="language-plaintext highlighter-rouge">kernel.sem</code>, <code class="language-plaintext highlighter-rouge">kernel.shmall</code>, <code class="language-plaintext highlighter-rouge">kernel.shmmax</code>, <code class="language-plaintext highlighter-rouge">kernel.shmmni</code>, <code class="language-plaintext highlighter-rouge">kernel.shm_rmid_forced</code>.</li> <li>Sysctls beginning with <code class="language-plaintext highlighter-rouge">fs.mqueue.*</code>
+</li> <li>If you use the <code class="language-plaintext highlighter-rouge">--ipc=host</code> option these sysctls are not allowed.</li> </ul> <p>Network Namespace:</p> <ul> <li>Sysctls beginning with <code class="language-plaintext highlighter-rouge">net.*</code>
+</li> <li>If you use the <code class="language-plaintext highlighter-rouge">--network=host</code> option using these sysctls are not allowed.</li> </ul> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/run/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/run/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsave%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsave%2Findex.html
new file mode 100644
index 00000000..51dbc313
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsave%2Findex.html
@@ -0,0 +1,26 @@
+<h1>docker save</h1>  <p><br></p> <p>Save one or more images to a tar archive (streamed to STDOUT by default)</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker save [OPTIONS] IMAGE [IMAGE...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Produces a tarred repository to the standard output stream. Contains all parent layers, and all tags + versions, or specified <code class="language-plaintext highlighter-rouge">repo:tag</code>, for each argument provided.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--output</code> , <code class="language-plaintext highlighter-rouge">-o</code>
+</td> <td></td> <td>Write to a file, instead of STDOUT</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="create-a-backup-that-can-then-be-used-with-docker-load">Create a backup that can then be used with <code class="language-plaintext highlighter-rouge">docker load</code>.</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker save busybox &gt; busybox.tar
+
+$ ls -sh busybox.tar
+
+2.7M busybox.tar
+
+$ docker save --output busybox.tar busybox
+
+$ ls -sh busybox.tar
+
+2.7M busybox.tar
+
+$ docker save -o fedora-all.tar fedora
+
+$ docker save -o fedora-latest.tar fedora:latest
+</pre></div> <h3 id="save-an-image-to-a-targz-file-using-gzip">Save an image to a tar.gz file using gzip</h3> <p>You can use gzip to save the image file and make the backup smaller.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker save myimage:latest | gzip &gt; myimage_latest.tar.gz
+</pre></div> <h3 id="cherry-pick-particular-tags">Cherry-pick particular tags</h3> <p>You can even cherry-pick particular tags of an image repository.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/save/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/save/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsearch%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsearch%2Findex.html
new file mode 100644
index 00000000..1272fa6f
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsearch%2Findex.html
@@ -0,0 +1,79 @@
+<h1>docker search</h1>  <p><br></p> <p>Search the Docker Hub for images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker search [OPTIONS] TERM
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Search <a href="https://hub.docker.com">Docker Hub</a> for images</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print search using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--limit</code></td> <td><code class="language-plaintext highlighter-rouge">25</code></td> <td>Max number of search results</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Don't truncate output</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="search-images-by-name">Search images by name</h3> <p>This example displays images with a name containing ‘busybox’:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker search busybox
+
+NAME                             DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
+busybox                          Busybox base image.                             316       [OK]
+progrium/busybox                                                                 50                   [OK]
+radial/busyboxplus               Full-chain, Internet enabled, busybox made...   8                    [OK]
+odise/busybox-python                                                             2                    [OK]
+azukiapp/busybox                 This image is meant to be used as the base...   2                    [OK]
+ofayau/busybox-jvm               Prepare busybox to install a 32 bits JVM.       1                    [OK]
+shingonoide/archlinux-busybox    Arch Linux, a lightweight and flexible Lin...   1                    [OK]
+odise/busybox-curl                                                               1                    [OK]
+ofayau/busybox-libc32            Busybox with 32 bits (and 64 bits) libs         1                    [OK]
+peelsky/zulu-openjdk-busybox                                                     1                    [OK]
+skomma/busybox-data              Docker image suitable for data volume cont...   1                    [OK]
+elektritter/busybox-teamspeak    Lightweight teamspeak3 container based on...    1                    [OK]
+socketplane/busybox                                                              1                    [OK]
+oveits/docker-nginx-busybox      This is a tiny NginX docker image based on...   0                    [OK]
+ggtools/busybox-ubuntu           Busybox ubuntu version with extra goodies       0                    [OK]
+nikfoundas/busybox-confd         Minimal busybox based distribution of confd     0                    [OK]
+openshift/busybox-http-app                                                       0                    [OK]
+jllopis/busybox                                                                  0                    [OK]
+swyckoff/busybox                                                                 0                    [OK]
+powellquiring/busybox                                                            0                    [OK]
+williamyeh/busybox-sh            Docker image for BusyBox's sh                   0                    [OK]
+simplexsys/busybox-cli-powered   Docker busybox images, with a few often us...   0                    [OK]
+fhisamoto/busybox-java           Busybox java                                    0                    [OK]
+scottabernethy/busybox                                                           0                    [OK]
+marclop/busybox-solr
+</pre></div> <h3 id="display-non-truncated-description---no-trunc">Display non-truncated description (--no-trunc)</h3> <p>This example displays images with a name containing ‘busybox’, at least 3 stars and the description isn’t truncated in the output:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker search --filter=stars=3 --no-trunc busybox
+
+NAME                 DESCRIPTION                                                                               STARS     OFFICIAL   AUTOMATED
+busybox              Busybox base image.                                                                       325       [OK]
+progrium/busybox                                                                                               50                   [OK]
+radial/busyboxplus   Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors.   8                    [OK]
+</pre></div> <h3 id="limit-search-results---limit">Limit search results (--limit)</h3> <p>The flag <code class="language-plaintext highlighter-rouge">--limit</code> is the maximum number of results returned by a search. This value could be in the range between 1 and 100. The default value of <code class="language-plaintext highlighter-rouge">--limit</code> is 25.</p> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is a <code class="language-plaintext highlighter-rouge">key=value</code> pair. If there is more than one filter, then pass multiple flags (e.g. <code class="language-plaintext highlighter-rouge">--filter is-automated=true --filter stars=3</code>)</p> <p>The currently supported filters are:</p> <ul> <li>stars (int - number of stars the image has)</li> <li>is-automated (boolean - true or false) - is the image automated or not</li> <li>is-official (boolean - true or false) - is the image official or not</li> </ul> <h4 id="stars">stars</h4> <p>This example displays images with a name containing ‘busybox’ and at least 3 stars:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker search --filter stars=3 busybox
+
+NAME                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
+busybox              Busybox base image.                             325       [OK]
+progrium/busybox                                                     50                   [OK]
+radial/busyboxplus   Full-chain, Internet enabled, busybox made...   8                    [OK]
+</pre></div> <h4 id="is-automated">is-automated</h4> <p>This example displays images with a name containing ‘busybox’ and are automated builds:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker search --filter is-automated=true busybox
+
+NAME                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
+progrium/busybox                                                     50                   [OK]
+radial/busyboxplus   Full-chain, Internet enabled, busybox made...   8                    [OK]
+</pre></div> <h4 id="is-official">is-official</h4> <p>This example displays images with a name containing ‘busybox’, at least 3 stars and are official builds:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker search --filter is-official=true --filter stars=3 busybox
+
+NAME      DESCRIPTION           STARS     OFFICIAL   AUTOMATED
+busybox   Busybox base image.   325       [OK]
+</pre></div> <h3 id="format-the-output">Format the output</h3> <p>The formatting option (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints search output using a Go template.</p> <p>Valid placeholders for the Go template are:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Image Name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Description</code></td> <td>Image description</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.StarCount</code></td> <td>Number of stars for the image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.IsOfficial</code></td> <td>“OK” if image is official</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.IsAutomated</code></td> <td>“OK” if image build was automated</td> </tr> </tbody> </table> <p>When you use the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">search</code> command will output the data exactly as the template declares. If you use the <code class="language-plaintext highlighter-rouge">table</code> directive, column headers are included as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">Name</code> and <code class="language-plaintext highlighter-rouge">StarCount</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all images:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker search --format "{{.Name}}: {{.StarCount}}" nginx
+
+nginx: 5441
+jwilder/nginx-proxy: 953
+richarvey/nginx-php-fpm: 353
+million12/nginx-php: 75
+webdevops/php-nginx: 70
+h3nrik/nginx-ldap: 35
+bitnami/nginx: 23
+evild/alpine-nginx: 14
+million12/nginx: 9
+maxexcloo/nginx: 7
+</pre></div> <p>This example outputs a table format:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker search --format "table {{.Name}}\t{{.IsAutomated}}\t{{.IsOfficial}}" nginx
+
+NAME                                     AUTOMATED           OFFICIAL
+nginx                                                        [OK]
+jwilder/nginx-proxy                      [OK]
+richarvey/nginx-php-fpm                  [OK]
+jrcs/letsencrypt-nginx-proxy-companion   [OK]
+million12/nginx-php                      [OK]
+webdevops/php-nginx                      [OK]
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/search/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/search/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret%2Findex.html
new file mode 100644
index 00000000..4d71bd29
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker secret</h1>  <p><br></p> <p>Manage Docker secrets</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker secret COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage secrets.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../secret_create/index">docker secret create</a></td> <td>Create a secret from a file or STDIN as content</td> </tr> <tr> <td><a href="../secret_inspect/index">docker secret inspect</a></td> <td>Display detailed information on one or more secrets</td> </tr> <tr> <td><a href="../secret_ls/index">docker secret ls</a></td> <td>List secrets</td> </tr> <tr> <td><a href="../secret_rm/index">docker secret rm</a></td> <td>Remove one or more secrets</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/secret/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/secret/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_create%2Findex.html
new file mode 100644
index 00000000..5c57bfc9
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_create%2Findex.html
@@ -0,0 +1,52 @@
+<h1>docker secret create</h1>  <p><br></p> <p>Create a secret from a file or STDIN as content</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker secret create [OPTIONS] SECRET [file|-]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Creates a secret using standard input or from a file for the secret content.</p> <p>For detailed information about using secrets, refer to <a href="../../../swarm/secrets/index">manage sensitive data with Docker secrets</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--driver</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Secret driver</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--label</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Secret labels</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--template-driver</code></td> <td></td> <td>Template driver</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="create-a-secret">Create a secret</h3> <div class="highlight"><pre class="highlight" data-language="">$ printf "my super secret password" | docker secret create my_secret -
+
+onakdyv307se2tl7nl20anokv
+
+$ docker secret ls
+
+ID                          NAME                CREATED             UPDATED
+onakdyv307se2tl7nl20anokv   my_secret           6 seconds ago       6 seconds ago
+</pre></div> <h3 id="create-a-secret-with-a-file">Create a secret with a file</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker secret create my_secret ./secret.json
+
+dg426haahpi5ezmkkj5kyl3sn
+
+$ docker secret ls
+
+ID                          NAME                CREATED             UPDATED
+dg426haahpi5ezmkkj5kyl3sn   my_secret           7 seconds ago       7 seconds ago
+</pre></div> <h3 id="create-a-secret-with-labels">Create a secret with labels</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker secret create \
+  --label env=dev \
+  --label rev=20170324 \
+  my_secret ./secret.json
+
+eo7jnzguqgtpdah3cm5srfb97
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker secret inspect my_secret
+
+[
+    {
+        "ID": "eo7jnzguqgtpdah3cm5srfb97",
+        "Version": {
+            "Index": 17
+        },
+        "CreatedAt": "2017-03-24T08:15:09.735271783Z",
+        "UpdatedAt": "2017-03-24T08:15:09.735271783Z",
+        "Spec": {
+            "Name": "my_secret",
+            "Labels": {
+                "env": "dev",
+                "rev": "20170324"
+            }
+        }
+    }
+]
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../secret/index">docker secret</a></td> <td style="text-align: left">Manage Docker secrets</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker secret create</a></td> <td>Create a secret from a file or STDIN as content</td> </tr> <tr> <td><a href="../secret_inspect/index">docker secret inspect</a></td> <td>Display detailed information on one or more secrets</td> </tr> <tr> <td><a href="../secret_ls/index">docker secret ls</a></td> <td>List secrets</td> </tr> <tr> <td><a href="../secret_rm/index">docker secret rm</a></td> <td>Remove one or more secrets</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/secret_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/secret_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_inspect%2Findex.html
new file mode 100644
index 00000000..d4e02194
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_inspect%2Findex.html
@@ -0,0 +1,34 @@
+<h1>docker secret inspect</h1>  <p><br></p> <p>Display detailed information on one or more secrets</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker secret inspect [OPTIONS] SECRET [SECRET...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Inspects the specified secret.</p> <p>By default, this renders all results in a JSON array. If a format is specified, the given template will be executed for each result.</p> <p>Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package describes all the details of the format.</p> <p>For detailed information about using secrets, refer to <a href="../../../swarm/secrets/index">manage sensitive data with Docker secrets</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pretty</code></td> <td></td> <td>Print the information in a human friendly format</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="inspect-a-secret-by-name-or-id">Inspect a secret by name or ID</h3> <p>You can inspect a secret, either by its <em>name</em>, or <em>ID</em></p> <p>For example, given the following secret:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls
+
+ID                          NAME                CREATED             UPDATED
+eo7jnzguqgtpdah3cm5srfb97   my_secret           3 minutes ago       3 minutes ago
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker secret inspect secret.json
+</pre></div> <p>The output is in JSON format, for example:</p> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "ID": "eo7jnzguqgtpdah3cm5srfb97",
+    "Version": {
+      "Index": 17
+    },
+    "CreatedAt": "2017-03-24T08:15:09.735271783Z",
+    "UpdatedAt": "2017-03-24T08:15:09.735271783Z",
+    "Spec": {
+      "Name": "my_secret",
+      "Labels": {
+        "env": "dev",
+        "rev": "20170324"
+      }
+    }
+  }
+]
+</pre></div> <h3 id="formatting">Formatting</h3> <p>You can use the --format option to obtain specific information about a secret. The following example command outputs the creation time of the secret.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret inspect --format='{{.CreatedAt}}' eo7jnzguqgtpdah3cm5srfb97
+
+2017-03-24 08:15:09.735271783 +0000 UTC
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../secret/index">docker secret</a></td> <td style="text-align: left">Manage Docker secrets</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../secret_create/index">docker secret create</a></td> <td>Create a secret from a file or STDIN as content</td> </tr> <tr> <td><a href="index">docker secret inspect</a></td> <td>Display detailed information on one or more secrets</td> </tr> <tr> <td><a href="../secret_ls/index">docker secret ls</a></td> <td>List secrets</td> </tr> <tr> <td><a href="../secret_rm/index">docker secret rm</a></td> <td>Remove one or more secrets</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/secret_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/secret_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_ls%2Findex.html
new file mode 100644
index 00000000..d6441381
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_ls%2Findex.html
@@ -0,0 +1,48 @@
+<h1>docker secret ls</h1>  <p><br></p> <p>List secrets</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Run this command on a manager node to list the secrets in the swarm.</p> <p>For detailed information about using secrets, refer to <a href="../../../swarm/secrets/index">manage sensitive data with Docker secrets</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print secrets using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls
+
+ID                          NAME                        CREATED             UPDATED
+6697bflskwj1998km1gnnjr38   q5s5570vtvnimefos1fyeo2u2   6 weeks ago         6 weeks ago
+9u9hk4br2ej0wgngkga6rp4hq   my_secret                   5 weeks ago         5 weeks ago
+mem02h8n73mybpgqjf0kfi1n0   test_secret                 3 seconds ago       3 seconds ago
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is a <code class="language-plaintext highlighter-rouge">key=value</code> pair. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li>
+<a href="#id">id</a> (secret’s ID)</li> <li>
+<a href="#label">label</a> (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>)</li> <li>
+<a href="#name">name</a> (secret’s name)</li> </ul> <h4 id="id">id</h4> <p>The <code class="language-plaintext highlighter-rouge">id</code> filter matches all or prefix of a secret’s id.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls -f "id=6697bflskwj1998km1gnnjr38"
+
+ID                          NAME                        CREATED             UPDATED
+6697bflskwj1998km1gnnjr38   q5s5570vtvnimefos1fyeo2u2   6 weeks ago         6 weeks ago
+</pre></div> <h4 id="label">label</h4> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter matches secrets based on the presence of a <code class="language-plaintext highlighter-rouge">label</code> alone or a <code class="language-plaintext highlighter-rouge">label</code> and a value.</p> <p>The following filter matches all secrets with a <code class="language-plaintext highlighter-rouge">project</code> label regardless of its value:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls --filter label=project
+
+ID                          NAME                        CREATED             UPDATED
+mem02h8n73mybpgqjf0kfi1n0   test_secret                 About an hour ago   About an hour ago
+</pre></div> <p>The following filter matches only services with the <code class="language-plaintext highlighter-rouge">project</code> label with the <code class="language-plaintext highlighter-rouge">project-a</code> value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls --filter label=project=test
+
+ID                          NAME                        CREATED             UPDATED
+mem02h8n73mybpgqjf0kfi1n0   test_secret                 About an hour ago   About an hour ago
+</pre></div> <h4 id="name">name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on all or prefix of a secret’s name.</p> <p>The following filter matches secret with a name containing a prefix of <code class="language-plaintext highlighter-rouge">test</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls --filter name=test_secret
+
+ID                          NAME                        CREATED             UPDATED
+mem02h8n73mybpgqjf0kfi1n0   test_secret                 About an hour ago   About an hour ago
+</pre></div> <h3 id="format-the-output">Format the output</h3> <p>The formatting option (<code class="language-plaintext highlighter-rouge">--format</code>) pretty prints secrets output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Secret ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Secret name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CreatedAt</code></td> <td>Time when the secret was created</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.UpdatedAt</code></td> <td>Time when the secret was updated</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Labels</code></td> <td>All labels assigned to the secret</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Label</code></td> <td>Value of a specific label for this secret. For example <code class="language-plaintext highlighter-rouge">{{.Label "secret.ssh.key"}}</code>
+</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">secret ls</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, will include column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code> and <code class="language-plaintext highlighter-rouge">Name</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all images:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls --format "{{.ID}}: {{.Name}}"
+
+77af4d6b9913: secret-1
+b6fa739cedf5: secret-2
+78a85c484f71: secret-3
+</pre></div> <p>To list all secrets with their name and created date in a table format you can use:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls --format "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}"
+
+ID                  NAME                      CREATED
+77af4d6b9913        secret-1                  5 minutes ago
+b6fa739cedf5        secret-2                  3 hours ago
+78a85c484f71        secret-3                  10 days ago
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../secret/index">docker secret</a></td> <td style="text-align: left">Manage Docker secrets</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../secret_create/index">docker secret create</a></td> <td>Create a secret from a file or STDIN as content</td> </tr> <tr> <td><a href="../secret_inspect/index">docker secret inspect</a></td> <td>Display detailed information on one or more secrets</td> </tr> <tr> <td><a href="index">docker secret ls</a></td> <td>List secrets</td> </tr> <tr> <td><a href="../secret_rm/index">docker secret rm</a></td> <td>Remove one or more secrets</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/secret_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/secret_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_rm%2Findex.html
new file mode 100644
index 00000000..c64a9309
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsecret_rm%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker secret rm</h1>  <p><br></p> <p>Remove one or more secrets</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker secret rm SECRET [SECRET...]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Removes the specified secrets from the swarm.</p> <p>For detailed information about using secrets, refer to <a href="../../../swarm/secrets/index">manage sensitive data with Docker secrets</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <p>This example removes a secret:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret rm secret.json
+sapth4csdo5b6wz2p5uimh5xg
+</pre></div> <blockquote> <p><strong>Warning</strong></p> <p>Unlike <code class="language-plaintext highlighter-rouge">docker rm</code>, this command does not ask for confirmation before removing a secret.</p> </blockquote> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../secret/index">docker secret</a></td> <td style="text-align: left">Manage Docker secrets</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../secret_create/index">docker secret create</a></td> <td>Create a secret from a file or STDIN as content</td> </tr> <tr> <td><a href="../secret_inspect/index">docker secret inspect</a></td> <td>Display detailed information on one or more secrets</td> </tr> <tr> <td><a href="../secret_ls/index">docker secret ls</a></td> <td>List secrets</td> </tr> <tr> <td><a href="index">docker secret rm</a></td> <td>Remove one or more secrets</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/secret_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/secret_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice%2Findex.html
new file mode 100644
index 00000000..981f91ad
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker service</h1>  <p><br></p> <p>Manage services</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage services.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../service_create/index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="../service_inspect/index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="../service_logs/index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="../service_ls/index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="../service_ps/index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="../service_rm/index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="../service_rollback/index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="../service_scale/index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="../service_update/index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_create%2Findex.html
new file mode 100644
index 00000000..c9a18312
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_create%2Findex.html
@@ -0,0 +1,229 @@
+<h1>docker service create</h1>  <p><br></p> <p>Create a new service</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service create [OPTIONS] IMAGE [COMMAND] [ARG...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Creates a service as described by the specified parameters.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-add</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Add Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-drop</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Drop Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--config</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Specify configurations to expose to the service</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--constraint</code></td> <td></td> <td>Placement constraints</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--container-label</code></td> <td></td> <td>Container labels</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--credential-spec</code></td> <td></td> <td>Credential spec for managed service account (Windows only)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--detach</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Exit immediately instead of waiting for the service to converge</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns</code></td> <td></td> <td>Set custom DNS servers</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-option</code></td> <td></td> <td>Set DNS options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-search</code></td> <td></td> <td>Set custom DNS search domains</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--endpoint-mode</code></td> <td><code class="language-plaintext highlighter-rouge">vip</code></td> <td>Endpoint mode (vip or dnsrr)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--entrypoint</code></td> <td></td> <td>Overwrite the default ENTRYPOINT of the image</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--env</code> , <code class="language-plaintext highlighter-rouge">-e</code>
+</td> <td></td> <td>Set environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--env-file</code></td> <td></td> <td>Read in a file of environment variables</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--generic-resource</code></td> <td></td> <td>User defined resources</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--group</code></td> <td></td> <td>Set one or more supplementary user groups for the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-cmd</code></td> <td></td> <td>Command to run to check health</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-interval</code></td> <td></td> <td>Time between running the check (ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-retries</code></td> <td></td> <td>Consecutive failures needed to report unhealthy</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-start-period</code></td> <td></td> <td>Start period for the container to initialize before counting retries towards unstable (ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-timeout</code></td> <td></td> <td>Maximum time to allow one check to run (ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--host</code></td> <td></td> <td>Set one or more custom host-to-IP mappings (host:ip)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--hostname</code></td> <td></td> <td>Container hostname</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--init</code></td> <td></td> <td>Use an init inside each service container to forward signals and reap processes</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--isolation</code></td> <td></td> <td>Service container isolation mode</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--label</code> , <code class="language-plaintext highlighter-rouge">-l</code>
+</td> <td></td> <td>Service labels</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--limit-cpu</code></td> <td></td> <td>Limit CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--limit-memory</code></td> <td></td> <td>Limit Memory</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--limit-pids</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Swarm orchestrator.">Swarm</span><br>Limit maximum number of processes (default 0 = unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-driver</code></td> <td></td> <td>Logging driver for service</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-opt</code></td> <td></td> <td>Logging driver options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--max-concurrent</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Number of job tasks to run concurrently (default equal to --replicas)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mode</code></td> <td><code class="language-plaintext highlighter-rouge">replicated</code></td> <td>Service mode (replicated, global, replicated-job, or global-job)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mount</code></td> <td></td> <td>Attach a filesystem mount to the service</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--name</code></td> <td></td> <td>Service name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network</code></td> <td></td> <td>Network attachments</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-healthcheck</code></td> <td></td> <td>Disable any container-specified HEALTHCHECK</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-resolve-image</code></td> <td></td> <td>Do not query the registry to resolve image digest and supported platforms</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--placement-pref</code></td> <td></td> <td>Add a placement preference</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--publish</code> , <code class="language-plaintext highlighter-rouge">-p</code>
+</td> <td></td> <td>Publish a port as a node port</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress progress output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--read-only</code></td> <td></td> <td>Mount the container's root filesystem as read only</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--replicas</code></td> <td></td> <td>Number of tasks</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--replicas-max-per-node</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>Maximum number of tasks per node (default 0 = unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--reserve-cpu</code></td> <td></td> <td>Reserve CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--reserve-memory</code></td> <td></td> <td>Reserve Memory</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart-condition</code></td> <td></td> <td>Restart when condition is met ("none"|"on-failure"|"any") (default "any")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart-delay</code></td> <td></td> <td>Delay between restart attempts (ns|us|ms|s|m|h) (default 5s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart-max-attempts</code></td> <td></td> <td>Maximum number of restarts before giving up</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart-window</code></td> <td></td> <td>Window used to evaluate the restart policy (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-delay</code></td> <td></td> <td>Delay between task rollbacks (ns|us|ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-failure-action</code></td> <td></td> <td>Action on rollback failure ("pause"|"continue") (default "pause")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-max-failure-ratio</code></td> <td></td> <td>Failure rate to tolerate during a rollback (default 0)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-monitor</code></td> <td></td> <td>Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h) (default 5s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-order</code></td> <td></td> <td>Rollback order ("start-first"|"stop-first") (default "stop-first")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-parallelism</code></td> <td><code class="language-plaintext highlighter-rouge">1</code></td> <td>Maximum number of tasks rolled back simultaneously (0 to roll back all at once)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--secret</code></td> <td></td> <td>Specify secrets to expose to the service</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-grace-period</code></td> <td></td> <td>Time to wait before force killing a container (ns|us|ms|s|m|h) (default 10s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-signal</code></td> <td></td> <td>Signal to stop the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sysctl</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>Sysctl options</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tty</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>Allocate a pseudo-TTY</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Ulimit options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-delay</code></td> <td></td> <td>Delay between updates (ns|us|ms|s|m|h) (default 0s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-failure-action</code></td> <td></td> <td>Action on update failure ("pause"|"continue"|"rollback") (default "pause")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-max-failure-ratio</code></td> <td></td> <td>Failure rate to tolerate during an update (default 0)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-monitor</code></td> <td></td> <td>Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-order</code></td> <td></td> <td>Update order ("start-first"|"stop-first") (default "stop-first")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-parallelism</code></td> <td><code class="language-plaintext highlighter-rouge">1</code></td> <td>Maximum number of tasks updated simultaneously (0 to update all at once)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--user</code> , <code class="language-plaintext highlighter-rouge">-u</code>
+</td> <td></td> <td>Username or UID (format: &lt;name|uid&gt;[:&lt;group|gid&gt;])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--with-registry-auth</code></td> <td></td> <td>Send registry authentication details to swarm agents</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--workdir</code> , <code class="language-plaintext highlighter-rouge">-w</code>
+</td> <td></td> <td>Working directory inside the container</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="create-a-service">Create a service</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name redis redis:3.0.6
+
+dmu1ept4cxcfe8k8lhtux3ro3
+
+$ docker service create --mode global --name redis2 redis:3.0.6
+
+a8q9dasaafudfs8q8w32udass
+
+$ docker service ls
+
+ID            NAME    MODE        REPLICAS  IMAGE
+dmu1ept4cxcf  redis   replicated  1/1       redis:3.0.6
+a8q9dasaafud  redis2  global      1/1       redis:3.0.6
+</pre></div> <h4 id="create-a-service-using-an-image-on-a-private-registry">Create a service using an image on a private registry</h4> <p>If your image is available on a private registry which requires login, use the <code class="language-plaintext highlighter-rouge">--with-registry-auth</code> flag with <code class="language-plaintext highlighter-rouge">docker service create</code>, after logging in. If your image is stored on <code class="language-plaintext highlighter-rouge">registry.example.com</code>, which is a private registry, use a command like the following:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker login registry.example.com
+
+$ docker service  create \
+  --with-registry-auth \
+  --name my_service \
+  registry.example.com/acme/my_image:latest
+</pre></div> <p>This passes the login token from your local client to the swarm nodes where the service is deployed, using the encrypted WAL logs. With this information, the nodes are able to log into the registry and pull the image.</p> <h3 id="create-a-service-with-5-replica-tasks---replicas">Create a service with 5 replica tasks (--replicas)</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--replicas</code> flag to set the number of replica tasks for a replicated service. The following command creates a <code class="language-plaintext highlighter-rouge">redis</code> service with <code class="language-plaintext highlighter-rouge">5</code> replica tasks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name redis --replicas=5 redis:3.0.6
+
+4cdgfyky7ozwh3htjfw0d12qv
+</pre></div> <p>The above command sets the <em>desired</em> number of tasks for the service. Even though the command returns immediately, actual scaling of the service may take some time. The <code class="language-plaintext highlighter-rouge">REPLICAS</code> column shows both the <em>actual</em> and <em>desired</em> number of replica tasks for the service.</p> <p>In the following example the desired state is <code class="language-plaintext highlighter-rouge">5</code> replicas, but the current number of <code class="language-plaintext highlighter-rouge">RUNNING</code> tasks is <code class="language-plaintext highlighter-rouge">3</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME   MODE        REPLICAS  IMAGE
+4cdgfyky7ozw  redis  replicated  3/5       redis:3.0.7
+</pre></div> <p>Once all the tasks are created and <code class="language-plaintext highlighter-rouge">RUNNING</code>, the actual number of tasks is equal to the desired number:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME   MODE        REPLICAS  IMAGE
+4cdgfyky7ozw  redis  replicated  5/5       redis:3.0.7
+</pre></div> <h3 id="create-a-service-with-secrets">Create a service with secrets</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--secret</code> flag to give a container access to a <a href="../secret_create/index">secret</a>.</p> <p>Create a service specifying a secret:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name redis --secret secret.json redis:3.0.6
+
+4cdgfyky7ozwh3htjfw0d12qv
+</pre></div> <p>Create a service specifying the secret, target, user/group ID, and mode:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name redis \
+    --secret source=ssh-key,target=ssh \
+    --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 \
+    redis:3.0.6
+
+4cdgfyky7ozwh3htjfw0d12qv
+</pre></div> <p>To grant a service access to multiple secrets, use multiple <code class="language-plaintext highlighter-rouge">--secret</code> flags.</p> <p>Secrets are located in <code class="language-plaintext highlighter-rouge">/run/secrets</code> in the container if no target is specified. If no target is specified, the name of the secret is used as the in memory file in the container. If a target is specified, that is used as the filename. In the example above, two files are created: <code class="language-plaintext highlighter-rouge">/run/secrets/ssh</code> and <code class="language-plaintext highlighter-rouge">/run/secrets/app</code> for each of the secret targets specified.</p> <h3 id="create-a-service-with-configs">Create a service with configs</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--config</code> flag to give a container access to a <a href="../config_create/index">config</a>.</p> <p>Create a service with a config. The config will be mounted into <code class="language-plaintext highlighter-rouge">redis-config</code>, be owned by the user who runs the command inside the container (often <code class="language-plaintext highlighter-rouge">root</code>), and have file mode <code class="language-plaintext highlighter-rouge">0444</code> or world-readable. You can specify the <code class="language-plaintext highlighter-rouge">uid</code> and <code class="language-plaintext highlighter-rouge">gid</code> as numerical IDs or names. When using names, the provided group/user names must pre-exist in the container. The <code class="language-plaintext highlighter-rouge">mode</code> is specified as a 4-number sequence such as <code class="language-plaintext highlighter-rouge">0755</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name=redis --config redis-conf redis:3.0.6
+</pre></div> <p>Create a service with a config and specify the target location and file mode:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name redis \
+  --config source=redis-conf,target=/etc/redis/redis.conf,mode=0400 redis:3.0.6
+</pre></div> <p>To grant a service access to multiple configs, use multiple <code class="language-plaintext highlighter-rouge">--config</code> flags.</p> <p>Configs are located in <code class="language-plaintext highlighter-rouge">/</code> in the container if no target is specified. If no target is specified, the name of the config is used as the name of the file in the container. If a target is specified, that is used as the filename.</p> <h3 id="create-a-service-with-a-rolling-update-policy">Create a service with a rolling update policy</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --replicas 10 \
+  --name redis \
+  --update-delay 10s \
+  --update-parallelism 2 \
+  redis:3.0.6
+</pre></div> <p>When you run a <a href="../service_update/index">service update</a>, the scheduler updates a maximum of 2 tasks at a time, with <code class="language-plaintext highlighter-rouge">10s</code> between updates. For more information, refer to the <a href="../../../swarm/swarm-tutorial/rolling-update/index">rolling updates tutorial</a>.</p> <h3 id="set-environment-variables--e---env">Set environment variables (-e, --env)</h3> <p>This sets an environment variable for all tasks in a service. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name redis_2 \
+  --replicas 5 \
+  --env MYVAR=foo \
+  redis:3.0.6
+</pre></div> <p>To specify multiple environment variables, specify multiple <code class="language-plaintext highlighter-rouge">--env</code> flags, each with a separate key-value pair.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name redis_2 \
+  --replicas 5 \
+  --env MYVAR=foo \
+  --env MYVAR2=bar \
+  redis:3.0.6
+</pre></div> <h3 id="create-a-service-with-specific-hostname---hostname">Create a service with specific hostname (--hostname)</h3> <p>This option sets the docker service containers hostname to a specific string. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name redis --hostname myredis redis:3.0.6
+</pre></div> <h3 id="set-metadata-on-a-service--l---label">Set metadata on a service (-l, --label)</h3> <p>A label is a <code class="language-plaintext highlighter-rouge">key=value</code> pair that applies metadata to a service. To label a service with two labels:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name redis_2 \
+  --label com.example.foo="bar"
+  --label bar=baz \
+  redis:3.0.6
+</pre></div> <p>For more information about labels, refer to <a href="https://docs.docker.com/config/labels-custom-metadata/">apply custom metadata</a>.</p> <h3 id="add-bind-mounts-volumes-or-memory-filesystems">Add bind mounts, volumes or memory filesystems</h3> <p>Docker supports three different kinds of mounts, which allow containers to read from or write to files or directories, either on the host operating system, or on memory filesystems. These types are <em>data volumes</em> (often referred to simply as volumes), <em>bind mounts</em>, <em>tmpfs</em>, and <em>named pipes</em>.</p> <p>A <strong>bind mount</strong> makes a file or directory on the host available to the container it is mounted within. A bind mount may be either read-only or read-write. For example, a container might share its host’s DNS information by means of a bind mount of the host’s <code class="language-plaintext highlighter-rouge">/etc/resolv.conf</code> or a container might write logs to its host’s <code class="language-plaintext highlighter-rouge">/var/log/myContainerLogs</code> directory. If you use bind mounts and your host and containers have different notions of permissions, access controls, or other such details, you will run into portability issues.</p> <p>A <strong>named volume</strong> is a mechanism for decoupling persistent data needed by your container from the image used to create the container and from the host machine. Named volumes are created and managed by Docker, and a named volume persists even when no container is currently using it. Data in named volumes can be shared between a container and the host machine, as well as between multiple containers. Docker uses a <em>volume driver</em> to create, manage, and mount volumes. You can back up or restore volumes using Docker commands.</p> <p>A <strong>tmpfs</strong> mounts a tmpfs inside a container for volatile data.</p> <p>A <strong>npipe</strong> mounts a named pipe from the host into the container.</p> <p>Consider a situation where your image starts a lightweight web server. You could use that image as a base image, copy in your website’s HTML files, and package that into another image. Each time your website changed, you’d need to update the new image and redeploy all of the containers serving your website. A better solution is to store the website in a named volume which is attached to each of your web server containers when they start. To update the website, you just update the named volume.</p> <p>For more information about named volumes, see <a href="https://docs.docker.com/storage/volumes/">Data Volumes</a>.</p> <p>The following table describes options which apply to both bind mounts and named volumes in a service:</p> <table> <tr> <th>Option</th> <th>Required</th> <th>Description</th> </tr> <tr> <td><b>type</b></td> <td></td> <td> <p>The type of mount, can be either <tt>volume</tt>, <tt>bind</tt>, <tt>tmpfs</tt>, or <tt>npipe</tt>. Defaults to <tt>volume</tt> if no type is specified.</p> <ul> <li>
+<tt>volume</tt>: mounts a <a href="../volume_create/index">managed volume</a> into the container.</li> <li>
+<tt>bind</tt>: bind-mounts a directory or file from the host into the container.</li> <li>
+<tt>tmpfs</tt>: mount a tmpfs in the container</li> <li>
+<tt>npipe</tt>: mounts named pipe from the host into the container (Windows containers only).</li> </ul> </td> </tr> <tr> <td>
+<b>src</b> or <b>source</b>
+</td> <td>for <tt>type=bind</tt> and <tt>type=npipe</tt>
+</td> <td> <ul> <li> <tt>type=volume</tt>: <tt>src</tt> is an optional way to specify the name of the volume (for example, <tt>src=my-volume</tt>). If the named volume does not exist, it is automatically created. If no <tt>src</tt> is specified, the volume is assigned a random name which is guaranteed to be unique on the host, but may not be unique cluster-wide. A randomly-named volume has the same lifecycle as its container and is destroyed when the <i>container</i> is destroyed (which is upon <tt>service update</tt>, or when scaling or re-balancing the service) </li> <li> <tt>type=bind</tt>: <tt>src</tt> is required, and specifies an absolute path to the file or directory to bind-mount (for example, <tt>src=/path/on/host/</tt>). An error is produced if the file or directory does not exist. </li> <li> <tt>type=tmpfs</tt>: <tt>src</tt> is not supported. </li> </ul> </td> </tr> <tr> <td><p><b>dst</b> or <b>destination</b> or <b>target</b></p></td> <td>yes</td> <td> <p>Mount path inside the container, for example <tt>/some/path/in/container/</tt>. If the path does not exist in the container's filesystem, the Engine creates a directory at the specified location before mounting the volume or bind mount.</p> </td> </tr> <tr> <td><p><b>readonly</b> or <b>ro</b></p></td> <td></td> <td> <p>The Engine mounts binds and volumes <tt>read-write</tt> unless <tt>readonly</tt> option is given when mounting the bind or volume. Note that setting <tt>readonly</tt> for a bind-mount does not make its submounts <tt>readonly</tt> on the current Linux implementation. See also <tt>bind-nonrecursive</tt>.</p> <ul> <li>
+<tt>true</tt> or <tt>1</tt> or no value: Mounts the bind or volume read-only.</li> <li>
+<tt>false</tt> or <tt>0</tt>: Mounts the bind or volume read-write.</li> </ul> </td> </tr> </table> <h4 id="options-for-bind-mounts">Options for Bind Mounts</h4> <p>The following options can only be used for bind mounts (<code class="language-plaintext highlighter-rouge">type=bind</code>):</p> <table> <tr> <th>Option</th> <th>Description</th> </tr> <tr> <td><b>bind-propagation</b></td> <td> <p>See the <a href="#bind-propagation">bind propagation section</a>.</p> </td> </tr> <tr> <td><b>consistency</b></td> <td> <p>The consistency requirements for the mount; one of </p> <ul> <li>
+<tt>default</tt>: Equivalent to <tt>consistent</tt>.</li> <li>
+<tt>consistent</tt>: Full consistency. The container runtime and the host maintain an identical view of the mount at all times.</li> <li>
+<tt>cached</tt>: The host's view of the mount is authoritative. There may be delays before updates made on the host are visible within a container.</li> <li>
+<tt>delegated</tt>: The container runtime's view of the mount is authoritative. There may be delays before updates made in a container are visible on the host.</li> </ul> </td> </tr> <tr> <td><b>bind-nonrecursive</b></td> <td> By default, submounts are recursively bind-mounted as well. However, this behavior can be confusing when a bind mount is configured with <tt>readonly</tt> option, because submounts are not mounted as read-only. Set <tt>bind-nonrecursive</tt> to disable recursive bind-mount.<br> <br> A value is optional:<br> <br> <ul> <li>
+<tt>true</tt> or <tt>1</tt>: Disables recursive bind-mount.</li> <li>
+<tt>false</tt> or <tt>0</tt>: Default if you do not provide a value. Enables recursive bind-mount.</li> </ul> </td> </tr> </table> <h5 id="bind-propagation">Bind propagation</h5> <p>Bind propagation refers to whether or not mounts created within a given bind mount or named volume can be propagated to replicas of that mount. Consider a mount point <code class="language-plaintext highlighter-rouge">/mnt</code>, which is also mounted on <code class="language-plaintext highlighter-rouge">/tmp</code>. The propagation settings control whether a mount on <code class="language-plaintext highlighter-rouge">/tmp/a</code> would also be available on <code class="language-plaintext highlighter-rouge">/mnt/a</code>. Each propagation setting has a recursive counterpoint. In the case of recursion, consider that <code class="language-plaintext highlighter-rouge">/tmp/a</code> is also mounted as <code class="language-plaintext highlighter-rouge">/foo</code>. The propagation settings control whether <code class="language-plaintext highlighter-rouge">/mnt/a</code> and/or <code class="language-plaintext highlighter-rouge">/tmp/a</code> would exist.</p> <p>The <code class="language-plaintext highlighter-rouge">bind-propagation</code> option defaults to <code class="language-plaintext highlighter-rouge">rprivate</code> for both bind mounts and volume mounts, and is only configurable for bind mounts. In other words, named volumes do not support bind propagation.</p> <ul> <li>
+<strong><code class="language-plaintext highlighter-rouge">shared</code></strong>: Sub-mounts of the original mount are exposed to replica mounts, and sub-mounts of replica mounts are also propagated to the original mount.</li> <li>
+<strong><code class="language-plaintext highlighter-rouge">slave</code></strong>: similar to a shared mount, but only in one direction. If the original mount exposes a sub-mount, the replica mount can see it. However, if the replica mount exposes a sub-mount, the original mount cannot see it.</li> <li>
+<strong><code class="language-plaintext highlighter-rouge">private</code></strong>: The mount is private. Sub-mounts within it are not exposed to replica mounts, and sub-mounts of replica mounts are not exposed to the original mount.</li> <li>
+<strong><code class="language-plaintext highlighter-rouge">rshared</code></strong>: The same as shared, but the propagation also extends to and from mount points nested within any of the original or replica mount points.</li> <li>
+<strong><code class="language-plaintext highlighter-rouge">rslave</code></strong>: The same as <code class="language-plaintext highlighter-rouge">slave</code>, but the propagation also extends to and from mount points nested within any of the original or replica mount points.</li> <li>
+<strong><code class="language-plaintext highlighter-rouge">rprivate</code></strong>: The default. The same as <code class="language-plaintext highlighter-rouge">private</code>, meaning that no mount points anywhere within the original or replica mount points propagate in either direction.</li> </ul> <p>For more information about bind propagation, see the <a href="https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt">Linux kernel documentation for shared subtree</a>.</p> <h4 id="options-for-named-volumes">Options for named volumes</h4> <p>The following options can only be used for named volumes (<code class="language-plaintext highlighter-rouge">type=volume</code>):</p> <table> <tr> <th>Option</th> <th>Description</th> </tr> <tr> <td><b>volume-driver</b></td> <td> <p>Name of the volume-driver plugin to use for the volume. Defaults to <tt>"local"</tt>, to use the local volume driver to create the volume if the volume does not exist.</p> </td> </tr> <tr> <td><b>volume-label</b></td> <td> One or more custom metadata ("labels") to apply to the volume upon creation. For example, <tt>volume-label=mylabel=hello-world,my-other-label=hello-mars</tt>. For more information about labels, refer to <a href="https://docs.docker.com/config/labels-custom-metadata/">apply custom metadata</a>. </td> </tr> <tr> <td><b>volume-nocopy</b></td> <td> By default, if you attach an empty volume to a container, and files or directories already existed at the mount-path in the container (<tt>dst</tt>), the Engine copies those files and directories into the volume, allowing the host to access them. Set <tt>volume-nocopy</tt> to disable copying files from the container's filesystem to the volume and mount the empty volume.<br> <br> A value is optional:<br> <br> <ul> <li>
+<tt>true</tt> or <tt>1</tt>: Default if you do not provide a value. Disables copying.</li> <li>
+<tt>false</tt> or <tt>0</tt>: Enables copying.</li> </ul> </td> </tr> <tr> <td><b>volume-opt</b></td> <td> Options specific to a given volume driver, which will be passed to the driver when creating the volume. Options are provided as a comma-separated list of key/value pairs, for example, <tt>volume-opt=some-option=some-value,volume-opt=some-other-option=some-other-value</tt>. For available options for a given driver, refer to that driver's documentation. </td> </tr> </table> <h4 id="options-for-tmpfs">Options for tmpfs</h4> <p>The following options can only be used for tmpfs mounts (<code class="language-plaintext highlighter-rouge">type=tmpfs</code>);</p> <table> <tr> <th>Option</th> <th>Description</th> </tr> <tr> <td><b>tmpfs-size</b></td> <td>Size of the tmpfs mount in bytes. Unlimited by default in Linux.</td> </tr> <tr> <td><b>tmpfs-mode</b></td> <td>File mode of the tmpfs in octal. (e.g. <tt>"700"</tt> or <tt>"0700"</tt>.) Defaults to <tt>"1777"</tt> in Linux.</td> </tr> </table> <h4 id="differences-between---mount-and---volume">Differences between “--mount” and “--volume”</h4> <p>The <code class="language-plaintext highlighter-rouge">--mount</code> flag supports most options that are supported by the <code class="language-plaintext highlighter-rouge">-v</code> or <code class="language-plaintext highlighter-rouge">--volume</code> flag for <code class="language-plaintext highlighter-rouge">docker run</code>, with some important exceptions:</p> <ul> <li> <p>The <code class="language-plaintext highlighter-rouge">--mount</code> flag allows you to specify a volume driver and volume driver options <em>per volume</em>, without creating the volumes in advance. In contrast, <code class="language-plaintext highlighter-rouge">docker run</code> allows you to specify a single volume driver which is shared by all volumes, using the <code class="language-plaintext highlighter-rouge">--volume-driver</code> flag.</p> </li> <li> <p>The <code class="language-plaintext highlighter-rouge">--mount</code> flag allows you to specify custom metadata (“labels”) for a volume, before the volume is created.</p> </li> <li> <p>When you use <code class="language-plaintext highlighter-rouge">--mount</code> with <code class="language-plaintext highlighter-rouge">type=bind</code>, the host-path must refer to an <em>existing</em> path on the host. The path will not be created for you and the service will fail with an error if the path does not exist.</p> </li> <li> <p>The <code class="language-plaintext highlighter-rouge">--mount</code> flag does not allow you to relabel a volume with <code class="language-plaintext highlighter-rouge">Z</code> or <code class="language-plaintext highlighter-rouge">z</code> flags, which are used for <code class="language-plaintext highlighter-rouge">selinux</code> labeling.</p> </li> </ul> <h4 id="create-a-service-using-a-named-volume">Create a service using a named volume</h4> <p>The following example creates a service that uses a named volume:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name my-service \
+  --replicas 3 \
+  --mount type=volume,source=my-volume,destination=/path/in/container,volume-label="color=red",volume-label="shape=round" \
+  nginx:alpine
+</pre></div> <p>For each replica of the service, the engine requests a volume named “my-volume” from the default (“local”) volume driver where the task is deployed. If the volume does not exist, the engine creates a new volume and applies the “color” and “shape” labels.</p> <p>When the task is started, the volume is mounted on <code class="language-plaintext highlighter-rouge">/path/in/container/</code> inside the container.</p> <p>Be aware that the default (“local”) volume is a locally scoped volume driver. This means that depending on where a task is deployed, either that task gets a <em>new</em> volume named “my-volume”, or shares the same “my-volume” with other tasks of the same service. Multiple containers writing to a single shared volume can cause data corruption if the software running inside the container is not designed to handle concurrent processes writing to the same location. Also take into account that containers can be re-scheduled by the Swarm orchestrator and be deployed on a different node.</p> <h4 id="create-a-service-that-uses-an-anonymous-volume">Create a service that uses an anonymous volume</h4> <p>The following command creates a service with three replicas with an anonymous volume on <code class="language-plaintext highlighter-rouge">/path/in/container</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name my-service \
+  --replicas 3 \
+  --mount type=volume,destination=/path/in/container \
+  nginx:alpine
+</pre></div> <p>In this example, no name (<code class="language-plaintext highlighter-rouge">source</code>) is specified for the volume, so a new volume is created for each task. This guarantees that each task gets its own volume, and volumes are not shared between tasks. Anonymous volumes are removed after the task using them is complete.</p> <h4 id="create-a-service-that-uses-a-bind-mounted-host-directory">Create a service that uses a bind-mounted host directory</h4> <p>The following example bind-mounts a host directory at <code class="language-plaintext highlighter-rouge">/path/in/container</code> in the containers backing the service:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name my-service \
+  --mount type=bind,source=/path/on/host,destination=/path/in/container \
+  nginx:alpine
+</pre></div> <h3 id="set-service-mode---mode">Set service mode (--mode)</h3> <p>The service mode determines whether this is a <em>replicated</em> service or a <em>global</em> service. A replicated service runs as many tasks as specified, while a global service runs on each active node in the swarm.</p> <p>The following command creates a global service:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+ --name redis_2 \
+ --mode global \
+ redis:3.0.6
+</pre></div> <h3 id="specify-service-constraints---constraint">Specify service constraints (--constraint)</h3> <p>You can limit the set of nodes where a task can be scheduled by defining constraint expressions. Constraint expressions can either use a <em>match</em> (<code class="language-plaintext highlighter-rouge">==</code>) or <em>exclude</em> (<code class="language-plaintext highlighter-rouge">!=</code>) rule. Multiple constraints find nodes that satisfy every expression (AND match). Constraints can match node or Docker Engine labels as follows:</p> <table> <thead> <tr> <th>node attribute</th> <th>matches</th> <th>example</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">node.id</code></td> <td>Node ID</td> <td><code class="language-plaintext highlighter-rouge">node.id==2ivku8v2gvtg4</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">node.hostname</code></td> <td>Node hostname</td> <td><code class="language-plaintext highlighter-rouge">node.hostname!=node-2</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">node.role</code></td> <td>Node role (<code class="language-plaintext highlighter-rouge">manager</code>/<code class="language-plaintext highlighter-rouge">worker</code>)</td> <td><code class="language-plaintext highlighter-rouge">node.role==manager</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">node.platform.os</code></td> <td>Node operating system</td> <td><code class="language-plaintext highlighter-rouge">node.platform.os==windows</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">node.platform.arch</code></td> <td>Node architecture</td> <td><code class="language-plaintext highlighter-rouge">node.platform.arch==x86_64</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">node.labels</code></td> <td>User-defined node labels</td> <td><code class="language-plaintext highlighter-rouge">node.labels.security==high</code></td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">engine.labels</code></td> <td>Docker Engine’s labels</td> <td><code class="language-plaintext highlighter-rouge">engine.labels.operatingsystem==ubuntu-14.04</code></td> </tr> </tbody> </table> <p><code class="language-plaintext highlighter-rouge">engine.labels</code> apply to Docker Engine labels like operating system, drivers, etc. Swarm administrators add <code class="language-plaintext highlighter-rouge">node.labels</code> for operational purposes by using the <a href="../node_update/index"><code class="language-plaintext highlighter-rouge">docker node update</code></a> command.</p> <p>For example, the following limits tasks for the redis service to nodes where the node type label equals queue:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name redis_2 \
+  --constraint node.platform.os==linux \
+  --constraint node.labels.type==queue \
+  redis:3.0.6
+</pre></div> <p>If the service constraints exclude all nodes in the cluster, a message is printed that no suitable node is found, but the scheduler will start a reconciliation loop and deploy the service once a suitable node becomes available.</p> <p>In the example below, no node satisfying the constraint was found, causing the service to not reconcile with the desired state:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name web \
+  --constraint node.labels.region==east \
+  nginx:alpine
+
+lx1wrhhpmbbu0wuk0ybws30bc
+overall progress: 0 out of 1 tasks
+1/1: no suitable node (scheduling constraints not satisfied on 5 nodes)
+
+$ docker service ls
+ID                  NAME     MODE         REPLICAS   IMAGE               PORTS
+b6lww17hrr4e        web      replicated   0/1        nginx:alpine
+</pre></div> <p>After adding the <code class="language-plaintext highlighter-rouge">region=east</code> label to a node in the cluster, the service reconciles, and the desired number of replicas are deployed:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --label-add region=east yswe2dm4c5fdgtsrli1e8ya5l
+yswe2dm4c5fdgtsrli1e8ya5l
+
+$ docker service ls
+ID                  NAME     MODE         REPLICAS   IMAGE               PORTS
+b6lww17hrr4e        web      replicated   1/1        nginx:alpine
+</pre></div> <h3 id="specify-service-placement-preferences---placement-pref">Specify service placement preferences (--placement-pref)</h3> <p>You can set up the service to divide tasks evenly over different categories of nodes. One example of where this can be useful is to balance tasks over a set of datacenters or availability zones. The example below illustrates this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --replicas 9 \
+  --name redis_2 \
+  --placement-pref spread=node.labels.datacenter \
+  redis:3.0.6
+</pre></div> <p>This uses <code class="language-plaintext highlighter-rouge">--placement-pref</code> with a <code class="language-plaintext highlighter-rouge">spread</code> strategy (currently the only supported strategy) to spread tasks evenly over the values of the <code class="language-plaintext highlighter-rouge">datacenter</code> node label. In this example, we assume that every node has a <code class="language-plaintext highlighter-rouge">datacenter</code> node label attached to it. If there are three different values of this label among nodes in the swarm, one third of the tasks will be placed on the nodes associated with each value. This is true even if there are more nodes with one value than another. For example, consider the following set of nodes:</p> <ul> <li>Three nodes with <code class="language-plaintext highlighter-rouge">node.labels.datacenter=east</code>
+</li> <li>Two nodes with <code class="language-plaintext highlighter-rouge">node.labels.datacenter=south</code>
+</li> <li>One node with <code class="language-plaintext highlighter-rouge">node.labels.datacenter=west</code>
+</li> </ul> <p>Since we are spreading over the values of the <code class="language-plaintext highlighter-rouge">datacenter</code> label and the service has 9 replicas, 3 replicas will end up in each datacenter. There are three nodes associated with the value <code class="language-plaintext highlighter-rouge">east</code>, so each one will get one of the three replicas reserved for this value. There are two nodes with the value <code class="language-plaintext highlighter-rouge">south</code>, and the three replicas for this value will be divided between them, with one receiving two replicas and another receiving just one. Finally, <code class="language-plaintext highlighter-rouge">west</code> has a single node that will get all three replicas reserved for <code class="language-plaintext highlighter-rouge">west</code>.</p> <p>If the nodes in one category (for example, those with <code class="language-plaintext highlighter-rouge">node.labels.datacenter=south</code>) can’t handle their fair share of tasks due to constraints or resource limitations, the extra tasks will be assigned to other nodes instead, if possible.</p> <p>Both engine labels and node labels are supported by placement preferences. The example above uses a node label, because the label is referenced with <code class="language-plaintext highlighter-rouge">node.labels.datacenter</code>. To spread over the values of an engine label, use <code class="language-plaintext highlighter-rouge">--placement-pref spread=engine.labels.&lt;labelname&gt;</code>.</p> <p>It is possible to add multiple placement preferences to a service. This establishes a hierarchy of preferences, so that tasks are first divided over one category, and then further divided over additional categories. One example of where this may be useful is dividing tasks fairly between datacenters, and then splitting the tasks within each datacenter over a choice of racks. To add multiple placement preferences, specify the <code class="language-plaintext highlighter-rouge">--placement-pref</code> flag multiple times. The order is significant, and the placement preferences will be applied in the order given when making scheduling decisions.</p> <p>The following example sets up a service with multiple placement preferences. Tasks are spread first over the various datacenters, and then over racks (as indicated by the respective labels):</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --replicas 9 \
+  --name redis_2 \
+  --placement-pref 'spread=node.labels.datacenter' \
+  --placement-pref 'spread=node.labels.rack' \
+  redis:3.0.6
+</pre></div> <p>When updating a service with <code class="language-plaintext highlighter-rouge">docker service update</code>, <code class="language-plaintext highlighter-rouge">--placement-pref-add</code> appends a new placement preference after all existing placement preferences. <code class="language-plaintext highlighter-rouge">--placement-pref-rm</code> removes an existing placement preference that matches the argument.</p> <h3 id="specify-memory-requirements-and-constraints-for-a-service---reserve-memory-and---limit-memory">Specify memory requirements and constraints for a service (--reserve-memory and --limit-memory)</h3> <p>If your service needs a minimum amount of memory in order to run correctly, you can use <code class="language-plaintext highlighter-rouge">--reserve-memory</code> to specify that the service should only be scheduled on a node with this much memory available to reserve. If no node is available that meets the criteria, the task is not scheduled, but remains in a pending state.</p> <p>The following example requires that 4GB of memory be available and reservable on a given node before scheduling the service to run on that node.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --reserve-memory=4GB --name=too-big nginx:alpine
+</pre></div> <p>The managers won’t schedule a set of containers on a single node whose combined reservations exceed the memory available on that node.</p> <p>After a task is scheduled and running, <code class="language-plaintext highlighter-rouge">--reserve-memory</code> does not enforce a memory limit. Use <code class="language-plaintext highlighter-rouge">--limit-memory</code> to ensure that a task uses no more than a given amount of memory on a node. This example limits the amount of memory used by the task to 4GB. The task will be scheduled even if each of your nodes has only 2GB of memory, because <code class="language-plaintext highlighter-rouge">--limit-memory</code> is an upper limit.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --limit-memory=4GB --name=too-big nginx:alpine
+</pre></div> <p>Using <code class="language-plaintext highlighter-rouge">--reserve-memory</code> and <code class="language-plaintext highlighter-rouge">--limit-memory</code> does not guarantee that Docker will not use more memory on your host than you want. For instance, you could create many services, the sum of whose memory usage could exhaust the available memory.</p> <p>You can prevent this scenario from exhausting the available memory by taking into account other (non-containerized) software running on the host as well. If <code class="language-plaintext highlighter-rouge">--reserve-memory</code> is greater than or equal to <code class="language-plaintext highlighter-rouge">--limit-memory</code>, Docker won’t schedule a service on a host that doesn’t have enough memory. <code class="language-plaintext highlighter-rouge">--limit-memory</code> will limit the service’s memory to stay within that limit, so if every service has a memory-reservation and limit set, Docker services will be less likely to saturate the host. Other non-service containers or applications running directly on the Docker host could still exhaust memory.</p> <p>There is a downside to this approach. Reserving memory also means that you may not make optimum use of the memory available on the node. Consider a service that under normal circumstances uses 100MB of memory, but depending on load can “peak” at 500MB. Reserving 500MB for that service (to guarantee can have 500MB for those “peaks”) results in 400MB of memory being wasted most of the time.</p> <p>In short, you can take a more conservative or more flexible approach:</p> <ul> <li> <p><strong>Conservative</strong>: reserve 500MB, and limit to 500MB. Basically you’re now treating the service containers as VMs, and you may be losing a big advantage containers, which is greater density of services per host.</p> </li> <li> <p><strong>Flexible</strong>: limit to 500MB in the assumption that if the service requires more than 500MB, it is malfunctioning. Reserve something between the 100MB “normal” requirement and the 500MB “peak” requirement”. This assumes that when this service is at “peak”, other services or non-container workloads probably won’t be.</p> </li> </ul> <p>The approach you take depends heavily on the memory-usage patterns of your workloads. You should test under normal and peak conditions before settling on an approach.</p> <p>On Linux, you can also limit a service’s overall memory footprint on a given host at the level of the host operating system, using <code class="language-plaintext highlighter-rouge">cgroups</code> or other relevant operating system tools.</p> <h3 id="specify-maximum-replicas-per-node---replicas-max-per-node">Specify maximum replicas per node (--replicas-max-per-node)</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--replicas-max-per-node</code> flag to set the maximum number of replica tasks that can run on a node. The following command creates a nginx service with 2 replica tasks but only one replica task per node.</p> <p>One example where this can be useful is to balance tasks over a set of data centers together with <code class="language-plaintext highlighter-rouge">--placement-pref</code> and let <code class="language-plaintext highlighter-rouge">--replicas-max-per-node</code> setting make sure that replicas are not migrated to another datacenter during maintenance or datacenter failure.</p> <p>The example below illustrates this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name nginx \
+  --replicas 2 \
+  --replicas-max-per-node 1 \
+  --placement-pref 'spread=node.labels.datacenter' \
+  nginx
+</pre></div> <h3 id="attach-a-service-to-an-existing-network---network">Attach a service to an existing network (--network)</h3> <p>You can use overlay networks to connect one or more services within the swarm.</p> <p>First, create an overlay network on a manager node the docker network create command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create --driver overlay my-network
+
+etjpu59cykrptrgw0z0hk5snf
+</pre></div> <p>After you create an overlay network in swarm mode, all manager nodes have access to the network.</p> <p>When you create a service and pass the <code class="language-plaintext highlighter-rouge">--network</code> flag to attach the service to the overlay network:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --replicas 3 \
+  --network my-network \
+  --name my-web \
+  nginx
+
+716thylsndqma81j6kkkb5aus
+</pre></div> <p>The swarm extends my-network to each node running the service.</p> <p>Containers on the same network can access each other using <a href="https://docs.docker.com/network/overlay/#container-discovery">service discovery</a>.</p> <p>Long form syntax of <code class="language-plaintext highlighter-rouge">--network</code> allows to specify list of aliases and driver options: <code class="language-plaintext highlighter-rouge">--network name=my-network,alias=web1,driver-opt=field1=value1</code></p> <h3 id="publish-service-ports-externally-to-the-swarm--p---publish">Publish service ports externally to the swarm (-p, --publish)</h3> <p>You can publish service ports to make them available externally to the swarm using the <code class="language-plaintext highlighter-rouge">--publish</code> flag. The <code class="language-plaintext highlighter-rouge">--publish</code> flag can take two different styles of arguments. The short version is positional, and allows you to specify the published port and target port separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>).</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name my_web --replicas 3 --publish 8080:80 nginx
+</pre></div> <p>There is also a long format, which is easier to read and allows you to specify more options. The long format is preferred. You cannot specify the service’s mode when using the short format. Here is an example of using the long format for the same service as above:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name my_web --replicas 3 --publish published=8080,target=80 nginx
+</pre></div> <p>The options you can specify are:</p> <table> <thead> <tr> <th>Option</th> <th>Short syntax</th> <th>Long syntax</th> <th>Description</th> </tr> </thead> <tr> <td>published and target port</td> <td><tt>--publish 8080:80</tt></td> <td><tt>--publish published=8080,target=80</tt></td> <td><p> The target port within the container and the port to map it to on the nodes, using the routing mesh (<tt>ingress</tt>) or host-level networking. More options are available, later in this table. The key-value syntax is preferred, because it is somewhat self-documenting. </p></td> </tr> <tr> <td>mode</td> <td>Not possible to set using short syntax.</td> <td><tt>--publish published=8080,target=80,mode=host</tt></td> <td><p> The mode to use for binding the port, either <tt>ingress</tt> or <tt>host</tt>. Defaults to <tt>ingress</tt> to use the routing mesh. </p></td> </tr> <tr> <td>protocol</td> <td><tt>--publish 8080:80/tcp</tt></td> <td><tt>--publish published=8080,target=80,protocol=tcp</tt></td> <td><p> The protocol to use, <tt>tcp</tt> , <tt>udp</tt>, or <tt>sctp</tt>. Defaults to <tt>tcp</tt>. To bind a port for both protocols, specify the <tt>-p</tt> or <tt>--publish</tt> flag twice. </p></td> </tr> </table> <p>When you publish a service port using <code class="language-plaintext highlighter-rouge">ingress</code> mode, the swarm routing mesh makes the service accessible at the published port on every node regardless if there is a task for the service running on the node. If you use <code class="language-plaintext highlighter-rouge">host</code> mode, the port is only bound on nodes where the service is running, and a given port on a node can only be bound once. You can only set the publication mode using the long syntax. For more information refer to <a href="../../../swarm/ingress/index">Use swarm mode routing mesh</a>.</p> <h3 id="provide-credential-specs-for-managed-service-accounts-windows-only">Provide credential specs for managed service accounts (Windows only)</h3> <p>This option is only used for services using Windows containers. The <code class="language-plaintext highlighter-rouge">--credential-spec</code> must be in the format <code class="language-plaintext highlighter-rouge">file://&lt;filename&gt;</code> or <code class="language-plaintext highlighter-rouge">registry://&lt;value-name&gt;</code>.</p> <p>When using the <code class="language-plaintext highlighter-rouge">file://&lt;filename&gt;</code> format, the referenced file must be present in the <code class="language-plaintext highlighter-rouge">CredentialSpecs</code> subdirectory in the docker data directory, which defaults to <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\</code> on Windows. For example, specifying <code class="language-plaintext highlighter-rouge">file://spec.json</code> loads <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\CredentialSpecs\spec.json</code>.</p> <p>When using the <code class="language-plaintext highlighter-rouge">registry://&lt;value-name&gt;</code> format, the credential spec is read from the Windows registry on the daemon’s host. The specified registry value must be located in:</p> <div class="highlight"><pre class="highlight" data-language="">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs
+</pre></div> <h3 id="create-services-using-templates">Create services using templates</h3> <p>You can use templates for some flags of <code class="language-plaintext highlighter-rouge">service create</code>, using the syntax provided by the Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package.</p> <p>The supported flags are the following :</p> <ul> <li><code class="language-plaintext highlighter-rouge">--hostname</code></li> <li><code class="language-plaintext highlighter-rouge">--mount</code></li> <li><code class="language-plaintext highlighter-rouge">--env</code></li> </ul> <p>Valid placeholders for the Go template are listed below:</p> <table> <tr> <th>Placeholder</th> <th>Description</th> </tr> <tr> <td><tt>.Service.ID</tt></td> <td>Service ID</td> </tr> <tr> <td><tt>.Service.Name</tt></td> <td>Service name</td> </tr> <tr> <td><tt>.Service.Labels</tt></td> <td>Service labels</td> </tr> <tr> <td><tt>.Node.ID</tt></td> <td>Node ID</td> </tr> <tr> <td><tt>.Node.Hostname</tt></td> <td>Node Hostname</td> </tr> <tr> <td><tt>.Task.ID</tt></td> <td>Task ID</td> </tr> <tr> <td><tt>.Task.Name</tt></td> <td>Task name</td> </tr> <tr> <td><tt>.Task.Slot</tt></td> <td>Task slot</td> </tr> </table> <h4 id="template-example">Template example</h4> <p>In this example, we are going to set the template of the created containers based on the service’s name, the node’s ID and hostname where it sits.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+    --name hosttempl \
+    --hostname="{{.Node.Hostname}}-{{.Node.ID}}-{{.Service.Name}}"\
+    busybox top
+
+va8ew30grofhjoychbr6iot8c
+
+$ docker service ps va8ew30grofhjoychbr6iot8c
+
+ID            NAME         IMAGE                                                                                   NODE          DESIRED STATE  CURRENT STATE               ERROR  PORTS
+wo41w8hg8qan  hosttempl.1  busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912  2e7a8a9c4da2  Running        Running about a minute ago
+
+$ docker inspect --format="{{.Config.Hostname}}" 2e7a8a9c4da2-wo41w8hg8qanxwjwsg4kxpprj-hosttempl
+
+x3ti0erg11rjpg64m75kej2mz-hosttempl
+</pre></div> <h3 id="specify-isolation-mode-windows">Specify isolation mode (Windows)</h3> <p>By default, tasks scheduled on Windows nodes are run using the default isolation mode configured for this particular node. To force a specific isolation mode, you can use the <code class="language-plaintext highlighter-rouge">--isolation</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name myservice --isolation=process microsoft/nanoserver
+</pre></div> <p>Supported isolation modes on Windows are:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">default</code>: use default settings specified on the node running the task</li> <li>
+<code class="language-plaintext highlighter-rouge">process</code>: use process isolation (Windows server only)</li> <li>
+<code class="language-plaintext highlighter-rouge">hyperv</code>: use Hyper-V isolation</li> </ul> <h3 id="create-services-requesting-generic-resources">Create services requesting Generic Resources</h3> <p>You can narrow the kind of nodes your task can land on through the using the <code class="language-plaintext highlighter-rouge">--generic-resource</code> flag (if the nodes advertise these resources):</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+    --name cuda \
+    --generic-resource "NVIDIA-GPU=2" \
+    --generic-resource "SSD=1" \
+    nvidia/cuda
+</pre></div> <h3 id="running-as-a-job">Running as a job</h3> <p>Jobs are a special kind of service designed to run an operation to completion and then stop, as opposed to running long-running daemons. When a Task belonging to a job exits successfully (return value 0), the Task is marked as “Completed”, and is not run again.</p> <p>Jobs are started by using one of two modes, <code class="language-plaintext highlighter-rouge">replicated-job</code> or <code class="language-plaintext highlighter-rouge">global-job</code></p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name myjob \
+                        --mode replicated-job \
+                        bash "true"
+</pre></div> <p>This command will run one Task, which will, using the <code class="language-plaintext highlighter-rouge">bash</code> image, execute the command <code class="language-plaintext highlighter-rouge">true</code>, which will return 0 and then exit.</p> <p>Though Jobs are ultimately a different kind of service, they a couple of caveats compared to other services:</p> <ul> <li>None of the update or rollback configuration options are valid. Jobs can be updated, but cannot be rolled out or rolled back, making these configuration options moot.</li> <li>Jobs are never restarted on reaching the <code class="language-plaintext highlighter-rouge">Complete</code> state. This means that for jobs, setting <code class="language-plaintext highlighter-rouge">--restart-condition</code> to <code class="language-plaintext highlighter-rouge">any</code> is the same as setting it to <code class="language-plaintext highlighter-rouge">on-failure</code>.</li> </ul> <p>Jobs are available in both replicated and global modes.</p> <h4 id="replicated-jobs">Replicated Jobs</h4> <p>A replicated job is like a replicated service. Setting the <code class="language-plaintext highlighter-rouge">--replicas</code> flag will specify total number of iterations of a job to execute.</p> <p>By default, all replicas of a replicated job will launch at once. To control the total number of replicas that are executing simultaneously at any one time, the <code class="language-plaintext highlighter-rouge">--max-concurrent</code> flag can be used:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+    --name mythrottledjob \
+    --mode replicated-job \
+    --replicas 10 \
+    --max-concurrent 2 \
+    bash "true"
+</pre></div> <p>The above command will execute 10 Tasks in total, but only 2 of them will be run at any given time.</p> <h4 id="global-jobs">Global Jobs</h4> <p>Global jobs are like global services, in that a Task is executed once on each node matching placement constraints. Global jobs are represented by the mode <code class="language-plaintext highlighter-rouge">global-job</code>.</p> <p>Note that after a Global job is created, any new Nodes added to the cluster will have a Task from that job started on them. The Global Job does not as a whole have a “done” state, except insofar as every Node meeting the job’s constraints has a Completed task.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../service/index">docker service</a></td> <td style="text-align: left">Manage services</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="../service_inspect/index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="../service_logs/index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="../service_ls/index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="../service_ps/index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="../service_rm/index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="../service_rollback/index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="../service_scale/index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="../service_update/index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_inspect%2Findex.html
new file mode 100644
index 00000000..d11560a2
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_inspect%2Findex.html
@@ -0,0 +1,89 @@
+<h1>docker service inspect</h1>  <p><br></p> <p>Display detailed information on one or more services</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect [OPTIONS] SERVICE [SERVICE...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Inspects the specified service.</p> <p>By default, this renders all results in a JSON array. If a format is specified, the given template will be executed for each result.</p> <p>Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package describes all the details of the format.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pretty</code></td> <td></td> <td>Print the information in a human friendly format</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="inspect-a-service-by-name-or-id">Inspect a service by name or ID</h3> <p>You can inspect a service, either by its <em>name</em>, or <em>ID</em></p> <p>For example, given the following service;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+ID            NAME   MODE        REPLICAS  IMAGE
+dmu1ept4cxcf  redis  replicated  3/3       redis:3.0.6
+</pre></div> <p>Both <code class="language-plaintext highlighter-rouge">docker service inspect redis</code>, and <code class="language-plaintext highlighter-rouge">docker service inspect dmu1ept4cxcf</code> produce the same result:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect redis
+</pre></div> <p>The output is in JSON format, for example:</p> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "ID": "dmu1ept4cxcfe8k8lhtux3ro3",
+    "Version": {
+      "Index": 12
+    },
+    "CreatedAt": "2016-06-17T18:44:02.558012087Z",
+    "UpdatedAt": "2016-06-17T18:44:02.558012087Z",
+    "Spec": {
+      "Name": "redis",
+      "TaskTemplate": {
+        "ContainerSpec": {
+          "Image": "redis:3.0.6"
+        },
+        "Resources": {
+          "Limits": {},
+          "Reservations": {}
+        },
+        "RestartPolicy": {
+          "Condition": "any",
+          "MaxAttempts": 0
+        },
+        "Placement": {}
+      },
+      "Mode": {
+        "Replicated": {
+          "Replicas": 1
+        }
+      },
+      "UpdateConfig": {},
+      "EndpointSpec": {
+        "Mode": "vip"
+      }
+    },
+    "Endpoint": {
+      "Spec": {}
+    }
+  }
+]
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect dmu1ept4cxcf
+
+[
+  {
+    "ID": "dmu1ept4cxcfe8k8lhtux3ro3",
+    "Version": {
+      "Index": 12
+    },
+    ...
+  }
+]
+</pre></div> <h3 id="formatting">Formatting</h3> <p>You can print the inspect output in a human-readable format instead of the default JSON output, by using the <code class="language-plaintext highlighter-rouge">--pretty</code> option:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect --pretty frontend
+
+ID:     c8wgl7q4ndfd52ni6qftkvnnp
+Name:   frontend
+Labels:
+ - org.example.projectname=demo-app
+Service Mode:   REPLICATED
+ Replicas:      5
+Placement:
+UpdateConfig:
+ Parallelism:   0
+ On failure:    pause
+ Max failure ratio: 0
+ContainerSpec:
+ Image:     nginx:alpine
+Resources:
+Networks:   net1
+Endpoint Mode:  vip
+Ports:
+ PublishedPort = 4443
+  Protocol = tcp
+  TargetPort = 443
+  PublishMode = ingress
+</pre></div> <p>You can also use <code class="language-plaintext highlighter-rouge">--format pretty</code> for the same effect.</p> <h4 id="find-the-number-of-tasks-running-as-part-of-a-service">Find the number of tasks running as part of a service</h4> <p>The <code class="language-plaintext highlighter-rouge">--format</code> option can be used to obtain specific information about a service. For example, the following command outputs the number of replicas of the “redis” service.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis
+
+10
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../service/index">docker service</a></td> <td style="text-align: left">Manage services</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../service_create/index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="../service_logs/index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="../service_ls/index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="../service_ps/index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="../service_rm/index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="../service_rollback/index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="../service_scale/index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="../service_update/index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_logs%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_logs%2Findex.html
new file mode 100644
index 00000000..13558de2
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_logs%2Findex.html
@@ -0,0 +1,13 @@
+<h1>docker service logs</h1>  <p><br></p> <p>Fetch the logs of a service or task</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service logs [OPTIONS] SERVICE|TASK
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker service logs</code> command batch-retrieves logs present at the time of execution.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>The <code class="language-plaintext highlighter-rouge">docker service logs</code> command can be used with either the name or ID of a service, or with the ID of a task. If a service is passed, it will display logs for all of the containers in that service. If a task is passed, it will only display logs from that particular task.</p> <blockquote> <p><strong>Note</strong></p> <p>This command is only functional for services that are started with the <code class="language-plaintext highlighter-rouge">json-file</code> or <code class="language-plaintext highlighter-rouge">journald</code> logging driver.</p> </blockquote> <p>For more information about selecting and configuring logging drivers, refer to <a href="https://docs.docker.com/config/containers/logging/configure/">Configure logging drivers</a>.</p> <p>The <code class="language-plaintext highlighter-rouge">docker service logs --follow</code> command will continue streaming the new output from the service’s <code class="language-plaintext highlighter-rouge">STDOUT</code> and <code class="language-plaintext highlighter-rouge">STDERR</code>.</p> <p>Passing a negative number or a non-integer to <code class="language-plaintext highlighter-rouge">--tail</code> is invalid and the value is set to <code class="language-plaintext highlighter-rouge">all</code> in that case.</p> <p>The <code class="language-plaintext highlighter-rouge">docker service logs --timestamps</code> command will add an <a href="https://golang.org/pkg/time/#pkg-constants">RFC3339Nano timestamp</a> , for example <code class="language-plaintext highlighter-rouge">2014-09-16T06:17:46.000000000Z</code>, to each log entry. To ensure that the timestamps are aligned the nano-second part of the timestamp will be padded with zero when necessary.</p> <p>The <code class="language-plaintext highlighter-rouge">docker service logs --details</code> command will add on extra attributes, such as environment variables and labels, provided to <code class="language-plaintext highlighter-rouge">--log-opt</code> when creating the service.</p> <p>The <code class="language-plaintext highlighter-rouge">--since</code> option shows only the service logs generated after a given date. You can specify the date as an RFC 3339 date, a UNIX timestamp, or a Go duration string (e.g. <code class="language-plaintext highlighter-rouge">1m30s</code>, <code class="language-plaintext highlighter-rouge">3h</code>). Besides RFC3339 date format you may also use RFC3339Nano, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05</code>, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05.999999999</code>, <code class="language-plaintext highlighter-rouge">2006-01-02Z07:00</code>, and <code class="language-plaintext highlighter-rouge">2006-01-02</code>. The local timezone on the client will be used if you do not provide either a <code class="language-plaintext highlighter-rouge">Z</code> or a <code class="language-plaintext highlighter-rouge">+-00:00</code> timezone offset at the end of the timestamp. When providing Unix timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. You can combine the <code class="language-plaintext highlighter-rouge">--since</code> option with either or both of the <code class="language-plaintext highlighter-rouge">--follow</code> or <code class="language-plaintext highlighter-rouge">--tail</code> options.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--details</code></td> <td></td> <td>Show extra details provided to logs</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--follow</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Follow log output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-resolve</code></td> <td></td> <td>Do not map IDs to Names in output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-task-ids</code></td> <td></td> <td>Do not include task IDs in output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Do not truncate output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--raw</code></td> <td></td> <td>Do not neatly format logs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--since</code></td> <td></td> <td>Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tail</code> , <code class="language-plaintext highlighter-rouge">-n</code>
+</td> <td><code class="language-plaintext highlighter-rouge">all</code></td> <td>Number of lines to show from the end of the logs</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--timestamps</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>Show timestamps</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../service/index">docker service</a></td> <td style="text-align: left">Manage services</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../service_create/index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="../service_inspect/index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="../service_ls/index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="../service_ps/index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="../service_rm/index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="../service_rollback/index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="../service_scale/index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="../service_update/index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service_logs/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service_logs/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_ls%2Findex.html
new file mode 100644
index 00000000..aa0431c8
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_ls%2Findex.html
@@ -0,0 +1,40 @@
+<h1>docker service ls</h1>  <p><br></p> <p>List services</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">This command lists services are running in the swarm.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print services using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>On a manager node:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME      MODE            REPLICAS             IMAGE
+c8wgl7q4ndfd  frontend  replicated      5/5                  nginx:alpine
+dmu1ept4cxcf  redis     replicated      3/3                  redis:3.0.6
+iwe3278osahj  mongo     global          7/7                  mongo:3.3
+hh08h9uu8uwr  job       replicated-job  1/1 (3/5 completed)  nginx:latest
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">REPLICAS</code> column shows both the <em>actual</em> and <em>desired</em> number of tasks for the service. If the service is in <code class="language-plaintext highlighter-rouge">replicated-job</code> or <code class="language-plaintext highlighter-rouge">global-job</code>, it will additionally show the completion status of the job as completed tasks over total tasks the job will execute.</p> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li><a href="index#id">id</a></li> <li><a href="index#label">label</a></li> <li><a href="index#mode">mode</a></li> <li><a href="index#name">name</a></li> </ul> <h4 id="id">id</h4> <p>The <code class="language-plaintext highlighter-rouge">id</code> filter matches all or part of a service’s id.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls -f "id=0bcjw"
+ID            NAME   MODE        REPLICAS  IMAGE
+0bcjwfh8ychr  redis  replicated  1/1       redis:3.0.6
+</pre></div> <h4 id="label">label</h4> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter matches services based on the presence of a <code class="language-plaintext highlighter-rouge">label</code> alone or a <code class="language-plaintext highlighter-rouge">label</code> and a value.</p> <p>The following filter matches all services with a <code class="language-plaintext highlighter-rouge">project</code> label regardless of its value:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls --filter label=project
+ID            NAME       MODE        REPLICAS  IMAGE
+01sl1rp6nj5u  frontend2  replicated  1/1       nginx:alpine
+36xvvwwauej0  frontend   replicated  5/5       nginx:alpine
+74nzcxxjv6fq  backend    replicated  3/3       redis:3.0.6
+</pre></div> <p>The following filter matches only services with the <code class="language-plaintext highlighter-rouge">project</code> label with the <code class="language-plaintext highlighter-rouge">project-a</code> value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls --filter label=project=project-a
+ID            NAME      MODE        REPLICAS  IMAGE
+36xvvwwauej0  frontend  replicated  5/5       nginx:alpine
+74nzcxxjv6fq  backend   replicated  3/3       redis:3.0.6
+</pre></div> <h4 id="mode">mode</h4> <p>The <code class="language-plaintext highlighter-rouge">mode</code> filter matches on the mode (either <code class="language-plaintext highlighter-rouge">replicated</code> or <code class="language-plaintext highlighter-rouge">global</code>) of a service.</p> <p>The following filter matches only <code class="language-plaintext highlighter-rouge">global</code> services.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls --filter mode=global
+ID                  NAME                MODE                REPLICAS            IMAGE
+w7y0v2yrn620        top                 global              1/1                 busybox
+</pre></div> <h4 id="name">name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on all or part of a service’s name.</p> <p>The following filter matches services with a name containing <code class="language-plaintext highlighter-rouge">redis</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls --filter name=redis
+ID            NAME   MODE        REPLICAS  IMAGE
+0bcjwfh8ychr  redis  replicated  1/1       redis:3.0.6
+</pre></div> <h3 id="formatting">Formatting</h3> <p>The formatting options (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints services output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Service ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Service name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Mode</code></td> <td>Service mode (replicated, global)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Replicas</code></td> <td>Service replicas</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Image</code></td> <td>Service image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Ports</code></td> <td>Service ports published in ingress mode</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">service ls</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code>, <code class="language-plaintext highlighter-rouge">Mode</code>, and <code class="language-plaintext highlighter-rouge">Replicas</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all services:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls --format "{{.ID}}: {{.Mode}} {{.Replicas}}"
+
+0zmvwuiu3vue: replicated 10/10
+fm6uf97exkul: global 5/5
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../service/index">docker service</a></td> <td style="text-align: left">Manage services</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../service_create/index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="../service_inspect/index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="../service_logs/index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="../service_ps/index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="../service_rm/index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="../service_rollback/index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="../service_scale/index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="../service_update/index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_ps%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_ps%2Findex.html
new file mode 100644
index 00000000..77b359ac
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_ps%2Findex.html
@@ -0,0 +1,64 @@
+<h1>docker service ps</h1>  <p><br></p> <p>List the tasks of one or more services</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps [OPTIONS] SERVICE [SERVICE...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Lists the tasks that are running as part of the specified services.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print tasks using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-resolve</code></td> <td></td> <td>Do not map IDs to Names</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Do not truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display task IDs</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="list-the-tasks-that-are-part-of-a-service">List the tasks that are part of a service</h3> <p>The following command shows all the tasks that are part of the <code class="language-plaintext highlighter-rouge">redis</code> service:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps redis
+
+ID             NAME      IMAGE        NODE      DESIRED STATE  CURRENT STATE          ERROR  PORTS
+0qihejybwf1x   redis.1   redis:3.0.5  manager1  Running        Running 8 seconds
+bk658fpbex0d   redis.2   redis:3.0.5  worker2   Running        Running 9 seconds
+5ls5s5fldaqg   redis.3   redis:3.0.5  worker1   Running        Running 9 seconds
+8ryt076polmc   redis.4   redis:3.0.5  worker1   Running        Running 9 seconds
+1x0v8yomsncd   redis.5   redis:3.0.5  manager1  Running        Running 8 seconds
+71v7je3el7rr   redis.6   redis:3.0.5  worker2   Running        Running 9 seconds
+4l3zm9b7tfr7   redis.7   redis:3.0.5  worker2   Running        Running 9 seconds
+9tfpyixiy2i7   redis.8   redis:3.0.5  worker1   Running        Running 9 seconds
+3w1wu13yupln   redis.9   redis:3.0.5  manager1  Running        Running 8 seconds
+8eaxrb2fqpbn   redis.10  redis:3.0.5  manager1  Running        Running 8 seconds
+</pre></div> <p>In addition to <em>running</em> tasks, the output also shows the task history. For example, after updating the service to use the <code class="language-plaintext highlighter-rouge">redis:3.0.6</code> image, the output may look like this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps redis
+
+ID            NAME         IMAGE        NODE      DESIRED STATE  CURRENT STATE                   ERROR  PORTS
+50qe8lfnxaxk  redis.1      redis:3.0.6  manager1  Running        Running 6 seconds ago
+ky2re9oz86r9   \_ redis.1  redis:3.0.5  manager1  Shutdown       Shutdown 8 seconds ago
+3s46te2nzl4i  redis.2      redis:3.0.6  worker2   Running        Running less than a second ago
+nvjljf7rmor4   \_ redis.2  redis:3.0.6  worker2   Shutdown       Rejected 23 seconds ago        "No such image: redis@sha256:6…"
+vtiuz2fpc0yb   \_ redis.2  redis:3.0.5  worker2   Shutdown       Shutdown 1 second ago
+jnarweeha8x4  redis.3      redis:3.0.6  worker1   Running        Running 3 seconds ago
+vs448yca2nz4   \_ redis.3  redis:3.0.5  worker1   Shutdown       Shutdown 4 seconds ago
+jf1i992619ir  redis.4      redis:3.0.6  worker1   Running        Running 10 seconds ago
+blkttv7zs8ee   \_ redis.4  redis:3.0.5  worker1   Shutdown       Shutdown 11 seconds ago
+</pre></div> <p>The number of items in the task history is determined by the <code class="language-plaintext highlighter-rouge">--task-history-limit</code> option that was set when initializing the swarm. You can change the task history retention limit using the <a href="../swarm_update/index"><code class="language-plaintext highlighter-rouge">docker swarm update</code></a> command.</p> <p>When deploying a service, docker resolves the digest for the service’s image, and pins the service to that digest. The digest is not shown by default, but is printed if <code class="language-plaintext highlighter-rouge">--no-trunc</code> is used. The <code class="language-plaintext highlighter-rouge">--no-trunc</code> option also shows the non-truncated task ID, and error-messages, as can be seen below;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps --no-trunc redis
+
+ID                          NAME         IMAGE                                                                                NODE      DESIRED STATE  CURRENT STATE            ERROR                                                                                           PORTS
+50qe8lfnxaxksi9w2a704wkp7   redis.1      redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842  manager1  Running        Running 5 minutes ago
+ky2re9oz86r9556i2szb8a8af   \_ redis.1   redis:3.0.5@sha256:f8829e00d95672c48c60f468329d6693c4bdd28d1f057e755f8ba8b40008682e  worker2   Shutdown       Shutdown 5 minutes ago
+bk658fpbex0d57cqcwoe3jthu   redis.2      redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842  worker2   Running        Running 5 seconds
+nvjljf7rmor4htv7l8rwcx7i7   \_ redis.2   redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842  worker2   Shutdown       Rejected 5 minutes ago   "No such image: redis@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842"
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is a <code class="language-plaintext highlighter-rouge">key=value</code> pair. If there is more than one filter, then pass multiple flags (e.g. <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>). Multiple filter flags are combined as an <code class="language-plaintext highlighter-rouge">OR</code> filter. For example, <code class="language-plaintext highlighter-rouge">-f name=redis.1 -f name=redis.7</code> returns both <code class="language-plaintext highlighter-rouge">redis.1</code> and <code class="language-plaintext highlighter-rouge">redis.7</code> tasks.</p> <p>The currently supported filters are:</p> <ul> <li><a href="#id">id</a></li> <li><a href="#name">name</a></li> <li><a href="#node">node</a></li> <li><a href="#desired-state">desired-state</a></li> </ul> <h4 id="id">id</h4> <p>The <code class="language-plaintext highlighter-rouge">id</code> filter matches on all or a prefix of a task’s ID.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps -f "id=8" redis
+
+ID             NAME      IMAGE        NODE      DESIRED STATE  CURRENT STATE      ERROR  PORTS
+8ryt076polmc   redis.4   redis:3.0.6  worker1   Running        Running 9 seconds
+8eaxrb2fqpbn   redis.10  redis:3.0.6  manager1  Running        Running 8 seconds
+</pre></div> <h4 id="name">name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on task names.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps -f "name=redis.1" redis
+
+ID            NAME     IMAGE        NODE      DESIRED STATE  CURRENT STATE      ERROR  PORTS
+qihejybwf1x5  redis.1  redis:3.0.6  manager1  Running        Running 8 seconds
+</pre></div> <h4 id="node">node</h4> <p>The <code class="language-plaintext highlighter-rouge">node</code> filter matches on a node name or a node ID.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps -f "node=manager1" redis
+
+ID            NAME      IMAGE        NODE      DESIRED STATE  CURRENT STATE      ERROR  PORTS
+0qihejybwf1x  redis.1   redis:3.0.6  manager1  Running        Running 8 seconds
+1x0v8yomsncd  redis.5   redis:3.0.6  manager1  Running        Running 8 seconds
+3w1wu13yupln  redis.9   redis:3.0.6  manager1  Running        Running 8 seconds
+8eaxrb2fqpbn  redis.10  redis:3.0.6  manager1  Running        Running 8 seconds
+</pre></div> <h4 id="desired-state">desired-state</h4> <p>The <code class="language-plaintext highlighter-rouge">desired-state</code> filter can take the values <code class="language-plaintext highlighter-rouge">running</code>, <code class="language-plaintext highlighter-rouge">shutdown</code>, or <code class="language-plaintext highlighter-rouge">accepted</code>.</p> <h3 id="formatting">Formatting</h3> <p>The formatting options (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints tasks output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Task ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Task name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Image</code></td> <td>Task image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Node</code></td> <td>Node ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.DesiredState</code></td> <td>Desired state of the task (<code class="language-plaintext highlighter-rouge">running</code>, <code class="language-plaintext highlighter-rouge">shutdown</code>, or <code class="language-plaintext highlighter-rouge">accepted</code>)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CurrentState</code></td> <td>Current state of the task</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Error</code></td> <td>Error</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Ports</code></td> <td>Task published ports</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">service ps</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">Name</code> and <code class="language-plaintext highlighter-rouge">Image</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all tasks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps --format "{{.Name}}: {{.Image}}" top
+
+top.1: busybox
+top.2: busybox
+top.3: busybox
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../service/index">docker service</a></td> <td style="text-align: left">Manage services</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../service_create/index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="../service_inspect/index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="../service_logs/index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="../service_ls/index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="../service_rm/index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="../service_rollback/index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="../service_scale/index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="../service_update/index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service_ps/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service_ps/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_rm%2Findex.html
new file mode 100644
index 00000000..bc54b7db
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_rm%2Findex.html
@@ -0,0 +1,14 @@
+<h1>docker service rm</h1>  <p><br></p> <p>Remove one or more services</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm SERVICE [SERVICE...]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Removes the specified services from the swarm.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <p>Remove the <code class="language-plaintext highlighter-rouge">redis</code> service:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm redis
+
+redis
+
+$ docker service ls
+
+ID  NAME  MODE  REPLICAS  IMAGE
+</pre></div> <blockquote> <p><strong>Warning</strong></p> <p>Unlike <code class="language-plaintext highlighter-rouge">docker rm</code>, this command does not ask for confirmation before removing a running service.</p> </blockquote> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../service/index">docker service</a></td> <td style="text-align: left">Manage services</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../service_create/index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="../service_inspect/index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="../service_logs/index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="../service_ls/index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="../service_ps/index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="../service_rollback/index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="../service_scale/index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="../service_update/index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_rollback%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_rollback%2Findex.html
new file mode 100644
index 00000000..418fdadb
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_rollback%2Findex.html
@@ -0,0 +1,28 @@
+<h1>docker service rollback</h1>  <p><br></p> <p>Revert changes to a service’s configuration</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service rollback [OPTIONS] SERVICE
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Roll back a specified service to its previous version from the swarm.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--detach</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Exit immediately instead of waiting for the service to converge</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress progress output</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="roll-back-to-the-previous-version-of-a-service">Roll back to the previous version of a service</h3> <p>Use the <code class="language-plaintext highlighter-rouge">docker service rollback</code> command to roll back to the previous version of a service. After executing this command, the service is reverted to the configuration that was in place before the most recent <code class="language-plaintext highlighter-rouge">docker service update</code> command.</p> <p>The following example creates a service with a single replica, updates the service to use three replicas, and then rolls back the service to the previous version, having one replica.</p> <p>Create a service with a single replica:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name my-service -p 8080:80 nginx:alpine
+</pre></div> <p>Confirm that the service is running with a single replica:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
+xbw728mf6q0d        my-service          replicated          1/1                 nginx:alpine        *:8080-&gt;80/tcp
+</pre></div> <p>Update the service to use three replicas:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --replicas=3 my-service
+
+$ docker service ls
+
+ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
+xbw728mf6q0d        my-service          replicated          3/3                 nginx:alpine        *:8080-&gt;80/tcp
+</pre></div> <p>Now roll back the service to its previous version, and confirm it is running a single replica again:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rollback my-service
+
+$ docker service ls
+
+ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
+xbw728mf6q0d        my-service          replicated          1/1                 nginx:alpine        *:8080-&gt;80/tcp
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../service/index">docker service</a></td> <td style="text-align: left">Manage services</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../service_create/index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="../service_inspect/index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="../service_logs/index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="../service_ls/index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="../service_ps/index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="../service_rm/index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="../service_scale/index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="../service_update/index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service_rollback/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service_rollback/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_scale%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_scale%2Findex.html
new file mode 100644
index 00000000..c3779db1
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_scale%2Findex.html
@@ -0,0 +1,35 @@
+<h1>docker service scale</h1>  <p><br></p> <p>Scale one or multiple replicated services</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The scale command enables you to scale one or more replicated services either up or down to the desired number of replicas. This command cannot be applied on services which are global mode. The command will return immediately, but the actual scaling of the service may take some time. To stop all replicas of a service while keeping the service active in the swarm you can set the scale to 0.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--detach</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Exit immediately instead of waiting for the service to converge</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="scale-a-single-service">Scale a single service</h3> <p>The following command scales the “frontend” service to 50 tasks.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service scale frontend=50
+
+frontend scaled to 50
+</pre></div> <p>The following command tries to scale a global service to 10 tasks and returns an error.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --mode global --name backend backend:latest
+
+b4g08uwuairexjub6ome6usqh
+
+$ docker service scale backend=10
+
+backend: scale can only be used with replicated or replicated-job mode
+</pre></div> <p>Directly afterwards, run <code class="language-plaintext highlighter-rouge">docker service ls</code>, to see the actual number of replicas.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls --filter name=frontend
+
+ID            NAME      MODE        REPLICAS  IMAGE
+3pr5mlvu3fh9  frontend  replicated  15/50     nginx:alpine
+</pre></div> <p>You can also scale a service using the <a href="../service_update/index"><code class="language-plaintext highlighter-rouge">docker service update</code></a> command. The following commands are equivalent:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service scale frontend=50
+$ docker service update --replicas=50 frontend
+</pre></div> <h3 id="scale-multiple-services">Scale multiple services</h3> <p>The <code class="language-plaintext highlighter-rouge">docker service scale</code> command allows you to set the desired number of tasks for multiple services at once. The following example scales both the backend and frontend services:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service scale backend=3 frontend=5
+
+backend scaled to 3
+frontend scaled to 5
+
+$ docker service ls
+
+ID            NAME      MODE        REPLICAS  IMAGE
+3pr5mlvu3fh9  frontend  replicated  5/5       nginx:alpine
+74nzcxxjv6fq  backend   replicated  3/3       redis:3.0.6
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../service/index">docker service</a></td> <td style="text-align: left">Manage services</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../service_create/index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="../service_inspect/index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="../service_logs/index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="../service_ls/index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="../service_ps/index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="../service_rm/index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="../service_rollback/index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="../service_update/index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service_scale/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service_scale/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_update%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_update%2Findex.html
new file mode 100644
index 00000000..ee684a4a
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fservice_update%2Findex.html
@@ -0,0 +1,83 @@
+<h1>docker service update</h1>  <p><br></p> <p>Update a service</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker service update [OPTIONS] SERVICE
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Updates a service as described by the specified parameters. The parameters are the same as <a href="../service_create/index"><code class="language-plaintext highlighter-rouge">docker service create</code></a>. Refer to the description there for further information.</p> <p>Normally, updating a service will only cause the service’s tasks to be replaced with new ones if a change to the service requires recreating the tasks for it to take effect. For example, only changing the <code class="language-plaintext highlighter-rouge">--update-parallelism</code> setting will not recreate the tasks, because the individual tasks are not affected by this setting. However, the <code class="language-plaintext highlighter-rouge">--force</code> flag will cause the tasks to be recreated anyway. This can be used to perform a rolling restart without any changes to the service parameters.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--args</code></td> <td></td> <td>Service command args</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-add</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Add Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cap-drop</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Drop Linux capabilities</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--config-add</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Add or update a config file on a service</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--config-rm</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Remove a configuration file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--constraint-add</code></td> <td></td> <td>Add or update a placement constraint</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--constraint-rm</code></td> <td></td> <td>Remove a constraint</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--container-label-add</code></td> <td></td> <td>Add or update a container label</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--container-label-rm</code></td> <td></td> <td>Remove a container label by its key</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--credential-spec</code></td> <td></td> <td>Credential spec for managed service account (Windows only)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--detach</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Exit immediately instead of waiting for the service to converge</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-add</code></td> <td></td> <td>Add or update a custom DNS server</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-option-add</code></td> <td></td> <td>Add or update a DNS option</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-option-rm</code></td> <td></td> <td>Remove a DNS option</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-rm</code></td> <td></td> <td>Remove a custom DNS server</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-search-add</code></td> <td></td> <td>Add or update a custom DNS search domain</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dns-search-rm</code></td> <td></td> <td>Remove a DNS search domain</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--endpoint-mode</code></td> <td></td> <td>Endpoint mode (vip or dnsrr)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--entrypoint</code></td> <td></td> <td>Overwrite the default ENTRYPOINT of the image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--env-add</code></td> <td></td> <td>Add or update an environment variable</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--env-rm</code></td> <td></td> <td>Remove an environment variable</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--force</code></td> <td></td> <td>Force update even if no changes require it</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--generic-resource-add</code></td> <td></td> <td>Add a Generic resource</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--generic-resource-rm</code></td> <td></td> <td>Remove a Generic resource</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--group-add</code></td> <td></td> <td>Add an additional supplementary user group to the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--group-rm</code></td> <td></td> <td>Remove a previously added supplementary user group from the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-cmd</code></td> <td></td> <td>Command to run to check health</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-interval</code></td> <td></td> <td>Time between running the check (ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-retries</code></td> <td></td> <td>Consecutive failures needed to report unhealthy</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-start-period</code></td> <td></td> <td>Start period for the container to initialize before counting retries towards unstable (ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--health-timeout</code></td> <td></td> <td>Maximum time to allow one check to run (ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--host-add</code></td> <td></td> <td>Add a custom host-to-IP mapping (host:ip)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--host-rm</code></td> <td></td> <td>Remove a custom host-to-IP mapping (host:ip)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--hostname</code></td> <td></td> <td>Container hostname</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--image</code></td> <td></td> <td>Service image tag</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--init</code></td> <td></td> <td>Use an init inside each service container to forward signals and reap processes</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--isolation</code></td> <td></td> <td>Service container isolation mode</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label-add</code></td> <td></td> <td>Add or update a service label</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label-rm</code></td> <td></td> <td>Remove a label by its key</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--limit-cpu</code></td> <td></td> <td>Limit CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--limit-memory</code></td> <td></td> <td>Limit Memory</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--limit-pids</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Swarm orchestrator.">Swarm</span><br>Limit maximum number of processes (default 0 = unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-driver</code></td> <td></td> <td>Logging driver for service</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--log-opt</code></td> <td></td> <td>Logging driver options</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--max-concurrent</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Number of job tasks to run concurrently (default equal to --replicas)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mount-add</code></td> <td></td> <td>Add or update a mount on a service</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--mount-rm</code></td> <td></td> <td>Remove a mount by its target path</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network-add</code></td> <td></td> <td>Add a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--network-rm</code></td> <td></td> <td>Remove a network</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-healthcheck</code></td> <td></td> <td>Disable any container-specified HEALTHCHECK</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-resolve-image</code></td> <td></td> <td>Do not query the registry to resolve image digest and supported platforms</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--placement-pref-add</code></td> <td></td> <td>Add a placement preference</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--placement-pref-rm</code></td> <td></td> <td>Remove a placement preference</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--publish-add</code></td> <td></td> <td>Add or update a published port</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--publish-rm</code></td> <td></td> <td>Remove a published port by its target port</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress progress output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--read-only</code></td> <td></td> <td>Mount the container's root filesystem as read only</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--replicas</code></td> <td></td> <td>Number of tasks</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--replicas-max-per-node</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>Maximum number of tasks per node (default 0 = unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--reserve-cpu</code></td> <td></td> <td>Reserve CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--reserve-memory</code></td> <td></td> <td>Reserve Memory</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart-condition</code></td> <td></td> <td>Restart when condition is met ("none"|"on-failure"|"any")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart-delay</code></td> <td></td> <td>Delay between restart attempts (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart-max-attempts</code></td> <td></td> <td>Maximum number of restarts before giving up</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart-window</code></td> <td></td> <td>Window used to evaluate the restart policy (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback</code></td> <td></td> <td>Rollback to previous specification</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-delay</code></td> <td></td> <td>Delay between task rollbacks (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-failure-action</code></td> <td></td> <td>Action on rollback failure ("pause"|"continue")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-max-failure-ratio</code></td> <td></td> <td>Failure rate to tolerate during a rollback</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-monitor</code></td> <td></td> <td>Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-order</code></td> <td></td> <td>Rollback order ("start-first"|"stop-first")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rollback-parallelism</code></td> <td></td> <td>Maximum number of tasks rolled back simultaneously (0 to roll back all at once)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--secret-add</code></td> <td></td> <td>Add or update a secret on a service</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--secret-rm</code></td> <td></td> <td>Remove a secret</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-grace-period</code></td> <td></td> <td>Time to wait before force killing a container (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--stop-signal</code></td> <td></td> <td>Signal to stop the container</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sysctl-add</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>Add or update a Sysctl option</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--sysctl-rm</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>Remove a Sysctl option</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--tty</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>Allocate a pseudo-TTY</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit-add</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Add or update a ulimit option</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ulimit-rm</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.41/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.41+</span></a><br>Remove a ulimit option</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-delay</code></td> <td></td> <td>Delay between updates (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-failure-action</code></td> <td></td> <td>Action on update failure ("pause"|"continue"|"rollback")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-max-failure-ratio</code></td> <td></td> <td>Failure rate to tolerate during an update</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-monitor</code></td> <td></td> <td>Duration after each task update to monitor for failure (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-order</code></td> <td></td> <td>Update order ("start-first"|"stop-first")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--update-parallelism</code></td> <td></td> <td>Maximum number of tasks updated simultaneously (0 to update all at once)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--user</code> , <code class="language-plaintext highlighter-rouge">-u</code>
+</td> <td></td> <td>Username or UID (format: &lt;name|uid&gt;[:&lt;group|gid&gt;])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--with-registry-auth</code></td> <td></td> <td>Send registry authentication details to swarm agents</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--workdir</code> , <code class="language-plaintext highlighter-rouge">-w</code>
+</td> <td></td> <td>Working directory inside the container</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="update-a-service">Update a service</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --limit-cpu 2 redis
+</pre></div> <h3 id="perform-a-rolling-restart-with-no-parameter-changes">Perform a rolling restart with no parameter changes</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --force --update-parallelism 1 --update-delay 30s redis
+</pre></div> <p>In this example, the <code class="language-plaintext highlighter-rouge">--force</code> flag causes the service’s tasks to be shut down and replaced with new ones even though none of the other parameters would normally cause that to happen. The <code class="language-plaintext highlighter-rouge">--update-parallelism 1</code> setting ensures that only one task is replaced at a time (this is the default behavior). The <code class="language-plaintext highlighter-rouge">--update-delay 30s</code> setting introduces a 30 second delay between tasks, so that the rolling restart happens gradually.</p> <h3 id="add-or-remove-mounts">Add or remove mounts</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--mount-add</code> or <code class="language-plaintext highlighter-rouge">--mount-rm</code> options add or remove a service’s bind mounts or volumes.</p> <p>The following example creates a service which mounts the <code class="language-plaintext highlighter-rouge">test-data</code> volume to <code class="language-plaintext highlighter-rouge">/somewhere</code>. The next step updates the service to also mount the <code class="language-plaintext highlighter-rouge">other-volume</code> volume to <code class="language-plaintext highlighter-rouge">/somewhere-else</code>volume, The last step unmounts the <code class="language-plaintext highlighter-rouge">/somewhere</code> mount point, effectively removing the <code class="language-plaintext highlighter-rouge">test-data</code> volume. Each command returns the service name.</p> <ul> <li> <p>The <code class="language-plaintext highlighter-rouge">--mount-add</code> flag takes the same parameters as the <code class="language-plaintext highlighter-rouge">--mount</code> flag on <code class="language-plaintext highlighter-rouge">service create</code>. Refer to the <a href="../service_create/index#add-bind-mounts-volumes-or-memory-filesystems">volumes and bind mounts</a> section in the <code class="language-plaintext highlighter-rouge">service create</code> reference for details.</p> </li> <li> <p>The <code class="language-plaintext highlighter-rouge">--mount-rm</code> flag takes the <code class="language-plaintext highlighter-rouge">target</code> path of the mount.</p> </li> </ul> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+    --name=myservice \
+    --mount type=volume,source=test-data,target=/somewhere \
+    nginx:alpine
+
+myservice
+
+$ docker service update \
+    --mount-add type=volume,source=other-volume,target=/somewhere-else \
+    myservice
+
+myservice
+
+$ docker service update --mount-rm /somewhere myservice
+
+myservice
+</pre></div> <h3 id="add-or-remove-published-service-ports">Add or remove published service ports</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--publish-add</code> or <code class="language-plaintext highlighter-rouge">--publish-rm</code> flags to add or remove a published port for a service. You can use the short or long syntax discussed in the <a href="../service_create/index#publish-service-ports-externally-to-the-swarm--p---publish">docker service create</a> reference.</p> <p>The following example adds a published service port to an existing service.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+  --publish-add published=8080,target=80 \
+  myservice
+</pre></div> <h3 id="add-or-remove-network">Add or remove network</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--network-add</code> or <code class="language-plaintext highlighter-rouge">--network-rm</code> flags to add or remove a network for a service. You can use the short or long syntax discussed in the <a href="../service_create/index#attach-a-service-to-an-existing-network---network">docker service create</a> reference.</p> <p>The following example adds a new alias name to an existing service already connected to network my-network:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+  --network-rm my-network \
+  --network-add name=my-network,alias=web1 \
+  myservice
+</pre></div> <h3 id="roll-back-to-the-previous-version-of-a-service">Roll back to the previous version of a service</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--rollback</code> option to roll back to the previous version of the service.</p> <p>This will revert the service to the configuration that was in place before the most recent <code class="language-plaintext highlighter-rouge">docker service update</code> command.</p> <p>The following example updates the number of replicas for the service from 4 to 5, and then rolls back to the previous configuration.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --replicas=5 web
+
+web
+
+$ docker service ls
+
+ID            NAME  MODE        REPLICAS  IMAGE
+80bvrzp6vxf3  web   replicated  0/5       nginx:alpine
+
+</pre></div> <p>Roll back the <code class="language-plaintext highlighter-rouge">web</code> service...</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --rollback web
+
+web
+
+$ docker service ls
+
+ID            NAME  MODE        REPLICAS  IMAGE
+80bvrzp6vxf3  web   replicated  0/4       nginx:alpine
+
+</pre></div> <p>Other options can be combined with <code class="language-plaintext highlighter-rouge">--rollback</code> as well, for example, <code class="language-plaintext highlighter-rouge">--update-delay 0s</code> to execute the rollback without a delay between tasks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+  --rollback \
+  --update-delay 0s
+  web
+
+web
+
+</pre></div> <p>Services can also be set up to roll back to the previous version automatically when an update fails. To set up a service for automatic rollback, use <code class="language-plaintext highlighter-rouge">--update-failure-action=rollback</code>. A rollback will be triggered if the fraction of the tasks which failed to update successfully exceeds the value given with <code class="language-plaintext highlighter-rouge">--update-max-failure-ratio</code>.</p> <p>The rate, parallelism, and other parameters of a rollback operation are determined by the values passed with the following flags:</p> <ul> <li><code class="language-plaintext highlighter-rouge">--rollback-delay</code></li> <li><code class="language-plaintext highlighter-rouge">--rollback-failure-action</code></li> <li><code class="language-plaintext highlighter-rouge">--rollback-max-failure-ratio</code></li> <li><code class="language-plaintext highlighter-rouge">--rollback-monitor</code></li> <li><code class="language-plaintext highlighter-rouge">--rollback-parallelism</code></li> </ul> <p>For example, a service set up with <code class="language-plaintext highlighter-rouge">--update-parallelism 1 --rollback-parallelism 3</code> will update one task at a time during a normal update, but during a rollback, 3 tasks at a time will get rolled back. These rollback parameters are respected both during automatic rollbacks and for rollbacks initiated manually using <code class="language-plaintext highlighter-rouge">--rollback</code>.</p> <h3 id="add-or-remove-secrets">Add or remove secrets</h3> <p>Use the <code class="language-plaintext highlighter-rouge">--secret-add</code> or <code class="language-plaintext highlighter-rouge">--secret-rm</code> options add or remove a service’s secrets.</p> <p>The following example adds a secret named <code class="language-plaintext highlighter-rouge">ssh-2</code> and removes <code class="language-plaintext highlighter-rouge">ssh-1</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+    --secret-add source=ssh-2,target=ssh-2 \
+    --secret-rm ssh-1 \
+    myservice
+</pre></div> <h3 id="update-services-using-templates">Update services using templates</h3> <p>Some flags of <code class="language-plaintext highlighter-rouge">service update</code> support the use of templating. See <a href="../service_create/index#create-services-using-templates"><code class="language-plaintext highlighter-rouge">service create</code></a> for the reference.</p> <h3 id="specify-isolation-mode-windows">Specify isolation mode (Windows)</h3> <p><code class="language-plaintext highlighter-rouge">service update</code> supports the same <code class="language-plaintext highlighter-rouge">--isolation</code> flag as <code class="language-plaintext highlighter-rouge">service create</code> See <a href="../service_create/index"><code class="language-plaintext highlighter-rouge">service create</code></a> for the reference.</p> <h3 id="updating-jobs">Updating Jobs</h3> <p>When a service is created as a job, by setting its mode to <code class="language-plaintext highlighter-rouge">replicated-job</code> or to <code class="language-plaintext highlighter-rouge">global-job</code> when doing <code class="language-plaintext highlighter-rouge">service create</code>, options for updating it are limited.</p> <p>Updating a Job immediately stops any Tasks that are in progress. The operation creates a new set of Tasks for the job and effectively resets its completion status. If any Tasks were running before the update, they are stopped, and new Tasks are created.</p> <p>Jobs cannot be rolled out or rolled back. None of the flags for configuring update or rollback settings are valid with job modes.</p> <p>To run a job again with the same parameters that it was run previously, it can be force updated with the <code class="language-plaintext highlighter-rouge">--force</code> flag.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../service/index">docker service</a></td> <td style="text-align: left">Manage services</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../service_create/index">docker service create</a></td> <td>Create a new service</td> </tr> <tr> <td><a href="../service_inspect/index">docker service inspect</a></td> <td>Display detailed information on one or more services</td> </tr> <tr> <td><a href="../service_logs/index">docker service logs</a></td> <td>Fetch the logs of a service or task</td> </tr> <tr> <td><a href="../service_ls/index">docker service ls</a></td> <td>List services</td> </tr> <tr> <td><a href="../service_ps/index">docker service ps</a></td> <td>List the tasks of one or more services</td> </tr> <tr> <td><a href="../service_rm/index">docker service rm</a></td> <td>Remove one or more services</td> </tr> <tr> <td><a href="../service_rollback/index">docker service rollback</a></td> <td>Revert changes to a service’s configuration</td> </tr> <tr> <td><a href="../service_scale/index">docker service scale</a></td> <td>Scale one or multiple replicated services</td> </tr> <tr> <td><a href="index">docker service update</a></td> <td>Update a service</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/service_update/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/service_update/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack%2Findex.html
new file mode 100644
index 00000000..afb382fb
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker stack</h1>  <p><br></p> <p>Manage Docker stacks</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker stack [OPTIONS] COMMAND
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Manage stacks.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--kubeconfig</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes config file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--orchestrator</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><br>Orchestrator to use (swarm|kubernetes|all)</td> </tr>  </tbody> </table>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../stack_deploy/index">docker stack deploy</a></td> <td>Deploy a new stack or update an existing stack</td> </tr> <tr> <td><a href="../stack_ls/index">docker stack ls</a></td> <td>List stacks</td> </tr> <tr> <td><a href="../stack_ps/index">docker stack ps</a></td> <td>List the tasks in the stack</td> </tr> <tr> <td><a href="../stack_rm/index">docker stack rm</a></td> <td>Remove one or more stacks</td> </tr> <tr> <td><a href="../stack_services/index">docker stack services</a></td> <td>List the services in the stack</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/stack/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/stack/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_deploy%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_deploy%2Findex.html
new file mode 100644
index 00000000..d82ce2ca
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_deploy%2Findex.html
@@ -0,0 +1,60 @@
+<h1>docker stack deploy</h1>  <p><br></p> <p>Deploy a new stack or update an existing stack</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker stack deploy [OPTIONS] STACK
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Create and update a stack from a <code class="language-plaintext highlighter-rouge">compose</code> file on the swarm.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--compose-file</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>Path to a Compose file, or "-" to read from stdin</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--namespace</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--prune</code></td> <td></td> <td>
+<span class="badge badge-info" data-toggle="tooltip" title="This option works for the Swarm orchestrator.">Swarm</span><br>Prune services that are no longer referenced</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--resolve-image</code></td> <td><code class="language-plaintext highlighter-rouge">always</code></td> <td>
+<span class="badge badge-info" data-toggle="tooltip" title="This option works for the Swarm orchestrator.">Swarm</span><br>Query the registry to resolve image digest and supported platforms ("always"|"changed"|"never")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--with-registry-auth</code></td> <td></td> <td>
+<span class="badge badge-info" data-toggle="tooltip" title="This option works for the Swarm orchestrator.">Swarm</span><br>Send registry authentication details to Swarm agents</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kubeconfig</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes config file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--orchestrator</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><br>Orchestrator to use (swarm|kubernetes|all)</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="compose-file">Compose file</h3> <p>The <code class="language-plaintext highlighter-rouge">deploy</code> command supports compose file version <code class="language-plaintext highlighter-rouge">3.0</code> and above.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack deploy --compose-file docker-compose.yml vossibility
+
+Ignoring unsupported options: links
+
+Creating network vossibility_vossibility
+Creating network vossibility_default
+Creating service vossibility_nsqd
+Creating service vossibility_logstash
+Creating service vossibility_elasticsearch
+Creating service vossibility_kibana
+Creating service vossibility_ghollector
+Creating service vossibility_lookupd
+</pre></div> <p>The Compose file can also be provided as standard input with <code class="language-plaintext highlighter-rouge">--compose-file -</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ cat docker-compose.yml | docker stack deploy --compose-file - vossibility
+
+Ignoring unsupported options: links
+
+Creating network vossibility_vossibility
+Creating network vossibility_default
+Creating service vossibility_nsqd
+Creating service vossibility_logstash
+Creating service vossibility_elasticsearch
+Creating service vossibility_kibana
+Creating service vossibility_ghollector
+Creating service vossibility_lookupd
+</pre></div> <p>If your configuration is split between multiple Compose files, e.g. a base configuration and environment-specific overrides, you can provide multiple <code class="language-plaintext highlighter-rouge">--compose-file</code> flags.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack deploy --compose-file docker-compose.yml -c docker-compose.prod.yml vossibility
+
+Ignoring unsupported options: links
+
+Creating network vossibility_vossibility
+Creating network vossibility_default
+Creating service vossibility_nsqd
+Creating service vossibility_logstash
+Creating service vossibility_elasticsearch
+Creating service vossibility_kibana
+Creating service vossibility_ghollector
+Creating service vossibility_lookupd
+</pre></div> <p>You can verify that the services were correctly created:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME                               MODE        REPLICAS  IMAGE
+29bv0vnlm903  vossibility_lookupd                replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4awt47624qwh  vossibility_nsqd                   replicated  1/1       nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662
+4tjx9biia6fs  vossibility_elasticsearch          replicated  1/1       elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa
+7563uuzr9eys  vossibility_kibana                 replicated  1/1       kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03
+9gc5m4met4he  vossibility_logstash               replicated  1/1       logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe
+axqh55ipl40h  vossibility_vossibility-collector  replicated  1/1       icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../stack/index">docker stack</a></td> <td style="text-align: left">Manage Docker stacks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker stack deploy</a></td> <td>Deploy a new stack or update an existing stack</td> </tr> <tr> <td><a href="../stack_ls/index">docker stack ls</a></td> <td>List stacks</td> </tr> <tr> <td><a href="../stack_ps/index">docker stack ps</a></td> <td>List the tasks in the stack</td> </tr> <tr> <td><a href="../stack_rm/index">docker stack rm</a></td> <td>Remove one or more stacks</td> </tr> <tr> <td><a href="../stack_services/index">docker stack services</a></td> <td>List the services in the stack</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/stack_deploy/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/stack_deploy/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_ls%2Findex.html
new file mode 100644
index 00000000..423b37d2
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_ls%2Findex.html
@@ -0,0 +1,19 @@
+<h1>docker stack ls</h1>  <p><br></p> <p>List stacks</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ls [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Lists the stacks.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--all-namespaces</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>List stacks from all Kubernetes namespaces</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print stacks using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--namespace</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes namespaces to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kubeconfig</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes config file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--orchestrator</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><br>Orchestrator to use (swarm|kubernetes|all)</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following command shows all stacks and some additional information:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ls
+
+ID                 SERVICES            ORCHESTRATOR
+myapp              2                   Kubernetes
+vossibility-stack  6                   Swarm
+</pre></div> <h3 id="formatting">Formatting</h3> <p>The formatting option (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints stacks using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Stack name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Services</code></td> <td>Number of services</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Orchestrator</code></td> <td>Orchestrator name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Namespace</code></td> <td>Namespace</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">stack ls</code> command either outputs the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">Name</code> and <code class="language-plaintext highlighter-rouge">Services</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all stacks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ls --format "{{.Name}}: {{.Services}}"
+web-server: 1
+web-cache: 4
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../stack/index">docker stack</a></td> <td style="text-align: left">Manage Docker stacks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../stack_deploy/index">docker stack deploy</a></td> <td>Deploy a new stack or update an existing stack</td> </tr> <tr> <td><a href="index">docker stack ls</a></td> <td>List stacks</td> </tr> <tr> <td><a href="../stack_ps/index">docker stack ps</a></td> <td>List the tasks in the stack</td> </tr> <tr> <td><a href="../stack_rm/index">docker stack rm</a></td> <td>Remove one or more stacks</td> </tr> <tr> <td><a href="../stack_services/index">docker stack services</a></td> <td>List the services in the stack</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/stack_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/stack_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_ps%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_ps%2Findex.html
new file mode 100644
index 00000000..4405e8c3
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_ps%2Findex.html
@@ -0,0 +1,100 @@
+<h1>docker stack ps</h1>  <p><br></p> <p>List the tasks in the stack</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps [OPTIONS] STACK
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Lists the tasks that are running as part of the specified stack.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print tasks using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--namespace</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-resolve</code></td> <td></td> <td>Do not map IDs to Names</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Do not truncate output</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display task IDs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kubeconfig</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes config file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--orchestrator</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><br>Orchestrator to use (swarm|kubernetes|all)</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="list-the-tasks-that-are-part-of-a-stack">List the tasks that are part of a stack</h3> <p>The following command shows all the tasks that are part of the <code class="language-plaintext highlighter-rouge">voting</code> stack:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps voting
+
+ID                  NAME                  IMAGE                                          NODE   DESIRED STATE  CURRENT STATE          ERROR  PORTS
+xim5bcqtgk1b        voting_worker.1       dockersamples/examplevotingapp_worker:latest   node2  Running        Running 2 minutes ago
+q7yik0ks1in6        voting_result.1       dockersamples/examplevotingapp_result:before   node1  Running        Running 2 minutes ago
+rx5yo0866nfx        voting_vote.1         dockersamples/examplevotingapp_vote:before     node3  Running        Running 2 minutes ago
+tz6j82jnwrx7        voting_db.1           postgres:9.4                                   node1  Running        Running 2 minutes ago
+w48spazhbmxc        voting_redis.1        redis:alpine                                   node2  Running        Running 3 minutes ago
+6jj1m02freg1        voting_visualizer.1   dockersamples/visualizer:stable                node1  Running        Running 2 minutes ago
+kqgdmededccb        voting_vote.2         dockersamples/examplevotingapp_vote:before     node2  Running        Running 2 minutes ago
+t72q3z038jeh        voting_redis.2        redis:alpine                                   node3  Running        Running 3 minutes ago
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is a <code class="language-plaintext highlighter-rouge">key=value</code> pair. If there is more than one filter, then pass multiple flags (e.g. <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>). Multiple filter flags are combined as an <code class="language-plaintext highlighter-rouge">OR</code> filter. For example, <code class="language-plaintext highlighter-rouge">-f name=redis.1 -f name=redis.7</code> returns both <code class="language-plaintext highlighter-rouge">redis.1</code> and <code class="language-plaintext highlighter-rouge">redis.7</code> tasks.</p> <p>The currently supported filters are:</p> <ul> <li><a href="#id">id</a></li> <li><a href="#name">name</a></li> <li><a href="#node">node</a></li> <li><a href="#desired-state">desired-state</a></li> </ul> <h4 id="id">id</h4> <p>The <code class="language-plaintext highlighter-rouge">id</code> filter matches on all or a prefix of a task’s ID.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps -f "id=t" voting
+
+ID                  NAME                IMAGE               NODE         DESIRED STATE       CURRENTSTATE            ERROR  PORTS
+tz6j82jnwrx7        voting_db.1         postgres:9.4        node1        Running             Running 14 minutes ago
+t72q3z038jeh        voting_redis.2      redis:alpine        node3        Running             Running 14 minutes ago
+</pre></div> <h4 id="name">name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on task names.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps -f "name=voting_redis" voting
+
+ID                  NAME                IMAGE               NODE         DESIRED STATE       CURRENTSTATE            ERROR  PORTS
+w48spazhbmxc        voting_redis.1      redis:alpine        node2        Running             Running 17 minutes ago
+t72q3z038jeh        voting_redis.2      redis:alpine        node3        Running             Running 17 minutes ago
+</pre></div> <h4 id="node">node</h4> <p>The <code class="language-plaintext highlighter-rouge">node</code> filter matches on a node name or a node ID.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps -f "node=node1" voting
+
+ID                  NAME                  IMAGE                                          NODE   DESIRED STATE  CURRENT STATE          ERROR  PORTS
+q7yik0ks1in6        voting_result.1       dockersamples/examplevotingapp_result:before   node1  Running        Running 18 minutes ago
+tz6j82jnwrx7        voting_db.1           postgres:9.4                                   node1  Running        Running 18 minutes ago
+6jj1m02freg1        voting_visualizer.1   dockersamples/visualizer:stable                node1  Running        Running 18 minutes ago
+</pre></div> <h4 id="desired-state">desired-state</h4> <p>The <code class="language-plaintext highlighter-rouge">desired-state</code> filter can take the values <code class="language-plaintext highlighter-rouge">running</code>, <code class="language-plaintext highlighter-rouge">shutdown</code>, <code class="language-plaintext highlighter-rouge">ready</code> or <code class="language-plaintext highlighter-rouge">accepted</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps -f "desired-state=running" voting
+
+ID                  NAME                  IMAGE                                          NODE   DESIRED STATE  CURRENT STATE           ERROR  PORTS
+xim5bcqtgk1b        voting_worker.1       dockersamples/examplevotingapp_worker:latest   node2  Running        Running 21 minutes ago
+q7yik0ks1in6        voting_result.1       dockersamples/examplevotingapp_result:before   node1  Running        Running 21 minutes ago
+rx5yo0866nfx        voting_vote.1         dockersamples/examplevotingapp_vote:before     node3  Running        Running 21 minutes ago
+tz6j82jnwrx7        voting_db.1           postgres:9.4                                   node1  Running        Running 21 minutes ago
+w48spazhbmxc        voting_redis.1        redis:alpine                                   node2  Running        Running 21 minutes ago
+6jj1m02freg1        voting_visualizer.1   dockersamples/visualizer:stable                node1  Running        Running 21 minutes ago
+kqgdmededccb        voting_vote.2         dockersamples/examplevotingapp_vote:before     node2  Running        Running 21 minutes ago
+t72q3z038jeh        voting_redis.2        redis:alpine                                   node3  Running        Running 21 minutes ago
+</pre></div> <h3 id="formatting">Formatting</h3> <p>The formatting options (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints tasks output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Task ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Task name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Image</code></td> <td>Task image</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Node</code></td> <td>Node ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.DesiredState</code></td> <td>Desired state of the task (<code class="language-plaintext highlighter-rouge">running</code>, <code class="language-plaintext highlighter-rouge">shutdown</code>, or <code class="language-plaintext highlighter-rouge">accepted</code>)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CurrentState</code></td> <td>Current state of the task</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Error</code></td> <td>Error</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Ports</code></td> <td>Task published ports</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">stack ps</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">Name</code> and <code class="language-plaintext highlighter-rouge">Image</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all tasks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps --format "{{.Name}}: {{.Image}}" voting
+
+voting_worker.1: dockersamples/examplevotingapp_worker:latest
+voting_result.1: dockersamples/examplevotingapp_result:before
+voting_vote.1: dockersamples/examplevotingapp_vote:before
+voting_db.1: postgres:9.4
+voting_redis.1: redis:alpine
+voting_visualizer.1: dockersamples/visualizer:stable
+voting_vote.2: dockersamples/examplevotingapp_vote:before
+voting_redis.2: redis:alpine
+</pre></div> <h3 id="do-not-map-ids-to-names">Do not map IDs to Names</h3> <p>The <code class="language-plaintext highlighter-rouge">--no-resolve</code> option shows IDs for task name, without mapping IDs to Names.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps --no-resolve voting
+
+ID                  NAME                          IMAGE                                          NODE                        DESIRED STATE  CURRENT STATE            ERROR  PORTS
+xim5bcqtgk1b        10z9fjfqzsxnezo4hb81p8mqg.1   dockersamples/examplevotingapp_worker:latest   qaqt4nrzo775jrx6detglho01   Running        Running 30 minutes ago
+q7yik0ks1in6        hbxltua1na7mgqjnidldv5m65.1   dockersamples/examplevotingapp_result:before   mxpaef1tlh23s052erw88a4w5   Running        Running 30 minutes ago
+rx5yo0866nfx        qyprtqw1g5nrki557i974ou1d.1   dockersamples/examplevotingapp_vote:before     kanqcxfajd1r16wlnqcblobmm   Running        Running 31 minutes ago
+tz6j82jnwrx7        122f0xxngg17z52be7xspa72x.1   postgres:9.4                                   mxpaef1tlh23s052erw88a4w5   Running        Running 31 minutes ago
+w48spazhbmxc        tg61x8myx563ueo3urmn1ic6m.1   redis:alpine                                   qaqt4nrzo775jrx6detglho01   Running        Running 31 minutes ago
+6jj1m02freg1        8cqlyi444kzd3panjb7edh26v.1   dockersamples/visualizer:stable                mxpaef1tlh23s052erw88a4w5   Running        Running 31 minutes ago
+kqgdmededccb        qyprtqw1g5nrki557i974ou1d.2   dockersamples/examplevotingapp_vote:before     qaqt4nrzo775jrx6detglho01   Running        Running 31 minutes ago
+t72q3z038jeh        tg61x8myx563ueo3urmn1ic6m.2   redis:alpine                                   kanqcxfajd1r16wlnqcblobmm   Running        Running 31 minutes ago
+</pre></div> <h3 id="do-not-truncate-output">Do not truncate output</h3> <p>When deploying a service, docker resolves the digest for the service’s image, and pins the service to that digest. The digest is not shown by default, but is printed if <code class="language-plaintext highlighter-rouge">--no-trunc</code> is used. The <code class="language-plaintext highlighter-rouge">--no-trunc</code> option also shows the non-truncated task IDs, and error-messages, as can be seen below:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps --no-trunc voting
+
+ID                          NAME                  IMAGE                                                                                                                 NODE   DESIRED STATE  CURREN STATE           ERROR  PORTS
+xim5bcqtgk1bxqz91jzo4a1s5   voting_worker.1       dockersamples/examplevotingapp_worker:latest@sha256:3e4ddf59c15f432280a2c0679c4fc5a2ee5a797023c8ef0d3baf7b1385e9fed   node2  Running        Runnin 32 minutes ago
+q7yik0ks1in6kv32gg6y6yjf7   voting_result.1       dockersamples/examplevotingapp_result:before@sha256:83b56996e930c292a6ae5187fda84dd6568a19d97cdb933720be15c757b7463   node1  Running        Runnin 32 minutes ago
+rx5yo0866nfxc58zf4irsss6n   voting_vote.1         dockersamples/examplevotingapp_vote:before@sha256:8e64b182c87de902f2b72321c89b4af4e2b942d76d0b772532ff27ec4c6ebf6     node3  Running        Runnin 32 minutes ago
+tz6j82jnwrx7n2offljp3mn03   voting_db.1           postgres:9.4@sha256:6046af499eae34d2074c0b53f9a8b404716d415e4a03e68bc1d2f8064f2b027                                   node1  Running        Runnin 32 minutes ago
+w48spazhbmxcmbjfi54gs7x90   voting_redis.1        redis:alpine@sha256:9cd405cd1ec1410eaab064a1383d0d8854d1ef74a54e1e4a92fb4ec7bdc3ee7                                   node2  Running        Runnin 32 minutes ago
+6jj1m02freg1n3z9n1evrzsbl   voting_visualizer.1   dockersamples/visualizer:stable@sha256:f924ad66c8e94b10baaf7bdb9cd491ef4e982a1d048a56a17e02bf5945401e5                node1  Running        Runnin 32 minutes ago
+kqgdmededccbhz2wuc0e9hx7g   voting_vote.2         dockersamples/examplevotingapp_vote:before@sha256:8e64b182c87de902f2b72321c89b4af4e2b942d76d0b772532ff27ec4c6ebf6     node2  Running        Runnin 32 minutes ago
+t72q3z038jehe1wbh9gdum076   voting_redis.2        redis:alpine@sha256:9cd405cd1ec1410eaab064a1383d0d8854d1ef74a54e1e4a92fb4ec7bdc3ee7                                   node3  Running        Runnin 32 minutes ago
+</pre></div> <h3 id="only-display-task-ids">Only display task IDs</h3> <p>The <code class="language-plaintext highlighter-rouge">-q</code> or <code class="language-plaintext highlighter-rouge">--quiet</code> option only shows IDs of the tasks in the stack. This example outputs all task IDs of the “voting” stack;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack ps -q voting
+xim5bcqtgk1b
+q7yik0ks1in6
+rx5yo0866nfx
+tz6j82jnwrx7
+w48spazhbmxc
+6jj1m02freg1
+kqgdmededccb
+t72q3z038jeh
+</pre></div> <p>This option can be used to perform batch operations. For example, you can use the task IDs as input for other commands, such as <code class="language-plaintext highlighter-rouge">docker inspect</code>. The following example inspects all tasks of the “voting” stack;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect $(docker stack ps -q voting)
+
+[
+    {
+        "ID": "xim5bcqtgk1b1gk0krq1",
+        "Version": {
+&lt;...&gt;
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../stack/index">docker stack</a></td> <td style="text-align: left">Manage Docker stacks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../stack_deploy/index">docker stack deploy</a></td> <td>Deploy a new stack or update an existing stack</td> </tr> <tr> <td><a href="../stack_ls/index">docker stack ls</a></td> <td>List stacks</td> </tr> <tr> <td><a href="index">docker stack ps</a></td> <td>List the tasks in the stack</td> </tr> <tr> <td><a href="../stack_rm/index">docker stack rm</a></td> <td>Remove one or more stacks</td> </tr> <tr> <td><a href="../stack_services/index">docker stack services</a></td> <td>List the services in the stack</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/stack_ps/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/stack_ps/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_rm%2Findex.html
new file mode 100644
index 00000000..e31d003d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_rm%2Findex.html
@@ -0,0 +1,32 @@
+<h1>docker stack rm</h1>  <p><br></p> <p>Remove one or more stacks</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker stack rm [OPTIONS] STACK [STACK...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Remove the stack from the swarm.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--namespace</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes namespace to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kubeconfig</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes config file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--orchestrator</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><br>Orchestrator to use (swarm|kubernetes|all)</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="remove-a-stack">Remove a stack</h3> <p>This will remove the stack with the name <code class="language-plaintext highlighter-rouge">myapp</code>. Services, networks, and secrets associated with the stack will be removed.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack rm myapp
+
+Removing service myapp_redis
+Removing service myapp_web
+Removing service myapp_lb
+Removing network myapp_default
+Removing network myapp_frontend
+</pre></div> <h3 id="remove-multiple-stacks">Remove multiple stacks</h3> <p>This will remove all the specified stacks, <code class="language-plaintext highlighter-rouge">myapp</code> and <code class="language-plaintext highlighter-rouge">vossibility</code>. Services, networks, and secrets associated with all the specified stacks will be removed.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack rm myapp vossibility
+
+Removing service myapp_redis
+Removing service myapp_web
+Removing service myapp_lb
+Removing network myapp_default
+Removing network myapp_frontend
+Removing service vossibility_nsqd
+Removing service vossibility_logstash
+Removing service vossibility_elasticsearch
+Removing service vossibility_kibana
+Removing service vossibility_ghollector
+Removing service vossibility_lookupd
+Removing network vossibility_default
+Removing network vossibility_vossibility
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../stack/index">docker stack</a></td> <td style="text-align: left">Manage Docker stacks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../stack_deploy/index">docker stack deploy</a></td> <td>Deploy a new stack or update an existing stack</td> </tr> <tr> <td><a href="../stack_ls/index">docker stack ls</a></td> <td>List stacks</td> </tr> <tr> <td><a href="../stack_ps/index">docker stack ps</a></td> <td>List the tasks in the stack</td> </tr> <tr> <td><a href="index">docker stack rm</a></td> <td>Remove one or more stacks</td> </tr> <tr> <td><a href="../stack_services/index">docker stack services</a></td> <td>List the services in the stack</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/stack_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/stack_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_services%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_services%2Findex.html
new file mode 100644
index 00000000..94548d88
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstack_services%2Findex.html
@@ -0,0 +1,28 @@
+<h1>docker stack services</h1>  <p><br></p> <p>List the services in the stack</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker stack services [OPTIONS] STACK
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Lists the services that are running as part of the specified stack.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print services using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--namespace</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes namespace to use</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display IDs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kubeconfig</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes config file</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--orchestrator</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><br>Orchestrator to use (swarm|kubernetes|all)</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following command shows all services in the <code class="language-plaintext highlighter-rouge">myapp</code> stack:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack services myapp
+
+ID            NAME            REPLICAS  IMAGE                                                                          COMMAND
+7be5ei6sqeye  myapp_web       1/1       nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f
+dn7m7nhhfb9y  myapp_db        1/1       mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is a <code class="language-plaintext highlighter-rouge">key=value</code> pair. If there is more than one filter, then pass multiple flags (e.g. <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>). Multiple filter flags are combined as an <code class="language-plaintext highlighter-rouge">OR</code> filter.</p> <p>The following command shows both the <code class="language-plaintext highlighter-rouge">web</code> and <code class="language-plaintext highlighter-rouge">db</code> services:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack services --filter name=myapp_web --filter name=myapp_db myapp
+
+ID            NAME            REPLICAS  IMAGE                                                                          COMMAND
+7be5ei6sqeye  myapp_web       1/1       nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f
+dn7m7nhhfb9y  myapp_db        1/1       mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539
+</pre></div> <p>The currently supported filters are:</p> <ul> <li>id / ID (<code class="language-plaintext highlighter-rouge">--filter id=7be5ei6sqeye</code>, or <code class="language-plaintext highlighter-rouge">--filter ID=7be5ei6sqeye</code>) <ul> <li>Swarm: supported</li> <li>Kubernetes: not supported</li> </ul> </li> <li>label (<code class="language-plaintext highlighter-rouge">--filter label=key=value</code>) <ul> <li>Swarm: supported</li> <li>Kubernetes: supported</li> </ul> </li> <li>mode (<code class="language-plaintext highlighter-rouge">--filter mode=replicated</code>, or <code class="language-plaintext highlighter-rouge">--filter mode=global</code>) <ul> <li>Swarm: not supported</li> <li>Kubernetes: supported</li> </ul> </li> <li>name (<code class="language-plaintext highlighter-rouge">--filter name=myapp_web</code>) <ul> <li>Swarm: supported</li> <li>Kubernetes: supported</li> </ul> </li> <li>node (<code class="language-plaintext highlighter-rouge">--filter node=mynode</code>) <ul> <li>Swarm: not supported</li> <li>Kubernetes: supported</li> </ul> </li> <li>service (<code class="language-plaintext highlighter-rouge">--filter service=web</code>) <ul> <li>Swarm: not supported</li> <li>Kubernetes: supported</li> </ul> </li> </ul> <h3 id="formatting">Formatting</h3> <p>The formatting options (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints services output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Service ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Service name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Mode</code></td> <td>Service mode (replicated, global)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Replicas</code></td> <td>Service replicas</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Image</code></td> <td>Service image</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">stack services</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">ID</code>, <code class="language-plaintext highlighter-rouge">Mode</code>, and <code class="language-plaintext highlighter-rouge">Replicas</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all services:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack services --format "{{.ID}}: {{.Mode}} {{.Replicas}}"
+
+0zmvwuiu3vue: replicated 10/10
+fm6uf97exkul: global 5/5
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../stack/index">docker stack</a></td> <td style="text-align: left">Manage Docker stacks</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../stack_deploy/index">docker stack deploy</a></td> <td>Deploy a new stack or update an existing stack</td> </tr> <tr> <td><a href="../stack_ls/index">docker stack ls</a></td> <td>List stacks</td> </tr> <tr> <td><a href="../stack_ps/index">docker stack ps</a></td> <td>List the tasks in the stack</td> </tr> <tr> <td><a href="../stack_rm/index">docker stack rm</a></td> <td>Remove one or more stacks</td> </tr> <tr> <td><a href="index">docker stack services</a></td> <td>List the services in the stack</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/stack_services/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/stack_services/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fstart%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstart%2Findex.html
new file mode 100644
index 00000000..79837ac8
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstart%2Findex.html
@@ -0,0 +1,14 @@
+<h1>docker start</h1>  <p><br></p> <p>Start one or more stopped containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker start [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--attach</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Attach STDOUT/STDERR and forward signals</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--checkpoint</code></td> <td></td> <td>
+<a href="../dockerd/index#daemon-configuration-file" target="_blank" rel="noopener" class="_"><span class="badge badge-warning" data-toggle="tooltip" title="Read about experimental daemon options (in a new window).">experimental (daemon)</span></a><br>Restore from this checkpoint</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--checkpoint-dir</code></td> <td></td> <td>
+<a href="../dockerd/index#daemon-configuration-file" target="_blank" rel="noopener" class="_"><span class="badge badge-warning" data-toggle="tooltip" title="Read about experimental daemon options (in a new window).">experimental (daemon)</span></a><br>Use a custom checkpoint storage directory</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--detach-keys</code></td> <td></td> <td>Override the key sequence for detaching a container</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--interactive</code> , <code class="language-plaintext highlighter-rouge">-i</code>
+</td> <td></td> <td>Attach container's STDIN</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker start my_container
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/start/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/start/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fstats%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstats%2Findex.html
new file mode 100644
index 00000000..16b8cd99
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstats%2Findex.html
@@ -0,0 +1,62 @@
+<h1>docker stats</h1>  <p><br></p> <p>Display a live stream of container(s) resource usage statistics</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker stats [OPTIONS] [CONTAINER...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker stats</code> command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data.</p> <p>If you need more detailed information about a container’s resource usage, use the <code class="language-plaintext highlighter-rouge">/containers/(id)/stats</code> API endpoint.</p> <blockquote> <p><strong>Note</strong></p> <p>On Linux, the Docker CLI reports memory usage by subtracting cache usage from the total memory usage. The API does not perform such a calculation but rather provides the total memory usage and the amount from the cache so that clients can use the data as needed. The cache usage is defined as the value of <code class="language-plaintext highlighter-rouge">total_inactive_file</code> field in the <code class="language-plaintext highlighter-rouge">memory.stat</code> file on cgroup v1 hosts.</p> <p>On Docker 19.03 and older, the cache usage was defined as the value of <code class="language-plaintext highlighter-rouge">cache</code> field. On cgroup v2 hosts, the cache usage is defined as the value of <code class="language-plaintext highlighter-rouge">inactive_file</code> field.</p> </blockquote> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">PIDS</code> column contains the number of processes and kernel threads created by that container. Threads is the term used by Linux kernel. Other equivalent terms are “lightweight process” or “kernel task”, etc. A large number in the <code class="language-plaintext highlighter-rouge">PIDS</code> column combined with a small number of processes (as reported by <code class="language-plaintext highlighter-rouge">ps</code> or <code class="language-plaintext highlighter-rouge">top</code>) may indicate that something in the container is creating many threads.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Show all containers (default shows just running)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print images using a Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-stream</code></td> <td></td> <td>Disable streaming stats and only pull the first result</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--no-trunc</code></td> <td></td> <td>Do not truncate output</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>Running <code class="language-plaintext highlighter-rouge">docker stats</code> on all running containers against a Linux daemon.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stats
+
+CONTAINER ID        NAME                                    CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
+b95a83497c91        awesome_brattain                        0.28%               5.629MiB / 1.952GiB   0.28%               916B / 0B           147kB / 0B          9
+67b2525d8ad1        foobar                                  0.00%               1.727MiB / 1.952GiB   0.09%               2.48kB / 0B         4.11MB / 0B         2
+e5c383697914        test-1951.1.kay7x1lh1twk9c0oig50sd5tr   0.00%               196KiB / 1.952GiB     0.01%               71.2kB / 0B         770kB / 0B          1
+4bda148efbc0        random.1.vnc8on831idyr42slu578u3cr      0.00%               1.672MiB / 1.952GiB   0.08%               110kB / 0B          578kB / 0B          2
+</pre></div> <p>If you don’t <a href="#formatting">specify a format string using <code class="language-plaintext highlighter-rouge">--format</code></a>, the following columns are shown.</p> <table> <thead> <tr> <th>Column name</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">CONTAINER ID</code> and <code class="language-plaintext highlighter-rouge">Name</code>
+</td> <td>the ID and name of the container</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">CPU %</code> and <code class="language-plaintext highlighter-rouge">MEM %</code>
+</td> <td>the percentage of the host’s CPU and memory the container is using</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">MEM USAGE / LIMIT</code></td> <td>the total memory the container is using, and the total amount of memory it is allowed to use</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">NET I/O</code></td> <td>The amount of data the container has sent and received over its network interface</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">BLOCK I/O</code></td> <td>The amount of data the container has read to and written from block devices on the host</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">PIDs</code></td> <td>the number of processes or threads the container has created</td> </tr> </tbody> </table> <p>Running <code class="language-plaintext highlighter-rouge">docker stats</code> on multiple containers by name and id against a Linux daemon.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stats awesome_brattain 67b2525d8ad1
+
+CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
+b95a83497c91        awesome_brattain    0.28%               5.629MiB / 1.952GiB   0.28%               916B / 0B           147kB / 0B          9
+67b2525d8ad1        foobar              0.00%               1.727MiB / 1.952GiB   0.09%               2.48kB / 0B         4.11MB / 0B         2
+</pre></div> <p>Running <code class="language-plaintext highlighter-rouge">docker stats</code> on container with name nginx and getting output in <code class="language-plaintext highlighter-rouge">json</code> format.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stats nginx --no-stream --format "{{ json . }}"
+{"BlockIO":"0B / 13.3kB","CPUPerc":"0.03%","Container":"nginx","ID":"ed37317fbf42","MemPerc":"0.24%","MemUsage":"2.352MiB / 982.5MiB","Name":"nginx","NetIO":"539kB / 606kB","PIDs":"2"}
+</pre></div> <p>Running <code class="language-plaintext highlighter-rouge">docker stats</code> with customized format on all (Running and Stopped) containers.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stats --all --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" fervent_panini 5acfcb1b4fd1 drunk_visvesvaraya big_heisenberg
+
+CONTAINER                CPU %               MEM USAGE / LIMIT
+fervent_panini           0.00%               56KiB / 15.57GiB
+5acfcb1b4fd1             0.07%               32.86MiB / 15.57GiB
+drunk_visvesvaraya       0.00%               0B / 0B
+big_heisenberg           0.00%               0B / 0B
+</pre></div> <p><code class="language-plaintext highlighter-rouge">drunk_visvesvaraya</code> and <code class="language-plaintext highlighter-rouge">big_heisenberg</code> are stopped containers in the above example.</p> <p>Running <code class="language-plaintext highlighter-rouge">docker stats</code> on all running containers against a Windows daemon.</p> <div class="highlight"><pre class="highlight" data-language="">PS E:\&gt; docker stats
+CONTAINER ID        CPU %               PRIV WORKING SET    NET I/O             BLOCK I/O
+09d3bb5b1604        6.61%               38.21 MiB           17.1 kB / 7.73 kB   10.7 MB / 3.57 MB
+9db7aa4d986d        9.19%               38.26 MiB           15.2 kB / 7.65 kB   10.6 MB / 3.3 MB
+3f214c61ad1d        0.00%               28.64 MiB           64 kB / 6.84 kB     4.42 MB / 6.93 MB
+</pre></div> <p>Running <code class="language-plaintext highlighter-rouge">docker stats</code> on multiple containers by name and id against a Windows daemon.</p> <div class="highlight"><pre class="highlight" data-language="">PS E:\&gt; docker ps -a
+CONTAINER ID        NAME                IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+3f214c61ad1d        awesome_brattain    nanoserver          "cmd"               2 minutes ago       Up 2 minutes                            big_minsky
+9db7aa4d986d        mad_wilson          windowsservercore   "cmd"               2 minutes ago       Up 2 minutes                            mad_wilson
+09d3bb5b1604        fervent_panini      windowsservercore   "cmd"               2 minutes ago       Up 2 minutes                            affectionate_easley
+
+PS E:\&gt; docker stats 3f214c61ad1d mad_wilson
+CONTAINER ID        NAME                CPU %               PRIV WORKING SET    NET I/O             BLOCK I/O
+3f214c61ad1d        awesome_brattain    0.00%               46.25 MiB           76.3 kB / 7.92 kB   10.3 MB / 14.7 MB
+9db7aa4d986d        mad_wilson          9.59%               40.09 MiB           27.6 kB / 8.81 kB   17 MB / 20.1 MB
+</pre></div> <h3 id="formatting">Formatting</h3> <p>The formatting option (<code class="language-plaintext highlighter-rouge">--format</code>) pretty prints container output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.Container</code></td> <td>Container name or ID (user input)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Container name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.ID</code></td> <td>Container ID</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.CPUPerc</code></td> <td>CPU percentage</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.MemUsage</code></td> <td>Memory usage</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.NetIO</code></td> <td>Network IO</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.BlockIO</code></td> <td>Block IO</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.MemPerc</code></td> <td>Memory percentage (Not available on Windows)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.PIDs</code></td> <td>Number of PIDs (Not available on Windows)</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">stats</code> command either outputs the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">Container</code> and <code class="language-plaintext highlighter-rouge">CPUPerc</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all images:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stats --format "{{.Container}}: {{.CPUPerc}}"
+
+09d3bb5b1604: 6.61%
+9db7aa4d986d: 9.19%
+3f214c61ad1d: 0.00%
+</pre></div> <p>To list all containers statistics with their name, CPU percentage and memory usage in a table format you can use:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}"
+
+CONTAINER           CPU %               PRIV WORKING SET
+1285939c1fd3        0.07%               796 KiB / 64 MiB
+9c76f7834ae2        0.07%               2.746 MiB / 64 MiB
+d1ea048f04e4        0.03%               4.583 MiB / 64 MiB
+</pre></div> <p>The default format is as follows:</p> <p>On Linux:</p> <div class="highlight"><pre class="highlight" data-language="">"table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}"
+</pre></div> <p>On Windows:</p> <div class="highlight"><pre class="highlight" data-language="">"table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}"
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/stats/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/stats/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fstop%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstop%2Findex.html
new file mode 100644
index 00000000..785bc9bf
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fstop%2Findex.html
@@ -0,0 +1,10 @@
+<h1>docker stop</h1>  <p><br></p> <p>Stop one or more running containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker stop [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The main process inside the container will receive <code class="language-plaintext highlighter-rouge">SIGTERM</code>, and after a grace period, <code class="language-plaintext highlighter-rouge">SIGKILL</code>. The first signal can be changed with the <code class="language-plaintext highlighter-rouge">STOPSIGNAL</code> instruction in the container’s Dockerfile, or the <code class="language-plaintext highlighter-rouge">--stop-signal</code> option to <code class="language-plaintext highlighter-rouge">docker run</code>.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--time</code> , <code class="language-plaintext highlighter-rouge">-t</code>
+</td> <td><code class="language-plaintext highlighter-rouge">10</code></td> <td>Seconds to wait for stop before killing it</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker stop my_container
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/stop/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/stop/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm%2Findex.html
new file mode 100644
index 00000000..77851c84
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker swarm</h1>  <p><br></p> <p>Manage Swarm</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage the swarm.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../swarm_ca/index">docker swarm ca</a></td> <td>Display and rotate the root CA</td> </tr> <tr> <td><a href="../swarm_init/index">docker swarm init</a></td> <td>Initialize a swarm</td> </tr> <tr> <td><a href="../swarm_join/index">docker swarm join</a></td> <td>Join a swarm as a node and/or manager</td> </tr> <tr> <td><a href="../swarm_join-token/index">docker swarm join-token</a></td> <td>Manage join tokens</td> </tr> <tr> <td><a href="../swarm_leave/index">docker swarm leave</a></td> <td>Leave the swarm</td> </tr> <tr> <td><a href="../swarm_unlock/index">docker swarm unlock</a></td> <td>Unlock swarm</td> </tr> <tr> <td><a href="../swarm_unlock-key/index">docker swarm unlock-key</a></td> <td>Manage the unlock key</td> </tr> <tr> <td><a href="../swarm_update/index">docker swarm update</a></td> <td>Update the swarm</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/swarm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/swarm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_ca%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_ca%2Findex.html
new file mode 100644
index 00000000..be8867ae
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_ca%2Findex.html
@@ -0,0 +1,41 @@
+<h1>docker swarm ca</h1>  <p><br></p> <p>Display and rotate the root CA</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm ca [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">View or rotate the current swarm CA certificate.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--ca-cert</code></td> <td></td> <td>Path to the PEM-formatted root CA certificate to use for the new cluster</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--ca-key</code></td> <td></td> <td>Path to the PEM-formatted root CA key to use for the new cluster</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cert-expiry</code></td> <td><code class="language-plaintext highlighter-rouge">2160h0m0s</code></td> <td>Validity period for node certificates (ns|us|ms|s|m|h)</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--detach</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td></td> <td>Exit immediately instead of waiting for the root rotation to converge</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--external-ca</code></td> <td></td> <td>Specifications of one or more certificate signing endpoints</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Suppress progress output</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rotate</code></td> <td></td> <td>Rotate the swarm CA - if no certificate or key are provided, new ones will be generated</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>Run the <code class="language-plaintext highlighter-rouge">docker swarm ca</code> command without any options to view the current root CA certificate in PEM format.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm ca
+
+-----BEGIN CERTIFICATE-----
+MIIBazCCARCgAwIBAgIUJPzo67QC7g8Ebg2ansjkZ8CbmaswCgYIKoZIzj0EAwIw
+EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAzMTcxMDAwWhcNMzcwNDI4MTcx
+MDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABKL6/C0sihYEb935wVPRA8MqzPLn3jzou0OJRXHsCLcVExigrMdgmLCC+Va4
++sJ+SLVO1eQbvLHH8uuDdF/QOU6jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+Af8EBTADAQH/MB0GA1UdDgQWBBSfUy5bjUnBAx/B0GkOBKp91XvxzjAKBggqhkjO
+PQQDAgNJADBGAiEAnbvh0puOS5R/qvy1PMHY1iksYKh2acsGLtL/jAIvO4ACIQCi
+lIwQqLkJ48SQqCjG1DBTSBsHmMSRT+6mE2My+Z3GKA==
+-----END CERTIFICATE-----
+</pre></div> <p>Pass the <code class="language-plaintext highlighter-rouge">--rotate</code> flag (and optionally a <code class="language-plaintext highlighter-rouge">--ca-cert</code>, along with a <code class="language-plaintext highlighter-rouge">--ca-key</code> or <code class="language-plaintext highlighter-rouge">--external-ca</code> parameter flag), in order to rotate the current swarm root CA.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm ca --rotate
+desired root digest: sha256:05da740cf2577a25224c53019e2cce99bcc5ba09664ad6bb2a9425d9ebd1b53e
+  rotated TLS certificates:  [=========================&gt;                         ] 1/2 nodes
+  rotated CA certificates:   [&gt;                                                  ] 0/2 nodes
+</pre></div> <p>Once the rotation os finished (all the progress bars have completed) the now-current CA certificate will be printed:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm ca --rotate
+desired root digest: sha256:05da740cf2577a25224c53019e2cce99bcc5ba09664ad6bb2a9425d9ebd1b53e
+  rotated TLS certificates:  [==================================================&gt;] 2/2 nodes
+  rotated CA certificates:   [==================================================&gt;] 2/2 nodes
+-----BEGIN CERTIFICATE-----
+MIIBazCCARCgAwIBAgIUFynG04h5Rrl4lKyA4/E65tYKg8IwCgYIKoZIzj0EAwIw
+EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTE2MDAxMDAwWhcNMzcwNTExMDAx
+MDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABC2DuNrIETP7C7lfiEPk39tWaaU0I2RumUP4fX4+3m+87j0DU0CsemUaaOG6
++PxHhGu2VXQ4c9pctPHgf7vWeVajQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+Af8EBTADAQH/MB0GA1UdDgQWBBSEL02z6mCI3SmMDmITMr12qCRY2jAKBggqhkjO
+PQQDAgNJADBGAiEA263Eb52+825EeNQZM0AME+aoH1319Zp9/J5ijILW+6ACIQCg
+gyg5u9Iliel99l7SuMhNeLkrU7fXs+Of1nTyyM73ig==
+-----END CERTIFICATE-----
+</pre></div> <h3 id="--rotate"><code class="language-plaintext highlighter-rouge">--rotate</code></h3> <p>Root CA Rotation is recommended if one or more of the swarm managers have been compromised, so that those managers can no longer connect to or be trusted by any other node in the cluster.</p> <p>Alternately, root CA rotation can be used to give control of the swarm CA to an external CA, or to take control back from an external CA.</p> <p>The <code class="language-plaintext highlighter-rouge">--rotate</code> flag does not require any parameters to do a rotation, but you can optionally specify a certificate and key, or a certificate and external CA URL, and those will be used instead of an automatically-generated certificate/key pair.</p> <p>Because the root CA key should be kept secret, if provided it will not be visible when viewing swarm any information via the CLI or API.</p> <p>The root CA rotation will not be completed until all registered nodes have rotated their TLS certificates. If the rotation is not completing within a reasonable amount of time, try running <code class="language-plaintext highlighter-rouge">docker node ls --format '{{.ID}} {{.Hostname}} {{.Status}} {{.TLSStatus}}'</code> to see if any nodes are down or otherwise unable to rotate TLS certificates.</p> <h3 id="--detach"><code class="language-plaintext highlighter-rouge">--detach</code></h3> <p>Initiate the root CA rotation, but do not wait for the completion of or display the progress of the rotation.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../swarm/index">docker swarm</a></td> <td style="text-align: left">Manage Swarm</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker swarm ca</a></td> <td>Display and rotate the root CA</td> </tr> <tr> <td><a href="../swarm_init/index">docker swarm init</a></td> <td>Initialize a swarm</td> </tr> <tr> <td><a href="../swarm_join/index">docker swarm join</a></td> <td>Join a swarm as a node and/or manager</td> </tr> <tr> <td><a href="../swarm_join-token/index">docker swarm join-token</a></td> <td>Manage join tokens</td> </tr> <tr> <td><a href="../swarm_leave/index">docker swarm leave</a></td> <td>Leave the swarm</td> </tr> <tr> <td><a href="../swarm_unlock/index">docker swarm unlock</a></td> <td>Unlock swarm</td> </tr> <tr> <td><a href="../swarm_unlock-key/index">docker swarm unlock-key</a></td> <td>Manage the unlock key</td> </tr> <tr> <td><a href="../swarm_update/index">docker swarm update</a></td> <td>Update the swarm</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/swarm_ca/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/swarm_ca/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_init%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_init%2Findex.html
new file mode 100644
index 00000000..1da2a375
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_init%2Findex.html
@@ -0,0 +1,29 @@
+<h1>docker swarm init</h1>  <p><br></p> <p>Initialize a swarm</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Initialize a swarm. The docker engine targeted by this command becomes a manager in the newly created single-node swarm.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--advertise-addr</code></td> <td></td> <td>Advertised address (format: &lt;ip|interface&gt;[:port])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--autolock</code></td> <td></td> <td>Enable manager autolocking (requiring an unlock key to start a stopped manager)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--availability</code></td> <td><code class="language-plaintext highlighter-rouge">active</code></td> <td>Availability of the node ("active"|"pause"|"drain")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cert-expiry</code></td> <td><code class="language-plaintext highlighter-rouge">2160h0m0s</code></td> <td>Validity period for node certificates (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--data-path-addr</code></td> <td></td> <td>Address or interface to use for data path traffic (format: &lt;ip|interface&gt;)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--data-path-port</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>Port number to use for data path traffic (1024 - 49151). If no value is set or is set to 0, the default port (4789) is used.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--default-addr-pool</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>default address pool in CIDR format</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--default-addr-pool-mask-length</code></td> <td><code class="language-plaintext highlighter-rouge">24</code></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the 1.24 API reference (in a new window)">API 1.40+</span></a><br>default address pool subnet mask length</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dispatcher-heartbeat</code></td> <td><code class="language-plaintext highlighter-rouge">5s</code></td> <td>Dispatcher heartbeat period (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--external-ca</code></td> <td></td> <td>Specifications of one or more certificate signing endpoints</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--force-new-cluster</code></td> <td></td> <td>Force create a new cluster from current state</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--listen-addr</code></td> <td><code class="language-plaintext highlighter-rouge">0.0.0.0:2377</code></td> <td>Listen address (format: &lt;ip|interface&gt;[:port])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--max-snapshots</code></td> <td></td> <td>Number of additional Raft snapshots to retain</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--snapshot-interval</code></td> <td><code class="language-plaintext highlighter-rouge">10000</code></td> <td>Number of log entries between Raft snapshots</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--task-history-limit</code></td> <td><code class="language-plaintext highlighter-rouge">5</code></td> <td>Task history retention limit</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --advertise-addr 192.168.99.121
+
+Swarm initialized: current node (bvz81updecsj6wjz393c09vti) is now a manager.
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \
+    172.17.0.2:2377
+
+To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
+</pre></div> <p><code class="language-plaintext highlighter-rouge">docker swarm init</code> generates two random tokens, a worker token and a manager token. When you join a new node to the swarm, the node joins as a worker or manager node based upon the token you pass to <a href="../swarm_join/index">swarm join</a>.</p> <p>After you create the swarm, you can display or rotate the token using <a href="../swarm_join-token/index">swarm join-token</a>.</p> <h3 id="--autolock"><code class="language-plaintext highlighter-rouge">--autolock</code></h3> <p>This flag enables automatic locking of managers with an encryption key. The private keys and data stored by all managers will be protected by the encryption key printed in the output, and will not be accessible without it. Thus, it is very important to store this key in order to activate a manager after it restarts. The key can be passed to <code class="language-plaintext highlighter-rouge">docker swarm unlock</code> to reactivate the manager. Autolock can be disabled by running <code class="language-plaintext highlighter-rouge">docker swarm update --autolock=false</code>. After disabling it, the encryption key is no longer required to start the manager, and it will start up on its own without user intervention.</p> <h3 id="--cert-expiry"><code class="language-plaintext highlighter-rouge">--cert-expiry</code></h3> <p>This flag sets the validity period for node certificates.</p> <h3 id="--dispatcher-heartbeat"><code class="language-plaintext highlighter-rouge">--dispatcher-heartbeat</code></h3> <p>This flag sets the frequency with which nodes are told to use as a period to report their health.</p> <h3 id="--external-ca"><code class="language-plaintext highlighter-rouge">--external-ca</code></h3> <p>This flag sets up the swarm to use an external CA to issue node certificates. The value takes the form <code class="language-plaintext highlighter-rouge">protocol=X,url=Y</code>. The value for <code class="language-plaintext highlighter-rouge">protocol</code> specifies what protocol should be used to send signing requests to the external CA. Currently, the only supported value is <code class="language-plaintext highlighter-rouge">cfssl</code>. The URL specifies the endpoint where signing requests should be submitted.</p> <h3 id="--force-new-cluster"><code class="language-plaintext highlighter-rouge">--force-new-cluster</code></h3> <p>This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data.</p> <h3 id="--listen-addr"><code class="language-plaintext highlighter-rouge">--listen-addr</code></h3> <p>The node listens for inbound swarm manager traffic on this address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface’s address; for example <code class="language-plaintext highlighter-rouge">--listen-addr eth0:2377</code>.</p> <p>Specifying a port is optional. If the value is a bare IP address or interface name, the default port 2377 will be used.</p> <h3 id="--advertise-addr"><code class="language-plaintext highlighter-rouge">--advertise-addr</code></h3> <p>This flag specifies the address that will be advertised to other members of the swarm for API access and overlay networking. If unspecified, Docker will check if the system has a single IP address, and use that IP address with the listening port (see <code class="language-plaintext highlighter-rouge">--listen-addr</code>). If the system has multiple IP addresses, <code class="language-plaintext highlighter-rouge">--advertise-addr</code> must be specified so that the correct address is chosen for inter-manager communication and overlay networking.</p> <p>It is also possible to specify a network interface to advertise that interface’s address; for example <code class="language-plaintext highlighter-rouge">--advertise-addr eth0:2377</code>.</p> <p>Specifying a port is optional. If the value is a bare IP address or interface name, the default port 2377 will be used.</p> <h3 id="--data-path-addr"><code class="language-plaintext highlighter-rouge">--data-path-addr</code></h3> <p>This flag specifies the address that global scope network drivers will publish towards other nodes in order to reach the containers running on this node. Using this parameter it is then possible to separate the container’s data traffic from the management traffic of the cluster. If unspecified, Docker will use the same IP address or interface that is used for the advertise address.</p> <h3 id="--data-path-port"><code class="language-plaintext highlighter-rouge">--data-path-port</code></h3> <p>This flag allows you to configure the UDP port number to use for data path traffic. The provided port number must be within the 1024 - 49151 range. If this flag is not set or is set to 0, the default port number 4789 is used. The data path port can only be configured when initializing the swarm, and applies to all nodes that join the swarm. The following example initializes a new Swarm, and configures the data path port to UDP port 7777;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --data-path-port=7777
+</pre></div> <p>After the swarm is initialized, use the <code class="language-plaintext highlighter-rouge">docker info</code> command to verify that the port is configured:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker info
+&lt;...&gt;
+ClusterID: 9vs5ygs0gguyyec4iqf2314c0
+Managers: 1
+Nodes: 1
+Data Path Port: 7777
+&lt;...&gt;
+</pre></div> <h3 id="--default-addr-pool"><code class="language-plaintext highlighter-rouge">--default-addr-pool</code></h3> <p>This flag specifies default subnet pools for global scope networks. Format example is <code class="language-plaintext highlighter-rouge">--default-addr-pool 30.30.0.0/16 --default-addr-pool 40.40.0.0/16</code></p> <h3 id="--default-addr-pool-mask-length"><code class="language-plaintext highlighter-rouge">--default-addr-pool-mask-length</code></h3> <p>This flag specifies default subnet pools mask length for default-addr-pool. Format example is <code class="language-plaintext highlighter-rouge">--default-addr-pool-mask-length 24</code></p> <h3 id="--task-history-limit"><code class="language-plaintext highlighter-rouge">--task-history-limit</code></h3> <p>This flag sets up task history retention limit.</p> <h3 id="--max-snapshots"><code class="language-plaintext highlighter-rouge">--max-snapshots</code></h3> <p>This flag sets the number of old Raft snapshots to retain in addition to the current Raft snapshots. By default, no old snapshots are retained. This option may be used for debugging, or to store old snapshots of the swarm state for disaster recovery purposes.</p> <h3 id="--snapshot-interval"><code class="language-plaintext highlighter-rouge">--snapshot-interval</code></h3> <p>This flag specifies how many log entries to allow in between Raft snapshots. Setting this to a higher number will trigger snapshots less frequently. Snapshots compact the Raft log and allow for more efficient transfer of the state to new managers. However, there is a performance cost to taking snapshots frequently.</p> <h3 id="--availability"><code class="language-plaintext highlighter-rouge">--availability</code></h3> <p>This flag specifies the availability of the node at the time the node joins a master. Possible availability values are <code class="language-plaintext highlighter-rouge">active</code>, <code class="language-plaintext highlighter-rouge">pause</code>, or <code class="language-plaintext highlighter-rouge">drain</code>.</p> <p>This flag is useful in certain situations. For example, a cluster may want to have dedicated manager nodes that are not served as worker nodes. This could be achieved by passing <code class="language-plaintext highlighter-rouge">--availability=drain</code> to <code class="language-plaintext highlighter-rouge">docker swarm init</code>.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../swarm/index">docker swarm</a></td> <td style="text-align: left">Manage Swarm</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../swarm_ca/index">docker swarm ca</a></td> <td>Display and rotate the root CA</td> </tr> <tr> <td><a href="index">docker swarm init</a></td> <td>Initialize a swarm</td> </tr> <tr> <td><a href="../swarm_join/index">docker swarm join</a></td> <td>Join a swarm as a node and/or manager</td> </tr> <tr> <td><a href="../swarm_join-token/index">docker swarm join-token</a></td> <td>Manage join tokens</td> </tr> <tr> <td><a href="../swarm_leave/index">docker swarm leave</a></td> <td>Leave the swarm</td> </tr> <tr> <td><a href="../swarm_unlock/index">docker swarm unlock</a></td> <td>Unlock swarm</td> </tr> <tr> <td><a href="../swarm_unlock-key/index">docker swarm unlock-key</a></td> <td>Manage the unlock key</td> </tr> <tr> <td><a href="../swarm_update/index">docker swarm update</a></td> <td>Update the swarm</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/swarm_init/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/swarm_init/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_join%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_join%2Findex.html
new file mode 100644
index 00000000..f7f31810
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_join%2Findex.html
@@ -0,0 +1,22 @@
+<h1>docker swarm join</h1>  <p><br></p> <p>Join a swarm as a node and/or manager</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join [OPTIONS] HOST:PORT
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Join a node to a swarm. The node joins as a manager node or worker node based upon the token you pass with the <code class="language-plaintext highlighter-rouge">--token</code> flag. If you pass a manager token, the node joins as a manager. If you pass a worker token, the node joins as a worker.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--advertise-addr</code></td> <td></td> <td>Advertised address (format: &lt;ip|interface&gt;[:port])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--availability</code></td> <td><code class="language-plaintext highlighter-rouge">active</code></td> <td>Availability of the node ("active"|"pause"|"drain")</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--data-path-addr</code></td> <td></td> <td>Address or interface to use for data path traffic (format: &lt;ip|interface&gt;)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--listen-addr</code></td> <td><code class="language-plaintext highlighter-rouge">0.0.0.0:2377</code></td> <td>Listen address (format: &lt;ip|interface&gt;[:port])</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--token</code></td> <td></td> <td>Token for entry into the swarm</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="join-a-node-to-swarm-as-a-manager">Join a node to swarm as a manager</h3> <p>The example below demonstrates joining a manager node using a manager token.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 192.168.99.121:2377
+This node joined a swarm as a manager.
+
+$ docker node ls
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+dkp8vy1dq1kxleu9g4u78tlag *  manager2  Ready   Active        Reachable
+dvfxp4zseq4s0rih1selh0d20    manager1  Ready   Active        Leader
+</pre></div> <p>A cluster should only have 3-7 managers at most, because a majority of managers must be available for the cluster to function. Nodes that aren’t meant to participate in this management quorum should join as workers instead. Managers should be stable hosts that have static IP addresses.</p> <h3 id="join-a-node-to-swarm-as-a-worker">Join a node to swarm as a worker</h3> <p>The example below demonstrates joining a worker node using a worker token.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx 192.168.99.121:2377
+This node joined a swarm as a worker.
+
+$ docker node ls
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+7ln70fl22uw2dvjn2ft53m3q5    worker2   Ready   Active
+dkp8vy1dq1kxleu9g4u78tlag    worker1   Ready   Active        Reachable
+dvfxp4zseq4s0rih1selh0d20 *  manager1  Ready   Active        Leader
+</pre></div> <h3 id="--listen-addr-value"><code class="language-plaintext highlighter-rouge">--listen-addr value</code></h3> <p>If the node is a manager, it will listen for inbound swarm manager traffic on this address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface’s address; for example <code class="language-plaintext highlighter-rouge">--listen-addr eth0:2377</code>.</p> <p>Specifying a port is optional. If the value is a bare IP address, or interface name, the default port 2377 will be used.</p> <p>This flag is generally not necessary when joining an existing swarm.</p> <h3 id="--advertise-addr-value"><code class="language-plaintext highlighter-rouge">--advertise-addr value</code></h3> <p>This flag specifies the address that will be advertised to other members of the swarm for API access. If unspecified, Docker will check if the system has a single IP address, and use that IP address with the listening port (see <code class="language-plaintext highlighter-rouge">--listen-addr</code>). If the system has multiple IP addresses, <code class="language-plaintext highlighter-rouge">--advertise-addr</code> must be specified so that the correct address is chosen for inter-manager communication and overlay networking.</p> <p>It is also possible to specify a network interface to advertise that interface’s address; for example <code class="language-plaintext highlighter-rouge">--advertise-addr eth0:2377</code>.</p> <p>Specifying a port is optional. If the value is a bare IP address, or interface name, the default port 2377 will be used.</p> <p>This flag is generally not necessary when joining an existing swarm. If you’re joining new nodes through a load balancer, you should use this flag to ensure the node advertises its IP address and not the IP address of the load balancer.</p> <h3 id="--data-path-addr"><code class="language-plaintext highlighter-rouge">--data-path-addr</code></h3> <p>This flag specifies the address that global scope network drivers will publish towards other nodes in order to reach the containers running on this node. Using this parameter it is then possible to separate the container’s data traffic from the management traffic of the cluster. If unspecified, Docker will use the same IP address or interface that is used for the advertise address.</p> <h3 id="--token-string"><code class="language-plaintext highlighter-rouge">--token string</code></h3> <p>Secret value required for nodes to join the swarm</p> <h3 id="--availability"><code class="language-plaintext highlighter-rouge">--availability</code></h3> <p>This flag specifies the availability of the node at the time the node joins a master. Possible availability values are <code class="language-plaintext highlighter-rouge">active</code>, <code class="language-plaintext highlighter-rouge">pause</code>, or <code class="language-plaintext highlighter-rouge">drain</code>.</p> <p>This flag is useful in certain situations. For example, a cluster may want to have dedicated manager nodes that are not served as worker nodes. This could be achieved by passing <code class="language-plaintext highlighter-rouge">--availability=drain</code> to <code class="language-plaintext highlighter-rouge">docker swarm join</code>.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../swarm/index">docker swarm</a></td> <td style="text-align: left">Manage Swarm</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../swarm_ca/index">docker swarm ca</a></td> <td>Display and rotate the root CA</td> </tr> <tr> <td><a href="../swarm_init/index">docker swarm init</a></td> <td>Initialize a swarm</td> </tr> <tr> <td><a href="index">docker swarm join</a></td> <td>Join a swarm as a node and/or manager</td> </tr> <tr> <td><a href="../swarm_join-token/index">docker swarm join-token</a></td> <td>Manage join tokens</td> </tr> <tr> <td><a href="../swarm_leave/index">docker swarm leave</a></td> <td>Leave the swarm</td> </tr> <tr> <td><a href="../swarm_unlock/index">docker swarm unlock</a></td> <td>Unlock swarm</td> </tr> <tr> <td><a href="../swarm_unlock-key/index">docker swarm unlock-key</a></td> <td>Manage the unlock key</td> </tr> <tr> <td><a href="../swarm_update/index">docker swarm update</a></td> <td>Update the swarm</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/swarm_join/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/swarm_join/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_join-token%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_join-token%2Findex.html
new file mode 100644
index 00000000..11c789c3
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_join-token%2Findex.html
@@ -0,0 +1,36 @@
+<h1>docker swarm join-token</h1>  <p><br></p> <p>Manage join tokens</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token [OPTIONS] (worker|manager)
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Join tokens are secrets that allow a node to join the swarm. There are two different join tokens available, one for the worker role and one for the manager role. You pass the token using the <code class="language-plaintext highlighter-rouge">--token</code> flag when you run <a href="../swarm_join/index">swarm join</a>. Nodes use the join token only when they join the swarm.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display token</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rotate</code></td> <td></td> <td>Rotate join token</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>You can view or rotate the join tokens using <code class="language-plaintext highlighter-rouge">swarm join-token</code>.</p> <p>As a convenience, you can pass <code class="language-plaintext highlighter-rouge">worker</code> or <code class="language-plaintext highlighter-rouge">manager</code> as an argument to <code class="language-plaintext highlighter-rouge">join-token</code> to print the full <code class="language-plaintext highlighter-rouge">docker swarm join</code> command to join a new node to the swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token worker
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \
+    172.17.0.2:2377
+
+$ docker swarm join-token manager
+
+To add a manager to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 \
+    172.17.0.2:2377
+</pre></div> <p>Use the <code class="language-plaintext highlighter-rouge">--rotate</code> flag to generate a new join token for the specified role:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token --rotate worker
+
+Successfully rotated worker join token.
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t \
+    172.17.0.2:2377
+</pre></div> <p>After using <code class="language-plaintext highlighter-rouge">--rotate</code>, only the new token will be valid for joining with the specified role.</p> <p>The <code class="language-plaintext highlighter-rouge">-q</code> (or <code class="language-plaintext highlighter-rouge">--quiet</code>) flag only prints the token:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token -q worker
+
+SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t
+</pre></div> <h3 id="--rotate"><code class="language-plaintext highlighter-rouge">--rotate</code></h3> <p>Because tokens allow new nodes to join the swarm, you should keep them secret. Be particularly careful with manager tokens since they allow new manager nodes to join the swarm. A rogue manager has the potential to disrupt the operation of your swarm.</p> <p>Rotate your swarm’s join token if a token gets checked-in to version control, stolen, or a node is compromised. You may also want to periodically rotate the token to ensure any unknown token leaks do not allow a rogue node to join the swarm.</p> <p>To rotate the join token and print the newly generated token, run <code class="language-plaintext highlighter-rouge">docker swarm join-token --rotate</code> and pass the role: <code class="language-plaintext highlighter-rouge">manager</code> or <code class="language-plaintext highlighter-rouge">worker</code>.</p> <p>Rotating a join-token means that no new nodes will be able to join the swarm using the old token. Rotation does not affect existing nodes in the swarm because the join token is only used for authorizing new nodes joining the swarm.</p> <h3 id="--quiet"><code class="language-plaintext highlighter-rouge">--quiet</code></h3> <p>Only print the token. Do not print a complete command for joining.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../swarm/index">docker swarm</a></td> <td style="text-align: left">Manage Swarm</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../swarm_ca/index">docker swarm ca</a></td> <td>Display and rotate the root CA</td> </tr> <tr> <td><a href="../swarm_init/index">docker swarm init</a></td> <td>Initialize a swarm</td> </tr> <tr> <td><a href="../swarm_join/index">docker swarm join</a></td> <td>Join a swarm as a node and/or manager</td> </tr> <tr> <td><a href="index">docker swarm join-token</a></td> <td>Manage join tokens</td> </tr> <tr> <td><a href="../swarm_leave/index">docker swarm leave</a></td> <td>Leave the swarm</td> </tr> <tr> <td><a href="../swarm_unlock/index">docker swarm unlock</a></td> <td>Unlock swarm</td> </tr> <tr> <td><a href="../swarm_unlock-key/index">docker swarm unlock-key</a></td> <td>Manage the unlock key</td> </tr> <tr> <td><a href="../swarm_update/index">docker swarm update</a></td> <td>Update the swarm</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/swarm_join-token/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/swarm_join-token/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_leave%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_leave%2Findex.html
new file mode 100644
index 00000000..8236b88b
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_leave%2Findex.html
@@ -0,0 +1,18 @@
+<h1>docker swarm leave</h1>  <p><br></p> <p>Leave the swarm</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm leave [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">When you run this command on a worker, that worker leaves the swarm.</p> <p>You can use the <code class="language-plaintext highlighter-rouge">--force</code> option on a manager to remove it from the swarm. However, this does not reconfigure the swarm to ensure that there are enough managers to maintain a quorum in the swarm. The safe way to remove a manager from a swarm is to demote it to a worker and then direct it to leave the quorum without using <code class="language-plaintext highlighter-rouge">--force</code>. Only use <code class="language-plaintext highlighter-rouge">--force</code> in situations where the swarm will no longer be used after the manager leaves, such as in a single-node swarm.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force this node to leave the swarm, ignoring warnings</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>Consider the following swarm, as seen from the manager:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls
+
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+7ln70fl22uw2dvjn2ft53m3q5    worker2   Ready   Active
+dkp8vy1dq1kxleu9g4u78tlag    worker1   Ready   Active
+dvfxp4zseq4s0rih1selh0d20 *  manager1  Ready   Active        Leader
+</pre></div> <p>To remove <code class="language-plaintext highlighter-rouge">worker2</code>, issue the following command from <code class="language-plaintext highlighter-rouge">worker2</code> itself:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm leave
+
+Node left the default swarm.
+</pre></div> <p>The node will still appear in the node list, and marked as <code class="language-plaintext highlighter-rouge">down</code>. It no longer affects swarm operation, but a long list of <code class="language-plaintext highlighter-rouge">down</code> nodes can clutter the node list. To remove an inactive node from the list, use the <a href="../node_rm/index"><code class="language-plaintext highlighter-rouge">node rm</code></a> command.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../swarm/index">docker swarm</a></td> <td style="text-align: left">Manage Swarm</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../swarm_ca/index">docker swarm ca</a></td> <td>Display and rotate the root CA</td> </tr> <tr> <td><a href="../swarm_init/index">docker swarm init</a></td> <td>Initialize a swarm</td> </tr> <tr> <td><a href="../swarm_join/index">docker swarm join</a></td> <td>Join a swarm as a node and/or manager</td> </tr> <tr> <td><a href="../swarm_join-token/index">docker swarm join-token</a></td> <td>Manage join tokens</td> </tr> <tr> <td><a href="index">docker swarm leave</a></td> <td>Leave the swarm</td> </tr> <tr> <td><a href="../swarm_unlock/index">docker swarm unlock</a></td> <td>Unlock swarm</td> </tr> <tr> <td><a href="../swarm_unlock-key/index">docker swarm unlock-key</a></td> <td>Manage the unlock key</td> </tr> <tr> <td><a href="../swarm_update/index">docker swarm update</a></td> <td>Update the swarm</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/swarm_leave/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/swarm_leave/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_unlock%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_unlock%2Findex.html
new file mode 100644
index 00000000..84cabfa2
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_unlock%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker swarm unlock</h1>  <p><br></p> <p>Unlock swarm</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm unlock
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Unlocks a locked manager using a user-supplied unlock key. This command must be used to reactivate a manager after its Docker daemon restarts if the autolock setting is turned on. The unlock key is printed at the time when autolock is enabled, and is also available from the <code class="language-plaintext highlighter-rouge">docker swarm unlock-key</code> command.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm unlock
+Please enter unlock key:
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../swarm/index">docker swarm</a></td> <td style="text-align: left">Manage Swarm</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../swarm_ca/index">docker swarm ca</a></td> <td>Display and rotate the root CA</td> </tr> <tr> <td><a href="../swarm_init/index">docker swarm init</a></td> <td>Initialize a swarm</td> </tr> <tr> <td><a href="../swarm_join/index">docker swarm join</a></td> <td>Join a swarm as a node and/or manager</td> </tr> <tr> <td><a href="../swarm_join-token/index">docker swarm join-token</a></td> <td>Manage join tokens</td> </tr> <tr> <td><a href="../swarm_leave/index">docker swarm leave</a></td> <td>Leave the swarm</td> </tr> <tr> <td><a href="index">docker swarm unlock</a></td> <td>Unlock swarm</td> </tr> <tr> <td><a href="../swarm_unlock-key/index">docker swarm unlock-key</a></td> <td>Manage the unlock key</td> </tr> <tr> <td><a href="../swarm_update/index">docker swarm update</a></td> <td>Update the swarm</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/swarm_unlock/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/swarm_unlock/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_unlock-key%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_unlock-key%2Findex.html
new file mode 100644
index 00000000..3bffb034
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_unlock-key%2Findex.html
@@ -0,0 +1,32 @@
+<h1>docker swarm unlock-key</h1>  <p><br></p> <p>Manage the unlock key</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm unlock-key [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">An unlock key is a secret key needed to unlock a manager after its Docker daemon restarts. These keys are only used when the autolock feature is enabled for the swarm.</p> <p>You can view or rotate the unlock key using <code class="language-plaintext highlighter-rouge">swarm unlock-key</code>. To view the key, run the <code class="language-plaintext highlighter-rouge">docker swarm unlock-key</code> command without any arguments:</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display token</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--rotate</code></td> <td></td> <td>Rotate unlock key</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm unlock-key
+
+To unlock a swarm manager after it restarts, run the `docker swarm unlock`
+command and provide the following key:
+
+    SWMKEY-1-fySn8TY4w5lKcWcJPIpKufejh9hxx5KYwx6XZigx3Q4
+
+Please remember to store this key in a password manager, since without it you
+will not be able to restart the manager.
+</pre></div> <p>Use the <code class="language-plaintext highlighter-rouge">--rotate</code> flag to rotate the unlock key to a new, randomly-generated key:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm unlock-key --rotate
+
+Successfully rotated manager unlock key.
+
+To unlock a swarm manager after it restarts, run the `docker swarm unlock`
+command and provide the following key:
+
+    SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8
+
+Please remember to store this key in a password manager, since without it you
+will not be able to restart the manager.
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">-q</code> (or <code class="language-plaintext highlighter-rouge">--quiet</code>) flag only prints the key:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm unlock-key -q
+
+SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8
+</pre></div> <h3 id="--rotate"><code class="language-plaintext highlighter-rouge">--rotate</code></h3> <p>This flag rotates the unlock key, replacing it with a new randomly-generated key. The old unlock key will no longer be accepted.</p> <h3 id="--quiet"><code class="language-plaintext highlighter-rouge">--quiet</code></h3> <p>Only print the unlock key, without instructions.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../swarm/index">docker swarm</a></td> <td style="text-align: left">Manage Swarm</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../swarm_ca/index">docker swarm ca</a></td> <td>Display and rotate the root CA</td> </tr> <tr> <td><a href="../swarm_init/index">docker swarm init</a></td> <td>Initialize a swarm</td> </tr> <tr> <td><a href="../swarm_join/index">docker swarm join</a></td> <td>Join a swarm as a node and/or manager</td> </tr> <tr> <td><a href="../swarm_join-token/index">docker swarm join-token</a></td> <td>Manage join tokens</td> </tr> <tr> <td><a href="../swarm_leave/index">docker swarm leave</a></td> <td>Leave the swarm</td> </tr> <tr> <td><a href="../swarm_unlock/index">docker swarm unlock</a></td> <td>Unlock swarm</td> </tr> <tr> <td><a href="index">docker swarm unlock-key</a></td> <td>Manage the unlock key</td> </tr> <tr> <td><a href="../swarm_update/index">docker swarm update</a></td> <td>Update the swarm</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/swarm_unlock-key/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/swarm_unlock-key/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_update%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_update%2Findex.html
new file mode 100644
index 00000000..152ec78d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fswarm_update%2Findex.html
@@ -0,0 +1,8 @@
+<h1>docker swarm update</h1>  <p><br></p> <p>Update the swarm</p> <p><span class="badge badge-info" data-toggle="tooltip" data-placement="right" title="This command works with the Swarm orchestrator.">Swarm</span> This command works with the Swarm orchestrator.</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm update [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Updates a swarm with new parameter values.</p> <blockquote> <p><strong>Note</strong></p> <p>This is a cluster management command, and must be executed on a swarm manager node. To learn about managers and workers, refer to the <a href="../../../swarm/index">Swarm mode section</a> in the documentation.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--autolock</code></td> <td></td> <td>Change manager autolocking setting (true|false)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cert-expiry</code></td> <td><code class="language-plaintext highlighter-rouge">2160h0m0s</code></td> <td>Validity period for node certificates (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--dispatcher-heartbeat</code></td> <td><code class="language-plaintext highlighter-rouge">5s</code></td> <td>Dispatcher heartbeat period (ns|us|ms|s|m|h)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--external-ca</code></td> <td></td> <td>Specifications of one or more certificate signing endpoints</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--max-snapshots</code></td> <td></td> <td>Number of additional Raft snapshots to retain</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--snapshot-interval</code></td> <td><code class="language-plaintext highlighter-rouge">10000</code></td> <td>Number of log entries between Raft snapshots</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--task-history-limit</code></td> <td><code class="language-plaintext highlighter-rouge">5</code></td> <td>Task history retention limit</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm update --cert-expiry 720h
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../swarm/index">docker swarm</a></td> <td style="text-align: left">Manage Swarm</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../swarm_ca/index">docker swarm ca</a></td> <td>Display and rotate the root CA</td> </tr> <tr> <td><a href="../swarm_init/index">docker swarm init</a></td> <td>Initialize a swarm</td> </tr> <tr> <td><a href="../swarm_join/index">docker swarm join</a></td> <td>Join a swarm as a node and/or manager</td> </tr> <tr> <td><a href="../swarm_join-token/index">docker swarm join-token</a></td> <td>Manage join tokens</td> </tr> <tr> <td><a href="../swarm_leave/index">docker swarm leave</a></td> <td>Leave the swarm</td> </tr> <tr> <td><a href="../swarm_unlock/index">docker swarm unlock</a></td> <td>Unlock swarm</td> </tr> <tr> <td><a href="../swarm_unlock-key/index">docker swarm unlock-key</a></td> <td>Manage the unlock key</td> </tr> <tr> <td><a href="index">docker swarm update</a></td> <td>Update the swarm</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/swarm_update/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/swarm_update/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem%2Findex.html
new file mode 100644
index 00000000..28b34271
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker system</h1>  <p><br></p> <p>Manage Docker</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker system COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage Docker.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../system_df/index">docker system df</a></td> <td>Show docker disk usage</td> </tr> <tr> <td><a href="../system_events/index">docker system events</a></td> <td>Get real time events from the server</td> </tr> <tr> <td><a href="../system_info/index">docker system info</a></td> <td>Display system-wide information</td> </tr> <tr> <td><a href="../system_prune/index">docker system prune</a></td> <td>Remove unused data</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/system/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/system/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_df%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_df%2Findex.html
new file mode 100644
index 00000000..e56ad554
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_df%2Findex.html
@@ -0,0 +1,41 @@
+<h1>docker system df</h1>  <p><br></p> <p>Show docker disk usage</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker system df [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker system df</code> command displays information regarding the amount of disk space used by the docker daemon.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print images using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--verbose</code> , <code class="language-plaintext highlighter-rouge">-v</code>
+</td> <td></td> <td>Show detailed information on space usage</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>By default the command will just show a summary of the data used:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker system df
+
+TYPE                TOTAL               ACTIVE              SIZE                RECLAIMABLE
+Images              5                   2                   16.43 MB            11.63 MB (70%)
+Containers          2                   0                   212 B               212 B (100%)
+Local Volumes       2                   1                   36 B                0 B (0%)
+</pre></div> <p>A more detailed view can be requested using the <code class="language-plaintext highlighter-rouge">-v, --verbose</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker system df -v
+
+Images space usage:
+
+REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE                SHARED SIZE         UNIQUE SIZE         CONTAINERS
+my-curl             latest              b2789dd875bf        6 minutes ago       11 MB               11 MB               5 B                 0
+my-jq               latest              ae67841be6d0        6 minutes ago       9.623 MB            8.991 MB            632.1 kB            0
+&lt;none&gt;              &lt;none&gt;              a0971c4015c1        6 minutes ago       11 MB               11 MB               0 B                 0
+alpine              latest              4e38e38c8ce0        9 weeks ago         4.799 MB            0 B                 4.799 MB            1
+alpine              3.3                 47cf20d8c26c        9 weeks ago         4.797 MB            4.797 MB            0 B                 1
+
+Containers space usage:
+
+CONTAINER ID        IMAGE               COMMAND             LOCAL VOLUMES       SIZE                CREATED             STATUS                      NAMES
+4a7f7eebae0f        alpine:latest       "sh"                1                   0 B                 16 minutes ago      Exited (0) 5 minutes ago    hopeful_yalow
+f98f9c2aa1ea        alpine:3.3          "sh"                1                   212 B               16 minutes ago      Exited (0) 48 seconds ago   anon-vol
+
+Local Volumes space usage:
+
+NAME                                                               LINKS               SIZE
+07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e   2                   36 B
+my-named-vol                                                       0                   0 B
+</pre></div> <ul> <li>
+<code class="language-plaintext highlighter-rouge">SHARED SIZE</code> is the amount of space that an image shares with another one (i.e. their common data)</li> <li>
+<code class="language-plaintext highlighter-rouge">UNIQUE SIZE</code> is the amount of space that is only used by a given image</li> <li>
+<code class="language-plaintext highlighter-rouge">SIZE</code> is the virtual size of the image, it is the sum of <code class="language-plaintext highlighter-rouge">SHARED SIZE</code> and <code class="language-plaintext highlighter-rouge">UNIQUE SIZE</code>
+</li> </ul> <blockquote> <p><strong>Note</strong></p> <p>Network information is not shown because it does not consume disk space.</p> </blockquote> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../system/index">docker system</a></td> <td style="text-align: left">Manage Docker</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker system df</a></td> <td>Show docker disk usage</td> </tr> <tr> <td><a href="../system_events/index">docker system events</a></td> <td>Get real time events from the server</td> </tr> <tr> <td><a href="../system_info/index">docker system info</a></td> <td>Display system-wide information</td> </tr> <tr> <td><a href="../system_prune/index">docker system prune</a></td> <td>Remove unused data</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/system_df/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/system_df/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_events%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_events%2Findex.html
new file mode 100644
index 00000000..1d27fadb
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_events%2Findex.html
@@ -0,0 +1,146 @@
+<h1>docker system events</h1>  <p><br></p> <p>Get real time events from the server</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker system events [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Use <code class="language-plaintext highlighter-rouge">docker system events</code> to get real-time events from the server. These events differ per Docker object type.</p> <h3 id="object-types">Object types</h3> <h4 id="containers">Containers</h4> <p>Docker containers report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">attach</code></li> <li><code class="language-plaintext highlighter-rouge">commit</code></li> <li><code class="language-plaintext highlighter-rouge">copy</code></li> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">destroy</code></li> <li><code class="language-plaintext highlighter-rouge">detach</code></li> <li><code class="language-plaintext highlighter-rouge">die</code></li> <li><code class="language-plaintext highlighter-rouge">exec_create</code></li> <li><code class="language-plaintext highlighter-rouge">exec_detach</code></li> <li><code class="language-plaintext highlighter-rouge">exec_start</code></li> <li><code class="language-plaintext highlighter-rouge">export</code></li> <li><code class="language-plaintext highlighter-rouge">health_status</code></li> <li><code class="language-plaintext highlighter-rouge">kill</code></li> <li><code class="language-plaintext highlighter-rouge">oom</code></li> <li><code class="language-plaintext highlighter-rouge">pause</code></li> <li><code class="language-plaintext highlighter-rouge">rename</code></li> <li><code class="language-plaintext highlighter-rouge">resize</code></li> <li><code class="language-plaintext highlighter-rouge">restart</code></li> <li><code class="language-plaintext highlighter-rouge">start</code></li> <li><code class="language-plaintext highlighter-rouge">stop</code></li> <li><code class="language-plaintext highlighter-rouge">top</code></li> <li><code class="language-plaintext highlighter-rouge">unpause</code></li> <li><code class="language-plaintext highlighter-rouge">update</code></li> </ul> <h4 id="images">Images</h4> <p>Docker images report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">delete</code></li> <li><code class="language-plaintext highlighter-rouge">import</code></li> <li><code class="language-plaintext highlighter-rouge">load</code></li> <li><code class="language-plaintext highlighter-rouge">pull</code></li> <li><code class="language-plaintext highlighter-rouge">push</code></li> <li><code class="language-plaintext highlighter-rouge">save</code></li> <li><code class="language-plaintext highlighter-rouge">tag</code></li> <li><code class="language-plaintext highlighter-rouge">untag</code></li> </ul> <h4 id="plugins">Plugins</h4> <p>Docker plugins report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">install</code></li> <li><code class="language-plaintext highlighter-rouge">enable</code></li> <li><code class="language-plaintext highlighter-rouge">disable</code></li> <li><code class="language-plaintext highlighter-rouge">remove</code></li> </ul> <h4 id="volumes">Volumes</h4> <p>Docker volumes report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">mount</code></li> <li><code class="language-plaintext highlighter-rouge">unmount</code></li> <li><code class="language-plaintext highlighter-rouge">destroy</code></li> </ul> <h4 id="networks">Networks</h4> <p>Docker networks report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">connect</code></li> <li><code class="language-plaintext highlighter-rouge">disconnect</code></li> <li><code class="language-plaintext highlighter-rouge">destroy</code></li> </ul> <h4 id="daemons">Daemons</h4> <p>Docker daemons report the following events:</p> <ul> <li><code class="language-plaintext highlighter-rouge">reload</code></li> </ul> <h3 id="limiting-filtering-and-formatting-the-output">Limiting, filtering, and formatting the output</h3> <h4 id="limit-events-by-time">Limit events by time</h4> <p>The <code class="language-plaintext highlighter-rouge">--since</code> and <code class="language-plaintext highlighter-rouge">--until</code> parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. <code class="language-plaintext highlighter-rouge">10m</code>, <code class="language-plaintext highlighter-rouge">1h30m</code>) computed relative to the client machine’s time. If you do not provide the <code class="language-plaintext highlighter-rouge">--since</code> option, the command returns only new and/or live events. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05</code>, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05.999999999</code>, <code class="language-plaintext highlighter-rouge">2006-01-02Z07:00</code>, and <code class="language-plaintext highlighter-rouge">2006-01-02</code>. The local timezone on the client will be used if you do not provide either a <code class="language-plaintext highlighter-rouge">Z</code> or a <code class="language-plaintext highlighter-rouge">+-00:00</code> timezone offset at the end of the timestamp. When providing Unix timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long.</p> <h4 id="filtering">Filtering</h4> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If you would like to use multiple filters, pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>Using the same filter multiple times will be handled as a <em>OR</em>; for example <code class="language-plaintext highlighter-rouge">--filter container=588a23dac085 --filter container=a8f7720b8c22</code> will display events for container 588a23dac085 <em>OR</em> container a8f7720b8c22</p> <p>Using multiple filters will be handled as a <em>AND</em>; for example <code class="language-plaintext highlighter-rouge">--filter container=588a23dac085 --filter event=start</code> will display events for container container 588a23dac085 <em>AND</em> the event type is <em>start</em></p> <p>The currently supported filters are:</p> <ul> <li>container (<code class="language-plaintext highlighter-rouge">container=&lt;name or id&gt;</code>)</li> <li>daemon (<code class="language-plaintext highlighter-rouge">daemon=&lt;name or id&gt;</code>)</li> <li>event (<code class="language-plaintext highlighter-rouge">event=&lt;event action&gt;</code>)</li> <li>image (<code class="language-plaintext highlighter-rouge">image=&lt;tag or id&gt;</code>)</li> <li>label (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>)</li> <li>network (<code class="language-plaintext highlighter-rouge">network=&lt;name or id&gt;</code>)</li> <li>plugin (<code class="language-plaintext highlighter-rouge">plugin=&lt;name or id&gt;</code>)</li> <li>type (<code class="language-plaintext highlighter-rouge">type=&lt;container or image or volume or network or daemon or plugin&gt;</code>)</li> <li>volume (<code class="language-plaintext highlighter-rouge">volume=&lt;name or id&gt;</code>)</li> </ul> <h4 id="format">Format</h4> <p>If a format (<code class="language-plaintext highlighter-rouge">--format</code>) is specified, the given template will be executed instead of the default format. Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package describes all the details of the format.</p> <p>If a format is set to <code class="language-plaintext highlighter-rouge">{{json .}}</code>, the events are streamed as valid JSON Lines. For information about JSON Lines, please refer to https://jsonlines.org/ .</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Filter output based on conditions provided</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--since</code></td> <td></td> <td>Show all events created since timestamp</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--until</code></td> <td></td> <td>Stream events until this timestamp</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="basic-example">Basic example</h3> <p>You’ll need two shells for this example.</p> <p><strong>Shell 1: Listening for events:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker system events
+</pre></div> <p><strong>Shell 2: Start and Stop containers:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker create --name test alpine:latest top
+$ docker start test
+$ docker stop test
+</pre></div> <p><strong>Shell 1: (Again .. now showing events):</strong></p> <div class="highlight"><pre class="highlight" data-language="">2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+</pre></div> <p>To exit the <code class="language-plaintext highlighter-rouge">docker system events</code> command, use <code class="language-plaintext highlighter-rouge">CTRL+C</code>.</p> <h3 id="filter-events-by-time">Filter events by time</h3> <p>You can filter the output by an absolute timestamp or relative time on the host machine, using the following different time syntaxes:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker system events --since 1483283804
+
+2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
+2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker system events --since '2017-01-05'
+
+2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
+2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker system events --since '2013-09-03T15:49:29'
+
+2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
+2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker system events --since '10m'
+
+2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local)
+2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test)
+2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge)
+2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+</pre></div> <h3 id="filter-events-by-criteria">Filter events by criteria</h3> <p>The following commands show several different ways to filter the <code class="language-plaintext highlighter-rouge">docker event</code> output.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker system events --filter 'event=stop'
+
+2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain)
+
+$ docker system events --filter 'image=alpine'
+
+2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner)
+2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner)
+2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15)
+2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9)
+2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner)
+2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner)
+
+$ docker system events --filter 'container=test'
+
+2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15)
+2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test)
+2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker system events --filter 'container=test' --filter 'container=d9cdb1525ea8'
+
+2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test)
+2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner)
+2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9)
+2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test)
+2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test)
+
+$ docker system events --filter 'container=test' --filter 'event=stop'
+
+2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test)
+
+$ docker system events --filter 'type=volume'
+
+2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local)
+2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate)
+2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local)
+2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local)
+
+$ docker system events --filter 'type=network'
+
+2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge)
+2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge)
+
+$ docker system events --filter 'container=container_1' --filter 'container=container_2'
+
+2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04)
+2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04)
+2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8)
+2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8)
+
+$ docker system events --filter 'type=volume'
+
+2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local)
+2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate)
+2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local)
+2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local)
+
+$ docker system events --filter 'type=network'
+
+2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge)
+2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge)
+
+$ docker system events --filter 'type=plugin'
+
+2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
+2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
+</pre></div> <h3 id="format-the-output">Format the output</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker system events --filter 'type=container' --format 'Type={{.Type}}  Status={{.Status}}  ID={{.ID}}'
+
+Type=container  Status=create  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=attach  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=start  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=resize  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=die  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+Type=container  Status=destroy  ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26
+</pre></div> <h4 id="format-as-json">Format as JSON</h4> <div class="highlight"><pre class="highlight" data-language="">$ docker system events --format '{{json .}}'
+
+{"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+{"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+{"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
+{"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
+{"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../system/index">docker system</a></td> <td style="text-align: left">Manage Docker</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../system_df/index">docker system df</a></td> <td>Show docker disk usage</td> </tr> <tr> <td><a href="index">docker system events</a></td> <td>Get real time events from the server</td> </tr> <tr> <td><a href="../system_info/index">docker system info</a></td> <td>Display system-wide information</td> </tr> <tr> <td><a href="../system_prune/index">docker system prune</a></td> <td>Remove unused data</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/system_events/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/system_events/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_info%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_info%2Findex.html
new file mode 100644
index 00000000..f32810d8
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_info%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker system info</h1>  <p><br></p> <p>Display system-wide information</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker system info [OPTIONS]
+</pre></div> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr>  </tbody> </table>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../system/index">docker system</a></td> <td style="text-align: left">Manage Docker</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../system_df/index">docker system df</a></td> <td>Show docker disk usage</td> </tr> <tr> <td><a href="../system_events/index">docker system events</a></td> <td>Get real time events from the server</td> </tr> <tr> <td><a href="index">docker system info</a></td> <td>Display system-wide information</td> </tr> <tr> <td><a href="../system_prune/index">docker system prune</a></td> <td>Remove unused data</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/system_info/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/system_info/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_prune%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_prune%2Findex.html
new file mode 100644
index 00000000..1b443d95
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fsystem_prune%2Findex.html
@@ -0,0 +1,72 @@
+<h1>docker system prune</h1>  <p><br></p> <p>Remove unused data</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker system prune [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Remove all unused containers, networks, images (both dangling and unreferenced), and optionally, volumes.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--all</code> , <code class="language-plaintext highlighter-rouge">-a</code>
+</td> <td></td> <td>Remove all unused images not just dangling ones</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--filter</code></td> <td></td> <td>Provide filter values (e.g. 'label=&lt;key&gt;=&lt;value&gt;')</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Do not prompt for confirmation</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--volumes</code></td> <td></td> <td>Prune volumes</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker system prune
+
+WARNING! This will remove:
+        - all stopped containers
+        - all networks not used by at least one container
+        - all dangling images
+        - all build cache
+Are you sure you want to continue? [y/N] y
+
+Deleted Containers:
+f44f9b81948b3919590d5f79a680d8378f1139b41952e219830a33027c80c867
+792776e68ac9d75bce4092bc1b5cc17b779bc926ab04f4185aec9bf1c0d4641f
+
+Deleted Networks:
+network1
+network2
+
+Deleted Images:
+untagged: hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f
+deleted: sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57
+deleted: sha256:45761469c965421a92a69cc50e92c01e0cfa94fe026cdd1233445ea00e96289a
+
+Total reclaimed space: 1.84kB
+</pre></div> <p>By default, volumes are not removed to prevent important data from being deleted if there is currently no container using the volume. Use the <code class="language-plaintext highlighter-rouge">--volumes</code> flag when running the command to prune volumes as well:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker system prune -a --volumes
+
+WARNING! This will remove:
+        - all stopped containers
+        - all networks not used by at least one container
+        - all volumes not used by at least one container
+        - all images without at least one container associated to them
+        - all build cache
+Are you sure you want to continue? [y/N] y
+
+Deleted Containers:
+0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b
+73958bfb884fa81fa4cc6baf61055667e940ea2357b4036acbbe25a60f442a4d
+
+Deleted Networks:
+my-network-a
+my-network-b
+
+Deleted Volumes:
+named-vol
+
+Deleted Images:
+untagged: my-curl:latest
+deleted: sha256:7d88582121f2a29031d92017754d62a0d1a215c97e8f0106c586546e7404447d
+deleted: sha256:dd14a93d83593d4024152f85d7c63f76aaa4e73e228377ba1d130ef5149f4d8b
+untagged: alpine:3.3
+deleted: sha256:695f3d04125db3266d4ab7bbb3c6b23aa4293923e762aa2562c54f49a28f009f
+untagged: alpine:latest
+deleted: sha256:ee4603260daafe1a8c2f3b78fd760922918ab2441cbb2853ed5c439e59c52f96
+deleted: sha256:9007f5987db353ec398a223bc5a135c5a9601798ba20a1abba537ea2f8ac765f
+deleted: sha256:71fa90c8f04769c9721459d5aa0936db640b92c8c91c9b589b54abd412d120ab
+deleted: sha256:bb1c3357b3c30ece26e6604aea7d2ec0ace4166ff34c3616701279c22444c0f3
+untagged: my-jq:latest
+deleted: sha256:6e66d724542af9bc4c4abf4a909791d7260b6d0110d8e220708b09e4ee1322e1
+deleted: sha256:07b3fa89d4b17009eb3988dfc592c7d30ab3ba52d2007832dffcf6d40e3eda7f
+deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548
+
+Total reclaimed space: 13.5 MB
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li>until (<code class="language-plaintext highlighter-rouge">&lt;timestamp&gt;</code>) - only remove containers, images, and networks created before given timestamp</li> <li>label (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code>, <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>, <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;</code>, or <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;=&lt;value&gt;</code>) - only remove containers, images, networks, and volumes with (or without, in case <code class="language-plaintext highlighter-rouge">label!=...</code> is used) the specified labels.</li> </ul> <p>The <code class="language-plaintext highlighter-rouge">until</code> filter can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. <code class="language-plaintext highlighter-rouge">10m</code>, <code class="language-plaintext highlighter-rouge">1h30m</code>) computed relative to the daemon machine’s time. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05</code>, <code class="language-plaintext highlighter-rouge">2006-01-02T15:04:05.999999999</code>, <code class="language-plaintext highlighter-rouge">2006-01-02Z07:00</code>, and <code class="language-plaintext highlighter-rouge">2006-01-02</code>. The local timezone on the daemon will be used if you do not provide either a <code class="language-plaintext highlighter-rouge">Z</code> or a <code class="language-plaintext highlighter-rouge">+-00:00</code> timezone offset at the end of the timestamp. When providing Unix timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long.</p> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter accepts two formats. One is the <code class="language-plaintext highlighter-rouge">label=...</code> (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>), which removes containers, images, networks, and volumes with the specified labels. The other format is the <code class="language-plaintext highlighter-rouge">label!=...</code> (<code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label!=&lt;key&gt;=&lt;value&gt;</code>), which removes containers, images, networks, and volumes without the specified labels.</p> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../system/index">docker system</a></td> <td style="text-align: left">Manage Docker</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../system_df/index">docker system df</a></td> <td>Show docker disk usage</td> </tr> <tr> <td><a href="../system_events/index">docker system events</a></td> <td>Get real time events from the server</td> </tr> <tr> <td><a href="../system_info/index">docker system info</a></td> <td>Display system-wide information</td> </tr> <tr> <td><a href="index">docker system prune</a></td> <td>Remove unused data</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/system_prune/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/system_prune/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftag%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftag%2Findex.html
new file mode 100644
index 00000000..45d6247a
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftag%2Findex.html
@@ -0,0 +1,11 @@
+<h1>docker tag</h1>  <p><br></p> <p>Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">An image name is made up of slash-separated name components, optionally prefixed by a registry hostname. The hostname must comply with standard DNS rules, but may not contain underscores. If a hostname is present, it may optionally be followed by a port number in the format <code class="language-plaintext highlighter-rouge">:8080</code>. If not present, the command uses Docker’s public registry located at <code class="language-plaintext highlighter-rouge">registry-1.docker.io</code> by default. Name components may contain lowercase letters, digits and separators. A separator is defined as a period, one or two underscores, or one or more dashes. A name component may not start or end with a separator.</p> <p>A tag name must be valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters.</p> <p>You can group your images together using names and tags, and then upload them to <a href="../../../../get-started/04_sharing_app/index"><em>Share images on Docker Hub</em></a>.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <h3 id="tag-an-image-referenced-by-id">Tag an image referenced by ID</h3> <p>To tag a local image with ID “0e5574283393” into the “fedora” repository with “version1.0”:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker tag 0e5574283393 fedora/httpd:version1.0
+</pre></div> <h3 id="tag-an-image-referenced-by-name">Tag an image referenced by Name</h3> <p>To tag a local image with name “httpd” into the “fedora” repository with “version1.0”:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker tag httpd fedora/httpd:version1.0
+</pre></div> <p>Note that since the tag name is not specified, the alias is created for an existing local version <code class="language-plaintext highlighter-rouge">httpd:latest</code>.</p> <h3 id="tag-an-image-referenced-by-name-and-tag">Tag an image referenced by Name and Tag</h3> <p>To tag a local image with name “httpd” and tag “test” into the “fedora” repository with “version1.0.test”:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker tag httpd:test fedora/httpd:version1.0.test
+</pre></div> <h3 id="tag-an-image-for-a-private-repository">Tag an image for a private repository</h3> <p>To push an image to a private registry and not the central Docker registry you must tag it with the registry hostname and port (if needed).</p> <div class="highlight"><pre class="highlight" data-language="">$ docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/tag/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/tag/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftop%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftop%2Findex.html
new file mode 100644
index 00000000..4fedeac5
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftop%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker top</h1>  <p><br></p> <p>Display the running processes of a container</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker top CONTAINER [ps OPTIONS]
+</pre></div>  <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/top/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/top/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust%2Findex.html
new file mode 100644
index 00000000..522978f3
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker trust</h1>  <p><br></p> <p>Manage trust on Docker images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust COMMAND
+</pre></div>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_inspect/index">docker trust inspect</a></td> <td>Return low-level information about keys and signatures</td> </tr> <tr> <td><a href="../trust_key/index">docker trust key</a></td> <td>Manage keys for signing Docker images</td> </tr> <tr> <td><a href="../trust_revoke/index">docker trust revoke</a></td> <td>Remove trust for an image</td> </tr> <tr> <td><a href="../trust_sign/index">docker trust sign</a></td> <td>Sign an image</td> </tr> <tr> <td><a href="../trust_signer/index">docker trust signer</a></td> <td>Manage entities who can sign Docker images</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_inspect%2Findex.html
new file mode 100644
index 00000000..fc6829e2
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_inspect%2Findex.html
@@ -0,0 +1,359 @@
+<h1>docker trust inspect</h1>  <p><br></p> <p>Return low-level information about keys and signatures</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect IMAGE[:TAG] [IMAGE[:TAG]...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description"><code class="language-plaintext highlighter-rouge">docker trust inspect</code> provides low-level JSON information on signed repositories. This includes all image tags that are signed, who signed them, and who can sign new tags.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--pretty</code></td> <td></td> <td>Print the information in a human friendly format</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="get-low-level-details-about-signatures-for-a-single-image-tag">Get low-level details about signatures for a single image tag</h3> <p>Use the <code class="language-plaintext highlighter-rouge">docker trust inspect</code> to get trust information about an image. The following example prints trust information for the <code class="language-plaintext highlighter-rouge">alpine:latest</code> image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect alpine:latest
+</pre></div> <p>The output is in JSON format, for example:</p> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "Name": "alpine:latest",
+    "SignedTags": [
+      {
+        "SignedTag": "latest",
+        "Digest": "d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478",
+        "Signers": [
+          "Repo Admin"
+        ]
+      }
+    ],
+    "Signers": [],
+    "AdministrativeKeys": [
+      {
+        "Name": "Repository",
+        "Keys": [
+            {
+                "ID": "5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd"
+            }
+        ]
+      },
+      {
+        "Name": "Root",
+        "Keys": [
+            {
+                "ID": "a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce"
+            }
+        ]
+      }
+    ]
+  }
+]
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">SignedTags</code> key will list the <code class="language-plaintext highlighter-rouge">SignedTag</code> name, its <code class="language-plaintext highlighter-rouge">Digest</code>, and the <code class="language-plaintext highlighter-rouge">Signers</code> responsible for the signature.</p> <p><code class="language-plaintext highlighter-rouge">AdministrativeKeys</code> will list the <code class="language-plaintext highlighter-rouge">Repository</code> and <code class="language-plaintext highlighter-rouge">Root</code> keys.</p> <p>If signers are set up for the repository via other <code class="language-plaintext highlighter-rouge">docker trust</code> commands, <code class="language-plaintext highlighter-rouge">docker trust inspect</code> includes a <code class="language-plaintext highlighter-rouge">Signers</code> key:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect my-image:purple
+</pre></div> <p>The output is in JSON format, for example:</p> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "Name": "my-image:purple",
+    "SignedTags": [
+      {
+        "SignedTag": "purple",
+        "Digest": "941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557",
+        "Signers": [
+          "alice",
+          "bob",
+          "carol"
+        ]
+      }
+    ],
+    "Signers": [
+      {
+        "Name": "alice",
+        "Keys": [
+            {
+                "ID": "04dd031411ed671ae1e12f47ddc8646d98f135090b01e54c3561e843084484a3"
+            },
+            {
+                "ID": "6a11e4898a4014d400332ab0e096308c844584ff70943cdd1d6628d577f45fd8"
+            }
+        ]
+      },
+      {
+        "Name": "bob",
+        "Keys": [
+            {
+                "ID": "433e245c656ae9733cdcc504bfa560f90950104442c4528c9616daa45824ccba"
+            }
+        ]
+      },
+      {
+        "Name": "carol",
+        "Keys": [
+            {
+                "ID": "d32fa8b5ca08273a2880f455fcb318da3dc80aeae1a30610815140deef8f30d9"
+            },
+            {
+                "ID": "9a8bbec6ba2af88a5fad6047d428d17e6d05dbdd03d15b4fc8a9a0e8049cd606"
+            }
+        ]
+      }
+    ],
+    "AdministrativeKeys": [
+      {
+        "Name": "Repository",
+        "Keys": [
+            {
+                "ID": "27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44"
+            }
+        ]
+      },
+      {
+        "Name": "Root",
+        "Keys": [
+            {
+                "ID": "40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f"
+            }
+        ]
+      }
+    ]
+  }
+]
+</pre></div> <p>If the image tag is unsigned or unavailable, <code class="language-plaintext highlighter-rouge">docker trust inspect</code> does not display any signed tags.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect unsigned-img
+
+No signatures or cannot access unsigned-img
+</pre></div> <p>However, if other tags are signed in the same image repository, <code class="language-plaintext highlighter-rouge">docker trust inspect</code> reports relevant key information:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect alpine:unsigned
+</pre></div> <p>The output is in JSON format, for example:</p> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "Name": "alpine:unsigned",
+    "Signers": [],
+    "AdministrativeKeys": [
+      {
+        "Name": "Repository",
+        "Keys": [
+          {
+            "ID": "5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd"
+          }
+        ]
+      },
+      {
+        "Name": "Root",
+        "Keys": [
+          {
+            "ID": "a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce"
+          }
+        ]
+      }
+    ]
+  }
+]
+</pre></div> <h3 id="get-details-about-signatures-for-all-image-tags-in-a-repository">Get details about signatures for all image tags in a repository</h3> <p>If no tag is specified, <code class="language-plaintext highlighter-rouge">docker trust inspect</code> will report details for all signed tags in the repository:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect alpine
+</pre></div> <p>The output is in JSON format, for example:</p> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "Name": "alpine",
+    "SignedTags": [
+      {
+        "SignedTag": "3.5",
+        "Digest": "b007a354427e1880de9cdba533e8e57382b7f2853a68a478a17d447b302c219c",
+        "Signers": [
+          "Repo Admin"
+        ]
+      },
+      {
+        "SignedTag": "3.6",
+        "Digest": "d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478",
+        "Signers": [
+          "Repo Admin"
+        ]
+      },
+      {
+        "SignedTag": "edge",
+        "Digest": "23e7d843e63a3eee29b6b8cfcd10e23dd1ef28f47251a985606a31040bf8e096",
+        "Signers": [
+          "Repo Admin"
+        ]
+      },
+      {
+        "SignedTag": "latest",
+        "Digest": "d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478",
+        "Signers": [
+          "Repo Admin"
+        ]
+      }
+    ],
+    "Signers": [],
+    "AdministrativeKeys": [
+      {
+        "Name": "Repository",
+        "Keys": [
+          {
+            "ID": "5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd"
+          }
+        ]
+      },
+      {
+        "Name": "Root",
+        "Keys": [
+          {
+            "ID": "a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce"
+          }
+        ]
+      }
+    ]
+  }
+]
+</pre></div> <h3 id="get-details-about-signatures-for-multiple-images">Get details about signatures for multiple images</h3> <p><code class="language-plaintext highlighter-rouge">docker trust inspect</code> can take multiple repositories and images as arguments, and reports the results in an ordered list:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect alpine notary
+</pre></div> <p>The output is in JSON format, for example:</p> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "Name": "alpine",
+    "SignedTags": [
+      {
+        "SignedTag": "3.5",
+        "Digest": "b007a354427e1880de9cdba533e8e57382b7f2853a68a478a17d447b302c219c",
+        "Signers": [
+          "Repo Admin"
+        ]
+      },
+      {
+        "SignedTag": "3.6",
+        "Digest": "d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478",
+        "Signers": [
+          "Repo Admin"
+        ]
+      },
+      {
+        "SignedTag": "edge",
+        "Digest": "23e7d843e63a3eee29b6b8cfcd10e23dd1ef28f47251a985606a31040bf8e096",
+        "Signers": [
+          "Repo Admin"
+        ]
+      },
+      {
+        "SignedTag": "integ-test-base",
+        "Digest": "3952dc48dcc4136ccdde37fbef7e250346538a55a0366e3fccc683336377e372",
+        "Signers": [
+          "Repo Admin"
+        ]
+      },
+      {
+        "SignedTag": "latest",
+        "Digest": "d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478",
+        "Signers": [
+          "Repo Admin"
+        ]
+      }
+    ],
+    "Signers": [],
+    "AdministrativeKeys": [
+      {
+        "Name": "Repository",
+        "Keys": [
+          {
+            "ID": "5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd"
+          }
+        ]
+      },
+      {
+        "Name": "Root",
+        "Keys": [
+          {
+            "ID": "a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce"
+          }
+        ]
+      }
+    ]
+  },
+  {
+    "Name": "notary",
+    "SignedTags": [
+      {
+        "SignedTag": "server",
+        "Digest": "71f64ab718a3331dee103bc5afc6bc492914738ce37c2d2f127a8133714ecf5c",
+        "Signers": [
+          "Repo Admin"
+        ]
+      },
+      {
+        "SignedTag": "signer",
+        "Digest": "a6122d79b1e74f70b5dd933b18a6d1f99329a4728011079f06b245205f158fe8",
+        "Signers": [
+          "Repo Admin"
+        ]
+      }
+    ],
+    "Signers": [],
+    "AdministrativeKeys": [
+      {
+        "Name": "Root",
+        "Keys": [
+          {
+            "ID": "8cdcdef5bd039f4ab5a029126951b5985eebf57cabdcdc4d21f5b3be8bb4ce92"
+          }
+        ]
+      },
+      {
+        "Name": "Repository",
+        "Keys": [
+          {
+            "ID": "85bfd031017722f950d480a721f845a2944db26a3dc084040a70f1b0d9bbb3df"
+          }
+        ]
+      }
+    ]
+  }
+]
+</pre></div> <h3 id="formatting">Formatting</h3> <p>You can print the inspect output in a human-readable format instead of the default JSON output, by using the <code class="language-plaintext highlighter-rouge">--pretty</code> option:</p> <h3 id="get-details-about-signatures-for-a-single-image-tag">Get details about signatures for a single image tag</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty alpine:latest
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+latest              1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe   (Repo Admin)
+
+Administrative keys for alpine:latest:
+Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
+Root Key:       a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">SIGNED TAG</code> is the signed image tag with a unique content-addressable <code class="language-plaintext highlighter-rouge">DIGEST</code>. <code class="language-plaintext highlighter-rouge">SIGNERS</code> lists all entities who have signed.</p> <p>The administrative keys listed specify the root key of trust, as well as the administrative repository key. These keys are responsible for modifying signers, and rotating keys for the signed repository.</p> <p>If signers are set up for the repository via other <code class="language-plaintext highlighter-rouge">docker trust</code> commands, <code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> displays them appropriately as a <code class="language-plaintext highlighter-rouge">SIGNER</code> and specify their <code class="language-plaintext highlighter-rouge">KEYS</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty my-image:purple
+
+SIGNED TAG          DIGEST                                                              SIGNERS
+purple              941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557    alice, bob, carol
+
+List of signers and their keys:
+
+SIGNER              KEYS
+alice               47caae5b3e61, a85aab9d20a4
+bob                 034370bcbd77, 82a66673242c
+carol               b6f9f8e1aab0
+
+Administrative keys for my-image:
+Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
+Root Key:       40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
+</pre></div> <p>However, if other tags are signed in the same image repository, <code class="language-plaintext highlighter-rouge">docker trust inspect</code> reports relevant key information.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty alpine:unsigned
+
+No signatures for alpine:unsigned
+
+
+Administrative keys for alpine:unsigned:
+Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
+Root Key:       a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
+</pre></div> <h3 id="get-details-about-signatures-for-all-image-tags-in-a-repository-1">Get details about signatures for all image tags in a repository</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty alpine
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+2.6                 9ace551613070689a12857d62c30ef0daa9a376107ec0fff0e34786cedb3399b   (Repo Admin)
+2.7                 9f08005dff552038f0ad2f46b8e65ff3d25641747d3912e3ea8da6785046561a   (Repo Admin)
+3.1                 d9477888b78e8c6392e0be8b2e73f8c67e2894ff9d4b8e467d1488fcceec21c8   (Repo Admin)
+3.2                 19826d59171c2eb7e90ce52bfd822993bef6a6fe3ae6bb4a49f8c1d0a01e99c7   (Repo Admin)
+3.3                 8fd4b76819e1e5baac82bd0a3d03abfe3906e034cc5ee32100d12aaaf3956dc7   (Repo Admin)
+3.4                 833ad81ace8277324f3ca8c91c02bdcf1d13988d8ecf8a3f97ecdd69d0390ce9   (Repo Admin)
+3.5                 af2a5bd2f8de8fc1ecabf1c76611cdc6a5f1ada1a2bdd7d3816e121b70300308   (Repo Admin)
+3.6                 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe   (Repo Admin)
+edge                79d50d15bd7ea48ea00cf3dd343b0e740c1afaa8e899bee475236ef338e1b53b   (Repo Admin)
+latest              1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe   (Repo Admin)
+
+Administrative keys for alpine:
+Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
+Root Key:       a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
+</pre></div> <p>Here’s an example with signers that are set up by <code class="language-plaintext highlighter-rouge">docker trust</code> commands:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty my-image
+
+SIGNED TAG          DIGEST                                                              SIGNERS
+red                 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943    alice
+blue                f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197    alice, bob
+green               cae8fedc840f90c8057e1c24637d11865743ab1e61a972c1c9da06ec2de9a139    alice, bob
+yellow              9cc65fc3126790e683d1b92f307a71f48f75fa7dd47a7b03145a123eaf0b45ba    carol
+purple              941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557    alice, bob, carol
+orange              d6c271baa6d271bcc24ef1cbd65abf39123c17d2e83455bdab545a1a9093fc1c    alice
+
+List of signers and their keys for my-image:
+
+SIGNER              KEYS
+alice               47caae5b3e61, a85aab9d20a4
+bob                 034370bcbd77, 82a66673242c
+carol               b6f9f8e1aab0
+
+Administrative keys for my-image:
+Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
+Root Key:       40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust/index">docker trust</a></td> <td style="text-align: left">Manage trust on Docker images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker trust inspect</a></td> <td>Return low-level information about keys and signatures</td> </tr> <tr> <td><a href="../trust_key/index">docker trust key</a></td> <td>Manage keys for signing Docker images</td> </tr> <tr> <td><a href="../trust_revoke/index">docker trust revoke</a></td> <td>Remove trust for an image</td> </tr> <tr> <td><a href="../trust_sign/index">docker trust sign</a></td> <td>Sign an image</td> </tr> <tr> <td><a href="../trust_signer/index">docker trust signer</a></td> <td>Manage entities who can sign Docker images</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_key%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_key%2Findex.html
new file mode 100644
index 00000000..630b7415
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_key%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker trust key</h1>  <p><br></p> <p>Manage keys for signing Docker images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key COMMAND
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust/index">docker trust</a></td> <td style="text-align: left">Manage trust on Docker images</td> </tr> </tbody> </table> <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_key_generate/index">docker trust key generate</a></td> <td>Generate and load a signing key-pair</td> </tr> <tr> <td><a href="../trust_key_load/index">docker trust key load</a></td> <td>Load a private key file for signing</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_inspect/index">docker trust inspect</a></td> <td>Return low-level information about keys and signatures</td> </tr> <tr> <td><a href="index">docker trust key</a></td> <td>Manage keys for signing Docker images</td> </tr> <tr> <td><a href="../trust_revoke/index">docker trust revoke</a></td> <td>Remove trust for an image</td> </tr> <tr> <td><a href="../trust_sign/index">docker trust sign</a></td> <td>Sign an image</td> </tr> <tr> <td><a href="../trust_signer/index">docker trust signer</a></td> <td>Manage entities who can sign Docker images</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust_key/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_key/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_key_generate%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_key_generate%2Findex.html
new file mode 100644
index 00000000..91ef2e04
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_key_generate%2Findex.html
@@ -0,0 +1,23 @@
+<h1>docker trust key generate</h1>  <p><br></p> <p>Generate and load a signing key-pair</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key generate NAME
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description"><code class="language-plaintext highlighter-rouge">docker trust key generate</code> generates a key-pair to be used with signing, and loads the private key into the local docker trust keystore.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--dir</code></td> <td></td> <td>Directory to generate key in, defaults to current directory</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="generate-a-key-pair">Generate a key-pair</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key generate alice
+
+Generating key for alice...
+Enter passphrase for new alice key with ID 17acf3c:
+Repeat passphrase for new alice key with ID 17acf3c:
+Successfully generated and loaded private key. Corresponding public key available: alice.pub
+$ ls
+alice.pub
+</pre></div> <p>The private signing key is encrypted by the passphrase and loaded into the docker trust keystore. All passphrase requests to sign with the key will be referred to by the provided <code class="language-plaintext highlighter-rouge">NAME</code>.</p> <p>The public key component <code class="language-plaintext highlighter-rouge">alice.pub</code> will be available in the current working directory, and can be used directly by <code class="language-plaintext highlighter-rouge">docker trust signer add</code>.</p> <p>Provide the <code class="language-plaintext highlighter-rouge">--dir</code> argument to specify a directory to generate the key in:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key generate alice --dir /foo
+
+Generating key for alice...
+Enter passphrase for new alice key with ID 17acf3c:
+Repeat passphrase for new alice key with ID 17acf3c:
+Successfully generated and loaded private key. Corresponding public key available: alice.pub
+$ ls /foo
+alice.pub
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust_key/index">docker trust key</a></td> <td style="text-align: left">Manage keys for signing Docker images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker trust key generate</a></td> <td>Generate and load a signing key-pair</td> </tr> <tr> <td><a href="../trust_key_load/index">docker trust key load</a></td> <td>Load a private key file for signing</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust_key_generate/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_key_generate/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_key_load%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_key_load%2Findex.html
new file mode 100644
index 00000000..fedf8062
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_key_load%2Findex.html
@@ -0,0 +1,19 @@
+<h1>docker trust key load</h1>  <p><br></p> <p>Load a private key file for signing</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key load [OPTIONS] KEYFILE
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description"><code class="language-plaintext highlighter-rouge">docker trust key load</code> adds private keys to the local docker trust keystore.</p> <p>To add a signer to a repository use <code class="language-plaintext highlighter-rouge">docker trust signer add</code>.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--name</code></td> <td><code class="language-plaintext highlighter-rouge">signer</code></td> <td>Name for the loaded key</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="load-a-single-private-key">Load a single private key</h3> <p>For a private key <code class="language-plaintext highlighter-rouge">alice.pem</code> with permissions <code class="language-plaintext highlighter-rouge">-rw-------</code></p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key load alice.pem
+
+Loading key from "alice.pem"...
+Enter passphrase for new signer key with ID f8097df:
+Repeat passphrase for new signer key with ID f8097df:
+Successfully imported key from alice.pem
+</pre></div> <p>To specify a name use the <code class="language-plaintext highlighter-rouge">--name</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key load --name alice-key alice.pem
+
+Loading key from "alice.pem"...
+Enter passphrase for new alice-key key with ID f8097df:
+Repeat passphrase for new alice-key key with ID f8097df:
+Successfully imported key from alice.pem
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust_key/index">docker trust key</a></td> <td style="text-align: left">Manage keys for signing Docker images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_key_generate/index">docker trust key generate</a></td> <td>Generate and load a signing key-pair</td> </tr> <tr> <td><a href="index">docker trust key load</a></td> <td>Load a private key file for signing</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust_key_load/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_key_load/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_revoke%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_revoke%2Findex.html
new file mode 100644
index 00000000..2ec18cd7
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_revoke%2Findex.html
@@ -0,0 +1,71 @@
+<h1>docker trust revoke</h1>  <p><br></p> <p>Remove trust for an image</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust revoke [OPTIONS] IMAGE[:TAG]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description"><code class="language-plaintext highlighter-rouge">docker trust revoke</code> removes signatures from tags in signed repositories.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--yes</code> , <code class="language-plaintext highlighter-rouge">-y</code>
+</td> <td></td> <td>Do not prompt for confirmation</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="revoke-signatures-from-a-signed-tag">Revoke signatures from a signed tag</h3> <p>Here’s an example of a repo with two signed tags:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+SIGNED TAG          DIGEST                                                              SIGNERS
+red                 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943    alice
+blue                f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197    alice, bob
+
+List of signers and their keys for example/trust-demo:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <p>When <code class="language-plaintext highlighter-rouge">alice</code>, one of the signers, runs <code class="language-plaintext highlighter-rouge">docker trust revoke</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust revoke example/trust-demo:red
+Enter passphrase for delegation key with ID 27d42a8:
+Successfully deleted signature for example/trust-demo:red
+</pre></div> <p>After revocation, the tag is removed from the list of released tags:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+SIGNED TAG          DIGEST                                                              SIGNERS
+blue                f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197    alice, bob
+
+List of signers and their keys for example/trust-demo:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <h3 id="revoke-signatures-on-all-tags-in-a-repository">Revoke signatures on all tags in a repository</h3> <p>When no tag is specified, <code class="language-plaintext highlighter-rouge">docker trust</code> revokes all signatures that you have a signing key for.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+SIGNED TAG          DIGEST                                                              SIGNERS
+red                 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943    alice
+blue                f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197    alice, bob
+
+List of signers and their keys for example/trust-demo:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <p>When <code class="language-plaintext highlighter-rouge">alice</code>, one of the signers, runs <code class="language-plaintext highlighter-rouge">docker trust revoke</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust revoke example/trust-demo
+Please confirm you would like to delete all signature data for example/trust-demo? [y/N] y
+Enter passphrase for delegation key with ID 27d42a8:
+Successfully deleted signature for example/trust-demo
+</pre></div> <p>All tags that have <code class="language-plaintext highlighter-rouge">alice</code>’s signature on them are removed from the list of released tags:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+No signatures for example/trust-demo
+
+
+List of signers and their keys for example/trust-demo:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust/index">docker trust</a></td> <td style="text-align: left">Manage trust on Docker images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_inspect/index">docker trust inspect</a></td> <td>Return low-level information about keys and signatures</td> </tr> <tr> <td><a href="../trust_key/index">docker trust key</a></td> <td>Manage keys for signing Docker images</td> </tr> <tr> <td><a href="index">docker trust revoke</a></td> <td>Remove trust for an image</td> </tr> <tr> <td><a href="../trust_sign/index">docker trust sign</a></td> <td>Sign an image</td> </tr> <tr> <td><a href="../trust_signer/index">docker trust signer</a></td> <td>Manage entities who can sign Docker images</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust_revoke/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_revoke/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_sign%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_sign%2Findex.html
new file mode 100644
index 00000000..fd8a5b81
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_sign%2Findex.html
@@ -0,0 +1,80 @@
+<h1>docker trust sign</h1>  <p><br></p> <p>Sign an image</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust sign IMAGE:TAG
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description"><code class="language-plaintext highlighter-rouge">docker trust sign</code> adds signatures to tags to create signed repositories.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--local</code></td> <td></td> <td>Sign a locally tagged image</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="sign-a-tag-as-a-repo-admin">Sign a tag as a repo admin</h3> <p>Given an image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41   (Repo Admin)
+
+Administrative keys for example/trust-demo:
+Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
+Root Key:       246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
+</pre></div> <p>Sign a new tag with <code class="language-plaintext highlighter-rouge">docker trust sign</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust sign example/trust-demo:v2
+
+Signing and pushing trust metadata for example/trust-demo:v2
+The push refers to a repository [docker.io/example/trust-demo]
+eed4e566104a: Layer already exists
+77edfb6d1e3c: Layer already exists
+c69f806905c2: Layer already exists
+582f327616f1: Layer already exists
+a3fbb648f0bd: Layer already exists
+5eac2de68a97: Layer already exists
+8d4d1ab5ff74: Layer already exists
+v2: digest: sha256:8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 size: 1787
+Signing and pushing trust metadata
+Enter passphrase for repository key with ID 36d4c36:
+Successfully signed docker.io/example/trust-demo:v2
+</pre></div> <p>Use <code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> to list the new signature:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41   (Repo Admin)
+v2                  8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56   (Repo Admin)
+
+Administrative keys for example/trust-demo:
+Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
+Root Key:       246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
+</pre></div> <h3 id="sign-a-tag-as-a-signer">Sign a tag as a signer</h3> <p>Given an image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+No signatures for example/trust-demo
+
+
+List of signers and their keys for example/trust-demo:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <p>Sign a new tag with <code class="language-plaintext highlighter-rouge">docker trust sign</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust sign example/trust-demo:v1
+
+Signing and pushing trust metadata for example/trust-demo:v1
+The push refers to a repository [docker.io/example/trust-demo]
+26b126eb8632: Layer already exists
+220d34b5f6c9: Layer already exists
+8a5132998025: Layer already exists
+aca233ed29c3: Layer already exists
+e5d2f035d7a4: Layer already exists
+v1: digest: sha256:74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 size: 1357
+Signing and pushing trust metadata
+Enter passphrase for delegation key with ID 27d42a8:
+Successfully signed docker.io/example/trust-demo:v1
+</pre></div> <p><code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> lists the new signature:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   alice
+
+List of signers and their keys for example/trust-demo:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust/index">docker trust</a></td> <td style="text-align: left">Manage trust on Docker images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_inspect/index">docker trust inspect</a></td> <td>Return low-level information about keys and signatures</td> </tr> <tr> <td><a href="../trust_key/index">docker trust key</a></td> <td>Manage keys for signing Docker images</td> </tr> <tr> <td><a href="../trust_revoke/index">docker trust revoke</a></td> <td>Remove trust for an image</td> </tr> <tr> <td><a href="index">docker trust sign</a></td> <td>Sign an image</td> </tr> <tr> <td><a href="../trust_signer/index">docker trust signer</a></td> <td>Manage entities who can sign Docker images</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust_sign/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_sign/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer%2Findex.html
new file mode 100644
index 00000000..30c6e0bf
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker trust signer</h1>  <p><br></p> <p>Manage entities who can sign Docker images</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer COMMAND
+</pre></div>  <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust/index">docker trust</a></td> <td style="text-align: left">Manage trust on Docker images</td> </tr> </tbody> </table> <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_signer_add/index">docker trust signer add</a></td> <td>Add a signer</td> </tr> <tr> <td><a href="../trust_signer_remove/index">docker trust signer remove</a></td> <td>Remove a signer</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_inspect/index">docker trust inspect</a></td> <td>Return low-level information about keys and signatures</td> </tr> <tr> <td><a href="../trust_key/index">docker trust key</a></td> <td>Manage keys for signing Docker images</td> </tr> <tr> <td><a href="../trust_revoke/index">docker trust revoke</a></td> <td>Remove trust for an image</td> </tr> <tr> <td><a href="../trust_sign/index">docker trust sign</a></td> <td>Sign an image</td> </tr> <tr> <td><a href="index">docker trust signer</a></td> <td>Manage entities who can sign Docker images</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust_signer/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_signer/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer_add%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer_add%2Findex.html
new file mode 100644
index 00000000..603576f6
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer_add%2Findex.html
@@ -0,0 +1,38 @@
+<h1>docker trust signer add</h1>  <p><br></p> <p>Add a signer</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer add OPTIONS NAME REPOSITORY [REPOSITORY...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description"><code class="language-plaintext highlighter-rouge">docker trust signer add</code> adds signers to signed repositories.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--key</code></td> <td></td> <td>Path to the signer's public key file</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="add-a-signer-to-a-repo">Add a signer to a repo</h3> <p>To add a new signer, <code class="language-plaintext highlighter-rouge">alice</code>, to this repository:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+No signatures for example/trust-demo
+
+
+List of signers and their keys:
+
+SIGNER              KEYS
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <p>Add <code class="language-plaintext highlighter-rouge">alice</code> with <code class="language-plaintext highlighter-rouge">docker trust signer add</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer add alice example/trust-demo --key alice.crt
+  Adding signer "alice" to example/trust-demo...
+  Enter passphrase for repository key with ID 642692c:
+Successfully added signer: alice to example/trust-demo
+</pre></div> <p><code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> now lists <code class="language-plaintext highlighter-rouge">alice</code> as a valid signer:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+No signatures for example/trust-demo
+
+
+List of signers and their keys:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust_signer/index">docker trust signer</a></td> <td style="text-align: left">Manage entities who can sign Docker images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker trust signer add</a></td> <td>Add a signer</td> </tr> <tr> <td><a href="../trust_signer_remove/index">docker trust signer remove</a></td> <td>Remove a signer</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust_signer_add/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_signer_add/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer_remove%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer_remove%2Findex.html
new file mode 100644
index 00000000..79cda963
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer_remove%2Findex.html
@@ -0,0 +1,114 @@
+<h1>docker trust signer remove</h1>  <p><br></p> <p>Remove a signer</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer remove [OPTIONS] NAME REPOSITORY [REPOSITORY...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description"><code class="language-plaintext highlighter-rouge">docker trust signer remove</code> removes signers from signed repositories.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Do not prompt for confirmation before removing the most recent signer</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="remove-a-signer-from-a-repo">Remove a signer from a repo</h3> <p>To remove an existing signer, <code class="language-plaintext highlighter-rouge">alice</code>, from this repository:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+No signatures for example/trust-demo
+
+
+List of signers and their keys:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <p>Remove <code class="language-plaintext highlighter-rouge">alice</code> with <code class="language-plaintext highlighter-rouge">docker trust signer remove</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer remove alice example/trust-demo
+
+Removing signer "alice" from image example/trust-demo...
+Enter passphrase for repository key with ID 642692c:
+Successfully removed alice from example/trust-demo
+</pre></div> <p><code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> now does not list <code class="language-plaintext highlighter-rouge">alice</code> as a valid signer:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+No signatures for example/trust-demo
+
+
+List of signers and their keys:
+
+SIGNER              KEYS
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <h3 id="remove-a-signer-from-multiple-repos">Remove a signer from multiple repos</h3> <p>To remove an existing signer, <code class="language-plaintext highlighter-rouge">alice</code>, from multiple repositories:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   alice, bob
+
+List of signers and their keys:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo2
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   alice, bob
+
+List of signers and their keys:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo2:
+Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <p>Remove <code class="language-plaintext highlighter-rouge">alice</code> from both images with a single <code class="language-plaintext highlighter-rouge">docker trust signer remove</code> command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer remove alice example/trust-demo example/trust-demo2
+
+Removing signer "alice" from image example/trust-demo...
+Enter passphrase for repository key with ID 95b9e55:
+Successfully removed alice from example/trust-demo
+
+Removing signer "alice" from image example/trust-demo2...
+Enter passphrase for repository key with ID ece554f:
+Successfully removed alice from example/trust-demo2
+</pre></div> <p>Run <code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> to confirm that <code class="language-plaintext highlighter-rouge">alice</code> is no longer listed as a valid signer of either <code class="language-plaintext highlighter-rouge">example/trust-demo</code> or <code class="language-plaintext highlighter-rouge">example/trust-demo2</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   bob
+
+List of signers and their keys:
+
+SIGNER              KEYS
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo2
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   bob
+
+List of signers and their keys:
+
+SIGNER              KEYS
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo2:
+Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+</pre></div> <p><code class="language-plaintext highlighter-rouge">docker trust signer remove</code> removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer remove alice example/unauthorized example/authorized
+
+Removing signer "alice" from image example/unauthorized...
+No signer alice for image example/unauthorized
+
+Removing signer "alice" from image example/authorized...
+Enter passphrase for repository key with ID c6772a0:
+Successfully removed alice from example/authorized
+
+Error removing signer from: example/unauthorized
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust_signer/index">docker trust signer</a></td> <td style="text-align: left">Manage entities who can sign Docker images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_signer_add/index">docker trust signer add</a></td> <td>Add a signer</td> </tr> <tr> <td><a href="index">docker trust signer remove</a></td> <td>Remove a signer</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/trust_signer_remove/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_signer_remove/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Funpause%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Funpause%2Findex.html
new file mode 100644
index 00000000..74ac93cc
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Funpause%2Findex.html
@@ -0,0 +1,9 @@
+<h1>docker unpause</h1>  <p><br></p> <p>Unpause all processes within one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker unpause CONTAINER [CONTAINER...]
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker unpause</code> command un-suspends all processes in the specified containers. On Linux, it does this using the freezer cgroup.</p> <p>See the <a href="https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt">freezer cgroup documentation</a> for further details.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker unpause my_container
+my_container
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/unpause/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/unpause/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fupdate%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fupdate%2Findex.html
new file mode 100644
index 00000000..b4cc7bec
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fupdate%2Findex.html
@@ -0,0 +1,18 @@
+<h1>docker update</h1>  <p><br></p> <p>Update configuration of one or more containers</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker update [OPTIONS] CONTAINER [CONTAINER...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">The <code class="language-plaintext highlighter-rouge">docker update</code> command dynamically updates container configuration. You can use this command to prevent containers from consuming too many resources from their Docker host. With a single command, you can place limits on a single container or on many. To specify more than one container, provide space-separated list of container names or IDs.</p> <p>With the exception of the <code class="language-plaintext highlighter-rouge">--kernel-memory</code> option, you can specify these options on a running or a stopped container. On kernel version older than 4.6, you can only update <code class="language-plaintext highlighter-rouge">--kernel-memory</code> on a stopped container or on a running container with kernel memory initialized.</p> <blockquote class="warning"> <p><strong>Warning</strong></p> <p>The <code class="language-plaintext highlighter-rouge">docker update</code> and <code class="language-plaintext highlighter-rouge">docker container update</code> commands are not supported for Windows containers.</p> </blockquote> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--blkio-weight</code></td> <td></td> <td>Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-period</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-quota</code></td> <td></td> <td>Limit CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-period</code></td> <td></td> <td>Limit the CPU real-time period in microseconds</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpu-rt-runtime</code></td> <td></td> <td>Limit the CPU real-time runtime in microseconds</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--cpu-shares</code> , <code class="language-plaintext highlighter-rouge">-c</code>
+</td> <td></td> <td>CPU shares (relative weight)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpus</code></td> <td></td> <td>Number of CPUs</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-cpus</code></td> <td></td> <td>CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--cpuset-mems</code></td> <td></td> <td>MEMs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kernel-memory</code></td> <td></td> <td>Kernel memory limit</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--memory</code> , <code class="language-plaintext highlighter-rouge">-m</code>
+</td> <td></td> <td>Memory limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-reservation</code></td> <td></td> <td>Memory soft limit</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--memory-swap</code></td> <td></td> <td>Swap limit equal to memory plus swap: '-1' to enable unlimited swap</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--pids-limit</code></td> <td></td> <td>
+<a href="https://docs.docker.com/engine/api/v1.40/" target="_blank" rel="noopener" class="_"><span class="badge badge-info" data-toggle="tooltip" title="Open the  API reference (in a new window)">API 1.40+</span></a><br>Tune container pids limit (set -1 for unlimited)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--restart</code></td> <td></td> <td>Restart policy to apply when a container exits</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>The following sections illustrate ways to use this command.</p> <h3 id="update-a-containers-cpu-shares">Update a container’s cpu-shares</h3> <p>To limit a container’s cpu-shares to 512, first identify the container name or ID. You can use <code class="language-plaintext highlighter-rouge">docker ps</code> to find these values. You can also use the ID returned from the <code class="language-plaintext highlighter-rouge">docker run</code> command. Then, do the following:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker update --cpu-shares 512 abebf7571666
+</pre></div> <h3 id="update-a-container-with-cpu-shares-and-memory">Update a container with cpu-shares and memory</h3> <p>To update multiple resource configurations for multiple containers:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse
+</pre></div> <h3 id="update-a-containers-kernel-memory-constraints">Update a container’s kernel memory constraints</h3> <p>You can update a container’s kernel memory limit using the <code class="language-plaintext highlighter-rouge">--kernel-memory</code> option. On kernel version older than 4.6, this option can be updated on a running container only if the container was started with <code class="language-plaintext highlighter-rouge">--kernel-memory</code>. If the container was started <em>without</em> <code class="language-plaintext highlighter-rouge">--kernel-memory</code> you need to stop the container before updating kernel memory.</p> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--kernel-memory</code> option has been deprecated since Docker 20.10.</p> </blockquote> <p>For example, if you started a container with this command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -dit --name test --kernel-memory 50M ubuntu bash
+</pre></div> <p>You can update kernel memory while the container is running:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker update --kernel-memory 80M test
+</pre></div> <p>If you started a container <em>without</em> kernel memory initialized:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -dit --name test2 --memory 300M ubuntu bash
+</pre></div> <p>Update kernel memory of running container <code class="language-plaintext highlighter-rouge">test2</code> will fail. You need to stop the container before updating the <code class="language-plaintext highlighter-rouge">--kernel-memory</code> setting. The next time you start it, the container uses the new value.</p> <p>Kernel version newer than (include) 4.6 does not have this limitation, you can use <code class="language-plaintext highlighter-rouge">--kernel-memory</code> the same way as other options.</p> <h3 id="update-a-containers-restart-policy">Update a container’s restart policy</h3> <p>You can change a container’s restart policy on a running container. The new restart policy takes effect instantly after you run <code class="language-plaintext highlighter-rouge">docker update</code> on a container.</p> <p>To update restart policy for one or more containers:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse
+</pre></div> <p>Note that if the container is started with “--rm” flag, you cannot update the restart policy for it. The <code class="language-plaintext highlighter-rouge">AutoRemove</code> and <code class="language-plaintext highlighter-rouge">RestartPolicy</code> are mutually exclusive for the container.</p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/update/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/update/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fversion%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fversion%2Findex.html
new file mode 100644
index 00000000..e5b59c7f
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fversion%2Findex.html
@@ -0,0 +1,64 @@
+<h1>docker version</h1>  <p><br></p> <p>Show the Docker version information</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker version [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">By default, this will render all version information in an easy to read layout. If a format is specified, the given template will be executed instead.</p> <p>Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package describes all the details of the format.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--kubeconfig</code></td> <td></td> <td>
+<a href="../../../deprecated/index" target="_blank" rel="noopener" class="_"><span class="badge badge-danger" data-toggle="tooltip" title="Read the deprecation reference (in a new window).">deprecated</span></a><span class="badge badge-info" data-toggle="tooltip" title="This option works for the Kubernetes orchestrator.">Kubernetes</span><br>Kubernetes config file</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="default-output">Default output</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker version
+
+Client:
+ Version:           19.03.8
+ API version:       1.40
+ Go version:        go1.12.17
+ Git commit:        afacb8b
+ Built:             Wed Mar 11 01:21:11 2020
+ OS/Arch:           darwin/amd64
+ Context:           default
+ Experimental:      true
+
+Server:
+ Engine:
+  Version:          19.03.8
+  API version:      1.40 (minimum version 1.12)
+  Go version:       go1.12.17
+  Git commit:       afacb8b
+  Built:            Wed Mar 11 01:29:16 2020
+  OS/Arch:          linux/amd64
+  Experimental:     true
+ containerd:
+  Version:          v1.2.13
+  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
+ runc:
+  Version:          1.0.0-rc10
+  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
+ docker-init:
+  Version:          0.18.0
+  GitCommit:        fec3683
+</pre></div> <h3 id="get-the-server-version">Get the server version</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker version --format '{{.Server.Version}}'
+
+19.03.8
+</pre></div> <h3 id="dump-raw-json-data">Dump raw JSON data</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker version --format '{{json .}}'
+
+{"Client":{"Platform":{"Name":"Docker Engine - Community"},"Version":"19.03.8","ApiVersion":"1.40","DefaultAPIVersion":"1.40","GitCommit":"afacb8b","GoVersion":"go1.12.17","Os":"darwin","Arch":"amd64","BuildTime":"Wed Mar 11 01:21:11 2020","Experimental":true},"Server":{"Platform":{"Name":"Docker Engine - Community"},"Components":[{"Name":"Engine","Version":"19.03.8","Details":{"ApiVersion":"1.40","Arch":"amd64","BuildTime":"Wed Mar 11 01:29:16 2020","Experimental":"true","GitCommit":"afacb8b","GoVersion":"go1.12.17","KernelVersion":"4.19.76-linuxkit","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"containerd","Version":"v1.2.13","Details":{"GitCommit":"7ad184331fa3e55e52b890ea95e65ba581ae3429"}},{"Name":"runc","Version":"1.0.0-rc10","Details":{"GitCommit":"dc9208a3303feef5b3839f4323d9beb36df0a9dd"}},{"Name":"docker-init","Version":"0.18.0","Details":{"GitCommit":"fec3683"}}],"Version":"19.03.8","ApiVersion":"1.40","MinAPIVersion":"1.12","GitCommit":"afacb8b","GoVersion":"go1.12.17","Os":"linux","Arch":"amd64","KernelVersion":"4.19.76-linuxkit","Experimental":true,"BuildTime":"2020-03-11T01:29:16.000000000+00:00"}}
+</pre></div> <h3 id="print-the-current-context">Print the current context</h3> <p>The following example prints the currently used <a href="../context/index"><code class="language-plaintext highlighter-rouge">docker context</code></a>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker version --format='{{.Client.Context}}'
+default
+</pre></div> <p>As an example, this output can be used to dynamically change your shell prompt to indicate your active context. The example below illustrates how this output could be used when using Bash as your shell.</p> <p>Declare a function to obtain the current context in your <code class="language-plaintext highlighter-rouge">~/.bashrc</code>, and set this command as your <code class="language-plaintext highlighter-rouge">PROMPT_COMMAND</code></p> <div class="highlight"><pre class="highlight" data-language="">function docker_context_prompt() {
+        PS1="context: $(docker version --format='{{.Client.Context}}')&gt; "
+}
+
+PROMPT_COMMAND=docker_context_prompt
+</pre></div> <p>After reloading the <code class="language-plaintext highlighter-rouge">~/.bashrc</code>, the prompt now shows the currently selected <code class="language-plaintext highlighter-rouge">docker context</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ source ~/.bashrc
+context: default&gt; docker context create --docker host=unix:///var/run/docker.sock my-context
+my-context
+Successfully created context "my-context"
+context: default&gt; docker context use my-context
+my-context
+Current context is now "my-context"
+context: my-context&gt; docker context use default
+default
+Current context is now "default"
+context: default&gt;
+</pre></div> <p>Refer to the <a href="../context/index"><code class="language-plaintext highlighter-rouge">docker context</code> section</a> in the command line reference for more information about <code class="language-plaintext highlighter-rouge">docker context</code>.</p> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/version/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/version/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume%2Findex.html
new file mode 100644
index 00000000..cd4b9e7e
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume%2Findex.html
@@ -0,0 +1,7 @@
+<h1>docker volume</h1>  <p><br></p> <p>Manage volumes</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker volume COMMAND COMMAND
+</pre></div> <h2 id="description">Description</h2> <p name="extended-description">Manage volumes. You can use subcommands to create, inspect, list, remove, or prune volumes.</p>  <h2 id="child-commands">Child commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../volume_create/index">docker volume create</a></td> <td>Create a volume</td> </tr> <tr> <td><a href="../volume_inspect/index">docker volume inspect</a></td> <td>Display detailed information on one or more volumes</td> </tr> <tr> <td><a href="../volume_ls/index">docker volume ls</a></td> <td>List volumes</td> </tr> <tr> <td><a href="../volume_prune/index">docker volume prune</a></td> <td>Remove all unused local volumes</td> </tr> <tr> <td><a href="../volume_rm/index">docker volume rm</a></td> <td>Remove one or more volumes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/volume/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/volume/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_create%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_create%2Findex.html
new file mode 100644
index 00000000..6e378e60
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_create%2Findex.html
@@ -0,0 +1,35 @@
+<h1>docker volume create</h1>  <p><br></p> <p>Create a volume</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create [OPTIONS] [VOLUME]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--driver</code> , <code class="language-plaintext highlighter-rouge">-d</code>
+</td> <td><code class="language-plaintext highlighter-rouge">local</code></td> <td>Specify volume driver name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--label</code></td> <td></td> <td>Set metadata for a volume</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--name</code></td> <td></td> <td>Specify volume name</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--opt</code> , <code class="language-plaintext highlighter-rouge">-o</code>
+</td> <td></td> <td>Set driver specific options</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <p>Create a volume and then configure the container to use it:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create hello
+
+hello
+
+$ docker run -d -v hello:/world busybox ls /world
+</pre></div> <p>The mount is created inside the container’s <code class="language-plaintext highlighter-rouge">/world</code> directory. Docker does not support relative paths for mount points inside the container.</p> <p>Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data.</p> <p>Volume names must be unique among drivers. This means you cannot use the same volume name with two different drivers. If you attempt this <code class="language-plaintext highlighter-rouge">docker</code> returns an error:</p> <div class="highlight"><pre class="highlight" data-language="">A volume named  "hello"  already exists with the "some-other" driver. Choose a different volume name.
+</pre></div> <p>If you specify a volume name already in use on the current driver, Docker assumes you want to re-use the existing volume and does not return an error.</p> <h3 id="driver-specific-options">Driver-specific options</h3> <p>Some volume drivers may take options to customize the volume creation. Use the <code class="language-plaintext highlighter-rouge">-o</code> or <code class="language-plaintext highlighter-rouge">--opt</code> flags to pass driver options:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create --driver fake \
+    --opt tardis=blue \
+    --opt timey=wimey \
+    foo
+</pre></div> <p>These options are passed directly to the volume driver. Options for different volume drivers may do different things (or nothing at all).</p> <p>The built-in <code class="language-plaintext highlighter-rouge">local</code> driver on Windows does not support any options.</p> <p>The built-in <code class="language-plaintext highlighter-rouge">local</code> driver on Linux accepts options similar to the linux <code class="language-plaintext highlighter-rouge">mount</code> command. You can provide multiple options by passing the <code class="language-plaintext highlighter-rouge">--opt</code> flag multiple times. Some <code class="language-plaintext highlighter-rouge">mount</code> options (such as the <code class="language-plaintext highlighter-rouge">o</code> option) can take a comma-separated list of options. Complete list of available mount options can be found <a href="https://man7.org/linux/man-pages/man8/mount.8.html">here</a>.</p> <p>For example, the following creates a <code class="language-plaintext highlighter-rouge">tmpfs</code> volume called <code class="language-plaintext highlighter-rouge">foo</code> with a size of 100 megabyte and <code class="language-plaintext highlighter-rouge">uid</code> of 1000.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create --driver local \
+    --opt type=tmpfs \
+    --opt device=tmpfs \
+    --opt o=size=100m,uid=1000 \
+    foo
+</pre></div> <p>Another example that uses <code class="language-plaintext highlighter-rouge">btrfs</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create --driver local \
+    --opt type=btrfs \
+    --opt device=/dev/sda2 \
+    foo
+</pre></div> <p>Another example that uses <code class="language-plaintext highlighter-rouge">nfs</code> to mount the <code class="language-plaintext highlighter-rouge">/path/to/dir</code> in <code class="language-plaintext highlighter-rouge">rw</code> mode from <code class="language-plaintext highlighter-rouge">192.168.1.1</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create --driver local \
+    --opt type=nfs \
+    --opt o=addr=192.168.1.1,rw \
+    --opt device=:/path/to/dir \
+    foo
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../volume/index">docker volume</a></td> <td style="text-align: left">Manage volumes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="index">docker volume create</a></td> <td>Create a volume</td> </tr> <tr> <td><a href="../volume_inspect/index">docker volume inspect</a></td> <td>Display detailed information on one or more volumes</td> </tr> <tr> <td><a href="../volume_ls/index">docker volume ls</a></td> <td>List volumes</td> </tr> <tr> <td><a href="../volume_prune/index">docker volume prune</a></td> <td>Remove all unused local volumes</td> </tr> <tr> <td><a href="../volume_rm/index">docker volume rm</a></td> <td>Remove one or more volumes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/volume_create/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/volume_create/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_inspect%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_inspect%2Findex.html
new file mode 100644
index 00000000..78871751
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_inspect%2Findex.html
@@ -0,0 +1,27 @@
+<h1>docker volume inspect</h1>  <p><br></p> <p>Display detailed information on one or more volumes</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker volume inspect [OPTIONS] VOLUME [VOLUME...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Returns information about a volume. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a given template for each result. Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package describes all the details of the format.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--format</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Format the output using the given Go template</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create myvolume
+
+myvolume
+</pre></div> <p>Use the <code class="language-plaintext highlighter-rouge">docker volume inspect</code> comment to inspect the configuration of the volume:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume inspect myvolume
+</pre></div> <p>The output is in JSON format, for example:</p> <div class="highlight"><pre class="highlight" data-language="">[
+  {
+    "CreatedAt": "2020-04-19T11:00:21Z",
+    "Driver": "local",
+    "Labels": {},
+    "Mountpoint": "/var/lib/docker/volumes/8140a838303144125b4f54653b47ede0486282c623c3551fbc7f390cdc3e9cf5/_data",
+    "Name": "myvolume",
+    "Options": {},
+    "Scope": "local"
+  }
+]
+</pre></div> <p>Use the <code class="language-plaintext highlighter-rouge">--format</code> flag to format the output using a Go template, for example, to print the <code class="language-plaintext highlighter-rouge">Mountpoint</code> property:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume inspect --format '{{ .Mountpoint }}' myvolume
+
+/var/lib/docker/volumes/myvolume/_data
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../volume/index">docker volume</a></td> <td style="text-align: left">Manage volumes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../volume_create/index">docker volume create</a></td> <td>Create a volume</td> </tr> <tr> <td><a href="index">docker volume inspect</a></td> <td>Display detailed information on one or more volumes</td> </tr> <tr> <td><a href="../volume_ls/index">docker volume ls</a></td> <td>List volumes</td> </tr> <tr> <td><a href="../volume_prune/index">docker volume prune</a></td> <td>Remove all unused local volumes</td> </tr> <tr> <td><a href="../volume_rm/index">docker volume rm</a></td> <td>Remove one or more volumes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/volume_inspect/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/volume_inspect/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_ls%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_ls%2Findex.html
new file mode 100644
index 00000000..d55482fa
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_ls%2Findex.html
@@ -0,0 +1,63 @@
+<h1>docker volume ls</h1>  <p><br></p> <p>List volumes</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker volume ls [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">List all the volumes known to Docker. You can filter using the <code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code> flag. Refer to the <a href="#filtering">filtering</a> section for more information about available filter options.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--filter</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Provide filter values (e.g. 'dangling=true')</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">--format</code></td> <td></td> <td>Pretty-print volumes using a Go template</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--quiet</code> , <code class="language-plaintext highlighter-rouge">-q</code>
+</td> <td></td> <td>Only display volume names</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="create-a-volume">Create a volume</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create rosemary
+
+rosemary
+
+$ docker volume create tyler
+
+tyler
+
+$ docker volume ls
+
+DRIVER              VOLUME NAME
+local               rosemary
+local               tyler
+</pre></div> <h3 id="filtering">Filtering</h3> <p>The filtering flag (<code class="language-plaintext highlighter-rouge">-f</code> or <code class="language-plaintext highlighter-rouge">--filter</code>) format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., <code class="language-plaintext highlighter-rouge">--filter "foo=bar" --filter "bif=baz"</code>)</p> <p>The currently supported filters are:</p> <ul> <li>dangling (boolean - true or false, 0 or 1)</li> <li>driver (a volume driver’s name)</li> <li>label (<code class="language-plaintext highlighter-rouge">label=&lt;key&gt;</code> or <code class="language-plaintext highlighter-rouge">label=&lt;key&gt;=&lt;value&gt;</code>)</li> <li>name (a volume’s name)</li> </ul> <h4 id="dangling">dangling</h4> <p>The <code class="language-plaintext highlighter-rouge">dangling</code> filter matches on all volumes not referenced by any containers</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d  -v tyler:/tmpwork  busybox
+
+f86a7dd02898067079c99ceacd810149060a70528eff3754d0b0f1a93bd0af18
+$ docker volume ls -f dangling=true
+DRIVER              VOLUME NAME
+local               rosemary
+</pre></div> <h4 id="driver">driver</h4> <p>The <code class="language-plaintext highlighter-rouge">driver</code> filter matches volumes based on their driver.</p> <p>The following example matches volumes that are created with the <code class="language-plaintext highlighter-rouge">local</code> driver:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume ls -f driver=local
+
+DRIVER              VOLUME NAME
+local               rosemary
+local               tyler
+</pre></div> <h4 id="label">label</h4> <p>The <code class="language-plaintext highlighter-rouge">label</code> filter matches volumes based on the presence of a <code class="language-plaintext highlighter-rouge">label</code> alone or a <code class="language-plaintext highlighter-rouge">label</code> and a value.</p> <p>First, let’s create some volumes to illustrate this;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume create the-doctor --label is-timelord=yes
+
+the-doctor
+$ docker volume create daleks --label is-timelord=no
+
+daleks
+</pre></div> <p>The following example filter matches volumes with the <code class="language-plaintext highlighter-rouge">is-timelord</code> label regardless of its value.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume ls --filter label=is-timelord
+
+DRIVER              VOLUME NAME
+local               daleks
+local               the-doctor
+</pre></div> <p>As the above example demonstrates, both volumes with <code class="language-plaintext highlighter-rouge">is-timelord=yes</code>, and <code class="language-plaintext highlighter-rouge">is-timelord=no</code> are returned.</p> <p>Filtering on both <code class="language-plaintext highlighter-rouge">key</code> <em>and</em> <code class="language-plaintext highlighter-rouge">value</code> of the label, produces the expected result:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume ls --filter label=is-timelord=yes
+
+DRIVER              VOLUME NAME
+local               the-doctor
+</pre></div> <p>Specifying multiple label filter produces an “and” search; all conditions should be met;</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume ls --filter label=is-timelord=yes --filter label=is-timelord=no
+
+DRIVER              VOLUME NAME
+</pre></div> <h4 id="name">name</h4> <p>The <code class="language-plaintext highlighter-rouge">name</code> filter matches on all or part of a volume’s name.</p> <p>The following filter matches all volumes with a name containing the <code class="language-plaintext highlighter-rouge">rose</code> string.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume ls -f name=rose
+
+DRIVER              VOLUME NAME
+local               rosemary
+</pre></div> <h3 id="formatting">Formatting</h3> <p>The formatting options (<code class="language-plaintext highlighter-rouge">--format</code>) pretty-prints volumes output using a Go template.</p> <p>Valid placeholders for the Go template are listed below:</p> <table> <thead> <tr> <th>Placeholder</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">.Name</code></td> <td>Volume name</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Driver</code></td> <td>Volume driver</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Scope</code></td> <td>Volume scope (local, global)</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Mountpoint</code></td> <td>The mount point of the volume on the host</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Labels</code></td> <td>All labels assigned to the volume</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">.Label</code></td> <td>Value of a specific label for this volume. For example <code class="language-plaintext highlighter-rouge">{{.Label "project.version"}}</code>
+</td> </tr> </tbody> </table> <p>When using the <code class="language-plaintext highlighter-rouge">--format</code> option, the <code class="language-plaintext highlighter-rouge">volume ls</code> command will either output the data exactly as the template declares or, when using the <code class="language-plaintext highlighter-rouge">table</code> directive, includes column headers as well.</p> <p>The following example uses a template without headers and outputs the <code class="language-plaintext highlighter-rouge">Name</code> and <code class="language-plaintext highlighter-rouge">Driver</code> entries separated by a colon (<code class="language-plaintext highlighter-rouge">:</code>) for all volumes:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker volume ls --format "{{.Name}}: {{.Driver}}"
+
+vol1: local
+vol2: local
+vol3: local
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../volume/index">docker volume</a></td> <td style="text-align: left">Manage volumes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../volume_create/index">docker volume create</a></td> <td>Create a volume</td> </tr> <tr> <td><a href="../volume_inspect/index">docker volume inspect</a></td> <td>Display detailed information on one or more volumes</td> </tr> <tr> <td><a href="index">docker volume ls</a></td> <td>List volumes</td> </tr> <tr> <td><a href="../volume_prune/index">docker volume prune</a></td> <td>Remove all unused local volumes</td> </tr> <tr> <td><a href="../volume_rm/index">docker volume rm</a></td> <td>Remove one or more volumes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/volume_ls/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/volume_ls/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_prune%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_prune%2Findex.html
new file mode 100644
index 00000000..50aa4326
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_prune%2Findex.html
@@ -0,0 +1,18 @@
+<h1>docker volume prune</h1>  <p><br></p> <p>Remove all unused local volumes</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker volume prune [OPTIONS]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Remove all unused local volumes. Unused local volumes are those which are not referenced by any containers</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--filter</code></td> <td></td> <td>Provide filter values (e.g. 'label=&lt;label&gt;')</td> </tr> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Do not prompt for confirmation</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker volume prune
+
+WARNING! This will remove all local volumes not used by at least one container.
+Are you sure you want to continue? [y/N] y
+Deleted Volumes:
+07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e
+my-named-vol
+
+Total reclaimed space: 36 B
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../volume/index">docker volume</a></td> <td style="text-align: left">Manage volumes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../volume_create/index">docker volume create</a></td> <td>Create a volume</td> </tr> <tr> <td><a href="../volume_inspect/index">docker volume inspect</a></td> <td>Display detailed information on one or more volumes</td> </tr> <tr> <td><a href="../volume_ls/index">docker volume ls</a></td> <td>List volumes</td> </tr> <tr> <td><a href="index">docker volume prune</a></td> <td>Remove all unused local volumes</td> </tr> <tr> <td><a href="../volume_rm/index">docker volume rm</a></td> <td>Remove one or more volumes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/volume_prune/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/volume_prune/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_rm%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_rm%2Findex.html
new file mode 100644
index 00000000..0533b13d
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fvolume_rm%2Findex.html
@@ -0,0 +1,12 @@
+<h1>docker volume rm</h1>  <p><br></p> <p>Remove one or more volumes</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker volume rm [OPTIONS] VOLUME [VOLUME...]
+</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description">Remove one or more volumes. You cannot remove a volume that is in use by a container.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
+<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
+</td> <td></td> <td>Force the removal of one or more volumes</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker volume rm hello
+
+hello
+</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../volume/index">docker volume</a></td> <td style="text-align: left">Manage volumes</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../volume_create/index">docker volume create</a></td> <td>Create a volume</td> </tr> <tr> <td><a href="../volume_inspect/index">docker volume inspect</a></td> <td>Display detailed information on one or more volumes</td> </tr> <tr> <td><a href="../volume_ls/index">docker volume ls</a></td> <td>List volumes</td> </tr> <tr> <td><a href="../volume_prune/index">docker volume prune</a></td> <td>Remove all unused local volumes</td> </tr> <tr> <td><a href="index">docker volume rm</a></td> <td>Remove one or more volumes</td> </tr> </tbody> </table> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/volume_rm/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/volume_rm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Fwait%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Fwait%2Findex.html
new file mode 100644
index 00000000..c08d91dd
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Fwait%2Findex.html
@@ -0,0 +1,13 @@
+<h1>docker wait</h1>  <p><br></p> <p>Block until one or more containers stop, then print their exit codes</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker wait CONTAINER [CONTAINER...]
+</pre></div> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p>  <h2 id="examples">Examples</h2> <p>Start a container in the background.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -dit --name=my_container ubuntu bash
+</pre></div> <p>Run <code class="language-plaintext highlighter-rouge">docker wait</code>, which should block until the container exits.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker wait my_container
+</pre></div> <p>In another terminal, stop the first container. The <code class="language-plaintext highlighter-rouge">docker wait</code> command above returns the exit code.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stop my_container
+</pre></div> <p>This is the same <code class="language-plaintext highlighter-rouge">docker wait</code> command from above, but it now exits, returning <code class="language-plaintext highlighter-rouge">0</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker wait my_container
+
+0
+</pre></div> <div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/commandline/wait/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/wait/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Freference%2Frun%2Findex.html b/devdocs/docker/engine%2Freference%2Frun%2Findex.html
new file mode 100644
index 00000000..80bd9cc3
--- /dev/null
+++ b/devdocs/docker/engine%2Freference%2Frun%2Findex.html
@@ -0,0 +1,333 @@
+ <h1 id="docker-run-reference">Docker run reference</h1> <p>Docker runs processes in isolated containers. A container is a process which runs on a host. The host may be local or remote. When an operator executes <code class="language-plaintext highlighter-rouge">docker run</code>, the container process that runs is isolated in that it has its own file system, its own networking, and its own isolated process tree separate from the host.</p> <p>This page details how to use the <code class="language-plaintext highlighter-rouge">docker run</code> command to define the container’s resources at runtime.</p> <h2 id="general-form">General form</h2> <p>The basic <code class="language-plaintext highlighter-rouge">docker run</code> command takes this form:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">docker run</code> command must specify an <a href="https://docs.docker.com/glossary/#image"><em>IMAGE</em></a> to derive the container from. An image developer can define image defaults related to:</p> <ul> <li>detached or foreground running</li> <li>container identification</li> <li>network settings</li> <li>runtime constraints on CPU and memory</li> </ul> <p>With the <code class="language-plaintext highlighter-rouge">docker run [OPTIONS]</code> an operator can add to or override the image defaults set by a developer. And, additionally, operators can override nearly all the defaults set by the Docker runtime itself. The operator’s ability to override image and Docker runtime defaults is why <a href="../commandline/run/index"><em>run</em></a> has more options than any other <code class="language-plaintext highlighter-rouge">docker</code> command.</p> <p>To learn how to interpret the types of <code class="language-plaintext highlighter-rouge">[OPTIONS]</code>, see <a href="../commandline/cli/index#option-types"><em>Option types</em></a>.</p> <blockquote> <p><strong>Note</strong></p> <p>Depending on your Docker system configuration, you may be required to preface the <code class="language-plaintext highlighter-rouge">docker run</code> command with <code class="language-plaintext highlighter-rouge">sudo</code>. To avoid having to use <code class="language-plaintext highlighter-rouge">sudo</code> with the <code class="language-plaintext highlighter-rouge">docker</code> command, your system administrator can create a Unix group called <code class="language-plaintext highlighter-rouge">docker</code> and add users to it. For more information about this configuration, refer to the Docker installation documentation for your operating system.</p> </blockquote> <h2 id="operator-exclusive-options">Operator exclusive options</h2> <p>Only the operator (the person executing <code class="language-plaintext highlighter-rouge">docker run</code>) can set the following options.</p> <ul> <li>
+<a href="#detached-vs-foreground">Detached vs foreground</a> <ul> <li><a href="#detached--d">Detached (-d)</a></li> <li><a href="#foreground">Foreground</a></li> </ul> </li> <li>
+<a href="#container-identification">Container identification</a> <ul> <li><a href="#name---name">Name (--name)</a></li> <li><a href="#pid-equivalent">PID equivalent</a></li> </ul> </li> <li><a href="#ipc-settings---ipc">IPC settings (--ipc)</a></li> <li><a href="#network-settings">Network settings</a></li> <li><a href="#restart-policies---restart">Restart policies (--restart)</a></li> <li><a href="#clean-up---rm">Clean up (--rm)</a></li> <li><a href="#runtime-constraints-on-resources">Runtime constraints on resources</a></li> <li><a href="#runtime-privilege-and-linux-capabilities">Runtime privilege and Linux capabilities</a></li> </ul> <h2 id="detached-vs-foreground">Detached vs foreground</h2> <p>When starting a Docker container, you must first decide if you want to run the container in the background in a “detached” mode or in the default foreground mode:</p> <div class="highlight"><pre class="highlight" data-language="">-d=false: Detached mode: Run container in the background, print new container id
+</pre></div> <h3 id="detached--d">Detached (-d)</h3> <p>To start a container in detached mode, you use <code class="language-plaintext highlighter-rouge">-d=true</code> or just <code class="language-plaintext highlighter-rouge">-d</code> option. By design, containers started in detached mode exit when the root process used to run the container exits, unless you also specify the <code class="language-plaintext highlighter-rouge">--rm</code> option. If you use <code class="language-plaintext highlighter-rouge">-d</code> with <code class="language-plaintext highlighter-rouge">--rm</code>, the container is removed when it exits <strong>or</strong> when the daemon exits, whichever happens first.</p> <p>Do not pass a <code class="language-plaintext highlighter-rouge">service x start</code> command to a detached container. For example, this command attempts to start the <code class="language-plaintext highlighter-rouge">nginx</code> service.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d -p 80:80 my_image service nginx start
+</pre></div> <p>This succeeds in starting the <code class="language-plaintext highlighter-rouge">nginx</code> service inside the container. However, it fails the detached container paradigm in that, the root process (<code class="language-plaintext highlighter-rouge">service nginx start</code>) returns and the detached container stops as designed. As a result, the <code class="language-plaintext highlighter-rouge">nginx</code> service is started but could not be used. Instead, to start a process such as the <code class="language-plaintext highlighter-rouge">nginx</code> web server do the following:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d -p 80:80 my_image nginx -g 'daemon off;'
+</pre></div> <p>To do input/output with a detached container use network connections or shared volumes. These are required because the container is no longer listening to the command line where <code class="language-plaintext highlighter-rouge">docker run</code> was run.</p> <p>To reattach to a detached container, use <code class="language-plaintext highlighter-rouge">docker</code> <a href="../commandline/attach/index"><em>attach</em></a> command.</p> <h3 id="foreground">Foreground</h3> <p>In foreground mode (the default when <code class="language-plaintext highlighter-rouge">-d</code> is not specified), <code class="language-plaintext highlighter-rouge">docker run</code> can start the process in the container and attach the console to the process’s standard input, output, and standard error. It can even pretend to be a TTY (this is what most command line executables expect) and pass along signals. All of that is configurable:</p> <div class="highlight"><pre class="highlight" data-language="">-a=[]           : Attach to `STDIN`, `STDOUT` and/or `STDERR`
+-t              : Allocate a pseudo-tty
+--sig-proxy=true: Proxy all received signals to the process (non-TTY mode only)
+-i              : Keep STDIN open even if not attached
+</pre></div> <p>If you do not specify <code class="language-plaintext highlighter-rouge">-a</code> then Docker will <a href="https://github.com/docker/docker/blob/4118e0c9eebda2412a09ae66e90c34b85fae3275/runconfig/opts/parse.go#L267">attach to both stdout and stderr </a>. You can specify to which of the three standard streams (<code class="language-plaintext highlighter-rouge">STDIN</code>, <code class="language-plaintext highlighter-rouge">STDOUT</code>, <code class="language-plaintext highlighter-rouge">STDERR</code>) you’d like to connect instead, as in:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -a stdin -a stdout -i -t ubuntu /bin/bash
+</pre></div> <p>For interactive processes (like a shell), you must use <code class="language-plaintext highlighter-rouge">-i -t</code> together in order to allocate a tty for the container process. <code class="language-plaintext highlighter-rouge">-i -t</code> is often written <code class="language-plaintext highlighter-rouge">-it</code> as you’ll see in later examples. Specifying <code class="language-plaintext highlighter-rouge">-t</code> is forbidden when the client is receiving its standard input from a pipe, as in:</p> <div class="highlight"><pre class="highlight" data-language="">$ echo test | docker run -i busybox cat
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>A process running as PID 1 inside a container is treated specially by Linux: it ignores any signal with the default action. As a result, the process will not terminate on <code class="language-plaintext highlighter-rouge">SIGINT</code> or <code class="language-plaintext highlighter-rouge">SIGTERM</code> unless it is coded to do so.</p> </blockquote> <h2 id="container-identification">Container identification</h2> <h3 id="name---name">Name (--name)</h3> <p>The operator can identify a container in three ways:</p> <table> <thead> <tr> <th style="text-align: left">Identifier type</th> <th style="text-align: left">Example value</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">UUID long identifier</td> <td style="text-align: left">“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”</td> </tr> <tr> <td style="text-align: left">UUID short identifier</td> <td style="text-align: left">“f78375b1c487”</td> </tr> <tr> <td style="text-align: left">Name</td> <td style="text-align: left">“evil_ptolemy”</td> </tr> </tbody> </table> <p>The UUID identifiers come from the Docker daemon. If you do not assign a container name with the <code class="language-plaintext highlighter-rouge">--name</code> option, then the daemon generates a random string name for you. Defining a <code class="language-plaintext highlighter-rouge">name</code> can be a handy way to add meaning to a container. If you specify a <code class="language-plaintext highlighter-rouge">name</code>, you can use it when referencing the container within a Docker network. This works for both background and foreground Docker containers.</p> <blockquote> <p><strong>Note</strong></p> <p>Containers on the default bridge network must be linked to communicate by name.</p> </blockquote> <h3 id="pid-equivalent">PID equivalent</h3> <p>Finally, to help with automation, you can have Docker write the container ID out to a file of your choosing. This is similar to how some programs might write out their process ID to a file (you’ve seen them as PID files):</p> <div class="highlight"><pre class="highlight" data-language="">--cidfile="": Write the container ID to the file
+</pre></div> <h3 id="imagetag">Image[:tag]</h3> <p>While not strictly a means of identifying a container, you can specify a version of an image you’d like to run the container with by adding <code class="language-plaintext highlighter-rouge">image[:tag]</code> to the command. For example, <code class="language-plaintext highlighter-rouge">docker run ubuntu:14.04</code>.</p> <h3 id="imagedigest">Image[@digest]</h3> <p>Images using the v2 or later image format have a content-addressable identifier called a digest. As long as the input used to generate the image is unchanged, the digest value is predictable and referenceable.</p> <p>The following example runs a container from the <code class="language-plaintext highlighter-rouge">alpine</code> image with the <code class="language-plaintext highlighter-rouge">sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0</code> digest:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run alpine@sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0 date
+</pre></div> <h2 id="pid-settings---pid">PID settings (--pid)</h2> <div class="highlight"><pre class="highlight" data-language="">--pid=""  : Set the PID (Process) Namespace mode for the container,
+             'container:&lt;name|id&gt;': joins another container's PID namespace
+             'host': use the host's PID namespace inside the container
+</pre></div> <p>By default, all containers have the PID namespace enabled.</p> <p>PID namespace provides separation of processes. The PID Namespace removes the view of the system processes, and allows process ids to be reused including pid 1.</p> <p>In certain cases you want your container to share the host’s process namespace, basically allowing processes within the container to see all of the processes on the system. For example, you could build a container with debugging tools like <code class="language-plaintext highlighter-rouge">strace</code> or <code class="language-plaintext highlighter-rouge">gdb</code>, but want to use these tools when debugging processes within the container.</p> <h3 id="example-run-htop-inside-a-container">Example: run htop inside a container</h3> <p>Create this Dockerfile:</p> <div class="highlight"><pre class="highlight" data-language="">FROM alpine:latest
+RUN apk add --update htop &amp;&amp; rm -rf /var/cache/apk/*
+CMD ["htop"]
+</pre></div> <p>Build the Dockerfile and tag the image as <code class="language-plaintext highlighter-rouge">myhtop</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t myhtop .
+</pre></div> <p>Use the following command to run <code class="language-plaintext highlighter-rouge">htop</code> inside a container:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --rm --pid=host myhtop
+</pre></div> <p>Joining another container’s pid namespace can be used for debugging that container.</p> <h3 id="example">Example</h3> <p>Start a container running a redis server:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --name my-redis -d redis
+</pre></div> <p>Debug the redis container by running another container that has strace in it:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --pid=container:my-redis my_strace_docker_image bash
+$ strace -p 1
+</pre></div> <h2 id="uts-settings---uts">UTS settings (--uts)</h2> <div class="highlight"><pre class="highlight" data-language="">--uts=""  : Set the UTS namespace mode for the container,
+       'host': use the host's UTS namespace inside the container
+</pre></div> <p>The UTS namespace is for setting the hostname and the domain that is visible to running processes in that namespace. By default, all containers, including those with <code class="language-plaintext highlighter-rouge">--network=host</code>, have their own UTS namespace. The <code class="language-plaintext highlighter-rouge">host</code> setting will result in the container using the same UTS namespace as the host. Note that <code class="language-plaintext highlighter-rouge">--hostname</code> and <code class="language-plaintext highlighter-rouge">--domainname</code> are invalid in <code class="language-plaintext highlighter-rouge">host</code> UTS mode.</p> <p>You may wish to share the UTS namespace with the host if you would like the hostname of the container to change as the hostname of the host changes. A more advanced use case would be changing the host’s hostname from a container.</p> <h2 id="ipc-settings---ipc">IPC settings (--ipc)</h2> <div class="highlight"><pre class="highlight" data-language="">--ipc="MODE"  : Set the IPC mode for the container
+</pre></div> <p>The following values are accepted:</p> <table> <thead> <tr> <th style="text-align: left">Value</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">””</td> <td style="text-align: left">Use daemon’s default.</td> </tr> <tr> <td style="text-align: left">“none”</td> <td style="text-align: left">Own private IPC namespace, with /dev/shm not mounted.</td> </tr> <tr> <td style="text-align: left">“private”</td> <td style="text-align: left">Own private IPC namespace.</td> </tr> <tr> <td style="text-align: left">“shareable”</td> <td style="text-align: left">Own private IPC namespace, with a possibility to share it with other containers.</td> </tr> <tr> <td style="text-align: left">“container: &lt;_name-or-ID_&gt;" </td> <td style="text-align: left">Join another (“shareable”) container’s IPC namespace.</td> </tr> <tr> <td style="text-align: left">“host”</td> <td style="text-align: left">Use the host system’s IPC namespace.</td> </tr> </tbody> </table> <p>If not specified, daemon default is used, which can either be <code class="language-plaintext highlighter-rouge">"private"</code> or <code class="language-plaintext highlighter-rouge">"shareable"</code>, depending on the daemon version and configuration.</p> <p>IPC (POSIX/SysV IPC) namespace provides separation of named shared memory segments, semaphores and message queues.</p> <p>Shared memory segments are used to accelerate inter-process communication at memory speed, rather than through pipes or through the network stack. Shared memory is commonly used by databases and custom-built (typically C/OpenMPI, C++/using boost libraries) high performance applications for scientific computing and financial services industries. If these types of applications are broken into multiple containers, you might need to share the IPC mechanisms of the containers, using <code class="language-plaintext highlighter-rouge">"shareable"</code> mode for the main (i.e. “donor”) container, and <code class="language-plaintext highlighter-rouge">"container:&lt;donor-name-or-ID&gt;"</code> for other containers.</p> <h2 id="network-settings">Network settings</h2> <div class="highlight"><pre class="highlight" data-language="">--dns=[]           : Set custom dns servers for the container
+--network="bridge" : Connect a container to a network
+                      'bridge': create a network stack on the default Docker bridge
+                      'none': no networking
+                      'container:&lt;name|id&gt;': reuse another container's network stack
+                      'host': use the Docker host network stack
+                      '&lt;network-name&gt;|&lt;network-id&gt;': connect to a user-defined network
+--network-alias=[] : Add network-scoped alias for the container
+--add-host=""      : Add a line to /etc/hosts (host:IP)
+--mac-address=""   : Sets the container's Ethernet device's MAC address
+--ip=""            : Sets the container's Ethernet device's IPv4 address
+--ip6=""           : Sets the container's Ethernet device's IPv6 address
+--link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses
+</pre></div> <p>By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking with <code class="language-plaintext highlighter-rouge">docker run --network none</code> which disables all incoming and outgoing networking. In cases like this, you would perform I/O through files or <code class="language-plaintext highlighter-rouge">STDIN</code> and <code class="language-plaintext highlighter-rouge">STDOUT</code> only.</p> <p>Publishing ports and linking to other containers only works with the default (bridge). The linking feature is a legacy feature. You should always prefer using Docker network drivers over linking.</p> <p>Your container will use the same DNS servers as the host by default, but you can override this with <code class="language-plaintext highlighter-rouge">--dns</code>.</p> <p>By default, the MAC address is generated using the IP address allocated to the container. You can set the container’s MAC address explicitly by providing a MAC address via the <code class="language-plaintext highlighter-rouge">--mac-address</code> parameter (format:<code class="language-plaintext highlighter-rouge">12:34:56:78:9a:bc</code>).Be aware that Docker does not check if manually specified MAC addresses are unique.</p> <p>Supported networks :</p> <table> <thead> <tr> <th class="no-wrap">Network</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td class="no-wrap"><strong>none</strong></td> <td>No networking in the container.</td> </tr> <tr> <td class="no-wrap">
+<strong>bridge</strong> (default)</td> <td>Connect the container to the bridge via veth interfaces.</td> </tr> <tr> <td class="no-wrap"><strong>host</strong></td> <td>Use the host's network stack inside the container.</td> </tr> <tr> <td class="no-wrap">
+<strong>container</strong>:&lt;name|id&gt;</td> <td>Use the network stack of another container, specified via its <em>name</em> or <em>id</em>.</td> </tr> <tr> <td class="no-wrap"><strong>NETWORK</strong></td> <td>Connects the container to a user created network (using <code class="language-plaintext highlighter-rouge">docker network create</code> command)</td> </tr> </tbody> </table> <h4 id="network-none">Network: none</h4> <p>With the network is <code class="language-plaintext highlighter-rouge">none</code> a container will not have access to any external routes. The container will still have a <code class="language-plaintext highlighter-rouge">loopback</code> interface enabled in the container but it does not have any routes to external traffic.</p> <h4 id="network-bridge">Network: bridge</h4> <p>With the network set to <code class="language-plaintext highlighter-rouge">bridge</code> a container will use docker’s default networking setup. A bridge is setup on the host, commonly named <code class="language-plaintext highlighter-rouge">docker0</code>, and a pair of <code class="language-plaintext highlighter-rouge">veth</code> interfaces will be created for the container. One side of the <code class="language-plaintext highlighter-rouge">veth</code> pair will remain on the host attached to the bridge while the other side of the pair will be placed inside the container’s namespaces in addition to the <code class="language-plaintext highlighter-rouge">loopback</code> interface. An IP address will be allocated for containers on the bridge’s network and traffic will be routed though this bridge to the container.</p> <p>Containers can communicate via their IP addresses by default. To communicate by name, they must be linked.</p> <h4 id="network-host">Network: host</h4> <p>With the network set to <code class="language-plaintext highlighter-rouge">host</code> a container will share the host’s network stack and all interfaces from the host will be available to the container. The container’s hostname will match the hostname on the host system. Note that <code class="language-plaintext highlighter-rouge">--mac-address</code> is invalid in <code class="language-plaintext highlighter-rouge">host</code> netmode. Even in <code class="language-plaintext highlighter-rouge">host</code> network mode a container has its own UTS namespace by default. As such <code class="language-plaintext highlighter-rouge">--hostname</code> and <code class="language-plaintext highlighter-rouge">--domainname</code> are allowed in <code class="language-plaintext highlighter-rouge">host</code> network mode and will only change the hostname and domain name inside the container. Similar to <code class="language-plaintext highlighter-rouge">--hostname</code>, the <code class="language-plaintext highlighter-rouge">--add-host</code>, <code class="language-plaintext highlighter-rouge">--dns</code>, <code class="language-plaintext highlighter-rouge">--dns-search</code>, and <code class="language-plaintext highlighter-rouge">--dns-option</code> options can be used in <code class="language-plaintext highlighter-rouge">host</code> network mode. These options update <code class="language-plaintext highlighter-rouge">/etc/hosts</code> or <code class="language-plaintext highlighter-rouge">/etc/resolv.conf</code> inside the container. No change are made to <code class="language-plaintext highlighter-rouge">/etc/hosts</code> and <code class="language-plaintext highlighter-rouge">/etc/resolv.conf</code> on the host.</p> <p>Compared to the default <code class="language-plaintext highlighter-rouge">bridge</code> mode, the <code class="language-plaintext highlighter-rouge">host</code> mode gives <em>significantly</em> better networking performance since it uses the host’s native networking stack whereas the bridge has to go through one level of virtualization through the docker daemon. It is recommended to run containers in this mode when their networking performance is critical, for example, a production Load Balancer or a High Performance Web Server.</p> <blockquote> <p><strong>Note</strong></p> <p><code class="language-plaintext highlighter-rouge">--network="host"</code> gives the container full access to local system services such as D-bus and is therefore considered insecure.</p> </blockquote> <h4 id="network-container">Network: container</h4> <p>With the network set to <code class="language-plaintext highlighter-rouge">container</code> a container will share the network stack of another container. The other container’s name must be provided in the format of <code class="language-plaintext highlighter-rouge">--network container:&lt;name|id&gt;</code>. Note that <code class="language-plaintext highlighter-rouge">--add-host</code> <code class="language-plaintext highlighter-rouge">--hostname</code> <code class="language-plaintext highlighter-rouge">--dns</code> <code class="language-plaintext highlighter-rouge">--dns-search</code> <code class="language-plaintext highlighter-rouge">--dns-option</code> and <code class="language-plaintext highlighter-rouge">--mac-address</code> are invalid in <code class="language-plaintext highlighter-rouge">container</code> netmode, and <code class="language-plaintext highlighter-rouge">--publish</code> <code class="language-plaintext highlighter-rouge">--publish-all</code> <code class="language-plaintext highlighter-rouge">--expose</code> are also invalid in <code class="language-plaintext highlighter-rouge">container</code> netmode.</p> <p>Example running a Redis container with Redis binding to <code class="language-plaintext highlighter-rouge">localhost</code> then running the <code class="language-plaintext highlighter-rouge">redis-cli</code> command and connecting to the Redis server over the <code class="language-plaintext highlighter-rouge">localhost</code> interface.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d --name redis example/redis --bind 127.0.0.1
+$ # use the redis container's network stack to access localhost
+$ docker run --rm -it --network container:redis example/redis-cli -h 127.0.0.1
+</pre></div> <h4 id="user-defined-network">User-defined network</h4> <p>You can create a network using a Docker network driver or an external network driver plugin. You can connect multiple containers to the same network. Once connected to a user-defined network, the containers can communicate easily using only another container’s IP address or name.</p> <p>For <code class="language-plaintext highlighter-rouge">overlay</code> networks or custom plugins that support multi-host connectivity, containers connected to the same multi-host network but launched from different Engines can also communicate in this way.</p> <p>The following example creates a network using the built-in <code class="language-plaintext highlighter-rouge">bridge</code> network driver and running a container in the created network</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create -d bridge my-net
+$ docker run --network=my-net -itd --name=container3 busybox
+</pre></div> <h3 id="managing-etchosts">Managing /etc/hosts</h3> <p>Your container will have lines in <code class="language-plaintext highlighter-rouge">/etc/hosts</code> which define the hostname of the container itself as well as <code class="language-plaintext highlighter-rouge">localhost</code> and a few other common things. The <code class="language-plaintext highlighter-rouge">--add-host</code> flag can be used to add additional lines to <code class="language-plaintext highlighter-rouge">/etc/hosts</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts
+
+172.17.0.22     09d03f76bf2c
+fe00::0         ip6-localnet
+ff00::0         ip6-mcastprefix
+ff02::1         ip6-allnodes
+ff02::2         ip6-allrouters
+127.0.0.1       localhost
+::1	            localhost ip6-localhost ip6-loopback
+86.75.30.9      db-static
+</pre></div> <p>If a container is connected to the default bridge network and <code class="language-plaintext highlighter-rouge">linked</code> with other containers, then the container’s <code class="language-plaintext highlighter-rouge">/etc/hosts</code> file is updated with the linked container’s name.</p> <blockquote> <p><strong>Note</strong></p> <p>Since Docker may live update the container’s <code class="language-plaintext highlighter-rouge">/etc/hosts</code> file, there may be situations when processes inside the container can end up reading an empty or incomplete <code class="language-plaintext highlighter-rouge">/etc/hosts</code> file. In most cases, retrying the read again should fix the problem.</p> </blockquote> <h2 id="restart-policies---restart">Restart policies (--restart)</h2> <p>Using the <code class="language-plaintext highlighter-rouge">--restart</code> flag on Docker run you can specify a restart policy for how a container should or should not be restarted on exit.</p> <p>When a restart policy is active on a container, it will be shown as either <code class="language-plaintext highlighter-rouge">Up</code> or <code class="language-plaintext highlighter-rouge">Restarting</code> in <a href="../commandline/ps/index"><code class="language-plaintext highlighter-rouge">docker ps</code></a>. It can also be useful to use <a href="../commandline/events/index"><code class="language-plaintext highlighter-rouge">docker events</code></a> to see the restart policy in effect.</p> <p>Docker supports the following restart policies:</p> <table> <thead> <tr> <th>Policy</th> <th>Result</th> </tr> </thead> <tbody> <tr> <td><strong>no</strong></td> <td>Do not automatically restart the container when it exits. This is the default.</td> </tr> <tr> <td><span style="white-space: nowrap"> <strong>on-failure</strong>[:max-retries] </span></td> <td>Restart only if the container exits with a non-zero exit status. Optionally, limit the number of restart retries the Docker daemon attempts.</td> </tr> <tr> <td><strong>always</strong></td> <td>Always restart the container regardless of the exit status. When you specify always, the Docker daemon will try to restart the container indefinitely. The container will also always start on daemon startup, regardless of the current state of the container.</td> </tr> <tr> <td><strong>unless-stopped</strong></td> <td>Always restart the container regardless of the exit status, including on daemon startup, except if the container was put into a stopped state before the Docker daemon was stopped.</td> </tr> </tbody> </table> <p>An increasing delay (double the previous delay, starting at 100 milliseconds) is added before each restart to prevent flooding the server. This means the daemon will wait for 100 ms, then 200 ms, 400, 800, 1600, and so on until either the <code class="language-plaintext highlighter-rouge">on-failure</code> limit, the maximum delay of 1 minute is hit, or when you <code class="language-plaintext highlighter-rouge">docker stop</code> or <code class="language-plaintext highlighter-rouge">docker rm -f</code> the container.</p> <p>If a container is successfully restarted (the container is started and runs for at least 10 seconds), the delay is reset to its default value of 100 ms.</p> <p>You can specify the maximum amount of times Docker will try to restart the container when using the <strong>on-failure</strong> policy. The default is that Docker will try forever to restart the container. The number of (attempted) restarts for a container can be obtained via <a href="../commandline/inspect/index"><code class="language-plaintext highlighter-rouge">docker inspect</code></a>. For example, to get the number of restarts for container “my-container”;</p> <div class="highlight"><pre class="highlight" data-language="">
+$ docker inspect -f "{{ .RestartCount }}" my-container
+# 2
+
+</pre></div> <p>Or, to get the last time the container was (re)started;</p> <div class="highlight"><pre class="highlight" data-language="">
+$ docker inspect -f "{{ .State.StartedAt }}" my-container
+# 2015-03-04T23:47:07.691840179Z
+
+</pre></div> <p>Combining <code class="language-plaintext highlighter-rouge">--restart</code> (restart policy) with the <code class="language-plaintext highlighter-rouge">--rm</code> (clean up) flag results in an error. On container restart, attached clients are disconnected. See the examples on using the <a href="#clean-up---rm"><code class="language-plaintext highlighter-rouge">--rm</code> (clean up)</a> flag later in this page.</p> <h3 id="examples">Examples</h3> <div class="highlight"><pre class="highlight" data-language="">$ docker run --restart=always redis
+</pre></div> <p>This will run the <code class="language-plaintext highlighter-rouge">redis</code> container with a restart policy of <strong>always</strong> so that if the container exits, Docker will restart it.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --restart=on-failure:10 redis
+</pre></div> <p>This will run the <code class="language-plaintext highlighter-rouge">redis</code> container with a restart policy of <strong>on-failure</strong> and a maximum restart count of 10. If the <code class="language-plaintext highlighter-rouge">redis</code> container exits with a non-zero exit status more than 10 times in a row Docker will abort trying to restart the container. Providing a maximum restart limit is only valid for the <strong>on-failure</strong> policy.</p> <h2 id="exit-status">Exit Status</h2> <p>The exit code from <code class="language-plaintext highlighter-rouge">docker run</code> gives information about why the container failed to run or why it exited. When <code class="language-plaintext highlighter-rouge">docker run</code> exits with a non-zero code, the exit codes follow the <code class="language-plaintext highlighter-rouge">chroot</code> standard, see below:</p> <p><strong><em>125</em></strong> if the error is with Docker daemon <strong><em>itself</em></strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --foo busybox; echo $?
+
+flag provided but not defined: --foo
+See 'docker run --help'.
+125
+</pre></div> <p><strong><em>126</em></strong> if the <strong><em>contained command</em></strong> cannot be invoked</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run busybox /etc; echo $?
+
+docker: Error response from daemon: Container command '/etc' could not be invoked.
+126
+</pre></div> <p><strong><em>127</em></strong> if the <strong><em>contained command</em></strong> cannot be found</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run busybox foo; echo $?
+
+docker: Error response from daemon: Container command 'foo' not found or does not exist.
+127
+</pre></div> <p><strong><em>Exit code</em></strong> of <strong><em>contained command</em></strong> otherwise</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run busybox /bin/sh -c 'exit 3'
+$ echo $?
+3
+</pre></div> <h2 id="clean-up---rm">Clean up (--rm)</h2> <p>By default a container’s file system persists even after the container exits. This makes debugging a lot easier (since you can inspect the final state) and you retain all your data by default. But if you are running short-term <strong>foreground</strong> processes, these container file systems can really pile up. If instead you’d like Docker to <strong>automatically clean up the container and remove the file system when the container exits</strong>, you can add the <code class="language-plaintext highlighter-rouge">--rm</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">--rm=false: Automatically remove the container when it exits
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If you set the <code class="language-plaintext highlighter-rouge">--rm</code> flag, Docker also removes the anonymous volumes associated with the container when the container is removed. This is similar to running <code class="language-plaintext highlighter-rouge">docker rm -v my-container</code>. Only volumes that are specified without a name are removed. For example, when running:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --rm -v /foo -v awesome:/bar busybox top
+</pre></div>  <p>the volume for <code class="language-plaintext highlighter-rouge">/foo</code> will be removed, but the volume for <code class="language-plaintext highlighter-rouge">/bar</code> will not. Volumes inherited via <code class="language-plaintext highlighter-rouge">--volumes-from</code> will be removed with the same logic: if the original volume was specified with a name it will <strong>not</strong> be removed.</p> </blockquote> <h2 id="security-configuration">Security configuration</h2> <table> <thead> <tr> <th style="text-align: left">Option</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--security-opt="label=user:USER"</code></td> <td style="text-align: left">Set the label user for the container</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--security-opt="label=role:ROLE"</code></td> <td style="text-align: left">Set the label role for the container</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--security-opt="label=type:TYPE"</code></td> <td style="text-align: left">Set the label type for the container</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--security-opt="label=level:LEVEL"</code></td> <td style="text-align: left">Set the label level for the container</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--security-opt="label=disable"</code></td> <td style="text-align: left">Turn off label confinement for the container</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--security-opt="apparmor=PROFILE"</code></td> <td style="text-align: left">Set the apparmor profile to be applied to the container</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--security-opt="no-new-privileges:true"</code></td> <td style="text-align: left">Disable container processes from gaining new privileges</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--security-opt="seccomp=unconfined"</code></td> <td style="text-align: left">Turn off seccomp confinement for the container</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--security-opt="seccomp=profile.json"</code></td> <td style="text-align: left">White-listed syscalls seccomp Json file to be used as a seccomp filter</td> </tr> </tbody> </table> <p>You can override the default labeling scheme for each container by specifying the <code class="language-plaintext highlighter-rouge">--security-opt</code> flag. Specifying the level in the following command allows you to share the same content between containers.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --security-opt label=level:s0:c100,c200 -it fedora bash
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Automatic translation of MLS labels is not currently supported.</p> </blockquote> <p>To disable the security labeling for this container versus running with the <code class="language-plaintext highlighter-rouge">--privileged</code> flag, use the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --security-opt label=disable -it fedora bash
+</pre></div> <p>If you want a tighter security policy on the processes within a container, you can specify an alternate type for the container. You could run a container that is only allowed to listen on Apache ports by executing the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --security-opt label=type:svirt_apache_t -it centos bash
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>You would have to write policy defining a <code class="language-plaintext highlighter-rouge">svirt_apache_t</code> type.</p> </blockquote> <p>If you want to prevent your container processes from gaining additional privileges, you can execute the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --security-opt no-new-privileges -it centos bash
+</pre></div> <p>This means that commands that raise privileges such as <code class="language-plaintext highlighter-rouge">su</code> or <code class="language-plaintext highlighter-rouge">sudo</code> will no longer work. It also causes any seccomp filters to be applied later, after privileges have been dropped which may mean you can have a more restrictive set of filters. For more details, see the <a href="https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt">kernel documentation</a>.</p> <h2 id="specify-an-init-process">Specify an init process</h2> <p>You can use the <code class="language-plaintext highlighter-rouge">--init</code> flag to indicate that an init process should be used as the PID 1 in the container. Specifying an init process ensures the usual responsibilities of an init system, such as reaping zombie processes, are performed inside the created container.</p> <p>The default init process used is the first <code class="language-plaintext highlighter-rouge">docker-init</code> executable found in the system path of the Docker daemon process. This <code class="language-plaintext highlighter-rouge">docker-init</code> binary, included in the default installation, is backed by <a href="https://github.com/krallin/tini">tini</a>.</p> <h2 id="specify-custom-cgroups">Specify custom cgroups</h2> <p>Using the <code class="language-plaintext highlighter-rouge">--cgroup-parent</code> flag, you can pass a specific cgroup to run a container in. This allows you to create and manage cgroups on their own. You can define custom resources for those cgroups and put containers under a common parent group.</p> <h2 id="runtime-constraints-on-resources">Runtime constraints on resources</h2> <p>The operator can also adjust the performance parameters of the container:</p> <table> <thead> <tr> <th style="text-align: left">Option</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">
+<code class="language-plaintext highlighter-rouge">-m</code>, <code class="language-plaintext highlighter-rouge">--memory=""</code>
+</td> <td style="text-align: left">Memory limit (format: <code class="language-plaintext highlighter-rouge">&lt;number&gt;[&lt;unit&gt;]</code>). Number is a positive integer. Unit can be one of <code class="language-plaintext highlighter-rouge">b</code>, <code class="language-plaintext highlighter-rouge">k</code>, <code class="language-plaintext highlighter-rouge">m</code>, or <code class="language-plaintext highlighter-rouge">g</code>. Minimum is 4M.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--memory-swap=""</code></td> <td style="text-align: left">Total memory limit (memory + swap, format: <code class="language-plaintext highlighter-rouge">&lt;number&gt;[&lt;unit&gt;]</code>). Number is a positive integer. Unit can be one of <code class="language-plaintext highlighter-rouge">b</code>, <code class="language-plaintext highlighter-rouge">k</code>, <code class="language-plaintext highlighter-rouge">m</code>, or <code class="language-plaintext highlighter-rouge">g</code>.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--memory-reservation=""</code></td> <td style="text-align: left">Memory soft limit (format: <code class="language-plaintext highlighter-rouge">&lt;number&gt;[&lt;unit&gt;]</code>). Number is a positive integer. Unit can be one of <code class="language-plaintext highlighter-rouge">b</code>, <code class="language-plaintext highlighter-rouge">k</code>, <code class="language-plaintext highlighter-rouge">m</code>, or <code class="language-plaintext highlighter-rouge">g</code>.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--kernel-memory=""</code></td> <td style="text-align: left">Kernel memory limit (format: <code class="language-plaintext highlighter-rouge">&lt;number&gt;[&lt;unit&gt;]</code>). Number is a positive integer. Unit can be one of <code class="language-plaintext highlighter-rouge">b</code>, <code class="language-plaintext highlighter-rouge">k</code>, <code class="language-plaintext highlighter-rouge">m</code>, or <code class="language-plaintext highlighter-rouge">g</code>. Minimum is 4M.</td> </tr> <tr> <td style="text-align: left">
+<code class="language-plaintext highlighter-rouge">-c</code>, <code class="language-plaintext highlighter-rouge">--cpu-shares=0</code>
+</td> <td style="text-align: left">CPU shares (relative weight)</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--cpus=0.000</code></td> <td style="text-align: left">Number of CPUs. Number is a fractional number. 0.000 means no limit.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--cpu-period=0</code></td> <td style="text-align: left">Limit the CPU CFS (Completely Fair Scheduler) period</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--cpuset-cpus=""</code></td> <td style="text-align: left">CPUs in which to allow execution (0-3, 0,1)</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--cpuset-mems=""</code></td> <td style="text-align: left">Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--cpu-quota=0</code></td> <td style="text-align: left">Limit the CPU CFS (Completely Fair Scheduler) quota</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--cpu-rt-period=0</code></td> <td style="text-align: left">Limit the CPU real-time period. In microseconds. Requires parent cgroups be set and cannot be higher than parent. Also check rtprio ulimits.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--cpu-rt-runtime=0</code></td> <td style="text-align: left">Limit the CPU real-time runtime. In microseconds. Requires parent cgroups be set and cannot be higher than parent. Also check rtprio ulimits.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--blkio-weight=0</code></td> <td style="text-align: left">Block IO weight (relative weight) accepts a weight value between 10 and 1000.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--blkio-weight-device=""</code></td> <td style="text-align: left">Block IO weight (relative device weight, format: <code class="language-plaintext highlighter-rouge">DEVICE_NAME:WEIGHT</code>)</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--device-read-bps=""</code></td> <td style="text-align: left">Limit read rate from a device (format: <code class="language-plaintext highlighter-rouge">&lt;device-path&gt;:&lt;number&gt;[&lt;unit&gt;]</code>). Number is a positive integer. Unit can be one of <code class="language-plaintext highlighter-rouge">kb</code>, <code class="language-plaintext highlighter-rouge">mb</code>, or <code class="language-plaintext highlighter-rouge">gb</code>.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--device-write-bps=""</code></td> <td style="text-align: left">Limit write rate to a device (format: <code class="language-plaintext highlighter-rouge">&lt;device-path&gt;:&lt;number&gt;[&lt;unit&gt;]</code>). Number is a positive integer. Unit can be one of <code class="language-plaintext highlighter-rouge">kb</code>, <code class="language-plaintext highlighter-rouge">mb</code>, or <code class="language-plaintext highlighter-rouge">gb</code>.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--device-read-iops=""</code></td> <td style="text-align: left">Limit read rate (IO per second) from a device (format: <code class="language-plaintext highlighter-rouge">&lt;device-path&gt;:&lt;number&gt;</code>). Number is a positive integer.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--device-write-iops=""</code></td> <td style="text-align: left">Limit write rate (IO per second) to a device (format: <code class="language-plaintext highlighter-rouge">&lt;device-path&gt;:&lt;number&gt;</code>). Number is a positive integer.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--oom-kill-disable=false</code></td> <td style="text-align: left">Whether to disable OOM Killer for the container or not.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--oom-score-adj=0</code></td> <td style="text-align: left">Tune container’s OOM preferences (-1000 to 1000)</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--memory-swappiness=""</code></td> <td style="text-align: left">Tune a container’s memory swappiness behavior. Accepts an integer between 0 and 100.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--shm-size=""</code></td> <td style="text-align: left">Size of <code class="language-plaintext highlighter-rouge">/dev/shm</code>. The format is <code class="language-plaintext highlighter-rouge">&lt;number&gt;&lt;unit&gt;</code>. <code class="language-plaintext highlighter-rouge">number</code> must be greater than <code class="language-plaintext highlighter-rouge">0</code>. Unit is optional and can be <code class="language-plaintext highlighter-rouge">b</code> (bytes), <code class="language-plaintext highlighter-rouge">k</code> (kilobytes), <code class="language-plaintext highlighter-rouge">m</code> (megabytes), or <code class="language-plaintext highlighter-rouge">g</code> (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses <code class="language-plaintext highlighter-rouge">64m</code>.</td> </tr> </tbody> </table> <h3 id="user-memory-constraints">User memory constraints</h3> <p>We have four ways to set user memory usage:</p> <table> <thead> <tr> <th>Option</th> <th>Result</th> </tr> </thead> <tbody> <tr> <td class="no-wrap">
+<strong>memory=inf, memory-swap=inf</strong> (default)</td> <td>There is no memory limit for the container. The container can use as much memory as needed.</td> </tr> <tr> <td class="no-wrap"><strong>memory=L&lt;inf, memory-swap=inf</strong></td> <td>(specify memory and set memory-swap as <code class="language-plaintext highlighter-rouge">-1</code>) The container is not allowed to use more than L bytes of memory, but can use as much swap as is needed (if the host supports swap memory).</td> </tr> <tr> <td class="no-wrap"><strong>memory=L&lt;inf, memory-swap=2*L</strong></td> <td>(specify memory without memory-swap) The container is not allowed to use more than L bytes of memory, swap <em>plus</em> memory usage is double of that.</td> </tr> <tr> <td class="no-wrap"><strong>memory=L&lt;inf, memory-swap=S&lt;inf, L&lt;=S</strong></td> <td>(specify both memory and memory-swap) The container is not allowed to use more than L bytes of memory, swap <em>plus</em> memory usage is limited by S.</td> </tr> </tbody> </table> <p>Examples:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it ubuntu:14.04 /bin/bash
+</pre></div> <p>We set nothing about memory, this means the processes in the container can use as much memory and swap memory as they need.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash
+</pre></div> <p>We set memory limit and disabled swap memory limit, this means the processes in the container can use 300M memory and as much swap memory as they need (if the host supports swap memory).</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it -m 300M ubuntu:14.04 /bin/bash
+</pre></div> <p>We set memory limit only, this means the processes in the container can use 300M memory and 300M swap memory, by default, the total virtual memory size (--memory-swap) will be set as double of memory, in this case, memory + swap would be 2*300M, so processes can use 300M swap memory as well.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash
+</pre></div> <p>We set both memory and swap memory, so the processes in the container can use 300M memory and 700M swap memory.</p> <p>Memory reservation is a kind of memory soft limit that allows for greater sharing of memory. Under normal circumstances, containers can use as much of the memory as needed and are constrained only by the hard limits set with the <code class="language-plaintext highlighter-rouge">-m</code>/<code class="language-plaintext highlighter-rouge">--memory</code> option. When memory reservation is set, Docker detects memory contention or low memory and forces containers to restrict their consumption to a reservation limit.</p> <p>Always set the memory reservation value below the hard limit, otherwise the hard limit takes precedence. A reservation of 0 is the same as setting no reservation. By default (without reservation set), memory reservation is the same as the hard memory limit.</p> <p>Memory reservation is a soft-limit feature and does not guarantee the limit won’t be exceeded. Instead, the feature attempts to ensure that, when memory is heavily contended for, memory is allocated based on the reservation hints/setup.</p> <p>The following example limits the memory (<code class="language-plaintext highlighter-rouge">-m</code>) to 500M and sets the memory reservation to 200M.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it -m 500M --memory-reservation 200M ubuntu:14.04 /bin/bash
+</pre></div> <p>Under this configuration, when the container consumes memory more than 200M and less than 500M, the next system memory reclaim attempts to shrink container memory below 200M.</p> <p>The following example set memory reservation to 1G without a hard memory limit.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --memory-reservation 1G ubuntu:14.04 /bin/bash
+</pre></div> <p>The container can use as much memory as it needs. The memory reservation setting ensures the container doesn’t consume too much memory for long time, because every memory reclaim shrinks the container’s consumption to the reservation.</p> <p>By default, kernel kills processes in a container if an out-of-memory (OOM) error occurs. To change this behaviour, use the <code class="language-plaintext highlighter-rouge">--oom-kill-disable</code> option. Only disable the OOM killer on containers where you have also set the <code class="language-plaintext highlighter-rouge">-m/--memory</code> option. If the <code class="language-plaintext highlighter-rouge">-m</code> flag is not set, this can result in the host running out of memory and require killing the host’s system processes to free memory.</p> <p>The following example limits the memory to 100M and disables the OOM killer for this container:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it -m 100M --oom-kill-disable ubuntu:14.04 /bin/bash
+</pre></div> <p>The following example, illustrates a dangerous way to use the flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --oom-kill-disable ubuntu:14.04 /bin/bash
+</pre></div> <p>The container has unlimited memory which can cause the host to run out memory and require killing system processes to free memory. The <code class="language-plaintext highlighter-rouge">--oom-score-adj</code> parameter can be changed to select the priority of which containers will be killed when the system is out of memory, with negative scores making them less likely to be killed, and positive scores more likely.</p> <h3 id="kernel-memory-constraints">Kernel memory constraints</h3> <p>Kernel memory is fundamentally different than user memory as kernel memory can’t be swapped out. The inability to swap makes it possible for the container to block system services by consuming too much kernel memory. Kernel memory includes：</p> <ul> <li>stack pages</li> <li>slab pages</li> <li>sockets memory pressure</li> <li>tcp memory pressure</li> </ul> <p>You can setup kernel memory limit to constrain these kinds of memory. For example, every process consumes some stack pages. By limiting kernel memory, you can prevent new processes from being created when the kernel memory usage is too high.</p> <p>Kernel memory is never completely independent of user memory. Instead, you limit kernel memory in the context of the user memory limit. Assume “U” is the user memory limit and “K” the kernel limit. There are three possible ways to set limits:</p> <table> <thead> <tr> <th>Option</th> <th>Result</th> </tr> </thead> <tbody> <tr> <td class="no-wrap">
+<strong>U != 0, K = inf</strong> (default)</td> <td>This is the standard memory limitation mechanism already present before using kernel memory. Kernel memory is completely ignored.</td> </tr> <tr> <td class="no-wrap"><strong>U != 0, K &lt; U</strong></td> <td>Kernel memory is a subset of the user memory. This setup is useful in deployments where the total amount of memory per-cgroup is overcommitted. Overcommitting kernel memory limits is definitely not recommended, since the box can still run out of non-reclaimable memory. In this case, you can configure K so that the sum of all groups is never greater than the total memory. Then, freely set U at the expense of the system's service quality.</td> </tr> <tr> <td class="no-wrap"><strong>U != 0, K &gt; U</strong></td> <td>Since kernel memory charges are also fed to the user counter and reclamation is triggered for the container for both kinds of memory. This configuration gives the admin a unified view of memory. It is also useful for people who just want to track kernel memory usage.</td> </tr> </tbody> </table> <p>Examples:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it -m 500M --kernel-memory 50M ubuntu:14.04 /bin/bash
+</pre></div> <p>We set memory and kernel memory, so the processes in the container can use 500M memory in total, in this 500M memory, it can be 50M kernel memory tops.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --kernel-memory 50M ubuntu:14.04 /bin/bash
+</pre></div> <p>We set kernel memory without <strong>-m</strong>, so the processes in the container can use as much memory as they want, but they can only use 50M kernel memory.</p> <h3 id="swappiness-constraint">Swappiness constraint</h3> <p>By default, a container’s kernel can swap out a percentage of anonymous pages. To set this percentage for a container, specify a <code class="language-plaintext highlighter-rouge">--memory-swappiness</code> value between 0 and 100. A value of 0 turns off anonymous page swapping. A value of 100 sets all anonymous pages as swappable. By default, if you are not using <code class="language-plaintext highlighter-rouge">--memory-swappiness</code>, memory swappiness value will be inherited from the parent.</p> <p>For example, you can set:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --memory-swappiness=0 ubuntu:14.04 /bin/bash
+</pre></div> <p>Setting the <code class="language-plaintext highlighter-rouge">--memory-swappiness</code> option is helpful when you want to retain the container’s working set and to avoid swapping performance penalties.</p> <h3 id="cpu-share-constraint">CPU share constraint</h3> <p>By default, all containers get the same proportion of CPU cycles. This proportion can be modified by changing the container’s CPU share weighting relative to the weighting of all other running containers.</p> <p>To modify the proportion from the default of 1024, use the <code class="language-plaintext highlighter-rouge">-c</code> or <code class="language-plaintext highlighter-rouge">--cpu-shares</code> flag to set the weighting to 2 or higher. If 0 is set, the system will ignore the value and use the default of 1024.</p> <p>The proportion will only apply when CPU-intensive processes are running. When tasks in one container are idle, other containers can use the left-over CPU time. The actual amount of CPU time will vary depending on the number of containers running on the system.</p> <p>For example, consider three containers, one has a cpu-share of 1024 and two others have a cpu-share setting of 512. When processes in all three containers attempt to use 100% of CPU, the first container would receive 50% of the total CPU time. If you add a fourth container with a cpu-share of 1024, the first container only gets 33% of the CPU. The remaining containers receive 16.5%, 16.5% and 33% of the CPU.</p> <p>On a multi-core system, the shares of CPU time are distributed over all CPU cores. Even if a container is limited to less than 100% of CPU time, it can use 100% of each individual CPU core.</p> <p>For example, consider a system with more than three cores. If you start one container <code class="language-plaintext highlighter-rouge">{C0}</code> with <code class="language-plaintext highlighter-rouge">-c=512</code> running one process, and another container <code class="language-plaintext highlighter-rouge">{C1}</code> with <code class="language-plaintext highlighter-rouge">-c=1024</code> running two processes, this can result in the following division of CPU shares:</p> <div class="highlight"><pre class="highlight" data-language="">PID    container	CPU	CPU share
+100    {C0}		0	100% of CPU0
+101    {C1}		1	100% of CPU1
+102    {C1}		2	100% of CPU2
+</pre></div> <h3 id="cpu-period-constraint">CPU period constraint</h3> <p>The default CPU CFS (Completely Fair Scheduler) period is 100ms. We can use <code class="language-plaintext highlighter-rouge">--cpu-period</code> to set the period of CPUs to limit the container’s CPU usage. And usually <code class="language-plaintext highlighter-rouge">--cpu-period</code> should work with <code class="language-plaintext highlighter-rouge">--cpu-quota</code>.</p> <p>Examples:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --cpu-period=50000 --cpu-quota=25000 ubuntu:14.04 /bin/bash
+</pre></div> <p>If there is 1 CPU, this means the container can get 50% CPU worth of run-time every 50ms.</p> <p>In addition to use <code class="language-plaintext highlighter-rouge">--cpu-period</code> and <code class="language-plaintext highlighter-rouge">--cpu-quota</code> for setting CPU period constraints, it is possible to specify <code class="language-plaintext highlighter-rouge">--cpus</code> with a float number to achieve the same purpose. For example, if there is 1 CPU, then <code class="language-plaintext highlighter-rouge">--cpus=0.5</code> will achieve the same result as setting <code class="language-plaintext highlighter-rouge">--cpu-period=50000</code> and <code class="language-plaintext highlighter-rouge">--cpu-quota=25000</code> (50% CPU).</p> <p>The default value for <code class="language-plaintext highlighter-rouge">--cpus</code> is <code class="language-plaintext highlighter-rouge">0.000</code>, which means there is no limit.</p> <p>For more information, see the <a href="https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt">CFS documentation on bandwidth limiting</a>.</p> <h3 id="cpuset-constraint">Cpuset constraint</h3> <p>We can set cpus in which to allow execution for containers.</p> <p>Examples:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash
+</pre></div> <p>This means processes in container can be executed on cpu 1 and cpu 3.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash
+</pre></div> <p>This means processes in container can be executed on cpu 0, cpu 1 and cpu 2.</p> <p>We can set mems in which to allow execution for containers. Only effective on NUMA systems.</p> <p>Examples:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --cpuset-mems="1,3" ubuntu:14.04 /bin/bash
+</pre></div> <p>This example restricts the processes in the container to only use memory from memory nodes 1 and 3.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --cpuset-mems="0-2" ubuntu:14.04 /bin/bash
+</pre></div> <p>This example restricts the processes in the container to only use memory from memory nodes 0, 1 and 2.</p> <h3 id="cpu-quota-constraint">CPU quota constraint</h3> <p>The <code class="language-plaintext highlighter-rouge">--cpu-quota</code> flag limits the container’s CPU usage. The default 0 value allows the container to take 100% of a CPU resource (1 CPU). The CFS (Completely Fair Scheduler) handles resource allocation for executing processes and is default Linux Scheduler used by the kernel. Set this value to 50000 to limit the container to 50% of a CPU resource. For multiple CPUs, adjust the <code class="language-plaintext highlighter-rouge">--cpu-quota</code> as necessary. For more information, see the <a href="https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt">CFS documentation on bandwidth limiting</a>.</p> <h3 id="block-io-bandwidth-blkio-constraint">Block IO bandwidth (Blkio) constraint</h3> <p>By default, all containers get the same proportion of block IO bandwidth (blkio). This proportion is 500. To modify this proportion, change the container’s blkio weight relative to the weighting of all other running containers using the <code class="language-plaintext highlighter-rouge">--blkio-weight</code> flag.</p> <blockquote> <p><strong>Note:</strong></p> <p>The blkio weight setting is only available for direct IO. Buffered IO is not currently supported.</p> </blockquote> <p>The <code class="language-plaintext highlighter-rouge">--blkio-weight</code> flag can set the weighting to a value between 10 to 1000. For example, the commands below create two containers with different blkio weight:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --name c1 --blkio-weight 300 ubuntu:14.04 /bin/bash
+$ docker run -it --name c2 --blkio-weight 600 ubuntu:14.04 /bin/bash
+</pre></div> <p>If you do block IO in the two containers at the same time, by, for example:</p> <div class="highlight"><pre class="highlight" data-language="">$ time dd if=/mnt/zerofile of=test.out bs=1M count=1024 oflag=direct
+</pre></div> <p>You’ll find that the proportion of time is the same as the proportion of blkio weights of the two containers.</p> <p>The <code class="language-plaintext highlighter-rouge">--blkio-weight-device="DEVICE_NAME:WEIGHT"</code> flag sets a specific device weight. The <code class="language-plaintext highlighter-rouge">DEVICE_NAME:WEIGHT</code> is a string containing a colon-separated device name and weight. For example, to set <code class="language-plaintext highlighter-rouge">/dev/sda</code> device weight to <code class="language-plaintext highlighter-rouge">200</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it \
+    --blkio-weight-device "/dev/sda:200" \
+    ubuntu
+</pre></div> <p>If you specify both the <code class="language-plaintext highlighter-rouge">--blkio-weight</code> and <code class="language-plaintext highlighter-rouge">--blkio-weight-device</code>, Docker uses the <code class="language-plaintext highlighter-rouge">--blkio-weight</code> as the default weight and uses <code class="language-plaintext highlighter-rouge">--blkio-weight-device</code> to override this default with a new value on a specific device. The following example uses a default weight of <code class="language-plaintext highlighter-rouge">300</code> and overrides this default on <code class="language-plaintext highlighter-rouge">/dev/sda</code> setting that weight to <code class="language-plaintext highlighter-rouge">200</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it \
+    --blkio-weight 300 \
+    --blkio-weight-device "/dev/sda:200" \
+    ubuntu
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">--device-read-bps</code> flag limits the read rate (bytes per second) from a device. For example, this command creates a container and limits the read rate to <code class="language-plaintext highlighter-rouge">1mb</code> per second from <code class="language-plaintext highlighter-rouge">/dev/sda</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --device-read-bps /dev/sda:1mb ubuntu
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">--device-write-bps</code> flag limits the write rate (bytes per second) to a device. For example, this command creates a container and limits the write rate to <code class="language-plaintext highlighter-rouge">1mb</code> per second for <code class="language-plaintext highlighter-rouge">/dev/sda</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --device-write-bps /dev/sda:1mb ubuntu
+</pre></div> <p>Both flags take limits in the <code class="language-plaintext highlighter-rouge">&lt;device-path&gt;:&lt;limit&gt;[unit]</code> format. Both read and write rates must be a positive integer. You can specify the rate in <code class="language-plaintext highlighter-rouge">kb</code> (kilobytes), <code class="language-plaintext highlighter-rouge">mb</code> (megabytes), or <code class="language-plaintext highlighter-rouge">gb</code> (gigabytes).</p> <p>The <code class="language-plaintext highlighter-rouge">--device-read-iops</code> flag limits read rate (IO per second) from a device. For example, this command creates a container and limits the read rate to <code class="language-plaintext highlighter-rouge">1000</code> IO per second from <code class="language-plaintext highlighter-rouge">/dev/sda</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -ti --device-read-iops /dev/sda:1000 ubuntu
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">--device-write-iops</code> flag limits write rate (IO per second) to a device. For example, this command creates a container and limits the write rate to <code class="language-plaintext highlighter-rouge">1000</code> IO per second to <code class="language-plaintext highlighter-rouge">/dev/sda</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -ti --device-write-iops /dev/sda:1000 ubuntu
+</pre></div> <p>Both flags take limits in the <code class="language-plaintext highlighter-rouge">&lt;device-path&gt;:&lt;limit&gt;</code> format. Both read and write rates must be a positive integer.</p> <h2 id="additional-groups">Additional groups</h2> <div class="highlight"><pre class="highlight" data-language="">--group-add: Add additional groups to run as
+</pre></div> <p>By default, the docker container process runs with the supplementary groups looked up for the specified user. If one wants to add more to that list of groups, then one can use this flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --rm --group-add audio --group-add nogroup --group-add 777 busybox id
+
+uid=0(root) gid=0(root) groups=10(wheel),29(audio),99(nogroup),777
+</pre></div> <h2 id="runtime-privilege-and-linux-capabilities">Runtime privilege and Linux capabilities</h2> <table> <thead> <tr> <th style="text-align: left">Option</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--cap-add</code></td> <td style="text-align: left">Add Linux capabilities</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--cap-drop</code></td> <td style="text-align: left">Drop Linux capabilities</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--privileged</code></td> <td style="text-align: left">Give extended privileges to this container</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--device=[]</code></td> <td style="text-align: left">Allows you to run devices inside the container without the --privileged flag.</td> </tr> </tbody> </table> <p>By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all devices (see the documentation on <a href="https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt">cgroups devices</a>).</p> <p>The --privileged flag gives all capabilities to the container. When the operator executes <code class="language-plaintext highlighter-rouge">docker run --privileged</code>, Docker will enable access to all devices on the host as well as set some configuration in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with <code class="language-plaintext highlighter-rouge">--privileged</code> is available on the <a href="https://blog.docker.com/2013/09/docker-can-now-run-within-docker/">Docker Blog</a>.</p> <p>If you want to limit access to a specific device or devices you can use the <code class="language-plaintext highlighter-rouge">--device</code> flag. It allows you to specify one or more devices that will be accessible within the container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --device=/dev/snd:/dev/snd ...
+</pre></div> <p>By default, the container will be able to <code class="language-plaintext highlighter-rouge">read</code>, <code class="language-plaintext highlighter-rouge">write</code>, and <code class="language-plaintext highlighter-rouge">mknod</code> these devices. This can be overridden using a third <code class="language-plaintext highlighter-rouge">:rwm</code> set of options to each <code class="language-plaintext highlighter-rouge">--device</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk  /dev/xvdc
+
+Command (m for help): q
+$ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk  /dev/xvdc
+You will not be able to write the partition table.
+
+Command (m for help): q
+
+$ docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk  /dev/xvdc
+    crash....
+
+$ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk  /dev/xvdc
+fdisk: unable to open /dev/xvdc: Operation not permitted
+</pre></div> <p>In addition to <code class="language-plaintext highlighter-rouge">--privileged</code>, the operator can have fine grain control over the capabilities using <code class="language-plaintext highlighter-rouge">--cap-add</code> and <code class="language-plaintext highlighter-rouge">--cap-drop</code>. By default, Docker has a default list of capabilities that are kept. The following table lists the Linux capability options which are allowed by default and can be dropped.</p> <table> <thead> <tr> <th style="text-align: left">Capability Key</th> <th style="text-align: left">Capability Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">AUDIT_WRITE</td> <td style="text-align: left">Write records to kernel auditing log.</td> </tr> <tr> <td style="text-align: left">CHOWN</td> <td style="text-align: left">Make arbitrary changes to file UIDs and GIDs (see chown(2)).</td> </tr> <tr> <td style="text-align: left">DAC_OVERRIDE</td> <td style="text-align: left">Bypass file read, write, and execute permission checks.</td> </tr> <tr> <td style="text-align: left">FOWNER</td> <td style="text-align: left">Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file.</td> </tr> <tr> <td style="text-align: left">FSETID</td> <td style="text-align: left">Don’t clear set-user-ID and set-group-ID permission bits when a file is modified.</td> </tr> <tr> <td style="text-align: left">KILL</td> <td style="text-align: left">Bypass permission checks for sending signals.</td> </tr> <tr> <td style="text-align: left">MKNOD</td> <td style="text-align: left">Create special files using mknod(2).</td> </tr> <tr> <td style="text-align: left">NET_BIND_SERVICE</td> <td style="text-align: left">Bind a socket to internet domain privileged ports (port numbers less than 1024).</td> </tr> <tr> <td style="text-align: left">NET_RAW</td> <td style="text-align: left">Use RAW and PACKET sockets.</td> </tr> <tr> <td style="text-align: left">SETFCAP</td> <td style="text-align: left">Set file capabilities.</td> </tr> <tr> <td style="text-align: left">SETGID</td> <td style="text-align: left">Make arbitrary manipulations of process GIDs and supplementary GID list.</td> </tr> <tr> <td style="text-align: left">SETPCAP</td> <td style="text-align: left">Modify process capabilities.</td> </tr> <tr> <td style="text-align: left">SETUID</td> <td style="text-align: left">Make arbitrary manipulations of process UIDs.</td> </tr> <tr> <td style="text-align: left">SYS_CHROOT</td> <td style="text-align: left">Use chroot(2), change root directory.</td> </tr> </tbody> </table> <p>The next table shows the capabilities which are not granted by default and may be added.</p> <table> <thead> <tr> <th style="text-align: left">Capability Key</th> <th style="text-align: left">Capability Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">AUDIT_CONTROL</td> <td style="text-align: left">Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.</td> </tr> <tr> <td style="text-align: left">AUDIT_READ</td> <td style="text-align: left">Allow reading the audit log via multicast netlink socket.</td> </tr> <tr> <td style="text-align: left">BLOCK_SUSPEND</td> <td style="text-align: left">Allow preventing system suspends.</td> </tr> <tr> <td style="text-align: left">BPF</td> <td style="text-align: left">Allow creating BPF maps, loading BPF Type Format (BTF) data, retrieve JITed code of BPF programs, and more.</td> </tr> <tr> <td style="text-align: left">CHECKPOINT_RESTORE</td> <td style="text-align: left">Allow checkpoint/restore related operations. Introduced in kernel 5.9.</td> </tr> <tr> <td style="text-align: left">DAC_READ_SEARCH</td> <td style="text-align: left">Bypass file read permission checks and directory read and execute permission checks.</td> </tr> <tr> <td style="text-align: left">IPC_LOCK</td> <td style="text-align: left">Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).</td> </tr> <tr> <td style="text-align: left">IPC_OWNER</td> <td style="text-align: left">Bypass permission checks for operations on System V IPC objects.</td> </tr> <tr> <td style="text-align: left">LEASE</td> <td style="text-align: left">Establish leases on arbitrary files (see fcntl(2)).</td> </tr> <tr> <td style="text-align: left">LINUX_IMMUTABLE</td> <td style="text-align: left">Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.</td> </tr> <tr> <td style="text-align: left">MAC_ADMIN</td> <td style="text-align: left">Allow MAC configuration or state changes. Implemented for the Smack LSM.</td> </tr> <tr> <td style="text-align: left">MAC_OVERRIDE</td> <td style="text-align: left">Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).</td> </tr> <tr> <td style="text-align: left">NET_ADMIN</td> <td style="text-align: left">Perform various network-related operations.</td> </tr> <tr> <td style="text-align: left">NET_BROADCAST</td> <td style="text-align: left">Make socket broadcasts, and listen to multicasts.</td> </tr> <tr> <td style="text-align: left">PERFMON</td> <td style="text-align: left">Allow system performance and observability privileged operations using perf_events, i915_perf and other kernel subsystems</td> </tr> <tr> <td style="text-align: left">SYS_ADMIN</td> <td style="text-align: left">Perform a range of system administration operations.</td> </tr> <tr> <td style="text-align: left">SYS_BOOT</td> <td style="text-align: left">Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.</td> </tr> <tr> <td style="text-align: left">SYS_MODULE</td> <td style="text-align: left">Load and unload kernel modules.</td> </tr> <tr> <td style="text-align: left">SYS_NICE</td> <td style="text-align: left">Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.</td> </tr> <tr> <td style="text-align: left">SYS_PACCT</td> <td style="text-align: left">Use acct(2), switch process accounting on or off.</td> </tr> <tr> <td style="text-align: left">SYS_PTRACE</td> <td style="text-align: left">Trace arbitrary processes using ptrace(2).</td> </tr> <tr> <td style="text-align: left">SYS_RAWIO</td> <td style="text-align: left">Perform I/O port operations (iopl(2) and ioperm(2)).</td> </tr> <tr> <td style="text-align: left">SYS_RESOURCE</td> <td style="text-align: left">Override resource Limits.</td> </tr> <tr> <td style="text-align: left">SYS_TIME</td> <td style="text-align: left">Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.</td> </tr> <tr> <td style="text-align: left">SYS_TTY_CONFIG</td> <td style="text-align: left">Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.</td> </tr> <tr> <td style="text-align: left">SYSLOG</td> <td style="text-align: left">Perform privileged syslog(2) operations.</td> </tr> <tr> <td style="text-align: left">WAKE_ALARM</td> <td style="text-align: left">Trigger something that will wake up the system.</td> </tr> </tbody> </table> <p>Further reference information is available on the <a href="https://man7.org/linux/man-pages/man7/capabilities.7.html">capabilities(7) - Linux man page</a>, and in the <a href="https://github.com/torvalds/linux/blob/124ea650d3072b005457faed69909221c2905a1f/include/uapi/linux/capability.h">Linux kernel source code</a>.</p> <p>Both flags support the value <code class="language-plaintext highlighter-rouge">ALL</code>, so to allow a container to use all capabilities except for <code class="language-plaintext highlighter-rouge">MKNOD</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --cap-add=ALL --cap-drop=MKNOD ...
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">--cap-add</code> and <code class="language-plaintext highlighter-rouge">--cap-drop</code> flags accept capabilities to be specified with a <code class="language-plaintext highlighter-rouge">CAP_</code> prefix. The following examples are therefore equivalent:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --cap-add=SYS_ADMIN ...
+$ docker run --cap-add=CAP_SYS_ADMIN ...
+</pre></div> <p>For interacting with the network stack, instead of using <code class="language-plaintext highlighter-rouge">--privileged</code> they should use <code class="language-plaintext highlighter-rouge">--cap-add=NET_ADMIN</code> to modify the network interfaces.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --rm  ubuntu:14.04 ip link add dummy0 type dummy
+
+RTNETLINK answers: Operation not permitted
+
+$ docker run -it --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy
+</pre></div> <p>To mount a FUSE based filesystem, you need to combine both <code class="language-plaintext highlighter-rouge">--cap-add</code> and <code class="language-plaintext highlighter-rouge">--device</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt
+
+fuse: failed to open /dev/fuse: Operation not permitted
+
+$ docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt
+
+fusermount: mount failed: Operation not permitted
+
+$ docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs
+
+# sshfs sven@10.10.10.20:/home/sven /mnt
+The authenticity of host '10.10.10.20 (10.10.10.20)' can't be established.
+ECDSA key fingerprint is 25:34:85:75:25:b0:17:46:05:19:04:93:b5:dd:5f:c6.
+Are you sure you want to continue connecting (yes/no)? yes
+sven@10.10.10.20's password:
+
+root@30aa0cfaf1b5:/# ls -la /mnt/src/docker
+
+total 1516
+drwxrwxr-x 1 1000 1000   4096 Dec  4 06:08 .
+drwxrwxr-x 1 1000 1000   4096 Dec  4 11:46 ..
+-rw-rw-r-- 1 1000 1000     16 Oct  8 00:09 .dockerignore
+-rwxrwxr-x 1 1000 1000    464 Oct  8 00:09 .drone.yml
+drwxrwxr-x 1 1000 1000   4096 Dec  4 06:11 .git
+-rw-rw-r-- 1 1000 1000    461 Dec  4 06:08 .gitignore
+....
+</pre></div> <p>The default seccomp profile will adjust to the selected capabilities, in order to allow use of facilities allowed by the capabilities, so you should not have to adjust this.</p> <h2 id="logging-drivers---log-driver">Logging drivers (--log-driver)</h2> <p>The container can have a different logging driver than the Docker daemon. Use the <code class="language-plaintext highlighter-rouge">--log-driver=VALUE</code> with the <code class="language-plaintext highlighter-rouge">docker run</code> command to configure the container’s logging driver. The following options are supported:</p> <table> <thead> <tr> <th style="text-align: left">Driver</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">none</code></td> <td style="text-align: left">Disables any logging for the container. <code class="language-plaintext highlighter-rouge">docker logs</code> won’t be available with this driver.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">local</code></td> <td style="text-align: left">Logs are stored in a custom format designed for minimal overhead.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">json-file</code></td> <td style="text-align: left">Default logging driver for Docker. Writes JSON messages to file. No logging options are supported for this driver.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">syslog</code></td> <td style="text-align: left">Syslog logging driver for Docker. Writes log messages to syslog.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">journald</code></td> <td style="text-align: left">Journald logging driver for Docker. Writes log messages to <code class="language-plaintext highlighter-rouge">journald</code>.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">gelf</code></td> <td style="text-align: left">Graylog Extended Log Format (GELF) logging driver for Docker. Writes log messages to a GELF endpoint likeGraylog or Logstash.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">fluentd</code></td> <td style="text-align: left">Fluentd logging driver for Docker. Writes log messages to <code class="language-plaintext highlighter-rouge">fluentd</code> (forward input).</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">awslogs</code></td> <td style="text-align: left">Amazon CloudWatch Logs logging driver for Docker. Writes log messages to Amazon CloudWatch Logs.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">splunk</code></td> <td style="text-align: left">Splunk logging driver for Docker. Writes log messages to <code class="language-plaintext highlighter-rouge">splunk</code> using Event Http Collector.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">etwlogs</code></td> <td style="text-align: left">Event Tracing for Windows (ETW) events. Writes log messages as Event Tracing for Windows (ETW) events. Only Windows platforms.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">gcplogs</code></td> <td style="text-align: left">Google Cloud Platform (GCP) Logging. Writes log messages to Google Cloud Platform (GCP) Logging.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">logentries</code></td> <td style="text-align: left">Rapid7 Logentries. Writes log messages to Rapid7 Logentries.</td> </tr> </tbody> </table> <p>The <code class="language-plaintext highlighter-rouge">docker logs</code> command is available only for the <code class="language-plaintext highlighter-rouge">json-file</code> and <code class="language-plaintext highlighter-rouge">journald</code> logging drivers. For detailed information on working with logging drivers, see <a href="https://docs.docker.com/config/containers/logging/configure/">Configure logging drivers</a>.</p> <h2 id="overriding-dockerfile-image-defaults">Overriding Dockerfile image defaults</h2> <p>When a developer builds an image from a <a href="../builder/index"><em>Dockerfile</em></a> or when she commits it, the developer can set a number of default parameters that take effect when the image starts up as a container.</p> <p>Four of the Dockerfile commands cannot be overridden at runtime: <code class="language-plaintext highlighter-rouge">FROM</code>, <code class="language-plaintext highlighter-rouge">MAINTAINER</code>, <code class="language-plaintext highlighter-rouge">RUN</code>, and <code class="language-plaintext highlighter-rouge">ADD</code>. Everything else has a corresponding override in <code class="language-plaintext highlighter-rouge">docker run</code>. We’ll go through what the developer might have set in each Dockerfile instruction and how the operator can override that setting.</p> <ul> <li><a href="#cmd-default-command-or-options">CMD (Default Command or Options)</a></li> <li><a href="#entrypoint-default-command-to-execute-at-runtime">ENTRYPOINT (Default Command to Execute at Runtime)</a></li> <li><a href="#expose-incoming-ports">EXPOSE (Incoming Ports)</a></li> <li><a href="#env-environment-variables">ENV (Environment Variables)</a></li> <li><a href="#healthcheck">HEALTHCHECK</a></li> <li><a href="#volume-shared-filesystems">VOLUME (Shared Filesystems)</a></li> <li><a href="#user">USER</a></li> <li><a href="#workdir">WORKDIR</a></li> </ul> <h3 id="cmd-default-command-or-options">CMD (default command or options)</h3> <p>Recall the optional <code class="language-plaintext highlighter-rouge">COMMAND</code> in the Docker commandline:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]
+</pre></div> <p>This command is optional because the person who created the <code class="language-plaintext highlighter-rouge">IMAGE</code> may have already provided a default <code class="language-plaintext highlighter-rouge">COMMAND</code> using the Dockerfile <code class="language-plaintext highlighter-rouge">CMD</code> instruction. As the operator (the person running a container from the image), you can override that <code class="language-plaintext highlighter-rouge">CMD</code> instruction just by specifying a new <code class="language-plaintext highlighter-rouge">COMMAND</code>.</p> <p>If the image also specifies an <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> then the <code class="language-plaintext highlighter-rouge">CMD</code> or <code class="language-plaintext highlighter-rouge">COMMAND</code> get appended as arguments to the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code>.</p> <h3 id="entrypoint-default-command-to-execute-at-runtime">ENTRYPOINT (default command to execute at runtime)</h3> <div class="highlight"><pre class="highlight" data-language="">    --entrypoint="": Overwrite the default entrypoint set by the image
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> of an image is similar to a <code class="language-plaintext highlighter-rouge">COMMAND</code> because it specifies what executable to run when the container starts, but it is (purposely) more difficult to override. The <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> gives a container its default nature or behavior, so that when you set an <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> you can run the container <em>as if it were that binary</em>, complete with default options, and you can pass in more options via the <code class="language-plaintext highlighter-rouge">COMMAND</code>. But, sometimes an operator may want to run something else inside the container, so you can override the default <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> at runtime by using a string to specify the new <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code>. Here is an example of how to run a shell in a container that has been set up to automatically run something else (like <code class="language-plaintext highlighter-rouge">/usr/bin/redis-server</code>):</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --entrypoint /bin/bash example/redis
+</pre></div> <p>or two examples of how to pass more parameters to that ENTRYPOINT:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --entrypoint /bin/bash example/redis -c ls -l
+$ docker run -it --entrypoint /usr/bin/redis-cli example/redis --help
+</pre></div> <p>You can reset a containers entrypoint by passing an empty string, for example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -it --entrypoint="" mysql bash
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Passing <code class="language-plaintext highlighter-rouge">--entrypoint</code> will clear out any default command set on the image (i.e. any <code class="language-plaintext highlighter-rouge">CMD</code> instruction in the Dockerfile used to build it).</p> </blockquote> <h3 id="expose-incoming-ports">EXPOSE (incoming ports)</h3> <p>The following <code class="language-plaintext highlighter-rouge">run</code> command options work with container networking:</p> <div class="highlight"><pre class="highlight" data-language="">--expose=[]: Expose a port or a range of ports inside the container.
+             These are additional to those exposed by the `EXPOSE` instruction
+-P         : Publish all exposed ports to the host interfaces
+-p=[]      : Publish a container's port or a range of ports to the host
+               format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
+               Both hostPort and containerPort can be specified as a
+               range of ports. When specifying ranges for both, the
+               number of container ports in the range must match the
+               number of host ports in the range, for example:
+                   -p 1234-1236:1234-1236/tcp
+
+               When specifying a range for hostPort only, the
+               containerPort must not be a range.  In this case the
+               container port is published somewhere within the
+               specified hostPort range. (e.g., `-p 1234-1236:1234/tcp`)
+
+               (use 'docker port' to see the actual mapping)
+
+--link=""  : Add link to another container (&lt;name or id&gt;:alias or &lt;name or id&gt;)
+</pre></div> <p>With the exception of the <code class="language-plaintext highlighter-rouge">EXPOSE</code> directive, an image developer hasn’t got much control over networking. The <code class="language-plaintext highlighter-rouge">EXPOSE</code> instruction defines the initial incoming ports that provide services. These ports are available to processes inside the container. An operator can use the <code class="language-plaintext highlighter-rouge">--expose</code> option to add to the exposed ports.</p> <p>To expose a container’s internal port, an operator can start the container with the <code class="language-plaintext highlighter-rouge">-P</code> or <code class="language-plaintext highlighter-rouge">-p</code> flag. The exposed port is accessible on the host and the ports are available to any client that can reach the host.</p> <p>The <code class="language-plaintext highlighter-rouge">-P</code> option publishes all the ports to the host interfaces. Docker binds each exposed port to a random port on the host. The range of ports are within an <em>ephemeral port range</em> defined by <code class="language-plaintext highlighter-rouge">/proc/sys/net/ipv4/ip_local_port_range</code>. Use the <code class="language-plaintext highlighter-rouge">-p</code> flag to explicitly map a single port or range of ports.</p> <p>The port number inside the container (where the service listens) does not need to match the port number exposed on the outside of the container (where clients connect). For example, inside the container an HTTP service is listening on port 80 (and so the image developer specifies <code class="language-plaintext highlighter-rouge">EXPOSE 80</code> in the Dockerfile). At runtime, the port might be bound to 42800 on the host. To find the mapping between the host ports and the exposed ports, use <code class="language-plaintext highlighter-rouge">docker port</code>.</p> <p>If the operator uses <code class="language-plaintext highlighter-rouge">--link</code> when starting a new client container in the default bridge network, then the client container can access the exposed port via a private networking interface. If <code class="language-plaintext highlighter-rouge">--link</code> is used when starting a container in a user-defined network as described in <a href="https://docs.docker.com/network/"><em>Networking overview</em></a>, it will provide a named alias for the container being linked to.</p> <h3 id="env-environment-variables">ENV (environment variables)</h3> <p>Docker automatically sets some environment variables when creating a Linux container. Docker does not set any environment variables when creating a Windows container.</p> <p>The following environment variables are set for Linux containers:</p> <table> <thead> <tr> <th style="text-align: left">Variable</th> <th style="text-align: left">Value</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">HOME</code></td> <td style="text-align: left">Set based on the value of <code class="language-plaintext highlighter-rouge">USER</code>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">HOSTNAME</code></td> <td style="text-align: left">The hostname associated with the container</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">PATH</code></td> <td style="text-align: left">Includes popular directories, such as <code class="language-plaintext highlighter-rouge">/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin</code>
+</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">TERM</code></td> <td style="text-align: left">
+<code class="language-plaintext highlighter-rouge">xterm</code> if the container is allocated a pseudo-TTY</td> </tr> </tbody> </table> <p>Additionally, the operator can <strong>set any environment variable</strong> in the container by using one or more <code class="language-plaintext highlighter-rouge">-e</code> flags, even overriding those mentioned above, or already defined by the developer with a Dockerfile <code class="language-plaintext highlighter-rouge">ENV</code>. If the operator names an environment variable without specifying a value, then the current value of the named variable is propagated into the container’s environment:</p> <div class="highlight"><pre class="highlight" data-language="">$ export today=Wednesday
+$ docker run -e "deep=purple" -e today --rm alpine env
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+HOSTNAME=d2219b854598
+deep=purple
+today=Wednesday
+HOME=/root
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">PS C:\&gt; docker run --rm -e "foo=bar" microsoft/nanoserver cmd /s /c set
+ALLUSERSPROFILE=C:\ProgramData
+APPDATA=C:\Users\ContainerAdministrator\AppData\Roaming
+CommonProgramFiles=C:\Program Files\Common Files
+CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
+CommonProgramW6432=C:\Program Files\Common Files
+COMPUTERNAME=C2FAEFCC8253
+ComSpec=C:\Windows\system32\cmd.exe
+foo=bar
+LOCALAPPDATA=C:\Users\ContainerAdministrator\AppData\Local
+NUMBER_OF_PROCESSORS=8
+OS=Windows_NT
+Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\ContainerAdministrator\AppData\Local\Microsoft\WindowsApps
+PATHEXT=.COM;.EXE;.BAT;.CMD
+PROCESSOR_ARCHITECTURE=AMD64
+PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 62 Stepping 4, GenuineIntel
+PROCESSOR_LEVEL=6
+PROCESSOR_REVISION=3e04
+ProgramData=C:\ProgramData
+ProgramFiles=C:\Program Files
+ProgramFiles(x86)=C:\Program Files (x86)
+ProgramW6432=C:\Program Files
+PROMPT=$P$G
+PUBLIC=C:\Users\Public
+SystemDrive=C:
+SystemRoot=C:\Windows
+TEMP=C:\Users\ContainerAdministrator\AppData\Local\Temp
+TMP=C:\Users\ContainerAdministrator\AppData\Local\Temp
+USERDOMAIN=User Manager
+USERNAME=ContainerAdministrator
+USERPROFILE=C:\Users\ContainerAdministrator
+windir=C:\Windows
+</pre></div> <p>Similarly the operator can set the <strong>HOSTNAME</strong> (Linux) or <strong>COMPUTERNAME</strong> (Windows) with <code class="language-plaintext highlighter-rouge">-h</code>.</p> <h3 id="healthcheck">HEALTHCHECK</h3> <div class="highlight"><pre class="highlight" data-language="">  --health-cmd            Command to run to check health
+  --health-interval       Time between running the check
+  --health-retries        Consecutive failures needed to report unhealthy
+  --health-timeout        Maximum time to allow one check to run
+  --health-start-period   Start period for the container to initialize before starting health-retries countdown
+  --no-healthcheck        Disable any container-specified HEALTHCHECK
+</pre></div> <p>Example:</p> <div class="highlight"><pre class="highlight" data-language="">
+$ docker run --name=test -d \
+    --health-cmd='stat /etc/passwd || exit 1' \
+    --health-interval=2s \
+    busybox sleep 1d
+$ sleep 2; docker inspect --format='{{.State.Health.Status}}' test
+healthy
+$ docker exec test rm /etc/passwd
+$ sleep 2; docker inspect --format='{{json .State.Health}}' test
+{
+  "Status": "unhealthy",
+  "FailingStreak": 3,
+  "Log": [
+    {
+      "Start": "2016-05-25T17:22:04.635478668Z",
+      "End": "2016-05-25T17:22:04.7272552Z",
+      "ExitCode": 0,
+      "Output": "  File: /etc/passwd\n  Size: 334       \tBlocks: 8          IO Block: 4096   regular file\nDevice: 32h/50d\tInode: 12          Links: 1\nAccess: (0664/-rw-rw-r--)  Uid: (    0/    root)   Gid: (    0/    root)\nAccess: 2015-12-05 22:05:32.000000000\nModify: 2015..."
+    },
+    {
+      "Start": "2016-05-25T17:22:06.732900633Z",
+      "End": "2016-05-25T17:22:06.822168935Z",
+      "ExitCode": 0,
+      "Output": "  File: /etc/passwd\n  Size: 334       \tBlocks: 8          IO Block: 4096   regular file\nDevice: 32h/50d\tInode: 12          Links: 1\nAccess: (0664/-rw-rw-r--)  Uid: (    0/    root)   Gid: (    0/    root)\nAccess: 2015-12-05 22:05:32.000000000\nModify: 2015..."
+    },
+    {
+      "Start": "2016-05-25T17:22:08.823956535Z",
+      "End": "2016-05-25T17:22:08.897359124Z",
+      "ExitCode": 1,
+      "Output": "stat: can't stat '/etc/passwd': No such file or directory\n"
+    },
+    {
+      "Start": "2016-05-25T17:22:10.898802931Z",
+      "End": "2016-05-25T17:22:10.969631866Z",
+      "ExitCode": 1,
+      "Output": "stat: can't stat '/etc/passwd': No such file or directory\n"
+    },
+    {
+      "Start": "2016-05-25T17:22:12.971033523Z",
+      "End": "2016-05-25T17:22:13.082015516Z",
+      "ExitCode": 1,
+      "Output": "stat: can't stat '/etc/passwd': No such file or directory\n"
+    }
+  ]
+}
+
+</pre></div> <p>The health status is also displayed in the <code class="language-plaintext highlighter-rouge">docker ps</code> output.</p> <h3 id="tmpfs-mount-tmpfs-filesystems">TMPFS (mount tmpfs filesystems)</h3> <div class="highlight"><pre class="highlight" data-language="">--tmpfs=[]: Create a tmpfs mount with: container-dir[:&lt;options&gt;],
+            where the options are identical to the Linux
+            'mount -t tmpfs -o' command.
+</pre></div> <p>The example below mounts an empty tmpfs into the container with the <code class="language-plaintext highlighter-rouge">rw</code>, <code class="language-plaintext highlighter-rouge">noexec</code>, <code class="language-plaintext highlighter-rouge">nosuid</code>, and <code class="language-plaintext highlighter-rouge">size=65536k</code> options.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image
+</pre></div> <h3 id="volume-shared-filesystems">VOLUME (shared filesystems)</h3> <div class="highlight"><pre class="highlight" data-language="">-v, --volume=[host-src:]container-dest[:&lt;options&gt;]: Bind mount a volume.
+The comma-delimited `options` are [rw|ro], [z|Z],
+[[r]shared|[r]slave|[r]private], and [nocopy].
+The 'host-src' is an absolute path or a name value.
+
+If neither 'rw' or 'ro' is specified then the volume is mounted in
+read-write mode.
+
+The `nocopy` mode is used to disable automatically copying the requested volume
+path in the container to the volume storage location.
+For named volumes, `copy` is the default mode. Copy modes are not supported
+for bind-mounted volumes.
+
+--volumes-from="": Mount all volumes from the given container(s)
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>When using systemd to manage the Docker daemon’s start and stop, in the systemd unit file there is an option to control mount propagation for the Docker daemon itself, called <code class="language-plaintext highlighter-rouge">MountFlags</code>. The value of this setting may cause Docker to not see mount propagation changes made on the mount point. For example, if this value is <code class="language-plaintext highlighter-rouge">slave</code>, you may not be able to use the <code class="language-plaintext highlighter-rouge">shared</code> or <code class="language-plaintext highlighter-rouge">rshared</code> propagation on a volume.</p> </blockquote> <p>The volumes commands are complex enough to have their own documentation in section <a href="https://docs.docker.com/storage/volumes/"><em>Use volumes</em></a>. A developer can define one or more <code class="language-plaintext highlighter-rouge">VOLUME</code>’s associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host).</p> <p>The <code class="language-plaintext highlighter-rouge">container-dest</code> must always be an absolute path such as <code class="language-plaintext highlighter-rouge">/src/docs</code>. The <code class="language-plaintext highlighter-rouge">host-src</code> can either be an absolute path or a <code class="language-plaintext highlighter-rouge">name</code> value. If you supply an absolute path for the <code class="language-plaintext highlighter-rouge">host-src</code>, Docker bind-mounts to the path you specify. If you supply a <code class="language-plaintext highlighter-rouge">name</code>, Docker creates a named volume by that <code class="language-plaintext highlighter-rouge">name</code>.</p> <p>A <code class="language-plaintext highlighter-rouge">name</code> value must start with an alphanumeric character, followed by <code class="language-plaintext highlighter-rouge">a-z0-9</code>, <code class="language-plaintext highlighter-rouge">_</code> (underscore), <code class="language-plaintext highlighter-rouge">.</code> (period) or <code class="language-plaintext highlighter-rouge">-</code> (hyphen). An absolute path starts with a <code class="language-plaintext highlighter-rouge">/</code> (forward slash).</p> <p>For example, you can specify either <code class="language-plaintext highlighter-rouge">/foo</code> or <code class="language-plaintext highlighter-rouge">foo</code> for a <code class="language-plaintext highlighter-rouge">host-src</code> value. If you supply the <code class="language-plaintext highlighter-rouge">/foo</code> value, Docker creates a bind mount. If you supply the <code class="language-plaintext highlighter-rouge">foo</code> specification, Docker creates a named volume.</p> <h3 id="user">USER</h3> <p><code class="language-plaintext highlighter-rouge">root</code> (id = 0) is the default user within a container. The image developer can create additional users. Those users are accessible by name. When passing a numeric ID, the user does not have to exist in the container.</p> <p>The developer can set a default user to run the first process with the Dockerfile <code class="language-plaintext highlighter-rouge">USER</code> instruction. When starting a container, the operator can override the <code class="language-plaintext highlighter-rouge">USER</code> instruction by passing the <code class="language-plaintext highlighter-rouge">-u</code> option.</p> <div class="highlight"><pre class="highlight" data-language="">-u="", --user="": Sets the username or UID used and optionally the groupname or GID for the specified command.
+
+The followings examples are all valid:
+--user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]
+</pre></div> <blockquote> <p><strong>Note:</strong> if you pass a numeric uid, it must be in the range of 0-2147483647.</p> </blockquote> <h3 id="workdir">WORKDIR</h3> <p>The default working directory for running binaries within a container is the root directory (<code class="language-plaintext highlighter-rouge">/</code>). It is possible to set a different working directory with the Dockerfile <code class="language-plaintext highlighter-rouge">WORKDIR</code> command. The operator can override this with:</p> <div class="highlight"><pre class="highlight" data-language="">-w="", --workdir="": Working directory inside the container
+</pre></div> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=run">run</a>, <a href="https://docs.docker.com/search/?q=configure">configure</a>, <a href="https://docs.docker.com/search/?q=runtime">runtime</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/reference/run/" class="_attribution-link">https://docs.docker.com/engine/reference/run/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Frelease-notes%2Findex.html b/devdocs/docker/engine%2Frelease-notes%2Findex.html
new file mode 100644
index 00000000..54e76712
--- /dev/null
+++ b/devdocs/docker/engine%2Frelease-notes%2Findex.html
@@ -0,0 +1,217 @@
+<h1>Docker Engine release notes</h1>
+<p>This document describes the latest changes, additions, known issues, and fixes for Docker Engine.</p> <h1 id="version-2010">Version 20.10</h1> <h2 id="201016">20.10.16</h2> <p>2022-05-12</p> <p>This release of Docker Engine fixes a regression in the Docker CLI builds for macOS, fixes an issue with <code class="language-plaintext highlighter-rouge">docker stats</code> when using containerd 1.5 and up, and updates the Go runtime to include a fix for <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526" target="_blank" rel="noopener">CVE-2022-29526</a>.</p> <h3 id="client">Client</h3> <ul> <li>Fixed a regression in binaries for macOS introduced in <a href="#201015">20.10.15</a>, which resulted in a panic <a href="https://github.com/docker/cli/pull/3592" target="_blank" rel="noopener">docker/cli#43426</a>.</li> <li>Update golang.org/x/sys dependency which contains a fix for <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526" target="_blank" rel="noopener">CVE-2022-29526</a>.</li> </ul> <h3 id="daemon">Daemon</h3> <ul> <li>Fixed an issue where <code class="language-plaintext highlighter-rouge">docker stats</code> was showing empty stats when running with containerd 1.5.0 or up <a href="https://github.com/moby/moby/pull/43567" target="_blank" rel="noopener">moby/moby#43567</a>.</li> <li>Updated the <code class="language-plaintext highlighter-rouge">golang.org/x/sys</code> build-time dependency which contains a fix for <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526" target="_blank" rel="noopener">CVE-2022-29526</a>.</li> </ul> <h3 id="packaging">Packaging</h3> <ul> <li>Updated Go runtime to <a href="https://go.dev/doc/devel/release#go1.17.minor" target="_blank" rel="noopener">1.17.10</a>, which contains a fix for <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526" target="_blank" rel="noopener">CVE-2022-29526</a>.</li> <li>Used “weak” dependencies for the <code class="language-plaintext highlighter-rouge">docker scan</code> CLI plugin, to prevent a “conflicting requests” error when users performed an off-line installation from downloaded RPM packages <a href="https://github.com/docker/docker-ce-packaging/pull/659" target="_blank" rel="noopener">docker/docker-ce-packaging#659</a>.</li> </ul> <h2 id="201015">20.10.15</h2> <p>2022-05-05</p> <p>This release of Docker Engine comes with updated versions of the <code class="language-plaintext highlighter-rouge">compose</code>, <code class="language-plaintext highlighter-rouge">buildx</code>, <code class="language-plaintext highlighter-rouge">containerd</code>, and <code class="language-plaintext highlighter-rouge">runc</code> components, as well as some minor bug fixes.</p> <blockquote class="important"> <p><strong>Known issues</strong></p> <p>We’ve identified an issue with the <a href="https://download.docker.com/mac/static/stable/" target="_blank" rel="noopener" class="_">macOS CLI binaries</a> in the 20.10.15 release. This issue has been resolved in the <a href="#201016">20.10.16</a> release.</p> </blockquote> <h3 id="daemon-1">Daemon</h3> <ul> <li>Use a RWMutex for stateCounter to prevent potential locking congestion <a href="https://github.com/moby/moby/pull/43426">moby/moby#43426</a>.</li> <li>Prevent an issue where the daemon was unable to find an available IP-range in some conditions <a href="https://github.com/moby/moby/pull/43360">moby/moby#43360</a>
+</li> </ul> <h3 id="packaging-1">Packaging</h3> <ul> <li>Update Docker Compose to <a href="https://github.com/docker/compose/releases/tag/v2.5.0">v2.5.0</a>.</li> <li>Update Docker Buildx to <a href="https://github.com/docker/buildx/releases/tag/v0.8.2">v0.8.2</a>.</li> <li>Update Go runtime to <a href="https://go.dev/doc/devel/release#go1.17.minor">1.17.9</a>.</li> <li>Update containerd (<code class="language-plaintext highlighter-rouge">containerd.io</code> package) to <a href="https://github.com/containerd/containerd/releases/tag/v1.6.4">v1.6.4</a>.</li> <li>Update runc version to <a href="https://github.com/opencontainers/runc/releases/tag/v1.1.1">v1.1.1</a>.</li> <li>Add packages for CentOS 9 stream and Fedora 36.</li> </ul> <h2 id="201014">20.10.14</h2> <p>2022-03-23</p> <p>This release of Docker Engine updates the default inheritable capabilities for containers to address <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769">CVE-2022-24769</a>, a new version of the <code class="language-plaintext highlighter-rouge">containerd.io</code> runtime is also included to address the same issue.</p> <h3 id="daemon-2">Daemon</h3> <ul> <li>Update the default inheritable capabilities.</li> </ul> <h3 id="builder">Builder</h3> <ul> <li>Update the default inheritable capabilities for containers used during build.</li> </ul> <h3 id="packaging-2">Packaging</h3> <ul> <li>Update containerd (<code class="language-plaintext highlighter-rouge">containerd.io</code> package) to <a href="https://github.com/containerd/containerd/releases/tag/v1.5.11">v1.5.11</a>.</li> <li>Update <code class="language-plaintext highlighter-rouge">docker buildx</code> to <a href="https://github.com/docker/buildx/releases/tag/v0.8.1">v0.8.1</a>.</li> </ul> <h2 id="201013">20.10.13</h2> <p>2022-03-10</p> <p>This release of Docker Engine contains some bug-fixes and packaging changes, updates to the <code class="language-plaintext highlighter-rouge">docker scan</code> and <code class="language-plaintext highlighter-rouge">docker buildx</code> commands, an updated version of the Go runtime, and new versions of the <code class="language-plaintext highlighter-rouge">containerd.io</code> runtime. Together with this release, we now also provide <code class="language-plaintext highlighter-rouge">.deb</code> and <code class="language-plaintext highlighter-rouge">.rpm</code> packages of Docker Compose V2, which can be installed using the (optional) <code class="language-plaintext highlighter-rouge">docker-compose-plugin</code> package.</p> <h3 id="builder-1">Builder</h3> <ul> <li>Updated the bundled version of buildx to <a href="https://github.com/docker/buildx/releases/tag/v0.8.0">v0.8.0</a>.</li> </ul> <h3 id="daemon-3">Daemon</h3> <ul> <li>Fix a race condition when updating the container’s state <a href="https://github.com/moby/moby/pull/43166">moby/moby#43166</a>.</li> <li>Update the etcd dependency to prevent the daemon from incorrectly holding file locks <a href="https://github.com/moby/moby/pull/43259">moby/moby#43259</a>
+</li> <li>Fix detection of user-namespaces when configuring the default <code class="language-plaintext highlighter-rouge">net.ipv4.ping_group_range</code> sysctl <a href="https://github.com/moby/moby/pull/43084">moby/moby#43084</a>.</li> </ul> <h3 id="distribution">Distribution</h3> <ul> <li>Retry downloading image-manifests if a connection failure happens during image pull <a href="https://github.com/moby/moby/pull/43333">moby/moby#43333</a>.</li> </ul> <h3 id="documentation">Documentation</h3> <ul> <li>Various fixes in command-line reference and API documentation.</li> </ul> <h3 id="logging">Logging</h3> <ul> <li>Prevent an OOM when using the “local” logging driver with containers that produce a large amount of log messages <a href="https://github.com/moby/moby/pull/43165">moby/moby#43165</a>.</li> <li>Updates the fluentd log driver to prevent a potential daemon crash, and prevent containers from hanging when using the <code class="language-plaintext highlighter-rouge">fluentd-async-connect=true</code> and the remote server is unreachable <a href="https://github.com/moby/moby/pull/43147">moby/moby#43147</a>.</li> </ul> <h3 id="packaging-3">Packaging</h3> <ul> <li>Provide <code class="language-plaintext highlighter-rouge">.deb</code> and <code class="language-plaintext highlighter-rouge">.rpm</code> packages for Docker Compose V2. <a href="https://github.com/docker/compose/releases/tag/v2.3.3">Docker Compose v2.3.3</a> can now be installed on Linux using the <code class="language-plaintext highlighter-rouge">docker-compose-plugin</code> packages, which provides the <code class="language-plaintext highlighter-rouge">docker compose</code> subcommand on the Docker CLI. The Docker Compose plugin can also be installed and run standalone to be used as a drop-in replacement for <code class="language-plaintext highlighter-rouge">docker-compose</code> (Docker Compose V1) <a href="https://github.com/docker/docker-ce-packaging/pull/638">docker/docker-ce-packaging#638</a>. The <code class="language-plaintext highlighter-rouge">compose-cli-plugin</code> package can also be used on older version of the Docker CLI with support for CLI plugins (Docker CLI 18.09 and up).</li> <li>Provide packages for the upcoming Ubuntu 22.04 “Jammy Jellyfish” LTS release <a href="https://github.com/docker/docker-ce-packaging/pull/645">docker/docker-ce-packaging#645</a>, <a href="https://github.com/docker/containerd-packaging/pull/271">docker/containerd-packaging#271</a>.</li> <li>Update <code class="language-plaintext highlighter-rouge">docker buildx</code> to <a href="https://github.com/docker/buildx/releases/tag/v0.8.0">v0.8.0</a>.</li> <li>Update <code class="language-plaintext highlighter-rouge">docker scan</code> (<code class="language-plaintext highlighter-rouge">docker-scan-plugin</code>) to <a href="https://github.com/docker/scan-cli-plugin/releases/tag/v0.17.0">v0.17.0</a>.</li> <li>Update containerd (<code class="language-plaintext highlighter-rouge">containerd.io</code> package) to <a href="https://github.com/containerd/containerd/releases/tag/v1.5.10">v1.5.10</a>.</li> <li>Update the bundled runc version to <a href="https://github.com/opencontainers/runc/releases/tag/v1.0.3">v1.0.3</a>.</li> <li>Update Golang runtime to Go 1.16.15.</li> </ul> <h2 id="201012">20.10.12</h2> <p>2021-12-13</p> <p>This release of Docker Engine contains changes in packaging only, and provides updates to the <code class="language-plaintext highlighter-rouge">docker scan</code> and <code class="language-plaintext highlighter-rouge">docker buildx</code> commands. Versions of <code class="language-plaintext highlighter-rouge">docker scan</code> before v0.11.0 are not able to detect the <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-44228">Log4j 2 CVE-2021-44228</a>. We are shipping an updated version of <code class="language-plaintext highlighter-rouge">docker scan</code> in this release to help you scan your images for this vulnerability.</p> <blockquote> <p><strong>Note</strong></p> <p>The <code class="language-plaintext highlighter-rouge">docker scan</code> command on Linux is currently only supported on x86 platforms. We do not yet provide a package for other hardware architectures on Linux.</p> </blockquote> <p>The <code class="language-plaintext highlighter-rouge">docker scan</code> feature is provided as a separate package and, depending on your upgrade or installation method, ‘docker scan’ may not be updated automatically to the latest version. Use the instructions below to update <code class="language-plaintext highlighter-rouge">docker scan</code> to the latest version. You can also use these instructions to install, or upgrade the <code class="language-plaintext highlighter-rouge">docker scan</code> package without upgrading the Docker Engine:</p> <p>On <code class="language-plaintext highlighter-rouge">.deb</code> based distros, such as Ubuntu and Debian:</p> <div class="highlight"><pre class="highlight" data-language="">$ apt-get update &amp;&amp; apt-get install docker-scan-plugin
+</pre></div> <p>On rpm-based distros, such as CentOS or Fedora:</p> <div class="highlight"><pre class="highlight" data-language="">$ yum install docker-scan-plugin
+</pre></div> <p>After upgrading, verify you have the latest version of <code class="language-plaintext highlighter-rouge">docker scan</code> installed:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --accept-license --version
+Version:    v0.12.0
+Git commit: 1074dd0
+Provider:   Snyk (1.790.0 (standalone))
+</pre></div> <p><a href="https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/">Read our blog post on CVE-2021-44228</a> to learn how to use the <code class="language-plaintext highlighter-rouge">docker scan</code> command to check if images are vulnerable.</p> <h3 id="packaging-4">Packaging</h3> <ul> <li>Update <code class="language-plaintext highlighter-rouge">docker scan</code> to <a href="https://github.com/docker/scan-cli-plugin/releases/tag/v0.12.0">v0.12.0</a>.</li> <li>Update <code class="language-plaintext highlighter-rouge">docker buildx</code> to <a href="https://github.com/docker/buildx/releases/tag/v0.7.1">v0.7.1</a>.</li> <li>Update Golang runtime to Go 1.16.12.</li> </ul> <h2 id="201011">20.10.11</h2> <p>2021-11-17</p> <blockquote class="important"> <p><strong>IMPORTANT</strong></p> <p>Due to <a href="https://github.com/golang/go/issues/40909">net/http changes</a> in <a href="https://golang.org/doc/go1.16#net/http">Go 1.16</a>, HTTP proxies configured through the <code class="language-plaintext highlighter-rouge">$HTTP_PROXY</code> environment variable are no longer used for TLS (<code class="language-plaintext highlighter-rouge">https://</code>) connections. Make sure you also set an <code class="language-plaintext highlighter-rouge">$HTTPS_PROXY</code> environment variable for handling requests to <code class="language-plaintext highlighter-rouge">https://</code> URLs.</p> <p>Refer to the <a href="https://docs.docker.com/config/daemon/systemd/#httphttps-proxy">HTTP/HTTPS proxy section</a> to learn how to configure the Docker Daemon to use a proxy server.</p> </blockquote> <h3 id="distribution-1">Distribution</h3> <ul> <li>Handle ambiguous OCI manifest parsing to mitigate <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41190">CVE-2021-41190</a> / <a href="https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m">GHSA-mc8v-mgrf-8f4m</a>. See <a href="https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42">GHSA-xmmx-7jpf-fx42</a> for details.</li> </ul> <h3 id="windows">Windows</h3> <ul> <li>Fix panic.log file having read-only attribute set <a href="https://github.com/moby/moby/pull/42987">moby/moby#42987</a>.</li> </ul> <h3 id="packaging-5">Packaging</h3> <ul> <li>Update containerd to <a href="https://github.com/containerd/containerd/releases/tag/v1.4.12">v1.4.12</a> to mitigate <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41190">CVE-2021-41190</a>.</li> <li>Update Golang runtime to Go 1.16.10.</li> </ul> <h2 id="201010">20.10.10</h2> <p>2021-10-25</p> <blockquote class="important"> <p><strong>IMPORTANT</strong></p> <p>Due to <a href="https://github.com/golang/go/issues/40909">net/http changes</a> in <a href="https://golang.org/doc/go1.16#net/http">Go 1.16</a>, HTTP proxies configured through the <code class="language-plaintext highlighter-rouge">$HTTP_PROXY</code> environment variable are no longer used for TLS (<code class="language-plaintext highlighter-rouge">https://</code>) connections. Make sure you also set an <code class="language-plaintext highlighter-rouge">$HTTPS_PROXY</code> environment variable for handling requests to <code class="language-plaintext highlighter-rouge">https://</code> URLs.</p> <p>Refer to the <a href="https://docs.docker.com/config/daemon/systemd/#httphttps-proxy">HTTP/HTTPS proxy section</a> to learn how to configure the Docker Daemon to use a proxy server.</p> </blockquote> <h3 id="builder-2">Builder</h3> <ul> <li>Fix platform-matching logic to fix <code class="language-plaintext highlighter-rouge">docker build</code> using not finding images in the local image cache on Arm machines when using BuildKit <a href="https://github.com/moby/moby/pull/42954">moby/moby#42954</a>
+</li> </ul> <h3 id="runtime">Runtime</h3> <ul> <li>Add support for <code class="language-plaintext highlighter-rouge">clone3</code> syscall in the default seccomp policy to support running containers based on recent versions of Fedora and Ubuntu. <a href="https://github.com/moby/moby/pull/42836">moby/moby/#42836</a>.</li> <li>Windows: update hcsshim library to fix a bug in sparse file handling in container layers, which was exposed by recent changes in Windows <a href="https://github.com/moby/moby/pull/42944">moby/moby#42944</a>.</li> <li>Fix some situations where <code class="language-plaintext highlighter-rouge">docker stop</code> could hang forever <a href="https://github.com/moby/moby/pull/42956">moby/moby#42956</a>.</li> </ul> <h3 id="swarm">Swarm</h3> <ul> <li>Fix an issue where updating a service did not roll back on failure <a href="https://github.com/moby/moby/pull/42875">moby/moby#42875</a>.</li> </ul> <h3 id="packaging-6">Packaging</h3> <ul> <li>Add packages for Ubuntu 21.10 “Impish Indri” and Fedora 35.</li> <li>Update <code class="language-plaintext highlighter-rouge">docker scan</code> to v0.9.0</li> <li>Update Golang runtime to Go 1.16.9.</li> </ul> <h2 id="20109">20.10.9</h2> <p>2021-10-04</p> <p>This release is a security release with security fixes in the CLI, runtime, as well as updated versions of the containerd.io package.</p> <blockquote class="important"> <p><strong>IMPORTANT</strong></p> <p>Due to <a href="https://github.com/golang/go/issues/40909">net/http changes</a> in <a href="https://golang.org/doc/go1.16#net/http">Go 1.16</a>, HTTP proxies configured through the <code class="language-plaintext highlighter-rouge">$HTTP_PROXY</code> environment variable are no longer used for TLS (<code class="language-plaintext highlighter-rouge">https://</code>) connections. Make sure you also set an <code class="language-plaintext highlighter-rouge">$HTTPS_PROXY</code> environment variable for handling requests to <code class="language-plaintext highlighter-rouge">https://</code> URLs.</p> <p>Refer to the <a href="https://docs.docker.com/config/daemon/systemd/#httphttps-proxy">HTTP/HTTPS proxy section</a> to learn how to configure the Docker Daemon to use a proxy server.</p> </blockquote> <h3 id="client-1">Client</h3> <ul> <li>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092">CVE-2021-41092</a> Ensure default auth config has address field set, to prevent credentials being sent to the default registry.</li> </ul> <h3 id="runtime-1">Runtime</h3> <ul> <li>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089">CVE-2021-41089</a> Create parent directories inside a chroot during <code class="language-plaintext highlighter-rouge">docker cp</code> to prevent a specially crafted container from changing permissions of existing files in the host’s filesystem.</li> <li>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091">CVE-2021-41091</a> Lock down file permissions to prevent unprivileged users from discovering and executing programs in <code class="language-plaintext highlighter-rouge">/var/lib/docker</code>.</li> </ul> <h3 id="packaging-7">Packaging</h3> <blockquote> <p><strong>Known issue</strong></p> <p>The <code class="language-plaintext highlighter-rouge">ctr</code> binary shipping with the static packages of this release is not statically linked, and will not run in Docker images using alpine as a base image. Users can install the <code class="language-plaintext highlighter-rouge">libc6-compat</code> package, or download a previous version of the <code class="language-plaintext highlighter-rouge">ctr</code> binary as a workaround. Refer to the containerd ticket related to this issue for more details: <a href="https://github.com/containerd/containerd/issues/5824">containerd/containerd#5824</a>.</p> </blockquote> <ul> <li>Update Golang runtime to Go 1.16.8, which contains fixes for <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36221">CVE-2021-36221</a> and <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39293">CVE-2021-39293</a>
+</li> <li>Update static binaries and containerd.io rpm and deb packages to containerd v1.4.11 and runc v1.0.2 to address <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103">CVE-2021-41103</a>.</li> <li>Update the bundled buildx version to v0.6.3 for rpm and deb packages.</li> </ul> <h2 id="20108">20.10.8</h2> <p>2021-08-03</p> <blockquote class="important"> <p><strong>IMPORTANT</strong></p> <p>Due to <a href="https://github.com/golang/go/issues/40909">net/http changes</a> in <a href="https://golang.org/doc/go1.16#net/http">Go 1.16</a>, HTTP proxies configured through the <code class="language-plaintext highlighter-rouge">$HTTP_PROXY</code> environment variable are no longer used for TLS (<code class="language-plaintext highlighter-rouge">https://</code>) connections. Make sure you also set an <code class="language-plaintext highlighter-rouge">$HTTPS_PROXY</code> environment variable for handling requests to <code class="language-plaintext highlighter-rouge">https://</code> URLs.</p> <p>Refer to the <a href="https://docs.docker.com/config/daemon/systemd/#httphttps-proxy">HTTP/HTTPS proxy section</a> to learn how to configure the Docker Daemon to use a proxy server.</p> </blockquote> <h3 id="deprecation">Deprecation</h3> <ul> <li>Deprecate support for encrypted TLS private keys. Legacy PEM encryption as specified in RFC 1423 is insecure by design. Because it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. Support for encrypted TLS private keys is now marked as deprecated, and will be removed in an upcoming release. <a href="https://github.com/docker/cli/pull/3219">docker/cli#3219</a>
+</li> <li>Deprecate Kubernetes stack support. Following the deprecation of <a href="https://github.com/docker/compose-on-kubernetes">Compose on Kubernetes</a>, support for Kubernetes in the <code class="language-plaintext highlighter-rouge">stack</code> and <code class="language-plaintext highlighter-rouge">context</code> commands in the Docker CLI is now marked as deprecated, and will be removed in an upcoming release <a href="https://github.com/docker/cli/pull/3174">docker/cli#3174</a>.</li> </ul> <h3 id="client-2">Client</h3> <ul> <li>Fix <code class="language-plaintext highlighter-rouge">Invalid standard handle identifier</code> errors on Windows <a href="https://github.com/docker/cli/pull/3132">docker/cli#3132</a>.</li> </ul> <h3 id="rootless">Rootless</h3> <ul> <li>Avoid <code class="language-plaintext highlighter-rouge">can't open lock file /run/xtables.lock: Permission denied</code> error on SELinux hosts <a href="https://github.com/moby/moby/pull/42462">moby/moby#42462</a>.</li> <li>Disable overlay2 when running with SELinux to prevent permission denied errors <a href="https://github.com/moby/moby/pull/42462">moby/moby#42462</a>.</li> <li>Fix <code class="language-plaintext highlighter-rouge">x509: certificate signed by unknown authority</code> error on openSUSE Tumbleweed <a href="https://github.com/moby/moby/pull/42462">moby/moby#42462</a>.</li> </ul> <h3 id="runtime-2">Runtime</h3> <ul> <li>Print a warning when using the <code class="language-plaintext highlighter-rouge">--platform</code> option to pull a single-arch image that does not match the specified architecture <a href="https://github.com/moby/moby/pull/42633">moby/moby#42633</a>.</li> <li>Fix incorrect <code class="language-plaintext highlighter-rouge">Your kernel does not support swap memory limit</code> warning when running with cgroups v2 <a href="https://github.com/moby/moby/pull/42479">moby/moby#42479</a>.</li> <li>Windows: Fix a situation where containers were not stopped if <code class="language-plaintext highlighter-rouge">HcsShutdownComputeSystem</code> returned an <code class="language-plaintext highlighter-rouge">ERROR_PROC_NOT_FOUND</code> error <a href="https://github.com/moby/moby/pull/42613">moby/moby#42613</a>
+</li> </ul> <h3 id="swarm-1">Swarm</h3> <ul> <li>Fix a possibility where overlapping IP addresses could exist as a result of the node failing to clean up its old loadbalancer IPs <a href="https://github.com/moby/moby/pull/42538">moby/moby#42538</a>
+</li> <li>Fix a deadlock in log broker (“dispatcher is stopped”) <a href="https://github.com/moby/moby/pull/42537">moby/moby#42537</a>
+</li> </ul> <h3 id="packaging-8">Packaging</h3> <blockquote> <p><strong>Known issue</strong></p> <p>The <code class="language-plaintext highlighter-rouge">ctr</code> binary shipping with the static packages of this release is not statically linked, and will not run in Docker images using alpine as a base image. Users can install the <code class="language-plaintext highlighter-rouge">libc6-compat</code> package, or download a previous version of the <code class="language-plaintext highlighter-rouge">ctr</code> binary as a workaround. Refer to the containerd ticket related to this issue for more details: <a href="https://github.com/containerd/containerd/issues/5824">containerd/containerd#5824</a>.</p> </blockquote> <ul> <li>Remove packaging for Ubuntu 16.04 “Xenial” and Fedora 32, as they reached EOL <a href="https://github.com/docker/docker-ce-packaging/pull/560">docker/docker-ce-packaging#560</a>
+</li> <li>Update Golang runtime to Go 1.16.6</li> <li>Update the bundled buildx version to v0.6.1 for rpm and deb packages <a href="https://github.com/docker/docker-ce-packaging/pull/562">docker/docker-ce-packaging#562</a>
+</li> <li>Update static binaries and containerd.io rpm and deb packages to containerd v1.4.9 and runc v1.0.1: <a href="https://github.com/docker/containerd-packaging/pull/241">docker/containerd-packaging#241</a>, <a href="https://github.com/docker/containerd-packaging/pull/245">docker/containerd-packaging#245</a>, <a href="https://github.com/docker/containerd-packaging/pull/247">docker/containerd-packaging#247</a>.</li> </ul> <h2 id="20107">20.10.7</h2> <p>2021-06-02</p> <h3 id="client-3">Client</h3> <ul> <li>Suppress warnings for deprecated cgroups <a href="https://github.com/docker/cli/pull/3099">docker/cli#3099</a>.</li> <li>Prevent sending <code class="language-plaintext highlighter-rouge">SIGURG</code> signals to container on Linux and macOS. The Go runtime (starting with Go 1.14) uses <code class="language-plaintext highlighter-rouge">SIGURG</code> signals internally as an interrupt to support preemptable syscalls. In situations where the Docker CLI was attached to a container, these interrupts were forwarded to the container. This fix changes the Docker CLI to ignore <code class="language-plaintext highlighter-rouge">SIGURG</code> signals <a href="https://github.com/docker/cli/pull/3107">docker/cli#3107</a>, <a href="https://github.com/moby/moby/pull/42421">moby/moby#42421</a>.</li> </ul> <h3 id="builder-3">Builder</h3> <ul> <li>Update BuildKit to version v0.8.3-3-g244e8cde <a href="https://github.com/moby/moby/pull/42448">moby/moby#42448</a>: <ul> <li>Transform relative mountpoints for exec mounts in the executor to work around a breaking change in runc v1.0.0-rc94 and up. <a href="https://github.com/moby/buildkit/pull/2137">moby/buildkit#2137</a>.</li> <li>Add retry on image push 5xx errors. <a href="https://github.com/moby/buildkit/pull/2043">moby/buildkit#2043</a>.</li> <li>Fix build-cache not being invalidated when renaming a file that is copied using a <code class="language-plaintext highlighter-rouge">COPY</code> command with a wildcard. Note that this change invalidates existing build caches for copy commands that use a wildcard. <a href="https://github.com/moby/buildkit/pull/2018">moby/buildkit#2018</a>.</li> <li>Fix build-cache not being invalidated when using mounts <a href="https://github.com/moby/buildkit/pull/2076">moby/buildkit#2076</a>.</li> </ul> </li> <li>Fix build failures when <code class="language-plaintext highlighter-rouge">FROM</code> image is not cached when using legacy schema 1 images <a href="https://github.com/moby/moby/pull/42382">moby/moby#42382</a>.</li> </ul> <h3 id="logging-1">Logging</h3> <ul> <li>Update the hcsshim SDK to make daemon logs on Windows less verbose <a href="https://github.com/moby/moby/pull/42292">moby/moby#42292</a>.</li> </ul> <h3 id="rootless-1">Rootless</h3> <ul> <li>Fix capabilities not being honored when an image was built on a daemon with user-namespaces enabled <a href="https://github.com/moby/moby/pull/42352">moby/moby#42352</a>.</li> </ul> <h3 id="networking">Networking</h3> <ul> <li>Update libnetwork to fix publishing ports on environments with kernel boot parameter <code class="language-plaintext highlighter-rouge">ipv6.disable=1</code>, and to fix a deadlock causing internal DNS lookups to fail <a href="https://github.com/moby/moby/pull/42413">moby/moby#42413</a>.</li> </ul> <h3 id="contrib">Contrib</h3> <ul> <li>Update rootlesskit to v0.14.2 to fix a timeout when starting the userland proxy with the <code class="language-plaintext highlighter-rouge">slirp4netns</code> port driver <a href="https://github.com/moby/moby/pull/42294">moby/moby#42294</a>.</li> <li>Fix “Device or resource busy” errors when running docker-in-docker on a rootless daemon <a href="https://github.com/moby/moby/pull/42342">moby/moby#42342</a>.</li> </ul> <h3 id="packaging-9">Packaging</h3> <ul> <li>Update containerd to v1.4.6, runc v1.0.0-rc95 to address <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30465">CVE-2021-30465</a> <a href="https://github.com/moby/moby/pull/42398">moby/moby#42398</a>, <a href="https://github.com/moby/moby/pull/42395">moby/moby#42395</a>, <a href="https://github.com/docker/containerd-packaging/pull/234">ocker/containerd-packaging#234</a>
+</li> <li>Update containerd to v1.4.5, runc v1.0.0-rc94 <a href="https://github.com/moby/moby/pull/42372">moby/moby#42372</a>, <a href="https://github.com/moby/moby/pull/42388">moby/moby#42388</a>, <a href="https://github.com/docker/containerd-packaging/pull/232">docker/containerd-packaging#232</a>.</li> <li>Update Docker Scan plugin packages (<code class="language-plaintext highlighter-rouge">docker-scan-plugin</code>) to v0.8 <a href="https://github.com/docker/docker-ce-packaging/pull/545">docker/docker-ce-packaging#545</a>.</li> </ul> <h2 id="20106">20.10.6</h2> <p>2021-04-12</p> <h3 id="client-4">Client</h3> <ul> <li>Apple Silicon (darwin/arm64) support for Docker CLI <a href="https://github.com/docker/cli/pull/3042">docker/cli#3042</a>
+</li> <li>config: print deprecation warning when falling back to pre-v1.7.0 config file <code class="language-plaintext highlighter-rouge">~/.dockercfg</code>. Support for this file will be removed in a future release <a href="https://github.com/docker/cli/pull/3000">docker/cli#3000</a>
+</li> </ul> <h3 id="builder-4">Builder</h3> <ul> <li>Fix classic builder silently ignoring unsupported Dockerfile options and prompt to enable BuildKit instead <a href="https://github.com/moby/moby/pull/42197">moby/moby#42197</a>
+</li> </ul> <h3 id="logging-2">Logging</h3> <ul> <li>json-file: fix sporadic unexpected EOF errors <a href="https://github.com/moby/moby/pull/42174">moby/moby#42174</a>
+</li> </ul> <h3 id="networking-1">Networking</h3> <ul> <li>Fix a regression in docker 20.10, causing IPv6 addresses no longer to be bound by default when mapping ports <a href="https://github.com/moby/moby/pull/42205">moby/moby#42205</a>
+</li> <li>Fix implicit IPv6 port-mappings not included in API response. Before docker 20.10, published ports were accessible through both IPv4 and IPv6 by default, but the API only included information about the IPv4 (0.0.0.0) mapping <a href="https://github.com/moby/moby/pull/42205">moby/moby#42205</a>
+</li> <li>Fix a regression in docker 20.10, causing the docker-proxy to not be terminated in all cases <a href="https://github.com/moby/moby/pull/42205">moby/moby#42205</a>
+</li> <li>Fix iptables forwarding rules not being cleaned up upon container removal <a href="https://github.com/moby/moby/pull/42205">moby/moby#42205</a>
+</li> </ul> <h3 id="packaging-10">Packaging</h3> <ul> <li>Update containerd to <a href="https://github.com/containerd/containerd/releases/tag/v1.4.4">v1.4.4</a> for static binaries. The containerd.io package on apt/yum repos already had this update out of band. Includes a fix for <a href="https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4">CVE-2021-21334</a>. <a href="https://github.com/moby/moby/pull/42124">moby/moby#42124</a>
+</li> <li>Packages for Debian/Raspbian 11 Bullseye, Ubuntu 21.04 Hirsute Hippo and Fedora 34 <a href="https://github.com/docker/docker-ce-packaging/pull/521">docker/docker-ce-packaging#521</a> <a href="https://github.com/docker/docker-ce-packaging/pull/522">docker/docker-ce-packaging#522</a> <a href="https://github.com/docker/docker-ce-packaging/pull/533">docker/docker-ce-packaging#533</a>
+</li> <li>Provide the <a href="https://github.com/docker/scan-cli-plugin">Docker Scan CLI</a> plugin on Linux amd64 via a <code class="language-plaintext highlighter-rouge">docker-scan-plugin</code> package as a recommended dependency for the <code class="language-plaintext highlighter-rouge">docker-ce-cli</code> package <a href="https://github.com/docker/docker-ce-packaging/pull/537">docker/docker-ce-packaging#537</a>
+</li> <li>Include VPNKit binary for arm64 <a href="https://github.com/moby/moby/pull/42141">moby/moby#42141</a>
+</li> </ul> <h3 id="plugins">Plugins</h3> <ul> <li>Fix docker plugin create making plugins that were incompatible with older versions of Docker <a href="https://github.com/moby/moby/pull/42256">moby/moby#42256</a>
+</li> </ul> <h3 id="rootless-2">Rootless</h3> <ul> <li>Update RootlessKit to <a href="https://github.com/rootless-containers/rootlesskit/releases/tag/v0.14.1">v0.14.1</a> (see also <a href="https://github.com/rootless-containers/rootlesskit/releases/tag/v0.14.0">v0.14.0</a> <a href="https://github.com/rootless-containers/rootlesskit/releases/tag/v0.13.2">v0.13.2</a>) <a href="https://github.com/moby/moby/pull/42186">moby/moby#42186</a> <a href="https://github.com/moby/moby/pull/42232">moby/moby#42232</a>
+</li> <li>dockerd-rootless-setuptool.sh: create CLI context “rootless” <a href="https://github.com/moby/moby/pull/42109">moby/moby#42109</a>
+</li> <li>dockerd-rootless.sh: prohibit running as root <a href="https://github.com/moby/moby/pull/42072">moby/moby#42072</a>
+</li> <li>Fix “operation not permitted” when bind mounting existing mounts <a href="https://github.com/moby/moby/pull/42233">moby/moby#42233</a>
+</li> <li>overlay2: fix “createDirWithOverlayOpaque(...) ... input/output error” <a href="https://github.com/moby/moby/pull/42235">moby/moby#42235</a>
+</li> <li>overlay2: support “userxattr” option (kernel 5.11) <a href="https://github.com/moby/moby/pull/42168">moby/moby#42168</a>
+</li> <li>btrfs: allow unprivileged user to delete subvolumes (kernel &gt;= 4.18) <a href="https://github.com/moby/moby/pull/42253">moby/moby#42253</a>
+</li> <li>cgroup2: Move cgroup v2 out of experimental <a href="https://github.com/moby/moby/pull/42263">moby/moby#42263</a>
+</li> </ul> <h2 id="20105">20.10.5</h2> <p>2021-03-02</p> <h3 id="client-5">Client</h3> <ul> <li>Revert <a href="https://github.com/docker/cli/pull/2960">docker/cli#2960</a> to fix hanging in <code class="language-plaintext highlighter-rouge">docker start --attach</code> and remove spurious <code class="language-plaintext highlighter-rouge">Unsupported signal: &lt;nil&gt;. Discarding</code> messages. <a href="https://github.com/docker/cli/pull/2987">docker/cli#2987</a>.</li> </ul> <h2 id="20104">20.10.4</h2> <p>2021-02-26</p> <h3 id="builder-5">Builder</h3> <ul> <li>Fix incorrect cache match for inline cache import with empty layers <a href="https://github.com/moby/moby/pull/42061">moby/moby#42061</a>
+</li> <li>Update BuildKit to v0.8.2 <a href="https://github.com/moby/moby/pull/42061">moby/moby#42061</a> <ul> <li>resolver: avoid error caching on token fetch</li> <li>fileop: fix checksum to contain indexes of inputs preventing certain cache misses</li> <li>Fix reference count issues on typed errors with mount references (fixing <code class="language-plaintext highlighter-rouge">invalid mutable ref</code> errors)</li> <li>git: set token only for main remote access allowing cloning submodules with different credentials</li> </ul> </li> <li>Ensure blobs get deleted in /var/lib/docker/buildkit/content/blobs/sha256 after pull. To clean up old state run <code class="language-plaintext highlighter-rouge">builder prune</code> <a href="https://github.com/moby/moby/pull/42065">moby/moby#42065</a>
+</li> <li>Fix parallel pull synchronization regression <a href="https://github.com/moby/moby/pull/42049">moby/moby#42049</a>
+</li> <li>Ensure libnetwork state files do not leak <a href="https://github.com/moby/moby/pull/41972">moby/moby#41972</a>
+</li> </ul> <h3 id="client-6">Client</h3> <ul> <li>Fix a panic on <code class="language-plaintext highlighter-rouge">docker login</code> if no config file is present <a href="https://github.com/docker/cli/pull/2959">docker/cli#2959</a>
+</li> <li>Fix <code class="language-plaintext highlighter-rouge">WARNING: Error loading config file: .dockercfg: $HOME is not defined</code> <a href="https://github.com/docker/cli/pull/2958">docker/cli#2958</a>
+</li> </ul> <h3 id="runtime-3">Runtime</h3> <ul> <li>docker info: silence unhandleable warnings <a href="https://github.com/moby/moby/pull/41958">moby/moby#41958</a>
+</li> <li>Avoid creating parent directories for XGlobalHeader <a href="https://github.com/moby/moby/pull/42017">moby/moby#42017</a>
+</li> <li>Use 0755 permissions when creating missing directories <a href="https://github.com/moby/moby/pull/42017">moby/moby#42017</a>
+</li> <li>Fallback to manifest list when no platform matches in image config <a href="https://github.com/moby/moby/pull/42045">moby/moby#42045</a> <a href="https://github.com/moby/moby/pull/41873">moby/moby#41873</a>
+</li> <li>Fix a daemon panic on setups with a custom default runtime configured <a href="https://github.com/moby/moby/pull/41974">moby/moby#41974</a>
+</li> <li>Fix a panic when daemon configuration is empty <a href="https://github.com/moby/moby/pull/41976">moby/moby#41976</a>
+</li> <li>Fix daemon panic when starting container with invalid device cgroup rule <a href="https://github.com/moby/moby/pull/42001">moby/moby#42001</a>
+</li> <li>Fix userns-remap option when username &amp; UID match <a href="https://github.com/moby/moby/pull/42013">moby/moby#42013</a>
+</li> <li>static: update runc binary to v1.0.0-rc93 <a href="https://github.com/moby/moby/pull/42014">moby/moby#42014</a>
+</li> </ul> <h3 id="logger">Logger</h3> <ul> <li>Honor <code class="language-plaintext highlighter-rouge">labels-regex</code> config even if <code class="language-plaintext highlighter-rouge">labels</code> is not set <a href="https://github.com/moby/moby/pull/42046">moby/moby#42046</a>
+</li> <li>Handle long log messages correctly preventing awslogs in non-blocking mode to split events bigger than 16kB <a href="https://github.com/moby/moby/pull/41975">mobymoby#41975</a>
+</li> </ul> <h3 id="rootless-3">Rootless</h3> <ul> <li>Prevent the service hanging when stopping by setting systemd KillMode to mixed <a href="https://github.com/moby/moby/pull/41956">moby/moby#41956</a>
+</li> <li>dockerd-rootless.sh: add typo guard <a href="https://github.com/moby/moby/pull/42070">moby/moby#42070</a>
+</li> <li>Update rootlesskit to v0.13.1 to fix handling of IPv6 addresses <a href="https://github.com/moby/moby/pull/42025">moby/moby#42025</a>
+</li> <li>allow mknodding FIFO inside userns <a href="https://github.com/moby/moby/pull/41957">moby/moby#41957</a>
+</li> </ul> <h3 id="security">Security</h3> <ul> <li>profiles: seccomp: update to Linux 5.11 syscall list <a href="https://github.com/moby/moby/pull/41971">moby/moby#41971</a>
+</li> </ul> <h3 id="swarm-2">Swarm</h3> <ul> <li>Fix issue with heartbeat not persisting upon restart <a href="https://github.com/moby/moby/pull/42060">moby/moby#42060</a>
+</li> <li>Fix potential stalled tasks <a href="https://github.com/moby/moby/pull/42060">moby/moby#42060</a>
+</li> <li>Fix <code class="language-plaintext highlighter-rouge">--update-order</code> and <code class="language-plaintext highlighter-rouge">--rollback-order</code> flags when only <code class="language-plaintext highlighter-rouge">--update-order</code> or <code class="language-plaintext highlighter-rouge">--rollback-order</code> is provided <a href="https://github.com/docker/cli/pull/2963">docker/cli#2963</a>
+</li> <li>Fix <code class="language-plaintext highlighter-rouge">docker service rollback</code> returning a non-zero exit code in some situations <a href="https://github.com/docker/cli/pull/2964">docker/cli#2964</a>
+</li> <li>Fix inconsistent progress-bar direction on <code class="language-plaintext highlighter-rouge">docker service rollback</code> <a href="https://github.com/docker/cli/pull/2964">docker/cli#2964</a>
+</li> </ul> <h2 id="20103">20.10.3</h2> <p>2021-02-01</p> <h3 id="security-1">Security</h3> <ul> <li>
+<a href="https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8">CVE-2021-21285</a> Prevent an invalid image from crashing docker daemon</li> <li>
+<a href="https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc">CVE-2021-21284</a> Lock down file permissions to prevent remapped root from accessing docker state</li> <li>Ensure AppArmor and SELinux profiles are applied when building with BuildKit</li> </ul> <h3 id="client-7">Client</h3> <ul> <li>Check contexts before importing them to reduce risk of extracted files escaping context store</li> <li>Windows: prevent executing certain binaries from current directory <a href="https://github.com/docker/cli/pull/2950">docker/cli#2950</a>
+</li> </ul> <h2 id="20102">20.10.2</h2> <p>2021-01-04</p> <h3 id="runtime-4">Runtime</h3> <ul> <li>Fix a daemon start up hang when restoring containers with restart policies but that keep failing to start <a href="https://github.com/moby/moby/pull/41729">moby/moby#41729</a>
+</li> <li>overlay2: fix an off-by-one error preventing to build or run containers when data-root is 24-bytes long <a href="https://github.com/moby/moby/pull/41830">moby/moby#41830</a>
+</li> <li>systemd: send <code class="language-plaintext highlighter-rouge">sd_notify STOPPING=1</code> when shutting down <a href="https://github.com/moby/moby/pull/41832">moby/moby#41832</a>
+</li> </ul> <h3 id="networking-2">Networking</h3> <ul> <li>Fix IPv6 port forwarding <a href="https://github.com/moby/moby/pull/41805">moby/moby#41805</a> <a href="https://github.com/moby/libnetwork/pull/2604">moby/libnetwork#2604</a>
+</li> </ul> <h3 id="swarm-3">Swarm</h3> <ul> <li>Fix filtering for <code class="language-plaintext highlighter-rouge">replicated-job</code> and <code class="language-plaintext highlighter-rouge">global-job</code> service modes <a href="https://github.com/moby/moby/pull/41806">moby/moby#41806</a>
+</li> </ul> <h3 id="packaging-11">Packaging</h3> <ul> <li>buildx updated to <a href="https://github.com/docker/buildx/releases/tag/v0.5.1">v0.5.1</a> <a href="https://github.com/docker/docker-ce-packaging/pull/516">docker/docker-ce-packaging#516</a>
+</li> </ul> <h2 id="20101">20.10.1</h2> <p>2020-12-14</p> <h3 id="builder-6">Builder</h3> <ul> <li>buildkit: updated to <a href="https://github.com/moby/buildkit/releases/tag/v0.8.1">v0.8.1</a> with various bugfixes <a href="https://github.com/moby/moby/pull/41793">moby/moby#41793</a>
+</li> </ul> <h3 id="packaging-12">Packaging</h3> <ul> <li>Revert a change in the systemd unit that could prevent docker from starting due to a startup order conflict <a href="https://github.com/docker/docker-ce-packaging/pull/514">docker/docker-ce-packaging#514</a>
+</li> <li>buildx updated to <a href="https://github.com/docker/buildx/releases/tag/v0.5.0">v0.5.0</a> <a href="https://github.com/docker/docker-ce-packaging/pull/515">docker/docker-ce-packaging#515</a>
+</li> </ul> <h2 id="20100">20.10.0</h2> <p>2020-12-08</p> <h3 id="deprecation--removal">Deprecation / Removal</h3> <p>For an overview of all deprecated features, refer to the <a href="../deprecated/index">Deprecated Engine Features</a> page.</p> <ul> <li>Warnings and deprecation notice when <code class="language-plaintext highlighter-rouge">docker pull</code>-ing from non-compliant registries not supporting pull-by-digest <a href="https://github.com/docker/cli/pull/2872">docker/cli#2872</a>
+</li> <li>Sterner warnings and deprecation notice for unauthenticated tcp access <a href="https://github.com/moby/moby/pull/41285">moby/moby#41285</a>
+</li> <li>Deprecate KernelMemory (<code class="language-plaintext highlighter-rouge">docker run --kernel-memory</code>) <a href="https://github.com/moby/moby/pull/41254">moby/moby#41254</a> <a href="https://github.com/docker/cli/pull/2652">docker/cli#2652</a>
+</li> <li>Deprecate <code class="language-plaintext highlighter-rouge">aufs</code> storage driver <a href="https://github.com/docker/cli/pull/1484">docker/cli#1484</a>
+</li> <li>Deprecate host-discovery and overlay networks with external k/v stores <a href="https://github.com/moby/moby/pull/40614">moby/moby#40614</a> <a href="https://github.com/moby/moby/pull/40510">moby/moby#40510</a>
+</li> <li>Deprecate Dockerfile legacy ‘ENV name value’ syntax, use <code class="language-plaintext highlighter-rouge">ENV name=value</code> instead <a href="https://github.com/docker/cli/pull/2743">docker/cli#2743</a>
+</li> <li>Remove deprecated “filter” parameter for API v1.41 and up <a href="https://github.com/moby/moby/pull/40491">moby/moby#40491</a>
+</li> <li>Disable distribution manifest v2 schema 1 on push <a href="https://github.com/moby/moby/pull/41295">moby/moby#41295</a>
+</li> <li>Remove hack MalformedHostHeaderOverride breaking old docker clients (&lt;= 1.12) in which case, set <code class="language-plaintext highlighter-rouge">DOCKER_API_VERSION</code> <a href="https://github.com/moby/moby/pull/39076">moby/moby#39076</a>
+</li> <li>Remove “docker engine” subcommands <a href="https://github.com/docker/cli/pull/2207">docker/cli#2207</a>
+</li> <li>Remove experimental “deploy” from “dab” files <a href="https://github.com/docker/cli/pull/2216">docker/cli#2216</a>
+</li> <li>Remove deprecated <code class="language-plaintext highlighter-rouge">docker search --automated</code> and <code class="language-plaintext highlighter-rouge">--stars</code> flags <a href="https://github.com/docker/cli/pull/2338">docker/cli#2338</a>
+</li> <li>No longer allow reserved namespaces in engine labels <a href="https://github.com/docker/cli/pull/2326">docker/cli#2326</a>
+</li> </ul> <h3 id="api">API</h3> <ul> <li>Update API version to v1.41</li> <li>Do not require “experimental” for metrics API <a href="https://github.com/moby/moby/pull/40427">moby/moby#40427</a>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">GET /events</code> now returns <code class="language-plaintext highlighter-rouge">prune</code> events after pruning resources have completed <a href="https://github.com/moby/moby/pull/41259">moby/moby#41259</a> <ul> <li>Prune events are returned for <code class="language-plaintext highlighter-rouge">container</code>, <code class="language-plaintext highlighter-rouge">network</code>, <code class="language-plaintext highlighter-rouge">volume</code>, <code class="language-plaintext highlighter-rouge">image</code>, and <code class="language-plaintext highlighter-rouge">builder</code>, and have a <code class="language-plaintext highlighter-rouge">reclaimed</code> attribute, indicating the amount of space reclaimed (in bytes)</li> </ul> </li> <li>Add <code class="language-plaintext highlighter-rouge">one-shot</code> stats option to not prime the stats <a href="https://github.com/moby/moby/pull/40478">moby/moby#40478</a>
+</li> <li>Adding OS version info to the system info’s API (<code class="language-plaintext highlighter-rouge">/info</code>) <a href="https://github.com/moby/moby/pull/38349">moby/moby#38349</a>
+</li> <li>Add DefaultAddressPools to docker info <a href="https://github.com/moby/moby/pull/40714">moby/moby#40714</a>
+</li> <li>Add API support for PidsLimit on services <a href="https://github.com/moby/moby/pull/39882">moby/moby#39882</a>
+</li> </ul> <h3 id="builder-7">Builder</h3> <ul> <li>buildkit,dockerfile: Support for <code class="language-plaintext highlighter-rouge">RUN --mount</code> options without needing to specify experimental dockerfile <code class="language-plaintext highlighter-rouge">#syntax</code> directive. <a href="https://github.com/moby/buildkit/pull/1717">moby/buildkit#1717</a>
+</li> <li>dockerfile: <code class="language-plaintext highlighter-rouge">ARG</code> command now supports defining multiple build args on the same line similarly to <code class="language-plaintext highlighter-rouge">ENV</code> <a href="https://github.com/moby/buildkit/pull/1692">moby/buildkit#1692</a>
+</li> <li>dockerfile: <code class="language-plaintext highlighter-rouge">--chown</code> flag in <code class="language-plaintext highlighter-rouge">ADD</code> now allows parameter expansion <a href="https://github.com/moby/buildkit/pull/1473">moby/buildkit#1473</a>
+</li> <li>buildkit: Fetching authorization tokens has been moved to client-side (if the client supports it). Passwords do not leak into the build daemon anymore and users can see from build output when credentials or tokens are accessed. <a href="https://github.com/moby/buildkit/pull/1660">moby/buildkit#1660</a>
+</li> <li>buildkit: Connection errors while communicating with the registry for push and pull now trigger a retry <a href="https://github.com/moby/buildkit/pull/1791">moby/buildkit#1791</a>
+</li> <li>buildkit: Git source now supports token authentication via build secrets <a href="https://github.com/moby/moby/pull/41234">moby/moby#41234</a> <a href="https://github.com/docker/cli/pull/2656">docker/cli#2656</a> <a href="https://github.com/moby/buildkit/pull/1533">moby/buildkit#1533</a>
+</li> <li>buildkit: Building from git source now supports forwarding SSH socket for authentication <a href="https://github.com/moby/buildkit/pull/1782">moby/buildkit#1782</a>
+</li> <li>buildkit: Avoid builds that generate excessive logs to cause a crash or slow down the build. Clipping is performed if needed. <a href="https://github.com/moby/buildkit/pull/1754">moby/buildkit#1754</a>
+</li> <li>buildkit: Change default Seccomp profile to the one provided by Docker <a href="https://github.com/moby/buildkit/pull/1807">moby/buildkit#1807</a>
+</li> <li>buildkit: Support for exposing SSH agent socket on Windows has been improved <a href="https://github.com/moby/buildkit/pull/1695">moby/buildkit#1695</a>
+</li> <li>buildkit: Disable truncating by default when using --progress=plain <a href="https://github.com/moby/buildkit/pull/1435">moby/buildkit#1435</a>
+</li> <li>buildkit: Allow better handling client sessions dropping while it is being shared by multiple builds <a href="https://github.com/moby/buildkit/pull/1551">moby/buildkit#1551</a>
+</li> <li>buildkit: secrets: allow providing secrets with env <a href="https://github.com/moby/moby/pull/41234">moby/moby#41234</a> <a href="https://github.com/docker/cli/pull/2656">docker/cli#2656</a> <a href="https://github.com/moby/buildkit/pull/1534">moby/buildkit#1534</a> <ul> <li>Support <code class="language-plaintext highlighter-rouge">--secret id=foo,env=MY_ENV</code> as an alternative for storing a secret value to a file.</li> <li>
+<code class="language-plaintext highlighter-rouge">--secret id=GIT_AUTH_TOKEN</code> will load env if it exists and the file does not.</li> </ul> </li> <li>buildkit: Support for mirrors fallbacks, insecure TLS and custom TLS config <a href="https://github.com/moby/moby/pull/40814">moby/moby#40814</a>
+</li> <li>buildkit: remotecache: Only visit each item once when walking results <a href="https://github.com/moby/moby/pull/41234">moby/moby#41234</a> <a href="https://github.com/moby/buildkit/pull/1577">moby/buildkit#1577</a> <ul> <li>Improves performance and CPU use on bigger graphs</li> </ul> </li> <li>buildkit: Check remote when local image platform doesn’t match <a href="https://github.com/moby/moby/pull/40629">moby/moby#40629</a>
+</li> <li>buildkit: image export: Use correct media type when creating new layer blobs <a href="https://github.com/moby/moby/pull/41234">moby/moby#41234</a> <a href="https://github.com/moby/buildkit/pull/1541">moby/buildkit#1541</a>
+</li> <li>buildkit: progressui: fix logs time formatting <a href="https://github.com/moby/moby/pull/41234">moby/moby#41234</a> <a href="https://github.com/docker/cli/pull/2656">docker/cli#2656</a> <a href="https://github.com/moby/buildkit/pull/1549">moby/buildkit#1549</a>
+</li> <li>buildkit: mitigate containerd issue on parallel push <a href="https://github.com/moby/moby/pull/41234">moby/moby#41234</a> <a href="https://github.com/moby/buildkit/pull/1548">moby/buildkit#1548</a>
+</li> <li>buildkit: inline cache: fix handling of duplicate blobs <a href="https://github.com/moby/moby/pull/41234">moby/moby#41234</a> <a href="https://github.com/moby/buildkit/pull/1568">moby/buildkit#1568</a> <ul> <li>Fixes https://github.com/moby/buildkit/issues/1388 cache-from working unreliably</li> <li>Fixes https://github.com/moby/moby/issues/41219 Image built from cached layers is missing data</li> </ul> </li> <li>Allow ssh:// for remote context URLs <a href="https://github.com/moby/moby/pull/40179">moby/moby#40179</a>
+</li> <li>builder: remove legacy build’s session handling (was experimental) <a href="https://github.com/moby/moby/pull/39983">moby/moby#39983</a>
+</li> </ul> <h3 id="client-8">Client</h3> <ul> <li>Add swarm jobs support to CLI <a href="https://github.com/docker/cli/pull/2262">docker/cli#2262</a>
+</li> <li>Add <code class="language-plaintext highlighter-rouge">-a/--all-tags</code> to docker push <a href="https://github.com/docker/cli/pull/2220">docker/cli#2220</a>
+</li> <li>Add support for Kubernetes username/password auth <a href="https://github.com/docker/cli/pull/2308">docker/cli#2308</a>
+</li> <li>Add <code class="language-plaintext highlighter-rouge">--pull=missing|always|never</code> to <code class="language-plaintext highlighter-rouge">run</code> and <code class="language-plaintext highlighter-rouge">create</code> commands <a href="https://github.com/docker/cli/pull/1498">docker/cli#1498</a>
+</li> <li>Add <code class="language-plaintext highlighter-rouge">--env-file</code> flag to <code class="language-plaintext highlighter-rouge">docker exec</code> for parsing environment variables from a file <a href="https://github.com/docker/cli/pull/2602">docker/cli#2602</a>
+</li> <li>Add shorthand <code class="language-plaintext highlighter-rouge">-n</code> for <code class="language-plaintext highlighter-rouge">--tail</code> option <a href="https://github.com/docker/cli/pull/2646">docker/cli#2646</a>
+</li> <li>Add log-driver and options to service inspect “pretty” format <a href="https://github.com/docker/cli/pull/1950">docker/cli#1950</a>
+</li> <li>docker run: specify cgroup namespace mode with <code class="language-plaintext highlighter-rouge">--cgroupns</code> <a href="https://github.com/docker/cli/pull/2024">docker/cli#2024</a>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">docker manifest rm</code> command to remove manifest list draft from local storage <a href="https://github.com/docker/cli/pull/2449">docker/cli#2449</a>
+</li> <li>Add “context” to “docker version” and “docker info” <a href="https://github.com/docker/cli/pull/2500">docker/cli#2500</a>
+</li> <li>Propagate platform flag to container create API <a href="https://github.com/docker/cli/pull/2551">docker/cli#2551</a>
+</li> <li>The <code class="language-plaintext highlighter-rouge">docker ps --format</code> flag now has a <code class="language-plaintext highlighter-rouge">.State</code> placeholder to print the container’s state without additional details about uptime and health check <a href="https://github.com/docker/cli/pull/2000">docker/cli#2000</a>
+</li> <li>Add support for docker-compose schema v3.9 <a href="https://github.com/docker/cli/pull/2073">docker/cli#2073</a>
+</li> <li>Add support for docker push <code class="language-plaintext highlighter-rouge">--quiet</code> <a href="https://github.com/docker/cli/pull/2197">docker/cli#2197</a>
+</li> <li>Hide flags that are not supported by BuildKit, if BuildKit is enabled <a href="https://github.com/docker/cli/pull/2123">docker/cli#2123</a>
+</li> <li>Update flag description for <code class="language-plaintext highlighter-rouge">docker rm -v</code> to clarify the option only removes anonymous (unnamed) volumes <a href="https://github.com/docker/cli/pull/2289">docker/cli#2289</a>
+</li> <li>Improve tasks printing for docker services <a href="https://github.com/docker/cli/pull/2341">docker/cli#2341</a>
+</li> <li>docker info: list CLI plugins alphabetically <a href="https://github.com/docker/cli/pull/2236">docker/cli#2236</a>
+</li> <li>Fix order of processing of <code class="language-plaintext highlighter-rouge">--label-add/--label-rm</code>, <code class="language-plaintext highlighter-rouge">--container-label-add/--container-label-rm</code>, and <code class="language-plaintext highlighter-rouge">--env-add/--env-rm</code> flags on <code class="language-plaintext highlighter-rouge">docker service update</code> to allow replacing existing values <a href="https://github.com/docker/cli/pull/2668">docker/cli#2668</a>
+</li> <li>Fix <code class="language-plaintext highlighter-rouge">docker rm --force</code> returning a non-zero exit code if one or more containers did not exist <a href="https://github.com/docker/cli/pull/2678">docker/cli#2678</a>
+</li> <li>Improve memory stats display by using <code class="language-plaintext highlighter-rouge">total_inactive_file</code> instead of <code class="language-plaintext highlighter-rouge">cache</code> <a href="https://github.com/docker/cli/pull/2415">docker/cli#2415</a>
+</li> <li>Mitigate against YAML files that has excessive aliasing <a href="https://github.com/docker/cli/pull/2117">docker/cli#2117</a>
+</li> <li>Allow using advanced syntax when setting a config or secret with only the source field <a href="https://github.com/docker/cli/pull/2243">docker/cli#2243</a>
+</li> <li>Fix reading config files containing <code class="language-plaintext highlighter-rouge">username</code> and <code class="language-plaintext highlighter-rouge">password</code> auth even if <code class="language-plaintext highlighter-rouge">auth</code> is empty <a href="https://github.com/docker/cli/pull/2122">docker/cli#2122</a>
+</li> <li>docker cp: prevent NPE when failing to stat destination <a href="https://github.com/docker/cli/pull/2221">docker/cli#2221</a>
+</li> <li>config: preserve ownership and permissions on configfile <a href="https://github.com/docker/cli/pull/2228">docker/cli#2228</a>
+</li> </ul> <h3 id="logging-3">Logging</h3> <ul> <li>Support reading <code class="language-plaintext highlighter-rouge">docker logs</code> with all logging drivers (best effort) <a href="https://github.com/moby/moby/pull/40543">moby/moby#40543</a>
+</li> <li>Add <code class="language-plaintext highlighter-rouge">splunk-index-acknowledgment</code> log option to work with Splunk HECs with index acknowledgment enabled <a href="https://github.com/moby/moby/pull/39987">moby/moby#39987</a>
+</li> <li>Add partial metadata to journald logs <a href="https://github.com/moby/moby/pull/41407">moby/moby#41407</a>
+</li> <li>Reduce allocations for logfile reader <a href="https://github.com/moby/moby/pull/40796">moby/moby#40796</a>
+</li> <li>Fluentd: add fluentd-async, fluentd-request-ack, and deprecate fluentd-async-connect <a href="https://github.com/moby/moby/pull/39086">moby/moby#39086</a>
+</li> </ul> <h3 id="runtime-5">Runtime</h3> <ul> <li>Support cgroup2 <a href="https://github.com/moby/moby/pull/40174">moby/moby#40174</a> <a href="https://github.com/moby/moby/pull/40657">moby/moby#40657</a> <a href="https://github.com/moby/moby/pull/40662">moby/moby#40662</a>
+</li> <li>cgroup2: use “systemd” cgroup driver by default when available <a href="https://github.com/moby/moby/pull/40846">moby/moby#40846</a>
+</li> <li>new storage driver: fuse-overlayfs <a href="https://github.com/moby/moby/pull/40483">moby/moby#40483</a>
+</li> <li>Update containerd binary to v1.4.3 <a href="https://github.com/moby/moby/pull/41732">moby/moby#41732</a>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">docker push</code> now defaults to <code class="language-plaintext highlighter-rouge">latest</code> tag instead of all tags <a href="https://github.com/moby/moby/pull/40302">moby/moby#40302</a>
+</li> <li>Added ability to change the number of reconnect attempts during connection loss while pulling an image by adding max-download-attempts to the config file <a href="https://github.com/moby/moby/pull/39949">moby/moby#39949</a>
+</li> <li>Add support for containerd v2 shim by using the now default <code class="language-plaintext highlighter-rouge">io.containerd.runc.v2</code> runtime <a href="https://github.com/moby/moby/pull/41182">moby/moby#41182</a>
+</li> <li>cgroup v1: change the default runtime to io.containerd.runc.v2. Requires containerd v1.3.0 or later. v1.3.5 or later is recommended <a href="https://github.com/moby/moby/pull/41210">moby/moby#41210</a>
+</li> <li>Start containers in their own cgroup namespaces <a href="https://github.com/moby/moby/pull/38377">moby/moby#38377</a>
+</li> <li>Enable DNS Lookups for CIFS Volumes <a href="https://github.com/moby/moby/pull/39250">moby/moby#39250</a>
+</li> <li>Use MemAvailable instead of MemFree to estimate actual available memory <a href="https://github.com/moby/moby/pull/39481">moby/moby#39481</a>
+</li> <li>The <code class="language-plaintext highlighter-rouge">--device</code> flag in <code class="language-plaintext highlighter-rouge">docker run</code> will now be honored when the container is started in privileged mode <a href="https://github.com/moby/moby/pull/40291">moby/moby#40291</a>
+</li> <li>Enforce reserved internal labels <a href="https://github.com/moby/moby/pull/40394">moby/moby#40394</a>
+</li> <li>Raise minimum memory limit to 6M, to account for higher memory use by runtimes during container startup <a href="https://github.com/moby/moby/pull/41168">moby/moby#41168</a>
+</li> <li>Add support for <code class="language-plaintext highlighter-rouge">CAP_PERFMON</code>, <code class="language-plaintext highlighter-rouge">CAP_BPF</code>, and <code class="language-plaintext highlighter-rouge">CAP_CHECKPOINT_RESTORE</code> on supported kernels <a href="https://github.com/moby/moby/pull/41460">moby/moby#41460</a>
+</li> <li>vendor runc v1.0.0-rc92 <a href="https://github.com/moby/moby/pull/41344">moby/moby#41344</a> <a href="https://github.com/moby/moby/pull/41317">moby/moby#41317</a>
+</li> <li>info: add warnings about missing blkio cgroup support <a href="https://github.com/moby/moby/pull/41083">moby/moby#41083</a>
+</li> <li>Accept platform spec on container create <a href="https://github.com/moby/moby/pull/40725">moby/moby#40725</a>
+</li> <li>Fix handling of looking up user- and group-names with spaces <a href="https://github.com/moby/moby/pull/41377">moby/moby#41377</a>
+</li> </ul> <h3 id="networking-3">Networking</h3> <ul> <li>Support host.docker.internal in dockerd on Linux <a href="https://github.com/moby/moby/pull/40007">moby/moby#40007</a>
+</li> <li>Include IPv6 address of linked containers in /etc/hosts <a href="https://github.com/moby/moby/pull/39837">moby/moby#39837</a>
+</li> <li>
+<code class="language-plaintext highlighter-rouge">--ip6tables</code> enables IPv6 iptables rules (only if experimental) <a href="https://github.com/moby/moby/pull/41622">moby/moby#41622</a>
+</li> <li>Add alias for hostname if hostname != container name <a href="https://github.com/moby/moby/pull/39204">moby/moby#39204</a>
+</li> <li>Better selection of DNS server (with systemd) <a href="https://github.com/moby/moby/pull/41022">moby/moby#41022</a>
+</li> <li>Add docker interfaces to firewalld docker zone <a href="https://github.com/moby/moby/pull/41189">moby/moby#41189</a> <a href="https://github.com/moby/libnetwork/pull/2548">moby/libnetwork#2548</a> <ul> <li>Fixes DNS issue on CentOS8 <a href="https://github.com/docker/for-linux/issues/957">docker/for-linux#957</a>
+</li> <li>Fixes Port Forwarding on RHEL 8 with Firewalld running with FirewallBackend=nftables <a href="https://github.com/moby/libnetwork/issues/2496">moby/libnetwork#2496</a>
+</li> </ul> </li> <li>Fix an issue reporting ‘failed to get network during CreateEndpoint’ <a href="https://github.com/moby/moby/pull/41189">moby/moby#41189</a> <a href="https://github.com/moby/libnetwork/pull/2554">moby/libnetwork#2554</a>
+</li> <li>Log error instead of disabling IPv6 router advertisement failed <a href="https://github.com/moby/moby/pull/41189">moby/moby#41189</a> <a href="https://github.com/moby/libnetwork/pull/2563">moby/libnetwork#2563</a>
+</li> <li>No longer ignore <code class="language-plaintext highlighter-rouge">--default-address-pool</code> option in certain cases <a href="https://github.com/moby/moby/pull/40711">moby/moby#40711</a>
+</li> <li>Produce an error with invalid address pool <a href="https://github.com/moby/moby/pull/40808">moby/moby#40808</a> <a href="https://github.com/moby/libnetwork/pull/2538">moby/libnetwork#2538</a>
+</li> <li>Fix <code class="language-plaintext highlighter-rouge">DOCKER-USER</code> chain not created when IPTableEnable=false <a href="https://github.com/moby/moby/pull/40808">moby/moby#40808</a> <a href="https://github.com/moby/libnetwork/pull/2471">moby/libnetwork#2471</a>
+</li> <li>Fix panic on startup in systemd environments <a href="https://github.com/moby/moby/pull/40808">moby/moby#40808</a> <a href="https://github.com/moby/libnetwork/pull/2544">moby/libnetwork#2544</a>
+</li> <li>Fix issue preventing containers to communicate over macvlan internal network <a href="https://github.com/moby/moby/pull/40596">moby/moby#40596</a> <a href="https://github.com/moby/libnetwork/pull/2407">moby/libnetwork#2407</a>
+</li> <li>Fix InhibitIPv4 nil panic <a href="https://github.com/moby/moby/pull/40596">moby/moby#40596</a>
+</li> <li>Fix VFP leak in Windows overlay network deletion <a href="https://github.com/moby/moby/pull/40596">moby/moby#40596</a> <a href="https://github.com/moby/libnetwork/pull/2524">moby/libnetwork#2524</a>
+</li> </ul> <h3 id="packaging-13">Packaging</h3> <ul> <li>docker.service: Add multi-user.target to After= in unit file <a href="https://github.com/moby/moby/pull/41297">moby/moby#41297</a>
+</li> <li>docker.service: Allow socket activation <a href="https://github.com/moby/moby/pull/37470">moby/moby#37470</a>
+</li> <li>seccomp: Remove dependency in dockerd on libseccomp <a href="https://github.com/moby/moby/pull/41395">moby/moby#41395</a>
+</li> </ul> <h3 id="rootless-4">Rootless</h3> <ul> <li>rootless: graduate from experimental <a href="https://github.com/moby/moby/pull/40759">moby/moby#40759</a>
+</li> <li>Add dockerd-rootless-setuptool.sh <a href="https://github.com/moby/moby/pull/40950">moby/moby#40950</a>
+</li> <li>Support <code class="language-plaintext highlighter-rouge">--exec-opt native.cgroupdriver=systemd</code> <a href="https://github.com/moby/moby/pull/40486">moby/moby#40486</a>
+</li> </ul> <h3 id="security-2">Security</h3> <ul> <li>Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc <a href="https://github.com/moby/moby/pull/39612">moby/moby#39612</a>
+</li> <li>seccomp: Whitelist <code class="language-plaintext highlighter-rouge">clock_adjtime</code>. <code class="language-plaintext highlighter-rouge">CAP_SYS_TIME</code> is still required for time adjustment <a href="https://github.com/moby/moby/pull/40929">moby/moby#40929</a>
+</li> <li>seccomp: Add openat2 and faccessat2 to default seccomp profile <a href="https://github.com/moby/moby/pull/41353">moby/moby#41353</a>
+</li> <li>seccomp: allow ‘rseq’ syscall in default seccomp profile <a href="https://github.com/moby/moby/pull/41158">moby/moby#41158</a>
+</li> <li>seccomp: allow syscall membarrier <a href="https://github.com/moby/moby/pull/40731">moby/moby#40731</a>
+</li> <li>seccomp: whitelist io-uring related system calls <a href="https://github.com/moby/moby/pull/39415">moby/moby#39415</a>
+</li> <li>Add default sysctls to allow ping sockets and privileged ports with no capabilities <a href="https://github.com/moby/moby/pull/41030">moby/moby#41030</a>
+</li> <li>Fix seccomp profile for clone syscall <a href="https://github.com/moby/moby/pull/39308">moby/moby#39308</a>
+</li> </ul> <h3 id="swarm-4">Swarm</h3> <ul> <li>Add support for swarm jobs <a href="https://github.com/moby/moby/pull/40307">moby/moby#40307</a>
+</li> <li>Add capabilities support to stack/service commands <a href="https://github.com/docker/cli/pull/2687">docker/cli#2687</a> <a href="https://github.com/docker/cli/pull/2709">docker/cli#2709</a> <a href="https://github.com/moby/moby/pull/39173">moby/moby#39173</a> <a href="https://github.com/moby/moby/pull/41249">moby/moby#41249</a>
+</li> <li>Add support for sending down service Running and Desired task counts <a href="https://github.com/moby/moby/pull/39231">moby/moby#39231</a>
+</li> <li>service: support <code class="language-plaintext highlighter-rouge">--mount type=bind,bind-nonrecursive</code> <a href="https://github.com/moby/moby/pull/38788">moby/moby#38788</a>
+</li> <li>Support ulimits on Swarm services. <a href="https://github.com/moby/moby/pull/41284">moby/moby#41284</a> <a href="https://github.com/docker/cli/pull/2712">docker/cli#2712</a>
+</li> <li>Fixed an issue where service logs could leak goroutines on the worker <a href="https://github.com/moby/moby/pull/40426">moby/moby#40426</a>
+</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=docker%20engine">docker engine</a>, <a href="https://docs.docker.com/search/?q=ce">ce</a>, <a href="https://docs.docker.com/search/?q=whats%20new">whats new</a>, <a href="https://docs.docker.com/search/?q=release%20notes">release notes</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/release-notes/" class="_attribution-link">https://docs.docker.com/engine/release-notes/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fscan%2Findex.html b/devdocs/docker/engine%2Fscan%2Findex.html
new file mode 100644
index 00000000..0b7a378e
--- /dev/null
+++ b/devdocs/docker/engine%2Fscan%2Findex.html
@@ -0,0 +1,275 @@
+<h1>Vulnerability scanning for Docker local images</h1>
+
+<div class="docker-upgrade-cta" role="alert"> <div class="docker-upgrade-cta__heading"> Scan your images for free </div> <p>Did you know that you can now get 10 free scans per month? Sign in to Docker to start scanning your images for vulnerabilities.</p> <a class="btn btn-primary" role="button" href="https://www.docker.com/pricing?utm_source=docker&amp;utm_medium=webreferral&amp;utm_campaign=docs_driven_upgrade_scan" target="_blank"> Sign in </a> </div> <p>Looking to speed up your development cycles? Quickly detect and learn how to remediate CVEs in your images by running <code class="language-plaintext highlighter-rouge">docker scan IMAGE_NAME</code>. Check out <a href="#how-to-scan-images">How to scan images</a> for details.</p> <p>Vulnerability scanning for Docker local images allows developers and development teams to review the security state of the container images and take actions to fix issues identified during the scan, resulting in more secure deployments. Docker Scan runs on Snyk engine, providing users with visibility into the security posture of their local Dockerfiles and local images.</p> <p>Users trigger vulnerability scans through the CLI, and use the CLI to view the scan results. The scan results contain a list of Common Vulnerabilities and Exposures (CVEs), the sources, such as OS packages and libraries, versions in which they were introduced, and a recommended fixed version (if available) to remediate the CVEs discovered.</p> <blockquote class="important"> <p><strong>Log4j 2 CVE-2021-44228</strong></p> <p>Versions of <code class="language-plaintext highlighter-rouge">docker Scan</code> earlier than <code class="language-plaintext highlighter-rouge">v0.11.0</code> are not able to detect <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-44228" target="_blank" rel="noopener" class="_">Log4j 2 CVE-2021-44228</a>. You must update your Docker Desktop installation to 4.3.1 or higher to fix this issue. For more information, see <a href="#scan-images-for-log4j-2-cve">Scan images for Log4j 2 CVE</a>.</p> </blockquote> <p>For information about the system requirements to run vulnerability scanning, see <a href="#prerequisites">Prerequisites</a>.</p> <p>This page contains information about the <code class="language-plaintext highlighter-rouge">docker scan</code> CLI command. For information about automatically scanning Docker images through Docker Hub, see <a href="https://docs.docker.com/docker-hub/vulnerability-scanning/">Hub Vulnerability Scanning</a>.</p> <h2 id="scan-images-for-log4j-2-cve">Scan images for Log4j 2 CVE</h2> <p>Docker Scan versions earlier than <code class="language-plaintext highlighter-rouge">v0.11.0</code> do not detect <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-44228" target="_blank" rel="noopener" class="_">Log4j 2 CVE-2021-44228</a> when you scan your images for vulnerabilities. You must update your Docker installation to the latest version to fix this issue.</p> <p>If you are using the <code class="language-plaintext highlighter-rouge">docker scan</code> plugin shipped with Docker Desktop, update Docker Desktop to version 4.3.1 or higher. See the release notes for <a href="https://docs.docker.com/desktop/mac/release-notes/">Mac</a> and <a href="https://docs.docker.com/desktop/windows/release-notes/">Windows</a> for download information.</p> <p>If you are using Linux, run the following command to manually install the latest version of <code class="language-plaintext highlighter-rouge">docker scan</code>:</p> <p>On <code class="language-plaintext highlighter-rouge">.deb</code> based distros, such as Ubuntu and Debian:</p> <div class="highlight"><pre class="highlight" data-language="">$ apt-get update &amp;&amp; apt-get install docker-scan-plugin
+</pre></div> <p>On rpm-based distros, such as CentOS or Fedora:</p> <div class="highlight"><pre class="highlight" data-language="">$ yum install docker-scan-plugin
+</pre></div> <p>Alternatively, you can manually download the <code class="language-plaintext highlighter-rouge">docker scan</code> binaries from the <a href="https://github.com/docker/scan-cli-plugin/releases/tag/v0.11.0" target="_blank" rel="noopener" class="_">Docker Scan</a> GitHub repository and <a href="https://github.com/docker/scan-cli-plugin" target="_blank" rel="noopener" class="_">install</a> in the plugins directory.</p> <h3 id="verify-the-docker-scan-version">Verify the <code class="language-plaintext highlighter-rouge">docker scan</code> version</h3> <p>After upgrading <code class="language-plaintext highlighter-rouge">docker scan</code>, verify you are running the latest version by running the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --accept-license --version
+Version:    v0.12.0
+Git commit: 1074dd0
+Provider:   Snyk (1.790.0 (standalone))
+</pre></div> <p>If your code output contains <code class="language-plaintext highlighter-rouge">ORGAPACHELOGGINGLOG4J</code>, it is likely that your code is affected by the Log4j 2 CVE-2021-44228 vulnerability. When you run the updated version of <code class="language-plaintext highlighter-rouge">docker scan</code>, you should also see a message in the output log similar to:</p> <div class="highlight"><pre class="highlight" data-language="">Upgrade org.apache.logging.log4j:log4j-core@2.14.0 to org.apache.logging.log4j:log4j-core@2.15.0 to fix
+✗ Arbitrary Code Execution (new) [Critical Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720] in org.apache.logging.log4j:log4j-core@2.14.0
+introduced by org.apache.logging.log4j:log4j-core@2.14.0
+</pre></div> <p>For more information, read our blog post <a href="https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/" target="_blank" rel="noopener" class="_">Apache Log4j 2 CVE-2021-44228</a>.</p> <h2 id="how-to-scan-images">How to scan images</h2> <p>The <code class="language-plaintext highlighter-rouge">docker scan</code> command allows you to scan existing Docker images using the image name or ID. For example, run the following command to scan the hello-world image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan hello-world
+
+Testing hello-world...
+
+Organization:      docker-desktop-test
+Package manager:   linux
+Project name:      docker-image|hello-world
+Docker image:      hello-world
+Licenses:          enabled
+
+✓ Tested 0 dependencies for known issues, no vulnerable paths found.
+
+Note that we do not currently have vulnerability data for your image.
+</pre></div> <h3 id="get-a-detailed-scan-report">Get a detailed scan report</h3> <p>You can get a detailed scan report about a Docker image by providing the Dockerfile used to create the image. The syntax is <code class="language-plaintext highlighter-rouge">docker scan --file PATH_TO_DOCKERFILE DOCKER_IMAGE</code>.</p> <p>For example, if you apply the option to the <code class="language-plaintext highlighter-rouge">docker-scan</code> test image, it displays the following result:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --file Dockerfile docker-scan:e2e
+Testing docker-scan:e2e
+...
+✗ High severity vulnerability found in perl
+  Description: Integer Overflow or Wraparound
+  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-570802
+  Introduced through: git@1:2.20.1-2+deb10u3, meta-common-packages@meta
+  From: git@1:2.20.1-2+deb10u3 &gt; perl@5.28.1-6
+  From: git@1:2.20.1-2+deb10u3 &gt; liberror-perl@0.17027-2 &gt; perl@5.28.1-6
+  From: git@1:2.20.1-2+deb10u3 &gt; perl@5.28.1-6 &gt; perl/perl-modules-5.28@5.28.1-6
+  and 3 more...
+  Introduced by your base image (golang:1.14.6)
+
+Organization:      docker-desktop-test
+Package manager:   deb
+Target file:       Dockerfile
+Project name:      docker-image|99138c65ebc7
+Docker image:      99138c65ebc7
+Base image:        golang:1.14.6
+Licenses:          enabled
+
+Tested 200 dependencies for known issues, found 157 issues.
+
+According to our scan, you are currently using the most secure version of the selected base image
+</pre></div> <h3 id="excluding-the-base-image">Excluding the base image</h3> <p>When using docker scan with the <code class="language-plaintext highlighter-rouge">--file</code> flag, you can also add the <code class="language-plaintext highlighter-rouge">--exclude-base</code> tag. This excludes the base image (specified in the Dockerfile using the <code class="language-plaintext highlighter-rouge">FROM</code> directive) vulnerabilities from your report. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --file Dockerfile --exclude-base docker-scan:e2e
+Testing docker-scan:e2e
+...
+✗ Medium severity vulnerability found in libidn2/libidn2-0
+  Description: Improper Input Validation
+  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
+  Introduced through: iputils/iputils-ping@3:20180629-2+deb10u1, wget@1.20.1-1.1, curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
+  From: iputils/iputils-ping@3:20180629-2+deb10u1 &gt; libidn2/libidn2-0@2.0.5-1+deb10u1
+  From: wget@1.20.1-1.1 &gt; libidn2/libidn2-0@2.0.5-1+deb10u1
+  From: curl@7.64.0-4+deb10u1 &gt; curl/libcurl4@7.64.0-4+deb10u1 &gt; libidn2/libidn2-0@2.0.5-1+deb10u1
+  and 3 more...
+  Introduced in your Dockerfile by 'RUN apk add -U --no-cache wget tar'
+
+
+
+Organization:      docker-desktop-test
+Package manager:   deb
+Target file:       Dockerfile
+Project name:      docker-image|99138c65ebc7
+Docker image:      99138c65ebc7
+Base image:        golang:1.14.6
+Licenses:          enabled
+
+Tested 200 dependencies for known issues, found 16 issues.
+</pre></div> <h3 id="viewing-the-json-output">Viewing the JSON output</h3> <p>You can also display the scan result as a JSON output by adding the <code class="language-plaintext highlighter-rouge">--json</code> flag to the command. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --json hello-world
+{
+  "vulnerabilities": [],
+  "ok": true,
+  "dependencyCount": 0,
+  "org": "docker-desktop-test",
+  "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.19.0\nignore: {}\npatch: {}\n",
+  "isPrivate": true,
+  "licensesPolicy": {
+    "severities": {},
+    "orgLicenseRules": {
+      "AGPL-1.0": {
+        "licenseType": "AGPL-1.0",
+        "severity": "high",
+        "instructions": ""
+      },
+      ...
+      "SimPL-2.0": {
+        "licenseType": "SimPL-2.0",
+        "severity": "high",
+        "instructions": ""
+      }
+    }
+  },
+  "packageManager": "linux",
+  "ignoreSettings": null,
+  "docker": {
+    "baseImageRemediation": {
+      "code": "SCRATCH_BASE_IMAGE",
+      "advice": [
+        {
+          "message": "Note that we do not currently have vulnerability data for your image.",
+          "bold": true,
+          "color": "yellow"
+        }
+      ]
+    },
+    "binariesVulns": {
+      "issuesData": {},
+      "affectedPkgs": {}
+    }
+  },
+  "summary": "No known vulnerabilities",
+  "filesystemPolicy": false,
+  "uniqueCount": 0,
+  "projectName": "docker-image|hello-world",
+  "path": "hello-world"
+}
+</pre></div> <p>In addition to the <code class="language-plaintext highlighter-rouge">--json</code> flag, you can also use the <code class="language-plaintext highlighter-rouge">--group-issues</code> flag to display a vulnerability only once in the scan report:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --json --group-issues docker-scan:e2e
+{
+    {
+      "title": "Improper Check for Dropped Privileges",
+      ...
+      "packageName": "bash",
+      "language": "linux",
+      "packageManager": "debian:10",
+      "description": "## Overview\nAn issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.\n\n## References\n- [CONFIRM](https://security.netapp.com/advisory/ntap-20200430-0003/)\n- [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2019-18276)\n- [GitHub Commit](https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff)\n- [MISC](http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html)\n- [MISC](https://www.youtube.com/watch?v=-wGtxJ8opa8)\n- [Ubuntu CVE Tracker](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-18276)\n",
+      "identifiers": {
+        "ALTERNATIVE": [],
+        "CVE": [
+          "CVE-2019-18276"
+        ],
+        "CWE": [
+          "CWE-273"
+        ]
+      },
+      "severity": "low",
+      "severityWithCritical": "low",
+      "cvssScore": 7.8,
+      "CVSSv3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F",
+      ...
+      "from": [
+        "docker-image|docker-scan@e2e",
+        "bash@5.0-4"
+      ],
+      "upgradePath": [],
+      "isUpgradable": false,
+      "isPatchable": false,
+      "name": "bash",
+      "version": "5.0-4"
+    },
+    ...
+    "summary": "880 vulnerable dependency paths",
+      "filesystemPolicy": false,
+      "filtered": {
+        "ignore": [],
+        "patch": []
+      },
+      "uniqueCount": 158,
+      "projectName": "docker-image|docker-scan",
+      "platform": "linux/amd64",
+      "path": "docker-scan:e2e"
+}
+</pre></div> <p>You can find all the sources of the vulnerability in the <code class="language-plaintext highlighter-rouge">from</code> section.</p> <h3 id="checking-the-dependency-tree">Checking the dependency tree</h3> <p>To view the dependency tree of your image, use the --dependency-tree flag. This displays all the dependencies before the scan result. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --dependency-tree debian:buster
+
+$ docker-image|99138c65ebc7 @ latest
+     ├─ ca-certificates @ 20200601~deb10u1
+     │  └─ openssl @ 1.1.1d-0+deb10u3
+     │     └─ openssl/libssl1.1 @ 1.1.1d-0+deb10u3
+     ├─ curl @ 7.64.0-4+deb10u1
+     │  └─ curl/libcurl4 @ 7.64.0-4+deb10u1
+     │     ├─ e2fsprogs/libcom-err2 @ 1.44.5-1+deb10u3
+     │     ├─ krb5/libgssapi-krb5-2 @ 1.17-3
+     │     │  ├─ e2fsprogs/libcom-err2 @ 1.44.5-1+deb10u3
+     │     │  ├─ krb5/libk5crypto3 @ 1.17-3
+     │     │  │  └─ krb5/libkrb5support0 @ 1.17-3
+     │     │  ├─ krb5/libkrb5-3 @ 1.17-3
+     │     │  │  ├─ e2fsprogs/libcom-err2 @ 1.44.5-1+deb10u3
+     │     │  │  ├─ krb5/libk5crypto3 @ 1.17-3
+     │     │  │  ├─ krb5/libkrb5support0 @ 1.17-3
+     │     │  │  └─ openssl/libssl1.1 @ 1.1.1d-0+deb10u3
+     │     │  └─ krb5/libkrb5support0 @ 1.17-3
+     │     ├─ libidn2/libidn2-0 @ 2.0.5-1+deb10u1
+     │     │  └─ libunistring/libunistring2 @ 0.9.10-1
+     │     ├─ krb5/libk5crypto3 @ 1.17-3
+     │     ├─ krb5/libkrb5-3 @ 1.17-3
+     │     ├─ openldap/libldap-2.4-2 @ 2.4.47+dfsg-3+deb10u2
+     │     │  ├─ gnutls28/libgnutls30 @ 3.6.7-4+deb10u4
+     │     │  │  ├─ nettle/libhogweed4 @ 3.4.1-1
+     │     │  │  │  └─ nettle/libnettle6 @ 3.4.1-1
+     │     │  │  ├─ libidn2/libidn2-0 @ 2.0.5-1+deb10u1
+     │     │  │  ├─ nettle/libnettle6 @ 3.4.1-1
+     │     │  │  ├─ p11-kit/libp11-kit0 @ 0.23.15-2
+     │     │  │  │  └─ libffi/libffi6 @ 3.2.1-9
+     │     │  │  ├─ libtasn1-6 @ 4.13-3
+     │     │  │  └─ libunistring/libunistring2 @ 0.9.10-1
+     │     │  ├─ cyrus-sasl2/libsasl2-2 @ 2.1.27+dfsg-1+deb10u1
+     │     │  │  └─ cyrus-sasl2/libsasl2-modules-db @ 2.1.27+dfsg-1+deb10u1
+     │     │  │     └─ db5.3/libdb5.3 @ 5.3.28+dfsg1-0.5
+     │     │  └─ openldap/libldap-common @ 2.4.47+dfsg-3+deb10u2
+     │     ├─ nghttp2/libnghttp2-14 @ 1.36.0-2+deb10u1
+     │     ├─ libpsl/libpsl5 @ 0.20.2-2
+     │     │  ├─ libidn2/libidn2-0 @ 2.0.5-1+deb10u1
+     │     │  └─ libunistring/libunistring2 @ 0.9.10-1
+     │     ├─ rtmpdump/librtmp1 @ 2.4+20151223.gitfa8646d.1-2
+     │     │  ├─ gnutls28/libgnutls30 @ 3.6.7-4+deb10u4
+     │     │  ├─ nettle/libhogweed4 @ 3.4.1-1
+     │     │  └─ nettle/libnettle6 @ 3.4.1-1
+     │     ├─ libssh2/libssh2-1 @ 1.8.0-2.1
+     │     │  └─ libgcrypt20 @ 1.8.4-5
+     │     └─ openssl/libssl1.1 @ 1.1.1d-0+deb10u3
+     ├─ gnupg2/dirmngr @ 2.2.12-1+deb10u1
+    ...
+
+Organization:      docker-desktop-test
+Package manager:   deb
+Project name:      docker-image|99138c65ebc7
+Docker image:      99138c65ebc7
+Licenses:          enabled
+
+Tested 200 dependencies for known issues, found 157 issues.
+
+For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp.
+</pre></div> <p>For more information about the vulnerability data, see <a href="https://goto.docker.com/rs/929-FJL-178/images/cheat-sheet-docker-desktop-vulnerability-scanning-CLI.pdf" target="_blank" rel="noopener" class="_">Docker Vulnerability Scanning CLI Cheat Sheet</a>.</p> <h3 id="limiting-the-level-of-vulnerabilities-displayed">Limiting the level of vulnerabilities displayed</h3> <p>Docker scan allows you to choose the level of vulnerabilities displayed in your scan report using the <code class="language-plaintext highlighter-rouge">--severity</code> flag. You can set the severity flag to <code class="language-plaintext highlighter-rouge">low</code>, <code class="language-plaintext highlighter-rouge">medium</code>, or<code class="language-plaintext highlighter-rouge">high</code> depending on the level of vulnerabilities you’d like to see in your report.<br> For example, if you set the severity level as <code class="language-plaintext highlighter-rouge">medium</code>, the scan report displays all vulnerabilities that are classified as medium and high.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --severity=medium docker-scan:e2e 
+./bin/docker-scan_darwin_amd64 scan --severity=medium docker-scan:e2e
+
+Testing docker-scan:e2e...
+
+✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
+  Description: Divide By Zero
+  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-466337
+  Introduced through: gnupg2/gnupg@2.2.12-1+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
+  From: gnupg2/gnupg@2.2.12-1+deb10u1 &gt; gnupg2/gpg@2.2.12-1+deb10u1 &gt; sqlite3/libsqlite3-0@3.27.2-3
+  From: subversion@1.10.4-1+deb10u1 &gt; subversion/libsvn1@1.10.4-1+deb10u1 &gt; sqlite3/libsqlite3-0@3.27.2-3
+  From: mercurial@4.8.2-1+deb10u1 &gt; python-defaults/python@2.7.16-1 &gt; python2.7@2.7.16-2+deb10u1 &gt; python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1 &gt; sqlite3/libsqlite3-0@3.27.2-3
+
+✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
+  Description: Uncontrolled Recursion
+...
+✗ High severity vulnerability found in binutils/binutils-common
+  Description: Missing Release of Resource after Effective Lifetime
+  Info: https://snyk.io/vuln/SNYK-DEBIAN10-BINUTILS-403318
+  Introduced through: gcc-defaults/g++@4:8.3.0-1
+  From: gcc-defaults/g++@4:8.3.0-1 &gt; gcc-defaults/gcc@4:8.3.0-1 &gt; gcc-8@8.3.0-6 &gt; binutils@2.31.1-16 &gt; binutils/binutils-common@2.31.1-16
+  From: gcc-defaults/g++@4:8.3.0-1 &gt; gcc-defaults/gcc@4:8.3.0-1 &gt; gcc-8@8.3.0-6 &gt; binutils@2.31.1-16 &gt; binutils/libbinutils@2.31.1-16 &gt; binutils/binutils-common@2.31.1-16
+  From: gcc-defaults/g++@4:8.3.0-1 &gt; gcc-defaults/gcc@4:8.3.0-1 &gt; gcc-8@8.3.0-6 &gt; binutils@2.31.1-16 &gt; binutils/binutils-x86-64-linux-gnu@2.31.1-16 &gt; binutils/binutils-common@2.31.1-16
+  and 4 more...
+
+Organization:      docker-desktop-test
+Package manager:   deb
+Project name:      docker-image|docker-scan
+Docker image:      docker-scan:e2e
+Platform:          linux/amd64
+Licenses:          enabled
+
+Tested 200 dependencies for known issues, found 37 issues.
+</pre></div> <h2 id="provider-authentication">Provider authentication</h2> <p>If you have an existing Snyk account, you can directly use your Snyk <a href="https://app.snyk.io/account" target="_blank" rel="noopener" class="_">API token</a>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --login --token SNYK_AUTH_TOKEN
+
+Your account has been authenticated. Snyk is now ready to be used.
+</pre></div> <p>If you use the <code class="language-plaintext highlighter-rouge">--login</code> flag without any token, you will be redirected to the Snyk website to login.</p> <h2 id="prerequisites">Prerequisites</h2> <p>To run vulnerability scanning on your Docker images, you must meet the following requirements:</p> <ol> <li> <p>Download and install the latest version of Docker Desktop.</p> <ul> <li><a href="https://desktop.docker.com/mac/main/amd64/Docker.dmg?utm_source=docker&amp;utm_medium=webreferral&amp;utm_campaign=docs-driven-download-mac-amd64">Download for Mac with Intel chip</a></li> <li><a href="https://desktop.docker.com/mac/main/arm64/Docker.dmg?utm_source=docker&amp;utm_medium=webreferral&amp;utm_campaign=docs-driven-download-mac-arm64">Download for Mac with Apple chip</a></li> <li><a href="https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe">Download for Windows</a></li> </ul> </li> <li> <p>Sign into <a href="https://hub.docker.com" target="_blank" rel="noopener" class="_">Docker Hub</a>.</p> </li> <li> <p>From the Docker Desktop menu, select <strong>Sign in/ Create Docker ID</strong>. Alternatively, open a terminal and run the command <code class="language-plaintext highlighter-rouge">docker login</code>.</p> </li> <li> <p>(Optional) You can create a <a href="https://dockr.ly/3ePqVcp" target="_blank" rel="noopener" class="_">Snyk account</a> for scans, or use the additional monthly free scans provided by Snyk with your Docker Hub account.</p> </li> </ol> <p>Check your installation by running <code class="language-plaintext highlighter-rouge">docker scan --version</code>, it should print the current version of docker scan and the Snyk engine version. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker scan --version
+Version:    v0.5.0
+Git commit: 5a09266
+Provider:   Snyk (1.432.0)
+</pre></div> <blockquote> <p><strong>Note:</strong></p> <p>Docker Scan uses the Snyk binary installed in your environment by default. If this is not available, it uses the Snyk binary embedded in Docker Desktop. The minimum version required for Snyk is <code class="language-plaintext highlighter-rouge">1.385.0</code>.</p> </blockquote> <h2 id="supported-options">Supported options</h2> <p>The high-level <code class="language-plaintext highlighter-rouge">docker scan</code> command scans local images using the image name or the image ID. It supports the following options:</p> <table> <thead> <tr> <th style="text-align: left">Option</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--accept-license</code></td> <td style="text-align: left">Accept the license agreement of the third-party scanning provider</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--dependency-tree</code></td> <td style="text-align: left">Display the dependency tree of the image along with scan results</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--exclude-base</code></td> <td style="text-align: left">Exclude the base image during scanning. This option requires the --file option to be set</td> </tr> <tr> <td style="text-align: left">
+<code class="language-plaintext highlighter-rouge">-f</code>, <code class="language-plaintext highlighter-rouge">--file string</code>
+</td> <td style="text-align: left">Specify the location of the Dockerfile associated with the image. This option displays a detailed scan result</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--json</code></td> <td style="text-align: left">Display the result of the scan in JSON format</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--login</code></td> <td style="text-align: left">Log into Snyk using an optional token (using the flag --token), or by using a web-based token</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--reject-license</code></td> <td style="text-align: left">Reject the license agreement of the third-party scanning provider</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--severity string</code></td> <td style="text-align: left">Only report vulnerabilities of provided level or higher (low, medium, high)</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--token string</code></td> <td style="text-align: left">Use the authentication token to log into the third-party scanning provider</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--version</code></td> <td style="text-align: left">Display the Docker Scan plugin version</td> </tr> </tbody> </table> <h2 id="known-issues">Known issues</h2> <p><strong>WSL 2</strong></p> <ul> <li>The Vulnerability scanning feature doesn’t work with Alpine distributions.</li> <li>If you are using Debian and OpenSUSE distributions, the login process only works with the <code class="language-plaintext highlighter-rouge">--token</code> flag, you won’t be redirected to the Snyk website for authentication.</li> </ul> <h2 id="feedback">Feedback</h2> <p>Your feedback is very important to us. Let us know your feedback by creating an issue in the <a href="https://github.com/docker/scan-cli-plugin/issues/new" target="_blank" rel="noopener" class="_">scan-cli-plugin</a> GitHub repository.</p> 
+<p><a href="https://docs.docker.com/search/?q=Docker">Docker</a>, <a href="https://docs.docker.com/search/?q=scan">scan</a>, <a href="https://docs.docker.com/search/?q=Snyk">Snyk</a>, <a href="https://docs.docker.com/search/?q=images">images</a>, <a href="https://docs.docker.com/search/?q=local">local</a>, <a href="https://docs.docker.com/search/?q=CVE">CVE</a>, <a href="https://docs.docker.com/search/?q=vulnerability">vulnerability</a>, <a href="https://docs.docker.com/search/?q=security">security</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/scan/" class="_attribution-link">https://docs.docker.com/engine/scan/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Fapparmor%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Fapparmor%2Findex.html
new file mode 100644
index 00000000..a146da07
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Fapparmor%2Findex.html
@@ -0,0 +1,134 @@
+<h1>AppArmor security profiles for Docker</h1>
+
+<p>AppArmor (Application Armor) is a Linux security module that protects an operating system and its applications from security threats. To use it, a system administrator associates an AppArmor security profile with each program. Docker expects to find an AppArmor policy loaded and enforced.</p> <p>Docker automatically generates and loads a default profile for containers named <code class="language-plaintext highlighter-rouge">docker-default</code>. The Docker binary generates this profile in <code class="language-plaintext highlighter-rouge">tmpfs</code> and then loads it into the kernel.</p> <blockquote> <p><strong>Note</strong>: This profile is used on containers, <em>not</em> on the Docker Daemon.</p> </blockquote> <p>A profile for the Docker Engine daemon exists but it is not currently installed with the <code class="language-plaintext highlighter-rouge">deb</code> packages. If you are interested in the source for the daemon profile, it is located in <a href="https://github.com/moby/moby/tree/master/contrib/apparmor">contrib/apparmor</a> in the Docker Engine source repository.</p> <h2 id="understand-the-policies">Understand the policies</h2> <p>The <code class="language-plaintext highlighter-rouge">docker-default</code> profile is the default for running containers. It is moderately protective while providing wide application compatibility. The profile is generated from the following <a href="https://github.com/moby/moby/blob/master/profiles/apparmor/template.go">template</a>.</p> <p>When you run a container, it uses the <code class="language-plaintext highlighter-rouge">docker-default</code> policy unless you override it with the <code class="language-plaintext highlighter-rouge">security-opt</code> option. For example, the following explicitly specifies the default policy:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --rm -it --security-opt apparmor=docker-default hello-world
+</pre></div> <h2 id="load-and-unload-profiles">Load and unload profiles</h2> <p>To load a new profile into AppArmor for use with containers:</p> <div class="highlight"><pre class="highlight" data-language="">$ apparmor_parser -r -W /path/to/your_profile
+</pre></div> <p>Then, run the custom profile with <code class="language-plaintext highlighter-rouge">--security-opt</code> like so:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --rm -it --security-opt apparmor=your_profile hello-world
+</pre></div> <p>To unload a profile from AppArmor:</p> <div class="highlight"><pre class="highlight" data-language=""># unload the profile
+$ apparmor_parser -R /path/to/profile
+</pre></div> <h3 id="resources-for-writing-profiles">Resources for writing profiles</h3> <p>The syntax for file globbing in AppArmor is a bit different than some other globbing implementations. It is highly suggested you take a look at some of the below resources with regard to AppArmor profile syntax.</p> <ul> <li><a href="https://gitlab.com/apparmor/apparmor/wikis/QuickProfileLanguage">Quick Profile Language</a></li> <li><a href="https://gitlab.com/apparmor/apparmor/wikis/AppArmor_Core_Policy_Reference#AppArmor_globbing_syntax">Globbing Syntax</a></li> </ul> <h2 id="nginx-example-profile">Nginx example profile</h2> <p>In this example, you create a custom AppArmor profile for Nginx. Below is the custom profile.</p> <div class="highlight"><pre class="highlight" data-language="">#include &lt;tunables/global&gt;
+
+
+profile docker-nginx flags=(attach_disconnected,mediate_deleted) {
+  #include &lt;abstractions/base&gt;
+
+  network inet tcp,
+  network inet udp,
+  network inet icmp,
+
+  deny network raw,
+
+  deny network packet,
+
+  file,
+  umount,
+
+  deny /bin/** wl,
+  deny /boot/** wl,
+  deny /dev/** wl,
+  deny /etc/** wl,
+  deny /home/** wl,
+  deny /lib/** wl,
+  deny /lib64/** wl,
+  deny /media/** wl,
+  deny /mnt/** wl,
+  deny /opt/** wl,
+  deny /proc/** wl,
+  deny /root/** wl,
+  deny /sbin/** wl,
+  deny /srv/** wl,
+  deny /tmp/** wl,
+  deny /sys/** wl,
+  deny /usr/** wl,
+
+  audit /** w,
+
+  /var/run/nginx.pid w,
+
+  /usr/sbin/nginx ix,
+
+  deny /bin/dash mrwklx,
+  deny /bin/sh mrwklx,
+  deny /usr/bin/top mrwklx,
+
+
+  capability chown,
+  capability dac_override,
+  capability setuid,
+  capability setgid,
+  capability net_bind_service,
+
+  deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
+  # deny write to files not in /proc/&lt;number&gt;/** or /proc/sys/**
+  deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
+  deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
+  deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
+  deny @{PROC}/sysrq-trigger rwklx,
+  deny @{PROC}/mem rwklx,
+  deny @{PROC}/kmem rwklx,
+  deny @{PROC}/kcore rwklx,
+
+  deny mount,
+
+  deny /sys/[^f]*/** wklx,
+  deny /sys/f[^s]*/** wklx,
+  deny /sys/fs/[^c]*/** wklx,
+  deny /sys/fs/c[^g]*/** wklx,
+  deny /sys/fs/cg[^r]*/** wklx,
+  deny /sys/firmware/** rwklx,
+  deny /sys/kernel/security/** rwklx,
+}
+</pre></div> <ol> <li> <p>Save the custom profile to disk in the <code class="language-plaintext highlighter-rouge">/etc/apparmor.d/containers/docker-nginx</code> file.</p> <p>The file path in this example is not a requirement. In production, you could use another.</p> </li> <li> <p>Load the profile.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apparmor_parser -r -W /etc/apparmor.d/containers/docker-nginx
+</pre></div>  </li> <li> <p>Run a container with the profile.</p> <p>To run nginx in detached mode:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --security-opt "apparmor=docker-nginx" \
+     -p 80:80 -d --name apparmor-nginx nginx
+</pre></div>  </li> <li> <p>Exec into the running container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker container exec -it apparmor-nginx bash
+</pre></div>  </li> <li> <p>Try some operations to test the profile.</p> <div class="highlight"><pre class="highlight" data-language="">root@6da5a2a930b9:~# ping 8.8.8.8
+ping: Lacking privilege for raw socket.
+
+root@6da5a2a930b9:/# top
+bash: /usr/bin/top: Permission denied
+
+root@6da5a2a930b9:~# touch ~/thing
+touch: cannot touch 'thing': Permission denied
+
+root@6da5a2a930b9:/# sh
+bash: /bin/sh: Permission denied
+
+root@6da5a2a930b9:/# dash
+bash: /bin/dash: Permission denied
+</pre></div>  </li> </ol> <p>Congrats! You just deployed a container secured with a custom apparmor profile!</p> <h2 id="debug-apparmor">Debug AppArmor</h2> <p>You can use <code class="language-plaintext highlighter-rouge">dmesg</code> to debug problems and <code class="language-plaintext highlighter-rouge">aa-status</code> check the loaded profiles.</p> <h3 id="use-dmesg">Use dmesg</h3> <p>Here are some helpful tips for debugging any problems you might be facing with regard to AppArmor.</p> <p>AppArmor sends quite verbose messaging to <code class="language-plaintext highlighter-rouge">dmesg</code>. Usually an AppArmor line looks like the following:</p> <div class="highlight"><pre class="highlight" data-language="">[ 5442.864673] audit: type=1400 audit(1453830992.845:37): apparmor="ALLOWED" operation="open" profile="/usr/bin/docker" name="/home/jessie/docker/man/man1/docker-attach.1" pid=10923 comm="docker" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
+</pre></div> <p>In the above example, you can see <code class="language-plaintext highlighter-rouge">profile=/usr/bin/docker</code>. This means the user has the <code class="language-plaintext highlighter-rouge">docker-engine</code> (Docker Engine Daemon) profile loaded.</p> <p>Look at another log line:</p> <div class="highlight"><pre class="highlight" data-language="">[ 3256.689120] type=1400 audit(1405454041.341:73): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=17651 comm="docker" requested_mask="receive" denied_mask="receive"
+</pre></div> <p>This time the profile is <code class="language-plaintext highlighter-rouge">docker-default</code>, which is run on containers by default unless in <code class="language-plaintext highlighter-rouge">privileged</code> mode. This line shows that apparmor has denied <code class="language-plaintext highlighter-rouge">ptrace</code> in the container. This is exactly as expected.</p> <h3 id="use-aa-status">Use aa-status</h3> <p>If you need to check which profiles are loaded, you can use <code class="language-plaintext highlighter-rouge">aa-status</code>. The output looks like:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo aa-status
+apparmor module is loaded.
+14 profiles are loaded.
+1 profiles are in enforce mode.
+   docker-default
+13 profiles are in complain mode.
+   /usr/bin/docker
+   /usr/bin/docker///bin/cat
+   /usr/bin/docker///bin/ps
+   /usr/bin/docker///sbin/apparmor_parser
+   /usr/bin/docker///sbin/auplink
+   /usr/bin/docker///sbin/blkid
+   /usr/bin/docker///sbin/iptables
+   /usr/bin/docker///sbin/mke2fs
+   /usr/bin/docker///sbin/modprobe
+   /usr/bin/docker///sbin/tune2fs
+   /usr/bin/docker///sbin/xtables-multi
+   /usr/bin/docker///sbin/zfs
+   /usr/bin/docker///usr/bin/xz
+38 processes have profiles defined.
+37 processes are in enforce mode.
+   docker-default (6044)
+   ...
+   docker-default (31899)
+1 processes are in complain mode.
+   /usr/bin/docker (29756)
+0 processes are unconfined but have a profile defined.
+</pre></div> <p>The above output shows that the <code class="language-plaintext highlighter-rouge">docker-default</code> profile running on various container PIDs is in <code class="language-plaintext highlighter-rouge">enforce</code> mode. This means AppArmor is actively blocking and auditing in <code class="language-plaintext highlighter-rouge">dmesg</code> anything outside the bounds of the <code class="language-plaintext highlighter-rouge">docker-default</code> profile.</p> <p>The output above also shows the <code class="language-plaintext highlighter-rouge">/usr/bin/docker</code> (Docker Engine daemon) profile is running in <code class="language-plaintext highlighter-rouge">complain</code> mode. This means AppArmor <em>only</em> logs to <code class="language-plaintext highlighter-rouge">dmesg</code> activity outside the bounds of the profile. (Except in the case of Ubuntu Trusty, where some interesting behaviors are enforced.)</p> <h2 id="contribute-dockers-apparmor-code">Contribute Docker’s AppArmor code</h2> <p>Advanced users and package managers can find a profile for <code class="language-plaintext highlighter-rouge">/usr/bin/docker</code> (Docker Engine Daemon) underneath <a href="https://github.com/moby/moby/tree/master/contrib/apparmor">contrib/apparmor</a> in the Docker Engine source repository.</p> <p>The <code class="language-plaintext highlighter-rouge">docker-default</code> profile for containers lives in <a href="https://github.com/moby/moby/tree/master/profiles/apparmor">profiles/apparmor</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=AppArmor">AppArmor</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/apparmor/" class="_attribution-link">https://docs.docker.com/engine/security/apparmor/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Fcertificates%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Fcertificates%2Findex.html
new file mode 100644
index 00000000..e003da40
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Fcertificates%2Findex.html
@@ -0,0 +1,24 @@
+<h1>Verify repository client with certificates</h1>
+
+<p>In <a href="../protect-access/index">Running Docker with HTTPS</a>, you learned that, by default, Docker runs via a non-networked Unix socket and TLS must be enabled in order to have the Docker client and the daemon communicate securely over HTTPS. TLS ensures authenticity of the registry endpoint and that traffic to/from registry is encrypted.</p> <p>This article demonstrates how to ensure the traffic between the Docker registry server and the Docker daemon (a client of the registry server) is encrypted and properly authenticated using <em>certificate-based client-server authentication</em>.</p> <p>We show you how to install a Certificate Authority (CA) root certificate for the registry and how to set the client TLS certificate for verification.</p> <h2 id="understand-the-configuration">Understand the configuration</h2> <p>A custom certificate is configured by creating a directory under <code class="language-plaintext highlighter-rouge">/etc/docker/certs.d</code> using the same name as the registry’s hostname, such as <code class="language-plaintext highlighter-rouge">localhost</code>. All <code class="language-plaintext highlighter-rouge">*.crt</code> files are added to this directory as CA roots.</p> <blockquote> <p><strong>Note</strong></p> <p>On Linux any root certificates authorities are merged with the system defaults, including the host’s root CA set. If you are running Docker on Windows Server, or Docker Desktop for Windows with Windows containers, the system default certificates are only used when no custom root certificates are configured.</p> </blockquote> <p>The presence of one or more <code class="language-plaintext highlighter-rouge">&lt;filename&gt;.key/cert</code> pairs indicates to Docker that there are custom certificates required for access to the desired repository.</p> <blockquote> <p><strong>Note</strong>: If multiple certificates exist, each is tried in alphabetical order. If there is a 4xx-level or 5xx-level authentication error, Docker continues to try with the next certificate.</p> </blockquote> <p>The following illustrates a configuration with custom certificates:</p> <div class="highlight"><pre class="highlight" data-language="">    /etc/docker/certs.d/        &lt;-- Certificate directory
+    └── localhost:5000          &lt;-- Hostname:port
+       ├── client.cert          &lt;-- Client certificate
+       ├── client.key           &lt;-- Client key
+       └── ca.crt               &lt;-- Certificate authority that signed
+                                    the registry certificate
+</pre></div> <p>The preceding example is operating-system specific and is for illustrative purposes only. You should consult your operating system documentation for creating an os-provided bundled certificate chain.</p> <h2 id="create-the-client-certificates">Create the client certificates</h2> <p>Use OpenSSL’s <code class="language-plaintext highlighter-rouge">genrsa</code> and <code class="language-plaintext highlighter-rouge">req</code> commands to first generate an RSA key and then use the key to create the certificate.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl genrsa -out client.key 4096
+$ openssl req -new -x509 -text -key client.key -out client.cert
+</pre></div> <blockquote> <p><strong>Note</strong>: These TLS commands only generate a working set of certificates on Linux. The version of OpenSSL in macOS is incompatible with the type of certificate Docker requires.</p> </blockquote> <h2 id="troubleshooting-tips">Troubleshooting tips</h2> <p>The Docker daemon interprets <code class="language-plaintext highlighter-rouge">.crt</code> files as CA certificates and <code class="language-plaintext highlighter-rouge">.cert</code> files as client certificates. If a CA certificate is accidentally given the extension <code class="language-plaintext highlighter-rouge">.cert</code> instead of the correct <code class="language-plaintext highlighter-rouge">.crt</code> extension, the Docker daemon logs the following error message:</p> <div class="highlight"><pre class="highlight" data-language="">Missing key KEY_NAME for client certificate CERT_NAME. CA certificates should use the extension .crt.
+</pre></div> <p>If the Docker registry is accessed without a port number, do not add the port to the directory name. The following shows the configuration for a registry on default port 443 which is accessed with <code class="language-plaintext highlighter-rouge">docker login my-https.registry.example.com</code>:</p> <div class="highlight"><pre class="highlight" data-language="">    /etc/docker/certs.d/
+    └── my-https.registry.example.com          &lt;-- Hostname without port
+       ├── client.cert
+       ├── client.key
+       └── ca.crt
+</pre></div> <h2 id="related-information">Related information</h2> <ul> <li><a href="../trust/index">Use trusted images</a></li> <li><a href="../protect-access/index">Protect the Docker daemon socket</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=Usage">Usage</a>, <a href="https://docs.docker.com/search/?q=registry">registry</a>, <a href="https://docs.docker.com/search/?q=repository">repository</a>, <a href="https://docs.docker.com/search/?q=client">client</a>, <a href="https://docs.docker.com/search/?q=root">root</a>, <a href="https://docs.docker.com/search/?q=certificate">certificate</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=apache">apache</a>, <a href="https://docs.docker.com/search/?q=ssl">ssl</a>, <a href="https://docs.docker.com/search/?q=tls">tls</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=examples">examples</a>, <a href="https://docs.docker.com/search/?q=articles">articles</a>, <a href="https://docs.docker.com/search/?q=tutorials">tutorials</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/certificates/" class="_attribution-link">https://docs.docker.com/engine/security/certificates/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Findex.html
new file mode 100644
index 00000000..a6482035
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Findex.html
@@ -0,0 +1,11 @@
+<h1>Docker security</h1>
+
+<p>There are four major areas to consider when reviewing Docker security:</p> <ul> <li>the intrinsic security of the kernel and its support for namespaces and cgroups;</li> <li>the attack surface of the Docker daemon itself;</li> <li>loopholes in the container configuration profile, either by default, or when customized by users.</li> <li>the “hardening” security features of the kernel and how they interact with containers.</li> </ul> <h2 id="kernel-namespaces">Kernel namespaces</h2> <p>Docker containers are very similar to LXC containers, and they have similar security features. When you start a container with <code class="language-plaintext highlighter-rouge">docker run</code>, behind the scenes Docker creates a set of namespaces and control groups for the container.</p> <p><strong>Namespaces provide the first and most straightforward form of isolation</strong>: processes running within a container cannot see, and even less affect, processes running in another container, or in the host system.</p> <p><strong>Each container also gets its own network stack</strong>, meaning that a container doesn’t get privileged access to the sockets or interfaces of another container. Of course, if the host system is setup accordingly, containers can interact with each other through their respective network interfaces — just like they can interact with external hosts. When you specify public ports for your containers or use <a href="https://docs.docker.com/network/links/"><em>links</em></a> then IP traffic is allowed between containers. They can ping each other, send/receive UDP packets, and establish TCP connections, but that can be restricted if necessary. From a network architecture point of view, all containers on a given Docker host are sitting on bridge interfaces. This means that they are just like physical machines connected through a common Ethernet switch; no more, no less.</p> <p>How mature is the code providing kernel namespaces and private networking? Kernel namespaces were introduced <a href="https://man7.org/linux/man-pages/man7/namespaces.7.html">between kernel version 2.6.15 and 2.6.26</a>. This means that since July 2008 (date of the 2.6.26 release ), namespace code has been exercised and scrutinized on a large number of production systems. And there is more: the design and inspiration for the namespaces code are even older. Namespaces are actually an effort to reimplement the features of <a href="https://en.wikipedia.org/wiki/OpenVZ">OpenVZ</a> in such a way that they could be merged within the mainstream kernel. And OpenVZ was initially released in 2005, so both the design and the implementation are pretty mature.</p> <h2 id="control-groups">Control groups</h2> <p>Control Groups are another key component of Linux Containers. They implement resource accounting and limiting. They provide many useful metrics, but they also help ensure that each container gets its fair share of memory, CPU, disk I/O; and, more importantly, that a single container cannot bring the system down by exhausting one of those resources.</p> <p>So while they do not play a role in preventing one container from accessing or affecting the data and processes of another container, they are essential to fend off some denial-of-service attacks. They are particularly important on multi-tenant platforms, like public and private PaaS, to guarantee a consistent uptime (and performance) even when some applications start to misbehave.</p> <p>Control Groups have been around for a while as well: the code was started in 2006, and initially merged in kernel 2.6.24.</p> <h2 id="docker-daemon-attack-surface">Docker daemon attack surface</h2> <p>Running containers (and applications) with Docker implies running the Docker daemon. This daemon requires <code class="language-plaintext highlighter-rouge">root</code> privileges unless you opt-in to <a href="rootless/index">Rootless mode</a>, and you should therefore be aware of some important details.</p> <p>First of all, <strong>only trusted users should be allowed to control your Docker daemon</strong>. This is a direct consequence of some powerful Docker features. Specifically, Docker allows you to share a directory between the Docker host and a guest container; and it allows you to do so without limiting the access rights of the container. This means that you can start a container where the <code class="language-plaintext highlighter-rouge">/host</code> directory is the <code class="language-plaintext highlighter-rouge">/</code> directory on your host; and the container can alter your host filesystem without any restriction. This is similar to how virtualization systems allow filesystem resource sharing. Nothing prevents you from sharing your root filesystem (or even your root block device) with a virtual machine.</p> <p>This has a strong security implication: for example, if you instrument Docker from a web server to provision containers through an API, you should be even more careful than usual with parameter checking, to make sure that a malicious user cannot pass crafted parameters causing Docker to create arbitrary containers.</p> <p>For this reason, the REST API endpoint (used by the Docker CLI to communicate with the Docker daemon) changed in Docker 0.5.2, and now uses a UNIX socket instead of a TCP socket bound on 127.0.0.1 (the latter being prone to cross-site request forgery attacks if you happen to run Docker directly on your local machine, outside of a VM). You can then use traditional UNIX permission checks to limit access to the control socket.</p> <p>You can also expose the REST API over HTTP if you explicitly decide to do so. However, if you do that, be aware of the above mentioned security implications. Note that even if you have a firewall to limit accesses to the REST API endpoint from other hosts in the network, the endpoint can be still accessible from containers, and it can easily result in the privilege escalation. Therefore it is <em>mandatory</em> to secure API endpoints with <a href="protect-access/index">HTTPS and certificates</a>. It is also recommended to ensure that it is reachable only from a trusted network or VPN.</p> <p>You can also use <code class="language-plaintext highlighter-rouge">DOCKER_HOST=ssh://USER@HOST</code> or <code class="language-plaintext highlighter-rouge">ssh -L /path/to/docker.sock:/var/run/docker.sock</code> instead if you prefer SSH over TLS.</p> <p>The daemon is also potentially vulnerable to other inputs, such as image loading from either disk with <code class="language-plaintext highlighter-rouge">docker load</code>, or from the network with <code class="language-plaintext highlighter-rouge">docker pull</code>. As of Docker 1.3.2, images are now extracted in a chrooted subprocess on Linux/Unix platforms, being the first-step in a wider effort toward privilege separation. As of Docker 1.10.0, all images are stored and accessed by the cryptographic checksums of their contents, limiting the possibility of an attacker causing a collision with an existing image.</p> <p>Finally, if you run Docker on a server, it is recommended to run exclusively Docker on the server, and move all other services within containers controlled by Docker. Of course, it is fine to keep your favorite admin tools (probably at least an SSH server), as well as existing monitoring/supervision processes, such as NRPE and collectd.</p> <h2 id="linux-kernel-capabilities">Linux kernel capabilities</h2> <p>By default, Docker starts containers with a restricted set of capabilities. What does that mean?</p> <p>Capabilities turn the binary “root/non-root” dichotomy into a fine-grained access control system. Processes (like web servers) that just need to bind on a port below 1024 do not need to run as root: they can just be granted the <code class="language-plaintext highlighter-rouge">net_bind_service</code> capability instead. And there are many other capabilities, for almost all the specific areas where root privileges are usually needed.</p> <p>This means a lot for container security; let’s see why!</p> <p>Typical servers run several processes as <code class="language-plaintext highlighter-rouge">root</code>, including the SSH daemon, <code class="language-plaintext highlighter-rouge">cron</code> daemon, logging daemons, kernel modules, network configuration tools, and more. A container is different, because almost all of those tasks are handled by the infrastructure around the container:</p> <ul> <li>SSH access are typically managed by a single server running on the Docker host;</li> <li>
+<code class="language-plaintext highlighter-rouge">cron</code>, when necessary, should run as a user process, dedicated and tailored for the app that needs its scheduling service, rather than as a platform-wide facility;</li> <li>log management is also typically handed to Docker, or to third-party services like Loggly or Splunk;</li> <li>hardware management is irrelevant, meaning that you never need to run <code class="language-plaintext highlighter-rouge">udevd</code> or equivalent daemons within containers;</li> <li>network management happens outside of the containers, enforcing separation of concerns as much as possible, meaning that a container should never need to perform <code class="language-plaintext highlighter-rouge">ifconfig</code>, <code class="language-plaintext highlighter-rouge">route</code>, or ip commands (except when a container is specifically engineered to behave like a router or firewall, of course).</li> </ul> <p>This means that in most cases, containers do not need “real” root privileges <em>at all</em>. And therefore, containers can run with a reduced capability set; meaning that “root” within a container has much less privileges than the real “root”. For instance, it is possible to:</p> <ul> <li>deny all “mount” operations;</li> <li>deny access to raw sockets (to prevent packet spoofing);</li> <li>deny access to some filesystem operations, like creating new device nodes, changing the owner of files, or altering attributes (including the immutable flag);</li> <li>deny module loading;</li> <li>and many others.</li> </ul> <p>This means that even if an intruder manages to escalate to root within a container, it is much harder to do serious damage, or to escalate to the host.</p> <p>This doesn’t affect regular web apps, but reduces the vectors of attack by malicious users considerably. By default Docker drops all capabilities except <a href="https://github.com/moby/moby/blob/master/oci/caps/defaults.go#L6-L19">those needed</a>, an allowlist instead of a denylist approach. You can see a full list of available capabilities in <a href="https://man7.org/linux/man-pages/man7/capabilities.7.html">Linux manpages</a>.</p> <p>One primary risk with running Docker containers is that the default set of capabilities and mounts given to a container may provide incomplete isolation, either independently, or when used in combination with kernel vulnerabilities.</p> <p>Docker supports the addition and removal of capabilities, allowing use of a non-default profile. This may make Docker more secure through capability removal, or less secure through the addition of capabilities. The best practice for users would be to remove all capabilities except those explicitly required for their processes.</p> <h2 id="docker-content-trust-signature-verification">Docker Content Trust Signature Verification</h2> <p>The Docker Engine can be configured to only run signed images. The Docker Content Trust signature verification feature is built directly into the <code class="language-plaintext highlighter-rouge">dockerd</code> binary.<br> This is configured in the Dockerd configuration file.</p> <p>To enable this feature, trustpinning can be configured in <code class="language-plaintext highlighter-rouge">daemon.json</code>, whereby only repositories signed with a user-specified root key can be pulled and run.</p> <p>This feature provides more insight to administrators than previously available with the CLI for enforcing and performing image signature verification.</p> <p>For more information on configuring Docker Content Trust Signature Verificiation, go to <a href="trust/index">Content trust in Docker</a>.</p> <h2 id="other-kernel-security-features">Other kernel security features</h2> <p>Capabilities are just one of the many security features provided by modern Linux kernels. It is also possible to leverage existing, well-known systems like TOMOYO, AppArmor, SELinux, GRSEC, etc. with Docker.</p> <p>While Docker currently only enables capabilities, it doesn’t interfere with the other systems. This means that there are many different ways to harden a Docker host. Here are a few examples.</p> <ul> <li>You can run a kernel with GRSEC and PAX. This adds many safety checks, both at compile-time and run-time; it also defeats many exploits, thanks to techniques like address randomization. It doesn’t require Docker-specific configuration, since those security features apply system-wide, independent of containers.</li> <li>If your distribution comes with security model templates for Docker containers, you can use them out of the box. For instance, we ship a template that works with AppArmor and Red Hat comes with SELinux policies for Docker. These templates provide an extra safety net (even though it overlaps greatly with capabilities).</li> <li>You can define your own policies using your favorite access control mechanism.</li> </ul> <p>Just as you can use third-party tools to augment Docker containers, including special network topologies or shared filesystems, tools exist to harden Docker containers without the need to modify Docker itself.</p> <p>As of Docker 1.10 User Namespaces are supported directly by the docker daemon. This feature allows for the root user in a container to be mapped to a non uid-0 user outside the container, which can help to mitigate the risks of container breakout. This facility is available but not enabled by default.</p> <p>Refer to the <a href="../reference/commandline/dockerd/index#daemon-user-namespace-options">daemon command</a> in the command line reference for more information on this feature. Additional information on the implementation of User Namespaces in Docker can be found in <a href="https://integratedcode.us/2015/10/13/user-namespaces-have-arrived-in-docker/">this blog post</a>.</p> <h2 id="conclusions">Conclusions</h2> <p>Docker containers are, by default, quite secure; especially if you run your processes as non-privileged users inside the container.</p> <p>You can add an extra layer of safety by enabling AppArmor, SELinux, GRSEC, or another appropriate hardening system.</p> <p>If you think of ways to make docker more secure, we welcome feature requests, pull requests, or comments on the Docker community forums.</p> <h2 id="related-information">Related information</h2> <ul> <li><a href="trust/index">Use trusted images</a></li> <li><a href="seccomp/index">Seccomp security profiles for Docker</a></li> <li><a href="apparmor/index">AppArmor security profiles for Docker</a></li> <li><a href="https://medium.com/@ewindisch/on-the-security-of-containers-2c60ffe25a9e">On the Security of Containers (2014)</a></li> <li><a href="https://docs.docker.com/network/overlay/">Docker swarm mode overlay network security model</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=Docker">Docker</a>, <a href="https://docs.docker.com/search/?q=Docker%20documentation">Docker documentation</a>, <a href="https://docs.docker.com/search/?q=security">security</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/" class="_attribution-link">https://docs.docker.com/engine/security/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Fprotect-access%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Fprotect-access%2Findex.html
new file mode 100644
index 00000000..11c02fa1
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Fprotect-access%2Findex.html
@@ -0,0 +1,117 @@
+<h1>Protect the Docker daemon socket</h1>
+
+<p>By default, Docker runs through a non-networked UNIX socket. It can also optionally communicate using SSH or a TLS (HTTPS) socket.</p> <h2 id="use-ssh-to-protect-the-docker-daemon-socket">Use SSH to protect the Docker daemon socket</h2> <blockquote> <p><strong>Note</strong></p> <p>The given <code class="language-plaintext highlighter-rouge">USERNAME</code> must have permissions to access the docker socket on the remote machine. Refer to <a href="../../install/linux-postinstall/index#manage-docker-as-a-non-root-user">manage Docker as a non-root user</a> to learn how to give a non-root user access to the docker socket.</p> </blockquote> <p>The following example creates a <a href="../../context/working-with-contexts/index"><code class="language-plaintext highlighter-rouge">docker context</code></a> to connect with a remote <code class="language-plaintext highlighter-rouge">dockerd</code> daemon on <code class="language-plaintext highlighter-rouge">host1.example.com</code> using SSH, and as the <code class="language-plaintext highlighter-rouge">docker-user</code> user on the remote machine:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context create \
+    --docker host=ssh://docker-user@host1.example.com \
+    --description="Remote engine" \
+    my-remote-engine
+
+my-remote-engine
+Successfully created context "my-remote-engine"
+</pre></div> <p>After creating the context, use <code class="language-plaintext highlighter-rouge">docker context use</code> to switch the <code class="language-plaintext highlighter-rouge">docker</code> CLI to use it, and to connect to the remote engine:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context use my-remote-engine
+my-remote-engine
+Current context is now "my-remote-engine"
+
+$ docker info
+&lt;prints output of the remote engine&gt;
+</pre></div> <p>Use the <code class="language-plaintext highlighter-rouge">default</code> context to switch back to the default (local) daemon:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context use default
+default
+Current context is now "default"
+</pre></div> <p>Alternatively, use the <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code> environment variable to temporarily switch the <code class="language-plaintext highlighter-rouge">docker</code> CLI to connect to the remote host using SSH. This does not require creating a context, and can be useful to create an ad-hoc connection with a different engine:</p> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_HOST=ssh://docker-user@host1.example.com
+$ docker info
+&lt;prints output of the remote engine&gt;
+</pre></div> <h3 id="ssh-tips">SSH Tips</h3> <p>For the best user experience with SSH, configure <code class="language-plaintext highlighter-rouge">~/.ssh/config</code> as follows to allow reusing a SSH connection for multiple invocations of the <code class="language-plaintext highlighter-rouge">docker</code> CLI:</p> <div class="highlight"><pre class="highlight" data-language="">ControlMaster     auto
+ControlPath       ~/.ssh/control-%C
+ControlPersist    yes
+</pre></div> <h2 id="use-tls-https-to-protect-the-docker-daemon-socket">Use TLS (HTTPS) to protect the Docker daemon socket</h2> <p>If you need Docker to be reachable through HTTP rather than SSH in a safe manner, you can enable TLS (HTTPS) by specifying the <code class="language-plaintext highlighter-rouge">tlsverify</code> flag and pointing Docker’s <code class="language-plaintext highlighter-rouge">tlscacert</code> flag to a trusted CA certificate.</p> <p>In the daemon mode, it only allows connections from clients authenticated by a certificate signed by that CA. In the client mode, it only connects to servers with a certificate signed by that CA.</p> <blockquote class="important"> <p>Advanced topic</p> <p>Using TLS and managing a CA is an advanced topic. Please familiarize yourself with OpenSSL, x509, and TLS before using it in production.</p> </blockquote> <h3 id="create-a-ca-server-and-client-keys-with-openssl">Create a CA, server and client keys with OpenSSL</h3> <blockquote> <p><strong>Note</strong>: Replace all instances of <code class="language-plaintext highlighter-rouge">$HOST</code> in the following example with the DNS name of your Docker daemon’s host.</p> </blockquote> <p>First, on the <strong>Docker daemon’s host machine</strong>, generate CA private and public keys:</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl genrsa -aes256 -out ca-key.pem 4096
+Generating RSA private key, 4096 bit long modulus
+..............................................................................++
+........++
+e is 65537 (0x10001)
+Enter pass phrase for ca-key.pem:
+Verifying - Enter pass phrase for ca-key.pem:
+
+$ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
+Enter pass phrase for ca-key.pem:
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:
+State or Province Name (full name) [Some-State]:Queensland
+Locality Name (eg, city) []:Brisbane
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Docker Inc
+Organizational Unit Name (eg, section) []:Sales
+Common Name (e.g. server FQDN or YOUR name) []:$HOST
+Email Address []:Sven@home.org.au
+</pre></div> <p>Now that you have a CA, you can create a server key and certificate signing request (CSR). Make sure that “Common Name” matches the hostname you use to connect to Docker:</p> <blockquote> <p><strong>Note</strong>: Replace all instances of <code class="language-plaintext highlighter-rouge">$HOST</code> in the following example with the DNS name of your Docker daemon’s host.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">$ openssl genrsa -out server-key.pem 4096
+Generating RSA private key, 4096 bit long modulus
+.....................................................................++
+.................................................................................................++
+e is 65537 (0x10001)
+
+$ openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
+</pre></div> <p>Next, we’re going to sign the public key with our CA:</p> <p>Since TLS connections can be made through IP address as well as DNS name, the IP addresses need to be specified when creating the certificate. For example, to allow connections using <code class="language-plaintext highlighter-rouge">10.10.10.20</code> and <code class="language-plaintext highlighter-rouge">127.0.0.1</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ echo subjectAltName = DNS:$HOST,IP:10.10.10.20,IP:127.0.0.1 &gt;&gt; extfile.cnf
+</pre></div> <p>Set the Docker daemon key’s extended usage attributes to be used only for server authentication:</p> <div class="highlight"><pre class="highlight" data-language="">$ echo extendedKeyUsage = serverAuth &gt;&gt; extfile.cnf
+</pre></div> <p>Now, generate the signed certificate:</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
+  -CAcreateserial -out server-cert.pem -extfile extfile.cnf
+Signature ok
+subject=/CN=your.host.com
+Getting CA Private Key
+Enter pass phrase for ca-key.pem:
+</pre></div> <p><a href="../../extend/plugins_authorization/index">Authorization plugins</a> offer more fine-grained control to supplement authentication from mutual TLS. In addition to other information described in the above document, authorization plugins running on a Docker daemon receive the certificate information for connecting Docker clients.</p> <p>For client authentication, create a client key and certificate signing request:</p> <blockquote> <p><strong>Note</strong>: For simplicity of the next couple of steps, you may perform this step on the Docker daemon’s host machine as well.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">$ openssl genrsa -out key.pem 4096
+Generating RSA private key, 4096 bit long modulus
+.........................................................++
+................++
+e is 65537 (0x10001)
+
+$ openssl req -subj '/CN=client' -new -key key.pem -out client.csr
+</pre></div> <p>To make the key suitable for client authentication, create a new extensions config file:</p> <div class="highlight"><pre class="highlight" data-language="">$ echo extendedKeyUsage = clientAuth &gt; extfile-client.cnf
+</pre></div> <p>Now, generate the signed certificate:</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
+  -CAcreateserial -out cert.pem -extfile extfile-client.cnf
+Signature ok
+subject=/CN=client
+Getting CA Private Key
+Enter pass phrase for ca-key.pem:
+</pre></div> <p>After generating <code class="language-plaintext highlighter-rouge">cert.pem</code> and <code class="language-plaintext highlighter-rouge">server-cert.pem</code> you can safely remove the two certificate signing requests and extensions config files:</p> <div class="highlight"><pre class="highlight" data-language="">$ rm -v client.csr server.csr extfile.cnf extfile-client.cnf
+</pre></div> <p>With a default <code class="language-plaintext highlighter-rouge">umask</code> of 022, your secret keys are <em>world-readable</em> and writable for you and your group.</p> <p>To protect your keys from accidental damage, remove their write permissions. To make them only readable by you, change file modes as follows:</p> <div class="highlight"><pre class="highlight" data-language="">$ chmod -v 0400 ca-key.pem key.pem server-key.pem
+</pre></div> <p>Certificates can be world-readable, but you might want to remove write access to prevent accidental damage:</p> <div class="highlight"><pre class="highlight" data-language="">$ chmod -v 0444 ca.pem server-cert.pem cert.pem
+</pre></div> <p>Now you can make the Docker daemon only accept connections from clients providing a certificate trusted by your CA:</p> <div class="highlight"><pre class="highlight" data-language="">$ dockerd \
+    --tlsverify \
+    --tlscacert=ca.pem \
+    --tlscert=server-cert.pem \
+    --tlskey=server-key.pem \
+    -H=0.0.0.0:2376
+</pre></div> <p>To connect to Docker and validate its certificate, provide your client keys, certificates and trusted CA:</p> <blockquote> <p>Run it on the client machine</p> <p>This step should be run on your Docker client machine. As such, you need to copy your CA certificate, your server certificate, and your client certificate to that machine.</p> </blockquote> <blockquote> <p><strong>Note</strong>: Replace all instances of <code class="language-plaintext highlighter-rouge">$HOST</code> in the following example with the DNS name of your Docker daemon’s host.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">$ docker --tlsverify \
+    --tlscacert=ca.pem \
+    --tlscert=cert.pem \
+    --tlskey=key.pem \
+    -H=$HOST:2376 version
+</pre></div> <blockquote> <p><strong>Note</strong>: Docker over TLS should run on TCP port 2376.</p> </blockquote> <blockquote class="warning"> <p><strong>Warning</strong>: As shown in the example above, you don’t need to run the <code class="language-plaintext highlighter-rouge">docker</code> client with <code class="language-plaintext highlighter-rouge">sudo</code> or the <code class="language-plaintext highlighter-rouge">docker</code> group when you use certificate authentication. That means anyone with the keys can give any instructions to your Docker daemon, giving them root access to the machine hosting the daemon. Guard these keys as you would a root password!</p> </blockquote> <h3 id="secure-by-default">Secure by default</h3> <p>If you want to secure your Docker client connections by default, you can move the files to the <code class="language-plaintext highlighter-rouge">.docker</code> directory in your home directory --- and set the <code class="language-plaintext highlighter-rouge">DOCKER_HOST</code> and <code class="language-plaintext highlighter-rouge">DOCKER_TLS_VERIFY</code> variables as well (instead of passing <code class="language-plaintext highlighter-rouge">-H=tcp://$HOST:2376</code> and <code class="language-plaintext highlighter-rouge">--tlsverify</code> on every call).</p> <div class="highlight"><pre class="highlight" data-language="">$ mkdir -pv ~/.docker
+$ cp -v {ca,cert,key}.pem ~/.docker
+
+$ export DOCKER_HOST=tcp://$HOST:2376 DOCKER_TLS_VERIFY=1
+</pre></div> <p>Docker now connects securely by default:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps
+</pre></div> <h3 id="other-modes">Other modes</h3> <p>If you don’t want to have complete two-way authentication, you can run Docker in various other modes by mixing the flags.</p> <h4 id="daemon-modes">Daemon modes</h4> <ul> <li>
+<code class="language-plaintext highlighter-rouge">tlsverify</code>, <code class="language-plaintext highlighter-rouge">tlscacert</code>, <code class="language-plaintext highlighter-rouge">tlscert</code>, <code class="language-plaintext highlighter-rouge">tlskey</code> set: Authenticate clients</li> <li>
+<code class="language-plaintext highlighter-rouge">tls</code>, <code class="language-plaintext highlighter-rouge">tlscert</code>, <code class="language-plaintext highlighter-rouge">tlskey</code>: Do not authenticate clients</li> </ul> <h4 id="client-modes">Client modes</h4> <ul> <li>
+<code class="language-plaintext highlighter-rouge">tls</code>: Authenticate server based on public/default CA pool</li> <li>
+<code class="language-plaintext highlighter-rouge">tlsverify</code>, <code class="language-plaintext highlighter-rouge">tlscacert</code>: Authenticate server based on given CA</li> <li>
+<code class="language-plaintext highlighter-rouge">tls</code>, <code class="language-plaintext highlighter-rouge">tlscert</code>, <code class="language-plaintext highlighter-rouge">tlskey</code>: Authenticate with client certificate, do not authenticate server based on given CA</li> <li>
+<code class="language-plaintext highlighter-rouge">tlsverify</code>, <code class="language-plaintext highlighter-rouge">tlscacert</code>, <code class="language-plaintext highlighter-rouge">tlscert</code>, <code class="language-plaintext highlighter-rouge">tlskey</code>: Authenticate with client certificate and authenticate server based on given CA</li> </ul> <p>If found, the client sends its client certificate, so you just need to drop your keys into <code class="language-plaintext highlighter-rouge">~/.docker/{ca,cert,key}.pem</code>. Alternatively, if you want to store your keys in another location, you can specify that location using the environment variable <code class="language-plaintext highlighter-rouge">DOCKER_CERT_PATH</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_CERT_PATH=~/.docker/zone1/
+$ docker --tlsverify ps
+</pre></div> <h4 id="connecting-to-the-secure-docker-port-using-curl">Connecting to the secure Docker port using <code class="language-plaintext highlighter-rouge">curl</code>
+</h4> <p>To use <code class="language-plaintext highlighter-rouge">curl</code> to make test API requests, you need to use three extra command line flags:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl https://$HOST:2376/images/json \
+  --cert ~/.docker/cert.pem \
+  --key ~/.docker/key.pem \
+  --cacert ~/.docker/ca.pem
+</pre></div> <h2 id="related-information">Related information</h2> <ul> <li><a href="../certificates/index">Using certificates for repository client verification</a></li> <li><a href="../trust/index">Use trusted images</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=docs">docs</a>, <a href="https://docs.docker.com/search/?q=article">article</a>, <a href="https://docs.docker.com/search/?q=example">example</a>, <a href="https://docs.docker.com/search/?q=ssh">ssh</a>, <a href="https://docs.docker.com/search/?q=https">https</a>, <a href="https://docs.docker.com/search/?q=daemon">daemon</a>, <a href="https://docs.docker.com/search/?q=tls">tls</a>, <a href="https://docs.docker.com/search/?q=ca">ca</a>, <a href="https://docs.docker.com/search/?q=certificate">certificate</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/protect-access/" class="_attribution-link">https://docs.docker.com/engine/security/protect-access/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Frootless%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Frootless%2Findex.html
new file mode 100644
index 00000000..9f8a4f22
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Frootless%2Findex.html
@@ -0,0 +1,123 @@
+<h1>Run the Docker daemon as a non-root user (Rootless mode)</h1>
+
+<p>Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime.</p> <p>Rootless mode does not require root privileges even during the installation of the Docker daemon, as long as the <a href="#prerequisites">prerequisites</a> are met.</p> <p>Rootless mode was introduced in Docker Engine v19.03 as an experimental feature. Rootless mode graduated from experimental in Docker Engine v20.10.</p> <h2 id="how-it-works">How it works</h2> <p>Rootless mode executes the Docker daemon and containers inside a user namespace. This is very similar to <a href="../userns-remap/index"><code class="language-plaintext highlighter-rouge">userns-remap</code> mode</a>, except that with <code class="language-plaintext highlighter-rouge">userns-remap</code> mode, the daemon itself is running with root privileges, whereas in rootless mode, both the daemon and the container are running without root privileges.</p> <p>Rootless mode does not use binaries with <code class="language-plaintext highlighter-rouge">SETUID</code> bits or file capabilities, except <code class="language-plaintext highlighter-rouge">newuidmap</code> and <code class="language-plaintext highlighter-rouge">newgidmap</code>, which are needed to allow multiple UIDs/GIDs to be used in the user namespace.</p> <h2 id="prerequisites">Prerequisites</h2> <ul> <li> <p>You must install <code class="language-plaintext highlighter-rouge">newuidmap</code> and <code class="language-plaintext highlighter-rouge">newgidmap</code> on the host. These commands are provided by the <code class="language-plaintext highlighter-rouge">uidmap</code> package on most distros.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">/etc/subuid</code> and <code class="language-plaintext highlighter-rouge">/etc/subgid</code> should contain at least 65,536 subordinate UIDs/GIDs for the user. In the following example, the user <code class="language-plaintext highlighter-rouge">testuser</code> has 65,536 subordinate UIDs/GIDs (231072-296607).</p> </li> </ul> <div class="highlight"><pre class="highlight" data-language="">$ id -u
+1001
+$ whoami
+testuser
+$ grep ^$(whoami): /etc/subuid
+testuser:231072:65536
+$ grep ^$(whoami): /etc/subgid
+testuser:231072:65536
+</pre></div> <h3 id="distribution-specific-hint">Distribution-specific hint</h3> <blockquote> <p>Note: We recommend that you use the Ubuntu kernel.</p> </blockquote> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#hint-ubuntu">Ubuntu</a></li> <li><a data-toggle="tab" data-target="#hint-debian">Debian GNU/Linux</a></li> <li><a data-toggle="tab" data-target="#hint-arch">Arch Linux</a></li> <li><a data-toggle="tab" data-target="#hint-opensuse-sles">openSUSE and SLES</a></li> <li><a data-toggle="tab" data-target="#hint-centos8-rhel8-fedora">CentOS 8, RHEL 8 and Fedora</a></li> <li><a data-toggle="tab" data-target="#hint-centos7-rhel7">CentOS 7 and RHEL 7</a></li> </ul> <div class="tab-content"> <div id="hint-ubuntu" class="tab-pane fade in active"> <ul> <li> <p>Install <code class="language-plaintext highlighter-rouge">dbus-user-session</code> package if not installed. Run <code class="language-plaintext highlighter-rouge">sudo apt-get install -y dbus-user-session</code> and relogin.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">overlay2</code> storage driver is enabled by default (<a href="https://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/commit/fs/overlayfs?id=3b7da90f28fe1ed4b79ef2d994c81efbc58f1144">Ubuntu-specific kernel patch</a>).</p> </li> <li> <p>Known to work on Ubuntu 18.04, 20.04, and 21.04.</p> </li> </ul> </div> <div id="hint-debian" class="tab-pane fade in"> <ul> <li> <p>Install <code class="language-plaintext highlighter-rouge">dbus-user-session</code> package if not installed. Run <code class="language-plaintext highlighter-rouge">sudo apt-get install -y dbus-user-session</code> and relogin.</p> </li> <li> <p>For Debian 10, add <code class="language-plaintext highlighter-rouge">kernel.unprivileged_userns_clone=1</code> to <code class="language-plaintext highlighter-rouge">/etc/sysctl.conf</code> (or <code class="language-plaintext highlighter-rouge">/etc/sysctl.d</code>) and run <code class="language-plaintext highlighter-rouge">sudo sysctl --system</code>. This step is not required on Debian 11.</p> </li> <li> <p>Installing <code class="language-plaintext highlighter-rouge">fuse-overlayfs</code> is recommended. Run <code class="language-plaintext highlighter-rouge">sudo apt-get install -y fuse-overlayfs</code>. Using <code class="language-plaintext highlighter-rouge">overlay2</code> storage driver with Debian-specific modprobe option <code class="language-plaintext highlighter-rouge">sudo modprobe overlay permit_mounts_in_userns=1</code> is also possible, however, highly discouraged due to <a href="https://github.com/moby/moby/issues/42302">instability</a>.</p> </li> <li> <p>Rootless docker requires version of <code class="language-plaintext highlighter-rouge">slirp4netns</code> greater than <code class="language-plaintext highlighter-rouge">v0.4.0</code> (when <code class="language-plaintext highlighter-rouge">vpnkit</code> is not installed). Check you have this with</p> <div class="highlight"><pre class="highlight" data-language="">$ slirp4netns --version
+</pre></div>  <p>If you do not have this download and install with <code class="language-plaintext highlighter-rouge">sudo apt-get install -y slirp4netns</code> or download the latest <a href="https://github.com/rootless-containers/slirp4netns/releases">release</a>.</p> </li> </ul> </div> <div id="hint-arch" class="tab-pane fade in"> <ul> <li> <p>Installing <code class="language-plaintext highlighter-rouge">fuse-overlayfs</code> is recommended. Run <code class="language-plaintext highlighter-rouge">sudo pacman -S fuse-overlayfs</code>.</p> </li> <li> <p>Add <code class="language-plaintext highlighter-rouge">kernel.unprivileged_userns_clone=1</code> to <code class="language-plaintext highlighter-rouge">/etc/sysctl.conf</code> (or <code class="language-plaintext highlighter-rouge">/etc/sysctl.d</code>) and run <code class="language-plaintext highlighter-rouge">sudo sysctl --system</code></p> </li> </ul> </div> <div id="hint-opensuse-sles" class="tab-pane fade in"> <ul> <li> <p>Installing <code class="language-plaintext highlighter-rouge">fuse-overlayfs</code> is recommended. Run <code class="language-plaintext highlighter-rouge">sudo zypper install -y fuse-overlayfs</code>.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">sudo modprobe ip_tables iptable_mangle iptable_nat iptable_filter</code> is required. This might be required on other distros as well depending on the configuration.</p> </li> <li> <p>Known to work on openSUSE 15 and SLES 15.</p> </li> </ul> </div> <div id="hint-centos8-rhel8-fedora" class="tab-pane fade in"> <ul> <li> <p>Installing <code class="language-plaintext highlighter-rouge">fuse-overlayfs</code> is recommended. Run <code class="language-plaintext highlighter-rouge">sudo dnf install -y fuse-overlayfs</code>.</p> </li> <li> <p>You might need <code class="language-plaintext highlighter-rouge">sudo dnf install -y iptables</code>.</p> </li> <li> <p>Known to work on CentOS 8, RHEL 8, and Fedora 34.</p> </li> </ul> </div> <div id="hint-centos7-rhel7" class="tab-pane fade in"> <ul> <li> <p>Add <code class="language-plaintext highlighter-rouge">user.max_user_namespaces=28633</code> to <code class="language-plaintext highlighter-rouge">/etc/sysctl.conf</code> (or <code class="language-plaintext highlighter-rouge">/etc/sysctl.d</code>) and run <code class="language-plaintext highlighter-rouge">sudo sysctl --system</code>.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">systemctl --user</code> does not work by default. Run <code class="language-plaintext highlighter-rouge">dockerd-rootless.sh</code> directly without systemd.</p> </li> </ul> </div> </div>  <h2 id="known-limitations">Known limitations</h2> <ul> <li>Only the following storage drivers are supported: <ul> <li>
+<code class="language-plaintext highlighter-rouge">overlay2</code> (only if running with kernel 5.11 or later, or Ubuntu-flavored kernel)</li> <li>
+<code class="language-plaintext highlighter-rouge">fuse-overlayfs</code> (only if running with kernel 4.18 or later, and <code class="language-plaintext highlighter-rouge">fuse-overlayfs</code> is installed)</li> <li>
+<code class="language-plaintext highlighter-rouge">btrfs</code> (only if running with kernel 4.18 or later, or <code class="language-plaintext highlighter-rouge">~/.local/share/docker</code> is mounted with <code class="language-plaintext highlighter-rouge">user_subvol_rm_allowed</code> mount option)</li> <li><code class="language-plaintext highlighter-rouge">vfs</code></li> </ul> </li> <li>Cgroup is supported only when running with cgroup v2 and systemd. See <a href="#limiting-resources">Limiting resources</a>.</li> <li>Following features are not supported: <ul> <li>AppArmor</li> <li>Checkpoint</li> <li>Overlay network</li> <li>Exposing SCTP ports</li> </ul> </li> <li>To use the <code class="language-plaintext highlighter-rouge">ping</code> command, see <a href="#routing-ping-packets">Routing ping packets</a>.</li> <li>To expose privileged TCP/UDP ports (&lt; 1024), see <a href="#exposing-privileged-ports">Exposing privileged ports</a>.</li> <li>
+<code class="language-plaintext highlighter-rouge">IPAddress</code> shown in <code class="language-plaintext highlighter-rouge">docker inspect</code> and is namespaced inside RootlessKit’s network namespace. This means the IP address is not reachable from the host without <code class="language-plaintext highlighter-rouge">nsenter</code>-ing into the network namespace.</li> <li>Host network (<code class="language-plaintext highlighter-rouge">docker run --net=host</code>) is also namespaced inside RootlessKit.</li> <li>NFS mounts as the docker “data-root” is not supported. This limitation is not specific to rootless mode.</li> </ul> <h2 id="install">Install</h2> <blockquote> <p><strong>Note</strong></p> <p>If the system-wide Docker daemon is already running, consider disabling it: <code class="language-plaintext highlighter-rouge">$ sudo systemctl disable --now docker.service docker.socket</code></p> </blockquote> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#install-with-packages">With packages (RPM/DEB)</a></li> <li><a data-toggle="tab" data-target="#install-without-packages">Without packages</a></li> </ul> <div class="tab-content"> <div id="install-with-packages" class="tab-pane fade in active"> <p>If you installed Docker 20.10 or later with <a href="../../install/index">RPM/DEB packages</a>, you should have <code class="language-plaintext highlighter-rouge">dockerd-rootless-setuptool.sh</code> in <code class="language-plaintext highlighter-rouge">/usr/bin</code>.</p> <p>Run <code class="language-plaintext highlighter-rouge">dockerd-rootless-setuptool.sh install</code> as a non-root user to set up the daemon:</p> <div class="highlight"><pre class="highlight" data-language="">$ dockerd-rootless-setuptool.sh install
+[INFO] Creating /home/testuser/.config/systemd/user/docker.service
+...
+[INFO] Installed docker.service successfully.
+[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
+[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger testuser`
+
+[INFO] Make sure the following environment variables are set (or add them to ~/.bashrc):
+
+export PATH=/usr/bin:$PATH
+export DOCKER_HOST=unix:///run/user/1000/docker.sock
+</pre></div>  <p>If <code class="language-plaintext highlighter-rouge">dockerd-rootless-setuptool.sh</code> is not present, you may need to install the <code class="language-plaintext highlighter-rouge">docker-ce-rootless-extras</code> package manually, e.g.,</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo apt-get install -y docker-ce-rootless-extras
+</pre></div>  </div> <div id="install-without-packages" class="tab-pane fade in"> <p>If you do not have permission to run package managers like <code class="language-plaintext highlighter-rouge">apt-get</code> and <code class="language-plaintext highlighter-rouge">dnf</code>, consider using the installation script available at <a href="https://get.docker.com/rootless" target="_blank" rel="noopener" class="_">https://get.docker.com/rootless</a>. Since static packages are not available for <code class="language-plaintext highlighter-rouge">s390x</code>, hence it is not supported for <code class="language-plaintext highlighter-rouge">s390x</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ curl -fsSL https://get.docker.com/rootless | sh
+...
+[INFO] Creating /home/testuser/.config/systemd/user/docker.service
+...
+[INFO] Installed docker.service successfully.
+[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
+[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger testuser`
+
+[INFO] Make sure the following environment variables are set (or add them to ~/.bashrc):
+
+export PATH=/home/testuser/bin:$PATH
+export DOCKER_HOST=unix:///run/user/1000/docker.sock
+</pre></div>  <p>The binaries will be installed at <code class="language-plaintext highlighter-rouge">~/bin</code>.</p> </div> </div>  <p>See <a href="#troubleshooting">Troubleshooting</a> if you faced an error.</p> <h2 id="uninstall">Uninstall</h2> <p>To remove the systemd service of the Docker daemon, run <code class="language-plaintext highlighter-rouge">dockerd-rootless-setuptool.sh uninstall</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ dockerd-rootless-setuptool.sh uninstall
++ systemctl --user stop docker.service
++ systemctl --user disable docker.service
+Removed /home/testuser/.config/systemd/user/default.target.wants/docker.service.
+[INFO] Uninstalled docker.service
+[INFO] This uninstallation tool does NOT remove Docker binaries and data.
+[INFO] To remove data, run: `/usr/bin/rootlesskit rm -rf /home/testuser/.local/share/docker`
+</pre></div> <p>Unset environment variables PATH and DOCKER_HOST if you have added them to <code class="language-plaintext highlighter-rouge">~/.bashrc</code>.</p> <p>To remove the data directory, run <code class="language-plaintext highlighter-rouge">rootlesskit rm -rf ~/.local/share/docker</code>.</p> <p>To remove the binaries, remove <code class="language-plaintext highlighter-rouge">docker-ce-rootless-extras</code> package if you installed Docker with package managers. If you installed Docker with https://get.docker.com/rootless (<a href="#install">Install without packages</a>), remove the binary files under <code class="language-plaintext highlighter-rouge">~/bin</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ cd ~/bin
+$ rm -f containerd containerd-shim containerd-shim-runc-v2 ctr docker docker-init docker-proxy dockerd dockerd-rootless-setuptool.sh dockerd-rootless.sh rootlesskit rootlesskit-docker-proxy runc vpnkit
+</pre></div> <h2 id="usage">Usage</h2> <h3 id="daemon">Daemon</h3> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" data-target="#usage-with-systemd">With systemd (Highly recommended)</a></li> <li><a data-toggle="tab" data-target="#usage-without-systemd">Without systemd</a></li> </ul> <div class="tab-content"> <div id="usage-with-systemd" class="tab-pane fade in active"> <p>The systemd unit file is installed as <code class="language-plaintext highlighter-rouge">~/.config/systemd/user/docker.service</code>.</p> <p>Use <code class="language-plaintext highlighter-rouge">systemctl --user</code> to manage the lifecycle of the daemon:</p> <div class="highlight"><pre class="highlight" data-language="">$ systemctl --user start docker
+</pre></div>  <p>To launch the daemon on system startup, enable the systemd service and lingering:</p> <div class="highlight"><pre class="highlight" data-language="">$ systemctl --user enable docker
+$ sudo loginctl enable-linger $(whoami)
+</pre></div>  <p>Starting Rootless Docker as a systemd-wide service (<code class="language-plaintext highlighter-rouge">/etc/systemd/system/docker.service</code>) is not supported, even with the <code class="language-plaintext highlighter-rouge">User=</code> directive.</p> </div> <div id="usage-without-systemd" class="tab-pane fade in"> <p>To run the daemon directly without systemd, you need to run <code class="language-plaintext highlighter-rouge">dockerd-rootless.sh</code> instead of <code class="language-plaintext highlighter-rouge">dockerd</code>.</p> <p>The following environment variables must be set:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">$HOME</code>: the home directory</li> <li>
+<code class="language-plaintext highlighter-rouge">$XDG_RUNTIME_DIR</code>: an ephemeral directory that is only accessible by the expected user, e,g, <code class="language-plaintext highlighter-rouge">~/.docker/run</code>. The directory should be removed on every host shutdown. The directory can be on tmpfs, however, should not be under <code class="language-plaintext highlighter-rouge">/tmp</code>. Locating this directory under <code class="language-plaintext highlighter-rouge">/tmp</code> might be vulnerable to TOCTOU attack.</li> </ul> </div> </div>  <p>Remarks about directory paths:</p> <ul> <li>The socket path is set to <code class="language-plaintext highlighter-rouge">$XDG_RUNTIME_DIR/docker.sock</code> by default. <code class="language-plaintext highlighter-rouge">$XDG_RUNTIME_DIR</code> is typically set to <code class="language-plaintext highlighter-rouge">/run/user/$UID</code>.</li> <li>The data dir is set to <code class="language-plaintext highlighter-rouge">~/.local/share/docker</code> by default. The data dir should not be on NFS.</li> <li>The daemon config dir is set to <code class="language-plaintext highlighter-rouge">~/.config/docker</code> by default. This directory is different from <code class="language-plaintext highlighter-rouge">~/.docker</code> that is used by the client.</li> </ul> <h3 id="client">Client</h3> <p>You need to specify either the socket path or the CLI context explicitly.</p> <p>To specify the socket path using <code class="language-plaintext highlighter-rouge">$DOCKER_HOST</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock
+$ docker run -d -p 8080:80 nginx
+</pre></div> <p>To specify the CLI context using <code class="language-plaintext highlighter-rouge">docker context</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker context use rootless
+rootless
+Current context is now "rootless"
+$ docker run -d -p 8080:80 nginx
+</pre></div> <h2 id="best-practices">Best practices</h2> <h3 id="rootless-docker-in-docker">Rootless Docker in Docker</h3> <p>To run Rootless Docker inside “rootful” Docker, use the <code class="language-plaintext highlighter-rouge">docker:&lt;version&gt;-dind-rootless</code> image instead of <code class="language-plaintext highlighter-rouge">docker:&lt;version&gt;-dind</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d --name dind-rootless --privileged docker:20.10-dind-rootless
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">docker:&lt;version&gt;-dind-rootless</code> image runs as a non-root user (UID 1000). However, <code class="language-plaintext highlighter-rouge">--privileged</code> is required for disabling seccomp, AppArmor, and mount masks.</p> <h3 id="expose-docker-api-socket-through-tcp">Expose Docker API socket through TCP</h3> <p>To expose the Docker API socket through TCP, you need to launch <code class="language-plaintext highlighter-rouge">dockerd-rootless.sh</code> with <code class="language-plaintext highlighter-rouge">DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2376:2376/tcp"</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2376:2376/tcp" \
+  dockerd-rootless.sh \
+  -H tcp://0.0.0.0:2376 \
+  --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem
+</pre></div> <h3 id="expose-docker-api-socket-through-ssh">Expose Docker API socket through SSH</h3> <p>To expose the Docker API socket through SSH, you need to make sure <code class="language-plaintext highlighter-rouge">$DOCKER_HOST</code> is set on the remote host.</p> <div class="highlight"><pre class="highlight" data-language="">$ ssh -l &lt;REMOTEUSER&gt; &lt;REMOTEHOST&gt; 'echo $DOCKER_HOST'
+unix:///run/user/1001/docker.sock
+$ docker -H ssh://&lt;REMOTEUSER&gt;@&lt;REMOTEHOST&gt; run ...
+</pre></div> <h3 id="routing-ping-packets">Routing ping packets</h3> <p>On some distributions, <code class="language-plaintext highlighter-rouge">ping</code> does not work by default.</p> <p>Add <code class="language-plaintext highlighter-rouge">net.ipv4.ping_group_range = 0 2147483647</code> to <code class="language-plaintext highlighter-rouge">/etc/sysctl.conf</code> (or <code class="language-plaintext highlighter-rouge">/etc/sysctl.d</code>) and run <code class="language-plaintext highlighter-rouge">sudo sysctl --system</code> to allow using <code class="language-plaintext highlighter-rouge">ping</code>.</p> <h3 id="exposing-privileged-ports">Exposing privileged ports</h3> <p>To expose privileged ports (&lt; 1024), set <code class="language-plaintext highlighter-rouge">CAP_NET_BIND_SERVICE</code> on <code class="language-plaintext highlighter-rouge">rootlesskit</code> binary and restart the daemon.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo setcap cap_net_bind_service=ep $(which rootlesskit)
+$ systemctl --user restart docker
+</pre></div> <p>Or add <code class="language-plaintext highlighter-rouge">net.ipv4.ip_unprivileged_port_start=0</code> to <code class="language-plaintext highlighter-rouge">/etc/sysctl.conf</code> (or <code class="language-plaintext highlighter-rouge">/etc/sysctl.d</code>) and run <code class="language-plaintext highlighter-rouge">sudo sysctl --system</code>.</p> <h3 id="limiting-resources">Limiting resources</h3> <p>Limiting resources with cgroup-related <code class="language-plaintext highlighter-rouge">docker run</code> flags such as <code class="language-plaintext highlighter-rouge">--cpus</code>, <code class="language-plaintext highlighter-rouge">--memory</code>, <code class="language-plaintext highlighter-rouge">--pids-limit</code> is supported only when running with cgroup v2 and systemd. See <a href="https://docs.docker.com/config/containers/runmetrics/">Changing cgroup version</a> to enable cgroup v2.</p> <p>If <code class="language-plaintext highlighter-rouge">docker info</code> shows <code class="language-plaintext highlighter-rouge">none</code> as <code class="language-plaintext highlighter-rouge">Cgroup Driver</code>, the conditions are not satisfied. When these conditions are not satisfied, rootless mode ignores the cgroup-related <code class="language-plaintext highlighter-rouge">docker run</code> flags. See <a href="#limiting-resources-without-cgroup">Limiting resources without cgroup</a> for workarounds.</p> <p>If <code class="language-plaintext highlighter-rouge">docker info</code> shows <code class="language-plaintext highlighter-rouge">systemd</code> as <code class="language-plaintext highlighter-rouge">Cgroup Driver</code>, the conditions are satisfied. However, typically, only <code class="language-plaintext highlighter-rouge">memory</code> and <code class="language-plaintext highlighter-rouge">pids</code> controllers are delegated to non-root users by default.</p> <div class="highlight"><pre class="highlight" data-language="">$ cat /sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers
+memory pids
+</pre></div> <p>To allow delegation of all controllers, you need to change the systemd configuration as follows:</p> <div class="highlight"><pre class="highlight" data-language=""># mkdir -p /etc/systemd/system/user@.service.d
+# cat &gt; /etc/systemd/system/user@.service.d/delegate.conf &lt;&lt; EOF
+[Service]
+Delegate=cpu cpuset io memory pids
+EOF
+# systemctl daemon-reload
+</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Delegating <code class="language-plaintext highlighter-rouge">cpuset</code> requires systemd 244 or later.</p> </blockquote> <h4 id="limiting-resources-without-cgroup">Limiting resources without cgroup</h4> <p>Even when cgroup is not available, you can still use the traditional <code class="language-plaintext highlighter-rouge">ulimit</code> and <a href="https://github.com/opsengine/cpulimit"><code class="language-plaintext highlighter-rouge">cpulimit</code></a>, though they work in process-granularity rather than in container-granularity, and can be arbitrarily disabled by the container process.</p> <p>For example:</p> <ul> <li>To limit CPU usage to 0.5 cores (similar to <code class="language-plaintext highlighter-rouge">docker run --cpus 0.5</code>): <code class="language-plaintext highlighter-rouge">docker run &lt;IMAGE&gt; cpulimit --limit=50 --include-children &lt;COMMAND&gt;</code>
+</li> <li> <p>To limit max VSZ to 64MiB (similar to <code class="language-plaintext highlighter-rouge">docker run --memory 64m</code>): <code class="language-plaintext highlighter-rouge">docker run &lt;IMAGE&gt; sh -c "ulimit -v 65536; &lt;COMMAND&gt;"</code></p> </li> <li>To limit max number of processes to 100 per namespaced UID 2000 (similar to <code class="language-plaintext highlighter-rouge">docker run --pids-limit=100</code>): <code class="language-plaintext highlighter-rouge">docker run --user 2000 --ulimit nproc=100 &lt;IMAGE&gt; &lt;COMMAND&gt;</code>
+</li> </ul> <h2 id="troubleshooting">Troubleshooting</h2> <h3 id="errors-when-starting-the-docker-daemon">Errors when starting the Docker daemon</h3> <p><strong>[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: operation not permitted</strong></p> <p>This error occurs mostly when the value of <code class="language-plaintext highlighter-rouge">/proc/sys/kernel/unprivileged_userns_clone</code> is set to 0:</p> <div class="highlight"><pre class="highlight" data-language="">$ cat /proc/sys/kernel/unprivileged_userns_clone
+0
+</pre></div> <p>To fix this issue, add <code class="language-plaintext highlighter-rouge">kernel.unprivileged_userns_clone=1</code> to <code class="language-plaintext highlighter-rouge">/etc/sysctl.conf</code> (or <code class="language-plaintext highlighter-rouge">/etc/sysctl.d</code>) and run <code class="language-plaintext highlighter-rouge">sudo sysctl --system</code>.</p> <p><strong>[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: no space left on device</strong></p> <p>This error occurs mostly when the value of <code class="language-plaintext highlighter-rouge">/proc/sys/user/max_user_namespaces</code> is too small:</p> <div class="highlight"><pre class="highlight" data-language="">$ cat /proc/sys/user/max_user_namespaces
+0
+</pre></div> <p>To fix this issue, add <code class="language-plaintext highlighter-rouge">user.max_user_namespaces=28633</code> to <code class="language-plaintext highlighter-rouge">/etc/sysctl.conf</code> (or <code class="language-plaintext highlighter-rouge">/etc/sysctl.d</code>) and run <code class="language-plaintext highlighter-rouge">sudo sysctl --system</code>.</p> <p><strong>[rootlesskit:parent] error: failed to setup UID/GID map: failed to compute uid/gid map: No subuid ranges found for user 1001 (“testuser”)</strong></p> <p>This error occurs when <code class="language-plaintext highlighter-rouge">/etc/subuid</code> and <code class="language-plaintext highlighter-rouge">/etc/subgid</code> are not configured. See <a href="#prerequisites">Prerequisites</a>.</p> <p><strong>could not get XDG_RUNTIME_DIR</strong></p> <p>This error occurs when <code class="language-plaintext highlighter-rouge">$XDG_RUNTIME_DIR</code> is not set.</p> <p>On a non-systemd host, you need to create a directory and then set the path:</p> <div class="highlight"><pre class="highlight" data-language="">$ export XDG_RUNTIME_DIR=$HOME/.docker/xrd
+$ rm -rf $XDG_RUNTIME_DIR
+$ mkdir -p $XDG_RUNTIME_DIR
+$ dockerd-rootless.sh
+</pre></div> <blockquote> <p><strong>Note</strong>: You must remove the directory every time you log out.</p> </blockquote> <p>On a systemd host, log into the host using <code class="language-plaintext highlighter-rouge">pam_systemd</code> (see below). The value is automatically set to <code class="language-plaintext highlighter-rouge">/run/user/$UID</code> and cleaned up on every logout.</p> <p><strong><code class="language-plaintext highlighter-rouge">systemctl --user</code> fails with “Failed to connect to bus: No such file or directory”</strong></p> <p>This error occurs mostly when you switch from the root user to an non-root user with <code class="language-plaintext highlighter-rouge">sudo</code>:</p> <div class="highlight"><pre class="highlight" data-language=""># sudo -iu testuser
+$ systemctl --user start docker
+Failed to connect to bus: No such file or directory
+</pre></div> <p>Instead of <code class="language-plaintext highlighter-rouge">sudo -iu &lt;USERNAME&gt;</code>, you need to log in using <code class="language-plaintext highlighter-rouge">pam_systemd</code>. For example:</p> <ul> <li>Log in through the graphic console</li> <li><code class="language-plaintext highlighter-rouge">ssh &lt;USERNAME&gt;@localhost</code></li> <li><code class="language-plaintext highlighter-rouge">machinectl shell &lt;USERNAME&gt;@</code></li> </ul> <p><strong>The daemon does not start up automatically</strong></p> <p>You need <code class="language-plaintext highlighter-rouge">sudo loginctl enable-linger $(whoami)</code> to enable the daemon to start up automatically. See <a href="#usage">Usage</a>.</p> <p><strong>iptables failed: iptables -t nat -N DOCKER: Fatal: can’t open lock file /run/xtables.lock: Permission denied</strong></p> <p>This error may happen with an older version of Docker when SELinux is enabled on the host.</p> <p>The issue has been fixed in Docker 20.10.8. A known workaround for older version of Docker is to run the following commands to disable SELinux for <code class="language-plaintext highlighter-rouge">iptables</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo dnf install -y policycoreutils-python-utils &amp;&amp; sudo semanage permissive -a iptables_t
+</pre></div> <h3 id="docker-pull-errors">
+<code class="language-plaintext highlighter-rouge">docker pull</code> errors</h3> <p><strong>docker: failed to register layer: Error processing tar file(exit status 1): lchown &lt;FILE&gt;: invalid argument</strong></p> <p>This error occurs when the number of available entries in <code class="language-plaintext highlighter-rouge">/etc/subuid</code> or <code class="language-plaintext highlighter-rouge">/etc/subgid</code> is not sufficient. The number of entries required vary across images. However, 65,536 entries are sufficient for most images. See <a href="#prerequisites">Prerequisites</a>.</p> <p><strong>docker: failed to register layer: ApplyLayer exit status 1 stdout: stderr: lchown &lt;FILE&gt;: operation not permitted</strong></p> <p>This error occurs mostly when <code class="language-plaintext highlighter-rouge">~/.local/share/docker</code> is located on NFS.</p> <p>A workaround is to specify non-NFS <code class="language-plaintext highlighter-rouge">data-root</code> directory in <code class="language-plaintext highlighter-rouge">~/.config/docker/daemon.json</code> as follows:</p> <div class="highlight"><pre class="highlight" data-language="">{"data-root":"/somewhere-out-of-nfs"}
+</pre></div> <h3 id="docker-run-errors">
+<code class="language-plaintext highlighter-rouge">docker run</code> errors</h3> <p><strong>docker: Error response from daemon: OCI runtime create failed: ...: read unix @-&gt;/run/systemd/private: read: connection reset by peer: unknown.</strong></p> <p>This error occurs on cgroup v2 hosts mostly when the dbus daemon is not running for the user.</p> <div class="highlight"><pre class="highlight" data-language="">$ systemctl --user is-active dbus
+inactive
+
+$ docker run hello-world
+docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:385: applying cgroup configuration for process caused: error while starting unit "docker
+-931c15729b5a968ce803784d04c7421f791d87e5ca1891f34387bb9f694c488e.scope" with properties [{Name:Description Value:"libcontainer container 931c15729b5a968ce803784d04c7421f791d87e5ca1891f34387bb9f694c488e"} {Name:Slice Value:"use
+r.slice"} {Name:PIDs Value:@au [4529]} {Name:Delegate Value:true} {Name:MemoryAccounting Value:true} {Name:CPUAccounting Value:true} {Name:IOAccounting Value:true} {Name:TasksAccounting Value:true} {Name:DefaultDependencies Val
+ue:false}]: read unix @-&gt;/run/systemd/private: read: connection reset by peer: unknown.
+</pre></div> <p>To fix the issue, run <code class="language-plaintext highlighter-rouge">sudo apt-get install -y dbus-user-session</code> or <code class="language-plaintext highlighter-rouge">sudo dnf install -y dbus-daemon</code>, and then relogin.</p> <p>If the error still occurs, try running <code class="language-plaintext highlighter-rouge">systemctl --user enable --now dbus</code> (without sudo).</p> <p><strong><code class="language-plaintext highlighter-rouge">--cpus</code>, <code class="language-plaintext highlighter-rouge">--memory</code>, and <code class="language-plaintext highlighter-rouge">--pids-limit</code> are ignored</strong></p> <p>This is an expected behavior on cgroup v1 mode. To use these flags, the host needs to be configured for enabling cgroup v2. For more information, see <a href="#limiting-resources">Limiting resources</a>.</p> <h3 id="networking-errors">Networking errors</h3> <p><strong><code class="language-plaintext highlighter-rouge">docker run -p</code> fails with <code class="language-plaintext highlighter-rouge">cannot expose privileged port</code></strong></p> <p><code class="language-plaintext highlighter-rouge">docker run -p</code> fails with this error when a privileged port (&lt; 1024) is specified as the host port.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -p 80:80 nginx:alpine
+docker: Error response from daemon: driver failed programming external connectivity on endpoint focused_swanson (9e2e139a9d8fc92b37c36edfa6214a6e986fa2028c0cc359812f685173fa6df7): Error starting userland proxy: error while calling PortManager.AddPort(): cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or set CAP_NET_BIND_SERVICE on rootlesskit binary, or choose a larger port number (&gt;= 1024): listen tcp 0.0.0.0:80: bind: permission denied.
+</pre></div> <p>When you experience this error, consider using an unprivileged port instead. For example, 8080 instead of 80.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -p 8080:80 nginx:alpine
+</pre></div> <p>To allow exposing privileged ports, see <a href="#exposing-privileged-ports">Exposing privileged ports</a>.</p> <p><strong>ping doesn’t work</strong></p> <p>Ping does not work when <code class="language-plaintext highlighter-rouge">/proc/sys/net/ipv4/ping_group_range</code> is set to <code class="language-plaintext highlighter-rouge">1 0</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ cat /proc/sys/net/ipv4/ping_group_range
+1       0
+</pre></div> <p>For details, see <a href="#routing-ping-packets">Routing ping packets</a>.</p> <p><strong><code class="language-plaintext highlighter-rouge">IPAddress</code> shown in <code class="language-plaintext highlighter-rouge">docker inspect</code> is unreachable</strong></p> <p>This is an expected behavior, as the daemon is namespaced inside RootlessKit’s network namespace. Use <code class="language-plaintext highlighter-rouge">docker run -p</code> instead.</p> <p><strong><code class="language-plaintext highlighter-rouge">--net=host</code> doesn’t listen ports on the host network namespace</strong></p> <p>This is an expected behavior, as the daemon is namespaced inside RootlessKit’s network namespace. Use <code class="language-plaintext highlighter-rouge">docker run -p</code> instead.</p> <p><strong>Network is slow</strong></p> <p>Docker with rootless mode uses <a href="https://github.com/rootless-containers/slirp4netns">slirp4netns</a> as the default network stack if slirp4netns v0.4.0 or later is installed. If slirp4netns is not installed, Docker falls back to <a href="https://github.com/moby/vpnkit">VPNKit</a>.</p> <p>Installing slirp4netns may improve the network throughput. See <a href="https://github.com/rootless-containers/rootlesskit/tree/v0.13.0#network-drivers">RootlessKit documentation</a> for the benchmark result.</p> <p>Also, changing MTU value may improve the throughput. The MTU value can be specified by creating <code class="language-plaintext highlighter-rouge">~/.config/systemd/user/docker.service.d/override.conf</code> with the following content:</p> <div class="highlight"><pre class="highlight" data-language="">[Service]
+Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=&lt;INTEGER&gt;"
+</pre></div> <p>And then restart the daemon:</p> <div class="highlight"><pre class="highlight" data-language="">$ systemctl --user daemon-reload
+$ systemctl --user restart docker
+</pre></div> <p><strong><code class="language-plaintext highlighter-rouge">docker run -p</code> does not propagate source IP addresses</strong></p> <p>This is because Docker with rootless mode uses RootlessKit’s builtin port driver by default.</p> <p>The source IP addresses can be propagated by creating <code class="language-plaintext highlighter-rouge">~/.config/systemd/user/docker.service.d/override.conf</code> with the following content:</p> <div class="highlight"><pre class="highlight" data-language="">[Service]
+Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
+</pre></div> <p>And then restart the daemon:</p> <div class="highlight"><pre class="highlight" data-language="">$ systemctl --user daemon-reload
+$ systemctl --user restart docker
+</pre></div> <p>Note that this configuration decreases throughput. See <a href="https://github.com/rootless-containers/rootlesskit/tree/v0.13.0#port-drivers">RootlessKit documentation</a> for the benchmark result.</p> <h3 id="tips-for-debugging">Tips for debugging</h3> <p><strong>Entering into <code class="language-plaintext highlighter-rouge">dockerd</code> namespaces</strong></p> <p>The <code class="language-plaintext highlighter-rouge">dockerd-rootless.sh</code> script executes <code class="language-plaintext highlighter-rouge">dockerd</code> in its own user, mount, and network namespaces.</p> <p>For debugging, you can enter the namespaces by running <code class="language-plaintext highlighter-rouge">nsenter -U --preserve-credentials -n -m -t $(cat $XDG_RUNTIME_DIR/docker.pid)</code>.</p> 
+<p><a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=namespaces">namespaces</a>, <a href="https://docs.docker.com/search/?q=rootless">rootless</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/rootless/" class="_attribution-link">https://docs.docker.com/engine/security/rootless/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Fseccomp%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Fseccomp%2Findex.html
new file mode 100644
index 00000000..2fdd4fd4
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Fseccomp%2Findex.html
@@ -0,0 +1,18 @@
+<h1>Seccomp security profiles for Docker</h1>
+
+<p>Secure computing mode (<code class="language-plaintext highlighter-rouge">seccomp</code>) is a Linux kernel feature. You can use it to restrict the actions available within the container. The <code class="language-plaintext highlighter-rouge">seccomp()</code> system call operates on the seccomp state of the calling process. You can use this feature to restrict your application’s access.</p> <p>This feature is available only if Docker has been built with <code class="language-plaintext highlighter-rouge">seccomp</code> and the kernel is configured with <code class="language-plaintext highlighter-rouge">CONFIG_SECCOMP</code> enabled. To check if your kernel supports <code class="language-plaintext highlighter-rouge">seccomp</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ grep CONFIG_SECCOMP= /boot/config-$(uname -r)
+CONFIG_SECCOMP=y
+</pre></div> <h2 id="pass-a-profile-for-a-container">Pass a profile for a container</h2> <p>The default <code class="language-plaintext highlighter-rouge">seccomp</code> profile provides a sane default for running containers with seccomp and disables around 44 system calls out of 300+. It is moderately protective while providing wide application compatibility. The default Docker profile can be found <a href="https://github.com/moby/moby/blob/master/profiles/seccomp/default.json">here</a>.</p> <p>In effect, the profile is a allowlist which denies access to system calls by default, then allowlists specific system calls. The profile works by defining a <code class="language-plaintext highlighter-rouge">defaultAction</code> of <code class="language-plaintext highlighter-rouge">SCMP_ACT_ERRNO</code> and overriding that action only for specific system calls. The effect of <code class="language-plaintext highlighter-rouge">SCMP_ACT_ERRNO</code> is to cause a <code class="language-plaintext highlighter-rouge">Permission Denied</code> error. Next, the profile defines a specific list of system calls which are fully allowed, because their <code class="language-plaintext highlighter-rouge">action</code> is overridden to be <code class="language-plaintext highlighter-rouge">SCMP_ACT_ALLOW</code>. Finally, some specific rules are for individual system calls such as <code class="language-plaintext highlighter-rouge">personality</code>, and others, to allow variants of those system calls with specific arguments.</p> <p><code class="language-plaintext highlighter-rouge">seccomp</code> is instrumental for running Docker containers with least privilege. It is not recommended to change the default <code class="language-plaintext highlighter-rouge">seccomp</code> profile.</p> <p>When you run a container, it uses the default profile unless you override it with the <code class="language-plaintext highlighter-rouge">--security-opt</code> option. For example, the following explicitly specifies a policy:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --rm \
+             -it \
+             --security-opt seccomp=/path/to/seccomp/profile.json \
+             hello-world
+</pre></div> <h3 id="significant-syscalls-blocked-by-the-default-profile">Significant syscalls blocked by the default profile</h3> <p>Docker’s default seccomp profile is an allowlist which specifies the calls that are allowed. The table below lists the significant (but not all) syscalls that are effectively blocked because they are not on the Allowlist. The table includes the reason each syscall is blocked rather than white-listed.</p> <table> <thead> <tr> <th>Syscall</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">acct</code></td> <td>Accounting syscall which could let containers disable their own resource limits or process accounting. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_PACCT</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">add_key</code></td> <td>Prevent containers from using the kernel keyring, which is not namespaced.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">bpf</code></td> <td>Deny loading potentially persistent bpf programs into kernel, already gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">clock_adjtime</code></td> <td>Time/date is not namespaced. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_TIME</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">clock_settime</code></td> <td>Time/date is not namespaced. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_TIME</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">clone</code></td> <td>Deny cloning new namespaces. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code> for CLONE_* flags, except <code class="language-plaintext highlighter-rouge">CLONE_NEWUSER</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">create_module</code></td> <td>Deny manipulation and functions on kernel modules. Obsolete. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_MODULE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">delete_module</code></td> <td>Deny manipulation and functions on kernel modules. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_MODULE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">finit_module</code></td> <td>Deny manipulation and functions on kernel modules. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_MODULE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">get_kernel_syms</code></td> <td>Deny retrieval of exported kernel and module symbols. Obsolete.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">get_mempolicy</code></td> <td>Syscall that modifies kernel memory and NUMA settings. Already gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_NICE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">init_module</code></td> <td>Deny manipulation and functions on kernel modules. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_MODULE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">ioperm</code></td> <td>Prevent containers from modifying kernel I/O privilege levels. Already gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_RAWIO</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">iopl</code></td> <td>Prevent containers from modifying kernel I/O privilege levels. Already gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_RAWIO</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">kcmp</code></td> <td>Restrict process inspection capabilities, already blocked by dropping <code class="language-plaintext highlighter-rouge">CAP_SYS_PTRACE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">kexec_file_load</code></td> <td>Sister syscall of <code class="language-plaintext highlighter-rouge">kexec_load</code> that does the same thing, slightly different arguments. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_BOOT</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">kexec_load</code></td> <td>Deny loading a new kernel for later execution. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_BOOT</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">keyctl</code></td> <td>Prevent containers from using the kernel keyring, which is not namespaced.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">lookup_dcookie</code></td> <td>Tracing/profiling syscall, which could leak a lot of information on the host. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">mbind</code></td> <td>Syscall that modifies kernel memory and NUMA settings. Already gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_NICE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">mount</code></td> <td>Deny mounting, already gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">move_pages</code></td> <td>Syscall that modifies kernel memory and NUMA settings.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">name_to_handle_at</code></td> <td>Sister syscall to <code class="language-plaintext highlighter-rouge">open_by_handle_at</code>. Already gated by <code class="language-plaintext highlighter-rouge">CAP_DAC_READ_SEARCH</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">nfsservctl</code></td> <td>Deny interaction with the kernel nfs daemon. Obsolete since Linux 3.1.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">open_by_handle_at</code></td> <td>Cause of an old container breakout. Also gated by <code class="language-plaintext highlighter-rouge">CAP_DAC_READ_SEARCH</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">perf_event_open</code></td> <td>Tracing/profiling syscall, which could leak a lot of information on the host.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">personality</code></td> <td>Prevent container from enabling BSD emulation. Not inherently dangerous, but poorly tested, potential for a lot of kernel vulns.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">pivot_root</code></td> <td>Deny <code class="language-plaintext highlighter-rouge">pivot_root</code>, should be privileged operation.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">process_vm_readv</code></td> <td>Restrict process inspection capabilities, already blocked by dropping <code class="language-plaintext highlighter-rouge">CAP_SYS_PTRACE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">process_vm_writev</code></td> <td>Restrict process inspection capabilities, already blocked by dropping <code class="language-plaintext highlighter-rouge">CAP_SYS_PTRACE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">ptrace</code></td> <td>Tracing/profiling syscall. Blocked in Linux kernel versions before 4.8 to avoid seccomp bypass. Tracing/profiling arbitrary processes is already blocked by dropping <code class="language-plaintext highlighter-rouge">CAP_SYS_PTRACE</code>, because it could leak a lot of information on the host.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">query_module</code></td> <td>Deny manipulation and functions on kernel modules. Obsolete.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">quotactl</code></td> <td>Quota syscall which could let containers disable their own resource limits or process accounting. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">reboot</code></td> <td>Don’t let containers reboot the host. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_BOOT</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">request_key</code></td> <td>Prevent containers from using the kernel keyring, which is not namespaced.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">set_mempolicy</code></td> <td>Syscall that modifies kernel memory and NUMA settings. Already gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_NICE</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">setns</code></td> <td>Deny associating a thread with a namespace. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">settimeofday</code></td> <td>Time/date is not namespaced. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_TIME</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">stime</code></td> <td>Time/date is not namespaced. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_TIME</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">swapon</code></td> <td>Deny start/stop swapping to file/device. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">swapoff</code></td> <td>Deny start/stop swapping to file/device. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">sysfs</code></td> <td>Obsolete syscall.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">_sysctl</code></td> <td>Obsolete, replaced by /proc/sys.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">umount</code></td> <td>Should be a privileged operation. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">umount2</code></td> <td>Should be a privileged operation. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">unshare</code></td> <td>Deny cloning new namespaces for processes. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>, with the exception of <code class="language-plaintext highlighter-rouge">unshare --user</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">uselib</code></td> <td>Older syscall related to shared libraries, unused for a long time.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">userfaultfd</code></td> <td>Userspace page fault handling, largely needed for process migration.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">ustat</code></td> <td>Obsolete syscall.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">vm86</code></td> <td>In kernel x86 real mode virtual machine. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> <tr> <td><code class="language-plaintext highlighter-rouge">vm86old</code></td> <td>In kernel x86 real mode virtual machine. Also gated by <code class="language-plaintext highlighter-rouge">CAP_SYS_ADMIN</code>.</td> </tr> </tbody> </table> <h2 id="run-without-the-default-seccomp-profile">Run without the default seccomp profile</h2> <p>You can pass <code class="language-plaintext highlighter-rouge">unconfined</code> to run a container without the default seccomp profile.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run --rm -it --security-opt seccomp=unconfined debian:jessie \
+    unshare --map-root-user --user sh -c whoami
+</pre></div> 
+<p><a href="https://docs.docker.com/search/?q=seccomp">seccomp</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/seccomp/" class="_attribution-link">https://docs.docker.com/engine/security/seccomp/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Ftrust%2Fdeploying_notary%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Fdeploying_notary%2Findex.html
new file mode 100644
index 00000000..29ca9ef3
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Fdeploying_notary%2Findex.html
@@ -0,0 +1,11 @@
+<h1>Deploy Notary Server with Compose</h1>
+<p>The easiest way to deploy Notary Server is by using Docker Compose. To follow the procedure on this page, you must have already <a href="../../../../compose/install/index">installed Docker Compose</a>.</p> <ol> <li> <p>Clone the Notary repository.</p> <div class="highlight"><pre class="highlight" data-language="">git clone https://github.com/theupdateframework/notary.git
+</pre></div>  </li> <li> <p>Build and start Notary Server with the sample certificates.</p> <div class="highlight"><pre class="highlight" data-language="">docker-compose up -d
+</pre></div>  </li> </ol> <p>For more detailed documentation about how to deploy Notary Server, see the <a href="https://github.com/theupdateframework/notary/blob/master/docs/running_a_service/" target="_blank" rel="noopener" class="_">instructions to run a Notary service</a> as well as <a href="https://github.com/theupdateframework/notary" target="_blank" rel="noopener" class="_">the Notary repository</a> for more information.</p> <ol> <li>Make sure that your Docker or Notary client trusts Notary Server’s certificate before you try to interact with the Notary server.</li> </ol> <p>See the instructions for <a href="../../../reference/commandline/cli/index#notary">Docker</a> or for <a href="https://github.com/docker/notary#using-notary">Notary</a> depending on which one you are using.</p> <h2 id="if-you-want-to-use-notary-in-production">If you want to use Notary in production</h2> <p>Check back here for instructions after Notary Server has an official stable release. To get a head start on deploying Notary in production, see <a href="https://github.com/theupdateframework/notary">the Notary repository</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=trust">trust</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=notary">notary</a>, <a href="https://docs.docker.com/search/?q=deployment">deployment</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/trust/deploying_notary/" class="_attribution-link">https://docs.docker.com/engine/security/trust/deploying_notary/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Ftrust%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Findex.html
new file mode 100644
index 00000000..604b4152
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Findex.html
@@ -0,0 +1,69 @@
+<h1>Content trust in Docker</h1>
+
+<p>When transferring data among networked systems, <em>trust</em> is a central concern. In particular, when communicating over an untrusted medium such as the internet, it is critical to ensure the integrity and the publisher of all the data a system operates on. You use the Docker Engine to push and pull images (data) to a public or private registry. Content trust gives you the ability to verify both the integrity and the publisher of all the data received from a registry over any channel.</p> <h2 id="about-docker-content-trust-dct">About Docker Content Trust (DCT)</h2> <p>Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags.</p> <p>Through DCT, image publishers can sign their images and image consumers can ensure that the images they pull are signed. Publishers could be individuals or organizations manually signing their content or automated software supply chains signing content as part of their release process.</p> <h3 id="image-tags-and-dct">Image tags and DCT</h3> <p>An individual image record has the following identifier:</p> <div class="highlight"><pre class="highlight" data-language="">[REGISTRY_HOST[:REGISTRY_PORT]/]REPOSITORY[:TAG]
+</pre></div> <p>A particular image <code class="language-plaintext highlighter-rouge">REPOSITORY</code> can have multiple tags. For example, <code class="language-plaintext highlighter-rouge">latest</code> and <code class="language-plaintext highlighter-rouge">3.1.2</code> are both tags on the <code class="language-plaintext highlighter-rouge">mongo</code> image. An image publisher can build an image and tag combination many times changing the image with each build.</p> <p>DCT is associated with the <code class="language-plaintext highlighter-rouge">TAG</code> portion of an image. Each image repository has a set of keys that image publishers use to sign an image tag. Image publishers have discretion on which tags they sign.</p> <p>An image repository can contain an image with one tag that is signed and another tag that is not. For example, consider <a href="https://hub.docker.com/r/library/mongo/tags/">the Mongo image repository</a>. The <code class="language-plaintext highlighter-rouge">latest</code> tag could be unsigned while the <code class="language-plaintext highlighter-rouge">3.1.6</code> tag could be signed. It is the responsibility of the image publisher to decide if an image tag is signed or not. In this representation, some image tags are signed, others are not:</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABBkAAAKpCAMAAADOuwSPAAABZVBMVEX///84dh39/v5smL/x9PgAAAA5ZqDO3eoLU5TP4vP+/v+fvNXT5fQ6dKn7/PzC0uPa6fY8daqUsc61yN3m8PkXXJlFb6bm7fQjZJ/O2ugvbKSEqclhkLqFhYXa4+70+Pza29opKyxGfa6Zt9Nplb2MrMuqxNvr8vkSEhOAosX3+v3J2+pUhrRQhLIiIyTF1+aCgoLv9fuxwdCds9Bai7fz9PPN3/B8msBnibZdgrJReaypv9je6PG8z+A+P0Hu7+5qjLf4+PgzNjkbHB7MzMyqqqpVWl7W3ePU1NR2n8NkZmdLTU7ExMRbjkejo6O8vLy0tLTe6/fo6ujh7fepucZucHLf39/j5eOKpMejsb/W4u10k7yTk5Obm5uLi4t2om62x9Z7hpBpmVtyeoKKl6OFkZtBfCibqbZOhTkQVpeGrYSXuqPT4OwKU5P2+fuuyKORn6uWpLDE1ryZuYs3dh2xzMkqR2TZ84HAAAAgAElEQVR42uzd3U/bShqA8Qhi16oFFrZISMJGKSEI7wJFCogkpny0FBFAFFUqoKbtzbmK1Oz/f7l+7YQk5Bv2JjPPb8/6AOWGlDxnPB6PEwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/7b3qkJK8OoKn8ztoom1u8PICmYdiwWiMc5HZ4fQBdw2BZrSFxsMIwrG7wAgHahmG4MAwWZQAIw0AYKANAGAbDQBkAwjAYBsoAEIbBMFAGQDvHKxPDQBkA7UYMU4SBMgCaSW65o3y0O2FoUgZAL876SMXu/ANlAPRijzyXsPznMjBmACjDYBmsdV4ogDK8LEN2K3fQo/6X1w1QvQybUQDqS1EMsnJ01/rLkLX7Vjxk7TqvG6BLGVqjytAfhmbWXuGmbGgqH5TLjTO/XPbSOpShNW7MMDBiWLEoAzSUDBops6vmO/qcTeSWms1mWAY5tssgJehqLcmnlAHaSfu9WWjHoZxWuAx1r1gsZotb4bEZbNm2bX0M5BiXoT8MVhQGygDtxgt+3IJUw3UDp+y6lfbnZXXLsNrVHLg2MWzEQBmgGy8VDxEyyS7nKf5iRtUyjLtqOTBiiM45KAP0GjCcSQIqTvKloCZ/EOhXhpcjhiAOA2WAVmGoytBgsAvClXGDr1sZ1l+MGDphoAzQSF7C8JRODhf9aVXJMixudK9X5qJjMb7Hsvgz13uDVc7rhIEyQKMRg4wKguRoR2qOGsaUwXZyvYKSRRmgnbMJYQjPKJRMQ08ZWj1lkAWR9mbfycXuOmWAdkrh295LjiejBke9MvgH8oC60kZ4sOydpaUla2tDjpQByIRvejc5ScM0U0nlyhCeJpRKa8VieLRKpXq9bhV9OUoZes80KAP0UzPNxsQwJNMp0ywpVwYrOnUYgjJAd144GMhPLkMy/D4zr14ZrHFlaFEG6CpZm+Zcon0+4VMGygB9hgzpqcrghIOGtGJlGH3VcjOeg8gGtsxBUAbopjHtkCGZrJhmWaMyrHVRBmh3MiGzB1OWIVBtJeTwMrSsznqGZvQ/+YcyQL+TieqUYUimVTudsPvmEl6OGVjPAL1PJsrTlkFOJzy1yhCvZ4jnErxo55Z3drRzS1iGeKen0hplgIZSppmZugyuYlcn7L65BNm9ZbV9pAzQW15WNk4tE363WmVobwk99KplvKM0ZYCOgqnWPz5LqbXYafx6BsYM0NfZLNMM0WKnQKkyjLtqGe8b+ykIj5QBmpnhmmX7uuWZNmWI942NjpQBesmYZm2GMCTzYUnULwP7M0B3JdM8mqUMcpOFo1IZ6rsyJMityLiguJHNZq1gSY7MM0Br1Ul7Ob30pNSt2LaVk7mEtSCaS7DdXC5neSU5UgboTJZGp2cqg6fUAmmuTQDDODMsjVZxgTRlAEZMMzzNVga1Fkjb1kb07t+I3v2b8fG5DEVZM938VOQubOimNnlnWKUXSNt94wI3OtpW313YTe7ChnbSM08zKLZAenwZuGoJPb33TLOSnJVKC6QnjRnkgzXmGaAbf/rtnLpbvlUVWiBtW8X6wcFBc2sxPFqf6pubm9bHTTlGu71lu72gDNBrmsGsTL+eIe25FXkutjoLpG1r90DKIIcDa0O0j5QBGitF7/OaO92dE2WzY/43g0zbMjLwuw+rHHjsBGWAxhMNTiN+qze86R43IR1pBPM/zZCO3+fZ3Nj1DPa6jB62duRIGaCXdDkVveGrk65RZMLvq5U8JVY5tcMwqQz1nMw4+NHsA2WAdjx5EvakG6vSVXUea9kJg5TB7zljiO6/bnLVEui8VRqT0pCRycqMYmGgDMAE/vgTCjmVUGVRdDcMvWVodZ400VMGZiABSUPKG70iWsUwWNnS2DEDZQAS0TXJyrDrl46cSaQUOZX49/HHrp+2Fbi5nG99jPZkeFd0Xbf5Mzy4lAFoi84YzIbzcufHWnzpQpGf8nhptevAtbKifYzunWrFd1BJGdwN+che4o4qaC3pxwsWjoLOyCFTbkS5SKnznNvjbO+0ots7ydjqEa9niO6/9lzuwobW8n7qeZVjqlKpPH9i1oK0OmVYjfaGjo79ZegshGyxQyzwPGAo18xxGo4qZYjvq7TbZei9n3IjmoHc4Kol0NFeCZlqlB3HfR4tyKfeUzX+pJpRsQysZwBG8qLxQuqp++jbjOM4+e49lnErGmlFytCiDMDkEwm/PZcw7gk0R6lowYMCZQgO5A4pT+61pgzASHJHxOhFTt0bJ56UuP86HDP4i4uLVqkeHsMytO+njGrxaV32anCivRooAzSXT0XnCdPs5iTnHI25L0P/VctFv3s/ZViEnQMr/P8OZQBhCAcMzpR7Oh2Zc79x9Jj1DAN3YVMG6DvHIGHITL3fm6ShNOdlWFmRt3d0pAzA8DBUZwpDnAZvvssgkwhW/Azs5xlInxlIoIdsBJmZaevoRpiStHJl4NoE0DvJIFcbZnyuZWq+ZyEpAzDR2SueROPM9+ZOYRlKOzs7uzk/PG5SBmCQF54Z5Gd+RtWRaVbnuQyr66HdJTmGZQhK9Xrdcnw5ZmSXhua7nOzVQBmg9ZDhaeYwJOUUJD/HZYjut47vug7PJlZE+9i7VwNlgLbkebezDxmiSUh/jssQ31e5usZVS2Cokmk2XhEGmWmY3/3lj7MHO70zkJQBeCFlms5rypCszfGahpfXJigD0C8v/+l/lac5XgjZU4YWZQAGvPdeccny+QmXZ3NcBl9uwM4thodNygC85Jum+7oyyNWJ+S3DUk7uv96RI2UABlRfO80QTTRk5rYM3GsJjBP+h/+VYUhWKANAGYataChTBkBF6TeUwaUMgKIyplmlDJQBGChD5Q1l8PUtQ45fHjBmGFWGhrZl2P3JLw8Un2d45XoGeWp2oGsZCAMUJzu9VV5xr2XalefWJDUtA2GA6uJHUzWC9GzjhfhhVXO7QcMby0AYoMmoQQYOrjNdHZzyUfxg3LM537nl1WUgDNBC/uz5qdeVIzdwRhTCcTzXrVQ731ub523l31QGwgBdpMs184VapUf15Z+m/Mxc/8BvKcPuX35hoFEcPH/g/T9crRHk5/2nfUMZCAO08j46r3DK5cZZbXgRUmdnpbKXUeKnfX0ZCAP0lumTVOyn6y9DcfoyuIQBUPncaavrP3+3Rjr+2Pfp32NeOwAAAGDQ+QfDMLbvFnglAPSUYe+2ULg37nX7uQ/P+bsHxpXhMDxe/0lcfTCuTxMPN9fbD78M49dC4iL8wvfEw+Uf4+RKsR964Xc4UPpxyN8+MLoM35eXr7bvvxu/H69PlgvG9e/7L4Vb46Jg/H643JMvFK5vFDvZ+PHl4vDh880yf/3AuHkG4+b0697pacF4KGyfJr5ufzt8XL4Lc3C4fSFfKHxQqwwFoxAeH/bPO+Oim33j8urG+Nfyw80/xs1D4n7b+HzRGS7tf00kri6pCLSbZ7i6CN8oXyUQ4Uhh7zyxvG8Yl493fyQb4ReWlSvDxZ68z9+/TzyPi35cfTbu741C+NHjj70L49vjPyed4dLX8Lv39/lNgY7zDInE3cny8vLtaeFkIfH4eH7x4c/dtfzhhXxBtTLcdc6OesZFd5eJhZPwo8PwC7e3icP7k4X2cOm78XC+d8VvCnQrw2n07yvj2/Kd8V0i8Hvv9Pzkz4Vxe/7ry6F8QbEyvJf3vwwdzp/HRecJ+fDyQn7S8w+3f+QEa6EzXLr+fbXHyQQ0LYOcTmx/S8gQ4X/sXd1r6soXDZLkwQsGEkjIQ6XnQdCXnkAQv2iNnipipS2CrdzYvvxe7////Js9iZ9NYjSTHm3WgstFj05V9qxZ+2P2bo4p8MCfeORP0H8/Ce/KCxGD8raji0JmYBwxuFv9mVQmTDOEcmk2nK5gKEBxOaIf7v+y1ORn6uDHpvVu6i/9WX1a2tFFITMoo8rq7vlu0H+6G6zlUvOX8gbzAICfj8pnWM+w1UUhM9QflPrk7U5RburvG7n0ifwmABSEG8IayANdxIiAP9HcpYLSeIQfDACKgXI56tnJr6/qYKL8QbUkABQag4jsZP/1HT8MABRcSuAnAAAAAAAAAAAAAAAAAAoMBQAOgF0BMGbAT1BCx0qYBAAzOMTMeYEZwCQAmAE0A0wCgBlAM8AkAJgBNANMAoAZCMGj8wozgEkAMANoBpgEADOAZoBJADADaAaYBAAzgGaASQAwA2gGmAQAM/g2TBz0ZIRJACnMYBHcq/m1eIx700IZ75+zldEV9zWEZgAzAGnMYLq5dBdXHDhVHvbans7u6n1oBjAD8OM1w8doNHpSDvb/Fi/Po9I+U9ShGcAMwI9nBt7zvPJLISUwmQ6HCz5QaTIeDl9ni8VAGjkfJan5MRwOpy9sW30weTFdOYvRavh06yxoHktzsfi8kg13C80AZgDSMQNXABNFuRtIrxu/4iV0MRhdTJWnymAYPHyWpDH9/+EXf3jLFMeMJjwqN9AMYAbgB5lBme3th6enukKbu3mn1Ecj4ogm2/nO7IEzw0J5KjHi+JzP6sQeIxrc9sz+vT59qLDnF5LkMI64kl/g1nmGGYAZgFRxhgBOhYTCM5/V+Eg7no9q3TLDcDWZvVdC/2PAmGEiDaTKA3vAXvZwNYMboRnADEAKMygxZrghdmBHP3HCcEh+w+Otoqy4oAiZYV7n7DGlEMSUPcmYIZji+sxezJyJq3He38RqBtm2Xdewq4KWq9qG69o2mAG4BM3wp8njCyPODAE+GDN8BEGIgBmkdycIO8yDJxkzBEUOcyY2PpX69cxnE6gZZMNXQ3Rr2bezXeuul/MNGcwA/O04A+Uk2L6vvxEzMH54m70NGDOMK9L8bs0MzduX98fVA483ht7EE99iJV4PMb0aiS5QM/RMdRdeNm6wvb3VTAPMAPxlzUDMQBHHp8q7ovyZzJk78UhxhOnobhOBXDGfo1K5Yf/CvYnR65oZgiTG7Hp+AlGaoRoc8J32UvfbAUfUzj/o5VrAB21fX7Y7gQypghmAv8gMU84MlHhUXqWbwJlgEmAna8njDOFDijTeBFnLIM7AOeXueiqf3p0PIesYRAZdtyoHMFqcJs6lBpmTQcsIV6u6RDumBmYA/mqcgdc6r5R1SlJxeIHDWKm/hHGGcUl6414DlTVJ70xKjIebyxSrKypmEKYZDNq5uryDKsUcTOus1SyiGb+6u5xOTxlgBuBSnMrBvD+g/42dVVMqPa2VgVSWmv35IHxRv79NUpbGlL+8FpTnQjSDTQLBlvfRO1c1cMXQO1jNpidtMANwMU5luUzMQHGHj6eY2CJ/Ccd88cC0RuWKfgIRmoHO+I4lH0Jje7lxxnIN9j7ty2pW52wNAmYAcjODMIFZv01+2eTK4o/S3FllX8SnPSt/Re+sY96OUAycGszziAbMAORpBm+r6eJ/z/2jG23x+XhVP4EAzWBHnvEERhmdk5frqmorcjXtO/wJMAOQhxmURS4mUwUglRTmWObTF6AZvLitzI/5U8OGRowAYWipqg9mAK6RGcTBaHS3dT7dRm4Zu+yaQWYfsBq9lWX99L3MdIYes1qV/SUZzAAUlxmsxn49ISUAG3lE38rN7JqBHfJtOX4vmycul8AzlLQwwAxAUZnBaqylgt9YLhv+Wjzkwg3ZNQM75F05YS+fFhrQKNUZBzd/dwLMAFyqGbhmcCfpfuNtW/dLzg6mK/yPNZ1PAWEGLXYvLxltnPbtVXUZuxqjDQ/MABSSGWR+k8i/P9wU9/weoyfczc6uGcj5j4V+BjPosatZ7G+BGYAiMkOVBEP7Pmpb3LdJNgi+VzTIrhkSmaF3ag2CH13MEALMABSTGTgx6AkHsHBqyFkz9E6NDHhgBgDMEEUMphG/MehGo1BqKFecm1yZQaw3AWYACskMVBhk/pYT8NsUfXkgu2boqqod+4FboiOQHTADUDhmoDtDtpwI2xS7OUrZNYPYrKV9JGvZADMARWMGZvfqvXwE9+qpp3DemuFIpdOJVYtJFZVyG5VOQPGYgVJyrnwUxB8C/QnHybpC0l5enlUdHedO2KiOBgrIDB7bRXIK+ELLfQTctfRjPzhFVE+9HalRkDX2mzckMANQLGagA9FOwwy20MvIN05JxCePvYXdPXm5bhzR4BY2UERm8JOC8ocSXdzRKaKnkx8TOXXP7tzixgRf0bkFKBozkLf+Xzpm+E+ku/3pDLJ/dkqYVCNbOtWiPQbX9zzPd6PvltcimzpVKXMjgxmAgjFDL2WUIRTpwkL0QnpHUwrii2ogxRCVYLV9c+dueYSm4B1iD1WDRm+qSmAGoGDMkHxfIGPJcc6aQSpTV3l1uduKSetEt47eXDFX4++Wc2ro7IYurKWKrvJAIZnBTEjjC+iHkq9mYP4BHenmMtzNVq8dczPUCK6YL3uapvXCu+VGNDWo7V5INdrSxCQaoJjMwDZ7V06Nrjhh/emIGahlmeG8OYZg3FyUK+HyK+Zbv8Pmd8sjKrfCqZYdWi5cGdPrgAIyg3ZCmIEHGkQdoGI0g+x+aU9H0uBwhLV76CWEXschNRidiNXy6XcHZgAu2gzc1DnLszolxWMlQjP01oJhzQ+ddsgNewFGika0D/tCW+3DCEJ1rTnW/LBZ1wUzAMVjBjc9M7jiNokAzRC0oerq5CRUNc3VNNr9Wotv59q+w9GOvg2xe3+0pwbjbtkiFl+N4i82H3qrdqpgBqBozPBPemb4R6Rm6GdcgcbKqd2IxIrFx9T6G4+iETnjLphLty1h4rkLPSIay12M3KMNYAbgipnhkjQDlTntJyx3kijkKawTrPFF1Ltlz42o4bk59rQCMwDwJiJQ/nDm2VboqEmVGK1tdMCPHWVFEVV/G4poJXenkMEMQKGY4e9EILNqBldNLtFqbfRAQsXGpkDDSiSG77g7AWYALskMqIjwtKylqHrAjJrBUhP7NgZdnTx6pZZUsdEN07Aee5F1rDtFFcwAFEYzWKdWOonK7WfUDI2k5mybY944popCEZTiJno75zFVYAZAurTq6H/TEsO/AqujP5z3DO+W1aQBVXsTrJkciO+KbQSvaST7EuvuFBaYASgMM/gnJCf+EXhuZtMMxlHJsOkFmTjkLhhLJ6dpXsNEQw/MABSGGZL6rB7CE3jt8Nl5y/BuL80N0WCCdQpmSMMzdNHUAzMAhWEGOW2zN8GNUrNpBjPNh9Z5JWQKZqgdi2auJQiYASgMMySl+7867uIyd5k0A2Ubj3/eYNunYIbEUMQGZq7ZCTADIF1eh9jfaYjht9AYXCbNYKdygYIJ1omCIJAV9MWOL9fOtU8smAG4NDNoUKuTdFEGgcU+z87t2e8tpwyOcGboJb02GDGTOCHzm8bRgBkA6QIn0Rx3s/nlAYFpu0yawU31iQNmsNTEGkj6TumYQc/1NjaYAZAucXrdUT/bENymYJRBM6Ss6abb1xK/YKHHb3ZPSutNLMEMQLGYgSJw5pFQAw3D9kT+zUyagS5J+sfaVxrdYB6NETt8qhqWSdILj9VNVak/nAZmAIrEDHS4JlMDEYPYoQsjZ5KNy1S148Zu56oRdIHlWzl2+JQf9ozUgu6xRqxw0HTe5smTwAxAkZhBosPTTHAoqPOy4AYF2e9NhO3dlrpuaFu4uu6vm7SF3aEp+7KMdg/CbIOxfkPb1/Xezmo9XV+2u+HfqklgBqBYzMCpQa3FEUNNfOeS0msmzUBzZdQjMGtrkVOLvGPd2tnscs08tpxvS2AGoGjMIFXpYOxEygbe7awrusgnex9Iy2h0YvexV7MPnA9/31ew/AP3wK55sat1GoZVOJMAwAz81OT7wvvCDYYXM9slI16dx4wrlPl+tl235u3Ad13DPtzGFFFQTXfLDZa73ypyTTa24fLRlxvUXNe2C2oSAJiBoxeOcbrf0sJ9OM0ph0uGgmZUpUWNf49Wj25b2L0v7aVhEgDMIFad1zYeeru1XLY2QxyYEBf/17JrhtPCEl8dj64NkwDADMdgJEb0Oj3R7sS3agY7OoTQ1WASAJghkRfCzFy3pS93TtfO0l0/NF2x3PCNmkEOUpxmy9WDEVZt3W0FX9izYBIAmOHIker3glJBi1cFhCOf2EOjFU6LFCsavuvb8bSL2jqsiqryYMM3zbMFMwBXaAb8SDWXCdXGVjDDTWSG4sWZfRMxmHGl1BaVOuV5fxLMAFyxGcidg4xeTLMzU2xVw3fFGayk8k7NzLtZPJgBuFIz4Edq+//snQtX2soChceUqQEVqIiIVgHxAdgCVqEqCCLgQkSltmJrRfu6bVf19J5z2/P/byaJWhRIgCSC7r3aIGNcPLLzZc9kHlMqRi6+ve5v3DuZgXFv1N106vlREywBgQx1wDCqcv068QqrVXO+QZlhSWGaS/0XnwIZoB60AVtbZlTlBLHyFVaj8F2K7htRl1CclWapS+oTIAPURTZQyNq30cBAotGNPkNCQ1B5Wrj33REaQAaoi2wQbA0M0jRJG72TGdh8z0qzVdm0nCsfZIDugw3YxAVLppbk0KypwYjM4FCzaudaV9y5BBmg7rHBagvrU/0x3cmaFpdYQzJDUM1MssNdUZ0AGaCusUHjCRKb1SfWNJoo1YjMsKq8Lq5YnViFJSCQ4Upr6uZmv72+oxYLYueiZf0/obrp4vVdlg5kgHrMBm52n6F1MphGtamXG5AZ1C1yxz6QC5aAQIbrSvjLNsDA6uXveyMzqFvkTudl6UAGqLdsYGqydpPiotAaXGMNyAwgAwQytCzW8GZqS6sa3LjkCsZkBhXdNVjPTpABAhlkqVsBrsGNSw2mUDTi3sSowuhyxoW3o9o0qYIM0P2wwcbjx4n2yODQoh9kIZrX/zNOSZPevkzY6jW1umzy1E7dMH0LyAB1iQ3abWaQGhp6IzOQqesJIFdXVlaGLyX8vHa9NgVGVEEgw9U5o+5ef6MOAJ1WzC1eIzIDa05RWssqaIMlIJDhSu42ekZr2phv3OTR7qX39RezWn2/5IYlIJChm8hgVGa4/sButgCVLIfb7YYlIJDhthydkaHzCG7wIlWwBAQbqFH7Ny3FVaQ7HlRVie7BByADdK/I8FaL4ZZ6ZQZrLANLQCBDm7I4Wp3OqbbTYMdjqvTKDHlK6dZR498XfNaa5+X0rSKQAXrINmBTOrbV1YmtPLHW+evrkxkmA6V05XOgMRpitYvmWQOxm0UgA/SgbSD2D1xbanEctiuxpk2nwaNoVYcPdUQL7GHnkFR2ioHKfiBQLcbKAbqZI5WtU5oqCK+bD2zu7OwRqfSQhtNHUS7no8WDy11ABuhBXyCk9R4frwzb1GLBJq8Yq8lSVbpkhv2wWDHIp6xeWqzmaL7gC5To/tFnscBb3OEKvkqpcELLBam0kN23FnxeWq1shS93ARmgBx4dl0avuvwMJ2xNWh2mbInhq95Co5pM9qZPZihL53U+xXkDabK3RUghUCiRWFkq8Po44R+J+U7JkVRqDceE0j3hz2KBnLwLyAA99EqlyVHbOXBtRdDLq9EFwy9XagYYiBBxaDQFuy6ZIRcWb0zsCRFB+Cl6Qog3cHBKKd3hvEKckMhgTW1ZiVUqzYQZDPZOCcn4cvIuIAP00MkgyOUIrj1WqbWgQ7Np0Q50amcoE3aSnxJviiN7RZYZqtmCtSBkBqFAIsMhw0deKs1ImUHYMRPOybuADBDIIMntWNrYaAKItY2NJYfYndii2Wvqc2+iSvNp72ZWqhV4abmyGaiGM+mdcEYs8HEF3x4tH1SO9qTSWJi1M+RoKXOSjcm7wBIQyHCDEDWDC+TxBboMMLCkWdTXQaw/Q/GIiJmBlGigGPaGKZ0MHImBgEWHorAHTcmlXJGWhFLhrwI5Iu8CS0Agw93JgD6Q+ycc2WctjtZ6YUculfbOxGAJCGToAumVGWraMqgQEPKNqkAWWAICGR5OZqhBQ7lcgSUgkKHN/J0qqjlLy2ktXzQWPYUPQAaom21QoFTFlZWNMOi1zABLQLBB+zqsTk4KD6UULablrTyOQMgSwn9pOAEbYYDMADJAD8YGaVopZGPkiFYrqaK0lccRFHwcEf5Lwwly2X1NBysjM4AMUFfboBy2xnxlspfiyFFZ3srjCKSeP9JwAtZbUENlkBlABqibbcDtsJ4/W9a9Q/ZM3srjCGQyiMMJYppWJpAZQAaou21QoaVKpUS9LC0cTFalrTSOgE12xGoT4nCCmLaZwRqdhA9ABqh7bXDCBi5zqWiBljKHO9JWHkcgQCOd2uGk6MBGGCAzgAzQA7FBxlcWtpZyNpanNFwhV9tAjnCTlDIyiMMJrEVa0hIM0Sh8ADJA3W4D1lU4IzYkyFup6hD7swah7ZzMyAwgAwQb3BYyAywBwQbIDLAEBBuo0WTUii8BloBgA2QGWAKCDRR1Gs3gS4AlINgAmQGWgGADFZkhhi8BloBgA2QGWAKCDZAZYAkINkBmgCUg2EATnUTT+BJgCQg2QGaAJSDYAJkBloBgA2QGWAK6MxuEPCOCFj2he/EdVKMHvUs1j3woQAbojskQGrGbrzRon+99OvRqZuAWXw1eHwr7yCLIAN0VGbiRP7x4acnFHv8OqtGjHnzXnle3jsTgSAhkgO6ADPW4IDqyt9nQi5nBY697JMyvOZABMpoMi/W5ILLB08PfQe9lhpC98ZGYBxkgQ8nAjZibyd677Q29lhm4182PBAcyQMaRwWo3K2ikV2/+7UUrvfR25wcVDsRgCGSAjCJDSBEMzZsbJoZ4gzQ+YbrPmcGj5kCEQAbIGDJwg2Y1alilMIwLPP8XP9QiGnooMyhU6TRBA8gAqbYBZzer0+BI3b8f5g3VzH3NDItKgF44//S1b/fHeidoABkg1TZ4ZVYte727FNOGguGv8Za+Aks+6lXcyWRcdWioUXVIuUa38ONrX1/f777v5xeXtDsAGSDdyDBvbpnBc4oAACAASURBVEV1WiKdxmYGXvPMYBoy8u3Xrw6NKNfofvRd6sex/Fe/QAZILzKobGRo0hLJdzUZ8tGC0i4Txr7/ifaagM1nl2D4/fuTFBa8X0EGSC8yvDa3qlehXiKDiswwZOz7H2qz5fGKDAIavv8vQ0j6ex/IAOlEhpC5dd3oidfzmeGOP4BHZWq7JgPTp//+2u0DGSC9yPDa3I5qbmA2PAOeJJMul2vKrxCu558+d95pZrhTMnCqj4BAhrPzs+81fAAZIH3IwJnb0583MBueAcscCYUEhiSanicDxM85dCMDV+7uzLCovpnnrO88bjavfwIZIP3JsGhuV9exoeEZ8IybErazlqRCvXuaSzzQzMC1cMfYfHYWv755CTJAupLhlbl9jSiTgTHB6UnyQROxrguQME0R0u/k/Ryx2PixfqGOHeQnPCFiSchlEya3xeG6EPKGJ6ENGcrRXNtk0Ls6tNjKfaH42b/yT+eXNYrfuyADpA8ZBjsgw2VsaEIG1/TysoMszHCmgWPi4P2EG+gnkQkyP3tM1hPE4Q9x4wOWY5Lclsv8hEwFj7llft0SvPvMoG91KGRv7es+v/rp312JDLtekAHShQwhc2caUSCDdG4+67cEx8dMpjE/meV5l/WYG+Kd8z8XyPqzmQGn3zLMzfH9UlmCzLEb/g6nyeS8+8yga3VovgMqR84/fe/b/ZUmIAOkCxkWOySDGBuaZYan248ixOEWX8wz7rfM8HzEKjCCPSy7CLFGBDL4uTmnXDZnecTzYx7XI0aIO88MOlaHWg0M9ahs4UAGSB8y/NHF5sVmXP7p70itBW8+v2lQhUvuNJe84J4+H5ob4P3svE9akz/HhHzg8c86h5OWbZEM/JRUlmB7CFWJJDetERn2o6UOyKBXdahhYFB/GOw6VTAhkKGWDD7ZkvFArQVvPr8VG8abX3KnrVMDpP9JghwLJ5Zres7S7yCRJw5iu7DMCufPjN8ywC2MyWUiO1j9forvisygT3WoSWBQfxhABkg/MthrLPl3gPremIs0a3sTpls2s/kjpR/j7HnzXPuoaWZwmqzPI8JrucYFMrDL5ZDzQnhIjs2wBsx+IUgE54UzSSobFsnAJ9kZ2BWZQY/qULMWBvWHYRBkgIwhwxv6z4fDzfib7LcP9OOHrc34t+yLd/Sd8DyuMDxYeRz28rZwSrHaxPa2OMfChPgQDD6Vf+28KhPl8ox1R2bQozo01qzpsYXDADJAxpDhwzvzwj+b8Xg48iVri7ygL74EvkXW2fPmYJgbU9so7yfbqgYjuppccI3NDLpUh5r1b1J/GJAZIIPaGRY+U0pT8YWw7Qtlehc/pHTng/C8eRu5+tt1s67nqnb7eeHUjAwqQoNCZtChOtS4i5P6w4B2BsggMnzJvom/2BQsGfnP/9k7+6emtTyMJ4GOTUlJgHRkKDVc8VJMWds42l+0MlzUkV2r1ro67KjVopWhu8OuwP+/gb7Q0jbnnCQn5JTnmTv3lit3bpPz5JPne17dV1Z5X698K+z/cVDwzAyGHfO1lq9Lb32TgV85NHGHPfpmABkgfmRwBi3580FBf7ZbKO7+ckvd8s9E5fuuXvjroOjVz2BKcV+FHSQz8CyHJnRD0jeDCTJA3MhgDw6kP9xNJA42v6kvE/tujt38pRb/4cZa/fxnz8OrbkRmCL8cGj90Sd8MeZAB4kaGK+smip23UsH9qxNdC4Xuz157Qt6gzBDuBUwavaRrBhtkgPiRIcBay/5pl7EmQ+p5mJkh5AsIMkVak0AGiB8Z/C+cuNxEGpnB/wX4X1ZVBxkgjmRQtICB4eLBuhWhWMnwvPQuxmTwHxtskAHiSAaf+0AOnToRbzLEOzP4jg2aBDJAPMlgBwwMyAyByyFfscEBGSCuZPARGq4eUzUFmeGaL4A9NhgSyADxJQNrT8PoidjxJsOr0ovYk4E9NlggA8SZDKznWsbxwRI9M0iMm8X6nP8IMkBMNqgFCQzIDCFdAMsG84YCMkD8yaDQRlktH98HS/TMINGfYqdqtgQyQPzJkKLsaqgpknhkSK0Jkhkk6pNvg4ABZIBYbEDTAaZZcX+wRM8MtA1hSyADFA0ZpHmDdahSGDKsld6IQwaKnshgYAAZIEYbmOw9j7QPlr43w6KsfnMzA7mkCND5CDJAfmzg8bLSrEAP1l3GKYILoZLho1iZwbuk0PJRWgICGTovq/Fs0JyADxbz7OEbnRnOZU1gQ12RQAYoajK4z9CYWbo18gT9eJMhhMxwDeWQNTq7QTPt6C0BgQzdJGsOvK40I09jRhoyzNG/UeOXGRYYyXY3jAtQnNoApw3TuS5LQCBDLzmYhmHUzDztKyreZPhU+iJs6LHzebcpDDN/zZaAbjwZFKc++KKqO+KTIYTMcC1kQGaAYkMGa3RFtla3QyXD0v3VR/f+LERHhtT7cDIDLdnmwrkA9DNAsSHDpMEyIhsYyNA9G3d5XbjMECkZMDYBxYYMXhNsCIakJ8N6L25nCpGRQbzMgPkMUHzIYHtOytXMcMjw6PKsFlEzQ6cc4kgGpY45kFBsyOD4X0/FQobL4b+9yMiwXfocIhnudcuhOV5kyGPdBBQfMtCcOlGzg5Phcp70fTEzQ/+A62U+ZLCw1hKKERnojqOZWFLQk6F/XOx/noiZGS7Rts6BDKT9GcrtZkuuHunYnwGKhAzU51QZVkAyFFe6z9WWoGMTK5fHXYdPBtIC7MJRS3Z1etje7nevggwQNzLYDHuTjt2lgWHUUn+07P6wshfhTKfHpa/hkSFN7EL1TQbypi1Hck9HPTScgAwQNzIwbWg+buEl2xxIvVIc/uOlrYXlhRldiMxwr0+GpZDJYJL53OiTQW520LDWAhkgXmQwVTbV7GBkuLqOcbU7w2GR0xzInTAzQ2W5C4bVcHsgqc6bGCCDfPh7R5K2D2WQAeJEBpv5eKSR2TZByLCx3H8Lb4gwn2HpUca7HPJDBsqdYQfJ4MaG45OqDDJAvMjAGhnG7P0WgAwbmctlSBmdCxl2SrkQyXBRDhU8yiEfZKDdTd4lQ6PdOLyEwynIAPEig+LrIObhM5L8k2EQDN0BC+HWTejdkczMnD8yKNQHizbkdllVK83B5AAyQHzIkFf9aTA2sJAhu7pwd2aj+8NiZnjx8hIPMsyHnRkmwS2z4YcMDKfWNRrlgcFLkAHiSQZD9SvTBxmy3cdoZc99ija2rm5rsCVeZhgph9jIwHJkndo460146lcUVZAB4kIGW/Wv/lIKWjLopE2kM1zIUCrxI8NwOTTDSgamY27L7f7Hs2oXDGsgA8SFDI4aRN15T5Rk0FeIeyEtxj4z6EPlUDY5Ug4xkMH2H9iK7eahXD3ZlkAGiAsZ6oHI0I0NdGSgAMN5ORE+GXIlJTQy7PXKoawLh7mRDDTDQoa8Fuzm5yVFAhkgPmQw1IA6jw10ZFik2Y893plBXyCXQ7RksIPfek5dTxDIIEmjfvvfZuKPhxefPuwmXhZpYkPMd4jNlebDIcMGTTlESQZyYPj+XfVuBgNkgKIjw8PEL/37buG8lN38ob98SfPuylA8WCsLlIpvZljKkMuhVToykAND8Z+JDhkmNwPIAEVIhn3Xj5VN3f303wdl9dvFJ5IqC7E+ve5raScUMtCVQzRkoOhhePb3g4OLD5ObQQMZIF5ksMbn2IvM8ONZWS08oCGDuuH9YKUZwbAy7XtHU3Q96uqPDhk8mgFkgCLsZ3C9mNg//8dP15l0ZJghHQu5mmbR1lLYmeFxCGSgrYZWKMhANb/p54Hq3QzIDFCkZPie+NUBxF90mUGzY3eU9LDmSR2Q13BGFcUUpy4ZJjcD+hmgKMlwsPlBJRS4V4ctY06Gz7mgmWE5/BNvFYOSDJObAWSA+JFhxJ/7iYOHHz4Ufn5Ti4kfhZcvyxRTnaY+M2ywlUOrOs0FkLohXTKUPZsB8xkgfmQYmQN5kHC1WdndP4dEYrdCMz069plhOyAZ+FwAYejSJUPBsxnyIAPEjQye6yYKRbolVVOfGXhdAN386EnNYIMMEDcyBFlrWVMkEciQ+pJ7H1MyBJoirUkgA8SNDP4XTgxsIo3M4P8C/C+rqoMMEEcy5IMGBleZpB5nMsQ4MwSJDTbIAHEkg799IIdPnbibXIzuuVpKLk9TZvAdGzQJZIA4kiHlZ+/oKydVzfUPi+CvjZXkHnNm+BRrMviLDQ7IAPEkg5/zJkZOt0wnI1R6dsoyg6/YYEggA8SVDMwHTow72jIbGRvSWVYwSG+ImSFNv31EcC0m02P4zBobLJAB4kwGtuEJwxLuJpAzQza5Elk5tLiSzI77Dkybxfqc/wgyQCw2YDoLW8Cb8Cb3kfAbs3Eoh1g2mDcUkAHiTgb6DaQNW8SboMwTn6PZWJRDtKfYqZotgQwQfzJQokHLC3kPUi+ImSE2DDO5gwFkgFhsQIOGuiLoTaDIDLERTU9kIDCADBCLDVIO+1ClMHqRWxPo2xJ7IoOBAWSA2Gzg3Q2pmQLfBJEyA7mkMBQJZICiI4OnIYUtJLqZ4ZVYX9ijpAje1wMyQKw2mGTIui32TRAsM5zLMrghGmSA2G1g1UdqCk10LgiYGS6aojampLOjtwQEMnTer84gHIy6MwU3QcDM0GmK2mBTmM41WQICGXqWtBzTNPOWNSU34V3uubBQsyy3KUzHumZLQCDDFErQzABLQLABMgMsAcEGyAywBAQbXLdSb5EZYAkINkBmgCUg2IBCb3OvcRNgCQg2QGaAJSDYAJkBloBgA2QGWAKCDUIBw2tkBlgCgg2QGWAJCDag0OvcW9wEWAKCDZAZYAkINkBmgCUg2MCPkBlgCQg2GNFzZAZYAoINRoR+BlgCgg3GZYZ3uAmwBAQbIDPAEhBsQFLqFTIDLAHBBsgMsAQEG1AImQGWgGADZAZYAoIN6DLDC9wEWAKCDZAZYAkINiBqDZkBloBgA2QGWAKCDZAZYAkINkBmgCUg2CAkfcy9ERZqOAsbAhmQGYa/tlPT1L4M04ElIJAhRKU+iZgZrJp6VZppwxIQyBCe5ueF44KhjlVdgSUgkCEkfcp9EesL2xO4cJ4b8rAEBDLcyMyg1FUvGQosAYEMYei9UJkhr6ne0mxYAromMthOZ6zMno67IFBmsAyVqGBoABkgfzawzAFzajVH+FlCqW1hMoNiqjQKhAaQAfJhA8UczbI1R3Q0iJIZHFIhUWg3W3L1qBIEDSADxGyDcVy4eEeJzYbt3GfSr8xm08mIlM7OTijhiIVE4agly/KpfNj+dy/JvQcZIO5k8HhlGZbId4GYGWYj48IFG8aiwdSIVcSR3NPRv7r/1QnIAHEmA2GwrCZsb2TqMTEzZJORKusnMLhq9MBwetrshIW1FsgA8SUD0ZqaOb39DOloyZAeLeOoeh77ZHDRcPh7x62TDmWQAQqbDI+Pm3KrebzdAYNG0SVuxbpOn3yhua+E30hGrCv/e0tTGclwrubxSVUGGaCwybDd9Vn193wPDGcka04qKeJQpwfpZ7hWMhDKuGEyNNqNwyE+gAxQyGRo9rzVOt5RLsBQaJJjQz6mdbqXdmKdGRxNpSdDu6yqlSbIAHEkQ/XSXUe3LozXlincadgxrNPFzQxKTaVXo1G+HLwEGSDuZJCrZ67lzg5lKn+aStzqdFIHpP/MsPD06e3bt++sEzJMfvVvGV/fnyEwqGq50Sv32r2K4rQKMkAcySC3mu2j1ikdGcb0RMaaDEEywyNFsm03JT3x/Dpz0rqy5OP7Uw1VDqjd/3TWbb3qGsgAhU6G1tFxozXUnUVr0ZoiEhmUXM4vGbaUO+7f/0w9JZQ3d5Un7N8/r6m+VWw3D+XqybYEMkBhk6H1231o1pp+yHB1vvTUZoYt5ZwJGetp8v6sNF9xITF7R5JuZZLripTSk8u3JMm6n8xatpR60v132dn/s3f2T2ljaxyP0YwE0KDAyIKWRRSQtGTIaH6p0Lmhy6yybtcVdwdn9woqcqfttHbv3f//npOApJa8v524z3fQmJjpPMXDJ9/nPOflu3h66yPyG8XXRvHbNQwL0joqTgMZQJ6TQR1Ye3TthAxPeiJDy9OtyY1n2No9PExT/B69krii0rEyRSdWKaFAVfevqNZrKl2u0/lE/Io6PpleK1PUi4Mr+jDWih8YxG9sGB4E43P1T+B1kwABGZCuj9Tj0byn+8bOE0tbwAwpTw/CM6j5yMvV+EE+t7KSK1P7sdjW+hW9FstWP/FU6+VeIluOb9KV2Kp67TVVwXXVdHZlRZd2ZoZBqgmG50AGkH9k+Dw9VqX+tDvrhrPnZue2IZw83YZnoJ17hu2TZYFKf6fcV8yX43uxmLCOGIEPh1sIOwIiQ5muZKfXKvHlWCxX3FrGhNCRWQ/DKdPh2H6D6XLsiGFGknL+LZuBDCAfyDATenpxH87wtH/BbqL7OJUijDw9IM+AybZLH3+kt1+tVRKxMv7cH68ff8ohf1As72c3j+MnChliL9Rrr/EdKJU4pnf1/tWcWddjvzORWsxo2JUnHXHADPD5gtuADCD/yEC76gSb2oYQ8nQ7+vfOv1z1QO6uv0hQqxuvqSsU/9ZuJb6apoSNNMV9jO+jMPfK8QTN56bXFHbgNOqFvucxG98kNQT2rsMJIjOqTYSWhM/BM4ACJUPRdQd5GHl6sJ4hu7L+SkC3beURGXACtpb9iA7HuT0MxlVkJA6qKGD12qZChtgx/o/qx288xIlvcOwdgzW4ZJjeEJ9DPwMoUDJk3NbOsG0IOk8PzDNoO1NPUOQ4mzg5wad7BeVwcLA9/XX28ZqirWLOsJ+EThmSQWDHsiRJA3HID0q3fAN6IEHhkUGUJTtFM41tCDhPD84zfKMydWJpzteWAdem8Rt0QwqdidRnvkhj5rbD8fKtsLCfIQNkAPlHBs2jSyxJdopmmodXPuA83ea78MfOkVdk2N96Zem2Tx+zprUVg9JllxngdKI2EXoM0+aU829UBTKAgiLDQ40p9ZWimVozMyqaabUcdJ4elmfwdgynvm3g8ZfCY56fnT9VHcgACogMyMEOL2Wp35kMlZqZZFg00zbk3aDz9JA8g8eju90MkU5SQAZQQGQYDlj+i4yLZGrNTLwzKJpplMiFkKc/A89AuZlWdQFkAAVFBv6WQWmtxDe4ac1MMiiaacZJh5On2/AMb4glg3PbUAcygAKqTZTuOn1JlBEZBLVmxrUMimaasuWznWsZSPzObEOSAjKAgiLDuMFz7Q4vdCZqzaw1MiiaaWpnZJMh/ufOrySTwZltaAIZQH6SoagdzyB2GOa2NsRFMqVmxhoVzTTDo6PvGVYD1IL47duGFAVkAPlJhifzJgRpVjRTa2YGRTPNYBvCyWDBM4RMBvu2oQhkAPlKBirlbmB0FMhAvmegbC4Wy2YoIAPIXzJU3U2mioZn+J18MthaYD5FAxlAPpOh7tYwkPLJirhnoKzvYscm6xSQAeQzGahzl4aBfDL8vPNbJMhgdedbN2AAMoCsNoOiS8NAPhnodToaZLDWE+kKDEAGkOVmkHJnGMAzeBq/aU+kOzAAGUCWm0E96cowgGfwNn6TlMJF5yOQAWSvGdha12nRdtiEk+GHne8jRAbDlCJZDaZJgIAMNvOJhXthg2fwOP6izl/kgqaADKDgyEBbRUOyGY1PlseegTtZtqMC5z7+4vmCRfzrwTUJEJDBRleD3iPruXuGDZsjsXa9iJ9unmv+KqlMM9gmAQIyWEVDshgZN/7UM/zojgy2B2l6FX+9Wk0hZaohNAkQkMGk1+vJhlT/QM8QChnAM4BIIANFXxiC4bwerTxdq1+88AxWuZXwhgzQzwAihAyGY2xSxejl6R57hkDJALUJEEFkoOhM0k5FIgJ5+swzvI0UGWA8A4gsMixmw7l5gks4GTz1DOmD7cO9fR/JYJLWwRhIUDhJZTGjeWIlz5tWGiKBebpfnmFvutF9wq/4qzBvAkQkGfBTq5pJpVLnmarVNkg4GTz0DI8bZ+X8ib8Icy1BZJKBbl5oa2UXzeiTIf7OO88w34ur7EP8sD4DiFAyOKyVEZWn++oZ5nv7FryPvwlrOoGIJINurazuHRl8z9MX6N3OT17FvzbfRsvr+O0sHw3rQIKCI4NRn3iGjkie7rdn2HskQ9rj+DOwdjSISDIYL09qXEcnJU/33zO0Znv7bntLNthvAkQoGZqmBrZIfJ4egGdYTR/irXjzJ572k9AZ2wvupYAMIP/IcPT5Zun+5vMba8s66Q/NJSJP19dP3nkGZRZIi//61+mXG7mNZc5x/EUnW97CvpYg38jw5npJ0dlfW7P29rejlIKEPD0gz7Bgutg0Q8omnMVvMuYR9sIGBU6Gm6Wp7j9MN67kbxys9UZCnm7iGd75R4ZKdsa6bMVJ/M0k60x1IAPIJzKcLT3qWt3f9sOSaac4TWCeHqJnmIMBoYGzHT99zjrVBZAB5D8Zls7+llAu8Z8lRys7hZynmyj+1j/PoAVDLLZsN37HhsF5OgFkANkiw9L9zYf39/9bstAkz2mi8vRgPQNX2N7YXa5MzwpP5oimbcVfd7EPueN0AsgAskCG+/efr++1fFiy9LRqEpSnW9DbnV+8IsPJNNp8AQWb2H06e3zZTvzVpCswsFUgA8gnMtz/hR6ob8/sksH2vpb+5enBegbObHGqrPX4XRoGx+MggQwgczL8F7dQVri2TYYnBczQ8vRgPUMlb7rkzKbV+E0MgyhLX50/CPglNiTXg52ADCDTZnB9RCljnPj3jxnFjaPNqkLK0y3LG8+QzpovRrVtLX5TwzAsfUUGqSagFysMWCADyH8yfMbf8LNL6k8zihvOkZsNJ0+3nEz86I1n2LSy7LWl+LWGYdi+ZNpDdOjWhoMG022x7JdardsWuxI7RF8Dmelyp0wHvbjhpaTeMuzdMnIfyADyhwxKuqu2T+7D2f3S2XvB2abYYeTpIdUmPFl5RptJiOiTftqQ0GHUZ0bDHv7xrt9o95FrEEvSEF2Tu/3OBL0ksSTObumK3TYNZAD5RoaqF51gIeTpdvTjzg/uybBhUXkL8WvHN4k4S6iJYo1jx20W/TjAh4EsqmQYy8g6fJEaAnqh8+kt+G6xBGQA+UeGc3f946ptCDxPD8EzeLv29XyIEyYA3xiIHZ4d37L4x/EIX52R4VQZtd7g0AuTQb0Fd0UCGUB+kiHpRe0s6Dzd3psQ/96tZ8h5v5PO4/bjGAl8R8TFiHEXfew7g3EPk6HfmHoGlm3dCg2BVz2Degu+G8gA8pMMxmWzr8tkurbhua8dXdles6NtS7vvTbshReZOGnUkbBH6zIAfdQR0EHptkZlwclsS0bXTttCZcEo/w0C9RTUUQAaQb2SgdcmglM2+LpPp2oag83Sb74Jrz+CtZvGrpUuxJjM1USXxHcPU+iw7ZhimLd2ib20JX+sM2S4zQC90k3qL4hlkIAPINzIUcc2yjZsax96N2GlNrN2tTUqS0LsdXopKfUyppI26eqWLSv5571HlDxlU24A+5PO3lRc0B57Xniiv+S0wbwLkOxnY0xE7YvqsPJnXxEZ9mZd7SpkM18fUSlpNd7RDIvA83Y5+2/mZTDJg22AlYYO5lqBQyDCRpR4zFmqctiZW6yldYGp9TMK9Yn1dMmyHkac/A8+AbQPfh/UZQIT2M7RqYumu96U9K5vh7nIRpbe4M1ytj0mXuJKmQ4ZUPcRPVrQ9A+ViZhWs6QTyvTbR63W5GnPHamtijZZ8ickgq8Wzri4ZMuF+sqxofZ1cMjidjQ3rQIJ8JYPSKu8QFeTacFY2U2piMj57HHAjMg/D0iIyKEOdCCfD7zt/kkwGZ7YB1o4G+UoGZQzkkOmzo3nZTK2JSextQ5RnPw+YWndBX5m6LCR4Bpfx27cNKQrIAPKTDE/mTfA6hcnJCH2VJJ01IaPuGdZiieDC34ytfRsB7FEFIowMdWsNscW0uyjl0FlHOuqeoRDLbwYGhnyssCiGJuxrCSKJDFYnTrQeHoa6i0gTToZfzTzDylosQK2tLAzCzgLzsBc2yHcyZJzOpKKpqJDB1DNQK4XA2LBWWNGLwvIudsk6BWQA+UyGurMBeEWy8nQjxd+YeQZSZHHnWzdgADKArDaDC5eGgZA83QgNpp6BGFnpiXQFBiADyGozqLs0DKTk6fp6s/NHdP5kpj2R7sAAZABZbgZ2exoypObpzvsZIpRSuOh8BDKAbDUD2la9LFWP3LtwFCXPYJxSJP/P3rk/pa3EUXyN7sjLoAUGrooRUYnQwoURfhFkEHQQFS1SGRzrsw+n06m91v9/7iakqCiSkIAEz5mphE2mj3D49Ox3N7uhvlgCAhk09iccbjPeBlNlBklCGzYccgRkgPpGBhIf4sAgZ4ZT0/2dhY/PUDncP0tAIIMkdWvLO+ImvQ2mywxyJy/+8UE3b9Id768lIJBBklv7UKV5lDNhZlDoIAhuprjwCpaAQAZVHYpJwby3wZSZ4dUt0XIPb8+kbcwu/9RwD9+WDcIO9Xtfmw0Mfj+soJMM2eauyNc/nmHDH9zY4bUBdziEHQlkBmPIULscudfeba7ldGUPN3aYbdB2rCxs7rvAITPoIwP3CAwjI9/+ZFsiwzVu7HDbQDjs0VgZMoOpM8PeyN0jNNydPepR1K6RGYbeBlz88OFY2WF8GG4DMoNuMrTo7vIBGrizEZVkSObwAZi5U8kJcbfbHRKEYbkNyAxGk2Hk7vq2efbmmzoyFKOU5oukGGj7ccyvywWtgyw+p4Ekw9Dp1A806LGE7SkZHhQbbq9H7tSQIRktZysnYjJZaHvJkbyLLy8m8TmBDMgMpswMLDXc7d1UCMkxMIyoygw1WmQfxUmt9i9H9kXxc6m4dUrXWVsxQEuMMqyttCOR4RONZg9EulEgjevACZChZ5kB/VvDM4Oky8szedRCVWYgW7S0WZNAwBXp2PKXcAAAC6dJREFUZjEgFmhpnrGgQj/XSuu83CaToZjfL9D92pXSJqJvATIgMwxwZrg+O7v81gYRqsjAHexQ+omfD3DlLfb9FwvsO8/ebEaz2Xl6VGZUKMh1Bj6arO2S5MG6ch3IADL0LDMgkOrODGes65C8vbx7Dgzq6gxHrO9xQHcZDP49IWReLER5mQxUUqEstcl1hlw0y5+yph3lOpABZEBmGNjM8KMBV/7mutvMsBmVPoatspQZSnJmYAlBerPO8/xuVs4HChmSm/kiX1xXrgMZQIYe6QSZQW9muKz8fVPb6y4z2Cq0NF/7TIvs6z9PD442xEJAJkOR7vNlWinQ3eSWXGdIRvfL0Vx2J5prXFcpH+FzAxmQGR72zAfkKey9b/ezF0j2rMs6QyFAqXggT1rYpWIpWpQyA/vFuhPiPiFluQMh/atLdDNKqV+sNa5LRgvwMMjQm8xgwkA6SCu3XP94+BdL/mktRD6Y9vRyqUHJbvsnHNkPNB/Ty2Xlw1wz2eXYpfzT6yCQ4c1nhsFa7W3vcZzP/XhcbPh2o/HLW6HrLBcYdx0EMryNzDBoK8SetTbMP3z48vpGM3krBwdHRl4HgQxvIDOYYVX52k2TDZe3BHkfZDClPvsrJqovHJphJxqOq92c7V2P7F3eVGAwkAGZoecKYfc6CGToW2Ywy7KmAna8hUAGZIbWiK5ui1FdaIAlINhAka1sjswQV7vBqB40wBIQbND8v5jvULYbhL28w5Math3mYAkIZNCtsv/lQfGxvnFBZsOzaHBr2pHcDUtAIEPPM8OMpa+a0RcYZAmwBAQy9DozTPSXDBNPyOW2atUkLAGBDL3ODJY+q+WPFxxW7YrDEhDIoFOb/vnBJUOHOY9txydgCQhkGOLMEHdYu1MYloBAhmHNDNxHa7c6hCUgkOGVMsNUOu31eueCHcYaQrMfPF2RoevA0H13ApaAYIP7zFDsjgyrHAmHWWxfe/GLbidBztUFGTQPVRrRnYAlINhAd2Z4z82xn0u2dIdhyAVuTTsZQg5dYLCGYAkIZNClg24zw3tOYoJHSFtWxgifYZAYmyNk3GMJcsTmtPjGCRFWLDNCmNjWlLaZsX9sLu9PljeEtZfIoDMwdD0PEpaAYAMDMoN3YXXVRSKL3Jj9mLgsQcLZx0lshoSWjklmjbiCYW7abjsm6W2lLUjI3Moxt2rJ2FZeIEOHwPCbBsT1aFU+DAQCWynDJjvBEhBscJ8ZCt2SoUGW9+O2lWnf2JgvSJYsFi9/zE1YPKFfEZJ5v2j3BG3vuGXLeKNtjSxL859dnrGxtlXJzoEhU69WA9GYdLhzUa1WrSADBDIMVGaY3R6NEdc/8nXCdNC2aLHEeMYI6WXVSwgfY2QIcssepW3ZNmqx+ATvqESINlJVYaiK59JLJFrPxAwcnIAlINjAgMwgVSAXuPRPbvbDxLLdEpS+92k+/cvH8oEQXPK8S9u2ZTJY5hpta9IVrCuR5hba/a4+NWBIbVzIr+fSpo+/n70EloBAhtfKDFIFcoGfs5PxqTVybAkS78KybdxFYlMu4vxpW2IMWAza7FzEp7TJ7JCGO+faj02omd9UF50NMkQTqa9iBpkBAhkM175/V09m8IzxH2LsMu80IwNTaMLzk72kfYvSlIJxFiRWQsSltL2TyWBJSwWJ9hXIzlOcSqX740i+jjoDBDIMTmZ4OOlpe5H9ZIlge1t6uzgjv6yszCqnPc02WV7B9+J8Bq5DDTIS+N44+P7Jao2JCZABAhkGJzM8UZBsq1qbxftC/VGZ6fRyGTIjdSBSX8+tVVqPXOUjmM8AgQwDmRkaWvJ+UHXZr5+ejnMgXxy6TEhlBrkXcUFpPoE5kBDIYDwYdg3LDMY+a6lufnQkhucmIJBhsDODwU9h65kijWctIZBBp3b9+4NJBj2PVWF9BghkGNbMoCc2YE0nCGQY3szQdWzAOpAQyDDMmaHb2IC1oyGQQa8KHTPDeB/1hAzdxIZJWAICGXqfGV6ZDNijCgIZXiUzHAw4GbQuFot9LSGQ4S1kBqJtgXnshQ2BDG8kMxANu9g5wrAEBDIYIDNkBqJ651s9YIAlINjgr2xFc2QGoq4SqQsMsAQEG5irzqCoYyVSHxhgCQg2aKro3zQNGQjv7lXxEZaAYAPTZoaXuxSOECwBgQxG1RnmzZQZJAlt2HDIwRIQyDAwmcG5PapFM069ZGBseDq7weEOwxIQyGCgjnRmhimNT0wt6CcDw1n844Ni5KQ7DktAIIPRmYHXRQbND1MaQQa54hAKTTK5Q7AEBDIMXmZ4FTIgM0Aggwkyg9r6ot0YMqDOAIEMvZat5i+biwwYm4BABmSGJ9UFzGeAQIZ+yMjM4FqZXV1c6iEZuEPMgYRABrNlhkVlo3t7r8gQwnMTEMjQJ1X8nw0iQ3ODa19vyCDgWUsIZDBhZli43/u2B2TA+gwQyGDOzDB9v9218WSIY00nCGToqwzLDBP3210bTQYty0djHUgIZDBAWcMyw2KTDC6DyeDG2tEQyGDazJDxKWCYNbYCif0mIJCh77Il/ScGkWHctephb6a3DZ3PoLLyiD2qIJBhQDODvFpDJvL4tOv9lG9q1Nk1GQQH9rWEQIZXkIGZ4ZllXZSRTI+9OzJ0mPOIvbAhkMEcmeGxlj1/a5Ke5W7IEHdYu1MYloBABn11hpz/tFdkuAcDQ4NTMxm0bFnX+twlLAGBDIOaGR6CwWIZ1UqGrgND990JWAKCDf7KwMzgnJmdWhhdVt7NtKzl5NJEBs1DlUZ0J2AJCDYwPjNsKxlheobBwb7QusrbqBYyhBy6wGANwRIQyKAPDAZlBmenRaQ96smgMzB0PQ8SloBgA4Mzw/J0x6Vh36klw8uBIbGR6tVkJ1gCgg2a8vsNIIPL03nR6Fl1ZOgUGBIBkAECGUySGd6p2Z5KFRmeDwzn61vieTVKt5wyGRpHv0UaqFqtF5Re/G3SNzgBS0CwQVOnfs6IOoNRK8Q+35NI0K2LBL0439pIMTJk5KMq/e/800bqez5Rp/VG032agCUgkOHVM8OUSk2rIMPz85sSotP6Je+MJWiCkaFxVK9bI/9tpL6I32MZpSmBzACBDIZlBl4vGYzdo+q5KU6JfMT6hUqqS2RoHF2xH+up1CdKd86VJtQZIJBhMDKDz/gdb7nJZwckvm6kUqm6k5GhcfQ1X02x9sx5pB64Uk6CDBDIYFhmyOkhw/LshBbNOtXMdHpShpTLjvS/1FeaYYeNo4toxLmej1zknZGNK+Uk5jNAIMNgZAZj9XcOZOvQpTyJgfUYxO/yoXx0nqf0SjyP7bA+hVM5iTmQEMhgjGwn/uTgkeH56U6R2OOjWGMsIhJ5fBLPTUD/t3c/LQ3CARiAx/AgNWMMT5OwW7Cbn6BLQYfoL9Sp7/81ahE05qa2n4puz3PdReTd25tM1QxHuhkmYT+Rdq8lmiHUQDfDJOS2Ks9nQDMc62YImQ2e6YRmCN8MN0NthkNng+dAohmOeTMcOhs8OxrNEOzz8nXAzXDIbJiLBJqhhc1QeUdVEp/3VwyLOCkfgXdUoRmGtxmyeLnorRiWcbbrGArvtUQzDGwzREncoyTaeRD/ecC8d2GjGdrZDB+Vn0dZb92QZNG+o2j8FrvZSiTQDN1vhqFo+ObbkGIQCcTgz2PNZhiMJlcig4pBJBCD0W2GtdorkWHFIBKIweZmeB9Pi6VdXXwUCcRgtJuh+l+K2bVIoBlaczeizbCW7+mGt6lIoBlOdTP8dEP51w2zdCUSaIZ2N8PV6I55WrxsXIycp4VIoBlOfjP8tkOep9+KXCTQDJ1shnsnQSQQg+2/vSPdDCKBGHTo7NlmEAnEoOTCZhAJxKDEZhAJxMBmEAnEoNlmuHUSRAIxsBlEAjGo9WQziARiYDOIBGJgM4gEYmAziARi0NpmeHASRAIxsBlEgqoYwBbfCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATt0XR/M0v/tJpNoAAAAASUVORK5CYII=" alt="Signed tags"></p> <p>Publishers can choose to sign a specific tag or not. As a result, the content of an unsigned tag and that of a signed tag with the same name may not match. For example, a publisher can push a tagged image <code class="language-plaintext highlighter-rouge">someimage:latest</code> and sign it. Later, the same publisher can push an unsigned <code class="language-plaintext highlighter-rouge">someimage:latest</code> image. This second push replaces the last unsigned tag <code class="language-plaintext highlighter-rouge">latest</code> but does not affect the signed <code class="language-plaintext highlighter-rouge">latest</code> version. The ability to choose which tags they can sign, allows publishers to iterate over the unsigned version of an image before officially signing it.</p> <p>Image consumers can enable DCT to ensure that images they use were signed. If a consumer enables DCT, they can only pull, run, or build with trusted images. Enabling DCT is a bit like applying a “filter” to your registry. Consumers “see” only signed image tags and the less desirable, unsigned image tags are “invisible” to them.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3UAAAIsCAMAAABiJnCZAAABjFBMVEX///9AQEC/v784dh3x9Pg5ZqAAAAALU5TO3erP4vOeu9U8darC1ORIfq/9/f6ioqL0+Pz+///m7fRsmL/h4uHT5fTp8fnB0eLO2uhQhLLc6vf4+/33+Pfa4+5UhrTu7u4XXJrN4PEpaaKVrcy0xtucss8iIyQxbqWqxNqjvtfv9vvG2Ofb29tmk7yTs9B/pcdhkLqZuNONrcxqjLdFb6a4y97f39/l5eSxwtGGqsoUFRXp6unx8vHe6PFbi7dqlr719fVcgbHY5/X7+/vd3d11nsODoMTj7/hnibZ0lL3K3OxFcKYgYp0uLi7X19ervtcnKStkZWZLTE0bHB00NzlekU1xnmhDe61MgbG0tLQSWJd+m8FQeKvT09Nsbm/JyclSeazNzc26urqIiIinp6deg7Kks8Curq6IlaCWlpZVW2DV4e1NhTiKpMesvch4eXqhttJ1f4nExMRBfCibqbYMDAxWV1ikwquJr4egvZKzzszW49GAjJaToa2qqqqCqXQKU5TA07cKU5MLUpSoIwu0AAAgAElEQVR42uyd608a2xqHsZnLDlbde2zCNAfUAHKJchugBktRghAIVtQ2UUG3Wmp2PDtGY1I/Nkb/8bPWGlBQQS4zw2H5e0zf4ugXhnl811rvuthswFwUbaoTaypuDwAmSLcmd2IyuIb7A4C10vn3cYMAsFI6u1+GdQBYLB2sA8Bw6UKdnLvbo9LBOgAsk07WpYN1AFgtHawDwGrpYB0AVksH6wAwECH8sRP5B+lgHQAG8sXeEUdGhnUAGE+wY/tSjuzBOgBGZt1H3CgArLWuGnsfbCHwBfcNgGGsC+1TsfKTTDQ2fhLebLeuGom22riQ0nDfADDVumok0y5dZg73DZiAS1Uri15VVWDdc+lkWAcMN65SKotNTgpe4Q1ad/tg3QvSwTpgMN64+JSCyrN1+Vg+n/fHNBKrgVgqlZLfazTq1i28IB2sA8Y6d6KLligWa55Ssdjw7kzl1zr3JMFPw2TVTZHdfhqZdbplT6SDdcBAFD3Pla5UoYnDk9XzncCrdd0qB8+km5NhHTCURZblPC6hHbVGr5ddb8+6DtLBOmAYBSqXRxGe42ItTe9bs26/Tbr7zaZ0sA4YhECly6rCyyQT5Kcal9bN7j2OXqbcNMYWmFupZGSyhalwUzpYBwzijGhVEzriyvKZ7bpYZ//3cQ6Y1+tdismwDhiK1l06QVBKXGrXwbp7al3Letfb29uPUVgHDMVLlLoQuqLQbOfi0rrbpnWav1qtyrFNGtuso+sOYB0wFKUsiiVBeF27M/6sSyXtdrs7ECBRTrL4R5BG2b4mZ1gezPhhHTCeuChmldesE1SS7CrcWVd9pH0Mk1jX2vqEdcBQqE4O4XU8olhWeLOuI7AOmJzqakIvkDbmIqyDdWB4HHSYpCfrKiTZCZxZF2VmRZlZETaGGVloWhdJRaNRdzBCIqwDhlLoNdUJwiFv1YNu9bo12b9PcNOwD+uAoZRFUe3RuitRjL8h61A5AOY1MA97lE5wkcaowJ11dy3W3cM6YE0D86JX6+h4ioMv61KpUCjkDkRIlJOpfD4vL0VopNY1Vpi7YR0wmJPeygY6F5xNgg629d3YNOdGfLQuBeuAwSi00dgzSVE84cu6bpUDWAfMwSuKxd6tE4ijCqwDYChKoujpw7oiX7WD7mOY+h5Gem8P1gHj6KNu0KgdlLi07p5Zd9dmnb6Hkd7Pg3XAMFyimOhDOjoFusxxrrtD5QCYzl+VHtb4tJHgapVdhxbmrW5dlPXroujXAWOJi+JVX9bVuJoBHZRTAU3T3AE7ic/W12E0BZhCzzOfW2ZAx3mybvMRfa1dI+rW3cM6YDhqH9PBeJwU1lI5qL5YObiDdcBoFntfb8DlpLD2et0CG0dZeLAuRmeLVZN5OlsM1gGjOBPFSp/WcTUpLNjou2nuxzO0gg/WTdF5YlWs9AGGIvTdreNsUhi17u6ZdfeoHADzcIhiVugXniaFdc91sA6YgNbPKh8eJ4UFZW3O7/dX7VMkyoGPe3t7cnKPRraDQ8vZrbAOGNetO/T00cRUHB520kiJH+tSsUgkUrVrJMpaZHZ2VtZmaYR1wCT0A+tqPa6vc2Qfjm8d+3f+578BQjLcdc0BrANmjKZoCWbR4ZXSwxTMROMg11Jl7At2f2rMH3+kq3XaHq2dx/w0wjpgHM2DyF/t37GDDrIFLw8jKQ3pXrMuEAyHw3IyRiOsA0biKrAk9tp0zBI/p4s0paPW7bNW5BRrRc7SAnl1FmOYwIqGpvdEfKVczk7SqnAmHbWute/G1vhUUTkAFnmX7d7IZM3LAm/SvWYdRlOA+doVOxURHIdcSif7U7AOjFI7OqqSeHELFaVG+32crKr7zx/hRxwxOZDPZDJyMkTj+/za2lp1iYQ1WAcsYfHlGoKrRgdbErysM1DymejDlxaTM3PkSybOkThFaURYByxBPWHluFrlsaGpXpVYXSHOzczLL+7WIZLw48njL1UOArFYTF4K0gjrgDl4y425J4fFksfjKRYbdXHxjJ+tUjpY92K9boHSiLAOmJHpCk3nXuKkIvBinb6+wF593TpUDoC5zsWb0708+gTnh28vmrMvNYEX625brEO9DoxqiKHAvMpeNTakdTiuSAuz4tC/VZIXrKlZrnBindxm3R2z7hbWAWv7c68uPVAqh5z07764w37aTwtukqhbd/80193BOmA2LNFduHpZ51NWx9+6JJvTvETnNBPrWtcVBCbpClevn65whXXARIQzOmjZyxI7j8jBXMynY5hBff/ZGI3BFF3hGozQFa6wDpgsnUfp7ZADmu68fFmHMUxgPWdiH5vzKeOvHawD/xd9uj52xKTalV3jbV0mw9bS7enW+VnlwK/P+mKjKR9hHTCVitjnNrRUuxOBI+tQrwNWd+rKfe+4ro758oPu1t3BOmBB+/JQ6XM7zKvx3oWWWDfrJkSiJISYdbfIdcA6aN5yDLILbWmsrQukUqn9SJDEaFgOhvb3p+RAhp5l4KCr7KrvM3StHawDpqW6Wt/SCY6xTnZPxzDX2Ik9eRbnKI0I64A5vbqBUh07S2uRG+tQOQCWUhnkbBH9uNYTbkZTYB2wlJP+D6/TSYzxwZHEujlYB0aFQs86HojaGDcxkevAKHGIYnEw60gTMz7G1oU2Cfk5EjKwDljLQIfXNSvl5TG2LhkOh/cjARJhHbCYuCgmB7OOduxcY2sdxjDB6KBltwGtK4qiCusAGMQ6YXDrKrAOgH4RhrDOM76DmLAOjBBVFA9hHawDFltXHMI67e1aN4uHB4zGuvibtc6/hIcHDIhrwLnPjQXlb7aF6X+PZwcMDN1j3TOIdPQMyYTyRq2DdGAY2IZfh1eufqeDsWMQxnajsCGtg3RgOAT93JCsp+eGplopsRMPEuO7O99w1kE6MDSV5gF12ZKn4uiS9RSHw3PxcNZPYYw3CRvKOkgHjEh33njbMXXZYrFY87RwQS4U20+yWxzrc1uHsQ6jl8Co7p23cCL2SKJUGfdTfYawDtIBQ1OeWtHi8UQX37LxwqLKw+HkvVsXemIdpAPG8lcj76mExTYc5IqLo3c6sHURSAfAgA3qSOiRmDfUkSV727dBF+4dAAAAAEDvOL9KkvRrZhp3AgDLrPMdLy8fSAdv7X2vO/HZg9FZlyZxp2472pZ25m2fdndWN84l6XzadkwufLZ9+m9dmjji7E1Pz5AEf7mOTx+MyrrPudzR6o8V6XxlZyK3LO2cH3xbPpaOl6XzjRsfufD31s4uZw3Qy2/H6Y3vuzl8/GB0/TppN/3bN5/ekjaWV+dtv1d/pFdyM0S19dVjemH5K1/WLUtbJH66dDbz+e6ldHO0K9Vz9NXuJ9vBqvT9tJnmL3/abFs3MBQYmeuuj06XbbbfVD6S4XxOW+5Skm5WftbJD7fJhRx31h37ck39mvn86Lt0cCBtkVcrf/tOpR8rlxPNNP+b/Hb9Ek8KMLpfZ7PNTORyuev55Ylp28oH5/HX+syOPtRCLvBm3UyzxdySz3/e2KYnyKs0uXB9bVs/mJhupPnP0obTd4QnBRhp3Tz7/0j6kZuRPlPBzn3zzon6qXTtPP+Wphd4s25rlf6lmT5df8jnTht9eXNM36lz+7pOG93TzTS/M3PkQwMTmGCd7R9J+vXORlNb+oY8c+SvvyStnrIL9B9PfJDekXgqbbTk8xndOuKf03f+7Si3RXJdI82/+75zjgcFmONf+sGt9XV2YZ3Xt1r/9WP+eHVnuiWfN6yTfubOfTM+5/yub72Z5te3pQ08HgAMR67eqNc95vNGC3P1u7S69cknSfVfHx7SfB01BgAM8C6tz015ks+JZGxwKd2q2fTNb9wwAMxia/t5VjuSvqVxZwAwi/UXKgTpf/7H3hn8NAo9cRwNkN+pZIn5wUHiAfDkSWhNrCYlNU1Jo6yuF9Naq7Ux/W0aGxM97t/+e/OglVqgIA+0dua03W3fAnkfvvPmzcw7wgeDhoaGhoaGhoaGhoaGhoaGhoaWzva3Nt2uf19voYVsH6ko2sTtTbebx5tttJCJSEXh1G38E7iV7nEa4JTAR1yqndT2cBrglMBHXLLW3eE0wCmBjxi1DqcEPuIfbReodTgl8BGj1uGUwEf8w+1AesFpgFMCH3HJWlfHaYBTAh9xqXaGWodTAh9xydZArcMpgY+4ZNuRtnEa4JT44kf865l2ShfP+3ERdfKNt8V2ls1/DdQ6pA7t84+4L84sTgQuxa2FFjx3+8frG30/kh5wGiB134C68dPT45X4ga13e5CeKosUHqPWIXVouaj7Aww1f4ugYLeX5+d92qj49n/n1zcv/X6DexyOK1xjfH1+fvlA8BsTWbwcD/v/xudXB8N+/4RM5X5/uCY91VHrkLpvQR09KuNWFPcb3M3c13wI3E6C4qV41dy99j9KIHXErn/TjxdkVfhCfE5RHK6N1mGbPKTuO3iYW1dXxyKAc7Ivvj4+AX8NQtXz3Ralri9eVS7IPx+9HAOZj+SrfelcFF8vt5oE1meOI+xdrMkTqKPWIXXfgjrfnpsgcBI9//GOUNavcCe/Q9Rdj2+3j5qBTwontN5yu1zzWvxzQhDdWpdG/ruodUjdt6BuCOT1Ocrb+TmceHx/IIpj3/30qasfUzIvz4K/JNT5J2ZIBNF7UXxclyewJ90wHlFVZYajyaqK1G1INAXWc4+zU46JjT9Sx+34+3rH9Tl1/ibeERHJoXi8NgLCVOtkbyRQ67QUPvdovNLq+MNZnozU/fRoyh5dmb2eAXWEvbOXWoNQ99bk6vsz6k4uHo7uxtc0dhJ4mP4pwRUaXLlcm1Mh96QnVkNplhCyjpmPO97shIezZKTux1PXIH7lVXNHFP/c1glb97Buu3zan0dTxsQPbcKpbffwi9enmxl13HbSBvv3syYrreNbAR9O2w64U3IMpwTM2W0nGLfFI3U/nDqOrM3EG27oO5hEurbfdw7oui74CFGTob9zEJyECNHO/fU5KeqEkdZp1Ld0PZkHUyc9Csqnh6MI9yYqHU32XPg4kpG6H0pd5Vn8A9SBmgXbAuKwwcEuuXi8TZGkeZhn1JN8Brx2iAS+Xc+TM8frs1lHtW6HCXQgTW2NfzcPuLM+p088+Ko9LzSa1gbx1JC6H6p1M/sVRBvqew3y59234fiEq1yJ72f7NvbqjdniaO99o6DyBnsIa2MNicW5qTKBzg5TAgrV/bTagdJ15cXhPOK3dmSk7mdTt2i7xG98G1/FxEl+zf901N8iGrlGp24z0TqeuJe2yn80ncDjfWI4j/xOXxpNJdiNeKRug6jjnvx13OtB8tcu4EvrVJ29KzHYWjQJJsvQ8TyoXXZ5kkHpIkZTyd+bSN0mUcftjC/7z4+rSnrqz/3hWrUwrzDQOsBkykeZIwhu5uHIoq4dOdq0DB8Tqdv4F5usqmxTPZY9TAZa14rDhMpT1twSNUY4ibXzhEWROqRuNXBGazTbIh61jKIWNJVaLfcY5AqVaEzAx2xlZ7gbM5pCxA6pQ+qKMsMVPphrFKR1Ut4hCAtODCYgdoOMw3VipY7ne4RvpA6pK4a5QYCaPRiNBkGqhzAogjsGWkfEacIncJJtl00ThF7saJPiXUykbjOpU33PcqRXT/25dlrVg78qIP8+v9ZZ8Q4mdTGzbR6Y8Q4mdTEtpA6pY28mzWHU/y7Ot786TUxkHznPr3XkwuRYTvSs12xG7dXNU1SKX9ghdRtIHU2GEsyoKUdxtFiHVSQpb30EuapYTCDaf5jVX53GD0f+L6QOqWMNHbiS7t/oKfcXQiys0zNqtUKpq2b1Cclbp4rUIXVlQxfvYNEcK8bYPUrNIqnL7GEeJj4ApA6pKwQ6j08wjzl2+bXOFgQtKerIcF33iY0IpA6pW7mmSYbOx45p8PyftJtzBCvpottZd9iU2EQX/+5dpA6pY2mKkBhJeI+psNwp3qnl9TC9hFi/nDn/mf6C2T4EUofUrfAvO9CmYKWRmddh6GP+kxo5R0jiZCoITsbhnPhXj/apGgakDqlLjCM4q6Hj/zvIGowvWOuAk5ilmNwThKwZNYYg9OTY0IzFIXVIHTsDyaimoI43mL7xn6TcTV7ggrQ4TOzMkm/HQQxSZyB1SB3bUIrLpzKLpdgx0DoQO0eOTuD6xDrMi6lhkJ0SpA6p2yzqOknpjB/Fjl1e1I2U//A9EKGINwb0XIjGhFc90zQ9NXp9akX2g+AhR0BD6pA6hmbARlxKGzAMYx7Vdplc/LLaAXR2BFe854bqlyK+INsR2IHSFe9fInWbRV0rJvsyyg4Z7tmx0Dp/p7G3sCqVJ1CpFKFNxkJPZ6ETQZIGxU2TBYqrtlBCITlSt2HUEf36T1rqFIYpGky0jgZgBaE9507T7Wjo/G61gtPVdb3rt3UeadHY2fo8RFOFdpgsI7dIHVLH0Qhmh09tDKOYNxKbI5IVv/jWJTTpEx8nZ9l7VEHoetMZTtoUetV2lssG5WCECQznO6S2wiF1SB1TU6GIJ7WNsjcBKljr1KWWE+ARfnw1KFTCwq6jTEXxI1DyYWd5NMtA6pA6pmamyksJ5aewqm99kBgcL7J4nE+428uC3EFf9qUwCQRdFnup84cxow1UpA6pY0udnp66Q3bUsdA6Wm8rtKcqr3rEIdT1qswreu/jwT4Qe41IO4EElkGITm3gHy1SleUqHc0j4059LT3kkTqkjiV10/TUmd9K6+gBPN3l7BSFxkC88D1G7cNRtXu/HYMSvFzFoE1soYSe60gdUhefVMyKunqtkXMEiEo60c30aLx/dqVwBIkXV8Azb+oM0NnRj4Ie7FM0dkjdZlFnfonWbUs5W663hKRKH+c9VhLfIho6swd7cZDm4mgJb5uiC+yQus2ibpKeusn30TolCTofu0DHBvEpb/MNSKh2cuTkol4TqUPq2JiXOveZcXXni3SW5+eASeKFQ3pXK1AxO/ZbdpBieQhb6yveNx0eqUPqmJiWrrju3SNjlQecU+sgQiInXms1OGEksb1ssBUir2xhAQHPFlKH1LGxpMYFUX0RWP2/L9JBnp93VnZ6gVoB4MRN+qbnf+cwqWnKHOJCxQ6p2yTqLEEw0lJnMCw0q9fyVLUqSacSLJ7Ek9iYPWil3klR2NsrtvQAqdsk6rIs7FyGTXvupIscv3bTbO77J/GkoC4NwxDHdJE6pI6Jgdd4mg66U4bJz5W9XFo3SFOK60dcU1CXKpCrFnvWAVK3SdQl9PwptGlPLq2TE/s+L3ZdT0GdtXqRyLbgAqnbdOqMtGJ3KrCrOOC4XFqnro5+zE/iSTw2ZEqjKZ2kLtLhxrYqUofUMYundFNu1jFs2nMv3eYKpqSgzj+dwExauPor1VTKmb2dNFKH1CUJR5owpsFU6vJpXcqMGkqdlrCzJ/u75OmomxSanoLUbRZ1EBDsrPSwoEaNZQzvXrrPRV2atahNtxcH8as2z88IS0edjtQhdewM6s9GK7bK5dFiMRoDrcvRrciIrQ8IX7Lr96I1Y5s6Q8IJbIUQOt2VqQJTu9ANO6Ruw6ijPqaVOO1ki3VTyNs8WgfvCaE3URMuuNqdnewc39RZD1r4QXWs3a0mPAFlArWyAx6pQ+qYmUFbZiW4lyPWTSF/neTRullXIaE90auKEsZFVZSp7vaCBir0y15MlqU3v6mW/3XH1aeKEn4OmqJU9W47+GeZQ+qQOrbYdWJDKrSVJGPv6la6y+UVm7awypxZ8AeaOi9j54VaRKvOytFsrPRB6grATmhF7tudUiVgvaTJp3X0kluDJORMbdEhnUZUqoZcRs1MAm/QMjZuSiB1xVvQgHWJu9O4vq457SKf1gU4qaZpWQu42JbVMo0PWxy0EVE7vAxUwWscfLgr1TBblrUgoo5lmabKb+SUQOqKN97vhtU1Qqsk2ehGNLr7JlqX6eYcvxeRv2bTvHZMt1qcEkhdyWbO3ClX96pVT3dnHlwR5ZwH0kup75RRIIXtdjsQswGPUwKp+1qTvYRV0uCQuYd5UquXyJwZ0dNZ6LRknBJI3RcyF8TOhV57YZXkuLOPFuPM37MStS44zqfnBlsAQjvYWuiYOCWQuq9a0vm+pd2l6x7a+bjd9lspw8eJP0VdpsrQKE3r/AVrT6fBFAXMX9vRuxrxOCWQuq8wXwqchBKzqh9pYakMNWm7xBVdL+rmFCcijolTAqkrw+iZGu6K0mytyziWWZbWUegmcmxCc8EN95A6pC5qVkKGpV1dnXJPlWHETBl2StK6lrCiR5gwwimB1JUM3UhIk3D/rgyssCtJ64wVnS6Lb+qM1CF1H80SUvUMCSkDI4fsSHoo46WyqkV08U2dkTqkLpP/VSR2jdpRCfcXX1sXPhDhEKcEUleemdmgo+3pGM3ReilaN1h9f/9n72y8klgaMD4oDaK0C4TAFbxAKqlohgYqYhcDreubKKJ2OUWmeDSz9EZpvd3yvO9/fmc/9IrKh7C7d8HnOba44/rBnOfXMzM7O7Os7op7oA7UlUrY2e2j8UbqU+rpVq8WWeequhuCtM6DC5YAdVrp96rtr2tXylJkpTAfn1P/DY7X8r/KR100MUHdLaliobnouiF0xl6Flg/RJOsmati/QF6sFpYAdZqo1oUwr7Qx3yqSdXvqv8OaNixScqciUAfqqvTq7tS05PF1JlVgJnRSg6yrbWF2YdlMIywB6jTR+I22aS1ZA1qBB+7iGmRdbQuzq7yUOqgDdRf0nzp6dWeb2zSeDcmoA9SButtWxe5aNm0rty9c4y5N8KeavMUa+nWvQR2o00gDdY2lXNjMW/9ZJ/TY5qoNYkbm0K8DdVrp90o7TFWbzdH4ULsWWSetN/j61XK5QSP38qvHaiw7COpAXdlunbs+6hTZtVSLrGPYnS2zN/f8Y19fn+tM7PNX52tVPO6HJUCdJqpxVL3cUHvDs8K8/I4Wb9M4Xm2N6LfjRlgC1Gk2mDJXL3VzCgw/cJpknfhOBybKkfd4YsANS4A6Lal7Xi91Sgy1J3lew3drdLsHBoSFnWUtsDO3G6vQgjpt5fqXqeOiUfgA1N2yKq7/xoG4m3fjtw40zTpYAtIJdX31UqfIXsFqZV0y4YUlIH1W8XIdz9Zd2li40azj1Hhfp5TSkwoTq9MryZLzXPxKEagDdWqNLzy+c2eutx7oeufkjYUbzTo1qCvEir7oUaz8+Gi8dAOv5HH8chGoA3WqSZy38erGN8ql5WgVuK+8w6uQMA6aF0ZqTo5IdDUTS23Hjvcz8VyMrm2R6PsCNeSJ42jveGl1lSdS6REN+hxH3OYKzcycXQLqQJ262N2Z67vBgweuPmk+hxKTOVTJuragiPKpITlCM/tb9DS/EivS7ckjoeBNOrPKpZccm/l9up2XSvPZtmR6KU33UyfBs0tAHahTT/aJsy1uPv7pqtLY7HX9+fFsR5wJRbYZOeVVGPXYk5g5NXAjMR/ZOSEkH8sXSSInFYwsceyDxFcKxCGVJoNxVsqzb0vENuVLQB2oU1PuhYsTNZ4/f9XHtHw+W9G13CdOWHz++sJlCwrN5nBEVWhhbgVFlHkWbeyzwj4hI7GZAqV0lRthMShRlzScJElSKvUGBdB2CoR4VzblS0AdqFN5UKV/4e2dmvV2oV+x+RynfEKNfp2wyqZ3qUBGDBzhM4SkY3w2n0yzrGMFEnVHQfabT6VSr5R17EJvcFO+BNSBOg1amu6BhYlqwE0sDLgV3cBOlayz8fTUl17LSi3FEZqLrsX2g17fajAhFiyxfh1Pt2eik7xUmggK/bpNWvTuZ+PyJbAEqNMQPmGu4oXJivJ8xQG3W42dhPf4uAo/ldthDcfMJBGzjhTpcSY4EqS0cOwQg0yIvAy7ghrkUi5Di6yUfVdsi8iXwBKgrlWlStaRkrkpbfscaRNGT679TXKpdLU3AUuAutaXOllXoknKgm0PloBQxWdIRNWfhzWTy6VgCUiPVZw0ZGrpy+SUzaYc74MRQN2treI8pTUkgjBjUdms88IIoO7WVvGb/UKBvWyu0Yzv7CjNS2QZmMpw0vREYcaislk3AyOAuttaxXEazWfjxEH3U4aMdByR5iWmlzjC/knTE7eybYp2xJB1oO4WV3EumEys5Ahv4IhjWz7K8xKlu8bS9ERhFoeS2uYnYQRQd0urmDsR7hqfJHeOhDP5KM9LlKkTpycmlG1gIutA3S2u4hTdjEaLNC2k3GRBPkrzEoWHrIUWpjg9MYGsA3WoYoWibl94OIYzFNK06D1azYtHeV5iihZ9hlVOirx4UNl+3Uw0ASOAuttZxd4lcX/wvWx8j9JglEhHaV4iV6BUoE6cnpjM0KKSv7iNd8AIoO7WV7E3fuEoBVHiYh4p2w9D1oE6VLHWauOxDC0sgSrWVsg6WAJVrLWK/AgqAZZAFWucdXFUAiyBKtZUm3walQBLoIq1FOdD1sESqGJkHSyBKm5xIetgCVSx1tri86gEWAJVjKyDJVDFLZ51W6gEWAJVrHHWYbUiWAJVrK3yyDpYAlWsrWxxZB0sgSrWPOs2m/nPtzJxsASoay41bdZ5nM+emmX1PBvmYAlQ1zRKN2XWcc5z4s7JG4YlQB2yTkXmus3XqHsYlgB1TaERvtgazIl554ElQF1TZF2Trbg+XJY5QU5YAtTpX6nmyjpPj7myejhYAtTpPutSTZR13DNzVT3lYAlQp3NF+bYWaVwqgh0sAeo0UKJpsq5q49L8/dv6+sbXUCPYwRKgTgM5ask6y/xdjTRvKfc3OKsFXeDrh3ZBG997zpvPsASoa9asGzVpqNFr/wTrU3NV6D63S/r81S5/11dYAtTpUZP8drVLhkym/2nFHPtFQ/WNopg32s/0+ZsUcr4PsASo06O8qao7ad01aaq7dY6i/EMda2UKW6YkNtphCVCnR81UzzqTxrocdD1m802pa//w38m/WAEsAeqaNOv+XepqCzqJuvWN9fYSwRKgTnHyX5sAAB5gSURBVI/y8Tk9U+epMehE6jZC5pA8kAnqQB2yrk7qnN3m2qlbDwkvlnVQB+paOOu6ZmftdntvuDJEY85Hf/jrou4GQSdQdyi9Ln77ZzATlgB1rZZ1Tzji8XgIGawIUScJc/31UOc030jfAvKNu/NW5uf/wxKgTo+K83t1U/cr18uO47bZyhR1veQGb06d56m5XgW+bwjcbfzFwRKgTo9KphwNUCfw5rfOmsaMJBlhABp7Cenwm8IcsblMLzoIsY6Zpq0eYhuSy6aNblvEfsBy0jpUkTqnuUE5YQlQ15pZZ3/55Ek/cY9yxqEDEjGFCdfZQULTxDl+QFxDJPLQwz3otB2Q2Xm5LExI79gB98QUsY1VoK5s0E2tye1I809L6Vcun/fAEqCuNbNO/Dr3a4dt7MF9o/F+mIybTHbPAddl8jutIeL6dbTTH7Y9ZC3MDqlsUOgEjpF+v9HoL09d2aALTK3I1C0eh0q+cvkc1IE6/SrBnzaSdaPz90Ik4havsz4I234zmUIexp/w8sTOoLYw6sLcoF8uG7TdM5leWO33KgzBVOrRMep+xujSrjlDs5bDIH3vMgc+UfopIJyXPmYHS4C61sw6YTTlJTd7wD36o2uw0xQWmJr1zFrvC7kWnvY/nLXNi9SZeqUykTqTyzbLvSz3U19U6q1NrRzSn5E3a4HD7JcI/RF5vxb4kp3apbvsPFB6KSwB6vQqL7/T4GjKy2RvJ+noGiQHrF9nvzto6+gnoa5+YjmwTTO+fgvbOjn3fblM5FK45dBbfgzT2l2Juv5dc+jnWmAxGHqXdVmm6NS72JdQRDi/tE4fLAHq9CouFW0w6/xGzy8hdpn9AaOOydnlP2Avs/dHhXXyOlgAjjlJRC57KFJnmhU6gGX7dRUe7JlaWWQNSmpglFneUUG7gTeUrkbYOfp1oK5ZWpgNZN3FG+bzrEcntDDn58VHU6fFl7GxR/KX/edlouysvVnpfl3ZuJtaeZc9DBxKWbcWCAR2LZH+xd2VT1eyDtSBupbMuisKk/laLhuzV5zOIv5ZPeWo+xFctBiyi6Hsl136c/EHdf3IuhbXPoUu9+uewRKgTrfieeWom7b/Ustl49YOf9W5Kdc/4TO1NpWl9Oi4P/Ce7rIm5vEXc2iVtThdwjnukoO6JlEqpRx1ij5zUPZp1pAUaovswyJ+GgrJ5xdlhSVAnY6zjtMndTd4oPW6rUZgCVCn56zTLXU1L95w3crrsASo0692+KRuqWsg7oZhCVCnX0V1nHX1x103LAHqdJ11Xj1TV2fcOWEJUNfkWdepoa5QV0/cdXOwBKjTsU75RFXqOjTUVerqiLthWALU6VmOVFL31NW25HrDA5iwBKjTSHt8XP/UVZiZeV370gNLgDpkXePUEc6pfvsSlgB1yLpS1bo85jAsAep0rskmyTpBNS0F/Td7Z/+UNraH8bQ4CZGYBJTYEl/AcRRJfcEZtFbpMijDDON2dleJ7Q9tp50d61THOxb3itJub//zmwAiKuSNEHPweWZ2XSK7e/rN88lzzknOSQqWAHV+1zthmhjqrMyqpGAJUEdA1k2QQ53pS1ujIiwB6kjIuk2SqDPuZsZ4WALUIevcp47iu3HXa9DBEqDOI33uPeuSth75yvRKXRfu8ilYAtQ9mqxbsfl080rP1GlKFW+Bly/KsASoIyjr1nukzu6agrgb1GmSU5KU11SURB6WAHVkZV3OY+oYV6iTpWJrOjNWTPGwBKgjR0+FMReoszqoK7hDHS/du4EQS8ESoI4UbbqSdVZnKIfdoK7LJGY0BUuAOlKybo0s6vjuN+xiMiwB6h5h1iWXVtPj/aTOeIWrBEuAOgL0Tdhxj7rVxusLnnP9os503UGPT6fAEqDOm6zbco261qvGD/pDnZUl5XkelgB1ftdH4YVr1E21bg4s9IM6s+1TrqrlsnoR5GEJUPeIsm7+5j0j7lNn1rlMXJwEdKlX19iFt2AJUOfTrHtDBHWmK1ovKoGGTi6un3G7gCVAnS817WLW9a+HabKsTpcauFal2sBu+gSWAHW+1Cfhve9nUyxtzHdDndbL1J+3yakBWALUDXzW9enOgbVNaNupC5xcrte0A7AEqBv4rOt8l3xjdGp02Dl1Vjdc1yArq+XALcESoM6nWTftJnX3VNitx1+Ic0id5d3W1YCqsEpzIhPUgTo/673wqY/UcaHrod4u54Q62fqbRdRy/UXJXBnUgbpHnXXczb0EZt4BdZKNfdbV0+Zry6s3k5mwBKh7dFnXDl3jHp4t6mRbr9CqJpr/0OplVn7BEqDOl9pyNesyS6OF4dbMyu7tnRs4e9RJrEMlrlSdO7XGwxKgzpd6I3x0jbpkYxQXX6nvA1aI39m5YcMOdXKe7UkpWALUPYasG23LtVDo/n4puzaok9geJcESoM63euFW1nFTptsUJa1SZx50Z2eNn6d79H8V994cCUuAOm+ybtMV6m7PnHTWqEXqTINO+UA3qFNeHXFfvyZAHagjSjvCN1eo2wiZa8USdeZBl3jyZzPrfswl2NlXXKfVrbAEqBv4rHNvtyILgzaOPWpQd/QkwZbmOlHHwhKgzrdaE566QN2oRU1ZoM7SK8ivqfsP24W6KCwB6nyrnCtZ5+rez1YW9nxvUrffLeswrgN1/tVYz1kXtwndvPkcpnncHd2M616+AnWg7rFl3ca8PeiSFu7XmS7v0bIu8X2W5eijUuc5zCIsAep8q3Xhc4/U9eetkSYrfLSsK+0dsuw5Te9lcJcc1JGWdeu+pM7qatYS1/m4CEuAOt9q06dZR9lY0OraFCYsAeo80YRfs8563Ln3QBgsAeo8yrp3vqWuh7hLwRKgDlnnjDqncReFJUCdjzXt66xzGncSLAHqkHXOqXMSd1EelgB1PtaW8MXkGzNMxjvokszM/RbYjrsULAHq/KztnTGTbywyI5xX0HEjzGKHJljacr3nCUxYAtT5JuuycYYJeSSGiWc7NkK0EXdRGZYAdYRnHRUcYTzTSLBLI3ip//1LWALUeaOc8K/5l4Y4jzRk0Air22OmYAlQR37W+UaWtoJOwRKgzu+aEP4mp7EWZlVSsASo87+Rd9ZIaq7JS1ujIiwB6gjoYZKUdWbdzBgPS4A6ZF0/WtyNu16DDpYAdV55WBDIa3Mn7vIpWALUkaKdHRJbnSreAi9flGEJUEeOCMy6huSUJMU0FSWRhyVAHbIOloBQYgP9LWyjCLAESuyp1nZ4FAGWQIk9zroJFAGWQImRdbAESjzQ+lfIoQiwBErsqcZ2MJsCS6DE3uqLsIUiwBIoMbIOlkCJkXWwBIQSu6h1ZB0sgRJ7rHfCNIoAS6DEHmcd7pLDEiix11m3iSLAEigxsg6WQIkHWp+RdbAESoysgyVQ4oHPunUUAZZAiT3OuhyKAEugxJ7qqTCGIsASKLGn2kTWwRIosedZt4YiwBIoMbIOlkCJB1rfBGzNB0ugxF5nHVb6wBIosbf6KLxAEWAJlBhZB0ugxAOedW9QBFgCJfZS4WlkHSyBEnusT8J7chsvauJhCVBHmgjNOlkqtl5RHiumeFgC1CHr+ipeyt97JXkKlgB1BGXdNHHMdXwxeTQFS4A6QvRe+DQIzNXzToYlQB2yzn2lujKnS4IlQB2yzmXJMdZYMR6WGEzqeLfnqx9UW+RkHV9kTZXnQd2gUcenirHrLk60KMkDUIU3wseB6Fy6gh2o8x91YvHuec9LxGceKVln2rlkr6rlsnqh9IIdqPMbdWLn014kPPBemGcdVxjxSAWuWxsks6BLXJwEdKlXsdYFBdQRTp3BpbZIdN5t7ZjtQrvIeKjFzle8PGsKXSXQUOUi0vy3LkAd2dQZjimiEsFV2BG+GX9hgWH+5xVz2v9owdksCqsGrlWpNkJu+gTUEU2d2WnPi4ObdSOMpxpxOItyQ53Wy9Q3G8ypAVBHFnXbNW1oXq01NiPn8+Yn3aib6YdxUVetmWUd47HuBl2MZe1SFzi5XK9pB0AdUdRNXNZHCZWfmy3orkzOevdupg/GRQbKmWXdw1JnLega1JXVcuCWQB1R1F22Lpo1nmpcbFXzO0WyT8dFhhoTnvqXOtli0NWpUxVWaU5kgjoSqbu5ZlZ+NcZ0VxXWYTfzwcdF5GadFGWtU1dW9B9cGdSRT10g8JNrnEwrp77TapMHHheZaV347JC6UDYbiUQm08bNWZZW3sYdtd9G0OnUnTZ+lqo3V0xQRyx1gXJ1/FQ7YO3k33/81ufU5XbWHVL3mqdkWetVJw2bM0yl+Vkn7ZdYW6ommjfuWr3Myi9QRxp15Z93huYWz/69WRWfU7fpOOum+Ent76vhrHF7Qgd80n775TzrVIkrVedOrfGgjjDqLieordtDc8tn/c7iSp9TN+E466Z4nbe4mGWWh6jtjAbg0CRFBeNMmqfC48xukKLEZWZDlKnwQvPYxtCzcCZyrOWkuGDYfontUZLbloD6T93Pbf1HreyEujtx92Djov5nXeTg9etZ6tkiP7RwTGWYNMUPByllg5JWj6nxBSqzJPPzw+FjKltoHktT1OTyMf+ayYSXDdpvHHQ/OOPPjUsfqCOPuua83ubNvdcTO1fa9psIDzUu8iDr6r/np4Lh5fmZoaGZNLXKMBH5mA8xcUlUqPGpxeF4Oryk9TCDjWNJ/Q+7TM3Gh4bi3dtvHHSlfxTDz6COVOqun5tNcdXmQ7UnV057OA8zLrKsaeGd86xbLIwqVOZZ/XvifDr8G8Mossaf/uN1hKK2OY26NJ+MN48lw6MMsytGRg0uNWYjuj/pPY49naO/jifOaPosUf98/7oH6oij7loxbWhe1rirqFd2BxatRzMfZFxkJ+vGeppNOeCzx/zK21BymEnrTGXlrDij51p6I76UDRfq1DGTjWN16pjxcJY/6PZf3TUr7OneeSJDf8983T/fe3lIH+qfO3wN1BFLXbSXAX3znvkDjIvsaKuHrNOvGgfbk8NUMJSkjrX2R0aS4eAspYRmKe44vKHx9Vs6PMw/m2keq3Opd60nu2e1aFL00pzCHu2Ncy/ps1fnSiahf+4wtu4zdXytqpbL6mUtDJBcLrHY2zxaVHyYcZEtbfeYdfEh+bmifS0yr1Gnzz6G4sfaj+zMoj62DWoBuCxRmeaxpTp1TFb/g3Ztv8nCntIcxx7Rug4/0PRfGf2z5+O6zWpzfvvkZ61D/wFw9VDinuev9bjzelxkO+u+OKSufWKooLVc72EWCvVHsDfqP5aXV5q/jreO1RXR+ptG7TeMu3rW7ScSicPT2dLhH2eds66/1I2p7esb7j1S9wlwuUPdy/2EnYnrtrjzeFzkXdbdU5oqWPnacsRw2rae/wYPgynaOO6U/lH6Tp/tjZf2z5SO47piP6mr3X6AQr0Td7wKuHoocdu5f/lHws7Eddvpj3s8LrJZhZwbWdfQRuS5la+tisG46Rxs9xU+ia/0od7F/Odc+Yumn4zXP3t7l/zOU0uB8u1nz35VAJdr1P14Rf9+WJ+4rs9bs0YT123KhDweF9nNujW3qHP12RqDuCvpf3H6VVBRrj/fldhP6gJ3ddK2RUt4y/Ii9twEqDOhTuvVZD7sJ073zhvz1gnDiet2vfV6XGTrzoHwry+ps7Gg1bUpTMfUBSrVXOu3lxaXGL2fo+m9N/9n79x/2ka2OO7Q1dC0rg2CGN0kavAqcrmG3du7EiQNWQkRqkhRG+XZvfkBEC0KIUJBQKCF8tD+53dsh5CEOH47M95zFMiD+WE4mY+/c854zjDFUk6vxVpITbg1sv9c6pLN8OpdTUlUa3nrdGtC4nrwyvw//+MiC8YRqnWM+eINriVT7FPXq9WidPrvC3PUbUl8YvM4k83qV0bc+KxQl7v8B1NXwBNKFMKUsb28tTghcT3w/S9PJS4yP8PkD0mlzoHcyb5T18tlcuot86byoKiIvX+cWjzlmK+Zy+PybvsbCu1iDSyhcoLBn2XKFYW6UyQlGhlUO2C0dtlgUzefH6SuVe2IHU3r1Lw1uz4hcT2wzZXwPQfczg651NmVuwjjP3XK5rDr6y8Xpjext1H5Hgtk8TNXRPe7pcwB2itizlLoOFUO5YroaLekUDe/W505QF9Tp8pnSrtEwLVucOWgdCsV2FC1sFrtNtW89dLthMT1wKYf0qnjeYKpsyl3gg/UndTrFzr4maOOa1QQ2sutfeYOr7DCZQ4wT/jNvZTIFtEOj4nbV+O6nJRdPGe2GqFeu6BTJw+u16WrCJ1eJpVEtZq3Dk9KXA/s+CGcOsZY6175aM/7b0PuIpz31D0sxhM/H07sU5fF8XS8gc4xaN+OGWYtsy/lVOrU+GWfVz5T47q4lMh9wx9Veu2CTl1sZH1WfExca3nrCYnrgd2tpFNnrHUvfbRx/bcsdzLjOXUPWtL/Z902dfeSkru8OsRo8WU80cwoyqa8CeVyufMEf6VOPlXqsvfV3Vwx1GsXdOqYbQe5a4GMGZoLWjdt6syVXHecwLRC3RdtoWCey/64sEldCpWLKR7tYrTWUGOjltn/rFK3i77meLR5gPazbTWbsiXN8FI8UZG2tHab/EawqcvbT13HGEqoO+RzpFNncGfm6PUu5jl19YG76L5f2IzrDko4UGmoi3Ln6LIsFRWtwz9H+OMZPAdRJ5XKNaeMjiSEvl0uau2y0n6wqYs5FToC4iJjrePIp47hBO/nl+apux589/ezWabZY022ekvrM8ccM/O5/zXEs+rLeH/hHc9ms7nn7YJKnc0p5lC9IjJG7YT4go9TQJ358pgy4zl19eHQajS4O7FaEjCFQljP3GtHO3WyQ6GjgLoNKrROXciJeAydSeq465F13c2h4O7Eeh3OzUZjx812lFNnYzf5SGE+0Dr3+m8iqyJ7PyQwZqMbyHPXXwY3IFB/bPa0qZtzJnRUaF2OFuoMD23Vdu97Tt04Ffqulr59Ub9OAVnOXZx3JHQUUHfEb9FD3eRpZpRjpkXdgA5CJRUXJvFWctYy+aP2mS3SpHVqNjPijdAxUCOMGOqYmGnsxp/XSr7WZZ1Rt2JpaWPdef/Hcrct+zckwLx3sck8pt6lNuha997iKv57N/ov54fA287HfB0SYN672BR2Ai0ztFFr8AlH1Fm9d2bZpf7HZEHYxpYX5jjfhwSY9y42vv02GmNopW5xJ+4rdbOu9D8m5PvpzGhe5oC6wFFndJpaRKYqLnJf68x2/qM71HHCs+8jKgN1QaNu4vpsROCoi4sGLOWC1plV4lduUKeTxIzIQF3AqGOYOb3bAI0CeVLjokf7ym/SRB2nv2AXjQF1AaNuPHcR4+QZmXGRR1q38vsf/13ykrrJIbYA1AWNOiWE3x5GzsykhsC4aETrUm5R94dWpvNfrFfUGe47cHh3ClBHIHXKBGdOyGv5atnkfIa4uOiZ1m251P/+kXp/edN/M1vKtzmgLmjUxWTr+WrSqZvhF13q/9v+JPjfXvTfXPkUR9gBdcRRZzNfTVZc5KXWvXuqp+t+/81uanWEHVBHGHW289UkxUXeap2X1Anmb0KPAnVBoU5/emPEHTlx0XjbdE3rvJthzlmqpCEAdYGgbnIl1MnrRMTERTp2blDobfpXDYuF+RwUCQPqCKLOcLNPniM+LpqgdVmXqPNohmy95noUqKOVutzPH/X6j59xU8UYJ0wzSafunF/zNBv0YeHtwiv7/bd1vsgcUEcndfFrte7TxcNmv3TKja1pJukzTBe1box9/KT+Q69Zm/23d5ZWFKijk7rrfqG1m8cze74YBPEcldmUfb7oGXVs/3ToT6yd/sfsnhsZA+qopO6psujFdw27mwtbu8lJXznwUOvYpznz7Dsb/Rdsn5EsAHWUU/fixYNyHCtbf2E8s+GIi4sM7cAzrRuETotVLfU/Zv+AZI/PJQfzg7oX9R9LHfyBnXKYU46LDG0+4aLWrf++8PFV/wryaXiHEmut/0LYicWAOkqpqz+MFLC3VRFzmnGROa3bdYm6Fa23y+/V/e4fRw9P/2Cl/7FtR9DZrAEN1E2duus4k/1+YpW6ZzHFFOMiU5bYSbhD3cKArr1+/Xxf4CcL/XcmdLYDO6Bu2tQ95JQStDd1y9SFt2NExEUmbZc/cIM69q3hdtwVs/03ELp0bfgk+DtWeXQk0fHaAVA3beo2tUsu+3RuxIn5Ky03/bjIX60bvkKMtwWT/TcSumRpiLrC5Sp+hFebYaCOduq+K7+Uay77eEzSyY2FHNrclOMiv7Xuw2tje2+q/4NClwztoVASP7Uz6aaE2utY2DKZdijdFsPKT7OG2ktlVMUPNrknak2SV2eo1gHqaKRODenVr168qWPuLr7cWAos+rdmTiUumkZc59Ku3KG5JKaoLIn46baDbtMVSeygVkcKdbDapUtiEn9Wa3eq3Wa1K6ZLaa0Jbp1uhzigjlLqZCfx/KPcTSEusmRFft8xdQsm7a2J/g/e9ZrO4JljJp3OsOFWSMQvm8pTs5bWqGvhAC95V5BW8QO/v9WaKK3TJaCOUurm887yaJrc+R8XWbPsjr8V1w37P7CxR6GrIDXT1UK4dRZWXipPWNV61JXVuE5i8QO/7zVJSyJQR7HWOVwz0uTO77jIb61btgjdO+P+9+VOwa1QTStJy1YbI1VttirhcKek5Cs7mtatn7J9rdOaKK2BOnqpm5y6Hk5V68od6dWKsjvOqtB+eGcNuhUT/X/c3pNGrcJZtaBIWxN18cvVJmquXoXSqLtUC+Egr1soh1arXVaN63pNNCEE6gJHnZq6Hk5V68qd33GRVTes8eeOqHPXHvuv7fBJZ2oo09Guci2EMtjjtwihkHiKf+EoDn9WTYpt1MQP3EhrompdDaijlDplY50Y6oQ7NRzM34Z7eelQO9MtiauVs+ReWs1RK9nsy9urVR3u/rNMdu1np1rnDXWa3GGAntxaWB14Wu29YdXf6uOpie19rUAdGdSFy2f48toRa92nvPRts1aoVdRUtZKj1rLZGVZP7lZ8j4ss2QaRWqfJnZlJPOw5CCB13ZpYQbdshm0N5KUzFTVPpuWoRTXC16Xu92X/46IAaJ0qd4WOzTxWFKijlTp1kXwp0ym1Kt2Q+JiXrhZwkI+qStJMy1GLe0o2W4e6iED8qZH8DKHU2a3fYHvLAVBHSjZFrFTaSxnUekxdq7G6tFTbU6iractGbV3qojHiz2rd2kkRS529WkW2J5hAHQnUqVfaFmqJtctkeDAvXRObqNlfrE2ju+TncdSpe1xJpy5FsNbZlTsBqKOXuqi2ZtQJnz2lrrW8tBg+lTq1x9dddNmWCjo7fkDrnPXfhtxFOKCOXupGtpwUdBYHumcYvJKoc8ElnbpN/uvEv/86u+5f91dmf33eA8tyJzNAHb3UzZn7ktdRqI0DP52traRTFzfQut9m37B+9Z59M/vbmC5YLLkeZYA6iqljTF5kl+7u0rqRBfla15j49z+XZ2df+2Szs8t/jr/+WZA7+8ccAHUkUGd708FgDQfatY55+WbWN3vzUqcTnOD9/BKoI0PrYi6Uypl+XDTZEgZah+0X1if7ZdJ3EfUcOqCOCOqYqEOhIyMuMtC6RUq+MFOloGUGqKOdujnna0VExEXOtI4UM5FVkRmgjnrqLIvdmKN9iIiLgqB1jOGhreNPmgDqaKMuZmmtKCKQGxfpWZY/oulbmzTNjHIMUBcE6uZlZ0JHvuVo0jo1mxnxRuiAOmKoYxjTqwcRmUo3bNGldXrcbcv+DQkwz11s9saIPEenG3I7G/R1Ws4Pgbedj/k5JMC8d7Gp22+352h1Q5y/p7LfMVkQotjywhzn95AA897FxreoRAR63cDRqHXTHhJgPrhYCGAWpT/D5A9hLAB1JLp40gICvZPLntbtwFgA6sh0sW6+WqbcDRzPw1gA6sh08bx3+eopG2gdUEeyi0fy1ZF8LAh+AK0D6gh3cUwW8kq+WnAxXw1aB9SBi43mmvPB8sMhz8FgAOrAxT5rHVAHQwJc7LfW5cAJMCTAxaB1MCTAxYG2ez4OToAhAS721TZ2YIYJQwJc7K8d8VvgBBgS4GJfbRG0DoYEuNh3rcuCE2BIgItB62BIgIsDbQ0+AU6AIQEu9lnrYOUAhgS4GLQOhgS4ONiW+n97d4jDIBBFUTTMBiYkeDaAR4ypqGYHTVOWwP4FGnT7xPScJdw88hXg1pmExGF7bSKYhMRunUlI7NaZBBJ/9dY9RDAJiaNKXUUwCYndOpOQuPNbN4lgEhJHNbfOJCQOO6rfi5iExOlb500fk5A4fesWEUxCYrfOJCTu2rtuIpiExG6dSUjctY9bZxISZ42zW2cSEsdv3UsEk5A4an76goNJxBIPcOGp+7kCN54KAAAAAAAAAAAAAAAAAAAAAAAA4A+cWkMmxmRzXjUAAAAASUVORK5CYII=" alt="Trust view"></p> <p>To the consumer who has not enabled DCT, nothing about how they work with Docker images changes. Every image is visible regardless of whether it is signed or not.</p> <h3 id="docker-content-trust-keys">Docker Content Trust Keys</h3> <p>Trust for an image tag is managed through the use of signing keys. A key set is created when an operation using DCT is first invoked. A key set consists of the following classes of keys:</p> <ul> <li>an offline key that is the root of DCT for an image tag</li> <li>repository or tagging keys that sign tags</li> <li>server-managed keys such as the timestamp key, which provides freshness security guarantees for your repository</li> </ul> <p>The following image depicts the various signing keys and their relationships:</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4QAAALTCAMAAAB5bDzyAAACT1BMVEX/////7e27u7v+/v/x9PgAAAA5ZqDO3erP4vMLU5RJSUnN2ee2trY7dana2to4dh3/AADD1eX8/PwuLi75+fkLUpTf39//v7/X19egvdYVFRU8PD0hISKeutXx8fH6+/xHfa7w8PDC0uLb29tnaGhsmL+EhIRpi7empqYlJib39/eMjY3m7PTU1NTl5eVNTk6/v7/9/f7u8/fb4+7y9vqkpKTc6vcNDQ2css+qqqrT5fTn8Pnh4eHLy8tReKyzxtwqKioXXJnu7u6qwdkbHBx/gIBShbPFxcWSkpKurq6goKCVrcyGosWGqsvS0tKovNbI2urCwsJAQEDN3/BFb6YubKTp6em9zuA0NTebm5vn5+fY6PX19fVUVVbr6+t6fH64yt3f6fHQ0NBiYmJ+pMfs9Pv1+f2ysrLj4+OZt9OSss/KysrV4e1wcHBolb1YWVpsbW4mZqCXl5enp6fIyMiQqsqzw9Lz8/NcXl+6urr/f3//kJB0lL11nsNcgbFhkLr/KSnh7ffy8vJDQ0N3d3f/c3O1tbVzdXZ9m8Fai7d6enpFcKZCeq2jsb4QVpdeg7LJycn/ERH/PT2Hkp25ubkfYJ3/ZWVDbqXd3d2JiYnOzs7/wMAlKSxXfq+ap7R0oWxbjkU/eKuQnKj/Hx+vv83/oKBagLD/sbF6hZCpuMZMgbFLdKllllj/UlJAfCf/3t5NhTc+REmHrYD/39/D1ruuy8Mzb6bY5NP/z884dhyYu6D/Li6StYw1UGqtx6Hw9e49aqHP4eajFxfNHBw4dR2HoZeFAAAgAElEQVR42uzd/0sbaQLH8ZlxnjnqLJJWWT01FaYlcyRRUyayKdRETIPfZuspoa2H9lwtVK549VzFa5LLgdbdUI9NEzybKPeTK4Er4g/9RfC3vX/sJt/8EmfyTUfz5fNeFjNtjenwvPI888RGikIIIYQQQgghhBBCCCGEEEIIIYRQPTUd67cx+tTfNF01p6FrMKZTz7swyFDemhhdm6uOETjdredJ6B/EOEParTBMt15P1V2DTTZmpRoU9tiS07ZOM2G/wvAJRhrSngdt67rOMCvMXOWfhXXlmUjHhXNXjGF6MNaQhhGGWdf3K3TZmMpfi00wTTrPtIwNF4ZIvSdMt95fIqb3AL96z5kJvb9EPxakSKM5/ZdJg8xK5a/JY/o778doQxpP0PqvFRkGZ4HqYmwYbUg1G9MFhNSK3hfGVXEW0C2lOjRofzRiiET9dNF3Y3cFnBwnOqzVOfxu4hECISphaPgiUV8ikfBFI74i78W1FTQKguAOcKt2IARCdMWhQR/uJ+h0if3DoiZD2etm00nBsL02ELbu7BsMkcOD4u/EuhrmlNXAuB0I0RWH387JEf3VF41GfV/po5OdIu7D4ZVY1hgQRVliraFwLSA8jkZ2Ent7iZ39/eMiF+QyF5oVJMEY3HIBIbrS8DuIHNEHyvVgq3JdmKCPIoWnAonjWd7pdPCuAOdmrUFH9SNsjewcZVYDPkNRk6E1LEqZ1cCsVwZCdBWE+356LzPuDgx7tH+/4F0EZFbypuXxyrpU2LJXO8LjiF9Zix9Go4fJj4bWIubBcEhZi8uiKBqtp2cDCFFZCI8jNL2f3Y/xndB0pNByzM5JbCiQORC8VtbpqnaE0R3662Fks7XVtx/9Svv2C18YO4LKgpyTBX7c6VTWBZwEhKhshL4ovRfJHtCRPTpaaIeUD7JW7vSliaCbleUqR9iqrMgPT1Lykh/pE3/BxSgnsG6vdHqFLAeAEJWPcJP2Rc+mBD+9WQihQ2QF7+nR6hg7JlY5wp0dOhHJzH60sjz3nxT6fJfyROTls8vzECtxdiBE5SKMbtKbUY0jbYRn7Bxj54+qE2EkQR9uZg8OTugjQ8HL4jHWHcweSJyyJOeBEOmPcL1toUYRGpRF+OlmTKuBpg2FrotFNzt2thmjrE3FcSBE+iNcGDYt1ChC+hzC5FHB/VFRYXcRoQMIUZkIW08OE4cne9nSRxoIFzuTCiU5KBjDfDY5lDyqG4TdZiBE1zv8ovuR5H9npY7/Z7FYhoeHpx4zNpttYsiWbmSGdJq+Xf38RaVwvSB8ODINhOh6h1/2+0TOd/Tb5OTkhtJk40OPxxT3pPswScikzXuXVekLX70Iv+4ZEokT/+lqQDky+LUuCgc6pu5Tdj5sFILy6WqASx0BIbpGhJmZ0PLz0pIlZyaMcbWG8Diyr5LhYzweV07D8uNvGIaZyL6T4UQnGVjuCTtV2loFQnR9CA3Z3zbbLJ9yrglrDqHvUOUU0L5mZTXQOLkx2dG45PFYTMpKIPm/pZ2Q3l+daqfg7hYQIh0QUi0j6R3RFMLU7mi9IPxteXl5annK8vHj/Kjt7VCmt52kefSFKkKBA0KkB0JqzvQ4ezP9OmG9IIyeex5qO3tHkIHGvjUeCNFNIlwbtaxd+Py6Q0hRU6ZXp7cXbWYKCNGNIqR+8sTqHWFP7+697O0mMwWE6IYRbn/crXeElGf0/vlPBkJ0swgn/myre4TfLPYAIbo9hLueN3WP8NPMt0CIbg9ht+kPdY8wtvEACJFuCA/8lzs4j7DNNHoRoWv8ci5nTSNcf9kGhEg3hInWyyXyInTzKn2uaYQNzc8agBABoW4INy+tBg4ODvwX/lVl89wFhP+5vBpwudxAiMpcjiroDrJlEOZdjjqNirnZbBmDs5+l6kUYVXkeat3Jh/CL2vPQOBCishD6DGr58iB0eTmVVikgBEJUFsLC5SLU42vc6lnwnyTOLQYyq4HE4U4ehFsuBZ0rW9rgXUcQCBEQlvUI6ajaYuDkWBshJastBpwCECIg1O0R5iCslbOAKmv47ZLeR0UjbJgh33VT1PRL8vQ+EAIhupah8acB8q54hNQcIR1d1DIhU5gJgRBdx9DoekNIKTMhRcUJGelJSawZhLu9hMw8Kwlh90obEKLrQdhGSkW4NpD8FNJdO9eEuyTP30gdoXmAPF0HQnRNCKeWS0NIDSVHrImqHYRLpH13ol3jr6SO0Kacgm0gRNeCcPoV9bhEhNTPhDydrh2E5kYyTFGLpPFe0Qgb/q4gVP/zQIjK2C4oFeH9ZkK+i9XQTEjdu0etNRNL8TPhAnn6rJO0ASG6JYSe5HJUY1+mWndHu5Spba54hKPkA/VBc0kOhEhnhJ8I2XhIyGgtITS/07zKVUPY8pIszS3m2ZoBQqQnwmllMdq91qm1IK1KhOZJQj48Kh7h2/R2qvbWDBAiPRHGU3MGQ0hjV60gbFAm9mGtP66GcIlsDMeHe7W3ZoAQlTY0Rkr5jpkYIZ3T6XG7XSsI+5KT2vablWIRvmpPXT8+IJpbM0CIrmlo1Mk3cCtXeKk6in2JYoR0tCgfHvWSZSBEQHgNZ+FVZxrh/KNil6M1cBYQEFbPWQBCBIRAiIAQCIEQASEQIiAEQiBEQAiECAiBEAgREAIhAsJkrsAWxzllvp4RWlfDHMeJ43YgRDePkHc6ZYHnBdkrSvWK0C5zoVlBEozBLRcQoptG6OKMmZ8HZpW3pPpEaA2LUuYkzHplIER6Ioz3XZoHOYFl3QFRDCU/qiisOYQvLyG0h0MsK8miKBqtrOR1ACHSD+GDeO5MaN8ystag08Hzq96QlZXFihx+VrdmUukI+3O/r9sRZFkjp6zJx51OnuU5CQiRbgifxHP/qeu4yLJBObUbYQ+GWKuXr8Dh9+Jvd7T6x19KfoQbtpYc4spiwO1Ny3N4JVYOACHSDeErS+77rgTdrNuZ2RG0ewVWlitv+OUz+Nf/lvwI343kvLujK3juyScQYiXODoRIL4TTwx9yfoWzssHT/cDVECtsVdzwy2vwTukIF6dyfvBNYIx1n/48Qkk5I04eCJFeCB+NelpytmVYlssOuQZBVC6IKm345TdYBkLL8ODFXxDd7NjZZoyyNhXHgRDphZCymbovIzw7Es8fVcbwy2fwn3fKQfh2/kkOQoXdRYQOIES6IYzFM2+iEpurCoQNeQy+ThosA6F5ZtucvtVtBkJ04whbRkzpdxf9cX63GhC++LcWwV/SBstASI18fJ6+8TC9RQOE6CYRUs/7pp4kX6sebp9faaGkcU4QOD7beDB5ZK2Y4degbTAzD5aFcH00vpB6vX6gY+o+ZefDRiEon54ELnUEhEg3hFRs1BT/kXm/RNpn3r/gnCrlfNfMLQ6/wvNgWQipweXh+BTzfruTDCz3hFXPwSoQIt0QUgt9HlPc00hIpyXgYFUKOSpj+DUUY7AshNTaTxaTxeRpJ6T3V6faObi7BYRIP4QUNR3rH1ok7fO7YkUjtP/uj1pZv79zJYTJc7A7NNRJmkdfqCIUOCBEeiKk0teEu1RlI/z+F81e/+uqCFMNNPat8UCIbglhane0shH+/o72rsz1IFy0mSkgRLeFMPU6YS0gfP3DD2U/wiYzBYTo1hCm+j97Z/fTxpXGYWvwDJo4RkpSV4FkajLEmpaYxKmpSrTBDrh1u8EOpbLJh5xdQ6xVcCK2rkDshT8ktsrCkjW5CJIbaVfilr3nev+0PWfG4A/s8diesWfs3yP1EKAgz3Aev+95zzlzrCRhsVhpqyQ8ESZPu3qFkBBAQhUJN0/k1WlO2btT2qaPaiU8SWd4HhICSNg3CWUHISHoLf5lSZLoY8GkSNA/7BKeKJ9CQtA7RPpowioOBlzCXCFOiIZJU9zYdzqdfOjE6Tw+kzBcVhISgh4xGwxw9Qy6hMvRaPR0WyBtMRXN5XJ8OkVbRcIzByEh6FUUVIJgYC8kil67VxSFbKxrCZeDy3UEg8Fta0xRnDvYpYT/vnAPyE0IQUJwIQxmqYGxiL/2/bpbCSt7B6qQLCFhxcEuJfxvo3uwDAlBfTmGhsGY4K3PmoZXwvB2ZXW3ARIKkBDUdRTqYNZ7cejSZdeIZEWHI3iO0v+SdU9Y6aOEx8fUsWO5LlqIy+2CImGuysEuJTyg1113D67M5SEhqCZIw2CyUf2gy67hv1jqobMfs2aR0PO+MjkRlSXcUCRM+sc3ygjj4929wkijexAQISGoVoU66LAbIKEmzCjheNpZxUDfBWCKmgzJRfN+OySslnCzeoQICYHBHJI42MTBQZcwmgqHw5mQh7R8MLW5ucmLHtpCQtBT5kgymrQbKuH0Dfalm3x4xs6bS0JnYX9/P7NPW/6EUm6phJ7J8yipyyucZh4/noeEoEkyumQ3VsLEI5b9I+mGj8wmYQ0ul+v83/pL+GSCJVzagYSgUSAM2A2WcPoay078iX4ws4TV6C7hCyIg85xlf4GEoB4vSUZDvZCQ/YctYSkJc+EFQvSYNDq8wu/ZSyQhZ7795zQkBHUsc1ze3gsJSSr6menSUbXqaDS4sbGRWQ6RVodX+AvNx1GYAY04VA2E+kn48iZ749Y1K0no4pUxokuPdNR9iV2HhKBpNurthYRfvmPZOz+bVkKXwfOEI6/YFfrxKiQEDbLRrL0XEv468jOtDppMwlz4iBA9Jg2/MRmPx/mQk7b6zxO+YunpqW/Y7zEmBHVI6tmojhLarptQwmgwnU5nQiHS8kI6Go3ywSht5cKM/NCLaEYfCS+z7Efb6g323n1ICGoh2ai/RxLafjefhKrVUV0lHHnJss3ehSDhUCOqThLqOVlPJPzi0RBLaHP/SBR89gFjQlDHNsft9UDC6WfsY9rPTCdhRj6mV2kn5cLMZGWKQnn8Ex0p6nQXbt1S+S4kHFYOVZaNDvsuiqj8+KdxOlLEAm5gGLMtJijsdh/jHlYJsYsC9GhImFd10P6BWYSEkBAYxkiE4yLqEn5i7hr9KhaZrb5JGPVMTk5mhAJp+ZCHbmhKytua6goz/2F2ISEwhkCrIaF9ipkx+kWUmLG+SRhOeTyeTI62/D6l3F6Q0PB8IMH40B+HEbpmTd1B+9eM0UHA7etBmGkmYYspCldZQsn494lVZh0dchgJcpzUQkL7DOMz1JHEVv96n7qEqcmjo6Ni2kna/zErRr+WeePzfmBGsmp76s/4gWFmVtsvkSY0RcHFMR+z5e6fhFUpZ/k8pvFzCTfoYrZicpwuafuX0Vn5Q8bnRoccRg44ztFSQhILNfCpNly6x5jrjDbW+9f51CWsRvrIrCeMeyEJco9X0R+HET/Hxewa8F7/4Gvp0sOaAc4Kw6xoMXC+lOjjDdAuYTj7jlzRekmd6/UZZWL9dak1M1vkTiAZHU5abWNqSIDjxIu/qqa4klhnGJ8V3tjVJUzJ84Yp+avhwpH0TsObSs1bka3kY37Qlg7MJNAdh3ZImPW2ZaBXXIpx3PaF37RbXV9/SMLmmCUGOOP8xgZdmvZU3sR0RaCjv7cbtK1ImC5LSJeYHhwSIs1D2kpNTrlIAtzKmIZIuLqIvji0yOdE7Dm0GhiK5MtHSVz4TaVK3WKXdL0t0/cq7xpF4Ok5vfGi3PJ0e+9RuW0oYTkzbV5mYqrW+JFRMeN7iE4G1AnGZKfyIU3hUDo/ysRx4Ted19flrlcy/ZWvFegJE/vR84eNVj1xtC4dbUPCu1VLf1ZJOrCOHBO05Ox87PqjQRuhHC2UjwS9DUNA4rwgM2/+rvdWHgny8ZTqPGFIPj5blI/P1iThDHP29pOYJ5koyp1AGw5FrlirpDREzy8UZxv/klVlLtsiBZmRnxQH+VN1CY8p5VaThCtni9tKlhkVA5OEwzkaDmPqKWmSZK75pr9iTF7VZZWCzJmDNBIq+yeUlFPeP1FsMkWhQcLd8hJsWpDZ2kXHAu0NDmmi6WgRB2OzTX9+i1m1SEGGcOXMQRoJzyR0NZDQKY8JnZrHhA/l9XcoyIDOLYw130+xRL/tb/rTCTIktEZBpjoONo+Ers4KM+t0lhAFGdCxhbRQutc4JXXk1R203WVWrFGQIYyG4+eE03zUWSwW+XSGtuPxTCZTDJEm05GEPmYXBRnQBX5qYazBZIVfrtzkZ1V+li4u9Vmj633teFphVOBDQUEQ+Csh2oppumBbbjuRcJFZQUEGdFefkZTJitqhYXJPLp5uq/6odbreyFq8utqS5hscUKhMHNIpCuX83gJtNUhYosvPUJABXSEqc/GxvZAoeu1+URSy5dl8v+rP7VqjICOjLmHtFEVhs1Ao8Jtyq0HCLRRkQJd4twNcM6SgWjZ6t2SZiySRMCcv1s4ttJawvI5GjoytJXSjIAO6jIKHZd9ijTU8iHgH4jrX4sqOCaEsoVIdTekwT7iKggzoBoeyLjSWFciIkGShEq2HStJeyGH3Js+Wbc/NWv9CRxpLqMdk/S4KMqCLkoyyci0rNt3AJMiZ6oE4IJHQZYSEAHSOP6BhCXdSjpWRAYiET+XHG17JkRYSAnMQPKCpZ+tdFHT1KHdo9ZR0Lf6ewsstkbB6p8QoPZmwOHp+PiEkBD1yUH3BWnVSmqUpqbXrMzXzhC4iId1W6Cy38Xg8E+fJf5k4JAS9dTCv9REXIevHQtV5wuqdvZAQ9AhHOw6WLbR4JKTPuOd5z6SWeUJICAzHe9CWg4qF29aOhLUSojAD+ozEcYH2HrcmEAsdAxEJXZAQmAC6WFRs87GjkrUT0haR0AUJQU+ZPWh5OuFF6JanZUtHwlAqlTpJCaQt1EooHC0sLBTHSbMACUFvmGs7GS0npAdWjoT8KSVOm810zX7C0XHSFt8K9N+QEPSEAMcJbTto98YaPgffMpGwakKCpKNFSrlFdRT0YUQYaz8Qyg8gzQ7MmBBTFKCfZDsYEcqjQo7jrLpuRq6OuiAhMAnEJX8nEtICqWVLM4iEwEQ4OC7QkYP0AYhW3U6BFTPATMxx3F5nEooWniokEgoej+cklSZtARKCfg8Jhc4ktJNE1qLLuGl19Pj4/fvjU9Ieb0JC0Fe0nVffkLx1l66187Q1SAiMr8t06CCtzFh0pvDCfkJICKwpYYTj5hAJAegSP8fFOpVwybISIhICE+HgOGn4JEQkBIMjoUUXrukRCQV0HqCbhAFvhxLuWXe2vvtImPOi8wCdiJFQ2JmFdHd9cFgjIRwE+iE/63CpfQ1F+hhgyapX3W0khINAbwu52F6yHQ9HI4GWR4YOciSEg0DnYWH5LDQpEtLwpBl/cql8XGHMwkfDdBcJU3AQ6M1y5UjCmJRdWhJEQtViNi/9PLm0tCflK/+jlQ9J6y4SRv+CLgP0x7+d59oglg1a+3q7iYRwEBjFrDgnBTT4J20v+61+rd1EQjgIjA6JjuDcXFaSpHyteYTtuWWHY3YwLrPzSAgHAdAnEjoXKuxHF5oS8tR8uh+EgwDowh/8byused82xVv7vTU4CAAAA8z0NZZlv/1mBHcCgH5JeHNrauoyexl3AoB+SfjVF6S9fce2/oh9tWj7/N7tidKPLPvrfdsH8oUXts//dof9+5PBu+6dafztgWkkXL3qnpn4+IJ9/vr2DfcUe/v55e+mttg3U+zz0l+/ol+4fvve/cG66JHHJAf/bQd/fWCeMSF76daDm4u3xtjS1MSi7cEEs3PX/c29EdvOxDz9wtS1AZPwt+/e7JSe3buKPz8wx5hw5cmnKZvtAXWRnR+7OW1z/5llX77+8g755qP5/7N3Pj9pdF0cH8tcFtKQN0osAQopGLCIWqpETCwY1PgDorEhPmjwR2VRE0M0UtNWCYu2tqYurKbxUZt3ZYyLxnThpkk375/2njvDUJAZFBhwRs83rS04XODmfOZ7zr137uif2hj9HYPQQYzws2XBLaTcXQtkdaKROJtaGr+Sxhbms4nEToRMfDjFMMZVG4YKqrY1IcP4XjY12UZCerOX6Vx2rzS3+1opoS/oE3cNwhWLQaAxm3InO2Lk82didJC1zuTTE/J9+au5KZuJ98FpyLmAkYKqIYQh7t8J8t0wTqYpb+uWeffH9hMy4h4dekufuGsQ+oQaNy/lbltlNB9XHCYrPDEywsQfmr3ZTHyeHLktExgpqJpDyIwR0vuMocZnnYMiMcSkCDGdcE/Qv3dJRtMH+Kk5iQspN+Tg9L+rK/R04x6YaofMvMsrZOKJ8aWnmI2i6iHDk9yMfTzO8XlXhw+XyQP4eUKO8lJuH0A4t6KHRNVtGR3qsBnNXiETn4olRjE8UChZddz7PfTGlNDkpdw8hA6SMoxaxp+6Q42WuJCJxwfIEfYZCiWrbO3ZecK/KTefjjpMZmIytlgIcfb25zLx9kaczECh5FaTlV8xcyXl1r/0coPF1vwaUDPXhx2GQtVJxoFiz5sgQx+wZ1CoOikuMhVhfd2JHYNCoVAoFAqFQqFQKBSKeXjv1TfTh51QIKSiziKN913mZnMjKk8Eqag3hPe+B0L6eQwDDAns8dtUh28JwwBDAnscnRBDAnv8HsvoO8EwwJDAHr9dJ5zGMMCQwB6/Tel9LzAMMCSwx29TT9AJMSSwx29XDt83DAMMCezx25QVnRBDAnv8dnXke4NhgCGBPX6b+qCfxTDAkMAev021+EYwDDAkFNbjX7h7SJDmpOTQ/ReyWrh3r61PvRuKvkUnRAgV1+OtRNAziRcliLlg96I3FlNItT3Q75vCMEAIFdbja4TMjI2luggxS2zV/n58TFMIpSmuYifEXZcQQuVBOESRMgwQ6m8drbFYktsueuldLPZ5KvklzqSc6xomvh6LxVofAI0zYJqJdWeybzTWqHcmk5CaxteSxyq528Sy7xmGAUKoOAhNdLvaJUIsceZhLjF9kM1RgcwE6Wpyx/iH4wzzjv5rHuAeGj8RMsIwK4Q40QkRQlTl6ejHxkYToRxZLaQ3NUZxjANkw28+chCukS6vkZD22RETBTUFh34ZbyakN2G2TRDyiWGGCXfXTDWoE50QIVQihLyGbdT+xrl77r4A6NY0jHUgD8LYesdUpy2bwNKbZHcwBsZmJkMfgFizWm79FdcvYxgghMqD0ElBXGM4/KDyo3e9dhCyzueqPITTJg7UBC0XW+FJgJC/yYmPkJUTQlJq6YFZ3wM5m7P7N1wul3+yW5bWuif90NqG344Q3sOBGVoLpoT7zoNmAMKZfAiZ5WG+RJzmnwQI+cnDWbDQY2JSTaElpxPq0rtaQYGNnipb69kI5FrbTesQwvs1MBPiqrreIwohoHg00hIHCFebmHmLAKHV+KDzxbqZG4bJpqP8LaM1Cc4hNWrpgWnfe5la8ri0Bdr1V4Nhj3+3sDmXByG8ZxDGocbrauonZGhiFvLRJVrzJcYsuYGZUUhaDTYnJKo0He0d+yxAyDyjEKpnAtyt75enoSBvgJGw3b4YTke5B5Unpd2cC0Z3wot2ezjCW2IQIbwvELZyEDJQ15HXzDGfjSa8PFskB+F09iEdgDnmpyi6+GU0dBzVop5bf4Xa5NntNkIx2dGxghYpOLuVFnN2aoOBxVxruh3afAQhvCcQfiFD3CK0USLMPxAnXRq69I6YniUphNza0SMu7fxEpxSXwSDnYrkFpevqmSSUzwkpg5luNl+D1A0rK+V01AUHC1rTZepEIUKoAAivBunsPF1A414dHn3LaLpIY27uIT4/LaxWmw/9nZHwrkL2qp4ekMcJJ6kNslekAzPcrSQj7QYfDOiutOahZjiJEN5HCAUWIcmcm+kipLX0kMvs2ktCntrU0wMGfUv1jejEGARuwAv3KmhuDxj0FDe3U7GzIoR3AkJmjK8Be/WlDzOqa1iGYaxtr6tvBCzPxYpIF63EvPyQi+rEmstUxjRCeFcgZPrXW5Nf2667Zml2IXmsqn3l5XDCIFDjEaOGfQwJabkTFT2QjD4WbY06axAhvMcQ1l+eoD/tAqX9wdrNkb2VwQnBCMOsuALlWyHUlwGJ1sLwK8WHxOXZ5sUB6GLz/BIJUzWEukggf6o6EKlRNWSr3gm7JY2QZQfLzyChIhyUaI1aoUfRIfH78PQ/eTo9/I2QqRXCYEBbpEBNMrF421i1TYB1pVkpbOCDl5eP0ldIIc2maz9AWk1InBUQmOXwDDFTI4RBfsXWv67I5KLd/s9gOP2zZhg26Y+qbcIlbV0sC78sb8Y+WAJpaqwuxYbEIx7B/YPtrXPQ1vbBPo/hIwRNbRDyazCjEXvBOGM4UJsFlO7qnRDyR50kNlDG+ctqzS9dYLKsvfbjo5WGRMMhR+DFWUOezi44Dg8bEDVVQcit2Pr5+HlRAE7+t5qFYFLyVu+E8LHYOkHIwnspMyR+Uxvc3/7VcEW/timGf7A0VBOE3DrojedSAS37GL2hra+mEC6Wm0DS/FV9EP6mqF0UIchheEHxRArVAyFd/xWQDEJ7QHYKNXpHTSF8XO6Kz7TULKGSIXxEOdtqkNAWJRQLQ7VASH3Q9Uo6Bl+55KbQ1paSAUJPndJRjzIhpD64/yMH3eX5+ebm+fll7okf++iFqoGQrsGUHhoUBullXUApgxOWTCDLnlQoNeFRfnJbl5Bo4BgTCNy8EGYnLrYEDjlKcXRGDRDSBVsu9hq5KlgJVgrCtrZqm4iU8q5ouecMnfSCGZaFt9pQXkgc/PXBy+39/EnC/e3Lv154gLypAEJwjcCr6yDs/glWIeObVu2EGnsJbOB30TLbi5Yw1kC5s471CIkzoO08yxo/VfjnYHv74A8/SZilkx6E0/bKhxACVvsPe60W5U1I23xVNwHYLEpno+VeiRsRvSxK+OpRxYUETUa380ZgTs+yS0YvuQU0wnjNISakaoAQTvMb7A0UkXUZs8NR9aZUG5JWSM8r5a4voIMvdkkj9CsuJDaBO35uYosyV2B3Z5RKnsJfQOQmEqdwCINa7c/nN4Hw1b9yjpCmfFXfNfcqg7oAACAASURBVIOuqxatCj2ZSrakgKo345EYaY16lBYS1Ah5zH7QRPTKhROXNCn9ISCKVqh0CPfgNM/eSGE5F285HNXfusavFU9I0xVRQ5neEV84WnsjLDskoNg75cdkgMY/RZQ1AIX7/OjMKVaFSocQsrD/eW4G4SutjFf09PkM1TeSKdqYSdiPQtSy7Rv8HqWuDbtETiBCIWUwo7yQAMg2SxV91CkPuQM2cYBU6RD6pccjxBxGNkuQwwmZHrqU50pG2i2xP1rhtr5iWwRr6N5tru7iNXuBHsWFRAOkm1xF+FtqVQxdTfNbOALzUUVDuCc9xFjTK3pkcUJ+s95M3hfwhKPiDAZ3b3CdJKUwGs5LDBYz3J6KygsJyEYPBCOU8LkDwQrhP+fInIIh7Cm5+OvqXKGMq7eOHE2yfP4MvwEAN67ZPbjDbcHtF8cLDluk39WzyG8fEBGvMrXRnUGuS+z8YZkeBYbEtjA/cSpJ2LlQNdJjy/w0cRv9gxDWRzoIMvbGCsg3VTjmk+de37rdor0A9ooK1549imB+9ThI+dorwsuTLmpt167EkDjITtT/gIpQ6pj97ADp2XVFoe1lorA2cJJm+GM0dwwUnykdZrE6wjhw7TlVz7/w9ZMbfL2Cg8RfcYN3VAuEwTJKQq4olGuS4sghx5nWvqcVU/pKAknHY3Y8xZv6XkmuPRHR1gJB5UEoALYJOafEIZrD7CQGgHpasrEJQgqu7jRYpj5YptzG5tA3keBvFoPQ+u3aj9zCvdDQa73+2xUcJPGKG7yjWiD033CmPjdfL9fIjBxOmPWtaDq8w2+O4wqHs/doKrhD2oZW7Dqlx9orK0Indwsbyezk2u1WGoR0sCWbakpOxW8KKSscXLKx5LozeweFbwMkMes2k95m0rukb25Z8La8aycfJxhmCX7Dbbypb/Za50b5x8MpgHKVnk37F5pGCVnn+Gxp9TJHrdnH2de9N5lauVsXfSKWEPcu3Pu9+T975/fTNpbFcW8z5gFXFiIoayUpEQnCjQk/ssECpKZBKRLQRKCiCAECysIDkaoVoy0oKxWh1XbUVsNDqxVasVQ87cM8zJ8wL/On7b33HP+M7ZiJE2LAapvc63vPDdTf3J+fcxL8aDk2NRq/wnKf4vzmNSukN0gTkE2szG4dNuBFMj4bZodZhHP+RVgJToSxTNsLM4ULWzQYXExhEjINNYU+5039iuUg3gyrdm7f8SjANLPUoyKkvZ2HCP/jR4QjfGxikcUSyvBbV8fZVHF2enp2uixGJ6L5DD8qEfls81v1URYHWlpXErspSL/Pprixt9A/Ti9mTvh3Wl+ppbGexK+sLjARHixOS9AKlS55tz5KmtjKQLlV/rL+c2KQFKrrDZLENWRL/PzEQrwML9/0z4bZoRbhM/8ifBacCI/UdkNIMWcAXwpOHrjpao0RjuKrG6V0Zjp9ANNGp3NrMEgt9aYI/+2B7f5ZW0FtIcJP2dTOAgsNok5FuEa8OJQdJn9In0fklCFPdyaan0+WR0Q2aM3Ep4iAIF3kr5TkKvSP8/EnDRbGnfaVehrrUcPv2JyQGMZWaHskq35Jm8By9SVu52kiTwoZDZIEZj8/JkPneBleivpnw+xHEXa/J6RLtbW0+wfVd/fcHXUXDNfaTIMVl3ViJurSfRVhZJfGUDimyxzPx2n4k6KSLZM/IEKRKI6oCoJHF1lvyScbGEy6ePj6IIvCG3rL87t1Q4SQxnLqMkflQm4Sw9gKbe8zK59UNHupcfLvVJ4UMhokCcweo1biZXgp6p8Ns0MtwsqdDEc/qSNt1c9duIWO0M+5yHpHWGl5EI/2du4OFOlh1IvCPRXhFX8Si73hJdozjZJnPmkVYYIqKq+uDw6mluiDLmb3Em85TL/ZPFyGpc9ova68i45r65YSprGceqyt6CikJ4RWaHvrEW57bII0geXmFydSUiJPC+kNkgRm04pSvAwvReOzQXaoRVi9k4WZFxmlrfpnnhoEFbLOy2snVPcRnPbUICn4stNs/d2JcJnO1SIf6dLMNb+kLC82dBGSOSF0a3kyWRt6zW9QiSUi13wR0zsLuK4qRf+e3FM+joOq35TXpyCN5a75k8Y/2JywkZx+B63QWuTd5ymqTiynZpVyf3KHFLrWGySJ15Cd4T/FNuNlePmmfzbMDq8I0z6gegteH9Q+4VO13E51oa/VSZ8qugIoef2E56jUl638e1CVpu+lCJUoiwqywpZm3vN8/JrTRJggvQ/rbcjfFZ6fnWZ9HkmMZVOYHu+H3ToxUSaj2n72fxoZ4/mPU5jGciobT9Kbo/wStMJaJWPbGNtAhHKxJM+Pzb6ghfQGSWIFsrklfvYwOwQvps+G2aEVIeknav5FWLutc/mO9YRyS684OQwKc+o14MbxdckjrEVHaMqeWpixSNJ1pX9oJNKcjuyaPFfu7Fjfwb9YzzCsmBNDIzb7wymtkNGggtnTyxFuOprHF71dezp0IqR9gOBXg0KAD+KlutfOjJB0TAV/5JWnP6g0jDK/tp4Z03Wgwv0X4e2uVX7xX118Vrf5j6RX1F7s2SEWYfUWKzOVAMO31zPtbNaftuwIYcJX8CVCP5KmgNTpowit1/DRZFcf1r1PR1fGiz07vCIkj+GNXxHeBDgveqJutFHbF/sBbg99iHDNh6Spo5mvjyK8R1cvkfU13yxToP6O2usJfbEf4IXbhwh9jQY67AD4No/En75TlxY0BNMvvw0MfPjucn0YGPiNFaKuLr63gRQONnD+fq/gil4S4Zzv9VE5SDcPT9TtttZGX7b+vBBLSfb6kgGvvl8941CYVlKFXngkfnGIRujn+p8L8uSMRZguum/OtuEZXJFN5B0ABi8jouWe6F7yaOShinCm5r1FZt55qwWH1k220xMK/r44WN/luRMKG5+eUS06sT/TziPxYeAPX86nTKUWC4v/jS+VYz/F6whXHETzDgCDlxFpPeKrpC/A4n6KkD6lv/rgenO/BurvaFptY06/5g/AYiJMexGT52yW60+EnQ3X6/eRoH6dBv75By7qF9ExmL0Zi+CAixjSiQgyb+AnOLoX8RnhiqNo/oUOMDiyFXYj4uIY31/XQAxSEiiKJgbCClggOMFxsf6f+f4YVmfEBRi2WuE4LYOWCJ0IZ2q+Hukvwfpamcw02vreqPgVIT0xI3hswXN+RVjpqNM1v4+Ezsvf+nJj8M1YRGqecREGEUG+LeFw6HxiEOCKYjQvaQDDpCNbYTeS4X+8Gs1qN8WoCBRFEwNhASyQp4Dqk3/Tqkv86NZTZjhjscLpCAhlMhqhE6Er6uPB/bR/vVHrbYnwPOdnW5NKrOq+9omOuvv87JXm5J4QoQ4J3vpyQw/NWMTVHuMiDCKC41bYE87Nr+cBrhDZcTEAGJzZCruRTHyYG+Yn8aYYRYqiiYGwABYITmD1RvwKqk9T4oIZtlrhdATE91HuHovKRKHXNe9HcK0v4G2ySbGNnjDHvFV4y1DQ0HnB1bV2GjfgZTcmyiRB5g8jdy9FaMYiOMZFpHQiguOuk+xAmJoYhNNsIEIAGFzYCpsRuhSjLCzhTSJCoCiaGAgLYIHgBIx0jeorSYUDw88tVjgdAaFMRhhFyJ7CZy1W+wM+wLykvmijdgkZ+LSzdNKvAImvsTMuNOBNzuVgG4txU6iBG6hXzloV9hG17yTNdHcitGARHOMiJnUigs4JL6lASNIiQgYwuLAVNiMikXEjPoE3SS2gKJoYCAtggeAEVleSElQvkiwwbLXC6QiImMiHU4TMZ5mHm4vT4J2ObYvtHHiKpGu6BxhZPqvoV1WWZd05jAw9F3Wt7TB6pXwSOurOmerIsmGtQlIvtTu1njjAHbwILVgEx7gIICBSr2P0/hY/X5Y2F8uGCCUNYDhwZivMRmCyNjSeHMKbYrQIFEUTA2EBLJCnYNXfDy1r1U9IJTB8bbHC6QiIGA2pCEGFssvESJA74PjvRL1q7xOXzvu8r6o+haXDziYVUg0aB4CEagtr56XOej68w57QgkUwLmKYERBKEtZm3pNh4GGd00TI6AUEGFzYCpMRpqJNPi5poAQpCRRFEwNhASyQp2BzwoRRnVZAw1YrHGfKCKcIuRn2EJ46hCn86yl7ooN+BLfFtjeFZkqncs1ZMWdzgn30WrNu2e/X7ONLYe7MWdc1+bTUcd+jdydCfZuOUQvIReyYd3H1EzNulVoaGbYWNrMaZgbCAlggT8GJ63lbdTTcRHwojU78xru8XdjX93vV1hsK1d/7OhIQ5UTNBGMoJwilOeMSBGHGZQ4pG1O+tOwyx5sRhLTJWkkQCt359d+9CNkVCBdxKyMtGYi2HYyGSIRcASZGN9U1jJT2l7XqjXluFei1IXb1jBLMIWtfKvvp/Qo4UKule+m33yMiDISLuJ2RVgzEzir3YEQ4U5JNbqdvbkyerb+uBa/Coip284eba3bUfXGaexThA756T4RC9cJzXeIs6OX5DbHcRQm6rd3MPIrwUYQ9cmn+38+r+wVtU4ztw5FkFVcr5GBPLxdVqWtfMC8xzEshXfkiy/KXSjqHG4kX6UcR3vJqmqIdjbjM2pQo3V4/3HOq7raGKTowGma4okX18IoQx2rmIyi5dNqUeAWyrAY5fNvrWk9YcvSs/cMP8FPNPYrwlhO+b9b00OywS1gIJXkwWZd2j/MO1WMuu3lSM6NhgStaVA+tCAssqMqZJ1EHzuAvAuwMr9WJ7mmw5nwcaN8lluEDEyHwCnYcgdEISDiYS7x4m1+Z3ezvV424EatvkWkw2aAizNItg5XEIOATEQY/kOoYmMKcS4uzuBQiYzSQmABrFK4gt+3VDYLjHoiQxRY7b3mAGYKvBMfydKsnZBv1BQ+nvn2lBy5C5BXsOALlFYpAOFhKTETz9ZODZf7SiBvBQlZgHbQBPeGSJD1J/oj4BFAVpKuDwBST5lxOi0sB53F0YoJaIw0wV2vW6qboGOEXoUdH0dF+46A7PSF11O0BXDAVFh62CJFXsOMIKySNhIOlBINyhxfGOSNuBD0BqtfJ6CNFmBOO7SA+AfADln2XsORyWlwKOJlqEBPEGmlAaTQUW3VTdIzQi7Dk1VE4PbFBoRTl7vSEssvhbfPPJD9sESKvYMcRKK+AhIOlBBVhav14kDPiRpBqWEe3AcPRDa7Iv9bjTDD4gaqIBaaw5HJ6XAoQIRATYI00sMvzUcVa3RQdI+wiLPT5IvPMQ9KARm+r6kE3xtp9rdzHCJ12rd3zIkRewY4jrNAIEUA4WEpQEf5ET1YbcSOQhYA6ZhGWqYOaA8QnAH6gZVlgCksup8elYCI0iAkmwuHtTKZuq26KjhFyERYubqNBwOsDemTL4l4XfsCz1k4Dqp11Zdj7IkRewY4jHJD3SDhYShCZqPzlRqxuxI0gWUYdUgrxCybC/McEhpUA+EGiZWlgigNzLmeKSyFpkS9OwBppgA5XbdWxzCQ0FWYRthqsOXo7CsbJxYR63YUZoQ+vvoXOwrq9L0LkFew4AnsPhIOlBOn8RulAMJHR40bMkxt6HfIX8QsmQiLkFcAnAH6gRSAwhTmXFtfiUuiRL9AahSvo5sT/2bv237atKyxEZqpEGe1amif4pUYMLFuxEwuy/LaVSt7c2J5TZ0aQh5zUCey4GFI3D88YqmWzs2QZ8kMTIAi07AdjKIoBQ5oFS4Mh2a/9w8b74L28kiiRFEmR9j0I1JK8pMzL8+lc3nu+75ScjtooTA/vgjBzWJfWX2lJP0uW1hyJhOf0qLLZK+DkgSUKwlcgptARCMOhO1rlvARzTiXD/AfCqkBtS/eGj5ed4VN9QenpZQwOT4Jw6ImhumiUY29F4Ig4EQkLekqgdmF+/cEFoaaZrPLgDXMHCBd0SehWGJBasU6RFS/Yf4e6qt0Eba635GEQmqzywEFoKBDmjIMwdtiS+mhiesr+W9SnZWivvr2nQbifzRUgzJgKhE1N05a8Qx13IBLqU8sHNxTkIHSz2VIAwxUgjBsqV8/I4VswfJPS95wAYVzfAPsAg9B/eiUK9F2Oajh6JcIC2scc0aojIe+vSnnQw5vvEUKtOv4qD4KwX1dlI+26f3Vat3iZg9AVkbAoXAJr6lrvfmwlCbwPrieqqQxadSTA/kpXoH7wtOYthzuXEpX/As+DMGOoWn2J09Y/Hi2mZ22/xdRhnbOjLkgfbeBwNC2IG8JdUsvhRNJXPAHLy0Pegth5Uri4yB4UQ0lMZVBaQaoDZV8QhgPYj6/AsCZIA1rXAhgpQIGbge17HcLIdXoCKk0BEgdwY8i+MMGpcAMIF0yORi0q2LvrQCSEosbTXdWW61Nd04ddkT3aQBD6Tz94sJlUajmAGIPizCCu+XBCvHVeZA6KoQFEZSCtANWBsi8kwnBA+8EVGNYEpUCQuhbgWrQABWqGtp+ODGbpCag0BUqrAY0R+8IEp8INIPxWd3HQynX/6rQ2ByIhklOVcViYz8VK1ypisdx8ASkm3h860CD0bbTPXCW1HGj6GuItSCNZX7FzjjmI6kn8toO2Cvd1q9gXlOEA9qMrpNWsCdqA1LUA16IFKFAztJ2Qr6GuegFKUxwKJXFjxL4wwalwAwjNvhKiOf263XZbdKLc+dAoK0wah8buWx51g9KMARC+eAjshT57SOyF9uzoic98tJYDASGmPfRFZce/xByUQYioDKQVSFGj7AvKcAD70RXm1KwJ2oDUtYDXIgUoUDO0nZevwZwgf8tYKIkbI/aFCU6FC0AYNLlAYdWc/kZ6yZH7HMoUlqsIWC0XMu4QezICwm/M2N9/0AbhDQBCXMsBTFei4SjmLciRRmq/wxyUQbjpY1qBaKViXxCGA9iPr6BmTaiKWIRU/A1agAI1Q9sAhKoTYGmK56EkbozYF3PGORXuAGHcLAitmE50JhLiCZrMqKqmBK1hMZpxBZ/XMAh/YcpqgRDXcigKS9nzMBoh3gKAh9Q+yBwE9SQglYG0AlQHyqRYJDUqwH50hVk1a4I2IHUtIImKFKBAzdB2VgYhPQGVpgBcJtQYsS9oVQwOQiORcND5m04FkbkHe2ZA+IPlIPwagBDXcvD3CMIDCC/KW5Dad5mD8r60MnBErSDVgbIvSI0KsB9fgWFNqItYUP4GLUCBmqFtCbAxyAmoNIXcXmkM2Rf0uJdAeK4+ENZN7c07GAm9YA2NhNgwO4GWkFBXpCg9SFkTuDIEs48yHOgSH8Oa0KBAULoGaka3lRNIaQpyELEvDHMqXADCUdMrFJAHWzed6XL6EEeeWyKhl8yy0hTuAOFjsyB8bAEI8+KGPTdWpYQQj4T7AISWlaZwAQhBNknOHAZzVqSYXLApEoK56pUN/T+kN4/bVvaHR8J98bNnp4FskkLKOARTBUtSTBL2RMK/tc9m2/7crn3tklxFkNuoI33RPS7xfUvLd+ZA+L+Wln9y6LkLhCibpJAztGLfnytYlGJytfe5DTe1IQA1U//KX3wqAWlGYXryWql+dHbyWhJnRjIC0u50ibfPWlqe/cmEgfPe6vqKChwJbBLZd/O4FeUgDjwIcXFeVPZFVwiMKaVirChmlBAnbbinwT44YTYG5aKxgPQsozAdCU2W6EdHIyGcGSkxAtIudYmHLabtG33fgNgR2uwJNICoyo3gINRtQVqRMF6Yn4/FKqo+ybvn5wu0acGSVbZs7zEb7ugsgtDYeZiQiASkBxiFabAqzOpH+1Am5Hb7lMQISLvUJf79/XfmIPhMazDKjBQIO0Kc6RGObvgYroLced0rYE1RHkBMIW4Epi+0nb4mbC4eFXrA6zXmWiC+AwdhLesfrVCmfTqObbpCNfhRi+QBw7ZEwpedYfCfdEerSASkLzAK00AWk9WPBiDEmZGMgLR7XeKtmVdCzaEoW2mCsCMk4eviib4ow1WInE90rGByRARyI5SSEJJwa+Ci8OiREMEBE7IjAN8hykGoY1Qa24of1mPL8a2YdXmW2d5HtrwTgjfNROgkfKVBAtJzjMK0/K9EPxqAEGVGioyA9EFxCabSBGVHALZCt3CK4SpI7acRqOQBBOJGKIUm8MDD/wDIgOI8NMR3KHIQ6o2IwXOjW/H4/Urgux+Pb42eC1qc5xwWbRmoXBLGspGLM1noCEhA+g6jMB0JzZXoR8vvhFMoM5ImMR4kl2AqTVB2BPhFSpyZZbgKkiB0wqQYUIACciOymL4ABh6ARbGpAiHiO8xyEJp6VSRm45d099605bp3QXHYDTy5BwWkJUZhWuwo1Y8GuY0oM1IlQu1ul1ASEvJRCzSQmEoTlB0B2Arb7QMMV2Gg72rHNQTCbpQRmsX0BjjwkEG4AkCocC0g3yHCQehasykSMhkzioB0nfrRrnMJJSGhRwjJ/yIdAxWyDSTdPyZMpQnKjpCES+GTnWGGqzDQ4X8JSXvyACICuRFZTG8AZxMQYq4F4jvk59o4CF1q2732Kzt7SUDagEsoCQnhzqXdzqVEJJR9Wt5IvxISW4uCsCMk4aLQHvExXAXQpqcPirPBAhRS+y6mL4AjZDiKuRaI71BHtQgOQrvfREQH3tg9JCCt3yWUhIRbHcJISBi5LobaqFgS0TvCqwlw+5d3ZVBuao9bmZGCakzQrT4aZjUNy8gRjEEKhIrvwEFYEw/nb+j51dRSljRn+d6zPm5mXIIkJDwdGRwcGczCamU4z0AloARXE9D2XfmMnmuO35IrcnK9AsJFQY9CjpaypNlXN7HIkWfKJUhCQqKvG+UaRIhYkloPCawmoO0poZjodD4dL7/o4yDUa7fu9PT4FP1G9MmoTKKhDlSWtM4SvWMceaZcgiQkbPdlUa5BhIglUb0jtJqAt2/MXXfvojkHoWzHhbaBmV0fyolAn6wEJRrqvJwZtPI5JnkkNP1OiBMSEmoQojwDlR4SXE3A20sXoYoMN9eC8FFfNH/mmA/lROBPRmUSDXVAbomFFuaR0KxLKAkJBIQDRCxJJaAEVxPwdv6MwH/y3AxC/woYsWy2opwI/MmqTMKhTr4va+nXihL3A5MugRMSFBB2RKhYklpACawm4O2TR1t5F7sYhEXhXlvbkhBR9BvhJ6syCYc6eWsjYWvvXe4HZl2iioRH6YIB3Pav8GGHq0H4GZhs8z/owTkR8HOqRGUSgHC309J3Qh+PhI65xKIgv/Nzcy8IEyGYw3l2ZpfoN8qfpSqT8uimFShLWjgc7U1zP3DIJbpvcnlJl0/MqEYu9LNMgtKnTpLgkfCAuATv8f1tPBJyl+A93mCTJD/vBO4SvMcbaWNpPmvOXYL3eIMjYZJ3AncJ3uONjYRh3gncJXiPN9KKEh+OcpfgPd5QO5tO8E7gLsF7nEdC7hK8xw90JMzzTuAuwXu8kdYm8YkZ7hK8xxtqN9PbvBO4S/Ae55GQuwTv8QMdCTm9hrsE73EeCblL8B43Ysn1iZ1hYBNr6/uhD46ls17909fX0KPYmRiKchAeGBBGJ64E1Da85vnEy0nJm4v1Qzvj6icxvrPOQXgQQLg+HCi3HY8LST73YiRMToyXP4nxNQ7C/Q7CihD0Pgw9GAmTOxpPYnyIg3A/gzA5EdC2CQ8PSn+fvuCxv7hSFCTvB1EOwn0LwvUrgaq25tk+2BC9lba2Pl71QdQbDOsGYX9mtBCXrTAa6+cIs7LHazx52a5UnRdY/dghWzXcB4fSlz30xKLDtR5Enb+H9YEwtTCtrnA+vZDiILOqx9cCOmxHc0z60SdHHLPbHxmNhJKHIuHEuI4HMdEoEGYYBGIcZjjMLOnx9YAu05qda/r0iIP2qUEUDqY9I4a5Pq7vQaw1BIRBBMHl+HwuJltuPr6MYBjkQKu/x/U++0BguOKY9A9HHLW/GuuDU5KeBG4XjKeTNUeiH++9bv6p+dWHz8l7YdQxEA4tQAQ+/qJJZV88hjhcGOJQq7PHk1cC+q3SPOnPnAXhEaORcKNmGyfH059oRPK1mj+FsVfNwH5q3osp4PuvUyBMgTC4PN/fVGL98wCG3/JXw/p63D8RMGLj5cHwiKtBeEqsGQlXnR1Pr5qbkAkgDMr2/tXv0FnhPYdAmHoiQ61QBkEIw4J86AlHYV09vh4waGUTNO4G4VJ6slaTr5z9+7+qMCGjp+P3CAjfv3kHT/vxvTMgDIIwmGvSsBwIhvzFsJ4eHzYKwrKlKneD8LJYk8p029m//3bZ76C+FwICQhmFr/9ztbX1x9fNjoAQxMHlII19sVhXVyxG42JwmcfCunrccCAsz9twNwhn0221mjT2BpJ63wcoCGUUvn+zt/e+2REQDgEMphQEdhWU1YlCTsFhCqCQz86Y7vFhMyBkVys0ne0fq6v9/f2pL6t65M9/PfHHf33a0EjYUBDqn5vea37zIfbuFYGhjEFHQBincRDNwxAjMzUgFsY53kz2eDRg0lTBUHsxIemLRuV2uaou2eX7MpmxD4T30kUXg1AzV7sSCF+/CwR+8/mH1zQiOgHCjIy2GMYaWiq8H9/ait/Hi4R4sUL+f75sb67H/WsB07ZW04d/lfw/e2f/00S2xvETZ0+hvjQpdUltCyMFUSoIAy1Iy2vbFXQtViqC8lYUKijC4hvuD2rQjcZVck10Ey4x7F1jbvTm/nDX3DW5yU3u/mn3OXNOgQLTzluHlvQkzHBmTs+8nPOZ73Pem2Ab4SbS58lDr4VQ9iC8bCnPXQi9fgUv/Ncv4i72x7+MhJAYo99vqoHp6GRdRmvFDjTJ+przBYNU9RtvVg/henfSDBB2eyfMk42oZBB4bITie1G3eUZAnNv8SxEk8aQ54uURF2LHIt8UcfHaWVBRb0gfCN/4KlVDKMueNqu2pwVlb/+Llf3zx3pjxT+zD+Fp4I4anSHCXIrcdRIqKYW1QOTpAnFq3rhQrMkFMkFYe/Tly050YE7wHplFcfMMEsqKkDWCGiOzaDCE4jMJYaCMm0VNj9ixGYSaJmeFl+ZBu1y3xAAAIABJREFUblIvJaxQDWF27WlFMghucKPrzH9FMfzPl/9lHUIihBQz0k7xeMvAiVpilB5IIlqQQlVvPKENQiqGaSCkpJ8p4ia/LngbF2bQTbO5lp8VDpm7A4koGjwzV9Y9w90Ec7SIHguRDB9Bnd3exm59IGz3WVRDmE17WtBihMQGv/z6ty//9qCsQwglwg4qdaB6j7dR5gUKL1Gh7CiUClW9cS1Fwg0xTKeETx4ds6JO2lPLOzDDzZnNUf6bxgWyewmf1RIrQAhC0t1Ij4W4Y2bzL97aY6hTtzJhUCOEWbGnlcrgDp0mslVhnuL+YjKVJQt9l3ZQOi+weV4MUFaoIFX3xjc1UT0YirH/PlhTU3urf6sYZsjDr4WJWeHJPw6FjphnCGIT/ERiAVTPOxPpvjnBPSIQhsxN9JgIIdiiE8JRnSBc9dk1QJgle1paBuUnQ7MREHrB3BSFrkmqVwyxUpuSIQr2qIo3vqmC/ON7lvqxltTU3urf5o5J52Fix70uaTqCin4LoVnIw7VHQ1xRJ7L+Bn+zXASy6twMd0SILrBjIqakLNakV+3omCYlzI49nUYG5SeDIRCCNXo8KYTHJZsRqRTCP+4Cc8rf+KYP8oP3sQ8ObPtcXIXD7s81eNRdXPwJ408x4k9PYehrWmuukT9jJYX4AYAQXOOh7lnYTSzMkQJlEcgj2HpxduymCKF5AkXMuilhnRYlzII93Z2uNCg/GfxGQHg/2T7RIUmYO1lq/N5kul9gTiOEn/Fa/Ieh2OfwWhx/ij8ciq2FHyzjZfDH0kPY+TXzIMBHpJc06NwjcfThXETcTU4+Yae714+JbsK7kBtKmA17OgOEspPBCAiPs4Z6MDovSYW5xCpI44VCoXYIO5eLo2tDsZjL+jbstn7ED9461qxx4ldpjm5zM/IGAEdqUadujfV9vj4NEGbHnk4zdlB+MgwbAeErBlgZ2JxSYc6zRgwAtaPAnLaKmffRcYzx77Goy/0BE7cc+wHj+jj40w8wlF83H6k9IytYoqhbNwiDljGttaP629PSwwflJ4MhZUKTyZQ0NSWb4k8nTVYIXGBOI4Rvwx9jH4cg9a1v4UMcW3bH49Hl9+PRtEoYEHJ8FEWd75pqCLNoT0uJofxkMBRCULsLaSA8X4BQ/Rv3pqS+K+r+PRyNhtegWBJ7iwc/hd1R53g0TZnQn0C5PpRJixKqtKe/lWNP88NSEMpMhoCREB5PM2z3QLIGtQChqjfOb26gehDG+EVLvHgeL4Mh1LJWbK0Hu8hN/GlnnMltCO2+Vf0g1NWeDuzcTig3GaYKEO4NCFGqUWSl39pocXGM2j7RKPOnm27mW4OdUiW8rB+E+n5FpEbUy0sGoQDhHoFwSX23qWZhl/OwXCVsz1UIZc4tI9FTCRUg3CMQetXmgU0TzZjNhwx0SiGsyF0lRLKnl9FvBuAChLkHIfJrlEExDxcZ6JRCaPHdyhRkV+1ptWLIFyDcMxAGNMpgzkNYntNKqFoMl1ABwj0DoaBCCrdMw53bEFb67mWGcHftaTUfwkQBwr0DofIcsG0O7lxXwquZIdzlB0goHuDbjAoQ7iEI0bAmGcx5CEt9PTkPoZyVKFI/hIIREHoPkMGCZAkm92OT6cIBCXfBZHosBiJDDg8UhhSqeeOKprjYaa3Q3IbwaR4oIUIc32xA1agiCN07rEYox3VIDirk+6+zj8eNnef9sXeVbCtNOAV5ASWbqDaCplzVkhIxCXWjwuIUdglCpGCOi0CO5uE0rs13MQ8gRIomvFhC2Yfwgkm1k+pl2ocxnQP2cMvO01CWv9nOkE2QF1CyOLIeNPWqpSkRQyg4be/ndgtC2S32zTzKPwgXLafyA0L5EwEPC9mHsPaVyfTn31W4P02mVxKL2d++U10t/vMTdgXRcwceWkU/OlquXF9ku7bxlYcn8bM+lDwMgmUTykd70bUufD2IvrsLVM5DLmwbF7hejO+IL4JGRP3s6BsIfhXdc+KqIARlIchVaTwQvaOqHn7M119DdmcQtf51XIDT7a6TeIiOfKM/KWW3YwCE8iiUWqg3xyGczhclRHKnxNfCoOwssT5eXrGTHINfgUvrwuKaBNfCDXwffjf9s7MPt9Z1OYJ2trNZcJUd8GB+ooT9HucofxVfma5y8q01PKoep/rYEK68h2+J+koiKqF+uq3EV1bma1Zg218FQVkIuOo0jceOz/Z1EQjR7V50B1/j+s/ZBDhtx1WW2/3CRqSV9HYMgVAOhdJL1heUUL8HCGSZQdlZ4rTJdF8dhPelhh4+r+FHug6KhmFNOZruQSMHnb55yPCO4Am6s9gsQF6lTWB+UiZ01AN5ra5ghQWvjOEVj6uP6mOrY9/iKWKa0YiYn2599RxadFRDCW/6HQRlIeCqLB5y/pZY/mtwlozicxWOdhs5XdkSRCuukY1IK+ntGANhxsQfTuRFHt7BnfI15BGEmVcLbTYmS+gPITdKhijPk2oST00Q8SfBV/9dL+EsWE13FpsdiANsmJ9AiLFrEbWKw5vb0fVz12p4CiE/jvEoWYSZRsT8dHviJFyjq/oFYkFpCLgqi8dHohfZGnPYba3z++ohFJy2QOT0suwnFno7BkHIpa0W8E9pycOho4oas4+GdIVwJK+UEFIivU06hVCeQriC75WWXsR2EcJy1Bqu4+1OXxXYlo4g2wGEoE+Q65mfMFQz5hxHvv6SEr4niC4OXe9lZJ2a9tyyAWwsIuanW/Jzj6u6n0NXq+tANGkIuCqLh+gvrfHhRuurxhz4rAhhOakdpRCyn1jo7RgEYdpqgYCgKQ8PKF1EU1cIr/r25RWExCzxK6waywsIe0nZintGqmYWXQ28r8YT3O/qw89LhxzBSrqz2wgakOuZn5T+nNwqboci2uFz+DIa6aL1qxDsjmvM84xASCMaoX66XcU9nt5wO2xf1AOELARcdZXGs4rvLT6kRb1WfJfrb2mDCOE0uTqFkP3EYjMWQql+G/4lXmMeVty3UmclnM43CJGwM4bNWmVwNyH02G6Q3VlSNcNV4Z5SF8bVLW09uOV6zWFEdxanqITwxw7T5rzqGv4sxi2kWHFyfwlr5CsH63Y/4YVFRP3s6F2MHasIfuQqhaAsBLkqi8cnGptUn+vQHScPoeB0q6iETzcitbDbMQ5CwHBb4g9PZb4DORAOyO9ZqTOEl30/an2AXbCnhanmbR/DBEJ5DOEWJEnbHHzdG3o51GAT2G799FY/QocrONF6bN30eR1JNvLxm/x061mkP0oN4UnGw87vcFMbLYc80scpXxGSSwSakyAOL03JuhE5EJbJ1wmdIfRoV0Kla9oP6PIAwlQgCaK/OeA1OEtkGcL1wgJ+VoXPJndbD29v7Q8/RfnmVKyNjBKQ9sPgAgGvzG9BbkM4duKdHg+wG/Y0JMUSSYol2UmRdxCisec3VjZ2Ww9v7f1y4xTa+xB6l1LsUX8gkfcQeixtejyAXFt0QK8H2JoU+lijOQfh3nfKINyxOsCfuVCoBMLI0YWFgTMzBkIYPHFQjweQ+xEp0+UBJJKiAGF6t+jJdwilKsb9Af0gTK7PcMw4CA/ro4RGQijZWuT35jGECkY+SDg61EGyOuMcxvinnSpcblTIiHZTJSiEp77Nt1yptpJUAYTpmogzpL18CDdW7Os0UAmf5xmEAb/iPvT5AOH/2Tv3nya2PIBPpFOLSEmBJd1Kqba1LaUKDQ/lqRcoAi2K0l3c9dFGLmjgssL1Qt0EJXKNcMmymKCRS3JhJfcH3DXGJcpGsze7P/iH7Zxz5tV2HmdelLL3/FKmc3o6zJxPv2dmzme+CswHkYJUB7G1T7snUuvXa7NJl/gMr1nOoAD10RJ/k+1lhkMoozM1jekC4d9ZCL/ex0hYoSeEX1Pj6b0ffmschDKTuLUGw9xB2JYIV9QmyPuXj5G+0nSHgnYbCKKi1utYR0sVx5bJYxW0D4HkiDaoOnSit0DVScaqAJEKzsWpSAR5baBvgc4G/BBcxdgXogYFqG+FS3xZQ1jn0BPCJyqEehUQvmYhfLRvEC4E7uoI4Wu5HxGNEGK4vaN5CqEdTISZPHOdfPaMtKc5FLQjAUny/sGDljzk1NnJajv0IVxIjrDTqgN8C1TtZ6wKqkxUltPjRq4N9C0b3XUu5FXYqVXHGftC1KC4A+uDpTM8WUNY59Bxjz/RYjIpgJB7hvzAvkHo0jMScpko3IZA2Nqi1qw++BCC2WiOTiJwnyj4fiLNoaDdBgJN2qaXPI4qIuWogT5EO5IjrFB1QIpEO6jKWhVUaWSMI14b6FvATFX0oT6wirEvRA0K4Higpcs8WUNY59Bvjz/R5PQqgJBLFza8bxCmAn36QciF8nEDIJTTCW1b70q+lLz9zDmzrvyC0FoZJIDhcH8izaFgHAmqDlWBXgJTNoMXI9CHaEdyBFIdkCLRDqqyVgWIVHC6WcHGTV4b6FtuVncS6EN91CrWvhA1KIDjgZbaebKGsM6h1x4vaNX2dAslV0d75Eaj+kNYal3XD8I92VCuHsKw3EjU/baEKl9KSraYOUAF/8ozCE+EiUYKh1sT6Q4F7UigmaL0kpUaXgYra6AP0Y7kCKQ6IEWiHV6/ZKwKqtwjwUT9DXKd1wb6lpsgEsIP9VGrWPtC1KAAkRMttfNkDWGdQ689ruRJ+C1jGu8TjvcU772ez5xc2YUN4YXY9LR/xq2g193UMxL+xbhIKP+8NcggLG9p+Fxb+XVOCKIbgjDNoWAcCQgqQS95yAflvZXPoQ+RQnIEUh0m0FtQboBWhasfnnD8eO5F53eOkQJeG+hbblfWuZBXcYdaxdoXogYFcDyscOk5T9YQ1jl02uMKn/4rINhrmzFjewSmZv5uHAfCrtX4UrQruhTvcOcmErL3WP5q0xdCnIetbbEQfnn/AR66D5/yKRIiPQ8NR9MdCsaRQLfn0JLHcYJ02GkfAskRSHW4hN5Cd/KAVRGshNdZ4NjzaYrfBv0t1GdQO2AVa1+IGhTgO1Ak3ODJGsI6h057XGlepuxr5Jog7GJmR8/LQzhjjobQgXbGZ7BvUQSadbw6elLuwpI6CLHOCDgIS0re7d4uLf3wriR/Z8zwHArWbWAOGViyXgvD23u078AqE0G+ApFmVRClVcH0NhgXIkjwP8Q2xS9B0YWM6gI6h+Y9PmZRXDIv0GiBkJfZ/ZEchNF4kclUFI1Gk9RLBy6FYblIWDQzPb261IV5n3CgZ2/v9Z8yazs1QYiZjYIPYcmn91tgOb+nrYnIEtgTbHJmVSj5Yow93qQcwsy7FRogHOC7B05pCIfNblPI/+rly1j8cZGpKF6EeYtCOhIWddAj3H90qbxYRI+nnWohDONeGNsqef/Z/ZE5M/xElXyHUESWQAEI4w5AzqwKJV8sv8ddKjOjuXSBMI3BwmLpDr+6ZAp1zNmoPtwwQ8XEaAfePiiweqT6WjxK951oPKYKQud02nxYxRCOYZ+Tb737aBmyDH5+x0CY95Hw/6LI73HVqWJbVUHo7KG6bPGjJAohmfnfx6U6vM1cb1ry0314xm8yxevxhqOBB1IM0iNc8BKfUQEh73dkQAWEYQWn5Fu76PXje25U+iuEhwDCFrUQ8h6CiA2hjbmsUXjytNN5OktYL5bq8NHHppB5mO7DDRQ8c5iHWiISUmNaU70//vLl3Ct/PUVhl2II02J5UjGEDUr2/66N/oMdkpa8PZQQYj3Vhb7YKl4E3Im080xBVyIXEI5ZNJRWhRB2fSVnpCclOnzMb3L/xPZhf9QUjeHthECj6Cqqlfp4rIH6RttcvN4UXVUK4XzWj4gSCMPKTsiHuakz/0bBcPc/hxJCrJQQ9rKwpNgg5E7wrQhhVyIXEI5qgZAJhpgQOmUZBBdIxSGMmpyrbB+eoSD04+0Ej0fskIbMIZN/jv4H/H4UaaUhdJ6E42mb8HjaqQjCBvXDkKHh3a2/7X4IEvkEIUwNkZXkAdkSFd4wse6lnQUrlxKCMybWmaoEqkvf+yfS00ZwegNwIdAaLrEFl+tCzJXIBYRNFm2lFR9C+ThIjVKlIYxyEJ7Hh/BBo9jeveI31Zsb6H8AnHP6Z6QhTBanjaez/qMeBRCGddn3eQRhG0wNkZXkAdkSZyie2AQTHlZo8HDGRIqp6rLDuiyEaS1yesOdbvCUUbCGl9iCyXVBiLkSuYDwhsaOAIMhJoRO+dJlBITikfB8zNTlZ39FVpOmWEwSQvlYbsOGUEMY1JQfLXcQNsLUEFlJHpAtcQQ9ZRc5C5zQwDMm2Krr6Im8LIRpLf6e1RvKq6voNVxiCzbXBSHmSuQCwuxDu+kgy36Gf73pJm/ZcH6Q9+dBT6ohbG4UO++eoxuhIQRLUts0IB/KBzAhxAiDOzsW6cPQZDSEsSgoMbwSZUtMBMIATA2RleQB2RLNCELalmCFBr4xwVS9lAFheous3hCs7qTXcIkt2FwXhJgrcSAgnCVXbDvdg+Dk37HtfngfJxju7cMTA6OC2ShjeJEwLH5dJgPCVQkIxzG2vAcPQvkwaFskEYTih8F4CK+oKUeXxCIhTA3RmJnkAdkSxy+WguEobUuwQgPfmGCq2u2wLgthetoIVm8IVlfRa3iJLZhcF4SYK5EDCMNZR3aFOvTD59zUX9vVQ5akw40zMDptPITmIlN9ZjF9898QViQs1wVCvPE0DoQYZ4PXRhIJ+If4YWgxGsKlIlVlTsyigKkhspI8IFvCSl7tvFZLOwtWVmjY4BkTTNXydViXhTC9RVZvSFXW9aM1vMQWTK4LQsyVyAGEwvNlUCRc++eQZbBSDwjnFTLYIwThN0KnH2acqWvrnlJdINTvQU8YELotawhCicOQZxCi1BBZSR6QLVHgI8nva8OsLUELDQTfmGDEClTXztwnzGiR0RsKvGQfWsNPbGFnv1fYlTgY54TUYSdX4MuiBQ/CltdyPdR5WkkRNPU0QNgXCIp1M6ER7n48gXsU46oMA6HoYbiRbxDSqSEykjwwtgQtK2QqDvykEUzVzEr8Fnl6Q5Bek53Ygl3PFUG1ImcQ7pCbaBx0HS8Stob3I6mRlkhoFb7sZT4qMMI9atYBwq9kL8xg6IM0hOKHoSnvIBS+6Y4/XwWjqpDeIOVqHIRpa9m/yIlzbyzsycis7Dlhy9j+ZBbTAOHdgPCPnDkk0GJICMJihRDOY9yikA2GawmZw3BIILx5Wc+qgnqDhKtxECDM+kFeIRdn37wZXJu12MjtwYf3hzByN+drJMSG0KbDeDrrZr3rhiyEQ5KHofVwQHjoi+wez5IoFsHDpBzJ7hXAI9k9jCPZH/hImFIF4fDK9lrN2vbKrM7/CjttrVUOwkHJwzBqKIQXzOYOdRA+Npvdv6KHv8cLpB7yNDRkwwiDhkCY3f81QFhhLVcB4WbEu+zz+SK+5amn225DIMQz6kUPQ9hQCENxs/nVTyrKK7M5HlK+XZJ5JkbggwYdnRjWA70SO70uVTGrPf52KG1PxR4Pq581xT1rRm8INxOg/0d8keWpBNP/NUD4LHBKMYSbi8uRqZrmI1fr+nqnIhHvtiEQatA51V4cxX8o+4xZdbmiYrsk80y0eTYcfRV2F4b1QK+swM0cYS8LZ7aXth1K21Ozx1XPIm7iNkpfCEH/91L9/xLq/1Pb2iNhUCGEtprFSORq6s7d/sS3fe1V7TWJ5UjSEAhxHy+j39PwsSEMXehQh2BcZDCqIc8EBcbFDThlJtN64DXKtkP82eHw1ob574Im6KZZjQJZHdYy8BF6s9A6mLuCEGnPiD0+qjUMUmW6UL8eCvq/j+3/C6D/7yS1QXg80KkMwuFExHvkjw8ma+5+N1J3/Ftvv2di0Tf5syEQqg+GLoMhBByqOSUUHYpqyDMB566hJjKsB16jbDt2su/yxdqz/HcJvpBBaxTI6rACLfEss1lwHfArwO1FwfYM2eMtGsMgVX6QeKC20pNBqv/Xof7/EPb/9eeo/5uHhQoWhG0KI6Et4Uu0vShrBvebFkcIovTHY82pGt/UrDEQqgyGTwjjIdS3aMgzwUIokCGCbZRtBzQycSLtXSJNyEAaBbI6wHPBy9jNguuo7QimUkHh9gzZ46MawyBVbIWF8+NOPcr5KV/kHtX/weXMSS/V/33HmhdqfCMxpznpzizUry4WhC8CtxVBuBOJnOrv7Yc+/qmnBJGabOvvrer1JYqMgVBdMBzLOwg15JlgIMy2HviJJ5h2GoE1UZb2LsEJGaxGgawOBCG9WWgdtR23SLIsKNieMXu8RVsYBGW8UJ/ym18ikQWq/wdAo53LBLEwda+/d6HX90uhOSk09DEiEm4uTp3t76dTrdz7H3tX+9q2esWFw7N7W4pL4854sYmb2gjdGNcySyycuJCaPtgS3LDoQ27sOjF1iBMoutUcM6ewy0gqYvA+rHADi/WlXzcoY4ON0UG/3T9serNsx/KLHMtuknM+xLL06PGTo99P5zxv55DGeFmkhvHPk3G4LYL/lm13zRPEzSPh+HkmTBL2ZohoV2rWo+Z68nm6zhJdGzKMhd/aro6oSsJWs/RrSjvyodCRdX3OaNxmmBnLbBSvv38yCfkiivkcR+gzCikD/2ykVpS+9CHhKAHXXNS2NQmtPVwRb52bD9/XOjrm3FJ4Ig7p9/eeWDkk9t6Fa3FHSdiaEhhx7dhomaSvk2eiRcKeXQ8dlZr1yKhaO4mVOs8SXRsydBLquzq0UDVGWeOaur9CuW5dX6tBE9a4rTj463HnXpWFOs4cmviPto4ozieJf/mrlYy0rTfl7rNs7amFh/vDl2IztWsOUb/JGQdV/3OO/NsEPO4/vbj3G6sZ22BiCkOjo0KiNSUwYA7gyjD/iJZw3DwTxLKnbQmvZogwKm3vwFjV9vJ2ntXeo2bVxqSftqtDD9qmlzWuqe1Q/1HL+loNmrDG46MPDLwqO+mvPMAR7665uqXKmfiXOXL1txaGcLTAoy4q34eEFlX+8AXLzXDTvLe1JL952Hwm/evXk3C6f+rTThsBL04JZ0nYmhLoTmqtf7SDJZnxk+xkkh43z0TPG7twtdLOemr9z3bddrWGdjv61+eMxkeOAb1OOCoYy6Q1/o8kcfydJkd9LaEFCf9+IqTFOdlcO/HALE76mvVfXd/l/ulR/7fhqD7Jq7jjJNTdv66k1ka8JDNYUkf8JLuZpL/qPBOTlhE1PhoLE0FnG3sp1fdEwsQ/e9GJ/+L4obBoyjpvwB//bOHgfinmMrl2mdWttp1OnpOrDj+v0R7EdThoj4RdSa2NeElmsKR2/CTbmaS/6jwTMyLhKA+/NyPapMWFuS2u/ZXLmIfn7CF5PHa9z9zWC7gJKw/3Z9LVQTyiIrdHHyJRHHH8ia07zEF7JOxKam3ESzKDJbXjJ42dSfpOyMjj0UMnjJ0ckGmxjqS5TvyX2l16E//LfrSrPODlHRsTNluUjTBaWVyKdITN7zguSNuNhvOPbOgATSJOTI2E3Umt9Q8zWFJH/KRxM0kDCW30RxLlKTQ2izc78d9sL06oNVr4L2wgdY/08oYNEva1hFYSwe7dRhtD9yVSE8VOkzs1SZiCGuYGuyUH04GETsKupNZGvCQzWFJH/KRxM0kDCUd2SZ33RHXW4dBuo2J+fd9o4f8C+8+kujFSjdDCnvoxOgkzVMoOCaNSpj0TdGSIQuVUeMlohPM+6Zpz/fJRSahNCXQntdY/2sGSOuInjZlJGkjYI9YTxmsHU2psBPukah/8pyXJJCGqEwWPLUs4ZJQtWvWZxzky09EP7JQ89hbJKakibk3DxMG0IdGZ1PpqvKTe+Em2M0kDCa1oeLVDsna6MrXGVnC1H/7JSwP/KgkVV/Txhi1LOHiNg+LbtgfDWTJ5bh0TqJrLkJWpKSNu8SjKs4AEYQZKuhovqU/8pFsztTArEioPf+W09fTXEusr02wsS7KH1vjPcFtkrkXC3QDyL9mxhHn34sDrtGJczekQuUGGsGWxXIbDF9PUR/xg3YFHMc7aUSNQ0tV4Sdbxk27N1AIxQ41r/cNyOT71xsrFptva36tkcvhdi4TUOUIR3gYJq9TAcYK5E4WEZi+mIEp50rfVU4pcDdfEunf6jzBYLqv9wLlZQwLkTmi8EJa2STfdi39OVPCfapGwMsfb21OSdy8NunyEXm4GkNkr5MjjTCzbw7ZFMUnjJkAC5JZrnCOTW5b4Z10t/KskJHz2SPiGCg38VSQREjJNcEgQ84Krp1SpWJMaGYAEyC3XuLsubosW+Me1eqPaQUKiaYuE2+5Bm8Ae7yCxJHQMJnBk9lm9e4BojkiJmxQZAUiA3HqNK/g/qpe6Ts0TXjG6auK/sKGScHHDDgllyj3ITiJdzDGXtISTPiFDtGfsk8dRIUM3RDdAAuTWa3yvjpPRLvwfJzeFqqsothzK5R2kLi91Tc4Siuh9tpmNtYdmCFkssl6S1Jbo7KmRMc5i4RItSS6ABMgd0LgsFNlLUt8Io+F/Scc/fa1KKd8A3i8g1fSGUHtohtgScK52+JaTCwTOP/ZRYmUp2ZAOARIgd0LjLfyXFPxva/hfvDb+9wZZQhb51YVX8RjqmIh/I5KC64yu1EV/WIhcbH/ApPAOIAFyRzReVfBPq/gXFPxnL/aqRVK8ph9YoqJ2b0llG1hYldO19NJZNNnAmIwCJEDujMa9Bv7P9hYN/Puu29N0jxEiq9qUSCyFxbCEyQZ2ASRA7pTGq826iX8J09eub5PaHOe2EBupi6IoNJNRgATIndP4ZPGfdu+Ne2thsQCQALmzGi8s1iZUU5QqARKAhKDxWco1LCFAAgQ0PgnxUTIoASABGp+tJdwGJQAkQOOzFDf1HJQAkACNz1KWwBICJEDjs5UQ9QaUAJAAjc/WEuZBCQAJ0Pgs5ZKqghIAEqDxWcoZWEKABGh8tuKlMqAEgARofLaWEAJhAiRA4zOVFLUFSgBIgMZnKTUul5yBAAAgAElEQVSwhAAJ0Phs5YiiQQkACdD4bC3hEShhcpCQaawJDcvigYQjyzOwhJOChIx5xPAxlYMxnkE8BiICCUeSAljCiUAinfUwJ1yJzmKB5wWcpUvcCePJpkGnQMKhsk3d1DhN5YP104Qip+srwVlDIo0ZnpUFD/LEdHc0phwKMsszGGgIJLyllnDldM2BHKHjQoJjYjSnWEK2g3FpVrGEHB0LcAAyIOHts4SW+bInkrh8LEikYwGaC/Atssm0OSrD8QGODsTAGAIJB8qyO3XTKHj6rbWsrcwEEjJzssUHaO0Q84yeQYcxhmXoAL91EoARGiDhwNc4dXGzGmxlBVuSCE4fEhzDcQzW+oWBwAmn8K0oKHTkTgIBrT+I1essAA1IeGssYXkABSdgDNEYHKT3VUuXxkzMoFpRoLVoBWxMG5aRA/s0Ax1DIOEgS/jg5jQ2mPh2mBxMFxI0I+97FKaxCwtmEmWWRUayxp2A6qamPfsyQwPUJkfCeFkfGE+sH5RvgxIeu723whM1ZX2akJAZVuOgwKwutF9m80gfiqEQwTKCxkKOgX7hhEhYXn/V3Qc5iN90JSxS57fDE52ILbQJibQnIigcTO97vERlwTydN6rJKU6o17OvFPAIEQ+MkU6ChAdWztBp8GYrYSRL+PrRlOR1fw9kqCf66OM/Hv7y8NP/fmf2C4NOQ0KIsYzCLQ+vEuzMPL3ZWU2a55U/DBsThvna/L7xSj9cInwb832KKRf7S8hvZRX6VzaoaNcPubsqVksdLrn98WmTsO+L+GbTsEYNTTL6zZN7U5Mn3/R5AQ41g08/PVTll4cfn7YeyH8dhgTNlNS+3r7nynlXdzWefaWfqBcdJJsIXervRWaRWPzQ76WpXBzAIY8VL/pWNqho9w95uypWSimXffzcdEk48EW8foOd0qD7cpgZfHFvivLi9XgDMt/qHFTk86c/GDD66DAJPRHVvPU6msfvrzqtqtGMeIaY1QpJagcSCqRTxctYEb3dvI/IeaK0gRSfdi6LUCWuXjxfQDsy4TULeO830H3NoXF74ou7WeMGfKyw8q3yRkoV4/rNahH9Zv27cfaDUjxPVP0orPxu3Cih/pBeD/FuYSEcU24OxkqEz58mks2i2o7ngQja0RPrGS06iaD3m45pfNjI+MGNJWGBGjaH9eO9qcqPFgMyo3QFP5ok/PzP/2i3/fuzsyTkArTijMq9Qy7Zt1eHb2TFIaUHL2BbQt7oS82lLb2kgz6PGwnRHXR+jnx5lDsK+4P0y1AVvVEuyujiqOGfD5kFQkh8Jnyn2n8fv+zfDRo3JJVTZFG3j/rNmr3Vbta/639DKHf59rtL5S8fVooaJZQfOtLr8SF2c0MlISFkiQoqzfGcJ65c9qGwW+Dj7UpDKOzT2OqIxg+GQiBR/sr7VP1kfqgl/P3/2bvenyayNXzi7Amt9zqmlG3qMFKlSKAttgPtNogNtIDQJiW1jQuu/KoSlgrKsmyE+4GYrMkaE0k28W7CJRtA4wfdGOISuUayuX7xD7vnnHfaTqEznaltwWRPYtvz+zgzz3nO+57zDLUF4dKRCfCWyRAICQp39ybr69/tnq0uCMUYPapGae5QmDpk/s2NtdMjbDFRq7Vf2h3jfczD2tDeRCiNFyKobRFxj+a7xchFHm90C6dWLjtI5twQGv9no+TMFXAKTWhFoPfRKXgJ8uQKk3jDJY4AP0JlOhaoDHH4DHg5Ur2VWHhz/yZF5RKkI7kdmj/P7D9fY/0Ejl0UQlaa7SRT0IY4nm+UjshprRwI329/ILdz+70jh8HmUq5x6STbVKrBVZIJzTUOh+yAHn0+UQUICQo/vN2mN7CqIPQRIqSb9a1HbnxLa0HUjVv6YowKNaxCboKedlukbhFXe4Tgxi66UBsB+OJ8NzsIF3JMYTwxRzIdbhL1SnyuAEEOcvXRt+Y5MRZXkFwB3YndZvxI8qEyXdlDZYjDJ23E1df6WF7PyiVIR3I7gWEkY2tSsFu7F095SSmSzZPGKe5yjdIEvnIgfL/zCabUg49ZHjwo9RSondY4ATaVlrHLO08yCPXuS1AQvj1o3n+TgyGdRKsKwtXB1UFCh//x4sNv6Zm4WRDlfYiSICm+qt7aBv7JZruO7QyElAnthHsCBB4T84Fkfb1jKHJ5zjVvdZPM7oEOB8nlcwV4sQG5RFqVb59snEJyBXR97M6wjCyoTH7LlSEOn4EW0qfYmuTQd60dhDShBOlIbiewmPX4cBPelkkBRxkIm+gAAISKEVUQhDu5OXU7MsvucWKn9HNQ/Oji8dtUmlsUy90nF4SqZ7WLgXB332RKJQ5284xYXRAGb2MbihJ0HXEvNx5dXIhRZAveDqq3NkxtKe4R5dAVkdqE9LEHjBGLqyGGv/1RnHQ9cpPMWLsrcloc53MFnHi5YZgAkWClkdvEIbkCGu8DfytpCiqT3wGoDHH43MRDruGBEPl87CUglEuQjjahnU3808oqmHrdeJlLBq+SBkk2HSGAMJAfUVVAeHZnn93jvQ86HoQrPSfQptIO3AlmQv8VkwEQ7rGv1P7b2oDQZ41ZEfK6i2S1H32fsttLrMeoVXU96rIyKEepa4ZrwUN8I2VCWG2iKMZBH2oiC9bTEZIZFTFuDV7lcwWcQiMW7NntvNZ2B1QgvZ6ul1OhMt1rgMoQl1OXMRY2aS+ijRSVS9BRyO0E2GIT+LoD/djoIKVIdjdjwp/zjTImbKw4CGnYPbCk6g7OntX1KNyaPWE2VcktivKZ8Hk67fF4ujLaw4n3PPwjXM74pW9MRsKeRf6xn9useFNNEA7eo6tRXOyog8AfSbJhWuPeoE5D/fBy5SLbkRsflzObCpdcfFJqKlaBm1DcW6iMcpUhLje5ApUKS7hyHUO+1iCbyt0s1wbhhzwM327T+6rzYTjioDnZIOR4vlwQPpGQw0Eufr/mcM6jjNRbxvgN0SAJo/mjM38xMvyw97GaIExGRR+hw2LzGi5yqMVKC0eTVdlmUjkRM4IHfj7xW2SaINx59+3/cnz46dMn3SA0XZn9okC4vFwuCK9JXZTpuLT2eM48lfoNj98gDRaG1Oje9s7eO1dVz28ENxm5Fcm5XKwVSoJ4M1idvd7iG+RN338B73XWAuEOPfL0cU+xKj2r/yH4RvpyQIjKZ0IAYdifNs90ovpRgsfOLoTqwuaMhLhm8291hM5mzHG/A3H9clr8qzpu2rNAWNTfrzV+ozRY5DBhpR+JI0UpooqahLeLtUKNQobbv4NuEL6D73e75YCwcLfiuGwqnWG5rXwQei48edKL/nFf8p9bQNPmDJLO1yFLHHXGF9BoP5rOzEo3znMLqGtNTssg1DWzID0xj3Iz6uMvQYMvLNpxmAirDEIf9pG1ZbKYp+VUsVagNPb9DTvdV3yvQTZMcr62T3uGJmLFbsUx2VT6mZArG4SwcrxWx838d8nfuZRBd81mj2NBOmMO98wm0Oi1++fDGe4uWY7WQVo//c/GUW/Y36k6sZSiwVTQohmvEQiTFFZF3Z0BdRCqu0cNKB00WlCVWNxh++5CBJyXys50dVxEUVERDYXmFc/+4cwe0+g2I8PdvxLGlkP546THYlMZYUKpfCZ8uHbJgnrhlI7/Roa7bzYnHF91LtGvJx6E6i0EhGQSCXdCWj93yWz+ze+5hFTnlXApa7AFDzSbXrfjiWbTK4xfpVj86PWvOgjdBFZYxC1Ht/zgXU8iCRg3sqRFLJCmSRVVEBpQOqi3oC6xuOrcFKI2uwOUD8rO9HRcTFFREQ2Frit+hW48bb95s72fMmyVZMnwOGwqA8HJlw9COv6nUnpBevjHmf5z5gyFWNqRnl0irOfPxMN309waBWG/uQvSGAjJWjQtXSgbhK8HtlKj+NX06tjWwIN1vE7jRYpVHYTU1Rkcvl7kL8uFlAEclSOxAcqE6iC8OiXlZRGyKuFfQvDmnRVZE0Gffm+LsAExWTgB+gcQQ1xl0oYIJNGi97IqCgBSHz1ozjPlg1JWUSCxYEoKRTfqigrED7Ti03ODBX1U5Yo7YFIt0zcgk2HtbSpDobutoWwQUg5/Wt91DtU970cLZPyeC/1cXS+yPCf/Frg4Geb9DHdOSizJaQymdB3epcHkJbSDKdFiejbQbHmJXwlblukUjRfZsK02CIOqNqEKaLVtQrtVyssiQJUwgrs7+oSIrImg8yVuuemEGAgn7Ez/IOsr7LK0gSXRorGsigK29cQQNMHfS3YoZBVKicVVpqRQdKOhqCAj2GhpXy7ooypX3P+ZLjpGhjW3qWrLhOFOxzULKea5QUBIQueZ8AL5Si/dp1s1dYQeCc9Py2l3GQjNaRTXWk5rywcTYrPpBVvwrf+AsXeaxmtvE9ow3SNM6n6XYYxZkFj1NQa8VSGLAFUCPbM5IkRkLQO9VaSAHAPhhJvpH0IghuCZtAEkESFaNKeiUIKQKR9GFLIKpcQiwJQUim40FBV0BE24o6CPqlzxns91lFMyrLFNZRSE0bKZUOljWqMnZAnPra2x86tx9jUz81DODufSWEj7l7RtWi0yTFAmHEulUusvpxPrv08lxONwzCBMD8HoPQKD0CDdJ7yt3j7BQl4WAaqEwWGGu6wmgq4lXVmFBAgnBpn+QdZXgLQBJBEhWjSnolCAEJQPIYWsQimxaAMlRb4bDUUFdcy4+oYK+qjKFVecH34wljLiIVeQYY1tKqMg3ODrPx+EEDJoTUepr+Me1FvKseRQFxEmiA34Gm+lnuGpgeZE41SiqE3YU20QWn1BG+M3fSEZQ5tBn1UThDlZBKgSqLrBLkSymgh47uUYCCfcTP8QAjEESBtAEhFivsusikIJQnbeM6SQVSglFgFQUuS70VBU0BGsCB0FfVTliiuWRS9/TxnxkCvI8GGtbSqjTDheKRDGPdd0FZutC5f27qqvQhbxOl2PBrcsXoz/bGbxCr1zzQAIV93eGDsSqpc4UcyroWUiT3ZeFgGqhBH8i21MiGQ1EQwvSI6BcOJXpn9YATEESBvmIYmJGZiKwhGzKUHIlA+/KmQVSomFnSkp7PluNBQVxGpscIsNWaVGTUD44PfUCwFbXzMPOTjItTzkynBuqcY2lUEmdFQKhJU98aOuqKe7RSk29SUS2fjhIFUbhDGve5VJlPRNdVYK26T6Cy54kOPBclRWJQzh4J32BpTVRMDWHMRk4QToH0AMAdKGIUiCXTyqonCJ8wBCa54JNxWyCqXEIqekyHajoahw4jEm3ZCVGjUCIVkCTf8wlno9sDXNHOQpTQ+5DhBW0aYyEL5vWzmZIPwsk/wWqjYIbUFbkDyCqzqKzsH5NiZA1LvpR2ZG3zCHfJTRZC1Ddq+BxrLCCVnfkJNIuJSShwIVxZEwPl7kd05Jke1US1HRVLKPioOwd92U2BqjHnFwkD94puEhV4RLx2FTGXiY+IaTCkK9r5ep3BuAjZzttMasdD1qQyulSo493sQRFGMCRAPhO/yoBUfLP2BTCxXFZ/dhEISJKcLEf6YSYrPsIE9peMgVAsNjsqn0M2GJq/h1jUNF/NOO6oOQ2IRJssZcjeFSnomO/7N3/j9NpHkcn2ir5QyQuW5Ir04FK0gBpV+WpWfrera0um3FQIvKqihCW11Dl8VI6SW6ht3Lrl7g3ITdnGk8wA0/YGLMYlYN5nLJJv5h9zzzzExnSjvfO0zLPKlbmHlgnn2YVz/P5zPP5/OeNU/A0IxboizMjR9uV/O3rot4LKBFFoXia0h6RJF/vhLZSG2MAwhxFCB3TvJEyFlBOp1nUejZEso2hotY7SEMk/V82/wi3MKiv42sFGxUwpcx4xkOhMSIcysyMhJZRQHyK5s8EXJWaqHOIfzBdVQIwmYN287xyzGGWQ0gxHKFKDCFURFrTGsUGEKyLpTRJM94lv2cMB8xm3/0T8KIOBkgt/BFyFlJ9rq3hL1CEB7UsFUYf1Zygu8gpgWEbf4paAWtOUFaAasxYtTPF5bptQIPZ9zDPXhMVKZCC58AhZhkh9tH1cqJqMmMczdu4Ck6Qo4C5DwRclaG/a76VMLtZ1dY5xCKUaLgzrxXEwixaDJGhAGLAq5eHCxDw/5YktcQ9hL3jx37zHy7/OGhmA8DPgGKNuFfAXMkVMqJqMmMKyiywNSa0bklPK17S4hh+9sHNQiNSoYQI+IFN/T44vwMFjHMXejjrb9NFhvFsFPEdbYyBEdagkxuwMp1H5ishlLuA5NUQZ9kHSWvRV6hJBwBcyRQdkUpYYPqXbpy7mfwP9r5Z+5QtIEwIxdBVqGZ3fapBNrfXTd0DyEmqeDFIqYVhEX/KFyMIgqndn6Y/fNLisGcdVRAJRSW3cawZ/YwRxmCLS0BkxsWynUf2FkNdO7DPjqpgjp5lXWUXOSSV7AxwhFQ+wJlV/QzCRsosYJ15S+TXix3nDsUjSDEAgrNoG5uYh5LeL0eIBRfCPiaVzMIsS+sUxDAIgHMw8Q/dpyOme+QgvZx/5S1DxMB4TF7mK0MwZGWQHV2y3Qf2FkNdO7DF3RSBXWSfRT+BnSFGCMcAbUvUHbFZ0zCBqVVUbryVXP/gt3GHYpWEAYVmkH9Q7jPdbkuIBRbEl8Jg9LFmwvAxAEKw26iz17heev3fncYMjhqFdpZgyC02cNsZQiOtASZGFGu+8DKamByH+7TSRXUSfZR+BvQFWKMcASpfUFmV8SZhA2UWMG68v6JU+fPtnOHohWE7QrNoP4hvFMnllDkR6IiBmUoqLvdo/5p6PnZGbmXexHqC08yAp8hThOjSTcmCCH0CaOH2znKEGxpCSqAydV9YGU1MLkPNjqpgjrJPkpaQvIKMUY4gtS+IPeU3mMSNiiVCtaV941PxMuGohWE0k1hedlRvUPocV2tGwiF1UIHvZi2EIYL1jartQ180UcQUdLvuzdB+otRgugLw/Ak6FAQXL71Ep6LP0XNoxhHGYItLUGpPHB1H0pZDaUUiz46qYI6yT5Kjoy8whQjHAG1L1B2xXkmYQMlVrCvfITw92OsA3R2hhYQeiV6hUFd38QVLeFC/UCI7edfk2a0uCXKV6REMecnd67FCn5/Mhd1n43mkn6iQO6kifpzRULELm/yOeH30JhylSFK0hKU+SnTfWCyGkq5D0xSBX2SdZS8FnmFknAE0r4gdSWYhA2qN/vKx6f3Y6wDdHaGJjOelbR5P4vVG4QeV38dQQjXJgFpqli1hhC4fFFPkpLhLcai0c7paDSGYqFxIlmM+iVuGS1ThsDK0yi4ug9cnQjUs5RUsVDp6A5tid4KV0K9uVeudECbGRe/IK2smq1zCPvryhKSi5PKGA5mNLslyp9UJAlP3ErkytZnbTnCGvcADDGjKZ5xsbHxKh/EOodw1HVHGYRDHZIeZHYMKR+/N1PuGwYWs1reEjuMIZGMeQp+YjruIVd8YU98mvAXPLEkETdAU2PGvaI28lcT6m14SyhVf/GSKuP3ZoI0iIHB4IDGt0QlDIlc0RNNWlHlX2sy6inmCANB1WZcjERQdcl6nUN43nVaGYSS99WpNP5sJrh4DbTF4EA7tusQgkVpwe93R2MeTzjs8cSibr+/YCxE1ZxxoRXpYLaOfCpuu9pyRDmEYteil9SCcGAxUIPVKKZQNWmqL4dMoTWZ6zMIVHvGeffxBzJ15lOx233XM+UQiv2IcKgCYcXITCCz+xAarbYzzvOYOOitQ59KXUuoJYRVN5EGBgwIGxvCarmlgaDQHg29+lR1agmDAcnxaQPChoEQYLhYfgNcywhvk9KlT1Vql1uOqgdhumNu7t2Tv9QOQoFN3EqNoQGh7iGEN0FwkL4Nri1mRH3w6s+n4rTPXS2qjf8FZavTNRq/iNzeTK1uCVpms3qxwdt8n2bPYPaPzW6UmVHjYy+bCQ7CwHgwOCByr7DOIbzcElZr/KWqqc6ajD8YkLV5V51bgpbZrCqqWV2hEzaYgnfRfHy/gZ1SCAcGuYHxYLb+ISyqZwlfMBDercH4syK30mdqdUsgmc3TN5+VxDxRtQdUCwJWiaBKTzAdKC1PEsLrRbJAKfoRxeKaexRCuYFxXflUO9sN9Szhu1J9YtXH7xVfZWagRrcEklSxWVsYMU+q2gOqBTEVgaopqPQE3QFpeZICn/ZTZpioS/3IKaXimnsSQm+1tZAghjryqSpbQpta41+qnSWUUm8t0F5LCFusLYyYJ1XtAdWC+KTnCKv0BOqAtDxJgU+zedzej9G1Km4oFdfcixDyrYUC2TrxqWptCRkF73/h6o5fWrE1uWowYiG0MWKetJQmWQuitydMl55gOiAtz/MkhKe8h//UTteqwJSKa+5BCIOy8if05VNVaVOuk6pZ8g6B1ajM8UuubpCpLYSMmCdV7QHVgujtOcIqPYE6IC1PG7kc/Q6WOaMLRGBKxTX3HIQiCn3xPLLXh0/FYwlvqAbhweFz7969+Lp8Y51D0fhlqFHIrv4ryie0MWKeVLUHVAtigfDES6UnUAek5fkJFR3F4uaTtOSnUnHNPQLh+7Xt1tbWtfftTCqTU9ZjYl34VNXbSdfFWkZ38YdwW94lh9zxe2XVuwvWBEJKZtPGiHlS1R5QLYj9neZYqfQE6kBpedLPCb3unl66goRCcc29AeH79Y+Awe3t1x/+oP+0H2StSXXgU/G1sJqWcOeA6Z2xXfLGn5VX+DWg1VMrqtoDqgXRW156gtHy3PkjSsU19waE662obW+vURZwZF3gLx/UqU/F22wu3pwb/GFTU/Mjh0wIWarewzLGL7rgr1qPKdTetlZ1e40WAp4NBCGgcP0t+Yd9sy2nztOu+1SClpCn+C8+F3qU/ir9KDTnkAPhMHvf+aTk8Q8E5DIoV5dJbQiranlqIeDZSBCC9voDnjr4obVVVoL97vpUiizhcCjtQy0d6pI+/kec5I9mieP3KlDjsVj0AaHRFEO4TUP4sfW3tVetYiCsEKDZVZ9KkSUcDuE+H55Op+Fb6KHw+B0dYLjND5FHi5drfzskjV+BGZQvE2pAqDcI13+//D/GHn78+FEUhDuLQCuBUKJP9bcLT+fm5p2SZqHF9Xm1tShgcGYp1NR0LrQ0Ayh0CIx/spkea0eXw9EVKs+DPCcBQmVmUHZ81IBQZxCuvwf//WONtSptFRmay6gFoTSfaujp2OPEUOLx2BkpGB6tagk70r6Z0NcmcEH8XGjGl27mH78jJJSNjIuGUKEZlK2PZkCoMwh/hxFyS+rDa6kQlj2tkA+hNJ9q/kDihIlsjrF58bNwzPVT5RO3mm75lp5Q4+9Y8t0iPwaqjn9YuCTAsEgIhcxgfjzF+f5XHL42elKKIzMGhPqC8A3c5wBD5G9/o1ekb2RtnJIAoRKfKjF2yGQ6lEgkJsHbGfEUHmmpIghzd8k302Sixo83zfiWHvKM/66IuhznxEEoaAbzzzkQpvw4eFnwZYsBYYNBSN6a5O1wZY00hq//OyIlRt4uGUJFPtWVA07Tie5/P/jll7FvD5kOjR0SOwvPXPerhGW6fF91MONvHvJ1dfGMf8gh3IZEQcg2g/mtb8zJPHgr2PPLPeaJKxbLqt0+u5UvpCzw3/K4edbZaY5MmyPOyW9SqEt+4qb58IYBYQNAiGGMGEzq7dqrV2tvU/JCA2IhVOZTPX1sOnHmAQ5+28A8sImJM2Jn4btqlvBJ2pdmQQi/0yQpmQOhuTDZSaTA2+ZL82beTaQ2zL++7NnaALYQ/JsEx8ZnX0ZWwSu18XwDdQG9N2a3vAaEjQEhs29RVpyAenQvEkJlPhV+4FPT427Kp5rvNpnGPhU5C22u81XjMmUQNmtTLY6VO5i345YRez5vd1pWtizgy2X4tjwOIQSL0hXgHE6upggcvMD3VBfYO//cgLBBIFQlTi4OQoU+VeJb04kDVygIB4ApfPBXkbOw0NKvLYQhwcBMKX0Qen8jPcv5yIhl5aYFfrmyCY/SEHaS2wkJJ3hBCFGXPAFOnjUgbBAIFQfKoTEUB6FCn+pCt8n5HybE350wJS6InIU7rlFlEDZLhPCRiEcUtDHMRwCEkQ0YDl2ZBYRFllfcFrAQhZHQDWgJgcf+I07gI8gSoi6wt2EJGwZC/hg5NyZe1RhqUujpQsLkeMrcxPMAwm5llrDy6rhSaAZ3dElpd0VpabRfo3zCldRmJAUN4kvz8shmBAdv+MRW3rzqHN8CDuLySOcWHlnFSZ9wGXWBvQ1L2CgQtv+fvXP/aRvL4vhV0ssARal4NMokbFIga6VkA0mnlA0PTRv1KsGdRbBIkFAgnSAIK+rFCiym0lajthbWRKpUCaRtUMUwKD+AhFCpqq1YlXZ+mD9sr50XITa1g+My4CMK8UOR63s/Pud+r+85UmSlBY28WBOXdIb/1SIDN4bwQQHCvyqAcM7lFdtdM3Tr8Um7NVT52jb519Z6M2PCMLSmMw+9NQitu8IfeDDCQWg7GKnehvD+cvUCfIl/8EmZUwRPaNMhvBgQ8uLoyMFudTpcX43HIlkB/GDFuvlmpL525xEtiOG7vGzevTNZL4Xhn9WF8J66EE6YRIuE1vx4q9R+1BBCYUU95qlwW4eGjv3JbmQODwk/hb3YfECH8MJAWD29U70Dd6vDm8t5AXxnNzwU7hQ0cV4Mx1HRWvqmtbVMCFUZU5UP4biEJ/zqEPLOUFbEr2KuJx3C8wahUYBwMzxSC9fqra3HBXDrAa/AvUkLYvgILxbsSkH4xXBUhTHVgyox++GP7Qn5p+A3u2UqYjM6hBdJmBmzpt9sd24e5DRyXi5fxkMRXo5LCyiOcLxsLgFhrxZFQquuXvnupF15/Ntf5NyFUZfh3EJYRqK1rDl0CC+UOlp7sNBqhdvVxwXw5rEwzUMYzkxX4SNpUQh7ZjWp1Fv1+IqIVcl6da3d1HeOISwn11rZayh0CM8jhEIHWINr1eHuRzmNnBfA02F+K52bM16G28uNYhAK6+zPOYQrThcAABVnSURBVIRTridlQTj2cnvNvbb9crmyEJbnDGd1CC8MhM8yc1Xp6p2CRi54QvyPa06H09nPL2H3QvOIRGbuC+kJN6POJEEQiIjS0e1W9f4n9SKZAWYVv7h0B+gQXhgIZ4rbdkhiGcUmHhNuvhmRSDdzziEMuNYVQ7jJJQna7TcEvQMhGiHntmr/k7/V3BBrB2WvLpWd+1eH8BxC6JDX6GPQtoIHjRK5ZlSGcDkbBo6p5gnNCiDk3577R5RGxDATi5PRxED/8353lOX+9SdV7Kd7Nd+K6dTKilHMAB3CiwMhkKkKjG1vL0smmlETwtZtHP7hIJBASSfaVAXCFteqAgixXT+KOg3ji5Q7vjTtrUs4ybZ5jji6XqOOPZW4TAUJL54BHcKLBOFMeQJ5Uco1fh2gSrbtRIgODXiDBr+bRkluUwUImyQ84fdiVnPjxq9HCM2tN/r53LXcNAANqVo/4yaOfruhgj2tl7xO2YmAH/p0CC8UhL6y1lE8K+oGN6QTaiuzRygZdffb+wcSUTIeY4YR4tz1Z4bQLuEJH5VYff33NQBECGQnQ2SX4EVZABiqjwzZQ0Sq4qUV5KXEPwuDOoTnEcJy9PGT5Qq/rbn3kxrjpR+cBDf/mnQm6oZXluJuKjJucCL6AX+oEp4QM1diGEJvku6IkCAzGT5HZE6OuxmENKit0FthBnUIzyWEyl1haQ7uf6oyWLp+QLgZ0mbADodx4s7/nKpd70OZwdhZIGRccXkQtvIQTnBoeDVfWM+S+7RImli6r/JN9kWB5o4P6BBeNAiNt8/mBgWrf6rCcOmIwEEfmRBm1i1uAF6zoyGyBaEjfKxqTMzkQegwidbJ+/memP28jlJ9k/lSJvOR7IclWz9JkBq0mfH0mHRGgy6hm9YQKkxx0eur1MX6EWLccZBZgNuf7fwk2UEnvQBUPWo9aVevXpUH4YRrQHT/NyLh6DcAoY2UM5U7x5ALQVPxVAfrZDRptt6esgom6xD+gSFUEJA+nK3YtfbRrIlczG15c50/FB9G3ASG8KqIyYOwwaSgYqyZowK0MV9BJl6XP0JYUmhJm3bziWN4Z0arLqGb1hDKrlPZM1PBa8XBXj+d34rnBM14Y18KrUtBKCvhWruEJxQ1A4oEI4XNrkJ6mlX/KtGlVcv5Zk7GJz3PZjXsErppDaFMCs8eC50WMzrZDpoOlXT+xCK5gRD493/ETN6yXp+pTcmzwHAMPJAoVFVrc3uQW8PG88305kDsudN7W+MuoZvWEMqhsOd2RS91CaUsBGgr7fxGOkBxZvCdiCOUmXi0afHUuYV2A0kWyjaFUMx9jNljnyfY0WRS8yZ0zM7yzz4j0CG86BB+mcLKCTJZ10fgcE+08+PwEBnO8tXGUz3hoBViq81JLm5kmkzmHTKoZQnBcJxKhBmOukRdotimPu4JlRL23n8We87prKlxx0+vE1TRSDTb+S3HPRAqZK4f7jKcbSzWcJonHMcAGiIQ0oXrYIOFyf25rAHQ0edsYbnLCuHg1u+ZirKHh3vvSzvDns6aOndc+gXintnKX2oyOcVOFDYp5thYLIZCZ/puk0n6GIK1uE8ZupPtWb+Lggnx6tqjyBwlLimE79/mi+cdHu5/PFnb48OWzppKd1xCGH84o8WlUixjS+VrRjSEiVwYmOIWTBlBxDgJuz14bBaG9+2KwtFFl/RBGhZLpwOEf1VcTF2KBInE5YTwGIMCh3sfio+/0yFU745XTBj/snFsy3SbaBg4H7VkVckYhDYHSEAYUc0TOmphrGjHRpIwifu7SJBE65cTwmIGhZC0iNF9HUJV77hj5lkFhPEvGxE1I/EKZhuJIJGlLgXhQIdAoiI7xRMap6EwIZFfIDFBs+OEpbR4BUE6GZozX04It66dpPDtp8LRz3vXZEI40a5DKN9mZ2d92l5qgghGxN9HGVj1E9kAkbnLK5nQo3hMKK3wT0MW/56HKNc/SGIx2Bkqoc1O+70oBXQIBQj5grI5ldT37po8CGPNEN63AMtdySVhpkxq/3iLDuFXsXVEBsWiTAbg8DCZk0qCPIOK1RG/S3olYB2E62DUBjtzD502ihqnSqdEYlGGTQZ1CI+FpJk43vdpXx6ETDM5NRqy2u2vJE8xN/Kt0NRt1yH8KmbmaIa2l66+pSLEOEvndVMOP0wnlH53m0narRsnBecKC9P1JBHq4IoFUiPoowZdhBvoEBYgPHz77sPU5zm+0vqhHAjnoAWPdkJzfVEfeGLtjkx7VtzwxSB+vt2F0wGA91mdwqOQhc2BVSsMb4DMeYwOoVaWQl7XZCRwcnfHQnCxsITI3ghh92ulX+13nTKZ7AhhBMPHns4BDvktVBAUpkX8ix4q6E3SJh3CIgoPr21tZTQbORAaV+C0fw4AS6PPAv2eu9Z+6LRg7MZhZM5pc1jgwOBdAcLYfe8GXJ9L2hoy5wV0CLWyYJJlnLGS3YbQOEXlZ/ER77SU6jLYE56amKK9pXgMskFHB8wEIbyiNjWFfz3vdMa8LGsAlxnC/V8+vf+4dQLC3w8zM/iyxoTGeCeEtMPU6HMt8G8q9WO82hp9/uZAiwm+7uo0gnlhTNh00z4XBBN1tux5OoTamZtwDVIn165vcB2hgiN8BeELJ4RK19YOuJSpcsMUijDxhcjGBEDjTRYXnWjxJ9k4uMwQ7n9qAD7f1P/eXhMzORA+N+PnXR0MYggJHGW0WftvOgDe8GeGA138PmFM2H4z4HDjXZ3Z83QItTMTnfQGKQ8oTIiH8LbFj7hcK0zgYNTDNCsOSF+bFKZoekUTlIHxJjjK5qTc66NLiKCegMsM4X5uSqJvTyw0lQOhv5mPYBZcmLsuJ45Krf3Y7/Ebf29ocAQDXQtCpCpAaPff9zgstux5OoQamoFlvTEW8RAa+SgQDL5A5oEonRdJUoIyaoDCm2aKPKFSLacvlERU10bg+ZT9ucefRIjwgEsN4S/5UfXnd/vlecJxOG3qIKEHk9YGV81ha3+jAOEgXG8i4egGXGJWhDEh0+wlb7YH/s/e2b+0ke1hfGh2SObeGoi6ol7TxLeSttY6mo2YuHhj1G4vpKQEX9a6Ntk10VgV3ZTY/hAkUiqW5rJgF6wsdi39QZf9ob1cWi6U/dvu5EVbNcm8neTktM8DbcbJ4A6nz2efM+fM+Z6/tczkrpv4VwMgrJjmHz8daP35J0djvaGDm9n7fnl+/fvR5ZOJ812eb5FoMnRkZhXUJaH6988fvNi6PPq4Y7Xj8ejlp6N0HgejEU/KJSnlcdroQvj7pzs8fnijCUJu75883/8kOxl4k+//6UpjJgmlP7ek0z0c9022B8pl/4FvtUj/v+0fzF232XIfEFZOj1Yvjz6YeH5teblueevnnvULy5dXfyEAt0PLKHf7/LWt1dXV5RcDt2m0hTPlLsf7g9peW/tw6sf/nh0tPfsuaTHN5P8der4zcD11J/NG9a3ZlymunvwrSY/wl2znrwOEFdH1y6OjTweub7bOrg/vfbM8+vQ7ElUGG8xa17vNXKIzSVXwXXoi1UU0WeLP2dM///XyFINv3qv8fdOZ8bVb5K4DhIQfDEefnnQDt16QKaw079hkqg2K1sMnUN1A2yqKsyeG/3pzKgfVLvyffTK/S/I6QEg6DQdeLEvdwK1r8+2EfmODmakXhz3uMq6uJmMJsfb9yxyG/3vznwUO+twgzHUDZwj+tosOhka5ZQqN6A1DYpaof//h5Z+/v/zwHqUtPlMIyWqQnSRUsE1hBJYAhOzpOTNJ6FFSe9IDSwBCJCGdniiRLIQlACEVXXDMyl0StlRI4eKDHcr3BHHCEoCQuSSUGeYx2oWKyW4sfA8RFVvUuW2wBCBkLQmnS8egV6igvGFtAzKnKuDBEoCQLS3IJOGKUFGtFBiQUbtRawSWAIRMqUcmCdcqC+HauQGZu+p3LBdhCUDIVhKWfgNUqLDODMiojkE98xSwBCCkojuO7uqFMOrWwqDJDUsAQpbUXb1JWPRd7XJNU8ASgJBSEg5WKYROt1YGTS5YAhAylYSb2iA8CIe7urr6YiWR+trv2fjDqwVC0WXSIVgCEDKkm44GbRBui5zNZuM4X0mmrFxMHNIAoY4YzCgKSwBCdjRtvqQNwjGxT/rbbwiXhqrmmehTDaG+GNQ8PgpLAEIqeuDY1QOh1xkW5nq52kmJx94+jjN6hZjIGdqEX41SnM0JfqeNM/jy5/xfGQ2hriUpRZ2+UhDqjEFJKVgCELKUhK1aIeyyb28PcX9fEZ1NS1xIiHGi1chZ/Fyvf4mb9HGhWFQctxqWuL5k/lyM4/rmlsRtYdIwVxxCuRh8xdf1v205yh7W1dX9ECQ2MgNLAEIquu9o1wphruc4ZjTMvVtz9q7FuEVB6LItiTWC1xMNcJNjK1ZvzLAodUeNuXO+zAOknxvyOnuLDtbIx+Bk+uiorsWSObxxeHR0ZAKEgJBtTehIwo1kp4Ubyq18cI7HDCuCELB91buW+dju4rhaiwRhTBzy9ubO+QydgvCrs6uTKzpW41X0NHjUH8p8BK6kJwMEp+thCUBIRd86zHqeCZ+J4SVx448aX5MQyyAWtoWja1LqOWN+72LYkMxA6BP6cueyEEp90bBo1wVhcOow+xnKbNTwitwcBSwBCCkl4bBWCDPjos9q+5o444GPW5KeCbvsPoNxiLMcSH+WDH4Jt5WYoUkMrOXPZTHNzG30lRgdVbB2MN3clv1MtCSCO82TxJYzwRKAkIr2HI16ktDbaxuzSJd1jUsQSuqt8S5JH+G1lcxUnVGKx7leLpQ/t5iFUAhz/lJTFPLLBzs6Ph4HRtJ4JgSEbGtWaxJ+Om+fzKw6lHIumcyuCfRnP+bmNvJfe0/OZRV2rpWcJzTIhGHgt/3cwf6W9ENzAhACwi80Cc8pxiWVXObv4obkJuttJRcRTmZ6oMGdhOmITwfujQQwWQ8IkYTHdI0puixq9Mq/tlZqHWEi80iY7YYe8vxIgtzielgCEFLRbcdtQhCSXUWhbEV9wFL4vAhLAEJ2NGyerUoINdSW0V3rCZYAhFR03fFjlUKopbyMvlJPsAQgrMok/LrCOvUf1xqGNlgCEDKkRsdetSah5jBMwRKAkK0knJCBsKaCOguhtjCMwhKAkCWZZZPQWEGdh5CLql7g64IlAOFnloSUIZR9gYZY7V9YAhDSUbvjfpVDqHYziggsAQjZUqt5uuohVFXwIgVLAELGtOt4wACEygsB3xVhCUDImC4xkYSc0pL4ehiEJQAhHTU4brIBoaLZCl0MwhKAkI42zd2sQCg/QOMSYQlAyJ4G2UlC2T5pBJYAhCxqnaEkzPZJi2LossESgJBJLTjuMAUhJxbG0BWBJQDhF5qEPruql0PtPr0QShhGzj4bulNRWAIQMqvueI8uCNXuaT+uH8Ish55jEN0ujxOWAIQsa6ZxQReEqtcqEYGQ46IRT+qupJTHaYMlACHTmtaZhNntzxRqnBSEzpS7DL1RWAIQ0krCQd0QKh12sRKBsODIjDsCSwBCVjURv8AUhEVfInU7YQlAyKauspWEnhKz9bonCmEJQEhFs/FHxCCcs6+tvdtuKh+EMi9x6w1DWAIQUkrCBlIQHuTHP+fKBKGCtb0RWAIQsqfh+EVCEH7ciaKtLBB6lKxl8sASgPALTsKDEwgXywBh1F3u4hawBCCkpFZiSfju454vxCEUlVeZccISgJAx1TfuEoLwWfmSUE29NbcNlgCEbGkzPk8IwrljBv9tIQuhumJrWneDgSUAIftJaLTL9EY1Quip0HYwsAQgpKQZYkloNPrH3r07WDm7WMmqC0INu1Forv4LSwBCKrKRS8ICsiQzS53GrVohFDXty+SBJQAhS7oav1U+CK3Hqw07tUEYdWvaGc0NSwBCllTb2F42CP3C6VkLlRAqLvhLapoClgCEdAZmypeE/k/X8oZUQ+h0a2VQ675MsAQgpCKxbEm4cWpBfY1KCEWXSYdgCUDI0sBMfIAUhFa79AhYk8zNElrGzpS1sKqCUEcMat8mFJYAhFRkaDSTgTBUc4ybvdNq7fSerS0zpgJCfTGoeXwUlgCEdLqjhJLQ6pWr8GRRDKHOGNS8PxosAQjpiEwS+uXLrPkVQigTg4mpYLlGZmAJQEhH8TgBCBcV1DocUwahXAy+/g0QAsLPTGazQT+EPqu8fIogLByDibcPmxNHV/gf2kwJCcLc0atmvu7IZDrk+cPjU/qm62EJQEhHA3GRyMAMoUJPRSDkHx4m+MPQw6mgBOFk9uiI3w+tTgX3RxJpPp07FdQ3RwFLAEJmk5BoBe6CawcTzW2mnZE2y2s+IUGYO0qnTYH9qeBO874llD+V0LecCZYAhLSSsLaSEHplB2YKLR9MjARMr/iM0hKE+aN70l9vg8FVnr8Ryp/CMyEgZFHtZl3d0RqVEG7IT1EYzodhZkh0ZyoYDKbbMkmYPdoZeR18PRUMhQLp3+7lvwSEgJBF3YrX64HQYu1Uo0VF+xPazi4izI7G8PvBHX5SOswdHbYE2t6OBA5H2gL/uJf/EpP1gJDNJNTVHS3TJqGeApODUpezfz97mD1KjPD8Vn/IckPqlLblv9S3uB6WAIS0kvBqFUJYcEV90HL6yJIbDQ0ETn8pSYQlACFD2jXbqhFCDbVldNd6giUAIR3Nx2eqE0It5WX0lXqCJQAhrSSsr1IItYehDZYAhGwl4XrVQqgxDFOwBCBEEpKCUFsYRmEJQMiULjpaS0NoqRyDlgLFf6OuClWYgSUAIS01mEtOUdiLF9QmL79gP38Hhoi6Nb6aa//CEoCQkp7Hh0t93SR4N6wV0oZXaCp0D+o2o4jAEoDw80pCbkWooJJFbkJFwYsULAEIWdOj+GzpCyxJe4WUtBS9CcWFgO+KsAQgZE2D5hkm7lNZSXw9DMISgJCSLsQnGLlTT5kZhCUAIZJQTrIDNC4RlgCEDKonPs3OzZbuk0ZgCUDIpBbM6yzdrqcohi4bLAEIWU3CbqbuVyyMoSsCSwBCJGHFMIycfTZ0p6KwBCBkV3fiC+zdtBjxHIPodnmcsAQgZFrdzCXhiWzRaOY50ABLAEK2dTM+iEaAJdDidJNwE40AS6DF6SZhAxoBlkCL09S0uRWNAEugxWnql/guGgGWQIsjCWEJtPgXrG/j7WgEWAItTlMT5mE0AiyBFqepvbgZjQBLoMWRhLAEWvyLTsJGNAIsgRanqVkkISyBFqerH+PX0QiwBKUWvwhl9GT+CRrh/+3TIQEAAAgDME+q90+FQGERqK3DhoTfUrDECgAAAAAAAAAAAAAAAAAAAAAAAACuGn/Y0tM/Wi8TAAAAAElFTkSuQmCC" alt="Content Trust components"></p> <blockquote class="warning"> <p><strong>WARNING</strong></p> <p>Loss of the root key is <strong>very difficult</strong> to recover from. Correcting this loss requires intervention from <a href="https://support.docker.com">Docker Support</a> to reset the repository state. This loss also requires <strong>manual intervention</strong> from every consumer that used a signed tag from this repository prior to the loss.</p> </blockquote> <p>You should back up the root key somewhere safe. Given that it is only required to create new repositories, it is a good idea to store it offline in hardware. For details on securing, and backing up your keys, make sure you read how to <a href="trust_key_mng/index">manage keys for DCT</a>.</p> <h2 id="signing-images-with-docker-content-trust">Signing Images with Docker Content Trust</h2> <p>Within the Docker CLI we can sign and push a container image with the <code class="language-plaintext highlighter-rouge">$ docker trust</code> command syntax. This is built on top of the Notary feature set. For more information, see the <a href="https://github.com/theupdateframework/notary" target="_blank" rel="noopener" class="_">Notary GitHub repository</a>.</p> <p>A prerequisite for signing an image is a Docker Registry with a Notary server attached (Such as the Docker Hub ). Instructions for standing up a self-hosted environment can be found <a href="deploying_notary/index">here</a>.</p> <p>To sign a Docker Image you will need a delegation key pair. These keys can be generated locally using <code class="language-plaintext highlighter-rouge">$ docker trust key generate</code> or generated by a certificate authority.</p> <p>First we will add the delegation private key to the local Docker trust repository. (By default this is stored in <code class="language-plaintext highlighter-rouge">~/.docker/trust/</code>). If you are generating delegation keys with <code class="language-plaintext highlighter-rouge">$ docker trust key generate</code>, the private key is automatically added to the local trust store. If you are importing a separate key, you will need to use the <code class="language-plaintext highlighter-rouge">$ docker trust key load</code> command.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key generate jeff
+Generating key for jeff...
+Enter passphrase for new jeff key with ID 9deed25:
+Repeat passphrase for new jeff key with ID 9deed25:
+Successfully generated and loaded private key. Corresponding public key available: /home/ubuntu/Documents/mytrustdir/jeff.pub
+</pre></div> <p>Or if you have an existing key:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key load key.pem --name jeff
+Loading key from "key.pem"...
+Enter passphrase for new jeff key with ID 8ae710e:
+Repeat passphrase for new jeff key with ID 8ae710e:
+Successfully imported key from key.pem
+</pre></div> <p>Next we will need to add the delegation public key to the Notary server; this is specific to a particular image repository in Notary known as a Global Unique Name (GUN). If this is the first time you are adding a delegation to that repository, this command will also initiate the repository, using a local Notary canonical root key. To understand more about initiating a repository, and the role of delegations, head to <a href="trust_delegation/index">delegations for content trust</a>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer add --key cert.pem jeff registry.example.com/admin/demo
+Adding signer "jeff" to registry.example.com/admin/demo...
+Enter passphrase for new repository key with ID 10b5e94:
+</pre></div> <p>Finally, we will use the delegation private key to sign a particular tag and push it up to the registry.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust sign registry.example.com/admin/demo:1
+Signing and pushing trust data for local image registry.example.com/admin/demo:1, may overwrite remote trust data
+The push refers to repository [registry.example.com/admin/demo]
+7bff100f35cb: Pushed
+1: digest: sha256:3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e size: 528
+Signing and pushing trust metadata
+Enter passphrase for signer key with ID 8ae710e:
+Successfully signed registry.example.com/admin/demo:1
+</pre></div> <p>Alternatively, once the keys have been imported an image can be pushed with the <code class="language-plaintext highlighter-rouge">$ docker push</code> command, by exporting the DCT environmental variable.</p> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_CONTENT_TRUST=1
+
+$ docker push registry.example.com/admin/demo:1
+The push refers to repository [registry.example.com/admin/demo:1]
+7bff100f35cb: Pushed
+1: digest: sha256:3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e size: 528
+Signing and pushing trust metadata
+Enter passphrase for signer key with ID 8ae710e:
+Successfully signed registry.example.com/admin/demo:1
+</pre></div> <p>Remote trust data for a tag or a repository can be viewed by the <code class="language-plaintext highlighter-rouge">$ docker trust inspect</code> command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty registry.example.com/admin/demo:1
+
+Signatures for registry.example.com/admin/demo:1
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+1                   3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e   jeff
+
+List of signers and their keys for registry.example.com/admin/demo:1
+
+SIGNER              KEYS
+jeff                8ae710e3ba82
+
+Administrative keys for registry.example.com/admin/demo:1
+
+  Repository Key:	10b5e94c916a0977471cc08fa56c1a5679819b2005ba6a257aa78ce76d3a1e27
+  Root Key:	84ca6e4416416d78c4597e754f38517bea95ab427e5f95871f90d460573071fc
+</pre></div> <p>Remote Trust data for a tag can be removed by the <code class="language-plaintext highlighter-rouge">$ docker trust revoke</code> command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust revoke registry.example.com/admin/demo:1
+Enter passphrase for signer key with ID 8ae710e:
+Successfully deleted signature for registry.example.com/admin/demo:1
+</pre></div> <h2 id="client-enforcement-with-docker-content-trust">Client Enforcement with Docker Content Trust</h2> <p>Content trust is disabled by default in the Docker Client. To enable it, set the <code class="language-plaintext highlighter-rouge">DOCKER_CONTENT_TRUST</code> environment variable to <code class="language-plaintext highlighter-rouge">1</code>. This prevents users from working with tagged images unless they contain a signature.</p> <p>When DCT is enabled in the Docker client, <code class="language-plaintext highlighter-rouge">docker</code> CLI commands that operate on tagged images must either have content signatures or explicit content hashes. The commands that operate with DCT are:</p> <ul> <li><code class="language-plaintext highlighter-rouge">push</code></li> <li><code class="language-plaintext highlighter-rouge">build</code></li> <li><code class="language-plaintext highlighter-rouge">create</code></li> <li><code class="language-plaintext highlighter-rouge">pull</code></li> <li><code class="language-plaintext highlighter-rouge">run</code></li> </ul> <p>For example, with DCT enabled a <code class="language-plaintext highlighter-rouge">docker pull someimage:latest</code> only succeeds if <code class="language-plaintext highlighter-rouge">someimage:latest</code> is signed. However, an operation with an explicit content hash always succeeds as long as the hash exists:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker pull registry.example.com/user/image:1
+Error: remote trust data does not exist for registry.example.com/user/image: registry.example.com does not have trust data for registry.example.com/user/image
+
+$ docker pull registry.example.com/user/image@sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a
+sha256:ee7491c9c31db1ffb7673d91e9fac5d6354a89d0e97408567e09df069a1687c1: Pulling from user/image
+ff3a5c916c92: Pull complete
+a59a168caba3: Pull complete
+Digest: sha256:ee7491c9c31db1ffb7673d91e9fac5d6354a89d0e97408567e09df069a1687c1
+Status: Downloaded newer image for registry.example.com/user/image@sha256:ee7491c9c31db1ffb7673d91e9fac5d6354a89d0e97408567e09df069a1687c1
+</pre></div> <h2 id="related-information">Related information</h2> <ul> <li><a href="trust_delegation/index">Delegations for content trust</a></li> <li><a href="trust_automation/index">Automation with content trust</a></li> <li><a href="trust_key_mng/index">Manage keys for content trust</a></li> <li><a href="trust_sandbox/index">Play in a content trust sandbox</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=content">content</a>, <a href="https://docs.docker.com/search/?q=trust">trust</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/trust/" class="_attribution-link">https://docs.docker.com/engine/security/trust/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_automation%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_automation%2Findex.html
new file mode 100644
index 00000000..fbdbd7ea
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_automation%2Findex.html
@@ -0,0 +1,48 @@
+<h1>Automation with content trust</h1>
+
+<p>It is very common for Docker Content Trust to be built into existing automation systems. To allow tools to wrap Docker and push trusted content, there are environment variables that can be passed through to the client.</p> <p>This guide follows the steps as described <a href="../index#signing-images-with-docker-content-trust">here</a> so please read that and understand its prerequisites.</p> <p>When working directly with the Notary client, it uses its <a href="https://github.com/theupdateframework/notary/blob/master/docs/reference/client-config/#environment-variables-optional" target="_blank" rel="noopener" class="_">own set of environment variables</a>.</p> <h2 id="add-a-delegation-private-key">Add a delegation private key</h2> <p>To automate importing a delegation private key to the local Docker trust store, we need to pass a passphrase for the new key. This passphrase will be required everytime that delegation signs a tag.</p> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphrase123"
+
+$ docker trust key load delegation.key --name jeff
+Loading key from "delegation.key"...
+Successfully imported key from delegation.key
+</pre></div> <h2 id="add-a-delegation-public-key">Add a delegation public key</h2> <p>If you initialising a repository at the same time as adding a Delegation public key, then you will need to use the local Notary Canonical Root Key’s passphrase to create the repositories trust data. If the repository has already been initiated then you only need the repositories passphrase.</p> <div class="highlight"><pre class="highlight" data-language=""># Export the Local Root Key Passphrase if required.
+$ export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="rootpassphrase123"
+
+# Export the Repository Passphrase
+$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="repopassphrase123"
+
+# Initialise Repo and Push Delegation
+$ docker trust signer add --key delegation.crt jeff registry.example.com/admin/demo
+Adding signer "jeff" to registry.example.com/admin/demo...
+Initializing signed repository for registry.example.com/admin/demo...
+Successfully initialized "registry.example.com/admin/demo"
+Successfully added signer: registry.example.com/admin/demo
+</pre></div> <h2 id="sign-an-image">Sign an image</h2> <p>Finally when signing an image, we will need to export the passphrase of the signing key. This was created when the key was loaded into the local Docker trust store with <code class="language-plaintext highlighter-rouge">$ docker trust key load</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphrase123"
+
+$ docker trust sign registry.example.com/admin/demo:1
+Signing and pushing trust data for local image registry.example.com/admin/demo:1, may overwrite remote trust data
+The push refers to repository [registry.example.com/admin/demo]
+428c97da766c: Layer already exists
+2: digest: sha256:1a6fd470b9ce10849be79e99529a88371dff60c60aab424c077007f6979b4812 size: 524
+Signing and pushing trust metadata
+Successfully signed registry.example.com/admin/demo:1
+</pre></div> <h2 id="build-with-content-trust">Build with content trust</h2> <p>You can also build with content trust. Before running the <code class="language-plaintext highlighter-rouge">docker build</code> command, you should set the environment variable <code class="language-plaintext highlighter-rouge">DOCKER_CONTENT_TRUST</code> either manually or in a scripted fashion. Consider the simple Dockerfile below.</p> <div class="highlight"><pre class="highlight" data-language=""># syntax=docker/dockerfile:1
+FROM docker/trusttest:latest
+RUN echo
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">FROM</code> tag is pulling a signed image. You cannot build an image that has a <code class="language-plaintext highlighter-rouge">FROM</code> that is not either present locally or signed. Given that content trust data exists for the tag <code class="language-plaintext highlighter-rouge">latest</code>, the following build should succeed:</p> <div class="highlight"><pre class="highlight" data-language="">$  docker build -t docker/trusttest:testing .
+Using default tag: latest
+latest: Pulling from docker/trusttest
+
+b3dbab3810fc: Pull complete
+a9539b34a6ab: Pull complete
+Digest: sha256:d149ab53f871
+</pre></div> <p>If content trust is enabled, building from a Dockerfile that relies on tag without trust data, causes the build command to fail:</p> <div class="highlight"><pre class="highlight" data-language="">$  docker build -t docker/trusttest:testing .
+unable to process Dockerfile: No trust data for notrust
+</pre></div> <h2 id="related-information">Related information</h2> <ul> <li><a href="../trust_delegation/index">Delegations for content trust</a></li> <li><a href="../index">Content trust in Docker</a></li> <li><a href="../trust_key_mng/index">Manage keys for content trust</a></li> <li><a href="../trust_sandbox/index">Play in a content trust sandbox</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=trust">trust</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=automation">automation</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/trust/trust_automation/" class="_attribution-link">https://docs.docker.com/engine/security/trust/trust_automation/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_delegation%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_delegation%2Findex.html
new file mode 100644
index 00000000..e219395c
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_delegation%2Findex.html
@@ -0,0 +1,197 @@
+<h1>Delegations for content trust</h1>
+
+<p>Delegations in Docker Content Trust (DCT) allow you to control who can and cannot sign an image tag. A delegation will have a pair of private and public delegation keys. A delegation could contain multiple pairs of keys and contributors in order to a) allow multiple users to be part of a delegation, and b) to support key rotation.</p> <p>The most important delegation within Docker Content Trust is <code class="language-plaintext highlighter-rouge">targets/releases</code>. This is seen as the canonical source of a trusted image tag, and without a contributor’s key being under this delegation, they will be unable to sign a tag.</p> <p>Fortunately when using the <code class="language-plaintext highlighter-rouge">$ docker trust</code> commands, we will automatically initialize a repository, manage the repository keys, and add a collaborator’s key to the <code class="language-plaintext highlighter-rouge">targets/releases</code> delegation via <code class="language-plaintext highlighter-rouge">docker trust signer add</code>.</p> <h2 id="configuring-the-docker-client">Configuring the Docker Client</h2> <p>By default, the <code class="language-plaintext highlighter-rouge">$ docker trust</code> commands expect the notary server URL to be the same as the registry URL specified in the image tag (following a similar logic to <code class="language-plaintext highlighter-rouge">$ docker push</code>). When using Docker Hub or DTR, the notary server URL is the same as the registry URL. However, for self-hosted environments or 3rd party registries, you will need to specify an alternative URL for the notary server. This is done with:</p> <div class="highlight"><pre class="highlight" data-language="">$ export DOCKER_CONTENT_TRUST_SERVER=https://&lt;URL&gt;:&lt;PORT&gt;
+</pre></div> <p>If you do not export this variable in self-hosted environments, you may see errors such as:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer add --key cert.pem jeff registry.example.com/admin/demo
+Adding signer "jeff" to registry.example.com/admin/demo...
+&lt;...&gt;
+Error: trust data missing for remote repository registry.example.com/admin/demo or remote repository not found: timestamp key trust data unavailable.  Has a notary repository been initialized?
+
+$ docker trust inspect registry.example.com/admin/demo --pretty
+WARN[0000] Error while downloading remote metadata, using cached timestamp - this might not be the latest version available remotely
+&lt;...&gt;
+</pre></div> <p>If you have enabled authentication for your notary server, or are using DTR, you will need to log in before you can push data to the notary server.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker login registry.example.com/user/repo
+Username: admin
+Password:
+
+Login Succeeded
+
+$ docker trust signer add --key cert.pem jeff registry.example.com/user/repo
+Adding signer "jeff" to registry.example.com/user/repo...
+Initializing signed repository for registry.example.com/user/repo...
+Successfully initialized "registry.example.com/user/repo"
+Successfully added signer: jeff to registry.example.com/user/repo
+</pre></div> <p>If you do not log in, you will see:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer add --key cert.pem jeff registry.example.com/user/repo
+Adding signer "jeff" to registry.example.com/user/repo...
+Initializing signed repository for registry.example.com/user/repo...
+you are not authorized to perform this operation: server returned 401.
+
+Failed to add signer to: registry.example.com/user/repo
+</pre></div> <h2 id="configuring-the-notary-client">Configuring the Notary Client</h2> <p>Some of the more advanced features of DCT require the Notary CLI. To install and configure the Notary CLI:</p> <ol> <li> <p>Download the <a href="https://github.com/theupdateframework/notary/releases">client</a> and ensure that it is available on your path.</p> </li> <li> <p>Create a configuration file at <code class="language-plaintext highlighter-rouge">~/.notary/config.json</code> with the following content:</p> </li> </ol> <div class="highlight"><pre class="highlight" data-language="">{
+  "trust_dir" : "~/.docker/trust",
+  "remote_server": {
+    "url": "https://registry.example.com",
+    "root_ca": "../.docker/ca.pem"
+  }
+}
+</pre></div> <p>The newly created configuration file contains information about the location of your local Docker trust data and the notary server URL.</p> <p>For more detailed information about how to use notary outside of the Docker Content Trust use cases, refer to the Notary CLI documentation <a href="https://github.com/theupdateframework/notary/blob/master/docs/command_reference/" target="_blank" rel="noopener" class="_">here</a></p> <h2 id="creating-delegation-keys">Creating Delegation Keys</h2> <p>A prerequisite to adding your first contributor is a pair of delegation keys. These keys can either be generated locally using <code class="language-plaintext highlighter-rouge">$ docker trust</code>, generated by a certificate authority.</p> <h3 id="using-docker-trust-to-generate-keys">Using Docker Trust to Generate Keys</h3> <p>Docker trust has a built-in generator for a delegation key pair, <code class="language-plaintext highlighter-rouge">$ docker trust generate &lt;name&gt;</code>. Running this command will automatically load the delegation private key in to the local Docker trust store.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key generate jeff
+
+Generating key for jeff...
+Enter passphrase for new jeff key with ID 9deed25: 
+Repeat passphrase for new jeff key with ID 9deed25: 
+Successfully generated and loaded private key. Corresponding public key available: /home/ubuntu/Documents/mytrustdir/jeff.pub
+</pre></div> <h3 id="manually-generating-keys">Manually Generating Keys</h3> <p>If you need to manually generate a private key (either RSA or ECDSA) and a x509 certificate containing the public key, you can use local tools like openssl or cfssl along with a local or company-wide Certificate Authority.</p> <p>Here is an example of how to generate a 2048-bit RSA portion key (all RSA keys must be at least 2048 bits):</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl genrsa -out delegation.key 2048
+
+Generating RSA private key, 2048 bit long modulus
+....................................................+++
+............+++
+e is 65537 (0x10001)
+</pre></div> <p>They should keep <code class="language-plaintext highlighter-rouge">delegation.key</code> private because it is used to sign tags.</p> <p>Then they need to generate an x509 certificate containing the public key, which is what you need from them. Here is the command to generate a CSR (certificate signing request):</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl req -new -sha256 -key delegation.key -out delegation.csr
+</pre></div> <p>Then they can send it to whichever CA you trust to sign certificates, or they can self-sign the certificate (in this example, creating a certificate that is valid for 1 year):</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl x509 -req -sha256 -days 365 -in delegation.csr -signkey delegation.key -out delegation.crt
+</pre></div> <p>Then they need to give you <code class="language-plaintext highlighter-rouge">delegation.crt</code>, whether it is self-signed or signed by a CA.</p> <p>Finally you will need to add the private key into your local Docker trust store.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust key load delegation.key --name jeff
+
+Loading key from "delegation.key"...
+Enter passphrase for new jeff key with ID 8ae710e: 
+Repeat passphrase for new jeff key with ID 8ae710e: 
+Successfully imported key from delegation.key
+</pre></div> <h3 id="viewing-local-delegation-keys">Viewing local Delegation keys</h3> <p>To list the keys that have been imported in to the local Docker trust store we can use the Notary CLI.</p> <div class="highlight"><pre class="highlight" data-language="">$ notary key list
+
+ROLE       GUN                          KEY ID                                                              LOCATION
+----       ---                          ------                                                              --------
+root                                    f6c6a4b00fefd8751f86194c7d87a3bede444540eb3378c4a11ce10852ab1f96    /home/ubuntu/.docker/trust/private
+jeff                                    9deed251daa1aa6f9d5f9b752847647cf8d705da0763aa5467650d0987ed5306    /home/ubuntu/.docker/trust/private
+</pre></div> <h2 id="managing-delegations-in-a-notary-server">Managing Delegations in a Notary Server</h2> <p>When the first Delegation is added to the Notary Server using <code class="language-plaintext highlighter-rouge">$ docker trust</code>, we automatically initiate trust data for the repository. This includes creating the notary target and snapshots keys, and rotating the snapshot key to be managed by the notary server. More information on these keys can be found <a href="../trust_key_mng/index">here</a></p> <p>When initiating a repository, you will need the key and the passphrase of a local Notary Canonical Root Key. If you have not initiated a repository before, and therefore don’t have a Notary root key, <code class="language-plaintext highlighter-rouge">$ docker trust</code> will create one for you.</p> <blockquote> <p>Be sure to protect and back up your <a href="../trust_key_mng/index">Notary Canonical Root Key</a></p> </blockquote> <h3 id="initiating-the-repository">Initiating the Repository</h3> <p>To upload the first key to a delegation, at the same time initiating a repository, you can use the <code class="language-plaintext highlighter-rouge">$ docker trust signer add</code> command. This will add the contributor’s public key to the <code class="language-plaintext highlighter-rouge">targets/releases</code> delegation, and create a second <code class="language-plaintext highlighter-rouge">targets/&lt;name&gt;</code> delegation.</p> <p>For DCT the name of the second delegation, in the below example <code class="language-plaintext highlighter-rouge">jeff</code>, is there to help you keep track of the owner of the keys. In more advanced use cases of Notary additional delegations are used for hierarchy.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer add --key cert.pem jeff registry.example.com/admin/demo
+
+Adding signer "jeff" to registry.example.com/admin/demo...
+Initializing signed repository for registry.example.com/admin/demo...
+Enter passphrase for root key with ID f6c6a4b: 
+Enter passphrase for new repository key with ID b0014f8: 
+Repeat passphrase for new repository key with ID b0014f8: 
+Successfully initialized "registry.example.com/admin/demo"
+Successfully added signer: jeff to registry.example.com/admin/demo
+</pre></div> <p>You can see which keys have been pushed to the Notary server for each repository with the <code class="language-plaintext highlighter-rouge">$ docker trust inspect</code> command.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty registry.example.com/admin/demo
+
+No signatures for registry.example.com/admin/demo
+
+
+List of signers and their keys for registry.example.com/admin/demo
+
+SIGNER              KEYS
+jeff                1091060d7bfd
+
+Administrative keys for registry.example.com/admin/demo
+
+  Repository Key:	b0014f8e4863df2d028095b74efcb05d872c3591de0af06652944e310d96598d
+  Root Key:	64d147e59e44870311dd2d80b9f7840039115ef3dfa5008127d769a5f657a5d7
+</pre></div> <p>You could also use the Notary CLI to list delegations and keys. Here you can clearly see the keys were attached to <code class="language-plaintext highlighter-rouge">targets/releases</code> and <code class="language-plaintext highlighter-rouge">targets/jeff</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ notary delegation list registry.example.com/admin/demo
+
+ROLE                PATHS             KEY IDS                                                             THRESHOLD
+----                -----             -------                                                             ---------
+targets/jeff        "" &lt;all paths&gt;    1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1    1
+                                          
+targets/releases    "" &lt;all paths&gt;    1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1    1 
+</pre></div> <h3 id="adding-additional-signers">Adding Additional Signers</h3> <p>Docker Trust allows you to configure multiple delegations per repository, allowing you to manage the lifecycle of delegations. When adding additional delegations with <code class="language-plaintext highlighter-rouge">$ docker trust</code> the collaborators key is once again added to the <code class="language-plaintext highlighter-rouge">targets/release</code> role.</p> <blockquote> <p>Note you will need the passphrase for the repository key; this would have been configured when you first initiated the repository.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer add --key ben.pub ben registry.example.com/admin/demo
+
+Adding signer "ben" to registry.example.com/admin/demo...
+Enter passphrase for repository key with ID b0014f8: 
+Successfully added signer: ben to registry.example.com/admin/demo
+</pre></div> <p>Check to prove that there are now 2 delegations (Signer).</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty registry.example.com/admin/demo
+
+No signatures for registry.example.com/admin/demo
+
+List of signers and their keys for registry.example.com/admin/demo
+
+SIGNER              KEYS
+ben                 afa404703b25
+jeff                1091060d7bfd
+
+Administrative keys for registry.example.com/admin/demo
+
+  Repository Key:	b0014f8e4863df2d028095b74efcb05d872c3591de0af06652944e310d96598d
+  Root Key:	64d147e59e44870311dd2d80b9f7840039115ef3dfa5008127d769a5f657a5d7
+</pre></div> <h3 id="adding-keys-to-an-existing-delegation">Adding Keys to an Existing Delegation</h3> <p>To support things like key rotation and expiring / retiring keys you can publish multiple contributor keys per delegation. The only prerequisite here is to make sure you use the same the delegation name, in this case <code class="language-plaintext highlighter-rouge">jeff</code>. Docker trust will automatically handle adding this new key to <code class="language-plaintext highlighter-rouge">targets/releases</code>.</p> <blockquote> <p>Note you will need the passphrase for the repository key; this would have been configured when you first initiated the repository.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer add --key cert2.pem jeff registry.example.com/admin/demo
+
+Adding signer "jeff" to registry.example.com/admin/demo...
+Enter passphrase for repository key with ID b0014f8: 
+Successfully added signer: jeff to registry.example.com/admin/demo
+</pre></div> <p>Check to prove that the delegation (Signer) now contains multiple Key IDs.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty registry.example.com/admin/demo
+
+No signatures for registry.example.com/admin/demo
+
+
+List of signers and their keys for registry.example.com/admin/demo
+
+SIGNER              KEYS
+jeff                1091060d7bfd, 5570b88df073
+
+Administrative keys for registry.example.com/admin/demo
+
+  Repository Key:	b0014f8e4863df2d028095b74efcb05d872c3591de0af06652944e310d96598d
+  Root Key:	64d147e59e44870311dd2d80b9f7840039115ef3dfa5008127d769a5f657a5d7
+</pre></div> <h3 id="removing-a-delegation">Removing a Delegation</h3> <p>If you need to remove a delegation, including the contributor keys that are attached to the <code class="language-plaintext highlighter-rouge">targets/releases</code> role, you can use the <code class="language-plaintext highlighter-rouge">$ docker trust signer remove</code> command.</p> <blockquote> <p>Note tags that were signed by the removed delegation will need to be resigned by an active delegation</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer remove registry.example.com/admin/demo
+Removing signer "ben" from registry.example.com/admin/demo...
+Enter passphrase for repository key with ID b0014f8: 
+Successfully removed ben from registry.example.com/admin/demo
+</pre></div> <h4 id="troubleshooting">Troubleshooting</h4> <p>1) If you see an error that there are no usable keys in <code class="language-plaintext highlighter-rouge">targets/releases</code>, you will need to add additional delegations using <code class="language-plaintext highlighter-rouge">docker trust signer add</code> before resigning images.</p> <div class="highlight"><pre class="highlight" data-language="">WARN[0000] role targets/releases has fewer keys than its threshold of 1; it will not be usable until keys are added to it
+</pre></div> <p>2) If you have added additional delegations already and are seeing an error message that there are no valid signatures in <code class="language-plaintext highlighter-rouge">targest/releases</code>, you will need to resign the <code class="language-plaintext highlighter-rouge">targets/releases</code> delegation file with the Notary CLI.</p> <div class="highlight"><pre class="highlight" data-language="">WARN[0000] Error getting targets/releases: valid signatures did not meet threshold for targets/releases 
+</pre></div> <p>Resigning the delegation file is done with the <code class="language-plaintext highlighter-rouge">$ notary witness</code> command</p> <div class="highlight"><pre class="highlight" data-language="">$ notary witness registry.example.com/admin/demo targets/releases --publish
+</pre></div> <p>More information on the <code class="language-plaintext highlighter-rouge">$ notary witness</code> command can be found <a href="https://github.com/theupdateframework/notary/blob/master/docs/advanced_usage/#recovering-a-delegation" target="_blank" rel="noopener" class="_">here</a></p> <h3 id="removing-a-contributors-key-from-a-delegation">Removing a Contributor’s Key from a Delegation</h3> <p>As part of rotating keys for a delegation, you may want to remove an individual key but retain the delegation. This can be done with the Notary CLI.</p> <p>Remember you will have to remove the key from both the <code class="language-plaintext highlighter-rouge">targets/releases</code> role and the role specific to that signer <code class="language-plaintext highlighter-rouge">targets/&lt;name&gt;</code>.</p> <p>1) We will need to grab the Key ID from the Notary Server</p> <div class="highlight"><pre class="highlight" data-language="">$ notary delegation list registry.example.com/admin/demo
+
+ROLE                PATHS             KEY IDS                                                             THRESHOLD
+----                -----             -------                                                             ---------
+targets/jeff        "" &lt;all paths&gt;    8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9    1
+                                      1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1    
+targets/releases    "" &lt;all paths&gt;    8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9    1
+                                      1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1    
+</pre></div> <p>2) Remove from the <code class="language-plaintext highlighter-rouge">targets/releases</code> delegation</p> <div class="highlight"><pre class="highlight" data-language="">$ notary delegation remove registry.example.com/admin/demo targets/releases 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 --publish
+
+Auto-publishing changes to registry.example.com/admin/demo
+Enter username: admin
+Enter password: 
+Enter passphrase for targets key with ID b0014f8: 
+Successfully published changes for repository registry.example.com/admin/demo
+</pre></div> <p>3) Remove from the <code class="language-plaintext highlighter-rouge">targets/&lt;name&gt;</code> delegation</p> <div class="highlight"><pre class="highlight" data-language="">$ notary delegation remove registry.example.com/admin/demo targets/jeff 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 --publish
+
+Removal of delegation role targets/jeff with keys [5570b88df0736c468493247a07e235e35cf3641270c944d0e9e8899922fc6f99], to repository "registry.example.com/admin/demo" staged for next publish.
+
+Auto-publishing changes to registry.example.com/admin/demo
+Enter username: admin    
+Enter password: 
+Enter passphrase for targets key with ID b0014f8: 
+Successfully published changes for repository registry.example.com/admin/demo
+</pre></div> <p>4) Check the remaining delegation list</p> <div class="highlight"><pre class="highlight" data-language="">$ notary delegation list registry.example.com/admin/demo
+
+ROLE                PATHS             KEY IDS                                                             THRESHOLD
+----                -----             -------                                                             ---------
+targets/jeff        "" &lt;all paths&gt;    8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9    1    
+targets/releases    "" &lt;all paths&gt;    8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9    1    
+</pre></div> <h3 id="removing-a-local-delegation-private-key">Removing a local Delegation Private Key</h3> <p>As part of rotating delegation keys, you may need to remove a local delegation key from the local Docker trust store. This is done with the Notary CLI, using the <code class="language-plaintext highlighter-rouge">$ notary key remove</code> command.</p> <p>1) We will need to get the Key ID from the local Docker Trust store</p> <div class="highlight"><pre class="highlight" data-language="">$ notary key list
+
+ROLE       GUN                          KEY ID                                                              LOCATION
+----       ---                          ------                                                              --------
+root                                    f6c6a4b00fefd8751f86194c7d87a3bede444540eb3378c4a11ce10852ab1f96    /home/ubuntu/.docker/trust/private
+admin                                   8fb597cbaf196f0781628b2f52bff6b3912e4e8075720378fda60d17232bbcf9    /home/ubuntu/.docker/trust/private
+jeff                                    1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1    /home/ubuntu/.docker/trust/private
+targets    ...example.com/admin/demo    c819f2eda8fba2810ec6a7f95f051c90276c87fddfc3039058856fad061c009d    /home/ubuntu/.docker/trust/private
+</pre></div> <p>2) Remove the key from the local Docker Trust store</p> <div class="highlight"><pre class="highlight" data-language="">$ notary key remove 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1
+
+Are you sure you want to remove 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 (role jeff) from /home/ubuntu/.docker/trust/private?  (yes/no)  y
+
+Deleted 1091060d7bfd938dfa5be703fa057974f9322a4faef6f580334f3d6df44c02d1 (role jeff) from /home/ubuntu/.docker/trust/private.
+</pre></div> <h2 id="removing-all-trust-data-from-a-repository">Removing all trust data from a Repository</h2> <p>You can remove all trust data from a repository, including repository, target, snapshot and all delegations keys using the Notary CLI.</p> <p>This is often required by a container registry before a particular repository can be deleted.</p> <div class="highlight"><pre class="highlight" data-language="">$ notary delete registry.example.com/admin/demo --remote
+
+Deleting trust data for repository registry.example.com/admin/demo
+Enter username: admin
+Enter password: 
+Successfully deleted local and remote trust data for repository registry.example.com/admin/demo
+
+$ docker trust inspect --pretty registry.example.com/admin/demo
+
+No signatures or cannot access registry.example.com/admin/demo
+</pre></div> <h2 id="related-information">Related information</h2> <ul> <li><a href="../index">Content trust in Docker</a></li> <li><a href="../trust_key_mng/index">Manage keys for content trust</a></li> <li><a href="../trust_automation/index">Automation with content trust</a></li> <li><a href="../trust_sandbox/index">Play in a content trust sandbox</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=trust">trust</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=delegations">delegations</a>, <a href="https://docs.docker.com/search/?q=keys">keys</a>, <a href="https://docs.docker.com/search/?q=repository">repository</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/trust/trust_delegation/" class="_attribution-link">https://docs.docker.com/engine/security/trust/trust_delegation/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_key_mng%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_key_mng%2Findex.html
new file mode 100644
index 00000000..e018b171
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_key_mng%2Findex.html
@@ -0,0 +1,12 @@
+<h1>Manage keys for content trust</h1>
+
+<p>Trust for an image tag is managed through the use of keys. Docker’s content trust makes use of five different types of keys:</p> <table> <thead> <tr> <th style="text-align: left">Key</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">root key</td> <td style="text-align: left">Root of content trust for an image tag. When content trust is enabled, you create the root key once. Also known as the offline key, because it should be kept offline.</td> </tr> <tr> <td style="text-align: left">targets</td> <td style="text-align: left">This key allows you to sign image tags, to manage delegations including delegated keys or permitted delegation paths. Also known as the repository key, since this key determines what tags can be signed into an image repository.</td> </tr> <tr> <td style="text-align: left">snapshot</td> <td style="text-align: left">This key signs the current collection of image tags, preventing mix and match attacks.</td> </tr> <tr> <td style="text-align: left">timestamp</td> <td style="text-align: left">This key allows Docker image repositories to have freshness security guarantees without requiring periodic content refreshes on the client’s side.</td> </tr> <tr> <td style="text-align: left">delegation</td> <td style="text-align: left">Delegation keys are optional tagging keys and allow you to delegate signing image tags to other publishers without having to share your targets key.</td> </tr> </tbody> </table> <p>When doing a <code class="language-plaintext highlighter-rouge">docker push</code> with Content Trust enabled for the first time, the root, targets, snapshot, and timestamp keys are generated automatically for the image repository:</p> <ul> <li> <p>The root and targets key are generated and stored locally client-side.</p> </li> <li> <p>The timestamp and snapshot keys are safely generated and stored in a signing server that is deployed alongside the Docker registry. These keys are generated in a backend service that isn’t directly exposed to the internet and are encrypted at rest.</p> </li> </ul> <p>Delegation keys are optional, and not generated as part of the normal <code class="language-plaintext highlighter-rouge">docker</code> workflow. They need to be <a href="../trust_delegation/index#creating-delegation-keys">manually generated and added to the repository</a>.</p> <p><strong>Note</strong>: Prior to Docker Engine 1.11, the snapshot key was also generated and stored locally client-side. Use the Notary CLI to <a href="https://github.com/theupdateframework/notary/blob/master/docs/advanced_usage/#rotate-keys" target="_blank" rel="noopener" class="_">manage your snapshot key locally again</a> for repositories created with newer versions of Docker.</p> <h2 id="choose-a-passphrase">Choose a passphrase</h2> <p>The passphrases you chose for both the root key and your repository key should be randomly generated and stored in a password manager. Having the repository key allows users to sign image tags on a repository. Passphrases are used to encrypt your keys at rest and ensure that a lost laptop or an unintended backup doesn’t put the private key material at risk.</p> <h2 id="back-up-your-keys">Back up your keys</h2> <p>All the Docker trust keys are stored encrypted using the passphrase you provide on creation. Even so, you should still take care of the location where you back them up. Good practice is to create two encrypted USB keys.</p> <p>It is very important that you back up your keys to a safe, secure location. Loss of the repository key is recoverable; loss of the root key is not.</p> <p>The Docker client stores the keys in the <code class="language-plaintext highlighter-rouge">~/.docker/trust/private</code> directory. Before backing them up, you should <code class="language-plaintext highlighter-rouge">tar</code> them into an archive:</p> <div class="highlight"><pre class="highlight" data-language="">$ umask 077; tar -zcvf private_keys_backup.tar.gz ~/.docker/trust/private; umask 022
+</pre></div> <h2 id="hardware-storage-and-signing">Hardware storage and signing</h2> <p>Docker Content Trust can store and sign with root keys from a Yubikey 4. The Yubikey is prioritized over keys stored in the filesystem. When you initialize a new repository with content trust, Docker Engine looks for a root key locally. If a key is not found and the Yubikey 4 exists, Docker Engine creates a root key in the Yubikey 4. Consult the <a href="https://github.com/theupdateframework/notary/blob/master/docs/advanced_usage/#use-a-yubikey" target="_blank" rel="noopener" class="_">Notary documentation</a> for more details.</p> <p>Prior to Docker Engine 1.11, this feature was only in the experimental branch.</p> <h2 id="lost-keys">Lost keys</h2> <p>If a publisher loses keys it means losing the ability to sign trusted content for your repositories. If you lose a key, send an email to <a href="mailto:hub-support@docker.com">Docker Hub Support</a> to reset the repository state.</p> <p>This loss also requires <strong>manual intervention</strong> from every consumer that pulled the tagged image prior to the loss. Image consumers would get an error for content that they already downloaded:</p> <div class="highlight"><pre class="highlight" data-language="">Warning: potential malicious behavior - trust data has insufficient signatures for remote repository docker.io/my/image: valid signatures did not meet threshold
+</pre></div> <p>To correct this, they need to download a new image tag that is signed with the new key.</p> <h2 id="related-information">Related information</h2> <ul> <li><a href="../index">Content trust in Docker</a></li> <li><a href="../trust_automation/index">Automation with content trust</a></li> <li><a href="../trust_delegation/index">Delegations for content trust</a></li> <li><a href="../trust_sandbox/index">Play in a content trust sandbox</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=trust">trust</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=root">root</a>, <a href="https://docs.docker.com/search/?q=keys">keys</a>, <a href="https://docs.docker.com/search/?q=repository">repository</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/trust/trust_key_mng/" class="_attribution-link">https://docs.docker.com/engine/security/trust/trust_key_mng/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_sandbox%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_sandbox%2Findex.html
new file mode 100644
index 00000000..fa22410c
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Ftrust%2Ftrust_sandbox%2Findex.html
@@ -0,0 +1,123 @@
+<h1>Play in a content trust sandbox</h1>
+
+<p>This page explains how to set up and use a sandbox for experimenting with trust. The sandbox allows you to configure and try trust operations locally without impacting your production images.</p> <p>Before working through this sandbox, you should have read through the <a href="../index">trust overview</a>.</p> <h3 id="prerequisites">Prerequisites</h3> <p>These instructions assume you are running in Linux or macOS. You can run this sandbox on a local machine or on a virtual machine. You need to have privileges to run docker commands on your local machine or in the VM.</p> <p>This sandbox requires you to install two Docker tools: Docker Engine &gt;= 1.10.0 and Docker Compose &gt;= 1.6.0. To install the Docker Engine, choose from the <a href="../../../install/index">list of supported platforms</a>. To install Docker Compose, see the <a href="../../../../compose/install/index">detailed instructions here</a>.</p> <h2 id="what-is-in-the-sandbox">What is in the sandbox?</h2> <p>If you are just using trust out-of-the-box you only need your Docker Engine client and access to the Docker Hub. The sandbox mimics a production trust environment, and sets up these additional components.</p> <table> <thead> <tr> <th>Container</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>trustsandbox</td> <td>A container with the latest version of Docker Engine and with some preconfigured certificates. This is your sandbox where you can use the <code class="language-plaintext highlighter-rouge">docker</code> client to test trust operations.</td> </tr> <tr> <td>Registry server</td> <td>A local registry service.</td> </tr> <tr> <td>Notary server</td> <td>The service that does all the heavy-lifting of managing trust</td> </tr> </tbody> </table> <p>This means you run your own content trust (Notary) server and registry. If you work exclusively with the Docker Hub, you would not need these components. They are built into the Docker Hub for you. For the sandbox, however, you build your own entire, mock production environment.</p> <p>Within the <code class="language-plaintext highlighter-rouge">trustsandbox</code> container, you interact with your local registry rather than the Docker Hub. This means your everyday image repositories are not used. They are protected while you play.</p> <p>When you play in the sandbox, you also create root and repository keys. The sandbox is configured to store all the keys and files inside the <code class="language-plaintext highlighter-rouge">trustsandbox</code> container. Since the keys you create in the sandbox are for play only, destroying the container destroys them as well.</p> <p>By using a docker-in-docker image for the <code class="language-plaintext highlighter-rouge">trustsandbox</code> container, you also don’t pollute your real Docker daemon cache with any images you push and pull. The images are stored in an anonymous volume attached to this container, and can be destroyed after you destroy the container.</p> <h2 id="build-the-sandbox">Build the sandbox</h2> <p>In this section, you use Docker Compose to specify how to set up and link together the <code class="language-plaintext highlighter-rouge">trustsandbox</code> container, the Notary server, and the Registry server.</p> <ol> <li> <p>Create a new <code class="language-plaintext highlighter-rouge">trustsandbox</code> directory and change into it.</p> <div class="highlight"><pre class="highlight" data-language=""> $ mkdir trustsandbox
+ $ cd trustsandbox
+</pre></div>  </li> <li> <p>Create a file called <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> with your favorite editor. For example, using vim:</p> <div class="highlight"><pre class="highlight" data-language=""> $ touch docker-compose.yml
+ $ vim docker-compose.yml
+</pre></div>  </li> <li> <p>Add the following to the new file.</p> <div class="highlight"><pre class="highlight" data-language=""> version: "2"
+ services:
+   notaryserver:
+     image: dockersecurity/notary_autobuilds:server-v0.5.1
+     volumes:
+       - notarycerts:/var/lib/notary/fixtures
+     networks:
+       - sandbox
+     environment:
+       - NOTARY_SERVER_STORAGE_TYPE=memory
+       - NOTARY_SERVER_TRUST_SERVICE_TYPE=local
+   sandboxregistry:
+     image: registry:2.4.1
+     networks:
+       - sandbox
+     container_name: sandboxregistry
+   trustsandbox:
+     image: docker:dind
+     networks:
+       - sandbox
+     volumes:
+       - notarycerts:/notarycerts
+     privileged: true
+     container_name: trustsandbox
+     entrypoint: ""
+     command: |-
+         sh -c '
+             cp /notarycerts/root-ca.crt /usr/local/share/ca-certificates/root-ca.crt &amp;&amp;
+             update-ca-certificates &amp;&amp;
+             dockerd-entrypoint.sh --insecure-registry sandboxregistry:5000'
+ volumes:
+   notarycerts:
+     external: false
+ networks:
+   sandbox:
+     external: false
+</pre></div>  </li> <li> <p>Save and close the file.</p> </li> <li> <p>Run the containers on your local system.</p> <div class="highlight"><pre class="highlight" data-language=""> $ docker-compose up -d
+</pre></div>  <p>The first time you run this, the docker-in-docker, Notary server, and registry images are downloaded from Docker Hub.</p> </li> </ol> <h2 id="play-in-the-sandbox">Play in the sandbox</h2> <p>Now that everything is setup, you can go into your <code class="language-plaintext highlighter-rouge">trustsandbox</code> container and start testing Docker content trust. From your host machine, obtain a shell in the <code class="language-plaintext highlighter-rouge">trustsandbox</code> container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker container exec -it trustsandbox sh
+/ #
+</pre></div> <h3 id="test-some-trust-operations">Test some trust operations</h3> <p>Now, pull some images from within the <code class="language-plaintext highlighter-rouge">trustsandbox</code> container.</p> <ol> <li> <p>Download a <code class="language-plaintext highlighter-rouge">docker</code> image to test with.</p> <div class="highlight"><pre class="highlight" data-language=""> / # docker pull docker/trusttest
+ docker pull docker/trusttest
+ Using default tag: latest
+ latest: Pulling from docker/trusttest
+
+ b3dbab3810fc: Pull complete
+ a9539b34a6ab: Pull complete
+ Digest: sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a
+ Status: Downloaded newer image for docker/trusttest:latest
+</pre></div>  </li> <li> <p>Tag it to be pushed to our sandbox registry:</p> <div class="highlight"><pre class="highlight" data-language=""> / # docker tag docker/trusttest sandboxregistry:5000/test/trusttest:latest
+</pre></div>  </li> <li> <p>Enable content trust.</p> <div class="highlight"><pre class="highlight" data-language=""> / # export DOCKER_CONTENT_TRUST=1
+</pre></div>  </li> <li> <p>Identify the trust server.</p> <div class="highlight"><pre class="highlight" data-language=""> / # export DOCKER_CONTENT_TRUST_SERVER=https://notaryserver:4443
+</pre></div>  <p>This step is only necessary because the sandbox is using its own server. Normally, if you are using the Docker Public Hub this step isn’t necessary.</p> </li> <li> <p>Pull the test image.</p> <div class="highlight"><pre class="highlight" data-language=""> / # docker pull sandboxregistry:5000/test/trusttest
+ Using default tag: latest
+ Error: remote trust data does not exist for sandboxregistry:5000/test/trusttest: notaryserver:4443 does not have trust data for sandboxregistry:5000/test/trusttest
+</pre></div>  <p>You see an error, because this content doesn’t exist on the <code class="language-plaintext highlighter-rouge">notaryserver</code> yet.</p> </li> <li> <p>Push and sign the trusted image.</p> <div class="highlight"><pre class="highlight" data-language=""> / # docker push sandboxregistry:5000/test/trusttest:latest
+ The push refers to a repository [sandboxregistry:5000/test/trusttest]
+ 5f70bf18a086: Pushed
+ c22f7bc058a9: Pushed
+ latest: digest: sha256:ebf59c538accdf160ef435f1a19938ab8c0d6bd96aef8d4ddd1b379edf15a926 size: 734
+ Signing and pushing trust metadata
+ You are about to create a new root signing key passphrase. This passphrase
+ will be used to protect the most sensitive key in your signing system. Please
+ choose a long, complex passphrase and be careful to keep the password and the
+ key file itself secure and backed up. It is highly recommended that you use a
+ password manager to generate the passphrase and keep it safe. There will be no
+ way to recover this key. You can find the key in your config directory.
+ Enter passphrase for new root key with ID 27ec255:
+ Repeat passphrase for new root key with ID 27ec255:
+ Enter passphrase for new repository key with ID 58233f9 (sandboxregistry:5000/test/trusttest):
+ Repeat passphrase for new repository key with ID 58233f9 (sandboxregistry:5000/test/trusttest):
+ Finished initializing "sandboxregistry:5000/test/trusttest"
+ Successfully signed "sandboxregistry:5000/test/trusttest":latest
+</pre></div>  <p>Because you are pushing this repository for the first time, Docker creates new root and repository keys and asks you for passphrases with which to encrypt them. If you push again after this, it only asks you for repository passphrase so it can decrypt the key and sign again.</p> </li> <li> <p>Try pulling the image you just pushed:</p> <div class="highlight"><pre class="highlight" data-language=""> / # docker pull sandboxregistry:5000/test/trusttest
+ Using default tag: latest
+ Pull (1 of 1): sandboxregistry:5000/test/trusttest:latest@sha256:ebf59c538accdf160ef435f1a19938ab8c0d6bd96aef8d4ddd1b379edf15a926
+ sha256:ebf59c538accdf160ef435f1a19938ab8c0d6bd96aef8d4ddd1b379edf15a926: Pulling from test/trusttest
+ Digest: sha256:ebf59c538accdf160ef435f1a19938ab8c0d6bd96aef8d4ddd1b379edf15a926
+ Status: Downloaded newer image for sandboxregistry:5000/test/trusttest@sha256:ebf59c538accdf160ef435f1a19938ab8c0d6bd96aef8d4ddd1b379edf15a926
+ Tagging sandboxregistry:5000/test/trusttest@sha256:ebf59c538accdf160ef435f1a19938ab8c0d6bd96aef8d4ddd1b379edf15a926 as sandboxregistry:5000/test/trusttest:latest
+</pre></div>  </li> </ol> <h3 id="test-with-malicious-images">Test with malicious images</h3> <p>What happens when data is corrupted and you try to pull it when trust is enabled? In this section, you go into the <code class="language-plaintext highlighter-rouge">sandboxregistry</code> and tamper with some data. Then, you try and pull it.</p> <ol> <li> <p>Leave the <code class="language-plaintext highlighter-rouge">trustsandbox</code> shell and container running.</p> </li> <li> <p>Open a new interactive terminal from your host, and obtain a shell into the <code class="language-plaintext highlighter-rouge">sandboxregistry</code> container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker container exec -it sandboxregistry bash
+root@65084fc6f047:/#
+</pre></div>  </li> <li> <p>List the layers for the <code class="language-plaintext highlighter-rouge">test/trusttest</code> image you pushed:</p> <div class="highlight"><pre class="highlight" data-language="">root@65084fc6f047:/# ls -l /var/lib/registry/docker/registry/v2/repositories/test/trusttest/_layers/sha256
+total 12
+drwxr-xr-x 2 root root 4096 Jun 10 17:26 a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
+drwxr-xr-x 2 root root 4096 Jun 10 17:26 aac0c133338db2b18ff054943cee3267fe50c75cdee969aed88b1992539ed042
+drwxr-xr-x 2 root root 4096 Jun 10 17:26 cc7629d1331a7362b5e5126beb5bf15ca0bf67eb41eab994c719a45de53255cd
+</pre></div>  </li> <li> <p>Change into the registry storage for one of those layers (this is in a different directory):</p> <div class="highlight"><pre class="highlight" data-language="">root@65084fc6f047:/# cd /var/lib/registry/docker/registry/v2/blobs/sha256/aa/aac0c133338db2b18ff054943cee3267fe50c75cdee969aed88b1992539ed042
+</pre></div>  </li> <li> <p>Add malicious data to one of the <code class="language-plaintext highlighter-rouge">trusttest</code> layers:</p> <div class="highlight"><pre class="highlight" data-language="">root@65084fc6f047:/# echo "Malicious data" &gt; data
+</pre></div>  </li> <li> <p>Go back to your <code class="language-plaintext highlighter-rouge">trustsandbox</code> terminal.</p> </li> <li> <p>List the <code class="language-plaintext highlighter-rouge">trusttest</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">/ # docker image ls | grep trusttest
+REPOSITORY                            TAG                 IMAGE ID            CREATED             SIZE
+docker/trusttest                      latest              cc7629d1331a        11 months ago       5.025 MB
+sandboxregistry:5000/test/trusttest   latest              cc7629d1331a        11 months ago       5.025 MB
+sandboxregistry:5000/test/trusttest   &lt;none&gt;              cc7629d1331a        11 months ago       5.025 MB
+</pre></div>  </li> <li> <p>Remove the <code class="language-plaintext highlighter-rouge">trusttest:latest</code> image from our local cache.</p> <div class="highlight"><pre class="highlight" data-language="">/ # docker image rm -f cc7629d1331a
+Untagged: docker/trusttest:latest
+Untagged: sandboxregistry:5000/test/trusttest:latest
+Untagged: sandboxregistry:5000/test/trusttest@sha256:ebf59c538accdf160ef435f1a19938ab8c0d6bd96aef8d4ddd1b379edf15a926
+Deleted: sha256:cc7629d1331a7362b5e5126beb5bf15ca0bf67eb41eab994c719a45de53255cd
+Deleted: sha256:2a1f6535dc6816ffadcdbe20590045e6cbf048d63fd4cc753a684c9bc01abeea
+Deleted: sha256:c22f7bc058a9a8ffeb32989b5d3338787e73855bf224af7aa162823da015d44c
+</pre></div>  <p>Docker does not re-download images that it already has cached, but we want Docker to attempt to download the tampered image from the registry and reject it because it is invalid.</p> </li> <li> <p>Pull the image again. This downloads the image from the registry, because we don’t have it cached.</p> <div class="highlight"><pre class="highlight" data-language="">/ # docker pull sandboxregistry:5000/test/trusttest
+Using default tag: latest
+Pull (1 of 1): sandboxregistry:5000/test/trusttest:latest@sha256:35d5bc26fd358da8320c137784fe590d8fcf9417263ef261653e8e1c7f15672e
+sha256:35d5bc26fd358da8320c137784fe590d8fcf9417263ef261653e8e1c7f15672e: Pulling from test/trusttest
+
+aac0c133338d: Retrying in 5 seconds
+a3ed95caeb02: Download complete
+error pulling image configuration: unexpected EOF
+</pre></div>  <p>The pull did not complete because the trust system couldn’t verify the image.</p> </li> </ol> <h2 id="more-play-in-the-sandbox">More play in the sandbox</h2> <p>Now, you have a full Docker content trust sandbox on your local system, feel free to play with it and see how it behaves. If you find any security issues with Docker, feel free to send us an email at <a href="mailto:security@docker.com">security@docker.com</a>.</p> <h2 id="clean-up-your-sandbox">Clean up your sandbox</h2> <p>When you are done, and want to clean up all the services you’ve started and any anonymous volumes that have been created, just run the following command in the directory where you’ve created your Docker Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">    $ docker-compose down -v
+</pre></div> 
+<p><a href="https://docs.docker.com/search/?q=trust">trust</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=root">root</a>, <a href="https://docs.docker.com/search/?q=keys">keys</a>, <a href="https://docs.docker.com/search/?q=repository">repository</a>, <a href="https://docs.docker.com/search/?q=sandbox">sandbox</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/trust/trust_sandbox/" class="_attribution-link">https://docs.docker.com/engine/security/trust/trust_sandbox/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fsecurity%2Fuserns-remap%2Findex.html b/devdocs/docker/engine%2Fsecurity%2Fuserns-remap%2Findex.html
new file mode 100644
index 00000000..e9b3ea56
--- /dev/null
+++ b/devdocs/docker/engine%2Fsecurity%2Fuserns-remap%2Findex.html
@@ -0,0 +1,46 @@
+<h1>Isolate containers with a user namespace</h1>
+
+<p>Linux namespaces provide isolation for running processes, limiting their access to system resources without the running process being aware of the limitations. For more information on Linux namespaces, see <a href="https://www.linux.com/news/understanding-and-securing-linux-namespaces" target="_blank" rel="noopener" class="_">Linux namespaces</a>.</p> <p>The best way to prevent privilege-escalation attacks from within a container is to configure your container’s applications to run as unprivileged users. For containers whose processes must run as the <code class="language-plaintext highlighter-rouge">root</code> user within the container, you can re-map this user to a less-privileged user on the Docker host. The mapped user is assigned a range of UIDs which function within the namespace as normal UIDs from 0 to 65536, but have no privileges on the host machine itself.</p> <h2 id="about-remapping-and-subordinate-user-and-group-ids">About remapping and subordinate user and group IDs</h2> <p>The remapping itself is handled by two files: <code class="language-plaintext highlighter-rouge">/etc/subuid</code> and <code class="language-plaintext highlighter-rouge">/etc/subgid</code>. Each file works the same, but one is concerned with the user ID range, and the other with the group ID range. Consider the following entry in <code class="language-plaintext highlighter-rouge">/etc/subuid</code>:</p> <pre data-language="">testuser:231072:65536
+</pre> <p>This means that <code class="language-plaintext highlighter-rouge">testuser</code> is assigned a subordinate user ID range of <code class="language-plaintext highlighter-rouge">231072</code> and the next 65536 integers in sequence. UID <code class="language-plaintext highlighter-rouge">231072</code> is mapped within the namespace (within the container, in this case) as UID <code class="language-plaintext highlighter-rouge">0</code> (<code class="language-plaintext highlighter-rouge">root</code>). UID <code class="language-plaintext highlighter-rouge">231073</code> is mapped as UID <code class="language-plaintext highlighter-rouge">1</code>, and so forth. If a process attempts to escalate privilege outside of the namespace, the process is running as an unprivileged high-number UID on the host, which does not even map to a real user. This means the process has no privileges on the host system at all.</p> <blockquote> <p>Multiple ranges</p> <p>It is possible to assign multiple subordinate ranges for a given user or group by adding multiple non-overlapping mappings for the same user or group in the <code class="language-plaintext highlighter-rouge">/etc/subuid</code> or <code class="language-plaintext highlighter-rouge">/etc/subgid</code> file. In this case, Docker uses only the first five mappings, in accordance with the kernel’s limitation of only five entries in <code class="language-plaintext highlighter-rouge">/proc/self/uid_map</code> and <code class="language-plaintext highlighter-rouge">/proc/self/gid_map</code>.</p> </blockquote> <p>When you configure Docker to use the <code class="language-plaintext highlighter-rouge">userns-remap</code> feature, you can optionally specify an existing user and/or group, or you can specify <code class="language-plaintext highlighter-rouge">default</code>. If you specify <code class="language-plaintext highlighter-rouge">default</code>, a user and group <code class="language-plaintext highlighter-rouge">dockremap</code> is created and used for this purpose.</p> <blockquote class="warning-vanila"> <p><strong>Warning</strong>: Some distributions, such as RHEL and CentOS 7.3, do not automatically add the new group to the <code class="language-plaintext highlighter-rouge">/etc/subuid</code> and <code class="language-plaintext highlighter-rouge">/etc/subgid</code> files. You are responsible for editing these files and assigning non-overlapping ranges, in this case. This step is covered in <a href="#prerequisites">Prerequisites</a>.</p> </blockquote> <p>It is very important that the ranges do not overlap, so that a process cannot gain access in a different namespace. On most Linux distributions, system utilities manage the ranges for you when you add or remove users.</p> <p>This re-mapping is transparent to the container, but introduces some configuration complexity in situations where the container needs access to resources on the Docker host, such as bind mounts into areas of the filesystem that the system user cannot write to. From a security standpoint, it is best to avoid these situations.</p> <h2 id="prerequisites">Prerequisites</h2> <ol> <li> <p>The subordinate UID and GID ranges must be associated with an existing user, even though the association is an implementation detail. The user owns the namespaced storage directories under <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code>. If you don’t want to use an existing user, Docker can create one for you and use that. If you want to use an existing username or user ID, it must already exist. Typically, this means that the relevant entries need to be in <code class="language-plaintext highlighter-rouge">/etc/passwd</code> and <code class="language-plaintext highlighter-rouge">/etc/group</code>, but if you are using a different authentication back-end, this requirement may translate differently.</p> <p>To verify this, use the <code class="language-plaintext highlighter-rouge">id</code> command:</p> <div class="highlight"><pre class="highlight" data-language="">$ id testuser
+
+uid=1001(testuser) gid=1001(testuser) groups=1001(testuser)
+</pre></div>  </li> <li> <p>The way the namespace remapping is handled on the host is using two files, <code class="language-plaintext highlighter-rouge">/etc/subuid</code> and <code class="language-plaintext highlighter-rouge">/etc/subgid</code>. These files are typically managed automatically when you add or remove users or groups, but on a few distributions such as RHEL and CentOS 7.3, you may need to manage these files manually.</p> <p>Each file contains three fields: the username or ID of the user, followed by a beginning UID or GID (which is treated as UID or GID 0 within the namespace) and a maximum number of UIDs or GIDs available to the user. For instance, given the following entry:</p> <pre>testuser:231072:65536
+</pre> <p>This means that user-namespaced processes started by <code class="language-plaintext highlighter-rouge">testuser</code> are owned by host UID <code class="language-plaintext highlighter-rouge">231072</code> (which looks like UID <code class="language-plaintext highlighter-rouge">0</code> inside the namespace) through 296607 (231072 + 65536 - 1). These ranges should not overlap, to ensure that namespaced processes cannot access each other’s namespaces.</p> <p>After adding your user, check <code class="language-plaintext highlighter-rouge">/etc/subuid</code> and <code class="language-plaintext highlighter-rouge">/etc/subgid</code> to see if your user has an entry in each. If not, you need to add it, being careful to avoid overlap.</p> <p>If you want to use the <code class="language-plaintext highlighter-rouge">dockremap</code> user automatically created by Docker, check for the <code class="language-plaintext highlighter-rouge">dockremap</code> entry in these files <strong>after</strong> configuring and restarting Docker.</p> </li> <li> <p>If there are any locations on the Docker host where the unprivileged user needs to write, adjust the permissions of those locations accordingly. This is also true if you want to use the <code class="language-plaintext highlighter-rouge">dockremap</code> user automatically created by Docker, but you can’t modify the permissions until after configuring and restarting Docker.</p> </li> <li> <p>Enabling <code class="language-plaintext highlighter-rouge">userns-remap</code> effectively masks existing image and container layers, as well as other Docker objects within <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code>. This is because Docker needs to adjust the ownership of these resources and actually stores them in a subdirectory within <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code>. It is best to enable this feature on a new Docker installation rather than an existing one.</p> <p>Along the same lines, if you disable <code class="language-plaintext highlighter-rouge">userns-remap</code> you can’t access any of the resources created while it was enabled.</p> </li> <li> <p>Check the <a href="#user-namespace-known-limitations">limitations</a> on user namespaces to be sure your use case is possible.</p> </li> </ol> <h2 id="enable-userns-remap-on-the-daemon">Enable userns-remap on the daemon</h2> <p>You can start <code class="language-plaintext highlighter-rouge">dockerd</code> with the <code class="language-plaintext highlighter-rouge">--userns-remap</code> flag or follow this procedure to configure the daemon using the <code class="language-plaintext highlighter-rouge">daemon.json</code> configuration file. The <code class="language-plaintext highlighter-rouge">daemon.json</code> method is recommended. If you use the flag, use the following command as a model:</p> <div class="highlight"><pre class="highlight" data-language="">$ dockerd --userns-remap="testuser:testuser"
+</pre></div> <ol> <li> <p>Edit <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code>. Assuming the file was previously empty, the following entry enables <code class="language-plaintext highlighter-rouge">userns-remap</code> using user and group called <code class="language-plaintext highlighter-rouge">testuser</code>. You can address the user and group by ID or name. You only need to specify the group name or ID if it is different from the user name or ID. If you provide both the user and group name or ID, separate them by a colon (<code class="language-plaintext highlighter-rouge">:</code>) character. The following formats all work for the value, assuming the UID and GID of <code class="language-plaintext highlighter-rouge">testuser</code> are <code class="language-plaintext highlighter-rouge">1001</code>:</p> <ul> <li><code class="language-plaintext highlighter-rouge">testuser</code></li> <li><code class="language-plaintext highlighter-rouge">testuser:testuser</code></li> <li><code class="language-plaintext highlighter-rouge">1001</code></li> <li><code class="language-plaintext highlighter-rouge">1001:1001</code></li> <li><code class="language-plaintext highlighter-rouge">testuser:1001</code></li> <li><code class="language-plaintext highlighter-rouge">1001:testuser</code></li> </ul> <div class="highlight"><pre class="highlight" data-language="">{
+  "userns-remap": "testuser"
+}
+</pre></div>  <blockquote> <p><strong>Note</strong>: To use the <code class="language-plaintext highlighter-rouge">dockremap</code> user and have Docker create it for you, set the value to <code class="language-plaintext highlighter-rouge">default</code> rather than <code class="language-plaintext highlighter-rouge">testuser</code>.</p> </blockquote> <p>Save the file and restart Docker.</p> </li> <li> <p>If you are using the <code class="language-plaintext highlighter-rouge">dockremap</code> user, verify that Docker created it using the <code class="language-plaintext highlighter-rouge">id</code> command.</p> <div class="highlight"><pre class="highlight" data-language="">$ id dockremap
+
+uid=112(dockremap) gid=116(dockremap) groups=116(dockremap)
+</pre></div>  <p>Verify that the entry has been added to <code class="language-plaintext highlighter-rouge">/etc/subuid</code> and <code class="language-plaintext highlighter-rouge">/etc/subgid</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ grep dockremap /etc/subuid
+
+dockremap:231072:65536
+
+$ grep dockremap /etc/subgid
+
+dockremap:231072:65536
+</pre></div>  <p>If these entries are not present, edit the files as the <code class="language-plaintext highlighter-rouge">root</code> user and assign a starting UID and GID that is the highest-assigned one plus the offset (in this case, <code class="language-plaintext highlighter-rouge">65536</code>). Be careful not to allow any overlap in the ranges.</p> </li> <li> <p>Verify that previous images are not available using the <code class="language-plaintext highlighter-rouge">docker image ls</code> command. The output should be empty.</p> </li> <li> <p>Start a container from the <code class="language-plaintext highlighter-rouge">hello-world</code> image.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run hello-world
+</pre></div>  </li> <li> <p>Verify that a namespaced directory exists within <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code> named with the UID and GID of the namespaced user, owned by that UID and GID, and not group-or-world-readable. Some of the subdirectories are still owned by <code class="language-plaintext highlighter-rouge">root</code> and have different permissions.</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo ls -ld /var/lib/docker/231072.231072/
+
+drwx------ 11 231072 231072 11 Jun 21 21:19 /var/lib/docker/231072.231072/
+
+$ sudo ls -l /var/lib/docker/231072.231072/
+
+total 14
+drwx------ 5 231072 231072 5 Jun 21 21:19 aufs
+drwx------ 3 231072 231072 3 Jun 21 21:21 containers
+drwx------ 3 root   root   3 Jun 21 21:19 image
+drwxr-x--- 3 root   root   3 Jun 21 21:19 network
+drwx------ 4 root   root   4 Jun 21 21:19 plugins
+drwx------ 2 root   root   2 Jun 21 21:19 swarm
+drwx------ 2 231072 231072 2 Jun 21 21:21 tmp
+drwx------ 2 root   root   2 Jun 21 21:19 trust
+drwx------ 2 231072 231072 3 Jun 21 21:19 volumes
+</pre></div>  <p>Your directory listing may have some differences, especially if you use a different container storage driver than <code class="language-plaintext highlighter-rouge">aufs</code>.</p> <p>The directories which are owned by the remapped user are used instead of the same directories directly beneath <code class="language-plaintext highlighter-rouge">/var/lib/docker/</code> and the unused versions (such as <code class="language-plaintext highlighter-rouge">/var/lib/docker/tmp/</code> in the example here) can be removed. Docker does not use them while <code class="language-plaintext highlighter-rouge">userns-remap</code> is enabled.</p> </li> </ol> <h2 id="disable-namespace-remapping-for-a-container">Disable namespace remapping for a container</h2> <p>If you enable user namespaces on the daemon, all containers are started with user namespaces enabled by default. In some situations, such as privileged containers, you may need to disable user namespaces for a specific container. See <a href="#user-namespace-known-limitations">user namespace known limitations</a> for some of these limitations.</p> <p>To disable user namespaces for a specific container, add the <code class="language-plaintext highlighter-rouge">--userns=host</code> flag to the <code class="language-plaintext highlighter-rouge">docker container create</code>, <code class="language-plaintext highlighter-rouge">docker container run</code>, or <code class="language-plaintext highlighter-rouge">docker container exec</code> command.</p> <p>There is a side effect when using this flag: user remapping will not be enabled for that container but, because the read-only (image) layers are shared between containers, ownership of the containers filesystem will still be remapped.</p> <p>What this means is that the whole container filesystem will belong to the user specified in the <code class="language-plaintext highlighter-rouge">--userns-remap</code> daemon config (<code class="language-plaintext highlighter-rouge">231072</code> in the example above). This can lead to unexpected behavior of programs inside the container. For instance <code class="language-plaintext highlighter-rouge">sudo</code> (which checks that its binaries belong to user <code class="language-plaintext highlighter-rouge">0</code>) or binaries with a <code class="language-plaintext highlighter-rouge">setuid</code> flag.</p> <h2 id="user-namespace-known-limitations">User namespace known limitations</h2> <p>The following standard Docker features are incompatible with running a Docker daemon with user namespaces enabled:</p> <ul> <li>sharing PID or NET namespaces with the host (<code class="language-plaintext highlighter-rouge">--pid=host</code> or <code class="language-plaintext highlighter-rouge">--network=host</code>).</li> <li>external (volume or storage) drivers which are unaware or incapable of using daemon user mappings.</li> <li>Using the <code class="language-plaintext highlighter-rouge">--privileged</code> mode flag on <code class="language-plaintext highlighter-rouge">docker run</code> without also specifying <code class="language-plaintext highlighter-rouge">--userns=host</code>.</li> </ul> <p>User namespaces are an advanced feature and require coordination with other capabilities. For example, if volumes are mounted from the host, file ownership must be pre-arranged need read or write access to the volume contents.</p> <p>While the root user inside a user-namespaced container process has many of the expected privileges of the superuser within the container, the Linux kernel imposes restrictions based on internal knowledge that this is a user-namespaced process. One notable restriction is the inability to use the <code class="language-plaintext highlighter-rouge">mknod</code> command. Permission is denied for device creation within the container when run by the <code class="language-plaintext highlighter-rouge">root</code> user.</p> 
+<p><a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=namespaces">namespaces</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/security/userns-remap/" class="_attribution-link">https://docs.docker.com/engine/security/userns-remap/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fadmin_guide%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fadmin_guide%2Findex.html
new file mode 100644
index 00000000..77f110c7
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fadmin_guide%2Findex.html
@@ -0,0 +1,33 @@
+<h1>Administer and maintain a swarm of Docker Engines</h1>
+
+<p>When you run a swarm of Docker Engines, <strong>manager nodes</strong> are the key components for managing the swarm and storing the swarm state. It is important to understand some key features of manager nodes to properly deploy and maintain the swarm.</p> <p>Refer to <a href="../how-swarm-mode-works/nodes/index">How nodes work</a> for a brief overview of Docker Swarm mode and the difference between manager and worker nodes.</p> <h2 id="operate-manager-nodes-in-a-swarm">Operate manager nodes in a swarm</h2> <p>Swarm manager nodes use the <a href="../raft/index">Raft Consensus Algorithm</a> to manage the swarm state. You only need to understand some general concepts of Raft in order to manage a swarm.</p> <p>There is no limit on the number of manager nodes. The decision about how many manager nodes to implement is a trade-off between performance and fault-tolerance. Adding manager nodes to a swarm makes the swarm more fault-tolerant. However, additional manager nodes reduce write performance because more nodes must acknowledge proposals to update the swarm state. This means more network round-trip traffic.</p> <p>Raft requires a majority of managers, also called the quorum, to agree on proposed updates to the swarm, such as node additions or removals. Membership operations are subject to the same constraints as state replication.</p> <h3 id="maintain-the-quorum-of-managers">Maintain the quorum of managers</h3> <p>If the swarm loses the quorum of managers, the swarm cannot perform management tasks. If your swarm has multiple managers, always have more than two. To maintain quorum, a majority of managers must be available. An odd number of managers is recommended, because the next even number does not make the quorum easier to keep. For instance, whether you have 3 or 4 managers, you can still only lose 1 manager and maintain the quorum. If you have 5 or 6 managers, you can still only lose two.</p> <p>Even if a swarm loses the quorum of managers, swarm tasks on existing worker nodes continue to run. However, swarm nodes cannot be added, updated, or removed, and new or existing tasks cannot be started, stopped, moved, or updated.</p> <p>See <a href="#recover-from-losing-the-quorum">Recovering from losing the quorum</a> for troubleshooting steps if you do lose the quorum of managers.</p> <h2 id="configure-the-manager-to-advertise-on-a-static-ip-address">Configure the manager to advertise on a static IP address</h2> <p>When initiating a swarm, you must specify the <code class="language-plaintext highlighter-rouge">--advertise-addr</code> flag to advertise your address to other manager nodes in the swarm. For more information, see <a href="../swarm-mode/index#configure-the-advertise-address">Run Docker Engine in swarm mode</a>. Because manager nodes are meant to be a stable component of the infrastructure, you should use a <em>fixed IP address</em> for the advertise address to prevent the swarm from becoming unstable on machine reboot.</p> <p>If the whole swarm restarts and every manager node subsequently gets a new IP address, there is no way for any node to contact an existing manager. Therefore the swarm is hung while nodes try to contact one another at their old IP addresses.</p> <p>Dynamic IP addresses are OK for worker nodes.</p> <h2 id="add-manager-nodes-for-fault-tolerance">Add manager nodes for fault tolerance</h2> <p>You should maintain an odd number of managers in the swarm to support manager node failures. Having an odd number of managers ensures that during a network partition, there is a higher chance that the quorum remains available to process requests if the network is partitioned into two sets. Keeping the quorum is not guaranteed if you encounter more than two network partitions.</p> <table> <thead> <tr> <th style="text-align: center">Swarm Size</th> <th style="text-align: center">Majority</th> <th style="text-align: center">Fault Tolerance</th> </tr> </thead> <tbody> <tr> <td style="text-align: center">1</td> <td style="text-align: center">1</td> <td style="text-align: center">0</td> </tr> <tr> <td style="text-align: center">2</td> <td style="text-align: center">2</td> <td style="text-align: center">0</td> </tr> <tr> <td style="text-align: center"><strong>3</strong></td> <td style="text-align: center">2</td> <td style="text-align: center"><strong>1</strong></td> </tr> <tr> <td style="text-align: center">4</td> <td style="text-align: center">3</td> <td style="text-align: center">1</td> </tr> <tr> <td style="text-align: center"><strong>5</strong></td> <td style="text-align: center">3</td> <td style="text-align: center"><strong>2</strong></td> </tr> <tr> <td style="text-align: center">6</td> <td style="text-align: center">4</td> <td style="text-align: center">2</td> </tr> <tr> <td style="text-align: center"><strong>7</strong></td> <td style="text-align: center">4</td> <td style="text-align: center"><strong>3</strong></td> </tr> <tr> <td style="text-align: center">8</td> <td style="text-align: center">5</td> <td style="text-align: center">3</td> </tr> <tr> <td style="text-align: center"><strong>9</strong></td> <td style="text-align: center">5</td> <td style="text-align: center"><strong>4</strong></td> </tr> </tbody> </table> <p>For example, in a swarm with <em>5 nodes</em>, if you lose <em>3 nodes</em>, you don’t have a quorum. Therefore you can’t add or remove nodes until you recover one of the unavailable manager nodes or recover the swarm with disaster recovery commands. See <a href="#recover-from-disaster">Recover from disaster</a>.</p> <p>While it is possible to scale a swarm down to a single manager node, it is impossible to demote the last manager node. This ensures you maintain access to the swarm and that the swarm can still process requests. Scaling down to a single manager is an unsafe operation and is not recommended. If the last node leaves the swarm unexpectedly during the demote operation, the swarm becomes unavailable until you reboot the node or restart with <code class="language-plaintext highlighter-rouge">--force-new-cluster</code>.</p> <p>You manage swarm membership with the <code class="language-plaintext highlighter-rouge">docker swarm</code> and <code class="language-plaintext highlighter-rouge">docker node</code> subsystems. Refer to <a href="../join-nodes/index">Add nodes to a swarm</a> for more information on how to add worker nodes and promote a worker node to be a manager.</p> <h3 id="distribute-manager-nodes">Distribute manager nodes</h3> <p>In addition to maintaining an odd number of manager nodes, pay attention to datacenter topology when placing managers. For optimal fault-tolerance, distribute manager nodes across a minimum of 3 availability-zones to support failures of an entire set of machines or common maintenance scenarios. If you suffer a failure in any of those zones, the swarm should maintain the quorum of manager nodes available to process requests and rebalance workloads.</p> <table> <thead> <tr> <th style="text-align: center">Swarm manager nodes</th> <th style="text-align: center">Repartition (on 3 Availability zones)</th> </tr> </thead> <tbody> <tr> <td style="text-align: center">3</td> <td style="text-align: center">1-1-1</td> </tr> <tr> <td style="text-align: center">5</td> <td style="text-align: center">2-2-1</td> </tr> <tr> <td style="text-align: center">7</td> <td style="text-align: center">3-2-2</td> </tr> <tr> <td style="text-align: center">9</td> <td style="text-align: center">3-3-3</td> </tr> </tbody> </table> <h3 id="run-manager-only-nodes">Run manager-only nodes</h3> <p>By default manager nodes also act as a worker nodes. This means the scheduler can assign tasks to a manager node. For small and non-critical swarms assigning tasks to managers is relatively low-risk as long as you schedule services using <strong>resource constraints</strong> for <em>cpu</em> and <em>memory</em>.</p> <p>However, because manager nodes use the Raft consensus algorithm to replicate data in a consistent way, they are sensitive to resource starvation. You should isolate managers in your swarm from processes that might block swarm operations like swarm heartbeat or leader elections.</p> <p>To avoid interference with manager node operation, you can drain manager nodes to make them unavailable as worker nodes:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --availability drain &lt;NODE&gt;
+</pre></div> <p>When you drain a node, the scheduler reassigns any tasks running on the node to other available worker nodes in the swarm. It also prevents the scheduler from assigning tasks to the node.</p> <h2 id="add-worker-nodes-for-load-balancing">Add worker nodes for load balancing</h2> <p><a href="../join-nodes/index">Add nodes to the swarm</a> to balance your swarm’s load. Replicated service tasks are distributed across the swarm as evenly as possible over time, as long as the worker nodes are matched to the requirements of the services. When limiting a service to run on only specific types of nodes, such as nodes with a specific number of CPUs or amount of memory, remember that worker nodes that do not meet these requirements cannot run these tasks.</p> <h2 id="monitor-swarm-health">Monitor swarm health</h2> <p>You can monitor the health of manager nodes by querying the docker <code class="language-plaintext highlighter-rouge">nodes</code> API in JSON format through the <code class="language-plaintext highlighter-rouge">/nodes</code> HTTP endpoint. Refer to the <a href="https://docs.docker.com/engine/api/v1.25/#tag/Node">nodes API documentation</a> for more information.</p> <p>From the command line, run <code class="language-plaintext highlighter-rouge">docker node inspect &lt;id-node&gt;</code> to query the nodes. For instance, to query the reachability of the node as a manager:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node inspect manager1 --format "{{ .ManagerStatus.Reachability }}"
+reachable
+</pre></div> <p>To query the status of the node as a worker that accept tasks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node inspect manager1 --format "{{ .Status.State }}"
+ready
+</pre></div> <p>From those commands, we can see that <code class="language-plaintext highlighter-rouge">manager1</code> is both at the status <code class="language-plaintext highlighter-rouge">reachable</code> as a manager and <code class="language-plaintext highlighter-rouge">ready</code> as a worker.</p> <p>An <code class="language-plaintext highlighter-rouge">unreachable</code> health status means that this particular manager node is unreachable from other manager nodes. In this case you need to take action to restore the unreachable manager:</p> <ul> <li>Restart the daemon and see if the manager comes back as reachable.</li> <li>Reboot the machine.</li> <li>If neither restarting or rebooting work, you should add another manager node or promote a worker to be a manager node. You also need to cleanly remove the failed node entry from the manager set with <code class="language-plaintext highlighter-rouge">docker node demote &lt;NODE&gt;</code> and <code class="language-plaintext highlighter-rouge">docker node rm &lt;id-node&gt;</code>.</li> </ul> <p>Alternatively you can also get an overview of the swarm health from a manager node with <code class="language-plaintext highlighter-rouge">docker node ls</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls
+ID                           HOSTNAME  MEMBERSHIP  STATUS  AVAILABILITY  MANAGER STATUS
+1mhtdwhvsgr3c26xxbnzdc3yp    node05    Accepted    Ready   Active
+516pacagkqp2xc3fk9t1dhjor    node02    Accepted    Ready   Active        Reachable
+9ifojw8of78kkusuc4a6c23fx *  node01    Accepted    Ready   Active        Leader
+ax11wdpwrrb6db3mfjydscgk7    node04    Accepted    Ready   Active
+bb1nrq2cswhtbg4mrsqnlx1ck    node03    Accepted    Ready   Active        Reachable
+di9wxgz8dtuh9d2hn089ecqkf    node06    Accepted    Ready   Active
+</pre></div> <h2 id="troubleshoot-a-manager-node">Troubleshoot a manager node</h2> <p>You should never restart a manager node by copying the <code class="language-plaintext highlighter-rouge">raft</code> directory from another node. The data directory is unique to a node ID. A node can only use a node ID once to join the swarm. The node ID space should be globally unique.</p> <p>To cleanly re-join a manager node to a cluster:</p> <ol> <li>To demote the node to a worker, run <code class="language-plaintext highlighter-rouge">docker node demote &lt;NODE&gt;</code>.</li> <li>To remove the node from the swarm, run <code class="language-plaintext highlighter-rouge">docker node rm &lt;NODE&gt;</code>.</li> <li>Re-join the node to the swarm with a fresh state using <code class="language-plaintext highlighter-rouge">docker swarm join</code>.</li> </ol> <p>For more information on joining a manager node to a swarm, refer to <a href="../join-nodes/index">Join nodes to a swarm</a>.</p> <h2 id="forcibly-remove-a-node">Forcibly remove a node</h2> <p>In most cases, you should shut down a node before removing it from a swarm with the <code class="language-plaintext highlighter-rouge">docker node rm</code> command. If a node becomes unreachable, unresponsive, or compromised you can forcefully remove the node without shutting it down by passing the <code class="language-plaintext highlighter-rouge">--force</code> flag. For instance, if <code class="language-plaintext highlighter-rouge">node9</code> becomes compromised:</p> <pre data-language="">$ docker node rm node9
+
+Error response from daemon: rpc error: code = 9 desc = node node9 is not down and can't be removed
+
+$ docker node rm --force node9
+
+Node node9 removed from swarm
+</pre> <p>Before you forcefully remove a manager node, you must first demote it to the worker role. Make sure that you always have an odd number of manager nodes if you demote or remove a manager.</p> <h2 id="back-up-the-swarm">Back up the swarm</h2> <p>Docker manager nodes store the swarm state and manager logs in the <code class="language-plaintext highlighter-rouge">/var/lib/docker/swarm/</code> directory. This data includes the keys used to encrypt the Raft logs. Without these keys, you cannot restore the swarm.</p> <p>You can back up the swarm using any manager. Use the following procedure.</p> <ol> <li> <p>If the swarm has auto-lock enabled, you need the unlock key to restore the swarm from backup. Retrieve the unlock key if necessary and store it in a safe location. If you are unsure, read <a href="../swarm_manager_locking/index">Lock your swarm to protect its encryption key</a>.</p> </li> <li> <p>Stop Docker on the manager before backing up the data, so that no data is being changed during the backup. It is possible to take a backup while the manager is running (a “hot” backup), but this is not recommended and your results are less predictable when restoring. While the manager is down, other nodes continue generating swarm data that is not part of this backup.</p> <blockquote> <p>Note</p> <p>Be sure to maintain the quorum of swarm managers. During the time that a manager is shut down, your swarm is more vulnerable to losing the quorum if further nodes are lost. The number of managers you run is a trade-off. If you regularly take down managers to do backups, consider running a five manager swarm, so that you can lose an additional manager while the backup is running, without disrupting your services.</p> </blockquote> </li> <li> <p>Back up the entire <code class="language-plaintext highlighter-rouge">/var/lib/docker/swarm</code> directory.</p> </li> <li> <p>Restart the manager.</p> </li> </ol> <p>To restore, see <a href="#restore-from-a-backup">Restore from a backup</a>.</p> <h2 id="recover-from-disaster">Recover from disaster</h2> <h3 id="restore-from-a-backup">Restore from a backup</h3> <p>After backing up the swarm as described in <a href="#back-up-the-swarm">Back up the swarm</a>, use the following procedure to restore the data to a new swarm.</p> <ol> <li> <p>Shut down Docker on the target host machine for the restored swarm.</p> </li> <li> <p>Remove the contents of the <code class="language-plaintext highlighter-rouge">/var/lib/docker/swarm</code> directory on the new swarm.</p> </li> <li> <p>Restore the <code class="language-plaintext highlighter-rouge">/var/lib/docker/swarm</code> directory with the contents of the backup.</p> <blockquote> <p>Note</p> <p>The new node uses the same encryption key for on-disk storage as the old one. It is not possible to change the on-disk storage encryption keys at this time.</p> <p>In the case of a swarm with auto-lock enabled, the unlock key is also the same as on the old swarm, and the unlock key is needed to restore the swarm.</p> </blockquote> </li> <li> <p>Start Docker on the new node. Unlock the swarm if necessary. Re-initialize the swarm using the following command, so that this node does not attempt to connect to nodes that were part of the old swarm, and presumably no longer exist.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --force-new-cluster
+</pre></div>  </li> <li> <p>Verify that the state of the swarm is as expected. This may include application-specific tests or simply checking the output of <code class="language-plaintext highlighter-rouge">docker service ls</code> to be sure that all expected services are present.</p> </li> <li> <p>If you use auto-lock, <a href="../swarm_manager_locking/index#rotate-the-unlock-key">rotate the unlock key</a>.</p> </li> <li> <p>Add manager and worker nodes to bring your new swarm up to operating capacity.</p> </li> <li> <p>Reinstate your previous backup regimen on the new swarm.</p> </li> </ol> <h3 id="recover-from-losing-the-quorum">Recover from losing the quorum</h3> <p>Swarm is resilient to failures and the swarm can recover from any number of temporary node failures (machine reboots or crash with restart) or other transient errors. However, a swarm cannot automatically recover if it loses a quorum. Tasks on existing worker nodes continue to run, but administrative tasks are not possible, including scaling or updating services and joining or removing nodes from the swarm. The best way to recover is to bring the missing manager nodes back online. If that is not possible, continue reading for some options for recovering your swarm.</p> <p>In a swarm of <code class="language-plaintext highlighter-rouge">N</code> managers, a quorum (a majority) of manager nodes must always be available. For example, in a swarm with five managers, a minimum of three must be operational and in communication with each other. In other words, the swarm can tolerate up to <code class="language-plaintext highlighter-rouge">(N-1)/2</code> permanent failures beyond which requests involving swarm management cannot be processed. These types of failures include data corruption or hardware failures.</p> <p>If you lose the quorum of managers, you cannot administer the swarm. If you have lost the quorum and you attempt to perform any management operation on the swarm, an error occurs:</p> <pre data-language="">Error response from daemon: rpc error: code = 4 desc = context deadline exceeded
+</pre> <p>The best way to recover from losing the quorum is to bring the failed nodes back online. If you can’t do that, the only way to recover from this state is to use the <code class="language-plaintext highlighter-rouge">--force-new-cluster</code> action from a manager node. This removes all managers except the manager the command was run from. The quorum is achieved because there is now only one manager. Promote nodes to be managers until you have the desired number of managers.</p> <p>From the node to recover, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --force-new-cluster --advertise-addr node01:2377
+</pre></div> <p>When you run the <code class="language-plaintext highlighter-rouge">docker swarm init</code> command with the <code class="language-plaintext highlighter-rouge">--force-new-cluster</code> flag, the Docker Engine where you run the command becomes the manager node of a single-node swarm which is capable of managing and running services. The manager has all the previous information about services and tasks, worker nodes are still part of the swarm, and services are still running. You need to add or re-add manager nodes to achieve your previous task distribution and ensure that you have enough managers to maintain high availability and prevent losing the quorum.</p> <h2 id="force-the-swarm-to-rebalance">Force the swarm to rebalance</h2> <p>Generally, you do not need to force the swarm to rebalance its tasks. When you add a new node to a swarm, or a node reconnects to the swarm after a period of unavailability, the swarm does not automatically give a workload to the idle node. This is a design decision. If the swarm periodically shifted tasks to different nodes for the sake of balance, the clients using those tasks would be disrupted. The goal is to avoid disrupting running services for the sake of balance across the swarm. When new tasks start, or when a node with running tasks becomes unavailable, those tasks are given to less busy nodes. The goal is eventual balance, with minimal disruption to the end user.</p> <p>You can use the <code class="language-plaintext highlighter-rouge">--force</code> or <code class="language-plaintext highlighter-rouge">-f</code> flag with the <code class="language-plaintext highlighter-rouge">docker service update</code> command to force the service to redistribute its tasks across the available worker nodes. This causes the service tasks to restart. Client applications may be disrupted. If you have configured it, your service uses a <a href="../swarm-tutorial/rolling-update/index">rolling update</a>.</p> <p>If you use an earlier version and you want to achieve an even balance of load across workers and don’t mind disrupting running tasks, you can force your swarm to re-balance by temporarily scaling the service upward. Use <code class="language-plaintext highlighter-rouge">docker service inspect --pretty &lt;servicename&gt;</code> to see the configured scale of a service. When you use <code class="language-plaintext highlighter-rouge">docker service scale</code>, the nodes with the lowest number of tasks are targeted to receive the new workloads. There may be multiple under-loaded nodes in your swarm. You may need to scale the service up by modest increments a few times to achieve the balance you want across all the nodes.</p> <p>When the load is balanced to your satisfaction, you can scale the service back down to the original scale. You can use <code class="language-plaintext highlighter-rouge">docker service ps</code> to assess the current balance of your service across nodes.</p> <p>See also <a href="../../reference/commandline/service_scale/index"><code class="language-plaintext highlighter-rouge">docker service scale</code></a> and <a href="../../reference/commandline/service_ps/index"><code class="language-plaintext highlighter-rouge">docker service ps</code></a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=container">container</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=manager">manager</a>, <a href="https://docs.docker.com/search/?q=raft">raft</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/admin_guide/" class="_attribution-link">https://docs.docker.com/engine/swarm/admin_guide/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fconfigs%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fconfigs%2Findex.html
new file mode 100644
index 00000000..913b4ce8
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fconfigs%2Findex.html
@@ -0,0 +1,236 @@
+<h1>Store configuration data using Docker Configs</h1>
+
+<h2 id="about-configs">About configs</h2> <p>Docker swarm service configs allow you to store non-sensitive information, such as configuration files, outside a service’s image or running containers. This allows you to keep your images as generic as possible, without the need to bind-mount configuration files into the containers or use environment variables.</p> <p>Configs operate in a similar way to <a href="../secrets/index">secrets</a>, except that they are not encrypted at rest and are mounted directly into the container’s filesystem without the use of RAM disks. Configs can be added or removed from a service at any time, and services can share a config. You can even use configs in conjunction with environment variables or labels, for maximum flexibility. Config values can be generic strings or binary content (up to 500 kb in size).</p> <blockquote> <p><strong>Note</strong>: Docker configs are only available to swarm services, not to standalone containers. To use this feature, consider adapting your container to run as a service with a scale of 1.</p> </blockquote> <p>Configs are supported on both Linux and Windows services.</p> <h3 id="windows-support">Windows support</h3> <p>Docker includes support for configs on Windows containers, but there are differences in the implementations, which are called out in the examples below. Keep the following notable differences in mind:</p> <ul> <li> <p>Config files with custom targets are not directly bind-mounted into Windows containers, since Windows does not support non-directory file bind-mounts. Instead, configs for a container are all mounted in <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\internal\configs</code> (an implementation detail which should not be relied upon by applications) within the container. Symbolic links are used to point from there to the desired target of the config within the container. The default target is <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\configs</code>.</p> </li> <li> <p>When creating a service which uses Windows containers, the options to specify UID, GID, and mode are not supported for configs. Configs are currently only accessible by administrators and users with <code class="language-plaintext highlighter-rouge">system</code> access within the container.</p> </li> <li> <p>On Windows, create or update a service using <code class="language-plaintext highlighter-rouge">--credential-spec</code> with the <code class="language-plaintext highlighter-rouge">config://&lt;config-name&gt;</code> format. This passes the gMSA credentials file directly to nodes before a container starts. No gMSA credentials are written to disk on worker nodes. For more information, refer to <a href="../services/index#gmsa-for-swarm">Deploy services to a swarm</a>.</p> </li> </ul> <h2 id="how-docker-manages-configs">How Docker manages configs</h2> <p>When you add a config to the swarm, Docker sends the config to the swarm manager over a mutual TLS connection. The config is stored in the Raft log, which is encrypted. The entire Raft log is replicated across the other managers, ensuring the same high availability guarantees for configs as for the rest of the swarm management data.</p> <p>When you grant a newly-created or running service access to a config, the config is mounted as a file in the container. The location of the mount point within the container defaults to <code class="language-plaintext highlighter-rouge">/&lt;config-name&gt;</code> in Linux containers. In Windows containers, configs are all mounted into <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\configs</code> and symbolic links are created to the desired location, which defaults to <code class="language-plaintext highlighter-rouge">C:\&lt;config-name&gt;</code>.</p> <p>You can set the ownership (<code class="language-plaintext highlighter-rouge">uid</code> and <code class="language-plaintext highlighter-rouge">gid</code>) for the config, using either the numerical ID or the name of the user or group. You can also specify the file permissions (<code class="language-plaintext highlighter-rouge">mode</code>). These settings are ignored for Windows containers.</p> <ul> <li>If not set, the config is owned by the user running the container command (often <code class="language-plaintext highlighter-rouge">root</code>) and that user’s default group (also often <code class="language-plaintext highlighter-rouge">root</code>).</li> <li>If not set, the config has world-readable permissions (mode <code class="language-plaintext highlighter-rouge">0444</code>), unless a <code class="language-plaintext highlighter-rouge">umask</code> is set within the container, in which case the mode is impacted by that <code class="language-plaintext highlighter-rouge">umask</code> value.</li> </ul> <p>You can update a service to grant it access to additional configs or revoke its access to a given config at any time.</p> <p>A node only has access to configs if the node is a swarm manager or if it is running service tasks which have been granted access to the config. When a container task stops running, the configs shared to it are unmounted from the in-memory filesystem for that container and flushed from the node’s memory.</p> <p>If a node loses connectivity to the swarm while it is running a task container with access to a config, the task container still has access to its configs, but cannot receive updates until the node reconnects to the swarm.</p> <p>You can add or inspect an individual config at any time, or list all configs. You cannot remove a config that a running service is using. See <a href="index#example-rotate-a-config">Rotate a config</a> for a way to remove a config without disrupting running services.</p> <p>To update or roll back configs more easily, consider adding a version number or date to the config name. This is made easier by the ability to control the mount point of the config within a given container.</p> <p>To update a stack, make changes to your Compose file, then re-run <code class="language-plaintext highlighter-rouge">docker stack deploy -c &lt;new-compose-file&gt; &lt;stack-name&gt;</code>. If you use a new config in that file, your services start using them. Keep in mind that configurations are immutable, so you can’t change the file for an existing service. Instead, you create a new config to use a different file</p> <p>You can run <code class="language-plaintext highlighter-rouge">docker stack rm</code> to stop the app and take down the stack. This removes any config that was created by <code class="language-plaintext highlighter-rouge">docker stack deploy</code> with the same stack name. This removes <em>all</em> configs, including those not referenced by services and those remaining after a <code class="language-plaintext highlighter-rouge">docker service update --config-rm</code>.</p> <h2 id="read-more-about-docker-config-commands">Read more about <code class="language-plaintext highlighter-rouge">docker config</code> commands</h2> <p>Use these links to read about specific commands, or continue to the <a href="#advanced-example-use-configs-with-a-nginx-service">example about using configs with a service</a>.</p> <ul> <li><a href="../../reference/commandline/config_create/index"><code class="language-plaintext highlighter-rouge">docker config create</code></a></li> <li><a href="../../reference/commandline/config_inspect/index"><code class="language-plaintext highlighter-rouge">docker config inspect</code></a></li> <li><a href="../../reference/commandline/config_ls/index"><code class="language-plaintext highlighter-rouge">docker config ls</code></a></li> <li><a href="../../reference/commandline/config_rm/index"><code class="language-plaintext highlighter-rouge">docker config rm</code></a></li> </ul> <h2 id="examples">Examples</h2> <p>This section includes graduated examples which illustrate how to use Docker configs.</p> <blockquote> <p><strong>Note</strong>: These examples use a single-Engine swarm and unscaled services for simplicity. The examples use Linux containers, but Windows containers also support configs.</p> </blockquote> <h3 id="defining-and-using-configs-in-compose-files">Defining and using configs in compose files</h3> <p>The <code class="language-plaintext highlighter-rouge">docker stack</code> command supports defining configs in a Compose file. However, the <code class="language-plaintext highlighter-rouge">configs</code> key is not supported for <code class="language-plaintext highlighter-rouge">docker compose</code>. See <a href="../../../compose/compose-file/compose-file-v3/index#configs">the Compose file reference</a> for details.</p> <h3 id="simple-example-get-started-with-configs">Simple example: Get started with configs</h3> <p>This simple example shows how configs work in just a few commands. For a real-world example, continue to <a href="#advanced-example-use-configs-with-a-nginx-service">Advanced example: Use configs with a Nginx service</a>.</p> <ol> <li> <p>Add a config to Docker. The <code class="language-plaintext highlighter-rouge">docker config create</code> command reads standard input because the last argument, which represents the file to read the config from, is set to <code class="language-plaintext highlighter-rouge">-</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ echo "This is a config" | docker config create my-config -
+</pre></div>  </li> <li> <p>Create a <code class="language-plaintext highlighter-rouge">redis</code> service and grant it access to the config. By default, the container can access the config at <code class="language-plaintext highlighter-rouge">/my-config</code>, but you can customize the file name on the container using the <code class="language-plaintext highlighter-rouge">target</code> option.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name redis --config my-config redis:alpine
+</pre></div>  </li> <li> <p>Verify that the task is running without issues using <code class="language-plaintext highlighter-rouge">docker service ps</code>. If everything is working, the output looks similar to this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps redis
+
+ID            NAME     IMAGE         NODE              DESIRED STATE  CURRENT STATE          ERROR  PORTS
+bkna6bpn8r1a  redis.1  redis:alpine  ip-172-31-46-109  Running        Running 8 seconds ago
+</pre></div>  </li> <li> <p>Get the ID of the <code class="language-plaintext highlighter-rouge">redis</code> service task container using <code class="language-plaintext highlighter-rouge">docker ps</code>, so that you can use <code class="language-plaintext highlighter-rouge">docker container exec</code> to connect to the container and read the contents of the config data file, which defaults to being readable by all and has the same name as the name of the config. The first command below illustrates how to find the container ID, and the second and third commands use shell completion to do this automatically.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter name=redis -q
+
+5cb1c2348a59
+
+$ docker container exec $(docker ps --filter name=redis -q) ls -l /my-config
+
+-r--r--r--    1 root     root            12 Jun  5 20:49 my-config
+
+$ docker container exec $(docker ps --filter name=redis -q) cat /my-config
+
+This is a config
+</pre></div>  </li> <li> <p>Try removing the config. The removal fails because the <code class="language-plaintext highlighter-rouge">redis</code> service is running and has access to the config.</p> <div class="highlight"><pre class="highlight" data-language="">
+$ docker config ls
+
+ID                          NAME                CREATED             UPDATED
+fzwcfuqjkvo5foqu7ts7ls578   hello               31 minutes ago      31 minutes ago
+
+
+$ docker config rm my-config
+
+Error response from daemon: rpc error: code = 3 desc = config 'my-config' is
+in use by the following service: redis
+</pre></div>  </li> <li> <p>Remove access to the config from the running <code class="language-plaintext highlighter-rouge">redis</code> service by updating the service.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --config-rm my-config redis
+</pre></div>  </li> <li> <p>Repeat steps 3 and 4 again, verifying that the service no longer has access to the config. The container ID is different, because the <code class="language-plaintext highlighter-rouge">service update</code> command redeploys the service.</p> <pre>$ docker container exec -it $(docker ps --filter name=redis -q) cat /my-config
+
+cat: can't open '/my-config': No such file or directory
+</pre> </li> <li> <p>Stop and remove the service, and remove the config from Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm redis
+
+$ docker config rm my-config
+</pre></div>  </li> </ol> <h3 id="simple-example-use-configs-in-a-windows-service">Simple example: Use configs in a Windows service</h3> <p>This is a very simple example which shows how to use configs with a Microsoft IIS service running on Docker for Windows running Windows containers on Microsoft Windows 10. It is a naive example that stores the webpage in a config.</p> <p>This example assumes that you have PowerShell installed.</p> <ol> <li> <p>Save the following into a new file <code class="language-plaintext highlighter-rouge">index.html</code>.</p> <div class="highlight"><pre class="highlight" data-language="">&lt;html lang="en"&gt;
+  &lt;head&gt;&lt;title&gt;Hello Docker&lt;/title&gt;&lt;/head&gt;
+  &lt;body&gt;
+    &lt;p&gt;Hello Docker! You have deployed a HTML page.&lt;/p&gt;
+  &lt;/body&gt;
+&lt;/html&gt;
+</pre></div>  </li> <li> <p>If you have not already done so, initialize or join the swarm.</p> <div class="highlight"><pre class="highlight" data-language="">docker swarm init
+</pre></div>  </li> <li> <p>Save the <code class="language-plaintext highlighter-rouge">index.html</code> file as a swarm config named <code class="language-plaintext highlighter-rouge">homepage</code>.</p> <div class="highlight"><pre class="highlight" data-language="">docker config create homepage index.html
+</pre></div>  </li> <li> <p>Create an IIS service and grant it access to the <code class="language-plaintext highlighter-rouge">homepage</code> config.</p> <div class="highlight"><pre class="highlight" data-language="">docker service create
+    --name my-iis
+    --publish published=8000,target=8000
+    --config src=homepage,target="\inetpub\wwwroot\index.html"
+    microsoft/iis:nanoserver
+</pre></div>  </li> <li> <p>Access the IIS service at <code class="language-plaintext highlighter-rouge">http://localhost:8000/</code>. It should serve the HTML content from the first step.</p> </li> <li> <p>Remove the service and the config.</p> <div class="highlight"><pre class="highlight" data-language="">docker service rm my-iis
+
+docker config rm homepage
+</pre></div>  </li> </ol> <h3 id="example-use-a-templated-config">Example: Use a templated config</h3> <p>To create a configuration in which the content will be generated using a template engine, use the <code class="language-plaintext highlighter-rouge">--template-driver</code> parameter and specify the engine name as its argument. The template will be rendered when container is created.</p> <ol> <li> <p>Save the following into a new file <code class="language-plaintext highlighter-rouge">index.html.tmpl</code>.</p> <div class="highlight"><pre class="highlight" data-language="">&lt;html lang="en"&gt;
+  &lt;head&gt;&lt;title&gt;Hello Docker&lt;/title&gt;&lt;/head&gt;
+  &lt;body&gt;
+    &lt;p&gt;Hello {{ env "HELLO" }}! I'm service {{ .Service.Name }}.&lt;/p&gt;
+  &lt;/body&gt;
+&lt;/html&gt;
+</pre></div>  </li> <li> <p>Save the <code class="language-plaintext highlighter-rouge">index.html.tmpl</code> file as a swarm config named <code class="language-plaintext highlighter-rouge">homepage</code>. Provide parameter <code class="language-plaintext highlighter-rouge">--template-driver</code> and specify <code class="language-plaintext highlighter-rouge">golang</code> as template engine.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config create --template-driver golang homepage index.html.tmpl
+</pre></div>  </li> <li> <p>Create a service that runs Nginx and has access to the environment variable HELLO and to the config.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+     --name hello-template \
+     --env HELLO="Docker" \
+     --config source=homepage,target=/usr/share/nginx/html/index.html \
+     --publish published=3000,target=80 \
+     nginx:alpine
+</pre></div>  </li> <li> <p>Verify that the service is operational: you can reach the Nginx server, and that the correct output is being served.</p> <div class="highlight"><pre class="highlight" data-language="">$ curl http://0.0.0.0:3000
+
+&lt;html lang="en"&gt;
+  &lt;head&gt;&lt;title&gt;Hello Docker&lt;/title&gt;&lt;/head&gt;
+  &lt;body&gt;
+    &lt;p&gt;Hello Docker! I'm service hello-template.&lt;/p&gt;
+  &lt;/body&gt;
+&lt;/html&gt;
+</pre></div>  </li> </ol> <h3 id="advanced-example-use-configs-with-a-nginx-service">Advanced example: Use configs with a Nginx service</h3> <p>This example is divided into two parts. <a href="#generate-the-site-certificate">The first part</a> is all about generating the site certificate and does not directly involve Docker configs at all, but it sets up <a href="#configure-the-nginx-container">the second part</a>, where you store and use the site certificate as a series of secrets and the Nginx configuration as a config. The example shows how to set options on the config, such as the target location within the container and the file permissions (<code class="language-plaintext highlighter-rouge">mode</code>).</p> <h4 id="generate-the-site-certificate">Generate the site certificate</h4> <p>Generate a root CA and TLS certificate and key for your site. For production sites, you may want to use a service such as <code class="language-plaintext highlighter-rouge">Let’s Encrypt</code> to generate the TLS certificate and key, but this example uses command-line tools. This step is a little complicated, but is only a set-up step so that you have something to store as a Docker secret. If you want to skip these sub-steps, you can <a href="https://letsencrypt.org/getting-started/">use Let’s Encrypt</a> to generate the site key and certificate, name the files <code class="language-plaintext highlighter-rouge">site.key</code> and <code class="language-plaintext highlighter-rouge">site.crt</code>, and skip to <a href="#configure-the-nginx-container">Configure the Nginx container</a>.</p> <ol> <li> <p>Generate a root key.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl genrsa -out "root-ca.key" 4096
+</pre></div>  </li> <li> <p>Generate a CSR using the root key.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl req \
+          -new -key "root-ca.key" \
+          -out "root-ca.csr" -sha256 \
+          -subj '/C=US/ST=CA/L=San Francisco/O=Docker/CN=Swarm Secret Example CA'
+</pre></div>  </li> <li> <p>Configure the root CA. Edit a new file called <code class="language-plaintext highlighter-rouge">root-ca.cnf</code> and paste the following contents into it. This constrains the root CA to only sign leaf certificates and not intermediate CAs.</p> <pre>[root_ca]
+basicConstraints = critical,CA:TRUE,pathlen:1
+keyUsage = critical, nonRepudiation, cRLSign, keyCertSign
+subjectKeyIdentifier=hash
+</pre> </li> <li> <p>Sign the certificate.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl x509 -req -days 3650 -in "root-ca.csr" \
+               -signkey "root-ca.key" -sha256 -out "root-ca.crt" \
+               -extfile "root-ca.cnf" -extensions \
+               root_ca
+</pre></div>  </li> <li> <p>Generate the site key.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl genrsa -out "site.key" 4096
+</pre></div>  </li> <li> <p>Generate the site certificate and sign it with the site key.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl req -new -key "site.key" -out "site.csr" -sha256 \
+          -subj '/C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost'
+</pre></div>  </li> <li> <p>Configure the site certificate. Edit a new file called <code class="language-plaintext highlighter-rouge">site.cnf</code> and paste the following contents into it. This constrains the site certificate so that it can only be used to authenticate a server and can’t be used to sign certificates.</p> <pre>[server]
+authorityKeyIdentifier=keyid,issuer
+basicConstraints = critical,CA:FALSE
+extendedKeyUsage=serverAuth
+keyUsage = critical, digitalSignature, keyEncipherment
+subjectAltName = DNS:localhost, IP:127.0.0.1
+subjectKeyIdentifier=hash
+</pre> </li> <li> <p>Sign the site certificate.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl x509 -req -days 750 -in "site.csr" -sha256 \
+    -CA "root-ca.crt" -CAkey "root-ca.key" -CAcreateserial \
+    -out "site.crt" -extfile "site.cnf" -extensions server
+</pre></div>  </li> <li> <p>The <code class="language-plaintext highlighter-rouge">site.csr</code> and <code class="language-plaintext highlighter-rouge">site.cnf</code> files are not needed by the Nginx service, but you need them if you want to generate a new site certificate. Protect the <code class="language-plaintext highlighter-rouge">root-ca.key</code> file.</p> </li> </ol> <h4 id="configure-the-nginx-container">Configure the Nginx container</h4> <ol> <li> <p>Produce a very basic Nginx configuration that serves static files over HTTPS. The TLS certificate and key are stored as Docker secrets so that they can be rotated easily.</p> <p>In the current directory, create a new file called <code class="language-plaintext highlighter-rouge">site.conf</code> with the following contents:</p> <pre>server {
+    listen                443 ssl;
+    server_name           localhost;
+    ssl_certificate       /run/secrets/site.crt;
+    ssl_certificate_key   /run/secrets/site.key;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+}
+</pre> </li> <li> <p>Create two secrets, representing the key and the certificate. You can store any file as a secret as long as it is smaller than 500 KB. This allows you to decouple the key and certificate from the services that use them. In these examples, the secret name and the file name are the same.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret create site.key site.key
+
+$ docker secret create site.crt site.crt
+</pre></div>  </li> <li> <p>Save the <code class="language-plaintext highlighter-rouge">site.conf</code> file in a Docker config. The first parameter is the name of the config, and the second parameter is the file to read it from.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config create site.conf site.conf
+</pre></div>  <p>List the configs:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config ls
+
+ID                          NAME                CREATED             UPDATED
+4ory233120ccg7biwvy11gl5z   site.conf           4 seconds ago       4 seconds ago
+</pre></div>  </li> <li> <p>Create a service that runs Nginx and has access to the two secrets and the config. Set the mode to <code class="language-plaintext highlighter-rouge">0440</code> so that the file is only readable by its owner and that owner’s group, not the world.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+     --name nginx \
+     --secret site.key \
+     --secret site.crt \
+     --config source=site.conf,target=/etc/nginx/conf.d/site.conf,mode=0440 \
+     --publish published=3000,target=443 \
+     nginx:latest \
+     sh -c "exec nginx -g 'daemon off;'"
+</pre></div>  <p>Within the running containers, the following three files now exist:</p> <ul> <li><code class="language-plaintext highlighter-rouge">/run/secrets/site.key</code></li> <li><code class="language-plaintext highlighter-rouge">/run/secrets/site.crt</code></li> <li><code class="language-plaintext highlighter-rouge">/etc/nginx/conf.d/site.conf</code></li> </ul> </li> <li> <p>Verify that the Nginx service is running.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME   MODE        REPLICAS  IMAGE
+zeskcec62q24  nginx  replicated  1/1       nginx:latest
+
+$ docker service ps nginx
+
+NAME                  IMAGE         NODE  DESIRED STATE  CURRENT STATE          ERROR  PORTS
+nginx.1.9ls3yo9ugcls  nginx:latest  moby  Running        Running 3 minutes ago
+</pre></div>  </li> <li> <p>Verify that the service is operational: you can reach the Nginx server, and that the correct TLS certificate is being used.</p> <div class="highlight"><pre class="highlight" data-language="">$ curl --cacert root-ca.crt https://0.0.0.0:3000
+
+&lt;!DOCTYPE html&gt;
+&lt;html&gt;
+&lt;head&gt;
+&lt;title&gt;Welcome to nginx!&lt;/title&gt;
+&lt;style&gt;
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+&lt;/style&gt;
+&lt;/head&gt;
+&lt;body&gt;
+&lt;h1&gt;Welcome to nginx!&lt;/h1&gt;
+&lt;p&gt;If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.&lt;/p&gt;
+
+&lt;p&gt;For online documentation and support, refer to
+&lt;a href="https://nginx.org"&gt;nginx.org&lt;/a&gt;.&lt;br/&gt;
+Commercial support is available at
+&lt;a href="https://www.nginx.com"&gt;www.nginx.com&lt;/a&gt;.&lt;/p&gt;
+
+&lt;p&gt;&lt;em&gt;Thank you for using nginx.&lt;/em&gt;&lt;/p&gt;
+&lt;/body&gt;
+&lt;/html&gt;
+</pre></div>  <div class="highlight"><pre class="highlight" data-language="">$ openssl s_client -connect 0.0.0.0:3000 -CAfile root-ca.crt
+
+CONNECTED(00000003)
+depth=1 /C=US/ST=CA/L=San Francisco/O=Docker/CN=Swarm Secret Example CA
+verify return:1
+depth=0 /C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost
+verify return:1
+---
+Certificate chain
+ 0 s:/C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost
+   i:/C=US/ST=CA/L=San Francisco/O=Docker/CN=Swarm Secret Example CA
+---
+Server certificate
+-----BEGIN CERTIFICATE-----
+…
+-----END CERTIFICATE-----
+subject=/C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost
+issuer=/C=US/ST=CA/L=San Francisco/O=Docker/CN=Swarm Secret Example CA
+---
+No client certificate CA names sent
+---
+SSL handshake has read 1663 bytes and written 712 bytes
+---
+New, TLSv1/SSLv3, Cipher is AES256-SHA
+Server public key is 4096 bit
+Secure Renegotiation IS supported
+Compression: NONE
+Expansion: NONE
+SSL-Session:
+    Protocol  : TLSv1
+    Cipher    : AES256-SHA
+    Session-ID: A1A8BF35549C5715648A12FD7B7E3D861539316B03440187D9DA6C2E48822853
+    Session-ID-ctx:
+    Master-Key: F39D1B12274BA16D3A906F390A61438221E381952E9E1E05D3DD784F0135FB81353DA38C6D5C021CB926E844DFC49FC4
+    Key-Arg   : None
+    Start Time: 1481685096
+    Timeout   : 300 (sec)
+    Verify return code: 0 (ok)
+</pre></div>  </li> <li> <p>Unless you are going to continue to the next example, clean up after running this example by removing the <code class="language-plaintext highlighter-rouge">nginx</code> service and the stored secrets and config.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm nginx
+
+$ docker secret rm site.crt site.key
+
+$ docker config rm site.conf
+</pre></div>  </li> </ol> <p>You have now configured a Nginx service with its configuration decoupled from its image. You could run multiple sites with exactly the same image but separate configurations, without the need to build a custom image at all.</p> <h3 id="example-rotate-a-config">Example: Rotate a config</h3> <p>To rotate a config, you first save a new config with a different name than the one that is currently in use. You then redeploy the service, removing the old config and adding the new config at the same mount point within the container. This example builds upon the previous one by rotating the <code class="language-plaintext highlighter-rouge">site.conf</code> configuration file.</p> <ol> <li> <p>Edit the <code class="language-plaintext highlighter-rouge">site.conf</code> file locally. Add <code class="language-plaintext highlighter-rouge">index.php</code> to the <code class="language-plaintext highlighter-rouge">index</code> line, and save the file.</p> <pre>server {
+    listen                443 ssl;
+    server_name           localhost;
+    ssl_certificate       /run/secrets/site.crt;
+    ssl_certificate_key   /run/secrets/site.key;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm index.php;
+    }
+}
+</pre> </li> <li> <p>Create a new Docker config using the new <code class="language-plaintext highlighter-rouge">site.conf</code>, called <code class="language-plaintext highlighter-rouge">site-v2.conf</code>.</p> <pre>$ docker config create site-v2.conf site.conf
+</pre> </li> <li> <p>Update the <code class="language-plaintext highlighter-rouge">nginx</code> service to use the new config instead of the old one.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+  --config-rm site.conf \
+  --config-add source=site-v2.conf,target=/etc/nginx/conf.d/site.conf,mode=0440 \
+  nginx
+</pre></div>  </li> <li> <p>Verify that the <code class="language-plaintext highlighter-rouge">nginx</code> service is fully re-deployed, using <code class="language-plaintext highlighter-rouge">docker service ps nginx</code>. When it is, you can remove the old <code class="language-plaintext highlighter-rouge">site.conf</code> config.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config rm site.conf
+</pre></div>  </li> <li> <p>To clean up, you can remove the <code class="language-plaintext highlighter-rouge">nginx</code> service, as well as the secrets and configs.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm nginx
+
+$ docker secret rm site.crt site.key
+
+$ docker config rm site-v2.conf
+</pre></div>  </li> </ol> <p>You have now updated your <code class="language-plaintext highlighter-rouge">nginx</code> service’s configuration without the need to rebuild its image.</p> 
+<p><a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=configuration">configuration</a>, <a href="https://docs.docker.com/search/?q=configs">configs</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/configs/" class="_attribution-link">https://docs.docker.com/engine/swarm/configs/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fhow-swarm-mode-works%2Fnodes%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fhow-swarm-mode-works%2Fnodes%2Findex.html
new file mode 100644
index 00000000..adccc947
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fhow-swarm-mode-works%2Fnodes%2Findex.html
@@ -0,0 +1,11 @@
+<h1>How nodes work</h1>
+
+<p>Docker Engine 1.12 introduces swarm mode that enables you to create a cluster of one or more Docker Engines called a swarm. A swarm consists of one or more nodes: physical or virtual machines running Docker Engine 1.12 or later in swarm mode.</p> <p>There are two types of nodes: <a href="#manager-nodes"><strong>managers</strong></a> and <a href="#worker-nodes"><strong>workers</strong></a>.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABLcAAAI2CAMAAACVGpp7AAADAFBMVEXk+fn//v4AoqL//v7M9PQUiMb8/P3R7v3n9v3///8AoaH5+vr7+/vp9/4Rh8UQhsUOhcXu+//q//7j+Pjt+v8NhMTU8f/4+PjT+ffZ8//S9/f5/f7p/Pvr/fzm9v3U8P5fr9skQ1YaOE3m+vo6nNCW3d215+cKg8Ss4uMAoKAeO08ePVORyOae4uLV9P/P9vYkkMrX8v/i9/d+z8+54ff2/PyCv+L9//8jQVPm/PwSh8bm8vmg3d3o9vaT19ir1u2ezuoZiseK0dKNxOPp+f/r+P7R8f/k9PzZ9v/+///w/f/Q+vrU/fr6/f59vuHA4PEaNUmEnanh8fklPk7U6O3Y6/HG6PqKoq8xl84eQVsoR1vd7vaRqbQejcnI5vSYr7tksdvf9fao1/HZ8PovTF4wRFKRoKnK3eRwt92x1+3O4+WgtsF+mKXO7P1Xq9fP4urb8/Sl0epMpdXD8fOUzOvL7+9CodOJx+jN9fYqsbIhj8k6SlZyiZbF2eAoksvM+PkjSGQ1U2WZqLDE4/SmvMZFotQnT2rA1Nyrwcp1jZtshJK43O5DYHJFUVt5k6BngI60ydKvxc7n6+vO6fXs8PA9WmpMaHdhe4pOgKTV7PWir7a+x8yrt760v8W80djFz9LM1thOWWA0YIG67PCv0d2ImaJdxsZ8tt2w3PRjlLV/kZu4zdV8sM3x8/SRm5XU2trA5+dUbnza4OGHwuLR9e5BcJP7/v92ycmo4OCYyuYaq6zv+/s5aY3h5ufT7PhadYRiaWpYi60nVHTI7P8CnZ0Mpqfs9vp/i4f09vdXY2Z9goCjrqXG7e1nc3PE4NRzeHaRwtubo5zM7OEzWnW22N5wf35JeZmLjop0pcSixNW7xbyHt9NHbISutao9uLnh8vL9/f670sWj2Ohqnr2b0eSIq78ac6UTispLv8BIotP0+vxmi5+vv7V4n7WWuciG0NCt3+zs/vTP0sYWfbbW8PkNi49qyclZf5ay5fDa/f2G1tYdZ5J1vN8eX3wWdn8JlrJ54NAhAAAgAElEQVR42uycX0gcSR7H916SCZd+KGkuBGHC9GN1XhbW3BwiBrbnTArUWec2Mom4DzoGbxPEZwlMophj1fxRzz9nzEZJHtz8EQ0eyGiiLkxwRIzMxn+JJBB80U0ehkBe7uGqumecLleHOcmdTu77IdDT86v6TXWl/fjr6h6/OAQAAPuQ31m8MTlw4MDhw4d/Lzhy5MgXmB0AALwFAADwFgAA3oK3AADwFgAAwFsAAHgL3gIAwFsAAABvAQAAvAUAgLcAAADeAgAAeAsAAG8BAAC8BQAA8BYAAN4CAAB4CwAA4C0AALwFAADwFgAAwFsAAHgL3gIAwFsAAABvAQDgLXgLAABv7SnhXDtv7KFCKRSWuq1LsRwpJnc7bQ9l20Ml69Ish6R+hfbY6RQjyZFi6+ke3Ju0Dy5VytOfYL5Op0iZ/sGlPV/ru0v5aebrzaefr0M7nl8pR5JtD/1xl+cXvLVXnDt+wsbX4WwbJY9toaL8Qnusqcjer9seyjlujx0P2UKF3fZeRdVSymop5Tl7KPS1vdvouj1lm71bUbGUslZKmWsP5UoHV2sPFdZLKcvtKXNO2mOPU82XlLJYGkmbPbY+ag8dtx9ctjxfTdm7m68cab5OpDlfj6X5CqeYr+J052vL+XVi5/nacn4VSvNVtJv5KkwxX2F5vqRp3nJ+SedQdw68tTeM/qs2P0l1icO5iaMi306x4rTFyqXYE3vMWW0PNRXYUiofpG71Usp6KVZhH0lBipRPpG7l0kiKd05ZIqUstvdS2qRubVLKpvx058thT5livgrklCkObrfztfPB1balPV/5+2S+HFvny7nz+SWlTPtkkOdr5/PLU3siF97aG04WfVA9SZwOOx47ihRSpJgjRbdPnzLlx6VIqXzybp79c3D/25Tpd1My7+DSTenJh7f2rN4qeiL/7wIA0kKBt/aw3oK3ANgNqLdQbwGAegveSn9dHt4CAPVWZtE0WgFvAYB6K7MgOP8AQL2VYWy5lQ8AQL0FbwGAegvegrcAQL0FbwEAUG/BWwD8H3gL30+EtwDItOvE8uJ1eAveAhmDSuKoxrZxQ8Q+f3H98xC8BW+BjPmBvXPzhsXtGqe6jbZab1WVfl+hqp/3NDiz4S14C2SMttonaBzX5VfLv7GTMT5BNW/jweGf6j3wFrwFb4F94i29scOkjtLg3a3iIjPU9apz4E5L8Ct4C96Ct8C+wGif0LpKTAYXA3Tk6JY4W9T6LzIW8zUWw1vw1n8FFd4C/3m9pXU5FY6hhiLUspNKVA7hL42cRW9XFmExd+MZZvvWvqKaLeIr+6phqESxFvE9huic2LO1EiH+htmbECuB6tjSLN5AjMDKHB/HljsJ4m2zqUJUs7c5IjGKRPr4HQVFtDasD4C39uehteWX4OcQ7KLeiv++Y/O+YK3qMDw99552dFz/rttj3Kmapv2lZd9F3GcvlCVXuJS83mcdHR+XC4Ta8np/6OjofF/CxcB73h2uGuJ7FTyiDlc97Ri6tuwUFiHi/Y4LxdwsztYrZd2809C1X4RMyOBmM6Pnm2XRONwrtob5KZ1r5ZJyFE8Pf3ejabDqvVMZr/r+Lz/xgShG3q0XvG0DH5EyfqWsnH+8MlzFt57eb365IzrcNeCtfUl+Ef6ODdhVvWUpjEWoWMXKW3RrGuX/xsrZI6/ucmt6UHO5vP5RsrlYP+sTTfSPFYox/MJ8TUe41ljE+3Taq/H9hWOK2tNi5tEHCricVqydxpeGwxgMBHknsfdcdagrm80U3r+L60V5OMu3SnvEzKxFq+0VV/hRgL/rnZr1jjnVmI9vNd54mI+I8hEtlHuMmC9YzVWnrnj5NjTnHWrxuqnmf2fAW/uR6hPwFthNvWWY12OvZwJ07KhCZnzujzev9s66tSV259YsHWto+Nu8O7jW0JbQRyiiuTfu338W0N6q7bOay3o99sHDFqnPv3Hz1oRbf8laJ7Tm9zyPrj8naiygRdeu9k5Tbj9jsM5Fo2s3FgO0/0ujdTrZjHtrktvF+XBWmzTIqu/stfu35yu1kVO2BbdVn/5q+fZiQHePcG/xTM2dzcv8KOKjGDnKP6tReCu04uPbUER3+99d6pmg/ucE3oK3wOdyPzF6/QfO02Y3DY4S/oZ3pICojPuky7nt+pYRC+gDBiGhiHfqz1wj7/hrNuPTHxDuLdcS3xnu494ZrPOfzCastU9fMsJzWrSJqcJlI6fUwTp3fzkj7BEN5jPerDbRLO4txfSWKL6yeJ952n9ms+ASmhs5yPvOuHXTW3p/GzvnXPX511Q+onkfF2bcW2rcW9S/xrOMT0v6g7fgLZDR9ZbOLwv5lZeuVz4Vj0Hk9lbdZYSQHK4Np8K4t5zcVG7b/UTum6kzqvDX9bKSiNb/B7HK9ZAbqUDcfTzmMQuyLu4tfaPGIOz8pW7x+kG2SLrCr+GY2GNcLLGA6a1Es28dUr3FIlp0uURlr6/WJBdulVjAv8ys61vhrQD3lMMIzWljp8Qo2rlss7bUW1r/lx6zTmtsUuEteAt8HvUWjV64d6+zUj+7ZpgXUoSFz99oqJqtpDt4K/RCW3BaK2KM62PAiMsseox7a6RA7PBeRt6cpl9+VXq/hHnUmNu/caWMs+jyPxclllgr4zYL5pP2eLMC5nFI9Za6EtBdzRsNNYwlx0tWadSsvvhHmN7yjzKzCHtrOkmI89SWess7IEKi/EtxoQhvwVsgw9a3+IUg62nRG5eJea9wpqOSejXq8m3vLYVf9CVuQYqy563lrXkaPWi15mYTW2Nw1k01zdX8roKtul1U06y67iUTvhJ3H83tZrO1o4pUbznC8y3i9sDlj9XJOik0wz9GMT1p1VtiCV54a0mN23PTW4l6y2sqzTPcor9MscCF7yfCWyDz7ieylQA1L6TCi1SrHOosvSHstG29tektRWXbe8vaquEf7w1dppQOZK36gteqBKVVpZdI3FuGtU0044WbVG85FDZ863qzi9Kp5AUemUnUWzt4a5t6a4mY9VZLinrLU1wbhrfgLZBJ9ZZQjcJLFbpQoIilqIXzTsZydvRWKGJdDTpb75Wdn9W6TG+FxNKWVG85ztUYLPzXf/TRxp/5deJJsb7FyLdOxZDqrWSzqTNyvZVbU8HI6x8jAW1pUzjhFeshB3MQCW8J+U4a8aGN/abemhTtRdPanb2Fv78Fb4EMrLd40TKh6w+IykujWqY4jPE+eX2rPlnzzNNgExMlms+fv0gbxbOkvDkXmL3eyvr1780XPQ5DLIh/Nd5CJ7MUsTp+ubmW2esttppsVp8T0Rb+JB5Y5c2N1rnKNeYwSHtffPHKYZVNvHxTHDwH3fSWI/RMi54hZkdtMksYSgyPD81cl49eVM296MUdv6qEv3cKb4FMrLesxxumitmK27+URUjrC93uLZf/uSPxNTIP18pIOWPDE2Zxoy+Ui+bi+Sh7vWXEfPpAASHtES4MXo3515yExPq06BPVXm+xRLM58zqTBpcJGZ9zc2+JZyeqeYm2Uqc92CyUFJ4puHbOE5t2+5Le8ohRtBE2Pkf9J4XSuipI+Nc6t/UchL7xb/bONqStLI3jnyTOhzgV0gP5MGZyWVg4d7hsoAPZKcUuTa6Xwqzppi/EnW1hTJT6siIs8yUdiGk3ujW2dkRb++IbKVVHuquDH4q2tQqKLdKKWps2ZbeIGRabfKlQSlfY59ybxERjm76p0ecP9d6c8zznnBTz6/+cc3Oq3Z/93BnZQEiOb+QWcguVjn6L0YbSC78Hn1WwcOwq/DR2aKPcgsljldcfpccXk1Y6VdZdxx4iHbgO92e62yntilIuup94l+MDB66OW/lHGlNfO7w4MuZkdDPF+61stu3IwigLA/7Yz59upHarvJ9IPQtFM06u4+iyUTLdHOJ4b5ODL4jjVuborDIKjp8zqaFFo/dEr7HAoXDLSANlMw6uo2Htb4aj30JuodLLb1mi3GJTQ/7B/kvjbOvPHoIJY65GIZF6z6yRWmKrTOqBp+1sp8/rBwczek/Z9QtpzZkxbo2x/cSbYw62g1gVylPDDG5GD/c8S2Hf81H8FrvGwuZz1Jnmp6wxWxfjXqbmOeuFswUSnrv6om+sjtKq+RnujskU5ZZ6jzKKxnnoy9Qn71B2lNa55Hli/wRr82X+G75ZjX5rA7mF309EvbvaWopjE8CSlpaKTM1PV9zHaiqy91S3NKvVfS3FMhdaa85VLCdl37zsdtc0Z0fvWTz88qlLWuQg5WoaaJNrNOzX0jTKXtQXspR/V1cXZsauCWGavsvu0mrTTbmd7JtXLrpLW/ISgPPnnP191S0NX99nS/HRljLV2ZB47FyDfBKEaXfrxWPnmkfbqgvV7PmtPZfcx1py3nQgBPqtjdNocx5+ClHvOlE0aZaPeTBr2CHzJnbkPDvPgZEkWg1lcctDOfKp85FE+V6pNEeiI9f4KCVF/pdVLbe8fGU1mrjGNJFec+SRaOL/NTb3DXkr92s0+/vq2KMP6tjxNDlxo1AOzTdnskq2n8iaefMxNui3NlDZeP4WaqvPa39q5waLTea+GSrPNd+qAeXRircI/dYGCs87RW15DdyzcvampiqOD5kyPxq30G8ht1CoT6jR570OSgsC4ZyUVnMHZhvn0G8ht1CojZVmd9vPLT/mpfp/Ov7pUArHAKPfQm6hUJ92K4Gdcpjy1rnalEIo+i3kFgqVbjLn/oLcQm6hUOmlwt3fIreQWyhUegnP30JuoVBpJjzvFLmFQiG3kFvILRQKubVVuaX5YG4h+FDILeTWuurrvA/EjvnkD79BoTaV/qdGbm1tbtXu+8BzbMz5f9i5A4XaRPrtX5Fbn+H5W2/h1l+yMj7fiUJtEmVl7PgSufUZnnf6Vm5988OXKNQm0e+ykFvIrVS4lbU3T4tCbQoZ/rsDuYXcSolbfzOoUKjNob/v2IncQm4ht1Bpxq318luZ3yK3kFsoVFr5LTV+rxq5hUpP6UhUuu3mt8y5+/AcG+QWKr1EBIGoGk7m1077fNPTtflHG5SibeO38NxA5BYq3ahFpsNlZ5u8jY1VVXa7vaqqsdHbdPZAuJaQDefWDuQWcgu5hUoyPfSdt1PK88Y48Uae8lWnfWSjubVe61vILeQWKp0khAuoUa83rhQUUbufbDC30G9teW7l/hG5hXpnt3WykQdouTxLS69BwWCQXZaWPAVALuptQL+F3Pq0yr+B3EK9s93yg7HyBHdm/Koodn0RdBmNBRs7U0S/tQ249Z8PPT4rjbhFpI81TEHSJd1fW6sqPlWri/x4j26FTfKsgSGs1+tdS8Hgi6yMZX3+IhhcKoCasIB+C7n1aWXePtyqD/tXw+Z9Rn6rJly7iiC66lJ/ebKqBNjI9Unzk4YnqOFUOF+Xck6KjHsvFBLwW2x1S+9yeYaHh5eWluCnx+ViRXq9Hf0Wcgu59bHUPGTpL19RJhb/Y+87f8jEkjrumnZlqXbMMjhCSur4FVW3LobE+FT+mrQ6aI3wRJPzzMH/kjSt2b0655Z7rXbempqC3/Ir2NIb9Ymr8nLhhs8T0W8ht7YSt7iH5Sux1c5/ZXgPbtmScYtLxi3DdcvDOG4VO2Vu2dbiVmJ4osl55rDtS5Zm6LbcEVMoS6LCsZTCkvotjyvJfqLLg34LuYXc+sTcarPbbnwkbkmMW7qG0mPHdSvIcCGODKyevIFbi4nhKXFrcWY1fJKVpZiaqt8K7nwRfK1MEWUtLb0OvsgK6o129FvILeTWR+aWIOjYl1GIvIj+T6fthryQzopEZa2HCIQQFfyBq4GwlwqtBKJTiSxtFbfYIhmRuaUSJXnxn8USAe5ECUDEbgQDRBGB1cv5ki7ashwXucbCoU3d8uqbCOMQpURuKV2wYUsAHzlHUN5YtEzZhoh7Z0lTu+QwIix3B0Mlkb+f1bnLfiv4a0aGspmYlZWREd1Y3AzcWi+/VYncQm6tE7caviurPXfW6335QFTpzp126BfKKnWioQaKAqGT8GEl9Wf89b3ehdyfz4SLi5qgtJZ9DEnFdxDStBAWV3GL1J+A9nyK3ypizS2eOg3NlVUSseLAON9RNl/ecCSU3+0N9ByFegHyn1zu9TaFjiv9zTMbqKuBa8mBdjlcJRRfbfJ6FyrlnTlSUdTrDczHc0u8VSqPOJeIxZATKOspFxdrunu93tuhXUQVLVPBUM5D3PzhZZREU48TXfHVSJhQ3a10B4yqOBD61wlv4ImKLF5emRvntwoYt1ZrG/ktc23lKHILubUe3GILULcdHKXUNidqxyx6PeV6pOZuKOIp17HXoBImLYE6C8ddm7R4xy2UcrSjE+xJazvH8RDCd4kr5nnCJEvmCqqsbH3LyV3TLs5a5VjXE6HVyuuNlo6REqfrNuUsgz8q61t6r5X153kgqITrFvBpMKG8C1clfHBEuNIuD8j1CGZxpHUc+qW0sWCZW81jShfQwrNIDitiOTDeSFn/CDl4l8Vx3ODxGEua78ZSHyth5Qa3U+lurlxF2hyuXgtn6RcPzsi5tL+TrOW3Vmk7+a3MTDw3ELm1XtxqN1qHQ/VFddTzvaHFbdeHTtVqr1P+oX/aXcd17NIJk1ajLXA+sAuuxpf+mgkj7RJYsifk87kbedf3hgRukUsOOhWeLnLyMrfYFPAxuDif72IjHd51sGaCC4T9KkAVnTrb9EiuhxfWqSeQAgE64FY/cEssHOP6RypOTVAIF1ud1DPvq5mw2nqg7wlq6/LVDFF9jFvCU6sNunBX0Y7DFad66cOwX7hnheH6amaMdE6IlKkW73Ks8KqTGzysi6Xq41I5lvoc3sK8r3Tcyj8SSJuTDdX7RFqdm7i+td39Fp53itxaR27xw5USkZ46+GtaZX1LaHPSC+UCkS454SMP3OLviNqj7NolGIRDQxT8z2MH3yMRAkiyrdgPXLzPTXVCg/DZj3Dr1SQYLLmkaq9BWbBizz8M50q3yiPcUsbw3MFDfwq3VDK3lPUtAe49eyUiHJoAuABVACcGoWKIX+bWrGVQZO9CP/W9QV7fEpqHwHNpIUd+m8r6FjAV/KFB7qkn8jCoNAtWiqUaldQuSTg4RKeOQ3clQwBSQ5uT7+iUGsofr85Fv4XcQm5tELfoHSnyIJVWbANuGcCpeDolQRDAYQyOSJNWcGIqIkxSTye8L4nN40hx6ZHDEAGIW8EtUlzHz7EGFye4GLeo61E+ERanaw9H9hOhO9oFUSTKLfZCVXgfUCXFc0sJJyz6FfT26pLD9pU0xnUww/N/9u42tIk0DwA49yEk9yFNC8lAEIwZhMCTMjjg9UK+rGXJNLdwrTZe2mT7hkm1dU17LdKF7VbSq1bXWt0l2LV6vrTkg8qyrIgLhaXaCiu6yFq0tjl7n6QLdbVfLBTZLtzzzEuSJpHr2o7N5Pn/Pxg7zvMymvn5nyeT/5AcS3HLO4Oi833iEBF9SPxQcPxETcLLWclBPFW2cTMYIvHIHrLKx5R4W7/YNK40ZS5jGMl8OFFl7Bb+ScBDTPpJ2+pUW1jfArfArc3Kt2ZFt0aSblnxmXxoD4mH5DSfIldvZNkKjUqv2C2b4PW2f7lYd/KUPdMtQgs5fMk30SV8lefsvT0fF7z6lFvysJJbEkB4qFF/LrcwJE/FCV0POr9R3BAOdCfdYi50O129y/Nxhgwh3czAvRm/dLTx0I0wSroVmkaT0pHdR6PyxR6D8yjX2fSm3EtftIOXb6idxW4FnnnJLRJoco/cVlyAg3wL3MqfKDFQ5xYxJ92tpQdOFysGQpNXvaJTilfKK3N8ute+ezfrynSL5CiiWzhrk92yMi9HXIhFwblnTMqtgDSs7NZhuQl2Mtst3KcdSTNysbMhxa2DI6l1+aXzI3jOKDz3iFHcGt5/Kox2s067L+nW8EPlyJw4eVIWuM4PktmlmuJELrpPdKt9hH1O3Cq16oXhO6m/ldGMBS5Y3wK3NjeqGyqodyv0AD2ukWPen9MtpmeEdZ66/eviie5st4KHM9zSe2NHPx8KIxR4xOV2K7hLbDKV2y2cEgUm6sT51NV0LN1hJ7LcErztR08OBRGKjnGSUbYZhC1afhWfZtPcQqPJI7ubavrJqqZvcSu9bQTyLXArn+KDyiUj7W5Zv2VH74qrQLG+zDxLfvV+iwKzDZzXm7W+JVxuln5IXSdaYz1VnHf8+PVmdI7ca5Er3yoTm8ywyetEIfQg5RYe5RuyvsVZqyJCaJoVYSOTTboV6+nD0710vZmdkPDBbZy3WvHlrDfNLes0+4OQPLKsptfkpv9xBcas0gjOWdkt3EOOtrC+BW7lRVBU7/RtblnJgvczcWl9Onwrd74V+pksumNpfvJlurX3PvtUsJFX5fPE0IPwBKcXyGL4U8ktW6Zb6By54/TgCL4C9BI1beQHlHQL93WLjO39b+/jR2+mfNFdVrIallqXH54OXyNDhEgupixSBT4UV/5HlPUtjtzTIW4U/vEwfE7Ot4Z/lpr+U2nKMQcG0QS545SMMKa4hdtGx0jbvXeSbSHfArfArXxwK+x8HongU33yEcctTflw9pLTLes9NNnh5fiLg67M+yB4fLLPCvzwPVfy/q2Z3dFnDMddGMTdWe+xowOx5C32sluu4DcMv3caBUo5fH1pnxW49gcun+gW2Z2bQs4JP89fHmEnr/JXBtEPA9LYils4OevHM+YvdrPPOZIZ7SS3LTzHW9qnnWI/eFtVTOgZRKMdHD8842Nn5XsZlkhTJq1pVSR0D0XxFPh/d2MuGdkt4YrYlktvC+tb4Ba4lQduHRx0Bs/OvnnZjILLp2/4pPtOc7iFsxln/+ma2812u/NaRj2HvXfYwNwXQyjl1pVBNnj70Jkw299hw1eY9t5b/ox8y+Wzz31+HzmvCaIP9rkzZ1GYeCPvvvcOcp46fbIbkftOsWzo8ckzzWn3nTKXu9ng8qGvw+zjqzbvDGnz3X0UWK75YhAFXaN+eZuf+6kZRZdPD/nYW8rSeo6md6+MkEO4bWcnO3jFLXHYjLaQb4Fb4Nbmu6W3TTW72HMcd3FI/ABwuZXPvb5lW9ofRizrnEvgBOXu6mI1zIHpZtx47nrq88QLN0h3gbkxXi/03Heh6L6MfCt4aATv0P8qQr7NfJF8+hiY2E/cYsTdr/Lt98TxHj8jK/Khfw3iH6Kv0tbl5Rnb5zp48h0kF+rfeZlsYftfnScfcErbrjLc+VNkv+ivO5OW5GjKSYeAN3H6pFt6PtnWButb4Ba4tTkxfjw+gH99EheXmeVX2/FEAm/lYl821i3GBXLCtZMbMrNe+Z5P8A5+b1+8NaL0ocBlu9Q4n/DHUt0zuLtGvLdYaaH9q0Tcj7f75WH95JfIgaN1iwNyAYr2E42NcUFsL++uF/ieo6RT6QKNa8d7tzLHpT6kTbGvyIwjqSG42Im6+cQAJ09B6kfPNZD9WtOfapjdVDwEZVPsiTKM0jarIATkW1Ihm+/BLXBL9WDEk1d5IDzPyFVrxGoyAn5VCtYwOV/FHWxSJ5kPlSd/ZhPSuhfkvaX2HJMxrFgnJvVsZ0H8vTyOIJe3IRt526o9Vj1SNW3GchuyU2qoZD/pI72tqT59PqlhcrSF9a0UWw19L8AtcAtCKyHmW69pz7c8HZVQfwvcgtBMkHzL9Zv8GDJFLDFe/2530VJfHuo0g1sQmsq3noRddlf0999++eV1MsjTXyejeHtvFdSXB7fALYj8g+s0Io/y8ZGn9wSjOILBoN3uI0/GcKE9m8oW1JcHt8AtiJxhi+zpdSInefKY3S4/goz8zolcZ2s2eW6Qb1Hg1geV4BbEOwRXNf/1UG9w1VPIgmeHzjRWcZvuFuRbBe/WxwPVBnAL4h1SLo6LVcUTicXG+Zo9NfONi4nEk6pYztsmIN8CtzY66Km/BbHxy1wMz3NK8DzD5MOkIN+iwS166p1C0BGQb4Fb4BaE9tyCfAvcArcgIN+CfAvcgoCAfAvcArcgIDYj3+oAt8AtCAiN5VuxBqgHoW23rDYIiPyIBai/BW6tza2ynRAQeRLbod4puLUmt3T1OyAg8iTKdVBfHtxak1vuIgiIPAkduAVurcGt8mKTCoHffjoTVUHfEZvc6hyyow3cKnS3zOt1a7xUjRhrKtaVl5VSFGOdxe4jH5ZSdcgL+JDV6LjVAG4Vtlt9u0Lr/dcrMasQW3Y53PXjH5npib9UOkzb1fnLzNfY0oQP2bPxh1ziAbcK260/ta63/pZKUXIYuxXzGOgJzwo+iasNNEUJcatCu/MHtzYt1l3vVK23dKnD/RlVbplbLFS6tRXcArcKyq0d41TlW/S5Zd7mMHWBW+BWQblVRJ9bXRWUuWUBt8CtgnLrU0fREarcMlLpVvECuAVuFZpbRopOYk+TpZgytzxt2C0DuAVuFYxb5ps0unWMPrc6NZwhD4z9CG6BW3S7ZcRuLYBbWpo+1N8CtzLdKnOYapeocmsbdW4ZNe4W1DsFt3K5FaLNrU763GoDt8CtAnKrkja3DMStrVS5ZdC2W1BfHtwCt8hJTJtbnZBvgVvv5tbNPHWLfFuPMreKtbzY8y6xlbil3X9jyLc2L15U5+eSimfFQp9blja63KrofG8llSHfgvpb4JYqyQe4BfkWuLXW8OSpWy3UudVJn1sLkG+BW4XnVjVNbpHko81InVtNkG+BWwXlVnEXdW5to8ytY9gt7X53HvItcCvr/zI63fLQ5VaXpt2CfAvcyvq/rIk6txZoc8tYjd1q0XC+1VoKboFb2W5VUOXWMRO4panYWvHjX8EtcCvTLbqqulR0mbR80fRObm03adktg+Hvfwa3wK1V72nqqiPQ55ZB625B3UBwi3q38EnsaDJTlW+FsFsr4Ba4VVhuUVXVxUifWx5wC9wqsO/5GNuKLXRVRyButVCXbzlWzOAWuPVH428vQhX56xZti9TUuVVrclSCW+DWH498rWNDnYma/RsAACAASURBVFuGanwSt5SAW+AWuLUGt/K0bqBY1SVPb98ymtWICnwSr2xRo+f1ryAZPWqEmbhV9pEKPRvBLXBrc97U5FvGZk8+vqc9fZVqxMoOd3FXmRo9l653KcC41NegRgwcMVlaYip0PA5ugVv/5yyONW1rUiGOFBXVNqkS64Xa3OFQIyxunc6kSs+163WrpKz8M1VCp9PVq9Bt/XsqMgFuaditqnKHRYXAZ3GRGv1aysfX7VYRnptJI+HWmbav261KR5Eqgd1yq9Dt+1phALe07FZ9kc5UrJEw6dz1G+LWkVqNRP2GuGXBuaB2pC5+X/WAvge3NO1W7bEuTcSx2qINcctdvs+vkWizbIhb7vqbn2okak3vy62lj7eAWxp2q6jUFtFEMDf/x87ZxUSR5AE89zDBewAxwUrmZed6solJ1aaTTlivwgsaQtu5B0dsxMzcOhiZOQ8EOczFTUQMc7CjHB+7ZjIIfkMwASUkhLDJ5gjy8UDQGCF8CMo+bAwPe348kfhyD/ev6pkBXXAcHWUH/6WJzH+qWqqr6je/f3VP70wSt7o1hyMtBf7YjyaHWxnnKuxaapRP9vDn/NwBfI5NSnPrn1paShT7t0njliM1eqz9KVncKkpLkfJdZuan4hY+NxC5hdxCbiWJW5/It/B5p8gt5BZyC30LuYXcWncVI7fQt9C3tgC3cvejbyG30LfQt1Kq/MFbhb6F3ELfQt9KsfKhz99C30JuoW8htz51yf+cuIW+hb6FvoXcQt9CbqFvIbeQW+hbyC30LeQWcgt9C30LfQu5hb6F3ELfklO/aj9yC7mFvoXcSinfSneV/ge5hdxC30JupZJvbUv/8x+RW8gt9C3kVir5Fj7vFLmFvoXcSjnfQm4ht9C3kFvoW8gt5Bb6FvoWcmurcmsH+hZyC30LuZVa5a+NB9G3kFvoW8itlCq5+1fw+VvILfQt5FZKFXzeKXILfQu5hdxC30JuoW8ht5Bb6FvILfQt5Bb6FnILfQu5hdxKSd9KuN/pqc6t9+0x+tYG5UfkFnLrE/tW+nCCd67tG85/N26FoFS8GfgdcOuL4QTHtqQkH33rLVSva/wvcmuLcks3oGhvBhyb7ltZVUcTXcWnvFnvwC31SjgQDjxVYwHySzgcnqkim82t/N0DOxIc2pMWuOJxSw4p+Z2MMT5/C7mVBG5VFi8vL/+0Zg4XikCjY5N9KyvXdjI/sZ4ePPOlBFc8bj32c06HxlcDfZRzZY+2ydzKz9u1O0Fu1WWckuCKwy29BkZ0uXT1jOjHv4FAkWOL+xY+73Trcku/4XfSA4PjsTmsPjed1Dmgba5vZeUe2ZUgt9IPntslwRWHW/pjv6Lw2lVOFU5yRfFsNrey8nIS59beXdK44nBL/dlJ6YEedQ2pD1Bn7THHFvctfL781uUWuVHNYRUfi1XQJqiiKFPapvoWYGv7zoR961xGpgBXfN+CDrLYMiby9WZzKz8vJ+M9uGXbKcAVl1sAZt656lftI0zhwWPoW8itVOWWQ3BLYQtG1EbKOuC1e2pTfUtgy7Yzcd/KsAlwxeGW4JTHY8YSRfsj+hq3dELI641F5PVDvBF48/11muiEvIVb6fl5tgzb+3DLJozrXbiluPO02IaeMM4g+hZyK7V9S6GxRBHSRGWzfWuHwJbgVnrC3BLg+jqub7GlERZNFPXKDtbUzCPcItqwa3a2sS5NWwMl7+ysKy2WZakObw0EQjEQqWnQpG4tl2TEVaGu/g7ENevSyYbcyvoWsAXc+kvi3BLG9fW7cIvGDFPtMxX0LeTWxywH6z7wpsR38K1A82qiqN2jPl/Mt3TVToimRhcgUQmENELWXJwiBrxW1wREE1WDerFlKyNG7BgqvCdqbORbJRJbsB63fbEvgfJFieAWgGs4N55v0cFbZjRRhJfuno4It9SaW60Bn88XWHpSAQdQL/ff7b7+fUAEXurWGRk+cUnWmHlWKg+gr1ztFxWeNV7rvysPQoYvi4hvablInBXtb/2v6voCvsCrXMcG3NombEtwKyuRDu9Ldwlu2Xae2heXW7ypOpYo6oWTzOePcQsGRAyPujo80SFcPcBvxliVc4DExlhOFDWWesNPZKMxRt/6HLj1sZ+/Bb5FhyZYNFHUy5rp/CS3fEtXK08UNJxtKXhZZM3Ii/VdeuhE+dmW5dJIKqUO3/mmpaGhPBYgKxcLGhpedOmV9fXWRUkyLCLlyy5rmdfULxYdL2goX6zYwLfOfHVGYMtmO3L6u4TKabmKbZmnB2xxfMsc/AF6bSmmfYIGuyK+Ra42U0o5p4yy0Qq5f+0pr3Y6qQg81aWdzZnwikMtOrZHLOT2CZPJwMxd0z1gh4NAFRlhdKkUDloyd2Dstsk5d/+kbcCtAYktW8a5XxPq8K9fyg4D4f+eGYdbrO0BiyaK5IqfPWuOcItoNcXlDQ0tLxYrRG8c5+sXx60htAKieeji4ZazMIKNsUB9+dmG5VIVxrLOEYmIMY7ME8f1+kX9ejnMggr0rc+VWx/5eacOwa16fzRRVH82WW+EW3r7rQB3ilXLZ6aI+JzuoPM/THIIUE+PrE/u9HuorOIblZ/m5PwDRQQ8o5f97l67WJh3+mWEBxd0qKH10eDiJDSw3v2tb9n27rWwZcvZnmCxmtm2H9kbx7fMIS8kihIjehl0qszilsiZ+UxLcXFDACgDDFL7qEehgWfl/4aATCxX7lHuebV84nA/JF7z4zLn4nxpufh7P2OKOw/6dOgB5QpUOVvN6FC2A7jFPAqrDZuD4+vniTlHbDnWb56RmVB/M1d7bIvDLdo2bUYTRfURDb6strhFKid8phxAZUnooCEoPqeIIVYGrXOoXW2SA0hZYEE6p3qtlUOA+hb6TOskQhUxUZzKzBT8F/o/HtDOC81O6gyue7EDfQu5lRTf6nRNskiiWPKQjs1GuNUOa5T5Wlt9nJvBKk1wi4UDlPsCCudM3LhJrlXDag23hhXQi1GY1KSmA3Ql3OqjzKcwQSZRhStN/QHGeY8ud8FrW4W/1B4j6/qWLbqI37/AAeL41pA+HUkU1ecA6kKLW9ojygazDVU1aiahP6rglsIGS1XDuNHMRX0dyFb7BJIqY2Wa82C3g9ys5krPuKHan8MPglvqfROq6FDlSgencJaAWwqbL/VeWNTX55btw0tOfG6djyaKkCbSwesWt/SyERivAIwxU2gnQNa4R31NlHkCHi42PUXj+5wxT1NrGIyR9Yok8rEc0SY/VXwWzLV/+Rn1iINQTy+Bz7sHNBgG8jk7171FDH0LuZUU3+oc76NsQaxi/WYzbWu3uAUrmtf2NIZCx29Vy01d4BZM3ZmXLteFSc7HYJa3jzA+tOgNeS+OQABQsTJHebDXGzo/Z8IqBm7pNc2MdS56K2puK3Lai6t33P2q4FLbBnmiLSklnm+NC80Uy7Jkgo51W76lV05yd57Ml437Jm3T5R2pY93CC41pKwDxeV2KJZwMT5UG7kLnxVaYaCK5VTgZTbrFDa5j2QS4Bf+IfcJ1d/SOJqfHcbm1Ek0Uof9s4abFLdHB4LIrFDo/4VfYE1X4Frjhi8a663OgnGBP+vFmpsx3wRhf7eDiIqzYHeOdU94QmLd1G5zoJxvsCoVEGwgAtxhnwWcF/Wu+lIC+hdxKum8VXYkkirAu3bsPdUhurTx00lGxF0uMPlO8LbnVmW0QYoB2uL/SyGOTBrsNsVcPK1/J08QMrp0SG7YrE6bkFqSF0MTuSCP2aW7C56/k1oJqONZdZtr/ksQt2563+9Y4rC2R48j9PD2SJw7PXiguEhcQVeOxP8It8Y/VSP7k7SruEqdENeAAwC0gt3vKbu12dwD17OQXgFUROBuUEnhzwA7cki66QTmZmRxuncl2vJVbArnSMEUqeMzill7Z4WS9cozFb9kjuSVHkKiHRmRAnT4AgBe7BnBOhGGq0yaf6QYwq5XwqSW4BURkbeNCv9vvMThLkltwEGO4Aq8nIrc+om8VHYokiisP6Ux2ocWt9tt3W6s06xt9/ii3YJaLCExVwBS5eKm1R7e+7/ZQBESiNSo/Y8nxZg7cEneDuaeM6FUs+MAHbvHODb9hUnF6e3KwlXE0jm8ZVqIIUunuNcqi+/KqYU8Lue4U325SItxiT41oI5k2EcNwhLw1Fw5f8gvfgpbBCDDscxS4JdLEzpf19fC3/v/snV1IHFkWx9mHpfPiZAKTC83CVqoZGKgKlylw3CIvOkgqRR7SZjujsXDbYWzHOIkrgWEGVjPYKiaOdkwQk5iQD4PDmhgEGbIgBM04DxKDiaHXjI7mKfjU0SdBAnnYc8691bYfSXUb4w6h6yE2bVXH6lv3V/9z7v+caoYJPc0rpqSY3fDrz6VF0C2IFPd9b7yRW9aNOh2/eGCVdteS3KqqH5wTf74tsAbcCglS2yIhxi9fbL8jhvRIj97SxwBK8iKgu1SBgVnBlq+I3Rw/ts+AXeBm8Efwb/2c5db7rLdybREowuWs/cIlt3xc6bRgIrPhqq+T3JJZKWNcV/MMmOedNbSEHj53H7mF6mOvIf0UOnCLXak047lSS/2GEABuwb3/tf6tvK2KE7/y0Fu0jlqsVIxrEMq53LKU82cHo1EnFNCS3ErGfIJbRlVZR3s0omoBUwVuPaqjgFmmu5FbT0KqiXYp3ExVe47cKr1jv8EvvzWg/tQjTrTgnoSBItrX7tgyTrT4cCcOoNJ5asyU3JKQxYMoZck6fRwr7yFQBG4ZN2Lwr+LeiYBb/KEZuiuV1RcQjOahFH09qbez/9ZS91+y3HqP9VauVFQYJhb6XW75uFHVXHb4xwsRytEit/TRPuJWxbhOWXeLd/aXl5wdwTQucGsFbHC7xhVD/qJSdQblFsNcN3BLv2W/wXe6TfktRoEir4rBjHa5ZdVOVWpaQDOd+OAabrl6SzglAroagdNxTvohKrwpuWULbqH73kluuie3tiu/ZfGkokL6yPVEuDmdPl5yoqMLx1j8tnRWnDEdRGas8Pnyw62DuBoDR15fMYLZUxpyayAE34bc6lQgFny18kP+v3or23/rfddbTASKSxP42uUWuzYVESvg6lpuGYJbVndjj4PL6AFUGIX+GzFT7kCZsjsYNam0Qh6gtfaiS+lw660Dpw+81xN/9XEMFF8+C5XO+t38FpoczPjy2cXe4mR+a7XeQuuT6cwlFmbauh9jfgvnvxsnjkm9pT3the1cL/0btNLQW1twxt7cYqCUbhYz9H1YzOUWuzoYQVMDkHgNt7jkFqu9HSWvSwA99n3+39VkiZQ9Ttwa01aNcRrcyvY7zXJrS/SWImYohYmW5Ba7WqfpuhO5sLxwuW693sKse/eUpmuq0zWSWMT8lh/mf0P+Gm6Z0Y6LYoOf89abuUX+rR9kjmvnJxlubqrnqLd/CxB0AwNFzOcpklsAJVV9HoawidnPQhvqLYi1zJsnfRA2MQiSgFu1oDBFEtBHC3Z4xqGnWJ3ImKIwBvGVJ7f2/fCpPOMPMzzh3a4L4ug+b25RoDhpo++Du9zijaaOroe55fkBc0O9ZX3zQDNhjNtHEs0PIEIkhSmLwgS3MJXfnjLGk38cvZXl1nuutxSGgaL1JFQ6ZLjcwvXu+EJvsJi9TOblV+stVFPq8mJbk8/2U17+yMos9g/IOBE+1qBpzKh3nafe2vev6o9pPu48eizDTfjld+8p8PTLo2IAzjQsxjCHI7kFUgkDSBnzbaS3GGCqNE9Ma5j5wC1MusvMPa6xivXEFlk0tTQ+l5hhntza+V2+ANfO715ldsJ7pD83z7POxzVx3ALWjPYp7BFxi4y2N+exlPJlMopcrbcqgEpOYqYtbNmUl8fUe1wqTJDnIk6Ej2UrY2xl9VaWW9ukt9CK1ZA/gU5ByS1cLWopsLFcmD8Lbai3cAH8F8uPu0CcCdxaepwsGMIUvcjLj+YKBcb6F3uDPk+9te8fFZ0Ert17PjuY0ZZDS3O7/7nDsz6RuIXUba9Ey1UKt4Q5i1+PqbgitlZvUSJsLy6dWf4xE3tIAJjNliEblMuRx+SXt764r+uXqITaBmjrhYY3tz7OqabSpk9+/k9GJ/xZ5+eErVcH0+IWq4JA8b899FLoLfQ0kLFFkHoDvUULwtOgQBWfJRYLa3v0BvoKfEpVzBR5eVPWTPmWziz2hq2s3spy628526K3cIqWJmKuvRS59TDkFv+gt2cDvWXjjoX+ZE+rQoNMAMWGmLPo3yLrxHTSB+E8985vYT+IMIJrM/238Ki/H/TsB0HcgnmompRjdrn1LKQ2zDLbr1wBCmNYuE5vodH2aRO3jdoBk+zx5FVqmW8Kn5vQ1aRfXr8U5IZyNWbi15YGtw7sqkbFtak+NoCtnPS4hRFrQ2tl6SyX3GJAKVn8g6Ozkd4ik0OfIZwSmJdn/jGUoopwSrg+COl1wY9tmMzmt7Lc+lNw7zvvv0XcYlfqVFVFG6HLrWchc7TPxkr/h5Vq6F7xer0FsxiCJOZjdhVMdPXfaNfS9adB2zZgziZ9py2T3GC8YiCEQWQaems45yME16b6bwG29nv33xKZZVCHqkZ2M+mXh7/edJZLDk9Uag712VuX3yKXQ/xESX1MM7GQyYapipVN0aijqY6oT6TyqGjixGClqY3mM1863NpB4NoMtxBbObvS45boH4i+DVdvwZigqZRx9AnjPmv1FvnwZmmMr8TMJKZuFdv2UmOl8MtT0i+fvKqP9VA8l2X1VlZvVR965/23iFvUA5N6JEhuYSmeOTcTbjo/XqmpuNq/Lr9loLl6oS18urFH06n3IHZM0eMLJT/CIaLOB1nQcKs3eGYKF9otXzp6K2cHgmszegux5d3vNFR0T1TeFQXIbmZ9UxfQh9Da1IMmh6KAenemJ6AXcj5QFHhupx7UPWbiHkVay/yToqKn2DPi9AguuurxecrLYzn6bXRTYBOJuQJO/SAC017cInBtglsfILZ2pMkthJAqTFmSWy9Cqr7cGw42T4Q0FYLkdXoLw15zdDYYvvZTHfC5YUjcivS5hZIRU5d1PlfgSmlZqD51/L5plt7h2fxWllvb0e9UcIs/0VQqlkY8YV7egJux7kSjaqD0YgylEvaDSOotDbhFVdR6JBrRAvERk+ykRqODU1/T2h+Y1PGBXYd9NCeiwp6XICZLS2/tQHBtpr88YsuLW8rp1vpp9ElaVa31CzTbj9xOtOIBvOqnwa72ucRkjf9yIjHJ2dX6xCRLPchSmjva2y9cXGizxdGM86X+ktbEfLBiQhdNvCyj//YI7LQ8SyHzUnkiMcQ8+8sDuDbBrQ8RW97cCgkrFkg/k8qS0DyP64ndj3FwolEz4HTU6fFcxR5f0VtiSZWqqKPRSECbe2CSOVmwG1A9B5cF9oPgL+rwOoiYuqbCrQnrqrN6K8utd6y3Yuo99BHCCwe7PmCqw3HQvzXc2GXqaFeaZWOq+pzDL9Sk3lIdoBK7NuWYILWiidzrdarA37mOrojTdatpXIfAkSp+6qOqCdd+fB6zZf4B+ChPvYXgOpr583wIW57PT7Rs2+++kH+J+1Quiw+HwzXY744s4ljVI785xT3IMMLhTguLMvFopX+mDUsGbD8aI1zTLbN9sBOTTfWM1c8Aew23AFyfH8qUW38mbHlzy1GJW/DCoVFij2JOtA+19e0IDCBEx0Pd99WGSW6PqQ2z/tSD+NULYvgWfoV3sHWPpRy/2OU47dO1btdYjk4/ky4VS0FuwUf5s3ory613xy1fZzAYFFUa8IJ+Drvv8NrmkrLF6hquhIPBJrGHLOiAN4qpS+C18pLymSBn7u+YbeDOXBgjRPPL2vPlZfMzsvcg/Dbs89RbQJ/goQzPtOIYYestn1dtee6R+sn2b5ojklf2i8qUwsvX/++K4TcMRVEM+Kmsen7irpPffpQhtw4Rtjyfn9gpho+Gll7UuGNsGVXHYYzbLC4HRg5sykF8+FxZWXlvmCvioBpgOl4QxfaRB27JD1NOncGdasQYNyU/RJ4zni6edFZvZbm1RdyCi4qte5HsvgsbE03WldQ98I1kS15OrxXYg18eTAxxC3ZOqWXEZ0LAToay5kgBKpzEMBVoOiurnle9/0CGK6l/PSAOfDtuZbah6/5mPoqz/h7zTW0fJLOUmtyC7w8d+3LPnmOv8gr6ihX7y5XnVe/PtCW3u7/n86oV90kfyUd+JIcyOcbiyR0pz+9YOQj3oOY9cBAfGDlbTQ8G4SklPymXCh25MsYwvjXFuf9j73xC28juOM4eBq8PnjcGvYAvkRQGBjYmSBC7YXywBlWxt2BN626dibWjCsVlJXY9iwZjg6BDhNahW7lJF5F0fekhLNTbLoUgUhAbYpIFHdpLwFAI2UMOmxTJTS8O7CEy9L3R31E8skaybI15P8MPe8aWefPmfeb3+743v7cVTUS3Li4sI36ReItw6yi4dZSj+F8/P3f/sp5fVarWHDaKF6Jr5YhLXS0qkVhwZWt5tolbXdtxcsv50R/OX7qxe+XKLZRv7bT/p17nxZUIK1OQg5CByFOypKypTJ1bXduh3DpCm/3nuXNf48T3wmu9as1Q+yYvRIOK5EnKgiDISY+kTEYXiscWb82U3ifcItw61PTNgX78Khz+819/c6ldSQB8Sw9dXFM0QR/EgMHjGMhszAXsxa2hC//VX7TGs4c7bbdg9C77FA+AgG8q58oDyFAUYEcC9uEWXh9z/et4OPzHamXBNs+lhRUX6mEG0DSPjaYBhILkoRlX4DiwFYiPkzo2hFsd2Ou///I8np9aeu/Se19+52w3ildUmYG0oSYzGsaA4uXXozbiFp6DvLO0uJjafpH2tqO0b52CB78/zcvj1xy24ZY+B3l+KZVaxHuFXGhHrUmJbulhvZN5ChR7bDCpd0q4daSG5yBx9OHeedUmS0TUWqUZszryLjEQsA+3hi7PPhQzYnpoto0W74yqvHldU55hfWcDduEWLhBR6eONF+ZZonchJzGmRSB5Nj/Tf3KReqeEW53aWPizm7u7N5+mLzjbjOJ1uk11YijHsg77cEvXq51n2qWI6YjQvhozAKrosAm3hi6PffTrz3d3P6nNEB/YxT6WaVe6lmHW44EREm8Rbg0It4acF2ZxUQBnD6OYh9p4D/HH8XOrvXl9Ejx0jyIo+7tv8vFyC08e4j42fzJ50y7qsILbjBDrd7JI4i3CreMdxYBRug+5BotbzqGg0EnRfJpxXQvYhFuHdXG0gy6meI4VHSTeOqXcyvhPF7ecnY1iCkoZx+mItyKgww0hofo6cBq45V2RO9ujiPFMO0i8dTq5NTfT3zo2x42tcqejmPHER08Bt5wx0PE+tlDtMuIaKG55V4RON2UCcl/BReKtEzTHaeLWmXLnoxh4uoy4Bolb3rKVjdU4ZX7E7tzy+oTOmwyScQeJt0i90wHn1pkcz3c+inkt7bA5t7xrFG9lfwsYszu3vNGkFVKDLvuYxFuEW8f5KLa0cw1kHwZszS1vVLa4VQ8Yd9iaW86LkrX9tyH7OkDiLcKtAeaWd0uzuBs1VM6O2JhbzgXW2iDGik83yfHgcGtZtbodJHSReItwa5C5tbxudRRTTM5hZ26Z7ukKOY47+GIwq13MHw8Mt7xBsy7maZo+yhCzo1s/QbhFuNW7RM2YrtZiTBZX03IXS3wGhVtnEoKZuKUEy0H14JNw0mFbbp3ZMs2LPZqmyfzBEle2T5niTzP5AuEW4VZvwYfpPQ2UfD5fNlsacNa+8daqaXwpoo71HXyW9oQDto23zLJEOhkuFAqxg8/CSL8ULlLHhnCrZ24pZkkTk0ddGDaJTeiEw6bc8q6YTyVmUMfmTagGyw6bcsvrM30ZIBlCLY5xB58UMn0CF6kbSLjV89Sa6VwiM46aKZpwi1mdsWu8pZrLeW3iLZQ3WS5ANiDccpq2uC23KOgi3CLcGkxumWvUerw1HDbVgiwvqR4Mbjm3WlvEM8go7PhgIpGImE2uwvFRW3Lr7RY3cStbKpXMuAWS4QDhFuHWAHLLedEDWos+cBynO6j4c/6I2QJN6w/jweCWt1XN4TVVVYtyEXkPWywWJbNBzqzP2JJb3rf1KwF9Vb6RkCVN10LkHIRbp4xbo6eCW961lhSC97gikYimIMdKLkUpmkojnuyIHbm1zIJWAM/NzRXYAvKuOHJ50yUDghiwIbecC1JLi0FEFEUfi1yG9SFvqnDC1RnCrdPFrUJ25lTEW63SB2AnUOvULHK5HHJp0xwD5EdtyC1nVHhr2gx3J/st8q64QZfngXHAQ/+oHbkVfet1Sz9q5mYRuQl1E/ky10iZW5R5MUC4RepvDRy3UJpIt3KrhDpODaMmTuYMujzfUnKOs5ooDgS3xt5agalzq4SbPewyzCfSnjwLja8J2DFPHCu3hlMc6th3sphbJZ1bDX1LXm0hdX/WnhJuEW71OEPe+kI1YOfq8Za/WZfnhUTMMOSBZPEKDEa8ZUyKeJ6HyubmZlgKI6/kQ5uhSQbvcaOrO8MhwwtBQLtmR31LPYhbwwdxC5ZLf2GOYUaRcItwq8e18tCwpQsAUIqLmQybFzNiJILcOMUAPV1CYcmcEVxWk4iB4JZR3hJkWRYEDVnFJZFL4oMy3s4Hjelskm7e4MdiiweBWy3yFgORsS6XS/Ugp2iqyxWR8DHUtXwyNPwTQx8DaYZwi3Br8PQtpeku5ZMsy0oycqwsIadp9Z+FytqmkmGlOe1z2I5bzoVmEMF8oVBIKMiFpBDySgK5yRhyaYEH0oQei0Cuvk8Zb3Gx7UBwa8sg6MX8fr9azOVyMQ25oBRDnlXQwQhiGg7BChIE9U3KgKcv7/oQbhFuHV30wcVKpVK2OIV8UUQuOIlcXEGuoAFKmEcdOs0BUH/xGAZ/1gW3xrwnaWOGtUwwgXsS61vfVnR5rG/5g1i1RtzSsNIXLvtzLk+XK7gq3DpZTgnN/wAAIABJREFUUnt9zRvaUli4HM/VdPk5NYTaGMOXIUNTjILv7KCH1YRqHXq+P0vmCbdszi3fbL8HqtPZbhQva3Qzt/DtrGKBuqHLZ/C9PIG5hZWQqfFEIrdafYBzkS7irbXoyVrOIN/4atxqmk+scUvPE4ffwZ0dquKdmxy1XbzlXQPN3MJvBPgnjfpWRL8MiFvsc3ysUCqFy3I14Er0Q5gf+Qfhlq25FVnph437nzzJPXmm2zffPHsybvqba82lAJq5la3PJ9a4xSdqTZ+rSttQsazLU5Rw0mbk1sTExLQLuSl2Cnkljpy/jFwWcYsL1losVi8TV7acJ/LCunqyJh0Wbw3X4i1aztZG7matxb7RPnDrYXaCcMvG3KIA3ZsBAAGEhk9BP++91O0Ntv39Ny/3zD/AMM0UwcJOEQs9xQxy5SBy01j9mdcAzxVr91q2unYCqtbXQej1nnoxPNcHcANh49hepanIUKNxy/fMr2vz9CkNsIKnVRS8uqzn8WBZDwGWzb9f7etaXcUuuEXpLxD1aFg336sbap9uWEzvwJpVecjE8vm8quJCHxpyfimIPOtCLoJLj/mrXTxfrIoBXL4P3CL1Tu3NLcD3YHjc4XsYjdY9SNeO/kc/so/sMbIb2NDptp/SNLmmaZoHO03WyzIl6z8LgkfNV0SJ5/VRDCzWsnEkqCMwWtjTObXXOLS3f2NRtxuPdXuz11EVZsGfMLdpMYQ5XdoMTzf2SrXMrTIHj8J0WFUeRHrP7uuPo5d7EABQoVoba+KWUFSLyNSKN7qiEgmKJb2HC4l6Uee+cIvUO7U1tzw9ZTv6kxfdx49v7L9sZF+VQ4tut/uq233pqvvq4vU3VEdZE+8Pp0X0lRYr3ug2C7r0kY7nlfoothpvjTyc7t1+ePZq9/uNne1XTxrHnr7Yxi12uxeXkKU2Xv2QMPvzeK5p+rSDwZMTBKaxVMSqvuXwKUdi6qP7Dx7cvXt3Zwc9h667U3fvo2/vPrj/7y8fPSqqh/wxyzdWNZSem1s1uJx2qVrjPYG+5Ikk3rIxt0bm012amHn6vxevdn/c/n5j43YqtbH7lVg9k3n6yfbGrSufbyy5a5a690I0/aRwPNmIuNLV/qp1m8EqjU7wNGyshGAs6lvvjjh6ssBU6IPffvHh7+8suZduffZB48TMp1duV8DlXnQvpv70RcD0M0Yb7y11wq0pjWkOSTnLFSFGjsLeDf1u+3ZqSTccVt778OObdxCgUxv3bv3i4799+qv5GfN/9H/2rqa1bawLM4uAs7i2C9ZqQKRgyGYWs2knuIsm1Eb0hSZI6HKNpUSBGuSMhIW76GKQAiYCyYqRJYptsvEf8Mp0FV6od/0d3abrd9nFeyV/yY7kxm0tw8Ta5EN24qN7znOe83HP/c9tatZT/ID9a8X9dICtpl5u+dYWtxbczg9eLwxJtoad9gicygOezfi/ZxSXHtTLlqOrzdIEt5pyb8k/YgInYpx8V+av88dJ7J+vI2cbXTxn2D7fGjTr5dLTsurAwB3OtNpTpB7w4jLON0XqUb3QlytS4uP5VvNcLZPYxEUZcqd0MJavVFd7hjDA3x2Uyu3O0GrQkshEc76LAN968901fjW/neDoOrPlW/8m3Hp5/D+wER1OAE63sPGWx9BUb7jQ+yQkpQldbNMlyzHM1uTu06HLLslCUbP9aMmLcbWQizTjW2Jh4nqcuMUaJm8P6yO5yrLIBcUQpWFpZtVwGcuddqzl/Ommu7vcXrYSbka/LWwqz61pm/EDhHca9cmK1js8hP3W1DM9LTXVPhPZ1144O5rtUxrJ+az28SZiiW/m96sm19J3uuVbm7s+vGQ2hVtMD3VmgWBbEL1PgskW6nqkA+OWovDD+vh2h+8rDIj6qGCPmM1aGkVG1eL7qwfp9Mr98j/Htgy+265P4LiMYNBQSUqc2HW5idhle1PAbH+iv01v90u1clM9Do+ZFo4rS16+3dCaM6wwmKxom8YopTSmnumgNORFKtI5gbfF1Fz31u6byl2leBYq8bOFkTap7Dr2+Wz51gZle5LY1IWZlT0FrvLAIckExYmYhPmqjHGLZQzUKY3YR6eFXBFyTLheP/k4HQWQfuc3A37b+/rHXWg789fF/blHVzGyD0rjB1OKUWrz8wQDcFKrfjC6pZpsPhKoE0+eE3OjL3bf3NV2j8/DBP59b0HgdHVTSw4SZqs9WXCTpfIQTXOY5Y7ch8vwdLZuo460F8Wb3b1wpH5OxDGpecu3Nnj97LzTn1l36MhjtcUxggEApbh0d5zv8nCLgj3bf0HdohFty7z7N5UHocmPQBDkxw7fzp8d3oV1BX5ZnJqZysbJOEnFtNpTutWRFp4+Iwo+Upfrna7sKpCJWp3C9VEg6exH/MV3xTCG+ebe+WzEx405K8pVm2PIbmgU6eUKpoya7nPU0iay9CzB9dknVZVa8SJMp2uLw23XM8dmy7ceJ24lKEYfjOKi0lBQAAVdeZqJL7VcFiObrrZLGNUkoy80WhbSjb/ZEFsGb2eJeaLiZ3veZbPXYbD1/P7cqliT1Jxi0mOhn9aH+uIT4XpeMaLcaegSUlVJY/LfTXDtEFnPjH/jrsOs6PN5+v68042k5QHFaRKyux7HPqi3JEyuAGbUUxzrw+XNGNfByYeewEylWgtT6cN7k/dP1yLxlm89UtxKJMyRCR+UbYMDsCfPOh9KQ0nEqs7qg3KpPuxzUNEcSba6sq6EeOXCLBbCZumnOG7CzuT8byX9C04i+zmwhn16MBKzbbn3bEERuuWn9YYJFb3RlaW+CMNJSCbAG4k9vwbx+nVI/vKO+AVHGP2aOio0hK6KeLvtpzMVxn8YZmcEW0NeYb6TD50hdfKfq+hq8XEueU/itSj5lm89TtxiWIdvtLxEbanNY/OEGt8aTDuYBryGX5MX0aDckcU8ACTUJFptIMHsiRw1H9tlaqnAsKWbyCrEfSvOxZ6kpqCGRsFRR+7dfyheE1dTYCkGKn2ktpABI+jHUXCCKRNuw69O07GdErH8ylOGRMu8bmjmsO41p/mZPZIyMEw/LXUwoOnKclV8Ehiylro8iV7iexO5iVdrkXjLtx4jbpEM63Yt3RUGJS9gYrywke3xrXEMVRogzY+rRLqp6izww0rIaro8HNqSBpm50lOg2oTd6+V1eF0t1IorcVtxHpq0NfSipRE0Lz4WtzWw+tioQYFzeFnmpV4o5SLvAsIQYYmez7UskQw7CCT+Lgi8tJpkq0jjqLyC42S8uCNvkRftZgkHiQKPkMsuZVyFq8Du+dTpbVgTF3McssTrkrhQO97i1qPDLQ6zJ1oSWQ1HTU27T47SO5puYxw7mOEWyTi0LnK+lgOQYESXp/HF6xokA+W2TLC1MnUUolDMbZgVr6cjcTleGw3bleROGYfCSsh9UeIFcWLtBm9ZqMeGZKwzh8Gdxqnc3kmwYe3Li4vKZTrsCEWisoHmLU4ULJt3ME9OAK5HN6fJLMDiuLjd0hXRRUhSllJfEOxuSKarZ38tsMuTymXIEu8Q5+uRGJydfN3i1uPCLS9Hq6o9HCxwfbo5lERy3BvBOna77vWdjnErQbIaG+BWFMUomHN1G8JoY8jE953NTSImirdcwB8/42p7fxKhVhx3TwBg+oIsKDgG7Na7Dhtq49qkGxVQ0NB52kamAhZ7IgD1fn6G+k62cnhxdcN9uLquHVcvc/uhu7KTp1eF2EVWHEFWeQfmR3Gya0sTauXVlDstQcwDxeRpU1xW281czNUJiaPq4c3X37/s7r5+8+zzWa1S3AlDrXVl5b0P/9fuFrceFW4BFodAgu90KejYaNo2DhRBthFqNcsT3EowHLNoBoYrIbshCz04NefM/HEvKeL07vnhxcnJ9cvaq/PsaTpUpTHduoiZbjEKb0sGAxhNGM53y0d0POEXtlrYolmOXEwLL5T7U/tE7sgbNL9DzG3Omwfqb3HzS4piJRuTRmVMGrFvMpRJURgvpt7wUQzrAVYJZVnNoLBwGAhBHBXfV8/Pq++yfx6l9yMO6E6frwuot/NOHxluYQfMy7QxwTCzP3GzJNVryK6mSY2hJYhLSuqKS6uWLZjGpN4GPi0cC5pL7/sMK0Xgr1GHJxLnMZMPUtRp2uAoQHKi7nAPqOxRnNLTkWUJxiIXKZzfP+j03lSfRSPOxlyGAJxoIhphHzUrpQQ9EcWJrkj6O7ywUiDBoMCSDNficXO5ZMqbf5NOJSOFTl1+2OLWFrd+iS5DSaalKdlg4JRKUNDs0grDsJpjusrSojomXXxj2EL98Zszt2H+Nrd0dNUadTqqlujSyPSrDAmGhQ9rSAAAR8YWLbganGOehU/F9MpTv2LmlxiWzMaAdoOhfoIkgz9Qk2if5HqCKixrh8i8WlXgnVzqdm0Sb3HrMeEWoDQJIUkjwcwwp865z6sCk/d6FJXlQRTIM0pfkBsywqSLZfAfA3vEqjq9cxhz0AQNXtXhJF6iHvrsxz0RvAHn3pK5OEquJnH6eawCgzzUkY30HvugPQkUNASEjOiXArK66hqvk1FvcWtzVyZm3CJJhuUt5ITvGmZ5W+h5Oo6NmqK+lzjB5tzjrU4LOV6KHnzKruiN4y+tabQsiD8UqEFHoGUk9WEi8PbMH8ncSgLvxbramDabNI77uYc2ulKchhmXxkU+ocKn7GrARbx/u8Wtf+M8iAsm7kKiQ9N8XwlLY5CM1lAd+OB2buDV20we0TIOohTuydVlaiWdrlLx5nooqA9p+GPQQXo9ES0L9dlgmaLwbRWoJt7FmtwiFVMd0qb28AUdNcI0tHx0pHiy0hqni2drJJhb3NqYaDHP3/KsDw1RRAhIYUW3lfyqXt0Q/s/e1YPIjaTRyNAXlLsHulPhYMCJA8fjwDPQTcHBrqlCogxV4xqYQONVsYUn8MEiObEO/QyoJQzbGym45OB0yWI2MCyebOOLLr0L7haW46LZzA5ONXP2ru+mu9UzUqnpkZJhYKbVJdX36n1/74tPYxQG8m/P9m+vchT/rJdujS0uSHpVrCwx2gs5coVv/0K5QO9gsMKC3+pbMABW4ZAoCe2VFgyozRNWzHcrt55+VR24+vcbrc7rcKu1qwa901V2pcp6i9C+3HEAOEPIt1b9PoZl58qgXeTb/6gOXKNt7TH5PEpyC17n8Z3XRPiB/PgAATwY7FResLbgVunD00K4SWZSbKx4sslwmtjz/2vr2X5V4Bp81WwWosOtm4FbhuX5JOLz+v6hyWJnQXBj/tEOaOAINyJO+uezUVUrfqI3Jq9QmfjmtXqaIVURozj+VQgIwPc7Vex4Z3Ssj20Bw0xJopz3Hlgd8qSDRDg/Jrb17H41jjl60XDytMOtm4FbpUeXoPmMgwZolmJ4NYO2ZO6L6emf/n1W0Yp1d+lRjyW+fV2tLzCWIYkQV1Gji48Ck90Xo6WUa7D3HmpbsEFlSk5njn01kFbyRuJ/Uqefxri2ly/41u3R85cNn0wdbt0E3BqbKUcstObGr2wukHfV6A/oUTtkQpDkux+XQldpxVgzbEHPQcTD18/nQSoLEscsMD9A/PDJnVuLGUh/8PzpUNv5ZOCcJMIpJL3iaqGZoSi05maMhodHe8so12j/PW6aUHe4dQNwC9ICCRbMt1yYRuTShr3qMRVLhuL027/+eHbWXxDn6vd1WvGHkgA/YYVVy12hingLwVPrv0LOE/DweX++IfdHj3+HtTnF0LJTlgi+cn7lEz/Tj0g2H/fA8OlP/UXINdg5Pmn+FXe4tfm4NTY5Ik4w33Kx6UyXacct3e649BY5ib5/9+7sbC73eHwPalegslIShXXp9UHDCthM1UR8EHIewjfb/Uudp53B6MXnbzXCNC3IaVy+6OvV11iBcMMFzYpDuLs9F7kG/efPjOb5NHj08IcOtzYat0pAyaLEt+c7DsAqiOvXYNnAytB09t27S0nXzmDw+PVhC7p5QZxch0teRmo4iiP/Y5XBEO8e7w8+7cTcuT0a7W2/1odaAGKlXyH4FbIrn14T6hPiL2qZGOI3z2/9f+fpTn+09/tdLQfT5FmnG7jhuIUlmrJULtiGwFbbvY5ybqzqIlj8/R9K6Pqk47g/Guz/dO9wqH0IF8C2MyNWvfeFnuNOkfNRZqE37D25d+fx3s7o7mg0GI3u3u3vvTj+/ATqDGxZNo8jbmN4/QMIB4nw7QVpGjCET4+29wZ3B/3zbnLVY12uefvoRBOd7nSaNxy3sJnzRCwshDdoESe5VUsbCgBKWkBE//rmm5J03R7cLW14dGtv//Gde096wxZGBwKTqBEXoHaQyC5qIj4a0tbk8NHu50cHXx5/eefo/ZuTn3tbGtMPYxqUr5mF9awUqM6mRYEFBdVD/OjewfH2/f39vf39+9vHB/dewqGuJXe4tdG4ZUCzQDMuF3aplYwkJmZt3XOQKkcqms3EP//yx6ODo/evd09e4clWK3OaoQwFCmjdrYEAjM2QCcT84Be5fTAZbm1Nyt8+/NS3SmyWsDWbp4d/lY2TC+R4S5obJ1tDAx++evno5atD3BvqfMOdvvwm41bpJIUEcW/h9gPUR8inoEajLs3IP5d0dgqzt/Xb4aSlGc0llQwFy6xmsELVRLgsMCnstXxhm0cJmzt/6ErBeY8LXlTYFQBMJhOg+wV3fGuDcUvp46HIWcI2oIlcX+K6rdoKuPv1DIXeryWddV9mwZJQNtO+DrASchYRyRYNt9ZAPWhJb4VqLBzX+akw54TnZuuY3PGtdbt+eNvspgC4YIilS0ZMGVaeRHn90AItu/jQukjbsWuIA4YWSLde/6LnNRGZbeHWRjPB0s2PZiyXdTvDJYlDJKXGWuJWx7davBrW37JyLki2jOrDoPwrOW4CNwG0nWQaIScLZBvOFJaOy5bryF/nDlTmDpq6jo1bYlxU+kqKObdq1wUCOPAJCyVYR9zq+FaLV7N6p0YaCWepABPAfswK2tDmVOqCpV1PIyeg+ve/6SCUNo2XRonNLuKp3QoyW54fxSUrgk1spfLYKR+gtY6uYse3NhS3HpTnsKiAFliymWM2J2A4vmhdRExJtAOd/qKax+x6WAN2yPS8JsKCmn0qAFT8kviB2dCNcfnuiNMIGe/4Vodbl0V2TH8WZXJp2AqYGXLTJg3OwNTyQjQ9dXlgUazNtsc4JQmnzdsc6Blmdi7knGuN4ykdyBK2krTB2LkhQ4QyCdfOV+z41kbilhUwNbB0edBlHCDh2E0bNpWFz4hIhJpbP9ZjBFiiuKlU4iUQUpDpeU2EPultLEM3Jpm0mrwlNlOWcGvtGFfHtzYQt1QNQhxVEW6BOJsij+qwspLYzb6NeGGvLMN5NSgJOGKerjSfqokIuYiRGm6t5YY9WTgkKWGr4WMAypQg31u3rOLk4esOtzYMt4AMSeJ4FTLYgHo85loCr6XnqloXk2nEUrP55Fud2jUVn/pFTUQYmM2XDijZoAzFSaYhTQutnGnaI6s87cMHf+9wa5NwC1A7Y4hVmrgFLjJu2qzbSpnrCuakntlwetEMyQozuOoxcGp6vpjGjt20rwigmRFBeGbq8EofmKoM0BuvV4wLfPabDrc2im9JLkRYbUcDO3Izqc0HAErSueDubKpivdBoLi1Bc0T8LzRbGgBj20eJEnKmTZ4FkNopOY18XS+uZOVk6ki8VrjV6QZuFG4BnCtBZrvSTARopnHiYa2mDczcUUMXGU9lUyF6NXsn5m20qEAqUxG73Guwt2lMUxIJJ9cHJJAGTpTYoMOtDreawa3yKCYuK6pFIxTGJczUvR2xktaJZjMU2lYzIfqxSSIetJO8x2Z6LuRc0GZAGVueqofTTH+wjVweUNjhVodbDfT5QBomyKnaDAsod3muv44dKMVQn6FEtS7iXu33h1YxdVtjBxfSQS7LGylQMKwcnUaOp7kh0sDSP100WbHDrZuDW5/VXINZbi4ltlW1Va78czHLWkoUlcTQSU6nyFF1EfV+BYD9hIS0Na8GlJQo42KahLLuTx7T0sk+F8bSXlAFbCZIsT5pxQ63WrtOXterY6P0/0RaOTVuyFAkAWzpCIXUtFXr4iwpyUOt38EKiJu1q78CcMBjl/h5rXUKEFOPRa5SgTTaeGG+EiaERodbNxy36tXfMszAQYlf3VCMojy5W+32h3aIogQxP7VrlDPICeJ2y+ZlnI9lq7cmAlgBiwQPW/PWpI9Eti6CXB1ubQZuGbRgEfJWON+xc9qsyEuFr0CtErpmM5fnVh3zHMpL+Z/co22bFQBANbaXmOxRo5a3jGXB4xkLcHsnDXZcVTRsdLjV4VZddiJDhlQSq7qBe2zqt50hAmP8ReowJBBxcuv6sqEGlA5B6VqY1seaCLOWmgjJkoTn/2Hv6l3cVrY42yxevOoCLgL+C24bUmyxgewiXOQtEhIqJKIiIJMngdjeLp4isKUFWVJMTGTJdnFVxL7CrJe3sDx0zWuCy1s9Aknh+obbPUj7ZrxJVnLWjj/yIs2iUy07zFjnzJzfnDlz5hw5yRk7oExJWlZZMcOtDLfW2wkpi5C4Mr4O0IkE0UnBEsRxUrYYfVzhTXlrFz1OmwbxI4slbjkrA5GTDA4Wt97SZ1e2eEniagnP1xEtwuBANsOtDLd+yHqSOYIB62mN4bBaxUiLgrNUFRhdUgWcQujiNnERGDws82yKAiTpWUyEWd4qJgJnq3xrzA2oxEPWcXYgEWo5Dc757J0P6rgFlrVqEOvduuN0vUXIqbnVxmC+lErL4OqD8hbHqiPKaNSpNGWLIuny4DomYlNVh9muYXEkvkMVk2cMll9jEkleOy/Y3GWGW0jjVpEsGw3o2F7XMBHZXIoUnKWAhmvnLcLaOBQcKLhmpCw7J3ZM1nhNY0RzM9cULDGrahWiRqYkAoE0CUIsJ+0YzfLYoI5bpGxxErNmuWmM4gw+yaup2+yKHNsRJUNiOHUgs5scF1lR52ts2nJzQuSpG3plI2XHYLUejavX6NSwRXV4gv+xRc82wa0sbyDKuFUkZVOCCeLXUokiXtYbndSVmMJJlgbGybhB1KsbPF2kLMYw2fRVccBg1Wxw0gPnK3K9G9MiDoPyGoZJpWiqMNLkCL5GJ/pJWb5TpHHriAXrmhHXdZQCPdKkcvoq42EYRlctGBchMfUquVZcBE4OCEaV01nuD4fbS0Pjq+vdmOK0qmmE+f9NxbzRNQHBmIl+U2ZvoYxbYAWJhFbH194xLYJQ6XQWxoORZaLWaklibR19xdgab4gym0spwSIWnKEzJr0qGGMA63hC4iw6ZSn7cvCZJMGbVJJFujPcSowO/7YlbkGLXeI6ax8iMJYZpy0PXAyN5ZoJ8LhhiNVVIbkIqytzHTyXYqIHTKvCWdWVwhmKwESrS+Ofkop5A+9EWSSkAZncl2X2VnJ0cvVsO/2mTI7gzPU9pGxVGptpVnEsx5ZVQq8QfH1QXikHwQFlVaQqm2bYyh0APIb1u1eJOMdw2oJ1qE2ZTKVZzFZVhlGTq/OT2VvJ0UNsO2cMWa9IG11SAdOEqKZaxaGLnoJPF1/Bqov4d913R6wqESp7lG6msCO8KkoGw1vfmzWYoYxoSCqd3gkq1yUjubw2mb2VIG2V7xSH6KNukokJM/X0vIVZ7KKHJbB4SSIITq1R+HKvEC5rY5PEc6mn65gITSwvT/wHjC2dUDspLLh642uQLc4Qk4o6yewtJHGriLOy2DJMeYNgRJwUX3EsAjoOvpSkLAamizBleskXY7kaJ3HyEQIsYUVStniY+6+2MLs+DlMxG5qY0iPizV5hSYSV0AVuZm+hiVt0hzB4c5MHaxhtMhUVx3IoaDmGUzVLZCRN4kwKW2RzkRTf4MtsDhEqAoVvaXxtQUwETnekhiGWWbKYbjZwqsO0xGSudzJ7C0XcIqkBr0ubVeLByozEV4s5dEgGQNuAMeML4iIwWWSYARIW5Jfpq4IzVou4JZIAw2iYiplRq3j6zccD2iQIPpHUk5m9hSBuFWVV0tTyZvHuWG1cqbIIwRZG0nLN4o1Gi7Do27VHYiw5hxLB96EzKI4Xt4Z1qDtcRU/+/d+KR0W2KrVUOgHD8Pg0wy3EcAuDd9Bgm9toP8ZwWW1J9BFaWg6Oix1eqkgMX+/IZPyMi7EmZ4g0jhRHs/T61zERZNT5Rdc4ifj+dWOK2BhwGiP//Cff2Mnp2wy3UMKtIl4Ga3vTOjwYqxKEymJoafnMEJFrvPZqTNTlWE3VIgnEIVZx1DjCjopVmMh5li/+88ezMBVzha+hhMHFsqGrCeBsljcQLdw6AuYFw1nyhimNMZrQVRk5LZ/ZXGy1zsFS1zzMuPmFf5i7hpDxYg49wtm/f4mJmKl9scZpmtiRWaS4YMuizvz8S5EMt5Kje7njl4+i9OIYi9BZrI3EZvdpbJXR+M7r02jT82iv46exbi9jQz6/ej/+8P5z0ykZ7fYs1u0s2u34Razt92hb7jDadIhHu/0e63YS+5KTWNt/o214nLnc15/K4Qe/vvn04cOnv97/cXU1k9cxyet8B77AnpPX6bPor5ELhvxWXk9jzD2PDRllDpuTV2wKThbLqxiV19UfpsjAtPHkPaD/Fvfx08f3V7fK6/hsVXkdxphbeX0tldfS9XWvTEgwOPhbeZE/Wl6R9ZXLcCsxKpVKry8e39DFi1KUnkfbHr+F/5oGXl/wRsHbq2i3w1i3l7FuL2Ntp+/+DVTjc9PVn9Gmg1+iQz6PdTuJDclGmy4fRZsePYi2sdGmi7PYkGexIclo04MYc6dPblr29uTf3v315tN//vnpzW9ggBd7wchv9W6T1y9vo0P+K8bc4cOF8rqIyevyNDbkEnmdrSqv+zF5XT2xu36r7/RCe+g2Gh/fvf/a8+JkVXn9GZXX49PLaNvr2BQ8Xby+lsor1u1pTF6vS6V809WdYTCdl1d8fb19vKK8LubkFRvyQWS2E/LUAAAgAElEQVQtZLiV4Fuf+08iNI21PYkRmKhpIWwLFS/M75XibbFu0yVDTjxN6TZv7RYb8n6822VsyIexCVryJcuGnM4zt5Dx+SEnI0/QNMFt98Jgr+cLnr1IXqt9ZfxLpmt8ycJuS+Q1P2S+GXYdv9EXALm95uWNvC6XzOrK8poumYIN5RVruz9jbuQKSq+5u7m8nqwsL0ToruPWWlQInZbQa+anmw6wGyjn3mSKthR2CoE9BPjdqri9kdt37Tzi0zrpKvr4/Fzr2vuIcjBtOn2n29wv7WWU4dY86DR7riC0t4GdZlfQu3dAFKUCNFJ8wdd1oVtAXVsmI0dvnZ/rXlhAdUvZBwcBpW1P9zLKcGtuaQRdR1PCws4WY4zAWSS8E8tiHxhdXf/8H6/8th0UdncQnle75/m6LyiCoHijXVTZaLqC07ULGWJluBWn0FMEd5jfStnbDWE0uSsCyY8UcFb0+9AttI8uG4HnV5Re2Azbfd33wiaiNtc+sOVvXI0ZbmW4NaOC3Qa20nbLIm+7LWf/zqyMyUjw257SaPWd9sgO8mhOa9cBdlY32AF/9jylrzk9VDcW23OU9iizuDLcip7wFLC6t/NA7zQ9Qeju3hWJTIeur9hBOGw7fqWvtEP0OIP3w/2x0LY/37QAk6XRd7phE0kM3p10wYkg3N/ZyyjDrWvTAupoe0sjfDf0++3wzqyqgjO+vkps9ly/7ytud4jazWLQBsaWe3ONuB/YPaff8Ls2mrMEjEfFHe7vZZThFtyW86O+7g6D7RbEdNJr9MM7s6jAuVnrXeNxAai722+M/bY9nSKj8fnA7gp9f+5+OA92KIjBdh5F6JqAU68bTvYyynBrL297gu8Mg22HGbp9pXlXlkW+qwm9r9xMg5HnwMhNcMgqIKLwdttvCN6wuTvHWBB6/YrfDicIRkPtNoeuovSycIgMt2Y+kEa7ue3+WwrcPro+329OWF3H9yJuoOl+vjny/POx70EX/TTtKl8Khm1F07xb7F844Y7gC94IRYsrAId2d+s9NsMt5Omza2tbb2cpHwp6u3k3vPI7+ZEC9Dq+re9Owp7nKP3Z+83Un/yH/2Pv6lUk55UoSgyLnfuZ/CJ6CkXK2kmDEF+DfpASJQIhVrmYVI/hR7mqHi583Ls/0zN2t2WPo012Z1Y/R6eqTp1yBJRnv3yNpgGeqorAvDS3X8tYnw8XT5+bPzluAfHGzqxwDJhxl3SQVRnq3RC/FKIx7a4EK5NY2W8mD90bH+jvxU5oZFEKP1PbIHEJCRSoZ89xnRy3iqT1hq5wehf7ZfnXfmCLa0zlL2/GyHPUlMx+t7HKhEZu6G3W6c8NW9CS5YRMzWkiUF/Zokvl3JTr1LiFINMh7ArMoQt6FgeRyqMQ3cX+9tZ3uWK9w0KbxPd4d/ooMBbyb1W3rvCk7pqI5mLFkjV18txyiDPjVnc328prVMRLpjc9HuMJRKZSx98XRqdhDNlAC5CwYRzQtKfffSnZCu/Fh5pE+wjhpGoPuQYuCT53cv7EuIWSqOFQXiVOYPUG2KNEieJN/THGmibomamsxkHr4q6K8qMVV6/sx/qPpyGkuybiN/n7HYeKrEa5spt+nPY7K25NXclqxnaVUAd10Tt5kOxWrmge//o/Xnpu6fyTCJNZ6feBXcuYatzvH8hXVnpmFPVOteYTAaEClaz7cdbvrLi1cOO9iutkZStvn3E+RMdrV0MQ+pGLP/U8VdIFrYv7sFdB9SUSBFDrIRhFWfqbU5GFpkBgKcnfZDhts+JJcQt8AgjOK9WSanRyUcdo1A+aUvnhKzxGcZk91Saxlyf3xqRB/BAf3YeRJyP8tTlNRLkbmPQ/zvmdE7e6rJ03fK34hgsnDtHuikKk+AHnh6XwbJW7zk7ml6aIlj4k5W80fkb5i4KpsaLQsSlNBFqS97JdC9dv3HqcVMTKKvRavYRoTACCRzg/0HUsHnRhh8XEDgtlXhgpj1k5UGN9rjd+GUETMTvD+pZ2sVjhVTqnAvWEuLWMSThsVhtfMTDpXT4EbDHl1aOB1jKMPGp3vTmdQnlJwgXKm85T82ncnGrEW9EXi8aKKxHaLMMZs/MnxK0gKVV2PeeGXmKsDyGmYdL5+ImeaRSy0QI7aF18Qag1ZeWv1OSvSMinriRNwCeCNyTDK7kyrnhGxnU63Oq4xXWv13ujliBmdQz7XEk+n50uWbvbzSmb+XNbF0dmQD5qvuqBD5JVMHJuy5jPCro3Dd03bm3xNgd1oTKXabV/MUQ8m3KAk1OSuOnPj44cWYJ7f4XWxeetRldg3gWGGsvXtxTdfSIq9IZmoGtgwgt7vlDxXLgFwQCuscCaxzLX1/4IRhAoO6fzly5/xyQl/r118UnxYv2JrjKOlYyX+wBtQldqm/F/nPqoqTCnm/NzKtyaSqJvOPI1k8eTudTXvv21GbL29IvFqWkoPEs6Q+si7za3dJ6GkCUmXq45Jq3AwFuqGxq9xsQKUfI3bu2YbcFQKrpuTNdzNYsDqP+W+1zRNcxRmFUUHJ213Xr6BBRyPQXZ1bTiQoAm4kKcYa2YCo4wy/pskxXPg1uo54YSwdet1INkUbf/1iFmcKWNa9zUZRhZXegroSZvqYtAvEZIF6xXnw++FGhzdFQ2M3k8Q5NDPpV0/kS4ldQGg9YzdSo13yS2jFb8ybvmYRKaQBfhoXVxo7WZUG/w7OUmKXQwQyYzbma49cAlrdt3pl7F0+BWyRqveDX/y+EscTFMrS/OmAXRqz7YC4/C3y5Uxk0u/8CtoBAdbUN1UWF3W1cR29C3gAHm+m/yN27t4IvYidWTrX3WhB7ATQRqonFlZCksGeVuVyxX7/9BI7P05ivSbmZBNU1Mutkpk0IL8dcCA5jO1GV9Etyq24rF+mW/EaTy7cuVkXzbwoYHlaRh0rXQNoc1g5jeCoeV2XYA6hBYFJfrShZtm4eKrBJQkX6c5TsDbqFujJeLTuPqxIhjotsfUQ21BbkFaUR9CRW6bjDzK/TdOve/EjmwYlZs+3Uv9t3IuYnxcqGuij6GCdw3br2zoqyg/3T11xkGSHjbupEI6pNzcqv8eeVc8q6LoHKlDQiRgqadPcE3B/U8KUKwYWH/w62HEOsxzz/O8R0ft6AThFzNBidvSMrR5nUzfSUVasN3eulgVOl8x5qvp+j7JIV7Xi9xB7CL/QZqiy0YVxJOxXPkuI6PW8CfISO//vM8aEJN60YQPVMVUTYNL6A6Bzbu5HGTnP8N+PssPFE5PNEna0iaXCtdZ7vvQV3GrIljpxiXcXTc6lilE26TUTsDEzfdfH9FlhjH7a9knyUlMGgVmpY/e7FCJbigweufiwY8ybsmYvcFmGVMCmNzhpafo+MW19htFAVxgy+m8cEEXTF4PefXP12pPrBkKPk5f5r79jyq+Y3a8GzegyYmqcdCxt37RPRc33AqK3hjfOPWKx+gpClVcRNsQQlj1XoatCQ662c14g0cepYxrQDwGbuIXIkzWDG/IFzrCo+VctFN0g2rHsqh8mdvjm86f2jc6rnyWG5TMEeDvOLmzb0TsNFn/bCp6wu3Yr5B62IZHwoXC1gxOxpfdk/CvV1c7N76A43qjq/fuNXsN0VaD9pG+qqSFRGN+7V1Qb/h54qTEI+gi3B1Y9gDpKBLar7Vv/K6dwJ1IYl3TcSa9hMbxBjcetKG5Owbt34BWkM9Z/N2U/G4xtg0fjiCwtQ8v24erLhcCZWJfbCHZmGyxoj0xcr1LmSjMPE67TwKKxpTyY6tQD0sbsHg5XrENsukZu8lazopvwTr3CuwYAi5ki5HZvyR8TloKFz6C7alf/kzgZK+XLG2edfeXGi03knWH9kf4qi4VbKkF7GZJ9ESDPGpbYnfaCjWL2oKn0IE6kKVjOwvSeQuSwwGpGEXiMCzoZdZ7NwDJEjh9KEnKx4Tt6ahPozehs2qP31UXvCp5Z0vCc72q6KJrg8savfzp9e5LL+v23dgxXzzDyXDtv14xQQs9L41EciAxr8ct6x4TNziVtUQf8MXulTYsk1nEBbwI4uvLOuDryh0LmIQN6DfhZTSOSqfNmbjI7/2CJoIQi0fdxwshgg9P8fNcR0Rt7oAPidxw/i+Y+4mS8tZ+QoIML/qxRvVj/ndLiKy8AsU6MC9rxIHvre1i/pu5LxnTURnKFUpHDXHdUTc4priyuM3XLT3wc4tn4lgKZE7kFWPzEpFna/k4P82DAWJ37zcXxIcoZLUTDAMt95rrgCNSThhj5qcPx5udczgjT3fkcVYNW0EsSTi9zJ0b4FhYndrUfZvLfwQjKJ7Leh3MNwaE6LSbrNc02gVzLL+xq1GmIS4bH3YO/UmmnZo67OeadjNBeM5Suqv5F8pw64SMTw7zfrd0tqsPQHX1b2Kj9GQBKa2HFKBejDc6qC+js22Xpgli5seGybgKFC/L6OmkRnhPAZdxHuLSjDCAyjsuGjXhwqt4BMR0E6DxZI0FfKQjOtQuDV1IeGfNIVtLYhYhUbbcIl5uXvXhD39D6ZhhBH38z8w477UP5u7z9beOS03AmPQlu30NEwwe88esefnULgFzfBYbO4mFS/ONJzdWorEVO5v2kPHoUyHHVZS4otTf1Wk7mApe9BE/Ie7qwetI9fCNzxYCG87FSmcTqxxrcUYg+PCXQoXAgk1gmGaHRgJrCbdTBMG5qeYH5O3F+JkdpstnmcX20vwGkK43ZLC5SsDSbONwz53b9s3c/PjUeLrXHvta8nC1T1XsvSdo0/nSEe66cMfN1+a6Rje2dx6+N1T29+2vNm8datTUvDkqgO4N3e2Rj89stjd+mXn8faWkT9Z9ebNP3ceB6Mi2A62H+9Y8aTB1790P269PdWNpWtZDF5sdb9lfVPTIf7xRd5aP+oXbdreX+yLFrVq+1o13WHVq2nQ3jqjya+0JvdPPu+2trZ+7VXTosU3WrW5aQd3+9Oe3Pnx8faTl6cMbl2rNncxvN5Mi9eRNrhbR9Pi9fV4t/bXCYO7EF77Z+I10RhOwWvxaHNn62Hx/b9G2/1XTS/Dvo40+7p/Bl7nHNz9OztPiqA1vM17E/GauyK8prCvl5s/PNx++jEEueh8PDr/fPy8ycufj0df4q3FhbV+Qfu98nz1+ERyvNIX7ZOeaO34cKkvO+jLVn/vi+6t9qsdaE0eak2SDx8/6mjrz297otXn/Wqv+/0/XtB6sttvck31RYv64BaXHo3TYjrRktKa3NWanNeavHcGXnM90dLUeK09nxKvJQ2vtcNHT4PHL16+k62vaCo46tdztcHNa03qeNHJeK0u9mVn4bXwrtrxH2//Gr16NUwfPvlhZ/Pl0lL7pSNtcCvr/Z48uJh9/b42Ga9d3b76Tc6dhtd6d2Ppu6B4+/PxdHipfpOLKxpec2fgpTW5oDX5Wrevvmh1s8tAfXF/6bT5uD8Zr3vT4nU4Ga91fXC6yU5rX8caXkd6k+06/NVZvLX729pqrzyDg48FqpW+6GDQK/CwL1rdhX3ZgSZTWpPf9EULWrVdrdrhexlqpOSxJlpx+00+02TzrejDH4TzmuxB/98hbXArCPrFsFZg3OSDz5r82OZgfvLgXG1wB2BKvAYLZ+CliRb6te7qeP0nwrIC7+sCTQXfuL0WP8FLV8E58OpXezB5cHfHg1s7/vnfr0Zv//hvJWQxyoUHQIvO9Hgdaiq4FLwO+708HS8IoR/J7K+3f55Mkvlp8XJ1vMBkvDT7uqsP7tlk+1oBpGZBRNwvzsep8TqYYj6egld/Pl6WfbkILZ7NW1rtKy/gfF+HJOHYaSictg1wwX6hjSpL/eXzDgAMDCkgHgaxMqInnytxEDoy51VIAQ0jLiVmThUqAKe1PHBtMLt0o8FZwWOCrrknp3WONE6OpzHaa5zT52QXMC6oK0bx1vkG4aoySKNQXbm1QLfCWBBzofhS9xueO9TI7iPlN45MWdxpsdUoCSM52stFSJSLzIcWkNJhcrx2QtPwBSqWQeS5g5tTwAlx2ctbymMpS7wZuBFQ8ZFjrwG4PjPWflXoDDNe+uodSUHQ8ljEWZ5iEVMAjV8qAGrjsSJgjU+NAxipUAwxAYMbU24AbyEaiqIo6Sy0ovx8r7LV2xqg0MFsBl7pBdYD5CUOznlD+gTVUkEiR8PcKUNCzV8sXBpWjsxk5A8MMxGA3JBJXqsbw1w3gLdIwwLnw8bCFRdPSBnbylsuiSQvDYwS26jQF3mGa6LQp10OW6crzdKW0ayIw2OnyHBU+wqZBjFx9pin0OBmFOt5S/kllzicTRyByhRXxFZVk5LlCTXPcqHyIymZqD93mbv40K94nkouWqcLmb5kIEW8BGeZEyrjuhY6Ejf0hhCX9by1IWQqyGyCCOCK75mtmkeqxlh45mkRjXfg5cT1ACnqVTwbDVlJETA80hnnRLAc8yimhrEsVLzgNbkZu/N28xZEtWBMhLPZT4C0YVkE7AwToeuJghPzSHeZRjhlSTh5QkHoklbPGGPmlBvI9C367mC0dbl4TMyKyiDyk1yWN2N33mreAsp3cja70Mdj0oktVfsyYblTGxdoKVJ37klCz1wOWvtsv8iDvSGrPEJdw3XgkkYwmfOSLhuFNySO5NWGGthferx1ZBtvwUHZJcxszGoygrpIa2qpnmmTBaFx3hbwk2BPJtNsY7s0LAXHQcDar0PTnS5Ss2HASt+ssAzRKpWVfwM8ro+8NZhfvXfLJt4CbfDAM17P7HwMbURDaWnKKVSRbB1TwzoFaelgiRPPnQpVOHBjJxgFTDQhMfxIH1GvdGSRRp5R/VzeEKzLdLQ2ledz3jr47fVk3rq1+z/TeMsl0TBNZneyC1WCZWSpxmnM0sQ3a0u2C/1wkCd0+nR4oIjXCFkUuTDvwO5Te+lINms51qicCKCqnEW+a7vLNSVv3aYrz4yasYCGAqfODKciIDgQlqbKg5pjJ0QmGSuEpMQBFqV/voOOZRVGOJe4y4ugRkeLQFE/kUWXE2ES8H7JsYhdyz2uaXlr6blhNhE7WR6r2U1FoMJgWAMr16kuq9OJzYoSu9yGYijCc08g4CoaRrIYpSJWymTHocs9S3hHsbEy5hQatnEDY8JTA6vLtLx12yjegqTimFezDNpQ2N2pt3KVAhsRk5VRMxy4NU6luNA2FYSQet0WvZSt46AGJjtdQPklLgKjciIQbb1vXtudx2Ulb7ld5jcLZ+r8qChlFbWRt5BqUlmalOUPSBy1fojwLkw5ACk/wcO91Kk9opC5TleXetaONWAVWTaFYJe74xBRU5tDRRt5C/oOxlE40y1yRPhIWJlrDFXtZNyk8wSkaj4aivhvXZVGioSlYHnRXV00ercG0poNsy7xTBmjgNjBrEYWb87bx1vQ9SKMRTjTt/ggaXBRWalhSGQW+cZEKeNkBoaZCP/+fhsiFSuynEdNaPKSgqhfi3FOhClaaKlUMF5Z7HFZ6G8RFvByxnYKQ4ad0EYFIz9KpWfMg6ugdZOcIOUeuozV3qXEq3gwyljpG3x1EUIQijxlTmXMgwwoFBLX1FqPyzbeQrTkkpUbswUcqSrDsZWp8koEvDFmYR0nNaXd/IWXxAitJ+xgKRkXje8au0UPXOpXMstaL9MM4kIqjBiOrE1AtYu3uhx5uefMTPnd/aeOIZXvDLlNj659uAcD20gqr0y5TQ3GTzFn7FK3hJGrSMODYcESnxr7vhRsHd+quxwgamUGu7pelLPG2keZzOetEzVD1WKNxczy+NqgxieoW9MjLBNkzdoEXKXGGHXpBkyYctWkuwafpby+5JwACBEJK8FxnrfUNTD36qLb5USkPDbj7Vbk+hXLkpOuWBUzms9bLqHvt0JAS1s4E+7MEO7O66Pudxk8mRt20exsk/TrZnzcqkKRO766vo70NrGgChOOpdNcib+BaOykowJHsUdMdbqgInHC8wJXxARuha6fSBZtvPfMaWjTCzcnvLXwrZm8RZLyXVgI3cbpPNvZoQv8pNgLnNprstT4+3B9g6wdzGMKkO9g1lyfNSJCPmS7AqQ8kQ9xs3E1+a8AUT/+P3vnF9pGcsfxNGcK1fVNL0JcHqTlDsvmWFAoKNC4kD610oMXrzARC0KgVCAJIjABmaywtwjrD/Ku9LC75R4ETe4CqUKIqNtL04PtBYUjl5wv56PXS9Im5JpAwBffvbjXC8R0ZnelOJe1tFpZO1I6E0LseOX57e/3m898Z3ZmtpqiBDmdSozuiJ7INBiZnS8Wdq2J8GcQvbAIvskjLdRUzMOlEY0xWubz/BybzNGf/nj0uOV0FtLwRQMQYA3QCou2rpFPpqSIKFPMvEDRR8YmpkSmWJKa6WomXC3zCHlLZPJRnSGgb09R8CjmIS61IpxAXqbLJSqabyRePGw0Fh6VXgcuO0ulhV1vVSIyyUQS0YO9GF1jeIaGOxBqlMKM0fpEs+cG/upnqOZEas2KkgcOjdX4NGPvFlXQ2JqeSJwTJTZFj9HWxExK5uJNPhWl0il0T4ycsQQvaCvHYnSuCMdHmWHXmKET+bSilKKFF450DtcTI7PNiTiQSFE8FS3mtE2LBJ1nogU/quZVZ8u1k5lwnZfipTF6Ym6WW/cnkTQAIpZjKhGRr4aTqXn1WYy980SAWx5PIMJJbLSaHJeHxkSGkeKeSEWpKChfg+FPpBRRUMEJX0MPj2IetjFAOMQSNQYe6czkC3TnqWqOYqqjc3IaXBPBl9loDo6inQcSvKKkUOlBOC8oMIkiwFZETo3P/lvT5zSjOX+LCOdZzhOR+GqNBcNFm3cmxDRugRLhmnw+NyavxCDClBjxeOIc1yyiW1kIlHKpEhfTuTA8HJ5PF+3ZjeP0xzKJIiXIpWgjqU3RO2O1ppJujMxbr4kDsZPV1HwaPqM44qeLCiem0UkdfwGMY1jY0UlU4dXjFprzTgmaAh71xCtKianZ/mDM3+EWAFdFAU1vPOJK83HV5riE8P0tfpqpgMYg5+s1VqbgUcw2IZQgMslCDaCyVIJgAN/mGJGTmJF6suKnq5RcYupJ8K/oiSjRBLpZhSRT4UA/5+HkKubWPk1Y5Mpx6FJPoJk/abt08J8strkF2CmyqfHgVizBRjSbOamUR3SauJOusbA1iAJPpUGfY+sBVGC4CBcnyTxTKyTDdL7MBeJyNDlCG4mdMTpXi/JyOsU34xAZRVRyEGA9HdcyXEqNzUv2RptbUERrTTAgRe3flerM1JU2tsBYtTYmz1vCDaFjdYVNoVm/5SxQzYgq+kQ5b/9RxXBjTaHGlJrCfANYAoQfJ9dGqlUCHVhnyizAFnSTOI9IDjpjiajc7ubmx2a1z0hzi/AX5iW9BYps3n5s+HM6tyKiAlcLjkdMk3n5uUrkyqkkkuZQVDgdneUGEl4QfroR5UvpeUpRh0Fiujpa+4jhy60ZzTYPlINInBTLRRVR51a8nB+XHB9tbsXyZbGtHMRS3fYFvURC1iaKRCGfyIyLhs5F9dEtfBAKX1GMZtJEbAdOqCJaCOrPZOh6VKhoUw3xSnq0TnoHZA3DOUDNS+UGCjkYS0YFLtDu5Jpjc6LvSHPL2QmrNlBr2L0I54jGLSC2igh3y/Rb6pSk0RYM0eBLvlC0VTolcJ2xKpNDtIQELqisq092VH8oTG60NplmcmlO1zoeicnZf/yh/2RR7lgA4ZnD3NqHsCZ43aegDXIVJW93d6nqLSC2QMMbF7EFSpWteAIgCZt89IUNJXaOEgulSrs5wClxdFvfnOGo0iaoKKfokZriSkblTr/MyQjWCDvpBiU3JVFnV0RpjMmpJ/vDLeKNoRQ6r88YxkVJYeHBfUZX9bjDQQw4lJSheK4l71u7wx55OCS31WQRUL5Znm+Eu9z9EN32BhEuqpPynggscY4FOmf/3NaXKf7kc0kTEdkiPZhve5Glr9v0N9jKLrHDJ+4P1TbDz9yn6ymKbVa4eDwS8Uh5+sBQcpIYIrdes8ytU28NpdzmJY4TKxXpn99tph9t3b5sdNGl7h1EbCAL3lU4aXPrstWPr3V3/pDc9kjiRIWH/prc+6KbPRLj0iAWTG6V1EmTOAcKCF+fLuwu7fuL6LtbnUfCoFQ2tyYH8m0v9XqzHy/dpp5PgwBwNanbA9l2qkdT3yOkl29vPXrCb36nSGJc5Af0j0XbBuBW5v7rVrl16LDv4BCKY/vZysqznZ3t7e0WLD6HwUW+xa7qmjh1xTGACa2dZ6Buq7/B8eahrv3ff4bltmfAZ62uF/nudZ/piS0O4jbfzrOV5eVlED1QdkDZ7seHvsO/7hbRm9f6MW17Z2UXGjwrO62BnH75UPfmdK+P394C2bVydQX8vboCyjKI2kBOP9dVQxOZxS62+Vrb28CalZ0eeWPVtsOHhsStHudvmeCWY9/L9o4GLQAshxrRl64wyS2rBhwE0WxZ/LxZbu2/26DRwGeOg11sM8Utyxb4ttXA6aUFu50+/NYywa0+ckiFgkpQCFGYTVazwSS3THup1XHRjla2HQPYZopbe9zWQWCMbo1v3/MRIbd+1JNbDscQMK2qLJ9j79/tMMUt66Y5YO0WP2qKW0NwG8jAHn0mqHS4eqsFUbXr3hx9ds49ueXoQ2+1maAx1DdAMpjjlukKHOooQqV6m/DWbXOY4pajt0n7n5DQNlR66+jNLiN7wC3HtadvIij3fCa45Xv8NgLTDl9z9OaW48rMEKqeMeG23tzy3bPutpkZq/c1c83RW2/5zpk27djd97fAn2++OQbLQN5+HzT73tzyLfYVqRk9XgPmwQxI897c8t1D0UifgoCh4tZPup2/Bbl1ZcHltr18f84Utw5/b79prrfMcMu3OIHAba7HZrjVOofCbQumuPXUvGnkGkmS7rXBTQtNmuPWYxQRnQBQMsGtcyhsW7iCkFt/7cWts+SE7cVtkltu+00jJ81xayGLwDaT3HLZb1rWJLdQRPRtk9zKonCbSW6h8OkTwU0AACAASURBVNtZzC3MrVecWxOjyy33CHOLxNzC3MLcwnoL6y3MLcwtzC2st/5v9dYE5hbmFtZbWG9hvYW5hbmF9RbWW5hbmFuYW1hvYb2FuYW5hfUW1lt4fgtzC3ML6y2st14RveW89POjr2FuYW5hvYX11hhxy+9/vdu5gZhbmFtYb2G9NYLc6nre6Z8JJ+YW5hbWW1hvjdb8Vg9unTrW/RwbzC3MLay3sN4aMb3V8/wtQ26RoZDu1mAopP84GNqjNQRDbhu5lQ21qwOmuTrmGqdc5z7s4Vaw47ZQ26JsaG+3kTZyK7srjrscaFzNUsgC+Kxzq5NZ0G0/NHfP+7BFb5G73Ub2cFvQgtsG0VtLhsa59s04pONEK9wivxY21f/NbvxB2PxW/WrtPeHJktHdrf1GvuW2jVvZDVbQqgNGCheW2uZ+a5TN5APhfN+yyDq3yN/KWnXZdba8eVb9aqOkG/nD+zj1nvAXt23cyq6XhYekZqQg3A2qX70jaEa+HH75yYJtegtklvxEa4fAyPMLmrkgykGjWjZK5a/6BZd1vQUSaPMX7fQXHrq1fNeNfOnid+RH2f7dZplb5J1dbVOPLjDOOHQgNy+Qrzq3gjdmp2/B3A/eOTHl/TKoZtLp2fOGmbR2ffbfQfv01sbq7BdqdWt/886eUTHh+nj26n+NggLu42rfo2Dr3HJdnF1WG1XwX3NT03/UHej90rCj21j1XnDZyK0TWviyG7/3zn6xpAbuE+A/o1pCF2c/6Jtb1vWW6+96lIIXZ6eOq3AADtQS0OA+jt/q123W9dbSnTkt/ZfWT0/Nfqg7UPOf0X38bslGvRX8es57V2+bU+3oru5hg+sTzfyxmd+ywq2lB6en1HAFL04HptUoAScZJ0wW8MNObrk/9Z6BFi+trwYCKiayG9e9xsEK3pg7YyO3AKSO34U+cn8E3KamSfCzuWVDfQDSf9pOboEo/WlBDe2JQEClfHZ9dcqwJ4L8/cA+vQWjFHnoUkEK3KbmneujKeMOh1w/ffyX/brNut6ClP9QS/9AIHBGc+Dp6QvGbvvYArcG0FsggF41gMEbgcC0GrHggxPTdw2NW/vU2ze3xk5vTaxd96q0AplUmfscZrnrH97P4YVZ0u3Wr89mwXdkh1vZrD6jQ7rJ7O4L9pdbIMuXv3KrXTK3qjb9IMwkmMtkp2ZYNfimwy3dtheNJ93kPs9vbaxOweQA2e75HzVn8NJInsVxlg37D+ylqFvVQYZfNdS1bnuY4+93cMlhSGjYi5nT3kKgwIFKmiV0L7FvCTKHBY3NYm8IysZDgzCmDxPUqNEYtdsIq4kno5ub5rbf96rKdmbSPYupZuimQdRf9+/1+733+X3f+z27EF9P20xZDqhfui3kVug2+2dui7i/pVUF00rui+JsgrQgUbYVui1MhRh5JeSWO8ZtsY+57fF6C3KBaYU8TBaFH3cb/k30M7fp9j237t32U7+OtW2C/pbWMZlWAGkxlSUtGMbfL3cOufUgEf6PaJugTqzt+MGlbcG4PCfFvsgP9Z/sHWZpwK2HWfprxn153AKlKOGhaRJP5yi63SCSZOxwaWlK8p/IZNzM4WE64JYdyzQz1MhfOVw6TMsPC2J2pNzyAkppDXN+i+nKkWTHbH9nP2UzGXtlaUX53HLtTLNJyKvB+JXQeFpgR8stBAeJGmia/LMU2QQ6kaZxZebhzuSVkFt2JkOmudrK0tJhTAsWNOE2N1JuyUGKEp7i92qHQzggmaeR22KB22L2Idzmc+vebQ+NpwVjldDj9ZZb8/UybqL2fpxt8knmu60sXd8rHrwiA24FbrPZbZ7+wfimHel7ImKLgABJb11vcsmobTHJbB07T93vHEMiKJ9blAjkPTa+KT+E45Qd8XuiIkpxkCW+WWARCMyuebR38z4JA+M0n1v3WfpwwceM+/K45Q3iWUh3RNLi1AaJURAMjnH15z/MWFbuaoh/ca1RetcxkmtTzC15vlo6urO9zKuiYyW7Nx4t6PKCca2nx3PLRlWIE6BIqpxxlOsNunbkwetgZxdJWrh+NuO0T8+IWy4sLeFUtfMfUmR8Wb9fME7wT/KeuM8o0Pan11cWrBNFBAP1XXuwmrSc9lUZ4DjodJ+vOsn5FeaWHKyW5suuHRj/Tn5YMK5l/nhu0QH2FGmaxNdV6gsSwUB9ufsd70xdcO37wnV1xmi39olb3sFWqdvSXX2wmoLx15CPWHD5ihZokb4nQsxQo1JrTM8DSy2OO1DfrT0rGZZToJ3d3dXb55vOTN3nlrZdKi2nyficZc3cXpDx3xYuXyeNxb4Wpd6iA0Tpjw/ZC74lqSmxTOHeyTnhzq8KNw3sfNEgbsndTqnbh/Hfw3ijcAlU2DD+bwvOzLIb7Xuiy9FFwjk/3CP0U1mLXPQy3xbCvbXXMM4wul91KGvk7k6py54tOLTAhXHnpatB0cn1vC+/vxVgijWNOmYqDEgd6/spM1koxs12X8MtaRWFmG6XiVvyfG4630L1syNErjBjJpa9cMHYDtME81s+pjiSOMrpuq5LubtpWkV/Z+rH51KmMJlbeq0RF/W0q28Hxi8O7XDBuA7TJNyiQNJJdi0rnwrbRNbasWPOFOCLxT/BQ3OJoikYbBVNDman2xeofjYFG589kfcL0tHOQQSYGsTflt/DdTr2AchwbuS2FHb2qK+VM0yR6BO37IM90+pBdFXZ+LhYK1MBWTSESIx7CJ1gfosxpfNNVONbUjsGyOxMR5i5Qk5YuPlQSyZy8Mo8c0tup6bXh7Z+vuAbnz/lWC06IujrR6a3Qkzti0WPzxJSECDDuZlGsRjsvGXCPWZ2SHpL7m6YiQpuhUbcN37ej1Uyvu5Fq7cCTMmque7ti3bZlv416SdhzsTeNo6djMtP7flJMp09td1Mh40zrToy+308O2OKcY9uX57e4gYDUmhTVEYDUspaFeqYXhcX38Uy27MCMKptWKJ78+dLqhNHiCCwjILHWC7bux1q4mOBRQtktHOnKP6gjknTpGsUVFQ4tmRtRySvy7F/7QgKq+24k73+y4sy1YmIIGvZs+3zlOj2XRiP/FXhAjtSblHx11OkaVojjnKd7mh6HOsuuc1qClWkfbBgWEc3fz2lOnH0fhYU1Qh0SaiKf+wIqNxwgYx27pRSD+Q5nj7yQKwThcNMYrNNkb1Mx87xoaVpVcvKXz996aFO9DJ7IoG6CKCzuhduEzdWXfKCy6cv09HOb1FZWNH4JuJbEqFl1j3UsdbtV+5KAzt7WGJYtzcv3wAbT0bbKVCUQCfyFTb+LQKiYVnty6fjpgAm0FsuoLSeBvSR1z6xzuL5O213TuRu0rHBgshf2NqWv7MEt+TBhpk9ZdBZt0MYTw8NCD3Durp5MQapk83Lc1no1nbMnmJiYdf2HTwhnKspSkLRk7U9SyxefnNNdaLC3Z6HQINnaQEZV0H6pIwEjBvzevSZufXHP/w+cm6BU+tpSZEkWXpRJMEHCBDUGsh6/hJ9Jj1862QX2LrQ+LW4LnWXlh/hG6KNBXa0fXmOckBxB8jSKMolVYtqkAIxbFSLm2I9TQb2lNK5v9WIGz3UjkAIrHFtfC3bpwUnavy87CTz8j6noGnu5Dm0oGSOwQ+LVCGqKtH8YAGfKQ38sv55PivWgS16BYLxrqTXKxkuiEXMLeKUDk1zomodQjdxDH5IVBQKayTiEZEiURkpklVrzT2RhOJGUpDxcFsVt4XCgtPR+MHPCfQWZd6yJ/fjuBoHDodc4lTBD2tpPeZpW4K+NIvPlIaP2f5ZShxRsX8WxzLbVTC+J5Gtydb4aJtkXp45pbNBrAVRzK558EO2RYnwflbgSzDwCXbWtqbrBxsi3+Iuhljz4DZ8b7GM8xXzntLcqOfl5TY4pdE1qaAL4QM6WErCec+OeTg6fHdP5PswjmoAqHrCFjVdcdjI0j0/ya26HGvcZ/7/IJpTP/4nam5JUllqn++aHfOI4HVKGcVvEh4NHkiWZPzCbt1uCsIWC/6+nclkdGr0BAsinoNgLbiMWAW8uHpVDZNSzvRHuBD9MDx8cwS3/g6EAVsuGw/TYviTJ6PwUShibnFdyJqGqtdlBXj1JTWZVVB8LyMd8XWWZomrOdG9gxUa9Vdj5LZjqNpgQcTviawFT3AtZ/s6W0kPTB70cTACdyzellXw5qiqZheKuSL9t74euY16Kaejqvj4PNwEP+cDYEI8I7OoSoaVCL4h1TynKhY8FyuSZIrnILIvZsURvdWS8WVyG3HY5X9K5PPy5ABQAQbd2YqqV+YDUmKNaz6NMj/o1FO9eATFTJ1CNl6DaTY4/EbRdIKKfl6etsHffhZHiUi6kPLyRFJSvNGCp5iWgoWeb+ktmNoPH5J1GOedUa6cf3wi7rf8/7cexy2XQKXt+LW92S5DQgxZeWnBca15LMF8bjmW0w4SMFFaLZVKq0Vwwe9VRM8t/Xh6jTWNTVZWapuip/SGP57Eh0Vyyn/0344bjsPUoKU5mIbfSVEfBQui5pZHoKqRpgEJUGyR3qMY/loPZqjmSYLRICowAsuc9TInoEgGbgM4ggVRcytW2zLnSYByvyXxb6pTVW0vmHyjdzOSU0wxYARu41E0Gvdq+24zrN6I+BL5/BZnUv7uYI52rHVQbOGA037TK+ziKC7SmFuGY/FIIUnBbIl+reZgtwojIFq9xWM+im4iv8cLbj5RftOL5xtFuwxkMMWgrQzLyTIaBo5R4BMtwI+fQsNEeou6bycjfsYkXTikWykoFsPyWwUnjHoR4eYPS2w/MK7lX2W/wfzWp7n1u+Z/H/Vz1cSsA9I0fHf0qzga6AXhc8ve8rnFc1vErVxSkHe0Y8tI+r9m8n3UR73PwS3uLR/zCAQuPnph6uu4bbvpcPazH8w/UDY6yRxOi16EZp3QtGRdfWIgdRJu2Rkwa5cDgRTrsIGgoQaC/5NJIbcqIbdyhkXxj5hKhra17z41kDoJt0h8pjvBW6zZO0/lh7bfrA/KoeH/yDu/kLayPI7vw83CviSBEvZySUCjOOVGOGUeFgmzzIa+7RUrZB+iYHEgDi4LYdZMnDsta3T/yIJxdku50pahUHUeOohY1IfZHXbVF7GNdrRqa3WWTczADHW6eShbBcH9/c65N/9vnDXeXNv60FtmQu/P7+/8Pud3fud3TrQ+eeAXyAaLfILTQMaj7cCt1tkwd/r5FgfMmn6KOQ3my6NTy7jTU8StRo1bA7Q7VY7MZWWDJe+ibtdnRfdBAEQ3I3PYAkHn8j1MbjLc4hm32JuBW03BoIhTEaIhI9t2GTRUeB9EM8xFYMwEbvhDXvgA+M1luEXQ3ma1b4sHboFx6D5pNWtcP3JrMHn2uPWTH//8RPfYQJY1S3MaulafeAgjKVqUb+2yfEscTT8WcVmBLUFb4/izThu7jOEW1r235mhDP7/aOnsLEVSUb2ncap9IYGWETj6766ptU0ZxC7Osefy3mZXbS6ze3NaYl2+p3PLsNGxgORx3SEfHNdk4o7iFde/xOzRrAStvgHJYb87Ptxi3wI3920+xJkNTsydZ2cpwq6L7IMCO3cnWTZlZuTUMjCrm1kXGLc+NKVjwwP/C1VpWNn5R5/hNhfdBwPzz6K9X6cpr5mHrLigXlTPcgqVjHrcGUw/8OBVharatyRaXynCrsvsgpK/F0Wu4O0xrhE8W8SxPUb5FuTXzUHyUXPV7cP/xgTj4Va5xZ5JbJ7w3kCS6RhfZZAz+eHmn7Qte1upbslbfUvMt9+7BGu7pCLQDtBkb1VeejxvHrZllz7NhOhJglC/8BatoOfUtkda3NG7BRDzp92B7ARjfLBBBmvnjVoNh3IJo29lQR8qy5+XV/jShJaLc+laGWxMHkMHiJh/WlVA2/vbzceO4tbbU9gkmWTQWRzdow0FBfUvLt1pno7B4bZvgqfEHKFvkNyCbUfkWeG1zmbZ1wthqe9a1MEai2fpWF61vadxqazxIdGGFi9aVeJTtGshWhlsV5VvgtcFP6EyEVs7eg+RG1upbMu1Yz3ILlri4eP2Cp/WtAwKyrT3fGpMMy7fAPQuf+2l1DZass0uebZ7LqW/5aX1Lzbfc87hDNJji6X8/wCgF48px61W8Xx7rxkF2WAxisb0JwxwAtgBYItp+opZvYVa/h9OzlMCtDNxPXHZjXd4YbgGkPEE2kpiVE7T3TtuSY/uJWW6RNeotch+BRuTmr/0i1uWN4RbMce1BdkiRXxXb/RjmINDoPk+Itp+Y5RY2bMD0jMbfldD4JVqXN4ZbENkgG4u3leHaduQAuLZ2Ajyq7Sdq+Rbt37oDK0WBbkrhNuyqH+vyBuVbAKl2NbaplayHEvJktiXXn+RzuHWRB8rC0JTopjDItjKMOzMG5Vs4Swb9tPWKWolBLtH9RPAoJKW4n5jlFg2BL8cEOgx5Odq8KPanmg3LtyD42oLslCnuF9NZCcs5ahDCdMhn8i3s36JrDwE+AH+ism5al3+d8i2O3Mcao8BGeROOJC5K+7fiU78Psv6tbL4lwVoHpudmgEPbs4bIyqIfxDSMW2BHLTu2jKO8aRBbT7B/a3cqnrgntm1LUh63cBt6Fvd7xUdb8fitYQxEo7hFq300p6ElbVq+Yv1b8anP0AySxy1aW6bNZ213GyK3NzAzNIxbCCmW+WEsZmoA/U+m4tdirH8rk2+xVmOcivb8HvQ59uyFDcu3UA2YGmVqZVMtPbOCLVCb5+O/W2wSaf9WDrdo51YSe176v5+KJOZEmA+MyrdADU8t3VvFoxoePyqEaFjYjsc/HWb9WzncwgIdeJ2HPzfHI1OTkBlGiWH5Fic99jSxmj8WTNmsBJly7XxDfF3t38rmW7gswZUidsZtrlPjELSvF7dgFSyqsQ0AEqnj+NUud22mX36uleVb9B6b6Mod9wIMpTnRHRwJithdPbPkNoZb8tqw6KE5DZKJnS2Nrixhk3CX28P65VVu0SdMz+JuVDMeQaF94PS5BQtWdY8cEwY2pGYm/e722ICInfq40c+4RZ/RxFVIxiRq/EiQdjivDRvELWzsUVvd0Uoa5URrOcce07x8i25AYlr92I+yie6FlMAblW9hByW7eIFeykILW3Lkvt8djLGxJOdxC6uYbpyKht2iMsJ8blS+hQ3l6mFl7HRghS1h7yrIBoHQD8Mwn1u4/miDqQiMbx9hPo8alm/RyUXdGQcyqRccrC3jQYOgW7xBO2bVfKtV3ZHpT0lrDzFKB0Txy30Cv97rxa3EknI3qlYflFHWThtNLA8Eg8qzNJ7Q3VBofKlPaS+m7ErRtc9i8Ak8U5b5wKlziyOLyg67KDC6MqIwOEbXPleCwYGd5zKeT1Q2KbfYExyp7OwT/s//BNMGXr4jZT5w+tyKPo0pT1RaTyo77CXC3j0qSgOe0F1+tE25xZ78A0WZkAgzfuSbMB6VevSVIdziIhvKLDv1GE3EFHY2U1pZxDe/3KIH1JUbtFTCntGVOWUzTMin96jPz0to7Lwh+RZkWUqMnRCQZ+7DW9nfbo2AabHv0YUrIzEMfaI9JxVQCQ9XMp8jbJV52Yh8C0fPjbBKCUX1jXR7A0V5OS7QN9NAIewpJUaUeQ4PV+In7oLPyUpsJ2lMvoU+Un9tlJAdzpRn3o+hLN/gkdJFZZclYfQpwfCcj5KZ90fogMS7ExKxnTR5bepb2VtM2F/Vz0TJFO5BEPX+Cy7nyT4u8xHcS6Rn+GX92x8rvF8+3zbtSEZ8fX1KlrT7VnKeMrshRkDjp9gZfn3TKrxfPse07FskjopSWjYuIxsnceVlq/B+eZmTi6zE+yBANj7vA+ypfkbisj7XV67S++VzPKq9Aq9UQFFKyKaOx6gAPm/IGM8ZkW+Vlo3QsUQE3d9EzpNN17ZK75fPj4Rc4Ro4dpFGQSjkGFcwIF+PfEs/dkj5y2hlQo79BwmP3Hrb5Twht3RNO+bNP8A2mW9Abv3SWXcybum/+DRkQ27VOZ0n5NZJ3ywfbxonILf+U062E3wvhnw6Hj2P3Crr0RN8L4Z8nEePDxWUjQMo/besbSf5XowfIMvxxvGUW+V1e3W4VfEP4bn95LdHRx+nhi7ro8uc7/MRhHB6+ujoqDt96YXTVXdq3Dot2f4Fsv12KHJOn/imfJ8PypYC2UK/vnRTVzZTvs9HRtNawLTDsh415/t8BD68n/r46Ojbd4eu1+lHginf5wO67af+Bi59d+hmGd3eGG4Rkj780wWv1+L12qxXeg+HfuQ8M9ziwx+GAhavxWKx2iyBUOqmjr9M4JYgpw97r1hV2b5ruVTnPDPcEsKpmnofymaxeQOhxuulZTOBWzI/1pjj0ZpfvNCLQBO4JXDJzvoOK3jUa/P29Vy8rJNHm8EtPuNS0K1P16VvDLeIkA51OOxWC/vx2h2+ULpkCFafW0J4OmBz2FTTLDaHPTD9getMcIuQZMhnt3tzZRsqPcyrzi2B+6jemidbX8s/XGeCW3y4Jd+jtsDF0h6tPrcELtVrybrU6nBc6b5ckg7V55bANdZ78116eFrkyt5jE/nVT//9inCLH+vucGiuUh32lq/msst8bskkVW+35ZkGDguk6urM55Yw1ukrkM3r8HWWpEO1uSUke232ItkazzlN5xbhGgPFHq1PlqzXVJtbQrrHWyCb1XHhZ+85zwC3Srq0r/FtZzXv3zpL3BKSgYLwYyHYl3KazS0S7rTYi0yz2L2dL5xmc0tIlZYtkHSZzS2ZO/SVkM1mD113mswtEq7xlvKopfsDp/ncmr7iKLbN6ui95DKbW7ou7bnuPFVulf++6r9H3jsr3OI/7CghCGpimXaayy1h7LsSaMCft3qL3VVdbpGPfLaSptl9jS5zuUXCIR3ZHIE/OE3lFhnrdZS0zOrouek0m1vdXh3Z+tIus/OtkF3PpZdcVePWCe/fMiZt6CgdfzCWvBedZnKLhHscOqZZHL1Fw7yq3BIafXqy2Xwpl7n5VkhftkAh76vKLRLu1Tetp7hzsKrcIt02r45t9r4hp7ncqrHru/Sy883jFklf0Is/AJevcM1T3XyrRneQg7tChZ2e1eSWkOyw6svWkXaayC3SbS8jW28BHaqbb/WU82inqfkWP+316tpmL+Z9NbklHJZ16Yu6N45b4fo8Raz50WjrK2B5NbkltOQR1WrLt83R4jSNW2QsUE624lFeRW4JjZbc+PMWytZpHrcKws9akN/Yp13mcatgJiqSredt87jFp/4vl74B3CLdeROg70KfL7+OFDpnFrdI+sr/yLuCFreRNNoTVguVgyQIgsaxwWBPlAUNbQKtBhnW8vqUgZagTwZho75JFzPysj3BB1+aOdXRJ50D09cBQUhNYI4+7W/YbUIO4z7lEIZZEMyWVJJcVe70QrpT2tCFGRJymI/3ql6976uqT4xuLZYLtgI+5FyNSL/FOsHhssfCprU7denWi5dLDrYe5wZZDy1Qtxpvh9aNjE7cZl26dcBt4BMeNl5UBeoW3iVvplR517pfutV4P6FnkrbxvJl6EyQCdesFV6UZnETstFc3bKYoTrcab7mU1fM2nJEfNGvSrYbPwCYjz2VhU7pMpijSbzEgWRPo2RYHZG1+q+EwBGqmN2X1X+mxqYdA3Wqw5kJDJ+6EpXR820zxC9Otg602WLm7AoCd9pJ6dtqpRbfozdnKfiswHXK3pVjnINBvzWnYLN0HgJf7eU1+6+D3BQObAkF/wqVjzHmnON1qvKOoy3TLA5AjVOIstDDdoi1NTikCV6zJkbS0VY9u8ZTqmNIFR+modZ90CyMis7ptoC5fpmemkkDd4ovyKQp2SvP1+K3Ge874dZHBTXJpyKY8wnSLr+DKPnKGXMZz9qwW3TpgDbQ1dHYZ9WvSrcb3LH/qDCU9VhuUcdypRbf2U85K+MjcofT0PunWvqlV09sNA9dtQ0i8/LZiqvmtOnTroCrTyMvQTSPXHMFRbgqt7ca4mHbq0K2DaiIpqRsFLvQhJHJPwcbuzqJ06+Dv5b5jTQauidxRAu3ikeJWMOhDfWG69eJlaRLkpesGkesgmFgSw6i8/KVTj98qHbQ1zDDDrMLBUmZgkxTG3gvME8vKmzzBy8BwDQdGE5ZSSYLN++S35uXmrBngygAgKfJEa1wdrrDlEGG61XhnVfvcMbBPQDgleaI13FobBbVqyRMrT6raoG+Ay1GRJ1rjyohxO6Aw3aqsoDVZg3AFzss8kYJNM1s16NbW0ihdAIw1iGLg5sFOtoezXOovSrcOXpbmyhrmmHkROCSAjT9iBoXpFqa0VPVeH0C8DMIiTxyO5e3heuv+6FblaVRdb0PbD8N2GG50XZGG03CbCtEZjzi/VXgaWdd7EQwQdBKYKLomaUG/Ku+yXlCUbh38XhSMNF0PIPJhhGHrYtisRWxvq84MwaJ0a7+8O6LrQxumI5g4EOG/4MRnXZXgmPK3MN3ab1eMLkPo2zAwoKNljDon1Uagp81adKvcJTVdIZgFMOrpuqV0+1XirXRP69CtxvckAAtTSpZBCtEQx6bO+9VtVHXTuSPdOl3/+Xa61fjsY7/YnBU/Str2aGajOUIzI5rpZ4cg0DV190SR6Nb+54+tQaygMkZ2e2S3TTtI7TSIkokSghVeiHJxosjr1p8EwFaeJgaR49vJzDZmGDZkb/Q5AO0SNvZEMdet/wiIjYiDvEARxsx3MGa240dooSNwssi2pOxfx9/xuiWA0YMzwmjXtmeGPUuy6II0MvHGCFxVIy+T1PlufUvAZNsnp4nyJInyeWabeD20bTTWHfBmXMLGnCgS3RKA275PYusZUY6Ynfq26UfGUjdAv1fExhXfbtHH5snfbupj879166/ffP6Rkm1OGWS+uMgTjUNg6t0r4IWRT6Tc4XXrRwGhfUNcuroBAL0p80SI1546AEcQJrlFZs9/sW49/PlrAaEFhTtwQRyVeSIGL9DnrAmaoAAAFL5JREFUlyAOo9k1p3ZYt/7y62sBsZ3lsVlLDNtJkSdibi+XWLeAC43c2FiTVYfVrd8ERPY1MffqDE+zI2D0szwRusCTLAgeQ2gu875S42e8bv1LQGxP52qZiOF5lmFmgzVGbKOnAJyHaCPv1gUz3fpVxEoo9H58BSIvXwZhvlzHWLdySuV8ozpv3o1u3dx/66ffbtatBw8efv7x4I/CnCdx6MRuEK/8VRy4sa9LqyzIiFjngNMtEaE9fEBSd727ilM3dsJ4ZMf2KA6HepCFdkUWYG/F6pZI2CwNxZEZwyCeYuSCaTzTJ14WG5J3Kw5Yt4TE9pDApi6mcYoxi2JkxAMznk702Ssc2iUpw9H3OzPdEsroWRxjsAIYmzg6FA9U3cxQW+cblbJkLpdh3RJJqTKE2TxDo2w9wDRejbMdHA/yckoetFjdEkMpiU3rubE5KJeBGbtLfZ5R+pxQOoQidOvy369v+PxEM9MtEYMgMvGDNM1+F/i/F9kfknAN+nFCavP6jm4JGfn/Wz4rIsK/IP+laAWuvOLU01rs6JYw2KyFn0dEIZeEb573Vw5JvtkDxVy3BAyiW0p3C1j+u0jR9Pmh586UnQPFXLeEDCINm+CCZfTCjjGjITk0U5YfdnRL2GxTxjRsaRao4T4+9s59efdAkeiWsNgkLrY0TY3p5fWU1tjvVOACVMZrAL4C3IjHUtE4Q6tRt1QErhnBUCGZ2jV+Sxxs3UPSkogJbbqsYHPq0C0CG3Ew/DCHRd+5Xb8lLjRtUPVyorZxv2QU+629OnTrD/I6i4arjM+elA3DrvFb4nBzuNi+yuJLKkr/H3Rr7x9PhYwneTVSXvZxPP01O8lxrlgeVbAL8ImY2J7maYM6wqEcekesNlQdZNj6Vuefr8XAlp8wZfUGAE5Y2F7NKthk5grzM1Gw5fUtPZvkx94xE5tXNf5g6lt7p4Iie50zqkdZlu89Z0KDUnXrhq1v7f0kaCXkyZY2y/Iu74qJbV1d0uC0QRSlT/L6lpaVRy55SqunSKLqWzfrVqclZLwpXq5NsRY4Fx4dXrh9gK6ybU+bYmJrkZnk4/WXmDYd2tX2lZv6w2kNsH1LwMmKWa5z0adji6ibgG/rgO3bfL9R50fgyHCMS7o0sb2tzpkaQaF1ct6yQvdV4kSMNGyfNHPnicJgS6qtKDLNQzq47WV1mXuhKCq2/HWiusGUInNEU3q0fVJyd+eJt9EtQaMT53qdWdDQCc7pLJF+U+o2a4it6eTOBXvBKx+l1PZ8RL16YO9vCRqPmtP8dZRq4EmeBDHtBLcdLFhPI2y0RqTwHoPjAKWPqdhGKvWIpY7Z1spvNMtYG9aBkdCKSj2J5e5vCZttA6U4IQYm8mkPHdHPuU5rwQ0RSlfgMkABbbhGCtVj4I7ub30JurXXmZNE0QOPB5BS8hXVXUoZf1fLAnxLqtt4gsc25WkO6aZcKmrVAduzM7I7Y02NXIpTd6ne3YuxT1yAxEJnWYWHKAf9akR1cGLuy4tj9J1SlixXNiUNV3SbQ+VtLYx2Vj05TxSPwdpe0bJFdbXlH08KphSnHic0pUeGJEt3fl/+i9Ct1kgjYs3kiMd2T5Xq9TSVF7SGNntcQHdO594nioPN0ci1cyZHPER0n37ufaKwcUqunlsjpiZ44lMt+m5bw/10bbDIu0mG0RXdApV/nyguOJJFaymTI65TShrq0tS9U3KBy0ouP06p9L55j3SrWSQ26jisUor1YK7Qb+OtQbOe2Ej2IEtBpQ6PV05P+3g/CNE7IE4ctia1H21UWapbGypNtRS/2osu42SpfbQfhHBtUIZOxejhKmW+oFOTpSmTMclS51u35RnMB5tuW0L69NjMgtJ2VZN47o3GDKXdu+oH8UXo1qNmUdlTpE0CV7EbJf6Y/UhbTfkOFgdIxMHSlkF0Hk9DlG6GmnxD/y2Bo/AIynA+IrC1lyrbd25eV+o/LbouaD0fw7YKkTOfaMrH+2+JLCJZ5afagsEUM2oEP7CM3to2fDpsH4pn59pkhtx4BZEz67GwaWlNsTWnPbmk1Cax8ZRqd9Z/64vQrUoc8GTWsO1UVE1T7roF7C235/zDvArebVSN+xIT+zpR7Aosq0U4tGthk2pyqTi2sjmmXMLGfZNMHX+oxzfsPZrTjMoZo9LN/U4FmpqkbGRTwcZ9aqE3/S975xvSRprH8VkOOY47THjCvLpnQOcRujyRpQhXHLliPWEpeVGFaIlyigGz/bO3NhWuL+ptMbQbFxKXqxrR5bZXxYMrK9ra+qLsuv5ZuBI9cSW1sakh1zR9sWtbjAgi9MU9z2Tyr8asdtUZ6/MFmSfjzDM/fr+Zz/yeJ0+eR8Mh7UWHiltJl2y1jkmzQTXTKi7nZjNt0/zy+8nUhuxu2zS//H52I1l0WW3LPaHWmyj5ltwionUV6kXUXqDPHtK7gmq2ffczId3F+eXR+386CNxCawXZnkDd0auq3UnKd/pb30iv1TMNdlqy2bZ5PZ/9tC198ZfNq30h9Uw7pdcoGihU67LBgW+2qmebEM4e0rxfngpvcx4brXCLZDVZ1k8syQkLahqXLas5smn9xH1120qWu1xXVgrVDOlrfm8X23v7t2RRUzbT8gyqPgmFudnWT6xXNaTZgK8v6N3Ndch+m23ewN/8gdMKuMJbLrxckluuZrBI7r6j9ar3O6vZqhWbm3NfVdpzhjx+Txc3/iXp/c7Wq95n3uu3XK/6qEvdJ8HQsLch3e58p9V/vIc0Ai7hRF1mmOtK7kJ1TYO9zXzmW+nIpU61bSss28JtZYUqm4aseVu4jbdUqGsb7NwCXCX8j71qu407q8v8CuePrgjqhzR3D0O67Xmas82/td/gWinIcJuX8FciUG3ToP1sSQY66HV5verbFrZkdJslrLppqOh1Jqjq9M1q0568ihoyRrSkwa6+21D55QxU1fGXKjQQ0lNbhHRXEuhdmV9+/++ls3VvPIIlfE5evaC+aQiFCzYNzeAtEQ5qwG2dDWWb3FbW0KkFt8GVS3r9m267UlgENRDRiGVzRAvCSAvPg1DR/CZVc/nLp+xQCyF1/ZghpOW7E9IDyS3ik4q8Ojo2RAmVns9pLkVQE7YJ9nKLPLgsBgYdz1uO9QqaMA1CV1MZnxgmT9xW1uSC2nAbtN4v0KW4Tc9fed2pDbcJa3ctfGpE9ZZyuzZMI6/D8Gc5yZASt11uuCpo41GFRZE9C+nB5BbxCao49tlR3RGe54/oLxe8dnFQK6YhYe1EnqWMl1VmabrfK2jGdZBznbqkuE139NIpF9KM2wjwww2WOl62LedKU2EnRJqJaG+kKRnRvMiadiLKCUWlZwsUt5Vcab5bDzUUUmtqSJsLO3fNbweVW3Q2Ia6+NFJ4rDwSvlqkoVjJ9zlcc4UL794tDLt6oaAt4AsG4rZy4rbSeoOgLbdBaK8I3yduO7HSizTlttSIrmksoiSNthK3lR8rjKx0Is2F1BoP6Xe7advB5RYXmwhN/tOcZSRgxCz6hzRoG3PbWzwoWo4od+hsO9DcYmJi2ovXB0Iaf9oZt5iYmFIkARiqtnMA7OAcAN4qed8JHdMvwbjFxMSU0okw/NF4t7v7zhcD0rafeDgz/kra+bVAqOptL5HkluF3v2LcYmI61IKhoRYsysqf3PYvQ6NzlZNgx9dCT73Pt31WdLbyFsjErXtVPzFuMTEd6myrawFj5/LH16/9y2PEPRvbfOajDxqfSTu/lrdycPvcmhMzcutn5t9i3GJieuclzGPj6G1ANTaLax7HSCGl9C0h8gEly8qQkOqqak7urkruSpxA96Z2Tim1GaQurzgIEl8BJDZIuQqMn09PR3FuKYczbjExMSlIGWnH/cqQdjDSXtlDkyiAztz4+owk70Ug1HajrUpmSmq5KERn+wrZJbLrU2taElVkLwJjbTfOKAPDAbpJa6MfxrziYpE1ZJcnCjOE7PKsQCG7nRx0/Ez8IM5q50JtbXaFW5LVXm3dPrfe++aelYWViendTrdmcM0PceoIQ93P6ebpbCPGjesPyX4UmncXY6NnuR6mlaNDnkVJuuld/2rCLNYuPU5pM0K/59WMh1Qw/pBiCKwu2GhtLgACHluxw7045FneIIcF3O4BgZM6FjxPgBCIXdJFLhn1u68tFOcv3Za5BVZn3aP0R+Pbzbfe+4lFlYnp3RZJanyfJNpVxznCDSFoE2u7u22ikwAt6hexu9ttFpc6UVqZ9suDVXNtI+4ebxGT7JOrdJhr3B4s9l+FHHjREqttKmIKOGrzGx2LwUonAZHgF8VngJNWbTUXTTPxS5J2anRWdGAsTv2Vcgus9lU6ByB38OaXZ2Ji2iOhDq8oNw1pH5QsApIW7B6QUKAPT1WA4Zaal3YQmjeLT9LKhFu3AGFOcc1LA7jpxb7kXDXROaN5acA65jcbBwFph4qkNvi0T+z/dRFtJ4aswy3GH4DU4TUaRzc4MC/2n1y14aUB6XigndZDzjcuff7lc9pONA33ib4BwDFuMTExJbq3CEkmKbfQyNeyblgFP3aeA7R914IXwaqttdQkSF3T448T5YXxx5LMLbIHTwJEDzUmvyeMzmGny4QAQSI5ZJ7UZkKIHvIEyP3yEkmoJinz8m1TFVCm07TopC1EELAZFwkSCTBN5LA58RnF1rlYzYxbTExM6dwSZkSMsZEQJzoh9lBSGAg3RiWSG/met9lJIoZo2a2UuXi+1XqR9t4TEvVIKe3ERxKnjGMg/xm1hkIha8cEgZXMLTnF+gDMiI+8JO8aaa+JRIkRMpzI0Y+k5Pl4nSRyLgWIjFtMTEwJbsW+Qgw6PB6Po9j5b5ImLcqoAH7Sgov6Cc5qu5ev2yEHU8rxfMt3mnaOCX6RNPmS3JpMcIu0Bhu7ZTXiR7FxELRLq7X0mznx1TRJtYLY98lYnzgYv+TSBj0fxNqbxcZip0tg3GJiYkpVdBb3f0jREzp//nxV0JzCLRPlFgrNEOKIonGpAqaW4/mW7zSMcWvpJEpy6xaIb8f6jLWNshyN6xsxbtFOtcGOvtZzQfHbjWkCqQS3BIVbz+Lc8hDaKRUzbjExMcUE5pVxEEhCCAQot/pS8y0ITMdvfrngKBYfbUik/E+l/Ea+NU2alFwmbhFETZ4/Q0WwqORbtOaep2baHT91g7YVk9yajnFLOR/318+YjYusf4uJiSmNW6stiXGnyES5FZ2IdS9xcmHkHx9zAgAjc9j3PS2DWPl0ev9W10SsabiZW7R/S4KSJEW/uvZpglsBc7+f5Fkd3pq/2aauCmS33KUmkXp6pJTzn4GuWew8JzBuMTExpUjwY6z8zud4wFvces40hFsjJiSZXtjwomm+kn43KJnmse/DmWT5++T3iYRKpqA5ZQBXGrfkfM4kIXIoOYEAatEEOWmsr6bR+AQI08Z83CPR5qHzIq05WGwcBOnnE66Oyi1Fxi0mJiZFUsccxo7la3+//tGdfIyXOsFwO556VVUVbMG+eoqNpQF79Yt2knullDcS47fyX16oDraIo4nurXRuSSN92Pm8qjpANi6hawL3f/4QkfYg7XCHIGjMJ/jipGFyLXLJGZr7obTzOWEIx1qKCW4Z/vv+f/7HuMXEdKjBFfLbRDoIAovY+XINckKgXTR6HFicGgAcnDeLNW6PWfS5YGpZGS9vq20UHbE9XJJblQp36BaQ2rCHHNJKAEUSK1xJB5sGsfjtSTqyQqRD5znhRUvskr4BITF/TWwrdXjF1oswbd7A32ebf4txi4npEAgJN4e6PQ6He/zPF+SJH8DwA/rxi9v094kocId+WL4N08rRIfeiRLg1dW3BQw5NXdlV/ldyS2pzOxyedTrqXRqZdrvXP0DSyCz9H+p64KY/VaRTF8qX/MuF/7d3/7ppQ1Ecx21VQkLthEecyRJiJvVgCRjYMnQqqLOHDGXywt4pS7tV6ht064AqlCKxow68Q5iRKqQ8QfmbnkNznSvLpLL7/WQAdHIv3MPlJ4iSm/3fJ37bjd9f1u6/fPoV2Z93Gm4+SQIo/1uumtMfDgfR8SCZ6GIwHMa143EO/Ycb4noUbX9P/vrm9UV/mOgDlaP9sanHy6h2t5189y2Rf5fssjLyD7cfucvDuMOlt/ke9fOt9NxyF5ecYwP8H++5gkid0axu+uKGvL79BdKbj37w5OnOcjbjAfMnj+AvnC8PIAe1XW49052RWwDy+Hx5//bDe3ILQJE+XX7/+u7zc4UEuQUgl+D6c/I8uQUA5BYAcgsAyC0AILcAlDK3vMoLcgtAkXLLG7c7S3ILQIFy64n/V01uAShYblVHPXILQLFyy+X8LQAFyy15bqAv6Xdhgao55lraMPsp/RymDDJO6fzDKenXmRbH/ipIv7ah5QQbfvOJ3PKOdzJpS2N1UE9D1RJZi6ey1PTksJEatlAP3TxlkKhSQz2SharpD7lNWZrGctgkZcqxqk1kraUXF5sXl7VfrYz9kqWTfjmW/fLM/XIS636NzP2atvLvl2de3Ln71bLvl2O5v+KmuV/2r8dJSr8cy/0V5P96zLK/trG179c6PbfehPWDwaXUqEtTVYtlqdOTpXYoayM1bKymbMvSuiNLLT2lGjZWU45UrStLvbksJWtZm6phDTXlQJZCNWV3Jmtp/Wqa+zXPv1+dtW2/FubF9WbZ+jWRpZXu10rW+rb7a53I0kz1q6v6tZClH2fo1yilX2p/xWpY03Z/zbrmxQ2y9Uvvr2490/7qtfLvl3oKksvH91cYhsd+rVNz68FVvSOt9E/BVK2iBqrSXA0Lrae8lbVbVZqpe1upWqhqc1Vbqng2T+nqKeuWiztDv6r2/Vrm368rWapY9+tV/otT/XJTFvfSvLi0/bXM1q+TKV3LflV/mveXq5+CPPbXVS5PQR6vx7Qta+qXu7Hp1932K6zY5NYJt1pi7rmndMu8uJI9c0VsQ8leZq7KrcOFu8ySWwDw3FG3t9whtwCQWwBAbgEgt8gtAOQWAJBbAEBuASC3AIDcAgByCwC5BQDkFgCQWwDILQAgtwCA3AJAbgEAuQUA5BYAcovcAkBuAQC5BYDcIrcAkFsAQG4BALkFoEy59RuMSkiqv85sDgAAAABJRU5ErkJggg==" alt="Swarm mode cluster"></p> <p>If you haven’t already, read through the <a href="../../index">swarm mode overview</a> and <a href="../../key-concepts/index">key concepts</a>.</p> <h2 id="manager-nodes">Manager nodes</h2> <p>Manager nodes handle cluster management tasks:</p> <ul> <li>maintaining cluster state</li> <li>scheduling services</li> <li>serving swarm mode <a href="../../../api/index">HTTP API endpoints</a>
+</li> </ul> <p>Using a <a href="https://raft.github.io/raft.pdf">Raft</a> implementation, the managers maintain a consistent internal state of the entire swarm and all the services running on it. For testing purposes it is OK to run a swarm with a single manager. If the manager in a single-manager swarm fails, your services continue to run, but you need to create a new cluster to recover.</p> <p>To take advantage of swarm mode’s fault-tolerance features, Docker recommends you implement an odd number of nodes according to your organization’s high-availability requirements. When you have multiple managers you can recover from the failure of a manager node without downtime.</p> <ul> <li>A three-manager swarm tolerates a maximum loss of one manager.</li> <li>A five-manager swarm tolerates a maximum simultaneous loss of two manager nodes.</li> <li>An <code class="language-plaintext highlighter-rouge">N</code> manager cluster tolerates the loss of at most <code class="language-plaintext highlighter-rouge">(N-1)/2</code> managers.</li> <li> <p>Docker recommends a maximum of seven manager nodes for a swarm.</p> <blockquote> <p><strong>Important Note</strong>: Adding more managers does NOT mean increased scalability or higher performance. In general, the opposite is true.</p> </blockquote> </li> </ul> <h2 id="worker-nodes">Worker nodes</h2> <p>Worker nodes are also instances of Docker Engine whose sole purpose is to execute containers. Worker nodes don’t participate in the Raft distributed state, make scheduling decisions, or serve the swarm mode HTTP API.</p> <p>You can create a swarm of one manager node, but you cannot have a worker node without at least one manager node. By default, all managers are also workers. In a single manager node cluster, you can run commands like <code class="language-plaintext highlighter-rouge">docker service create</code> and the scheduler places all tasks on the local Engine.</p> <p>To prevent the scheduler from placing tasks on a manager node in a multi-node swarm, set the availability for the manager node to <code class="language-plaintext highlighter-rouge">Drain</code>. The scheduler gracefully stops tasks on nodes in <code class="language-plaintext highlighter-rouge">Drain</code> mode and schedules the tasks on an <code class="language-plaintext highlighter-rouge">Active</code> node. The scheduler does not assign new tasks to nodes with <code class="language-plaintext highlighter-rouge">Drain</code> availability.</p> <p>Refer to the <a href="../../../reference/commandline/node_update/index"><code class="language-plaintext highlighter-rouge">docker node update</code></a> command line reference to see how to change node availability.</p> <h2 id="change-roles">Change roles</h2> <p>You can promote a worker node to be a manager by running <code class="language-plaintext highlighter-rouge">docker node promote</code>. For example, you may want to promote a worker node when you take a manager node offline for maintenance. See <a href="../../../reference/commandline/node_promote/index">node promote</a>.</p> <p>You can also demote a manager node to a worker node. See <a href="../../../reference/commandline/node_demote/index">node demote</a>.</p> <h2 id="learn-more">Learn more</h2> <ul> <li>Read about how swarm mode <a href="../services/index">services</a> work.</li> <li>Learn how <a href="../pki/index">PKI</a> works in swarm mode.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=container">container</a>, <a href="https://docs.docker.com/search/?q=cluster">cluster</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a>, <a href="https://docs.docker.com/search/?q=node">node</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/" class="_attribution-link">https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fhow-swarm-mode-works%2Fpki%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fhow-swarm-mode-works%2Fpki%2Findex.html
new file mode 100644
index 00000000..fc38937a
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fhow-swarm-mode-works%2Fpki%2Findex.html
@@ -0,0 +1,22 @@
+<h1>Manage swarm security with public key infrastructure (PKI)</h1>
+
+<p>The swarm mode public key infrastructure (PKI) system built into Docker makes it simple to securely deploy a container orchestration system. The nodes in a swarm use mutual Transport Layer Security (TLS) to authenticate, authorize, and encrypt the communications with other nodes in the swarm.</p> <p>When you create a swarm by running <code class="language-plaintext highlighter-rouge">docker swarm init</code>, Docker designates itself as a manager node. By default, the manager node generates a new root Certificate Authority (CA) along with a key pair, which are used to secure communications with other nodes that join the swarm. If you prefer, you can specify your own externally-generated root CA, using the <code class="language-plaintext highlighter-rouge">--external-ca</code> flag of the <a href="../../../reference/commandline/swarm_init/index">docker swarm init</a> command.</p> <p>The manager node also generates two tokens to use when you join additional nodes to the swarm: one <strong>worker token</strong> and one <strong>manager token</strong>. Each token includes the digest of the root CA’s certificate and a randomly generated secret. When a node joins the swarm, the joining node uses the digest to validate the root CA certificate from the remote manager. The remote manager uses the secret to ensure the joining node is an approved node.</p> <p>Each time a new node joins the swarm, the manager issues a certificate to the node. The certificate contains a randomly generated node ID to identify the node under the certificate common name (CN) and the role under the organizational unit (OU). The node ID serves as the cryptographically secure node identity for the lifetime of the node in the current swarm.</p> <p>The diagram below illustrates how manager nodes and worker nodes encrypt communications using a minimum of TLS 1.2.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABA8AAAJICAMAAAA5Ez0HAAADAFBMVEX////9/v7S6fQpk8wUiMYBoqIxVWrR7v3M9PQlQ1YnRlhddIA0UGJGZXfn9vcij8rJ0dWBk53o6+16u96f0+6J19dVdoW9x8w9tbVQvr6Ipra31eT19/h8oKj3+fklQnF+kJqDwOH8/P2Nnaaezuiksbg8WmvC3/Du+PlWmtVptt5SqNWiz+mg1fB5jJfz9fbI6Pvu8PKCwOHH6PucqrLM9f90h5Lw8vM1mc5ceYtJpNVCXGz///T6+/uD1NRgsdtmhJI7XXI1srLf5OdVwcHy///z1qOiv9Da3+LE8vK61+fi8/T2+/zW3eD/+NPC5+dhfpBjRFXUo3hQcICpz9M1WG2ywccxTl7T2d3W7++c2dmiZ1Tk6Oqn5OWRo62W3d1+0tJURFVQaHYlrKyO2dnFy6JKaXzCzNE5VmhIlNFEYHFgxcVGZnrP19p3j521v8V5xO5jeoYmWaf//vq5xcslQmzR7vKFmKSFY1ST0PLO6s48nNCquMBJQ1XP7PolQ2CLoKv5//+aqK/H7v7//u2Vp7Bsd39zjZeMk5hdqNmEobMlQ2kmQnmmtb2buck3Q1aMsrlzkKKfxspviJd3lKesmnO13d6m6vZWbnknVaZ3m6RrgIzN8+qerbX//eH/8Mvi/f8mZKuaYlS+7f4mS5U+SFUmQYp0RFXNnm3GyMmq3fnkvo1BjMqIzfPP09KVfF8lc7WwvMJjr9i18/QrSFtoVVXN8d23hWD3260mVpyf4fnM1rackXx/VlXW+P9OU1U0fb2ijmrv3cbO4cG73O8kXIjky6385r0kUXOz5/x4vOeY2PiyqYPK5fOAvuC6to2qdFONxObz7OHI9PU8XoHEyLbGv5iJs9WdnpaNd1Z9f3l6sNYai8jFlGhrr+K5o5qrxdJub2mtyd+8uaZVX2Pj3dpnkbN2oMGM2PHf7vaQhXfA4PkkT2XKqo6tnITF2uc4b5+dv95blcRWiLBhcpZMeZ6+mnhpp8+AcGi20t3B6NQLlrRIQ18trLQzs7NTwMB6OWYxAAAgAElEQVR42uydfWgU6R3Hs7awzK7ebUJBsMskNzF614vZSxsivTDQsn80hUorcucVgpDAXWLoksTKnqZ5gYTzbBP1JNqurP4hOQXFl1qi4Es5xRP0tD2OmjNGELWicIraWunLX53neWZmX57Z3TGZ2Z3Z+f7+MMnkmdH9zG8+83texqmoQCAQCAQCgUAgEAgEAoFAIBCIucQrCxBG8TpSoyzidaSyYbySg9dr30YYxVLbMvRP30IYxQJbaNcjlQ3j+/CBQ3zwJuAaBnwAH8AHCPjAaT74DiIjNtvug+8hMuI3tvpgM1I6M/L74FU/IiPestsHb4NxZqyw1Qc/AODMeBU+gA/gAwR8AB/AB/ABfAAfwAfwAXwAH8AH8AF8AB/AB/ABfAAfwAfwAXwAH8AH8AF8AB/AB/ABfAAfwAfwAXwAH8AH8AF8AB/AB/ABfAAfwAfwAXwAH8AH8AF8AB8g4AP4AD5AwAfwAXwAH8AHHvLBsS3BYOK3aRumO4LBjqPwgW0+KAPiLvJBGdAuqg/eF5T4dDK14QLZ0Asf2OaDMiDuIh+UAe3i+0DYrP98qh0+KIIP3E3cbT5wN+0S+GC9/vPXgrADPrDfB64m7jofuJp2kX0QSC+oho4LBBh8YKcPXE/cVT5wPe0S1AeCNsDST8sp+MD2+sDVxF1XH7iadrF98OxuqqBSyqlffabx2lu35YAC753nS+mPhyYmrq7aqvz28Yt6bffOrfeVFo/XPNQEHJpVdhl7MHmsYWKF2mRWKdAC179Sh3cnJlb8/YAw9vywh32Qk3gWTgPiWefEiHh8hh7kwRXbiLvLB2bzOz7z8UP/ibtKtl7X09kJ+V1sH+z/Ui+oSDn1yWqV1/QBQYsjBNefBeFHg/THgMBmcOLH9RbjV+n+5wRanwmXTqoHiZ8T1F2eXVEP0kI3vOlhH+Qgno3TgHjWOTEifrZdbTD8V79NxN3lA5P5TZpemlWz9eBh5+R30X3wv0GtoFLKqYO/b2cf9SzNqQ8SWoEV3zQsCGsFYaFegDFc7wQ/I1/2jCpbrpHvLt9n0GiK3yRbfpygjK+kDiJUn/GyDwyJczh54tnnxID4NG2yhh7ktt8e4i7zgbn8VpqupZt2kD//OOqY/C62D/YMbdIKKsWkR/oZL6LS4VuEyhOGJ76JfPR/P/L//JxqVEL0GRHpoZNsTueiYtxqpXCK/Ud4zHgpBxROK4XVL79h+7CDPBiYPe/l8QNj4hxOjjh3Tnjip1aTXZTfTCsXwdgZe4i7ywcm85sNNVyq9w9Nt7Pr2SH5XXQfjGoFFbHd0f5B+lHJlzdYG4Xcnkn2Ub+gNdImusG/WymjWCf1IpvDuaCkIK2rqDZJdiogT5MjD/mfUMb0ILe9Pp5oTJzDyRHnzglP/Eud78V2ehXYQdxlPjCX39QHNFnpd72Oye/i+6BfLaiUrwcnVX/u3brlulrzXKPVEvmoajdMAbWB3IKa76vjNKdon2zvSa1X6z/LAL6fGtolh72dfhBP+8CIeDZOnjh3TjjiZJf9o35tn4OTthB3mw9M5TdN1i/0XO11TH4X3wdxtaAi5ZQGQ4sF/x25q/tgfdpORIpskObpu1sPkH369X4aHVdhd6vqFctpxFaT3clBjvjhAyPi2TgNiGefE444uWEd+QsF/uiafseymrjbfGAqv0nTajYrQNr3Oia/i+8DPyuoyIc5msYr1tScUMdgDX2gYOnZuqVFHYHtJf2t8T+ovG5qFVd6rE8/iKd9YEw8E6ch8cxzwhHvH8wArvzSDuJu84Gp/OZ94JD8LoEPmPkuHiDUNF7xb9I+qbEPptvTmvTS6umqXy9WeV77R+GDPMSzcBoQzz4nHPH+9kziR+EDs/lt4ANn5HcJfEB0t570o9brnSc2kyIMf7DrH+dy+OAso/DOv5a8S/dROlW6P49rvC7v/FiPW6gP8hDPxskT584JR5wc6kWNDnznYfjAbH7zPnBIfpfAB7Sg+ukmYfiqzovIcPzGI9WFRj4gfSjhef1bbKBGTcbM/tXujG6v3w8f5CbO4eSJc+eEI67uaTNx1/nATH5zPnBKfpfCB8pHHftkkM6dqLx2p9ZU5PABgaRuYLzIs6TqYMpFffx1WK2w4jMTv6uHD3IT53DyxLlzwhEneapNfR9K7roxCR+YzW/OB07J71L4YOi4vsgyxUuduCKrMAx9kNLlBX3CVp2fPc42kGmZ8/o+wtvwQW7iPE4jH2SeE444XWWzWU/q8Svwgdn85n3gkPwuhQ/Igx6q61K8himNGFmctSFHfXCe7Dt0TR0AI2THvvL7V93U1oASbv8kbY6167Nf8IEhcR6nkQ8yzwlPnNy4xokQhp4I+nok+MBEfhvWB07I75L4gA5Mbxj1Z/SvhAd3BtgTHqcnDcYPyFqsSzfujND13XQph76+W+NFCAqXH26bFezLTpf6IJs4j9Nw/CDjnBgQp/8f2Ivt9Cjjh+ED0/nNjx84JL9L4gNaUNFn6PrTn66hT24ksieutPmFHYL6uNflQbX6uqbOvFwWsp+2UxpMwgf5iHM4eQNnnxMD4toDd1oKwwcm89tgfsEZ+V1sH1BrkoKKja/o87Mz9EEv4dlSMkj1RlZ20p2O3aUtxh5Ofq0t9Q7NUmH+7ab+kLman5dew/xCAeLZOHni2efEkPj0SUb8+RXML7xEfpOm45nrD5yR3455/0K8886de4/yNnmqtPg8tcNyYmKyzPPUydS814LOjEaWRxm9f+FpQVJZ58SYuHKYO/dsfI1Bmbx/wSX57bL3sQylvt2tlmTUtWNn+AbwwcvgNBHGxO0OT72PpeT57d73M10QhE9pVUX0afljXt7wgRuIe/X9TKWh7V4fkIfvqx/e2zhzwIanwOEDxxD3qg9KQ9u9PlDXhNM474cPypW4V31QGtoufp9rfEZ9frT6lh8+KFvinn2fa0lou/r9zvHFTUuWbK8v5l/p8fc7l4C4h9/vXALaeN87fODswPve4QP4AAEfwAfwAXwAH8AH8AF8AB/AB/ABfAAfwAfwAXwAH8AH8AF8AB+UkQ8+/663Yjl84CkfLPd6fr+kD34oeCt2ldwHa5Z5K35SUh/s9Fh+/2LePmiu9E4kHOCDLqHFQyEI20vsg6CH8rvZAh9EKrwT7znBB90eAl5RV3IfrPIQ7Ub4AD6AD+AD+AA+gA/gA/gAPoAP4AP4AD6AD+AD+AA+gA/gA/ggLXxiJBIORyIyfFC8kETZBx8UNb9FH3xQkFVYitbVNvd1JJI163oaJRE+sDvkiNQW62mqHRkIRWVRhA9sjbCvbaC2oa+jo6+h9kSVFIYP8qWm1Nm8Nn35VXdt23wsCh8UDDEykEwhDwSb2mQJPrCrCJNjNQvT87ursnU+uMvbB5LU082vyEy2ivCBbTaIJgPZwBOd80hR+CCfDTo7+PwOxubeUStrH8ihlA0CXS2pm1ayUYQPbLFBVdJwUXxHTIQPrKfdmkjL7+5UfgfbRPiAH89qVlF11/REJUmuWBlaF2TQ1p6Q4QPrh2rkkSmGfGGiYV9nW1vnvoaEWs02h2X4wGLaterl39I80EryOxJr6mO4AyMyfJClg8ZFFM1UQ5WcXmFtW0Y3V8rwgdXEw0G1fxCStKkcOSKpJW1LmwwfWKkDkdEOJKOSj+8hJ2X4IANXhHHpq8oqnWT5o6m5CwE+yJOg7MLvDmWOFkjy4hZaM0Rl+MDCzjDTQSIqZo+ZDdAaISnBB+m4aNdqyqhfIEZpfjaJ8IH1CRqo5ccOJbmSDn03SvCBZcVYUu0X8EOHYiMVc40MH6SSk44dTIUMr3mJ1Q4hGT6wkHgDTdDFhsTlOjqqKMMHVg0lrqPVQY9oPLJAb4YDInyg4eqhuDbmICJVkZJq4Ur4wGriJ3IQl2n+NsjwgTXyjQXylbi+MKmAp6ISfMBiJe1C1eZMPzk0xzEX+CBXIq3NT1zqI7/vlOEDS3xAe7zNuWlHyRhZB3yQXrvmweGTa2iPQYIPLCKeLEC8ItJFJhkk+MCy3sKyPP0BsYn2GGT4gEQbraZa863SCi+ck0DhA2O/ttLBg2ge4jLtUOwT4YP5R5gWY4vzXe0SGSLrkuADIsfKwr0B8SPS5j0ffGBdedCQ92KXyHqQZT74YP60m4SCNzOm3x4JPlAyj44exAoMMQQKZjB8YDYitCBry5/FA3QEAT6YfzW2yERngF4EQRk+IBctmT0ocCeSyHR5F/oLlgj4BL1hFSAenpOB4QODi5Z0zgo82ExX6wfgA+VGNEIXJhZAIdLV343wgRX9WTp++2GBS10iy2Re+t8OH3CxkdBeVOh+t412iOEDNTsrC2Snb5uJTgV8YK4+YOtfCp0XukZMgg/me7+jQ1/JQoVWyMw58YIPRDq4VVuIF61xF8MHVsQyMyzDlXOpyOADLr8/ZA+Mmuk1v+xzjh72wQB8YFl0mfIBXfNRBR9Y4oNkIR/E4AP4wNH1QQ3qg2L7oEmCD+AD+AA+8MEHGT4oNNpdsQ0+KLIPGuCDItYHIfgAPoAP4AP4YE4+qIMP4AP4AD6AD+AD+AA+gA/s9cFG+KCYPhDhA/jA1T5ohg+K5wOfG33w65WNjT+zkpUUrqtrZD6I1uWNVuaDWNomEy9lcL0PLCfuk6qqVB9EqvJGhPlgZdomE//Dqqt9YD1teaAuynzQmD+/Y53UB63p2+RS+OD/7N19aBvnHQfwEzOF5ySltgI2BKG6cuy0S7AQOFYzR38U4USMODQJqQw1HvEfkWPqGc8CL0Rp1tYOS7M07A00jJOmNC/t0m4OLg2sy8AkKaPzmMNGx5r+saztIKwtbO029tfuXbIj3T26e+58uvv+CH5RTrb01c8f/SSdntv5+eTJ1fXlDe69v4gfV9fM3/4qrbn3x5eY3bjp5BghGdmDPNGtM/NSDw+XT+lLDTamB0sn19YH3NRnQeGj/YnHoyWSkz2YGNZPfEDyIDJZPiVEsbOi6zxYz/4W0yZ52YOMftodbZIHxfIpuYjxITBs8OD88bUX7ZHt3BXp46q6XbHdP59nw8GQ2Jh0HhTXejCSyC/GG9KDKw9cuSPSrXCEsz9xEWDVg9k6PehLDgYDDefBOvZ3PCWufEDpQWGNB6PJAWN/HfHg9HZu/9q8AtdXbXKVRWCxAWkhlHo8KN+nTUYXeOIVD57g9u4j5HHO7sRlgCk9yK7xQAR4xAseONXf6Yi0jKo5D8KJ5hxZDw9mXpfr14TcapO+yvc/mNe5y8Jl/OqLKDf1yefixX2TAQfN8sEZZQ9eKBh40LNqPuiVVqBsTA+WpJjzvxOuwN/l7JereGBH4lkJYMWDheG6PAhGJ3jSgB6sX39npbeNkby0ckf3oH7aw6s9CEYLPFkXD9SHWc8QckFT8YG8RD7/o1C6S/j6Qr9lPSeUA413DHWHR4rqwQRr+pmvnA+m5YNjNqYHFZG+r37zoAfsE1cBJpkiTxY7EiX9xJtbKj3ojc1TrKnk3ucTHe/v2LiS9lyqZWRsPtGrn/Zchq/wYC7WSfXmUns9+E5/zbyEE157Rf3mowcffdXPQacWRe9CJDk/ph8XCUUKXaSUkLtzXj6eU2N7ILbd0doeME88VlCO5kzGBmPZ5JBBg5LepEB0X6xUCXBje+Bkf8faFrWHtsVM4syIQdqLg81hMhZpUY5eLN/vudqD8v/ukh6DWeOgg9RZo8VYIimfayKt3Gl53AO2iXfyFWGWRnjDxDvi+eaozHaPfIgMT3vANu0iX2d/h3qiqei8dK5Z+XAjbvZAbN4PtW0zEYs7NalXuD4RuuSMm6PqpOtlD1gnPlx/4F3tc33yYd3kBdo97AHrtGdN9HeoT+7vopq2iz04f0i4eLfu9bO5HbUrbKL4gWSY+MADxom3m0+c5LUndzzrAeO0W6ykHdOeSnOvB+IpYrUONz/GILAB85WSX8XxvAdsEx/sMF+ZlPbg17MeuKe/k4nyUw0u9mDqI+1SHthtMbJ4rK3TZOXT0Qp7Pe0By8TTsciQyUrE4uVdkrzrAdP+Tjeb7e+2aHyeNIIHHLd0X7ucJ1Ys5RUdNT9NjfnGA5aJpywk/kK85AMPWKYdD5tPOxRrFA8C8Zlf/flj5ZJutJJXwcKjK5L0jwfMEjfzZGJ5P3qfeMCuv7NW+jvTKB7IdedPEqMnfmshrwl4QOUBs8Tlt9yaLZ94wK6/B3zkgVDnfkFqNi88YO4Bg8Sj8MDJ/va+B+f/+/Gl8vtDZ75buS08sMMDpoljPnC0vz3vgbRL9xurXpyBB7Z6wDZxzAeO9rcP5oPjhFwtvzbzjrU3fMADivmAZeKYDxztb+97MPNq5f6ct4VvTuH5A1s9YJo45gNH+9ubHtwsL5snNy/56gtxgzviG/dPvwgPWHtwtbxU4R62iWM+cLS/PelBRf2snwsoi/qMjVy0/vqsngd8sKNlxJ8eVNSbHNPE9eeD0eAY7z8PbOxvXQ9K09OlBvdAfCw19e/KUz7kbPKgS1ojdWHR5x6IpzNMXG8+CInrrg+V/OwB6/7W8SCUFzfIhxrCgws6eXHc0rtnlb05P7V469b2IDdkKIZvPGCYuM58kMtIW8SDPvDAqf6u7QE/Lm8xzrvdA5qainzy1lvjGctrTdb+ax9WNwl63wMHE9eZD+aVTYYWve2Bk/1d24NudZNuL3ggPKhlcjPW9iBivImvPGCUeO35IKcdNqgXHrDq79oejKubjHvDA85eD7q0TYbgAcOqPR9MatsU4QGrqukBrzVsnIcHxh6EtU1S8IBh1Z4PtAGWy8MD2z3IlbfJwQNjD0a1TTLwwJH5YE7bpgAPbPeAaAd9j2E+oHn+IFtuK3jgxHzQp23TAQ/s96DNeBqDB1XG1/gYPHBkPiDNyibpUXhgvwdBdZMgPKDxgFfac5jAA0fmAzKSNkwcHjDzgCzIWywQeEDjAcmd4QyWq4YHTOcDMpkSt+jh4YETHvDSHjazPDyg84CQQY5rJ/DAqfmAkFHhb3zO8+9fcIkHhBQEfBvg/Quu8WBcb+cteMB8PiBE+BsPwwOnPJjQfWwGD+DBOs8H8AAewAPMB/AAHsADzAfwAB5404OWADxwdj5ohwcOejAXhweCB4kSnQezaQ4eMJkPAn10HrQYNig8MPZA/+jmZQ+6jfvbDx7ku6jWT+SLxnHBA6r5IFOiWz9xmCJxeGDkwWCYbv3EDoq0feBBkG491cW2GAcPmMwHPYtU66nyZygaFB4YeRDk6dZT7aRJ2wce0K2vnBun4QAe0MwHdOsrLxaoEocHTNZX5ieo0oYHsgejWaq44AHNfEDlQa6ZLnF4wMKDRcq04YHkQV8kzcEDJ+eDECXA8ICFB6EByrThgehBOBXn4IGT80HXECXA8ICBB/Rpe8ODgjUPSlFaDuABm/kgnKROHB5wXNaaB2NJWg484kF01HxcY9F8mn4VXHggVdyKwCPx6Sh94vBAiDtsPu1QbDxBja9HPEgnOrtNVjFW15LY8EBJvLM0aq662ofqWobc2IPABktXZUMDeBArmu3veQGDOtL2hgdCf0ZNVrq+32PoQXobi7sp13vAJRIBcxWnf6hA50Hg2k1L12RlxfUeCCI41N9e8cCpMvJgz9avM/gtdze73gPHysiDwLUmix40rbjfA6cKHjD1YM/WJiYelIGBB/oeCBxY8yCw0lQGAR7AA4YeCBww8kADAR7oehA41dRkeT4ogwAP4AE7D0QOWHmgggAP9DwQpwMG84EGAjyAB8w8kDhousbgt4g/RwEBHuh4IHPAYD5QQYAH8ICVBzIHzOYDBQR4UNsDhQMmHsggwAN4wMgDhYOmr22xXvJPkkCABzU9UDloajpmpdQfsgIP4AEzD1QOmNZmeFDbgzIHjGoFHsADRh7YwoEIAjyo4QFzDkQQ4AE8YOKBPRzIPxgeVPPgmg1pr8ADeMDCg2NNdtUT8KCqB/YAfA0ewAMGHtha8KCKB/bUXXgAD+BBA3qwYkfSDz8KD6x7wIf8U6S6B9+w7Q7rWBUPSK+PitR4/mCbDRwsV33+gPiqv6168MOwv2pT1ecTN9rEwc1qzycSf1WN1xu3seeg2usLm3zW3z+x6IHvS97/YKM9HFR7vXGLz+q5GvsjbWPOQTUPUPDAhAd2gCBwUM0D35e6v7IKwrFHrVQFB/AAHrDyIKCAsHWD9SpzAA90PFBBYPH+BYkDeAAPWHmgTgjM3s8kcQAP9DxQQGDggcwBPIAH7DyQJwRW73eWOYAHuh7IIFhf/0DhAB7AA3YeyBMCq/lAaXJ4oOuB9BdseT5QOYAH8IClB+KEwMaDu2qPwwN9D8Q/YavzgcYBPGDgwcub/FS79TwQJwQmHmgcVPXgm76qZX0PhL9hi/NBmYOqHuz2VX+/bNmDsK92jnlK34PARhYePFzu8CoePOev3ZFeMvCA22ZtPti8zOl6sMNXaR9m4EGbb6po5AHHbWHgQcXPqO5Bu2+qz9gDLmAp7MrDw1T3YME/Dc7Cg5B/3u6RMvaAcVX1YNI/iecpPGBX1T2I+ifuHDyAB/AAHsADeAAP4AE8gAfwAB7AA3gAD+ABPIAH8AAewAN4AA/gATyAB/AAHsADeAAP4AE8gAfwAB7AA3gAD+ABPIAH8AAewAN4AA/gATyAB/AAHsADeAAP4AE8gAfwAB7AA3gAD+ABPIAH8AAewAN4AA/gATyAB/AAHvjTg2gy+djzZi9bIpnYAw/q9MBribvbA6+lbacHU0v3fyOu4Hz602WqizIlBXs7ePID6dvbb4tn/ta7k1/e4Oo4v589cDrxqK89MJf2jBqvnPb7Wvqu6G/7PJhaeru8qPu/XjG+JLcPnRI/XSHkiPApsEs+548OkUe2U10T5fz+9cDpxM/99Ac3/OuB2bTPy/GqaR9V0ndJf9vnwc/l6/uPi9Kn14wCm3qHkMfFL/bLn3e+Kp7t4un/UXandv5aFR8oPG22CgPpBvDA4cTfO26wXTqSHTBb2WTA5R6YTXuvHK+a9ov7DfqWur+zbeb7ezBqsweB68K15W/de4zj7nx2Vvj6lwbDjpiP3J0nzooO7t1HyNV+Lr33cugSTXdq5691x/691sPPmq3DrdNJt3vgeOLCHZyeB4Hk09/e0Wqydjw13Rxzswfm01biVdNW07fa34n5Heb7+9nWlqGArR6cuyxk9Hvlm/PiN0fru75iXm/UcUMa5BWffvIhK/VkS9zlHjieuIEHiVk58YOm/j108EA+4GIPXNffPWFL/X3wxylbPRAeFVVc/OvGgE79YfX1PbeP1PXodO3519SgNQ6EwMZd7oHjiQu/Qmf7+LjFxA/uiLjYA7f1d/aA1f4uxG30QOTzUvnq7nxG652l++J01XpP/o+l77cs/5+98w1t47zj+N2bjEuqId2GDcEo22WG5EWniiUIQQ4khDuxTcapkBaYMOSNRIyl0SigBhQkN3Kt/NGyIfrSTpqt+efVrQclKTRNGhInSyl0wW2yjtZNQxo6p+lS2rK92/2ee567R3dn66yzz7pYTwiJ5Xt03Fdffe55fr/f89zkAe7IFx++Lb06u9kzL71Ufcz03/knx5Vy1ep8Zc5TkHtO3LsLx2zEM7XKhx9DdDf8p1+hN1L6686BWm/Col7rtrU3D+xWvDJ3Gh2/Eb4GlY8gtvbwATWJ9patCu7KtC8PzKpdmavevvU6x6VfVNRG8qpqy+pb9ndyyKrcBe8K8gCA+SPq5yt/iKBM647vcUB2/X9O4EHQEPr5Vfz6fjnafYYEbvcfl7wLo9L8DHmp9GM0fzugBHe/GcHRGXnUpjmH3AaBB+lQay0NnQvtzQO7FcfhcW5vH8Nc30kOVGXwjcFNxxVvrcHYIlxsXx6YVBtUOnKJfnryfgbJq6pNsjsW/V0DxYZb9Hcc/D3Ws4I8eE7S4c8Gk6AP4DpmgYMIrzt+V5KNuekF5XpRvFXVS5pnoVkq8t+RDSBu6e+SBZFy8bu4E6WX9hwqDxIevrVWdgAP7Fac4sEF9Jvnke+VL4mvDl/psrullhmAzrX25YFJtSWVXuVK8NNvFbWRvBQPcH7Bor8RD+qp1vw9HraBB0axJsjRvPW+NBZ6mUNUhHEWxz04++5lsYLiJeKIrE9egDTtwbw4gt2J4jf/GmHyH6GpGmRfSo+loWrlK3nqllf6a89B8aDcoklGncEDWxXPj0A8UToeHygNE67slhx9kOaBq8iwpDFN/lKNEXPtzwMzasvf8muf3dt9TlEbyauqjXlg1d+IBzmhpWtmi0M28OCtPv0c96L08glKUOTOnypTMDobTu5S+F9Q4R9qz37JejhLc14es5L+unOsHR7YrDjJL0ySd2Qhzr5Vw4OWmhN4YEZtxAO5NEFRG8tL1MbqW/W3FR4wK84DGNO80meUoSI5Fki33EQXiSs5FndnHqsCyZ0DD7+dn5j7eFa+E7GTjXrpzqHjgRjbVm7SBpN+h/FgFRTHPIC3IbF16Z1OndDzQIxk9jVp3VGvg3hgVm30yk2mOQ8s+5vigRAZb+rvIm8rD+AiDfSSLm3T+wE/tFunYbADF7mHMeFOGC2RS0elgrh6wnv/3n8b9dKdQ8sDNhYPN22ust954wObFcc8gBvWHh86xZZJ9Y5F8UDI1puWyqRDbtFZ4wMzaqN44kETPLDsb5UHLN/V3N9DOd5uHpx6xzBpq7b1W1WRmrkTxk/vNb7ZrXvVu5fUGDfprzuHlge+cTPZl66s83hgs+KYB3Ag1Y7qeRAomEn20g51Ag/MqE3VbC3OA8v+VnkgTptRO52xmwcQJVWrKe7/UH6Vbq/0mXfnTk0BGIqmcJxeL905dDwYfVJ5YLPihAc7G8/xtI4HfM6M4gMRZ/HAjNrmeWDV3xQPimbUTnfbyoMLnDr+wTOr2XNwLTcKVaU9XtrditZrx3k5VRsv/+97nV6N59DyQMiaqQoZ44UAACAASURBVOz0OG2+YL/iFA++u6OcovADHQ9I5fLi9XHlgIN4YFLtJY0PLPmbmi9E0ib8HbJ3vgDpk73UBOs8unFI17K3oarTtDthfvUa7nQ/E9kCUZWjn/nx8Rq99hpUjlLxRO+u8cEmbTTJsw7jgf2KU/MFg9p9igdsZLTerCSmXo4IDuKBSbVN88Cyv+l4YrS3qb+LKdZWHqBpjgrQ4wdQVPtZdZS1Y+4nL37d4M6Ti7kTfntZ/Sg+PQO5b+VMSK+TSvy18Rz6fCPrbdpE1mn5RvsVx16vqAcy13+++Zdb9PkF1peKNGmpgOCkfKNJtWkenFyMB5b9TecbWXGJ/raBB8ehNoWs35qApPenkl2OSVc9ogy4DtHu1K7G12TDVYGg5zmI744oHwXoRfrrzrFG6g/sV1x6bwgeotKZc8o9kCzSebLrD0yqTfFA3f/AsP7Aqr/bu/5AGrSg7SIefAlKzEAEGtVQwLDqGxhmQeUKro7ZqoZo3uhb0J3HJRn+AlPT/hcAxWeIB/svkqAK6a89x1rhge2KS8eVnsYOPXoV7kvPcWulHsmk2vSacKK2MQ+s+rvdeYDLrLnZSzfQwoxNvyCw42788fewWAtUoN2JEimlcwu4E/26dPjsI6p6/nD2LHojuVSM9NeeQx8/yISCujYuOJ0HtiuOEo3rL/cxn8Ar9eS9N6l0YwMPvO7xUW0bzzqaB+bUpnlA1DbmgVV/0/GDrIG/B32rzAOm8i6VFrn2jDyzua4mp97oa3SnvP/UoQXcySqrujjub/LoCbcNOMdF+jOac+jqkdxG0e7EqON5YLfiqOQe5gd59UDuZwbxRGGfUQVYMOtoHphSm+YBUduYB1b9TecXDP1d8K0yD2DN9jGs1mMlIjrxCL/0OZRg0e5kYOUGt4dy59Ht1L8MK+9Hy127iqZjX8nv/d1ViGcdovprz6GrPxg0TMDEnc8DuxU/DmNZZOqZi/I5vnjHKL/g9xgmGAvO5oEZtYEHyogJq43lVVQm+yda8zdVf1AzLjjwrzoPoExjyj2V/XUjV+9PTWW/NDya5/2LbTKTvzU15VZ67rg/lY1uMe6vP0fT+sQgPpBNFdJD4XB6LCs4jwd2K+7jefxVkQ6civYZ5xuN65ESOaJ4pFbIjeUK08oWqg7hQTv5m65PNL7fYR6w/sG4KxweDmUE+3lg2NiWPyzW9Puwi9QfGG8tlcE0CJFqz0SXW3AeD1ZN8UXqD7y9RiPYIblCjo2Wu1wJaK7gNr/DeNA+/qbiB/4uI38X5fVivjHF3/Gk0BY8WJVG8YANZHXL6zKyE8UM7dzwuO/J4MFqNDqe6N83qltiN5rxycHdoCJ5IjwQE5zPg1VpdDyxZ5fe3zz6FRsLG5WErm0eLNyEDIInuluh/2AgdHhgjQes6Atomw8Z1NudplffJLpkIHR4YIEHi7SYxt/4KQIdHhgPwlBkNjE8mgrwRbSnXFjedLbDA2s8WFjxLJq7uQrJ7ukxdOsKokLxDg9WhAeBsKx2JMDvCyJ/j4sdHkh3K7qpGvagLf88si7eGix76oqyHR6sHA/4MaR4zC8KIp8dQJ+Rt8MDizwQGvytbivBetCDFuQxr7hvGKKMbnbN88BXc1Fp8LiyDwebBRMWCB+EIgCh5u3wwDIPfEV6PZOaCRe7w7DnKs4rCHxd0jkMBO7wwAIPvEna3+mkVxn+wnegTvzNZmAdJKpTWtM8ELob94sYJuvuhQIMCNRVtz2wjcdAqsMDqzwQa67EOurPGImO++FrX+fV+RrMHkaFDg+s8IDd1ehvl5vIDTZ2qWUI3nHp52BsrfNAV49E0oreuOJBuWWkF1zRDg+s8kBbf5AgnoSV+sPTau5MgI0SurwdHljhga4eqUgGwEFNGe6urnXrhjJrnQc9tUZ+hmPYkD4YLMSoPqmQ9EqW7fBgmXmwDn+90J0sGKU6ZaU5bcLX4YEVHmjHv+Fu7G9ROiThpqM3oDLgeG3HD1INu3umB8kMIQVVnfS2MQGIdnULHR5Y5IGQbNyRqoANKmRgukDX0fIwpU11eGApfhDINfi7kCKzM+BBiv6I4JF6vaJ9PKi8/fxL3y7+0Mo8KsCc2fDSbdOXrh7c0xIPGIGPqS2gDFd5GB/QevnB0hlH8WBFFJfeFL9nfqSleKI3Re+3HiHxRJkHAefyoI383bAfip/yt1oEDtnGRETLg5qNPIANG9bfXPTad8NSDViyscf0peMH3jETLy/hAbkm6g96INxCj6eiMOFy1nxhRRSHRwltV/sunQcMK4hqUwyKEjoDNIFjkAMLOIYHbeRvE/UHgjRKS9DbqKakjyiRtHG+8Am9A6wRPPGeLw2L7po2vCDs+gHDR2a1zgNR+vqHB1VJhWnJnXFnxRNXRPF+mQfKDj9L58ECLTqs2fgbXB13Tjyxjfxtph6p3ngIC/HytNu+eGL/6RLHHSNPkzFoZE+4JepVOgbQfZZbZh4I2yCAEGVpfMpPBXAMD1ZG8f7TT53aTu0AuGw84EPwkF31y+aDlTgF0Sk8aCd/m+FBEco7soq//ZBfD0Xs48Ekx914k+P+usx64bbsPGAjkiyJUApPwvgCFMt0i07iwYoqvvw88E6jrz1xqACKo4SOM3jQTv42wwN+GFXckiADPNU53Ou1jQfo0WCT1IYQ+vHUB416ieIS9Lqg7t25PDxgfoMOGnCnvILoz+Yg/DKG8g1O4cHKKk76Lh8PmEgQFdHLFXQ9HvTMcrClI3jQVv42tX6hF3wczyB/x8rQI4SyvfbwAPbZfA12eyMRl4m5agHHqWc81XnmCmwBN7vZMw96Hao8usRxD+tkA2npaNgv5sZheduHylz19q3XOS79eOQKPIWiMnea40q56saZavU2jnrn5zzK8yla4QHjD6KEbb2YnPagFFlcHl05hQc6xWeUB3b036luHGmi+JV/w548wc9HNIpX5jzS50b6fj1X9cyTHlXyibbGAwGtL0+ka3wgNYgUD6ccs56prfxtigdiCJWDDdSS0+VhtGmSvF7PHh6gZ9wBIsmTseHhljJL+yUV98NoCrX9oNemS/9n725jpLrqOI7fcQbrZbMPDHGJydrKRgyFNISEhoV0le26uJWlbncyhCqiUN0G3OVFl0jbYaVYEEjbNLEa29iF1j5ht6Vumwh9UcTKg4o0QdOq7W7VKC+o6Zs20SZNo3POfZi5c+/cmWHm3jl35/t/02WWO2V+e/Yz55x75pzc7nGiO3P2QWuTuIXWtb8y9uuT869rraOsjtonZsof0PlqPHAt7TI/DxoVDwoTvyE3ry138fdN/PAL1pmAL590Jn73ePbnZl/7wy25yfLjxafTyttf2XV43k75FhoJD5Rq3+V93nlBQdoHjJs7oXggttt8ztgG8rrCEZE8rs6Zlz5X1z8n//isOTbLBtEkI/qvvPYpfU/edn92Xq/mgB7K/WiuzIOOwoV0q3qj5IEr8bxx65DbA2fih+UWiCP/kG3yXkficuvP3LUz9lmm4sf4fDXjBa13sPBU12VR8UCt9l2eB7u8TykNxQPzoHoRm3l+REFe2tg+Od/SvVfk9ZT+1mJt33/MLSPlptLZftKYZPRZ49n0M3//5xZze/CxveLZ7h3rFkAbJ2fteyV3PMWVeSDbsMOD/ih54Eq80AO/xMW9s5e/p2mi06r/Ym9+4sZWwPa1J3TrgLZJz1OOK/JgVUHiD0XGA7Xad3keFG5sm2oLzQNx71VqNmOfPFOYl91epZ+/t2ZgxKufsdvcuXHZPEVeTz6Wf3/WerZJ6wCrbDu974kG9sCduMuD4omLBmrs3i23+jZbqJG4uTW4da1ol6esS5/TGtQDxdr3lfUPQvRAHGj1tvkyjC/883qkz3rLyY5I991poytPsrpe5pXrNuXnJYCWbM4Y72t+HnT6l4cH8vFoeOBO3N8DR+KT9qFr8nm2aXmJF3ggnkvOfAtDzpfwIOZf/W4PxMMR8ECx9m140F2igbv7B/LhB0LwYNIKRwyjDPl887rW7oVl2604+scamGZbXdbHtblplYK8RE7i+UVuF33vN358zQb/2l24M+3whHz8oUh44E7c3wNH4kftFisDPbU3L/FCD4QDC43/YdHxrOFBz0TSv9oKE1/TLx6WS8HU9kCx9i09WDVVooEXztY0b5YPyxu9wXoghk76QwcPfubgQd3qG5Wfl1gxb6Zj/l3nQXiOvOQBmFpsrc9g1uzyV1X3KO6BR+IVeDCTt8Le+LuOn5bDA9Hpzb5T2QeFeHtwoNrAe3Yr7IFq7Xt3T7Vx7wjUgxO6o2RHp/y8xJ2VJ8rNS3S+tvkPZjVtZ9UeTCnugUfiFXiQHQ1Pl+uB+WZ2zm88q3Xsqjbw5gUKe6Ba+25rrjbuFd1BejDjzEs2nMr8vL7cvDrlNLcYz50vnleyvcq4UknFPfBIvLL+wbV5Hjzu68HNz4gh81G/8azW3VbtO1Z7UmEPVGvfy9dU+YZnfXAnGA/kXZjeS/2iet9wHXZbcnx1S+7Fi7GWb17GvNakeeR2sbq9vZrA0u3mB0WV9cAr8Qo8GMpbWXS0VP9A/DbcIW4zXPS7WbOrKhDSwxs0dT1Qr32PDlYTdzo1Za6lDsaDSft+ihmeGPrkDrcUr/Auz8975PLKO4U42zn1y0t0pd477jeYlYHtn7ejRB0YKeyyrjG+MW+/dRixsh54JZ73CaQZ04OfFffAWocvLt6meXiQe7Zsb/maqXG/8awAYaJ9uFQ1FyLdM2J+Z81OTWEPFGzf6ydKtu8dw4VpD5rf2Nxm7cIciAc3ZF/B0znNxNH1F62JEau3dZfn58ONvMQ3zGjFujnHu5X9+fAH7Ra8Ntdn822gK0uU3DDRuX7LPEwot8mMoh54Jm5O/JkNVHhQNPFzut3eRFt/3sODvP0PzKV3z5X4p3cmN5Uo1/2FwX7jG7ld1FT0QM323VGqfa8sXH+bWpB/WFZwHoj5krwNYc4ZMy5CxcezKY69YU3JDhmLYFx5yWjPXCXi+ppxe9edV/bZ9hgLRWMCaN/BbJlVbD1SXqnqgXfiQ0ZD1W6+UzdXuRVLXLRw/S0R5lndfrdzemBdaw5pc+t0q6h+7/VIjoGegh5EtH0XW5+YX4F4MGRLad+c2fM7+Xal3/fpvxjn3N9lwqrvedadl1wkp/9owd/GzR1oPPLaIhaFn+qzgDY+F9KoHngnLmfB27//prEUvs8v8XNywezu1z+wfjZuD8xrrdU41nq6aqo3mh5EtH0XW58YtAfCszv6CoZb2wxWZZ15wcjLeJs55M4rtu+4PXf75EnNKy8DTblQLiae+OmTNfNg++BwxDwokviYneKBceP7xRM/MW4nPl/z9MC8Vg5pj+ulxrMV9Q96rImESHgQ1fZt9Q96BlOheiD++W/nPyB6UiKGI/LdR3//sSFzOuZd+ZEuZ17mPPdZg9nf/rnPfPx+Z17aEfGJPPMW7SulB7Ple5DesX5FT7Q8KJb42Lvyt/y+zx6+xcy1aOKxwz822uf7FzRn4tnnMr4yrrVnwZ6o/sWZ/YP0vJ2D6eh4ENX2bfYP0oPrp3pCHS8Ur5WXjrVdzvvzWDK53HNcFIuN/fHY6MbLvr+/yWSHDfZ1NfMgm1LvmoiNF4rW2KXRY6N95STeqS27dGy0f7Hfk9nXDtVkPGv1D9pHtQ0jERovRLR9m/2D5gXWETn192BMRFHm342V/ayTNRnMmh70bO7Quo3mOQs8qKhi5UYu3rBqMJ41+wc9Ex3ayh3p2eCB0u3b6B+k5y3TOttSangQSB15pqD/Vo0HabkJSlIc5tpwHpRd79ZmPGv0D9Jyk9/R1GzwQOn2LfsH6WHRqFfKD/TMRg8mh998sKKtJ0t40DwlT8mVd8bxwKMOf/DTf9VmNtHsH4xskOcO7u/Bg2Dbt+wf9EzI9t0/OEs9kPdiasOn8CBtHijYIaYU8cDr3UrcCKtN98A4AmuX8UGFTWJKEQ8CbN+if5BeZbTvq6e2z04P5OKt9/bW4qnE/onD1spkMaU42IsHnnMH+v3/rslzif5Bu9UoxbGvB/AguPat3ZPtHljnYW3aYe+fOJs86Dz880W7a9Q2um9PDS+yFnJ372wfXrQMD9z16tSiBX01eabY8l3bRyas37Zl85qbJ67Gg8DatzaaGtlsvZZY2+Dw5uWzcj6xZtWxcWMuoWX9G5fH8CDY1t47MZXM9RYWPeBOnPnE2lX3+tFc++7oHU124kF1hQdhFx6EWniAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB1H0QG9qmNqqhgf6ioapJgU82No4DVyvhQdzG6b0uWp40EhVdw/mNlIDr96DRq/QPbjqSw1VX66zBw1feKC4B41eeIAHeEDhAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR7gAR5QeIAHDexBIk45qjVoDxJfoBwVD9SDaZq0sxL+HlDuCtYDyl3BeUC5Cw/wAA+oUh6cnl//OpRIdM1XrC4E5sGSLjVqOjHdpVIF48GF+jeleGL6RdWa9/zTmrJ1ejrr1aFujQqxLotBZNc6ggi6Fq/OBt36MYKoiANACLfWxWXogBAKB4BQMQeJxFJACLd3AAihcQAIFXNADyH03gEghMYBIFTMASCE3jsAhNA4AISKOQCE0HsHgBAaB4BQMQfMIYTeOwCE0DgAhJIcuJdJ0EMInYNEIg4IYXAQ2Jqr2do7oIdQFw7oIYTFAT2ESjmghxDq3AEghMoBIPi8Ua3OZDJdmUxeWJl49qHMQrIJrAYOZWTq+aF3iYdeHCCcWlZsiUg17ghaJr20hXC8EzP/2xrCR4iogjpkh/4iYQRZr+U4IIyyCg/wAA8oPMADPKDwAA/wgMIDPMADCg/wAA/wAA/wgMIDPMADCg/wAA8oPMADPKDwAA/wgMIDPMADCg/wAA8oPMADPKDwAA/wgMIDPMADCg/wAA8oPMADPKDwAA/wAA/wAA8oPMADPKDwAA/wgMIDPMADCg/wAA8oPMADPKDwAA/wgMIDPMADCg/wAA8oPMADPKDwAA/wgMIDPMADCg/wAA8oPMADPMADPMADPMADPMADCg/wAA8oPMADPKAcFbucicfjidZ4IlfxRPah+GuEE1joA0tFwgl36EsHSKemSS9xBz3dmn0o00I43nWhNeFVS2JEE1y1ZDxDzywmmtrWwFLPoOOXiaYiEOCgDiDAQUggwIEvCHBQBxC64KBuIMBBZT0EOKhDDwEOQgKB3kGFIMBBHUCAg5BAgIMKQYCDOoAAByGBAAcVggAHdQABDkICAQ4qBAEO6gACHIQEAhxUCAIc1AEEOAgJhIhw8OiNCtRHIrDWG1WqgcYAAQ5CAiEqvYOvzFGiEokP5yhVQXrQokZ9tyuRubVFnQok8pgCL2zd6kT8QotaFVPbgw8V4yBQD25T5UWqFfpXg8h6HUF71q0+Hnz0RSq/GsaDOXjQqOXnwdc/QeXXN/EAD/CACs+D2z5J5dfng/TgU+TrqP/hgWoefIeUHXVTkB58i3wd9Q08wAM8oPAAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AAD/AADyg8aBAP/pB6+L0/mV9/e2vTw+/fZP7h9a1N7T/xufCX76R8v48HeIAHkfPgr7r+9Evm1y/oun6N9Tv+a12//yWfC+8ez/1dPKikfvODptR58+tH30k1bf0/e2cXE1V6xnG44x0wQTapN8cjO1STxchkGgJJyaTbkCZwQTZGErhgSSEhKAlx3aXRWg2pqWWtVBCDYIE0JLLtBURRnERxIy41UUvCxawfqzdr3FjSbE1Ta2xJL3qe933Px8yZOTOD5zB4+D8X6Jx5Z9f5n+f8no/3OYcZ88XoFadPPm8ffQMeZGOxNce7HIudKx4sM9YrnTO6l33P2H3pm18ythBz4kEbeLA2m9ewW66zYUB7ccBELDvl9MlhxqbBg/WJdzkWO1c8WJwynHOeBRgLLJi+WV4AHnhg0Wsaak0cD7Dr0i87NDavpHHRA+DB+sS7HIudKx5E/2RgcImRSZpqvnn6BnjgiWmh6aJQefwbklwX+rYlloEH3sQ7lmm826Q8ICcU8Wn8CGPb2xhb0dW4eBU88KSmfWggQBORGdUDnYCFAvDA03gXyDTebVYeaM6544beIPz4iKxgyTeFjA+eUIm775HIraKf9/1t9RljXz8yeLB4rq/vHBe5ky/9+v2ChKUx8MAWs+7rXnn9JmOXY3rIug8ebJB4t1l5QF74iQTDhfqXjE3GZOCio9H/MGGB6yM6Vm/R6x2rkgeL2ucZdcXHb8qV7J9X45Y6t202IQ+odp3WnfVXHbpCHTqZo4+/02S7++KeSCcenDu3Z3mKnX71se6i44/7+qqeir/R0u/tS8EDMxlzjHfxYluCWDqxvY13OeMBKXNA+uYB6n33jwjfpD+p9cXYlu/4ZX2DH29ivfRqWuYHHAfvGaXwT0eNHoS5FPWCPWZdoH2vqAaGT6IaemdkQOJHnw9IBrOnOj1q+Mvdw+apYhfpNM23yZW97yUsBQ8yineJYluCWDqxvY13uZtP1L73ZL249GeoB8tz1mGhG2lxXftfr9LFTlltBwlw58yJ/60IHhg4oEYuu7OH5pQkAsyl4EGCSdpS4dA/QiA9YAHzMm8xtk8xph/XqNpEKdkN6aL8rFzVJe7dx73ySvxS8CCTeGcT2xLE0ontbbzLHQ+kNPMCdJf49yMRd4tCd1IMcNDe7YoQRdRdnAccBz/i2dM1vU4reCl2ec2l4IG9F8uj0zKn7pKmXL04OCM0Z29iMnKtiHPB2IuhJwsyhTU8lODN3mgffXBcdMcsS8GDTOKdTWxLEEsntrfxLnc8kH64JBKAZX4RHxV9l4fmhjilXdNChHL9Y/1DbToO+Bsz5n+w3LoUPEgSsz4QkNWq2fkB3b8IyOSAPJONzU/xU8Iv8nKzxUVtmsmrekom3lhs484rl46jn5hZvLOLbQli6cT2Nt7ljgfjvMdCP8tl73uFviv1AIZF5NJr3oWYZZuGrvqAeclrcu3Y8xG31b06Ok7fAA+S2hIPT5K6FLnKudiaQ9KLyzFDci3RojPzheGi/3rJ9JyN3piMGUFQW2NZCh5kEO/sYluCWDqxvY13Oby/kSulKcTnuKjFdYoOLQiNpi1p14V63gMfMWS2VE/DLM4EPz0cUHi3edChexS/em/TCSCH+0n8pqPGZi09M1vhushfCEaTN08LBH+0ZKDDuxnbd5QHDvHOLrYliKUT29t4l0MezJM4HXryQ85ZIMW7ZBmQScUDKWgCDybrwQMHi/L4NCzlfUgngIC8wvdrjGagaDMYDTFD5B1/NUo4i/WPWJeCBxnEO7vYFqdNJ7a3/p1DHkT3aqAz7t4gMKzuFei7bXEvbcGniTz4xWCb7NPS23fP9hn2FPmBo32jJQN6yCJf612ZF0CeH2AsHQ/EtqRJZGkz4EGW8c4utp0HKcX2LQ/GtTTg50dkY4X3CQflPTbDxvZC0vygd4Z3WRb0t2OJOTF44BCzFo7q0YmDYUkAedFyG3lSHry6qY8X0NuvTQSfRX6Qbbyzi53AAyexfcsDuqh/cFzGee5TNdKthvXoL7ZbpgvieSAzVF4xWO7NG3/84fYfggfOMWuAffqcZ1x66+qS0NEYlCnQR2nieXA5RpUsT32NSZu4Uhk8sFnKeGcXO54HjmL7lweLA7RRoHdPl9gAC4jvPm/enL8srvs4HvD5xCm5nTNg3D9KjdcfgwfpYtaOZ2LTUSh2d0qodbTNvKSXeccqngdyo4uSWH7Lrs6XsbODV8GDLOOdXex4HjiK7V8eiKnkU2a5pacFPPrzh8Q8l1PINh7wu8YIBDSwxB8+Q9uzch4JPHCKWYGAPrER3dvL2IBIFi4ZORkf8aq384Dvmu8WS2VORmvQT8w63tnFtvEgtdj+5QH/zsaTOPgglhSPs+HO4MQzJgc37DwgcFLmwEe97v5u5xNz9BM8cIxZCU/uoZxKZld3SLfoEQFpOw/oDNHpopys/5f0xk1mzCOBB5nHO7vYdh6kFNvHPHho9U1OBylerGPK6KheKUjKAyHUiH67R4DpE13ggWPMmmLmLIygg0gWxH1hL858PiVnYew84OeLBsXoTLHXg623pIeDB1nGO5vYdh6kFNvHPJDDyCYdzMd2Hf27oMHrPTpQ+639RLKXMqOKyhue77yfsBQ8SBKzvrSOt9FjFHUgj18yEMxvq0vCA55PfCBvMdfKjoAcGwcPsox3NrGT8CCV2D7mgYPFCsYbhxr/W5/p0qHGv6zLv+udf976bet4W9T6NL/Yc34PHbv7tL4gBQ+O6nMfD64JZ351D/sLGca7WFy8SxDbEsTSie1tvNvgv48lVrDBzM+/fyFWsPptY+P5TJcODWWE603Mg3dQbPx+JvBgg9Mav49lHcUGD8CDDW7gwToaeAAegAcw8AA8AA/AA/AAPAAPwAPwADwAD8AD8AA8AA/AA/AAPAAPwAPwADwAD8AD8AA8AA/AA/AAPAAPwAPwADwAD8AD8AA8AA/AA/AAPAAPwAPwADwAD8AD8AA8gIEH4AF4AJXBA/AAPAAPwAPwADwAD8AD8AA8AA/AA/AAPAAPwAPf8uB8o0+tHjwAD8CDbHmwj/nUzoMH4AF4kD0PyvxoG5kHjdt9akMbkAdn/Cr2eY94EMjzo5VuYB4M+jUl+8MG5MGHfhV7CDzwDQ9Ki31oJzYoD2b9KPYh8MBHElQFFQAADv5JREFUPDjoR8m7NygPSvwo9gnwADwAD8AD8AA8AA/AA/AAPAAPwAPwIE9V8iLVYSU/GAqCB+ABeLCZeaAGm8tGm/iOyq6xY2E1CB6AB+DBJuWBGiorittlHe2MBMEDr03LxKpri2e3NZREFBU88NrHg+GGztnOunAwFAEPnNxSPdlkm7tob1bAA09NCc2O6boHRitb1HzwwCvLV0smCgNS7LmxYyEFPEgJzu4aoVPTlrGtE2Vj7TJVqFhD0QAeZEyDkopAPIFHi1XwwCMXby6M1zpQ1aKAB8m12in88lBxsDqsUksxUlsxR0e6SiLggTcWUQ8H7LOwhS0qeOCBh5ccsmsdKFUi4EESsU4kKQ/UkjE6uL8kCB54k5LtEk7ZNdbaU1fb0zrWxfEwN6GCB66LfWxOlAntVZWdLQ2zhwuF+PvXkI/5ngdqD/fLysTiVd1GpW2XAh54IfpsQCStYUUKrCjhKn6sKgIeuJyKlYpiuDUSEtd/fkhtGOXHdqrgQUKfpYXYOZeElJFaaiOMqeCB+zg4KKuDONoqde0cCCp44KrYAgcVITWuvbhtPx39vQoexF/13AcPJpMl0kwB65gKHrhswYY5kZIlslkto5NxUgEP3OyOkaZFxYmiRkLUUwh0R8ADq1onSa2tya95dYLSrGrwwGVTdqVisFpJ7xRHwAP32EtBrak2iaQRAkJRNXhgsWqKVF2pUgCVqqwqBTxwl8G8VduaVHS1ivpcCnjgmti0lR5I3jhUu2hXTQUPzEi1lcejlJsIdSRmCXjgasQq5r0D1cF/tyrggUsOziuwVsWhd9YTAQ8M76M9hNHUhFQOZeud4EHajg1FpaZwKlp0E4JbwAN3LExXfHuqK16hankXeGAAkve5e1LPGORTLCsKggcupgfbUlcL3EfHsq3RwIM0+W93SgeO0CbDbBA8EBYi35tz4mOQEogG8MBFF6XB2SaHopVqtDnwwJ1cLE3+G5lwSh82HQ+C1OgeVdJ570Q+eOAeg/lmuJKmnpjNBw9cMJ6LHXTQMkS7DyXggXQ9Pv8ScuJBhbaiVAEPXDNeonU69XQO0xhYCDxwIRcj72WO8Y520Hbmgwei2+IwfLBG5wQPnE3lFW11uqBWEwEPXOBBezopeYOhKgQeWHigpHNf8MDFcoF2bOYcl/BNXtQLbhhN3Bc6em9l2hXgAXjgIQ94O9FxSS2dFRU8cMH4bfyO3kvTzO0KeAAegAfgQV7eBHiQwAPHbqECHuSGB+gfuGEB8MBlHpSCB+ABeAAegAc54kE+eLCOPKgED8CDXPMg/f4CeAAegAfgAXgAHuTIgpGg4EEoktpCFZwH1kPgAXjgHx6c8AUP1HA49Ou3kyrSUjZRwnnQXJbamjkP6swDE+ABeAAerAMPvvptoj3K++wfhdrPxIU3b5HH9P7725+9BQ5qi9iWFs6Dgyy19XAeFBuva6o7wYO1p2ShkORBKLWpDZwHinlECYIHa4iZIUXwoNpB7MhJzgPLkeBG4cGfbRfjgbw/Hqefcfab2+aC/ntrFosenpw9D2qqZ4s2KQ8+qw6H3/ILBMOF7XWCB6PtKW1rN78J55BxIN04rQ954EL+q/6/vfsNceSu4zg+KfTBL8mV3QhdC2Fcdtm1fbIhsLcrbOOT5XoBTcEqbMBloXmSJbIsaxbWwsJx6/aBPZeKiqyEbT09T07b00DEQukpYntqFbS0KD1q0fYsirYiVn2kzm8mk0yaTTIzmRmTmffnwbKbXw5y3/zyynf+/Wbr+NjwoNC71qW67kGq/cC0OroefEh58GNC3NfJwSetz7jkEoRcXp7Z7diDSqY+4Nj5eHlw/9s772nJ/nFDufmq/PkehN/4vV6Alx+7YwgOUvNCFAwPGr1LblQ7vWn+ncxOTITBg2D7X3WioU1V3YOtPvN7cUN6sN6+QVZ6Qx2V7YWpa1rKv9Be1VvX9PzyFA++IxX4zZ8uKplXvq/9+tVz7jkQFX011f2Tfh4sWTyoZPZFqDyQ7VdnPnBWuqz97MgLluf9/eIwHDj3IJktN0LhQaD9b1rjwIUHGgciPVr7E5/RXtaL5h9dHlR/JcTVs5ZW4UU3dhaadxXeLm4slDMrfeo1K+/eVCvrv5/JHImwe3DprPJQlwfPdDzlKXcg5FL6J1z3IB6z7cFmthwXIfXAv/5XLTeE6UGi2Gd+n3R4kJDLr46YBw9or+uRnh48+C0hfm6dzve5mJnF1k3GEwe7k5t9yiXW1suJpbx+zX4po9/ZIkweHBp92LXnhHhe786ulc91e/CEVnPx7jtppXr7bVmBp90dzjHqXJYTcHa1T8l3rB5sZqe0OR2O7YXg+t902bgdnlzdq7G736fYB1YPdvT74YyXBw9b5uP9X+/qtuzY2eLATpKzhfqSwYGxXREmD8w6at9Jl5vf+rFuD2R78C/Lu3P5nHsORCW1Wi9kE/0IlrfSXcslDQ525cwOhQcB9r9TzVtn19LFeirf7wvvOFXRHFhtcrAnxs2DQ42AK629XS+tO9/lrW454aCVUnpRhNmDT7c+5F0eaA9c+Zr5x2vdexeccKB9Xx1P7/R/B2q5/ZO83ovNL+schMoD//tfdTfe+jZLTB7H+xZ7MbN4lNW/8GrG0lXj5YGxFfaW+73cufXKvIvspA9EhD1ojz6g72NwWnT91ri2szI7WzKO7m4bkzlCHnjQ/+7GnRT7+GB6xcrBmHkgH9Hy0y+dv8Pdfq0ZNec4qpo+EpH1QL4jt1rPXU1lHM9QZxxYTvZozuzoeOBB/7sdd1PsWvM20OPmgXLz4dbO1y9/0EUztTjvYmae6NcxRNSDJ2XFn/+D64PhM8regotMZupmzaPjwdD9rzYD3RR7UW1N8DHzQDl8/YetD+rfbjgsVmxVuEo2wh7IR2Tu3pi415UH6eWU82TU9lsVIQ+G7X9nMlk3xc7NiXH1QFGqt9949XHjxV9xCsKuOw/Wo+xB9bVWHT5+3jkJ6ombiq+lilH0YOj+t+am2JXcxhh7YJjwujw+K350EQ/89kCJ/fjPrUpc+LXj1+Zq74GYi6YHw/W/yrq7+Z0fdw9kXhDOD37hgQsPlFjs8NnfvtmswPucvjZ3JX80oh4M1/8W3BW7OJ4eVP9aevx37W2ljufigX8eNHd3v6K3CRd+hge+ejBM/xstD+ThmO9d7Nj5ggeBeaDlie8K5+fI4EFw/W+0PJCnx136RsvQm85P6MQDhx7Envz3m1fbXevhZ6zPxQNvPRi+/42YB3K0NTsPtS+rz9/AA3/7A1nyb3ccfMQDvzwYvv8NvwdPtY9ef1QvmLz+S87iZ5+TV996drwxfmYljgddHlTlWfTtKld/4PyCJjwIrv8NvweWPN08WU6Iv5SMvd1XPTv/oJZVlNUSHnT1BzrBt6zbtJ9j/4FfHgzd/0bKg0fk5qz1IceHY3p6UNNH1RIeSA9+0mrJssY7It59Rz7hJXn1/qXPeuVBsrZXirwH3va/vT2YX1hYCZ8HSsxcy0+Il887P6e+hweN5ps3gQcPdfzH5YIczZV9KqVvenv+QWJZG5xai7gH3va/PT3YkwsnPzp+HtjJ4e3r168X7nLzT3f7tQdaKnjQ8R+X+wqq/7Q+ckvxyIOKcY+FKTzwsP/t5cGCMbwXSg+GSA8PTszxhYh6cLmPB3LJ3+b5chf+6OLSu15r1TaHE3jgXf9b6N//ZtbwwI4HdXN8NoIe2Ek1pfVkW6uurrnrccGSeeeP/Uh54HP/28ODHXN8CQ/seDDX/jzjQY/E3P7DHgvzmMNFPPAuPTyYNcdP8MCOB0vmeAkPPM/pp3skzOE8HvjuwYY5foQHdjxYW+77XYUHnnsgzpjDE3jguweT5vgGHtjxQEwbLXECD4LyIJ7qv8sGDzz0oGKOH+OBLQ/EtLZ5nNkReBCUB+Y2bSaJB757IKbMWuGBPQ/EkaLsCDwIzoNGUR9dEHjgvwcrWTmaLuGBXQ/meh4JxwNfPBBr2stZrgk8CMADsZJXlPwZgQd4MKoeyEOOdYEHgXgg9noeTMcDPMADPMADDzxI4gEe4AEeNLOv4gEe4EEEPMjPD/ZgAAd44IcHRTwIzIPGDB4YHsw1Bq6fGK8P4AAPfPBgQ8WDoDxoTKh4oGdz8Hqq8e1BHOCBMw96HwFre3AwoOh4YNOD3eRADwZxECEPBq+vbIMDPHDiQalfS2Z6sDio6Hhgy4PJ6cHrJza2BhUbD1oexHcHc4AHTjyws57qycCi44EtD2yspzqYAzxoeRCfssEBHnjswdzgouOBRx6sFQcXGw+aHsTLdjjAA289OLJRdDzwxgM7HITOgy139UpN2+MADzz1YF9V8CAgD9YKdoodNg9yO27KVcso9jjAAy89qKsKHgTkQTKfUyLogaJmVx1nWZ2xu3ggHnQTXHI1RbcL9jjAA2vSDXf975w9DsLngc/Bg24PVmtJx5nfy9ltyfDA6sHUsfNiV05yij0O8AAPhgchO+M4uWzMbkuGBx0gLDsvdnpZmVHwAA9CETwIMHiAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB3iAB+PjgUiEMQIP8AAP3HgQD2NEfJQ9qM+EMBMj6sF6GIvtmwcRy2h4ENKMpgchDR6ExYMv3h3SfGEEPXgsrMX+BB6ExIOI5f/rQcSCB3iABwQP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8AAP8IDgAR7gAVXGAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzzAAzwgeIAHeEDwAA/wAA/wAA/woNODT32YWPMfPMCDCHtAuoMHeIAHJCAP7ryHdMRPDyh2R/57Jx6MnAekK/55QLrSy4PYveS0KHiABxH0gASfe95PTslX/Kj1XdT11HyEjyEhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFkDPM/r4q6g045+rYAAAAASUVORK5CYII=" alt="tls diagram"></p> <p>The example below shows the information from a certificate from a worker node:</p> <pre data-language="">Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3b:1c:06:91:73:fb:16:ff:69:c3:f7:a2:fe:96:c1:73:e2:80:97:3b
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: CN=swarm-ca
+        Validity
+            Not Before: Aug 30 02:39:00 2016 GMT
+            Not After : Nov 28 03:39:00 2016 GMT
+        Subject: O=ec2adilxf4ngv7ev8fwsi61i7, OU=swarm-worker, CN=dw02poa4vqvzxi5c10gm4pq2g
+...snip...
+</pre> <p>By default, each node in the swarm renews its certificate every three months. You can configure this interval by running the <code class="language-plaintext highlighter-rouge">docker swarm update --cert-expiry &lt;TIME PERIOD&gt;</code> command. The minimum rotation value is 1 hour. Refer to the <a href="../../../reference/commandline/swarm_update/index">docker swarm update</a> CLI reference for details.</p> <h2 id="rotating-the-ca-certificate">Rotating the CA certificate</h2> <p>In the event that a cluster CA key or a manager node is compromised, you can rotate the swarm root CA so that none of the nodes trust certificates signed by the old root CA anymore.</p> <p>Run <code class="language-plaintext highlighter-rouge">docker swarm ca --rotate</code> to generate a new CA certificate and key. If you prefer, you can pass the <code class="language-plaintext highlighter-rouge">--ca-cert</code> and <code class="language-plaintext highlighter-rouge">--external-ca</code> flags to specify the root certificate and to use a root CA external to the swarm. Alternately, you can pass the <code class="language-plaintext highlighter-rouge">--ca-cert</code> and <code class="language-plaintext highlighter-rouge">--ca-key</code> flags to specify the exact certificate and key you would like the swarm to use.</p> <p>When you issue the <code class="language-plaintext highlighter-rouge">docker swarm ca --rotate</code> command, the following things happen in sequence:</p> <ol> <li> <p>Docker generates a cross-signed certificate. This means that a version of the new root CA certificate is signed with the old root CA certificate. This cross-signed certificate is used as an intermediate certificate for all new node certificates. This ensures that nodes that still trust the old root CA can still validate a certificate signed by the new CA.</p> </li> <li> <p>Docker also tells all nodes to immediately renew their TLS certificates. This process may take several minutes, depending on the number of nodes in the swarm.</p> </li> <li> <p>After every node in the swarm has a new TLS certificate signed by the new CA, Docker forgets about the old CA certificate and key material, and tells all the nodes to trust the new CA certificate only.</p> <p>This also causes a change in the swarm’s join tokens. The previous join tokens are no longer valid.</p> </li> </ol> <p>From this point on, all new node certificates issued are signed with the new root CA, and do not contain any intermediates.</p> <h2 id="learn-more">Learn More</h2> <ul> <li>Read about how <a href="../nodes/index">nodes</a> work.</li> <li>Learn how swarm mode <a href="../services/index">services</a> work.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=tls">tls</a>, <a href="https://docs.docker.com/search/?q=pki">pki</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/" class="_attribution-link">https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fhow-swarm-mode-works%2Fservices%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fhow-swarm-mode-works%2Fservices%2Findex.html
new file mode 100644
index 00000000..dcbf3a15
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fhow-swarm-mode-works%2Fservices%2Findex.html
@@ -0,0 +1,10 @@
+<h1>How services work</h1>
+
+<p>To deploy an application image when Docker Engine is in swarm mode, you create a service. Frequently a service is the image for a microservice within the context of some larger application. Examples of services might include an HTTP server, a database, or any other type of executable program that you wish to run in a distributed environment.</p> <p>When you create a service, you specify which container image to use and which commands to execute inside running containers. You also define options for the service including:</p> <ul> <li>the port where the swarm makes the service available outside the swarm</li> <li>an overlay network for the service to connect to other services in the swarm</li> <li>CPU and memory limits and reservations</li> <li>a rolling update policy</li> <li>the number of replicas of the image to run in the swarm</li> </ul> <h2 id="services-tasks-and-containers">Services, tasks, and containers</h2> <p>When you deploy the service to the swarm, the swarm manager accepts your service definition as the desired state for the service. Then it schedules the service on nodes in the swarm as one or more replica tasks. The tasks run independently of each other on nodes in the swarm.</p> <p>For example, imagine you want to load balance between three instances of an HTTP listener. The diagram below shows an HTTP listener service with three replicas. Each of the three instances of the listener is a task in the swarm.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAyAAAAIoCAMAAACmin+DAAADAFBMVEXR7v0PhsX+//8Anp4AoaEAoKDO9fX////M9PQAn5/S9/cZq6z+/v/z+vvC8PASh8b8/f7U8f8IpaXd8fKEzs+R1dX5/f3x+vrT+PciQFMqs7MgPE/N9veBzc7Y8v+Gz9DN9fUePVIAoqLm8/prycn2/PzQ9vaa2dnG8fElQ1aBz88ZOEwcOk+77e646+yv1uwWqakxs7Ogzuh/1NTp9vchra1fx8d/0ND8//+GweKQ09TL8/Pk9fW24uK85eXx+PzH6erC5+ih2tqr3t5Fu7vY9v8/urrW9P/t9vsXNUofOEpSv7/U+PfY6/bh8/Pt+Pi23/UZi8fM6+vy8/TT/PgmkcqDv+GI0NGAweXS8P+64vim3N3///wnPU76+/v/+O+U1daKw+O93O86SVYfRWGM0dLU/fy1v8SotLzQ+fr39/jD3/C12e6Soarh7/jQ7uzItKJIYXHs7/De4uWZ19cwQlA5tbXZ8PAvTF+irrYhj8orR1jW7+84ms/K5POap7AVNlDP1dlut+CczOcaPFdLwMBpZmTm6ezX3N7//PaW3d2KmqRxysrx/P+j4uSw4OEzWHWCk54jra4aQF5Vg6V40dImTGYtVGx6o7xRannEzND059rr3c41UGJ4jZrI9PjR5/TT7e5jxMSPxuKVttDQvaz68ORBd5sxXYFCVF09YYCK0NGqtK9ccX9feIen0uqJko6CjImvub9aiLFogI9rcnJTe5iWtMO71uxhjq7I0NWWioOwmo99eXZVXmU+WWt7mqtzhZBHcJOMgX1re4W/xss7ZYteaWuWyeVqlLQkS3FHWmK2qZvdzb5oip/p5N+rx+CjlItynrq/u7XQ6/ny7ehOS1Gyz+RES1W5ztjd1s+2w83R4uMULkOQrLuIrMbM2+NfX13D4dOhwNjMx8J6rcupranX7/ulvslJbIVTV1uZnJiepqPH6/3a5e2HpLPB1uOu5ekQp6fK6uGEuNW2zsKvytQJio+UxNWi0dsldX9nx8cyFQRDmJ0JBQQdcJ6QYKlLAAAgAElEQVR42uyc309T2RbHJ33ZL4eEhF7Mzk6v2TE8HHoefSATwYG+qImayIMPbcVMMRhuVEpthHSi04QIhBggY/gh1FwTYAR/RJgRr+VHuaAQA1qRwR9wc4FIvEGJ459w1967LYVLGfCWOJj1fWnac8537wPrc/Zae+/2G4JCoRLqG/wToFAICAqFgKBQCAgKhYCgUAgIaptV7Q/OZ/1pexcOBvcgIKhtifypT5s5reW19eaVL97ZmQfrQuoYsVY8R0BQ26DWAaNtc4Cw0S8NSPGyazR9fUCMnxAQ1DbINHmwYscA0uo1hhOMIAwBQW2LJtkOAsTF1geEhP3+AwgIKvnS+ncYIKYd/MdGQHac8j0jrKLJ40mR5bq/qLy8Z/ZjrHz395SXF1WlrwbE4QElaT7LUQUtFv0r9n76MXTg2t7oO48nnYThDNWlas+il456PKVqzHh8uvx0kT8jdup+9ZIVd8U6bcAZZLqnfLYUAUFtogLp9/l0vSwQugjx987tMwyDscCzs/Lg4pgO77mv+U08II5JV6DsgZaU0WvmkYtBE2XPZDhrBcvj4i0P/b5fHu/zuT9+6GQG44EhSKBaO6GvvoBvDg7NPAqIU5m+JEsPU5+v4RX0rc/X9XGy05BXKA8402WINn5VkA34hmcW4Ca7LiIgqE1UIAeprlOj8CKp7maM+ULjOqfGsFhTaPdy8d7JWeHzFUAc/U5aMZecAWTKZ3Aa6qTcqPu7aOG+QXlZyMc565WLGn1G4D4zqI9SajxMhxKd67puHGwCdl2M0UDIxajqXGQWC14aY1c8kZ2ccjFoY1y0IWazq+9b68YMzo2bexAQ1B8/w8NBSLGGgsH9pMRJC4fmKysXB3S94i08zhe4/my+tHLxMpVkKEAEHz/NJamieE1512xleGqcGr0Z8HA3oAdVpVX3vMADRLfWx3VWeD1YNTVG9cJ/kOLgFKRYwWsfScd7TpdmPaVVyy7Kfk6PzWI5RlauoA1/A4tWF+VLs3BXY5zVHRaAcJ0X3v3neBOmWKjN5FgkUqTDo5WroKke4MYTMaXKemX10fLSKPw+Aojgo7AtOU3D454OnxVdmHFRiP92p174VnzuKPHSwldiBGE6NAZVeccCNQSVLVCki0tLDrEuNQK0e2ndX+MAYcJDXDEor6ge4UwOh6TjPjVeKEBEK/n5CAhqc0mWAqRjwO0+rD4pcbInxNHqY8Nq1updTdFZBUj6RPL40DpeCiwkESM08NYxwKFZeQQGAvbQJABhvSqZ62dGE4lN82oT7kCkFzCWNP4nHhB2VU5zpcIVc+IC2hApNp66aN0eAQjr/WITYQjIzgWEmPIr1QcFE145grh02jurPtNkDUJHP3hpw9tkNfwU8qXIvHHYX5nascAVL+rQzQMCEN4WY/YFiVsHOVGZokah1rWAxK6gDJAqARyiU3KXOQxLAAhvIwgIasuAgIqrrhUtP3L7dPEohwxI5zx051JkJrXlte6Der4hWbM/qRD0D+NyPQCwLlo4t7yUYd8XWx6Hc38hqxcKw8HHt7ubAzpdDUjkCg0AeShGHlpXf/3e9frr9d2dFEorAOQLLrkjIDsZkPA9t4sxw2pwCQgkXU5OKWd68+971AiiUzg0nKzVwn6nEV8pt7p4V9QaRpONAameGuuk0FerkQAQogCBKoZZI+L8xzYJyCsEBLVlQExPOw0GbISa6z94VTHgWOx2wyBCqTEsaxBKGy91Uj63bYCMbhIQU8EA4wangeZfy9emWKtGEChmaKh5RW8QENTnFumDnDbWz/pLTaRd1iCqHvHffuTiuvHCJABpeE4mmJw+TYYm4lKsVFlPbzbFckwaun73tN+TQgoW+EYjyCRjTY5UJTisISCozwSk3Ukb52ORC4BUV/pVvIYHqKim5SwWKbjMk5VktaslDFmUN9950PGex9CDIr3rQGJAOt5T2pQlZnMFthvVIBPRWS25QyY/FQFBfSYg8KyNPM+r1Xzrh0B0uqfVFwXkipwtTVKSJYakCBH9hw6+cAxw/iJyqE/FdSJAYLBp/C1CmXPDGmTGG5tVaHlfFvqEgKA+E5B+Jx1Wz/MJr86uZpGJQ2xUDSET8lEf3Ys1mawkC0DkV+WGqdZOClELsd6gYnfKJyacEgMi0JIzwloLjCWNFxOPIHLAk3fh6ONMrYMgIKgt1cqMdp3uOfDUq+tDlcRR9cHLdfZzFhGxN/wm/0T4HYwZbSubFaGAZsP7k9EyJFK0d744f3GQst4rEMwGbfh35Ynwso8avVfWBeQ1LRzqmYfCgy59yiLTU4MGpQ3fJx5BRBt86U1+8cyIUxd3gYCgtloKOHVqVLyqHjB0Hmpudln5HRcVW/lKvJzr7uZOxo2rV+K2uwNKPCk7mUzQAitzu3VudInNiq0LBoUudDJqLB0m6wECcOrs4C9i3xgta24eZ9bQoBxsEo0gmmNC3oXbxTl/mI6AoLae6dzTOf9xjnR0+8TCAu96UHxZ/QLC1KCTWa0Gb5Q7x2M/2uDoM1hszfv/I2RxDFoAt2dqk8t0t0uuwzQOqdxuxFoRWbcvYVYBCFkUuI5mOKbGmeha2bMjJYeskA9GfrQBXmJIGVZVUy2O6fIuQg/Egmf1mBUBQW2NEH9Rj9hS4ph5V19Tfu0AIZ5gsFLzVJGCa+9qai5FtptU+/3qZ39MBX5/8GwyWta0giC0UD4f+yRctFxzJtKg/B5t5LtT036/+gZU+HFPkT+LaNNFNTVnij4SR77qljpVi12hRa+ANvy3a+rPzKrPHVXBL/jdXARkR8sktlxFN/Kl3g0Vq01YxLRmc5+WvCbXWmkOTVtp0KRp2jpnauKwx6PeONSRyJnxF2jb0F8EBBUF5E5Z8Z+4e/lu9w78oyIgXxMgAQQEAUEhIAgICgFBQFAICAKCQkAQEBQCgoCgEBAEBIWAICAICAKCgCAgCAgCgoCgEBAE5OvXDzZbdiohN2y2HHj5zmbLNZHUXJvtGMR9js12g5D0bJvtAiEZtTbbEUKOwss+QvbabLVHCTkCL7vEXix7dro0EV7HYl7fkY29bDbb3jVe5AKYgNe5FS9TzCtHeqUrrwzwSiMkZZXXPuWVFu+V7w5JLzDJgTvOXev1Q8xrl7q5//VKUX+oDNmvnERe2TGvvQjI16Jci/kkxGOOxZwH/3ebJdMOgORlWmrhH37ebIEoSP/WbIEo2HXKnHkOoua4eTeEeNpu83EIyxtm86m9AhDLtxnS5CSYZK94EemVHfPKiHgdN1siXmnKC8LynPQi32Wa47xqLZl5AIjdkmlb65WivI6CF4Tlvt1mM3hdMJtvRbwgtnMzzX9JAUAazecjXmSNVwZ45UKHwOvYipc53usYdEh5nUwRN5d5Xt1cIq+jp8yWNATkawXEIgGxrAPIrWhQm1cBcisxIBYJiGUjQEQgpplXAWJZDYhFAWKxrfWKA+RGfFAfjwPEshoQiwrqOK8/AER4HbMoQCwRQCwKkIRe+8y7EZCvKMXKs9eKVMZuF5lDrt0OKZaWY7eLzCHbbocwTq+154nMwWa3p4n0w26HqNlnt4s8Ig1eZIqVVyvSIrv0+i97Zx/UxJnH8RlIstkYGEbaQExaQ9oEcokOHOAxQDjgHIaANTOamf5BAswlgOHGAYQoTBhPplgFsTAISRGRwTcEwao98L1RK3KK1vY8PU/O2mK1Upx66jnWq+fcs4m8JAUkbzRuft8Z87a7z4bM89nf8/3uPmsiaotpaYsYfti2tWbatrBy1AjL/IVqmZa2fGzaYlnaEtRmZKC2/FAjxBArY6wtubmt2pdtCYghVob05ffCJra1zNJW21hbQdO01WZui/heUssPRbSVMElb8mTz1gAICEw6mHSyd+3EpKQgAAQAAU0uVs4b85cCIAAIaApAYs1eGwBxofz+kJwMHoQsgCSXhMYDIC4VkYhBikUWCQSCAADEpZIDICAAZJpjjrS2Fs6kgwAQMOle0LUTpFI5AAKAgKYw6TmQYrn+qBMQ4AOAACAT1N2S6cF/ZP4sx7wZoSVLARCSAJJhndlHrQl0QGuaStsCPVfLTEVu38eacVsOMS+pTIj1cGDHo3BHZNQ7tt3s6JHB4P6d1AAg3qB0X4oDohr1Dm03O+L7Ggx8d+/E9+ex31CQlCCFmJesgOB8CtVeUXACEKrHCgHi5j3w+fi7kGKR0oPUWk8PTccp0ZH2q6j0d5Geq7eMJvfuoHEOBQDxjhQrHaemCBl2KpjW1BIXzPBUKRJNRW7dwRL6POoEQJgCP78AAIQ0gMy3BSSObqd4cU0t/jy6p4qbZCpy6w5oYVaABCVnvwkxL2mGWBk2QywHAKEDIFaAxMKcdBKbdI+uIDQ0oBEKhTS7JERDLJqDQjtDu6TZCQjEvADIr1BBaAzawurGRemLI+bZp3qDcZ6DilicvqixeiFtWkZsAGEtS0yUAyAAyOxWEBrDPzJlDh/HcbtTaKdiXrRDSvjqSP9pELEBBFIsMnkQm0tNPLaCMMIa66k4hU8heqydQoDgjotq3ml0oz8DAIGY11MrCKM6gkrlU3Dqo4iU9ek77FSLcYejWp8SEU7FqXwqXl8tnBkgAXK5nAWAQMw7ixVkSeRccx+tkQYGMe3+I524mhftzC8woaYe0Umd28iYmUkvic2BmJckCpDWSp2Oed1eQRjVcyl8vD7bwSucnJ8PIg+dh/Mp/BwGxLxg0j2vgggfhqMD+M8OXwDoiglT8hoKhfLoIwbEvACIx1WQuNU4H69xfJKea2YU/obKxyP8aTOIecsLCoIAELKMsQICmB5eQRiRqGumO2F7XQNIwA4CUwakWN5l0m1uHOeBFYQWVk+lzHHG9bpoTnoUsurRC2gAiFcBEuuCmNe9FYRRjQx6DvbrA4KFIicUyXh1zBsVHw8xL1kA8fzzIIxFOCU83hMAkddT8PXCV5v07H3zwaSTxYIkJSTIPbqC8Ijel455AiDYDpwaPckfagvIm/PfAEAgxZqlCkJ7OJfvm+0ZgCRTKXM/EsJ5EADE7gqidxsgwmo+hZ/kGYC08fn4JCbE1oMsDQwUACDkkI+f9fRQByvIqb+EuQsQRiOVEr7UMwCJiqbg7zIgxfImkx6aXeKCq3m1CvddhoU8erRzB+TlJhcBIohAdkgIgHgTIC6Jed16neJ6X2qEc/dAyMzLc9HPlYJTFwthiOVNgOR4PiA4dTXTQ36uxTMBBEw6iRSwLDExCABxLSDZ70PMCykWAALnQQAQAMQBQOBSExLJx2Z6KADiPCCQYpHJpJfEZscDIAAIaApAYufvgxTLtYCw1pS3+QEgZAEEYl5XAyLPgSm3pFFAeYHV0Q4AgRQLBCmWewEpyXkfAAFARnsHbebrcuO8ARC4cRyZhljx1pm9vYDwHnd3fsCY4cqKLtMdLaRYAMjrZNKz9+U4Y9K5Q7rKncEzW1c71CH7GwACgLxeKZZzMS93qKnzrzOqIDzFkwF2iHsBUVYMpk67wtW8b9wPCKtgmdX1bQDIaw3IjGJeHpdG52oV2lG/gV4rhHQul0ePCwuLs1nO5XLpE58tbwpWqiXuBiTr2y1HplvOLLz5qTVR323fPDVuu7s3OwKIHO6sSCIPYjN3YXJAeInSJG3C4cP3Fpr7N0/7+N7hw9LgJKk/Ly5BGsYbW74ALY+TShMIMmhJUmnYuFfp50hMLRI3A9Jj/NO0KxSmHbV633xt79SAND+/6RAgcLm7t6VYcYpN+qObWsQytukO6vo82n0TRyYz3uox/Cd3aMC4M1hxYHw5QqG07hMGXftkoLR3bKY68iqaown969w8xFq+imUXIHuudU45tUnZ/HwdyyFAkrNj4e7u3gQIXXEgrVRlGG7ShWh+CqZrR1QS4/5ulUhfeSd3SL0FAXJwbPnOYO0hneRMq7CgX2J4xhj3Kl880xa4DBDljWM+N1aU5b1jcRaHysp+zOr7EVNuPJaKXe17Z09e2QrCbNzoM1uOG30VMdjVrejBAkhVxYqyskG07dUr6rrBb3ww7DL6wOJOqraWlR36l7nViy9u5lX42A8I088vCP4baG8aYsUpDnDYnc+4tC61pIHLHVKHnHuYG9ylZpsB0RCATFjOCz7AQQvQJncmzFTnahk81wGS9aHxgE4sE3cSvfpKh0wsM55N+xh9rPkjVsg53S8Wy0SnWNjFNAPyJNuuS275IDY6N1sAudyjEktk64r+jd6KRGlnYqpG1DIJ2uD3iIoeDtpW84CFKU+8QLoQAykWmPQZVBCO5oNcHndJj7i9VTHCMXykoPNyRyYCYvit4uVyHhcVj7qVeoIVayfjSkBCQnrz7g6Ie2OwberK3mNXOiSSUUBUHOODvpMqzRGs6qTszOasHlkD8hKF+mELIOjD4XsVXQPi9pjLd9V1K/6pPJFmeFDR1SE+H6M8LhserBjRVX6JuPrqxc37gwCI18e84+dBmAGZ6b6+kw+x9hI3/kfP7a3lPeKGVvOoST0OyMvlB9FyHrIfajY7pHOhTVdyKSDiBhbGvKTam4r6dIMAY27rEI8BQpSNqp51uzBmc4fk1om0uvfQJvnFGyxDrObrhrXo/SUVqijIg7DQB5rbxAfqC2urerb8A738qui2Ex5EkGh9t0oA5PUGZPw8SP6qiv89fZpCnwyQM6jjWwAp6BcfJbo59/EPEwBpNy9/+ay9z2ZrntmeP3QpIMQxHnVt49tZ35r7NHZcNgoIGjQRnVx2Cz3u1mn0mi+tTHrVxmLU+69e0SFAmq+hh92cc6n5+flZCCnlSfHwveIYZSax8rbn6yDm9XYxo6KizIdJZubyDRv7/jz83ykAaZ8IyPlXAKK4y2aLflK4ExBEAhFCGb9H//5u6ftjgJjPdZxAwGA+yuOckI9tUizmjZGzRS0q9iggFzl6EyE92uKSWixuaXpAuHSlo4BAzEtGZW44Vra9u6huBoCgIZYFkI4pANEOdbDZ7LqH7hxiaY7MBBBM+Tkn5AuWdQU5rhKLivaf1o0DUre/G2l/NxpYXR7p10tkhttOVJCgjNASiHlJpfxVxVsPbdpvEokMrwYk+KCkbgHqJblduskB4RX0SOq+VksaiI+4407d5YAwzYD8YGbFDMQvK0ihqrSlcpcVILtVhsPFy7FmXWeqBZDCtAbLr5CPjhPLsarirs8k5zY7DogPiyWAmJcsMW95W1tQ5oatK88WmVr0IpHx1YBon+hCjrbm5g71sycHRDGiYhMxbyVx6W5SQqJ7K4jyc9l5H/TyM/EkgGy7XrmrUGVcOxGQExYeUN14GwFSl4rs+gVihawe0+09H3Z+P2rgESCOnUmHFItMJj3nrZrBQyu3N5n0bBGS8ekUKdY4IDzaSUlI79crBySiSQHRPlFL2lu5j/slxk+0j/tLz3PdWUHewy7ptpyq+K5HwvklIFknZb2CKvSAOvql06csMe//2Tv/mCbPPIAnteVtazWNO4uPr2Z7u4nX6+siE29k88cmxqwSNbEk+4PSmitrgaTOtoO0abKuOaStqICnSJH2vGVy0xw95Di8Q6H+AIlQQOHwB4pC5nEqF93p9Mx2Z+553v7E4dFsDt639Pmnfd+377fh4fn0+/P5vjs2lg9jzn41QQFSeceo+rPs/DBr4OTGzsOqks967mMD5zY2iRAgz8zGBCAzHJD5i/sqXD6TxYLwkFheAMjxoSAA6HXRozYglcmKverffAMBKUaARF1/1CXr3ItKTQpl5+c+ujy0Pz8MyMjQywIkUJVYe7nyb5jCXyiV4LmtCBB0escQpSFODVUpTg0h3VBzVVaVDk+XQ0CG/oQduic16X24Xg0/qyqRSY/tqWmVSnxuGQr2QifdpHfLDlLS//PsGb7nB4R516wuS0sAEieAbFvc5/EF6EDj23/zJgAkxeztQwBQr9xFmgV3PN6ep0h5ZD060/THlAWR61X5j73ebxAGC/7p9b718XHvrYgGqfA+fTmAOMd6DqMlXO9BxSaDY42eYUpjoNPdbSdQVO5I2xNVfSNytrH+Ng80pNqgBulug/5Ib73L5b0pH228Bm8944UiBsbqXK4elJVnDR6vc9Wdvk99S/fI5Y4PfkgUKxHmjZvBSob+Rx3UIAE+TN/OYk9U7p6vyQq/Lnp8+mm+RpOleVyY++sFr2k0Sc9d12gWBA/gpXxNJB3yWr6Gz30pgESPUQ/KAypaPvti/F/GEsC7FM/9ucGQHZXniBaqKFCG3yoFmIAVEZMAJOZxW3t9bdwhki53aD0+U8DC0r8AkOihGduY+xbkA8WqliVxf+oxKSAnh5q2Y6rRnMpPf/rJigmQORnr1q2aiYCoRmSdh+MyBaL16AMKxBUDIKhYsfz0iZuuHKIqnzv9gNQclbr1XWTxLRZNAMGEQiFrRgJSgnduircw79b3tm5RGqobKTfd7f395IBwF40eJWUyGZl74bdJ0w+IIL2m3uXTNz5Jx+gCyEyNYqlKLOXxBojoo8WvbsYcDRWNXr0FuM/8d1YMe9Lz1+gavd7T2YumgI/JNQh0NgrkBVMzXQlA/t9Q2I12UbwB8s7PPnxFrq0wa/M8PouvIiZA3k3Jz8rSZPG5XDoAMpUjNh+kLCN7RvogcRnmXbrtkxvN1tJqu7Fd5/JZYwIk0VkxvqNYzmazTme9bgifkN+26nR5oYYwAzbbWlWDztpss9mCm+0EKvhepHDYbME+tgPt6I4bYQmDeUjiBwwM885JTrNZdQ1GDDPYdGe0RQlAfjQgTC937+6QSKVSkvA9CGRJFf1dOSQ8YWoKpIf8oLK5hSRJi9piCe0k2FEoaRKpSiQBJ9052pUDbyBNPdupq70tFihACsrvpDMPEaW94UyenarTMzrs6xOA/GhAlqzOyGBwJn3wKkFY9C41AYgLyKNwjuUQuEXfJSHIctQzhuUnc+sAQeCVbYDcH1jxzhaC+CIcxXKeIwFuch0FgDxLJXK7SAL4XGqcAFXMI8SQp7MGWxMIlcpE8+qZ7qQrWgjQOCwv6D2ZA6jU0o4cAHpuyOW3Wwn8GFrvflICJN7StqZBNQhGrWrURPn2MCB+XAJ67hcMjKoB2cfCakcIqDsMBb31ElD8FdN8kPfv1HmMysACFCS6uycAqe0KYMBytkihVqCWdx/1u3+oA6AT6RAQAp2RKyi9QVldOHGBFQKk9h5AmgL+z47k4JAbPw7Kqfyhwg/w8wzzQ+R9TU1meeQ4AUgCECLYfa/b2v4KWuTEseCiPlKIn92DNAgoD/gWEABU9ox6aOReCScKI3eoRkx3N8GLIKg3VCVAcoVRfBQYe+5eGBYmAHmpYd7sdZ8wNsyrUHVAg+gmikYJUDEbdokg+kLsHCU6DyMfBG+iVIoA6opKpBu6C/G7a8OAXCJDdyjs0LmtUYd4wlinIsKYMRx5PT0noiMu9AQkVUiT+dowA8K8yOcgLT6P1h5ySfRtwaGW5H6NNAhxIfjZkwRxKwDR37EQIIpzYY0RUESFwOQNCmgFeA+TAliG66XmagOL3oD8ksdZuYQeE7akiMPLjPcwr9CPwk0AJ9yNw6h9EiHBpcFB4sVfIw0SBqSbMrpqWwmqSDEISAshuRgl70iOBIQFEDImAWJotlZUy8f9OtMQkAMc9vLN9JiwtH0QBH7cb5jqHW1zAxwy0nkFc5YQEldbeHgPj9MgyPn4VZQrMjEgwO0NC6i7yRg8BEqHThfQo3QGhL+LzRa/T48p+908MW8FP76ddGppKOy3x1qBBKoHZGJ9hbECg7qYHgUICl/1YeeIQPQ2YmKFtuYoCzAB0jIiLEoAYwwsu7bNalhdtnoLrQFJ+dc89qxt9JiybA573t44j2Ipe9upChGB3F8IoOUE/YsQDs5qBypGjAbk0FX8fO89/MvXI4BEOemY362/iJz0f4R0U7VRzhwDy1xqts2h/XPSqdWXSY8p+5zHnj03KYa2P6J0pgKi6Ffj+4PxrC7Q+SmykIJBKKgLLMc2jfNBFFDBVNYXBo/DYV4QDPM6S8jii6oRQHny1DEwVTEED6Hc5qlwFCz5iO6AcPmZcFmm0WHOtkAXZGcKN4bng2xjbuO4mkJQeSXkgX+5HaX9iP3Ueq8tIcim5zQIcsEtkkBnsnCisBWAPlEwIAZ1ix8PSfTngNy/MASQgnadVWsQiDKys9NoDsgutpg3nw5zto4j5kzggsRX61EVdDoO3rwv7x09CkjUcQyucuLuE8NAfwcAqC04axwgkB8JcXZPNCAsqjhlWN47pgbFtwK5+MoHN+SD9YUS8q8MKcaSG80VWqPye9tDaQhI0tx9HM7KVdM/Z2kLOezZE+3Cj688SM09EhBunxsnAqWGilM5BCHxuXMIPJdyvscBAj0OSciCChcrXgIEbkISAm1fa1qhRJPPggOy6XVG4MESGht0Vofy+wlqGgLC5R/giHmZ075VTfgdT8zbzedOCgjDH38g6D2uBjgJ9chpajWzsP4OCzwBLN5rgSgWEQWIYlANDm4KAQIC5e6K/lYJASWUn0D/NQHr0HE3JdH3gCFNT5SG9gqzbaJ4Ah0BSfp5EVyai6d70j6EBtbCuUmTA8L0MK9C2Ks1W83VkQ1TTkeD1dpwIz1kfRgNUZ+2G+2s8Nv7wd8xlS3Par0WMd4Hqv8AJaZhDBnyZqunXYj0h6gsO4PmPgiK9D5ki9m7t0znlCW/LWaz5+3lc+MfECzQTiw6a4GOBVH2xnOXXiQiopVQXZdAIGAKIA5PRbWdeieifxQLGVnz50FHPXXdtCEyJzuVx2azV/C5MQAinJOceIgnkwfKEOqC9hUE5FX6A8Llr5gHDRzOvrfXbJ7yukXBqjW/WMiBXy8+kMKNBZDkpe8kHgPN5GEwQwck2GlTVJZRlkZ/QLgpu/bx2GLOLPHy1PWZn++esvFd5vrU5eJZHDGbt3J+Cjc2QGbIE6ZYQlY84iG0V5eW2mDfQ+wAACAASURBVOQv+CGmKyBc/tzdKzmQETaHw5vSweFA24rDmf3GMj43VkBmRm9era89DvkQFFRTGUIBwwDhJvGXrSh6yOZQa3bqBvo69sOiA8v4SdwYARF9vPW95BkASJ5MG4eAyB0oQ/jCRoT0BQQhwn1z1+6dG4pSF07ZSC3asPONXW++y0+arFxs5nVWzJPGHyBUhlDniKgPUfbScZ3I6QzI/9g7t9gmrjQAS1O2p0XjlaUYRyiKpq5lgtZI3rWiFZMNpIEXO20SKZbGD+RqGGEltktzUYg2soOMsKMsIhFV0gYaBRHSrlxIay5dkkAbUEqqEmig3MK2gIroNit1q33oy77sf2Z8GV9jQxLZ7vlfju2c+Xyc+b+Zc5mxcSpueuutTa9s3vz7NYrNm1+Bd1z/cgrXUxJBcmIA0jw74/JKVgiVJdkwzRsVr728ZvFayhccS6Z5qwM/rU0Eyb4O1qRr5KF0fC5+eXWWCZJx57WoQXo776sigmTlCL1tYGDYIx2fy7dvy/AbprJQkA2MIo8IkoVR7/UPdHnqky34Y0E2rd9EIp1Y/5ff5DpIzgkib7UOWA8k/yWNN19d98c/k0g3/rtOOs3beeKEjAiSff0rz7DdfqA1aoVQqVTSEYK8vu5VEunGutfJLFb2T2BNulzRX2KClDsaI74F8M2XfkfieeKl/xFBsjua27pm9rbWRwsSNc37tz+ReL4whw9FpVVVGiJItkVbl93ljXk1+mpejYzE80V45SO/0ceQQXq2DUDqh0/3eepjO17l28urEYmVDDLNm4VhGnYN7K0nybsmgjSaiSDZFVRzW9/AsEdOkndNpkOq8vLIGCSrov6A1d7VFm+FkMpfkdtDSax8EEHWzg+Pvy/BCqGyvaSxlCQjEeQ3LYhn2D6Q4B7C6GleEi8eyrzOTrKSnkVd4vpJe+wKYXBn8kSQFR+kk2uxsiqaPV3n/M0JBhrympqafJLTKysImebNpqA9rr4uL0nbNRRklad5KZqmIgoULuioggoXVJKCjoDEZ1F0FAsEoeIjUQzyOduV/MMlZKXVwTINn+trayZpu4ZRXb2qdxTa3O4W6Bzr9G4nQrIJvbsSIQMUDij0er0aIbVbrzcgVOnWT5QhNOrW6zQIOaGAZrW43TZIIovbbcEsfZA1KmXpgaUWWY4wSyZl2UCQ/0y4bXSIpYti6WNZUJRFsJQiSy60y0IHPxwtfjjlREosTTQrnTDttdtnTQlvAaGqq7qhrcri4mIAa8RCVlxcDf/DfChQqKguLs7H9YuLoT4FFaFZcrHAWytDhSZNljyCJV+GFQ+SiBW3XRiSnCWPYSkjWPJoVsyHk62EZokEofQsZ4OWuFkO0rJsjmUhlQwnWRZySN3EspBDDq6pCXJolGNPQm47OXYOWmThWDd8Ah3HTkA6TLDcBMBCLLYlmuUQWZVsU5NBZEE+toRYehDkVlOQpQOWW2TNsVyYpQ6xmgQWG8XSiKyIdgGLjmSdTM6SiSyA2FhWn5YgtMnr6pv1JF5CVzaa/1CDUCfPb4CdW8PzjdDkcjNfBO+2zcfvgnc74uOPUEi+k/dtw1f/8r5ySJB23lyDOxM8fwKh4hK+BPoUeVCUItQNEJHVjlk+vkgewYKc2xWPVcL7ugUWH2adSMSipKztABFZsnbeF2B1IlQKrCpg8VLWGyJru4/fEWChOKw3xDtn38a/WSuy+JIAa0OxwGoXWUUxrJ08Zq2mIJyY1JwoCMfhpG7iODjWOliWcyDawbGsIAgHOUQ7OW6uDCciJwrC6XEicoIgbpE1J2WppSxUCSwhETksWwuwZCJLEISbEFm6CJaQ1CFWpcBipayAIJwoSLBdYRY9F5/FRrCaRPubZCJLiSjYOj1B6r2JVghD07yMGbKgm2F4vMMVTAne4YVMIxakkMH7fadCsRME2aVQ4KQuYgpxDpUwhTiHeEYBW5f6GDNOajPjw4kYw8LJU6gIsiARd4is9hALJ7WPUYBspWaGCbPeZpgSCUvBtGPLgEVFsTTAwoKIrGofU9gdZkGDIliNsggWimUpysXJqAALC8KY8VWdnQGWQmCVA0RolwKLe0QhsHYJrFXsYrXYbJC/ciggXTQWmw3SpQwKUMJgs9kMYgEZqLbZLPBRHVDA7qy02VqglaM2mxPywQlFSiy1yMIQTQQLBPneEodlSc6ShVgYEq9dAKHTYoUglFNkpe6Hx7/MPYRwBsE7vNPnE5LH7NuAj9SMuR0LwphxUh9hzIIgZkY46psZfNRv9DHCkdpnxknN+4SjPhRYkBALn422A0seYu0EFkrA4n1Mt8DySVjQIIFljmJRAutIiKUpElgykVUdyYIG4aSGBomsdpnAKhI/nHDUj8PKD7OwIGbhmxjyzAGWOcgS27VDwjKbV/UMkkb/IXDKWckpn8yexUrz6+Pp1mH7yGTSb1ANXGqiDBdQWxMqcGcaCnxlkUwoqEABNUAhebiQh4pYFlozFp0OSxZmyeKw5C/GWi1BKnXpHSTJNG+SmByxS34GhURWRQJBAl12IkjcOVuIdDpY1jNd5BL3nBOEJYIkHJ7NzelSN8Tj6rN6aZJpuSXI6MSEjQiSICxpTPPKPbMDdq+JCJJjgtAZ80tmmShI6tO8tOmh3TVryqZ7PWqf+h3ojvWXiEmFO/5fJH9P+0eEF60/55ggmRMZKEilxeJMMeVbl1khzMBoeNKjQ6e+e1f6U/O18JwK/f3oP9JlXv1ujAjy2xEk5aDqvdY+V1t29a8aLvVb0KmKCEHw85Agh/akL0hPrgkCYxALGYO8aMhb/TNWb7ZdotjcLI8WhIbn6PkFoadyThAyi5UklDJZatfBCSuEGbfLe5+67C48KLizd1I4LSz6HyN002+3ux7APq9dfKgOCBKqCc/P3nxm7/pnWJCG23a71REepOx13PkYAKJWiy67PfDw5sf2rp9FQRr8EZtkuSBkHSRhtJw8OZHKGIQ+MNN3IONWCG+eL9CqtD1D36D5uqEfsTCHesZqn+3WblEZVTcMIACMMQRBgjXvwRmk7p2vjSrj4KOtAUEWr2m3FBiHfg1S91Wcu2zcYlR9oQFZpjqMKq3qBrgAXHg4dHkLCDJ/GW/S/2tudLF0OtLFShQpTvM2e60j1oybwOq9ZPzpYdvtaxVfHm44JBzYj3f0q+fr9nzxePHfHQd/CAsSrKn98jA6tbFg6F/eT+qO3hMFObbUc+YBPB8M9rb21W3p/2z4U1yhd8o4+L339t+NFw6jxd0Hbzy+/bVKNYaO3e+58GDx04JBCxmk57YgFL50fvm8l3tcfX5vpk1g0eNLgy0BK9D1igvQD1owfoWmKy4Kg2njo5Ag6NjdQWew5qm6PffgfDBlfHerIMi08cph+NuCNjhU2VeHE7/3Eih3vGPPN7inthtkuWrEFY7vPjgGbwPCYMRFigiS22cQh9NZuawg8rZZuysDVwh7PR58+cttnPbH7g+O4mlbHTK1yZDctHi+JyzI1lqh5k2oaYDnWCVBFixI7/mesWaTyTRf168OdrE+xBUWjO8FH9ZeNb4H7HvCw54x3JEzCZt8ZMgBQSiyUPiCE1gm8OOhKQNbVvt04PTnfy3YCKkNifsIRiLQhUJ3ns2888FGlUoiSLgmFuSWcPq5O/gtCGJpeKLa/8F+CO3gt0FBzuJiGgSZNt4SXpquOAv1R8WXxxqWQpv8mAOCON1uHRmDvECYvK6R2dYMXCHsnarT7n//3Cf4DAI9pyvKKZAEzS8ZN35+ZuCa9AzSO1UQqBkUBIUFOXpm5hzEzIgjiSAXx+8OCQItYEFCm6hzQBAYh5JZrERRZjAYlutHe7vsrrZMPH/AcPwzTzMavz8EqT3+ZM+DJTjIw9jhymMTBYksGYMEah7bjccg4hjleMeQWhDkkNB1guNA8DZJiSDXxTUTGrpbDUvimslCz1igtyXZJLsFIdO8SWaxmpab5qXr/ae7WjPyCpPrFR8GBtW487Nw8P066EyNi9nb8ER7KyxIoOb1AjgLnKrrx6eKae0FYZBeKw6+0b79P6ljBJnvGMKD+/Glgz/UXjJ+hR8+6RmDTS4GNsmFMcj/2Tv/oCbONI5jBFZo0m5ks5lcJqQJF6hDDhzlHC8gCkgD5wFemEqjECPK4CQEHIhCBIkU7kKNc8hNZ06YkoE726ulKGX8VaZ1oHOc0F5bR7nxquddb8629ofX4jj9xz96724C+UESEtxNNuR9/mCN2f1uIM9nn/f9vu+7W1IHF0z5BmRJm7dxytDbz8wv/LWqP3yqKb+5X0IAwn51v6Trv8Tg3/GPGzWfvCeXuwDymtCxJwGIQH7pf7q37DYwqAofHe6asOjunS2eYS0CZO/F43/9XtN9Mf3NFLDfgX+XffJeleQMeUip7uY/im9AFyvKAWHrOmzWcYauIXz9t+nrBgbkfWePXyd6JBfvkj7UocPpLQOtB0aK38f3/qeLnKzIWtiz6zpyqHigqnVA3nV6s32yYuXf9he3DAiPX5rvTxy6S7ar3r0L+h+vXgMHtqafAq2rynerjg+0dg0UnwGHHLYfElEFhPmAjDEPkJTBwXp/7WjduMk6xtgpvH//5tzIhcucm5PEkDb7o8n7JNP3JkfO2T57vXei6OUvbIPIbdsZlnPPT8HrH27+ZeQCccjL39pKwOb26MjIhfvzy74rwQGkQwZUWey934J9vyPaZKxKQvj+PRsxW/72266HRDYgKI4vukayU8IRpvSDYTlvyrJvO6axmBg4Quj2Tbr90/EKnX+D/FHp3HPhtUdGVKKIcyygstJd32XfSmRhP7dDIhoQ/fT0ec9OuuzY0RdCHz9W/fhCOOLo+WXzMWU1dOvgGsKVEUHYvFuPrXom9AEAeSYcsWqDz79ZUX19is+OJlo+ZTVPlcPMWuGAeLF5SUBWhToIQEJ+0lV+Aanet8+3zatrMlyY0sHnqa1wQOr1+kWrSgEgq469GOp4RzgT8nO++NKv/QLiz8XqNhtMTTCvVjog3u7vT1SQlwqTQxuF/0q/HOpzJhfuPrpMQNDy2nPmRngXrBUPiLcgKshLyTGhDQIQZYjPGcP1DwjRB/HRB28cMxj6YQd95QOCb93KYTEBECUDAUF8d9A7rIZ+C+Rj5QNCrCrFISBBhq7DZD1o0UBAotbmjRJAYvwCwi4qKfE6kq6zHLSOdcPnrEWHzRvNgHCX1UlnW6asvd2wfkSHzetlVSmsIP4B0UzZzONwhBC6WLCCeB0o1DWZz9XC8gEBgRXE+4rCboN1DI4QRgsgnJSUImjz+ozFhUJjqbWZ4IPQo8fm3fenDdDFCjxYjWMGcz+cggVtXlhByAVTJe41BG3sMBj6LZAPCAisIAhS5/kAHTYxQmhqhD306AEkpaSkPnpt3mDHQTQWk20MdkCiysViL57PCyvIgs3rcdsfy5TV1g1zCdq8sIKQgXM47ncemJo0d8ARwqgCxNuMblhBvNda0AGx1UIDK9ps3n0boIsVUKDdBmttE+QDuliwgjiiXt8+uFBeNU21vaYm2MCKtgryC1hBArJ50cZaYoQQJlIU9kHgbN4AbN7GDoN1vPHJG1goiIA2LOeGuOkb2LDsb7GCEKFXi0WFFvtJtRwi0MUKfQXRT09nOpDQkCOEFFyoVApePijZeQpeAZDeouD1sBC0gKfIRRB8D0+xDWzStAoVgvCNWl4bgmRptdokBCkFmxwEaeNpjWVAhMczykiRfCCS69RCPLRkaTxFA9DSahVOraR5LZ5DK81dC2Rnj4K3xVOLA7SG7FrNpBavlNQyZrlq5du19tg/UAHioSVz0yoDWuADZfG0WkKLR2oNgQ/EX1Irb0GLn89TlEJAwlFBUJlsvvmpM4+MUXITk20iTAtEc0UYkY8FGAbyEc3HMPC940ZMROSjQiwivvcaMQZyO2dYLAb5mFQhrgBJPSQW14BE3IaJFTJSREskj1ML8dCSObSGxRjIx5wKsZgARCweBloNmEML89BiedEC+cgBWgDcsmGxCMCWIya1mhe0FHYtLQdoYZgRaPUALcRDS2bEMKDF96qFObQwQitvQSuN0MJIrT1etMpqxKIk+ppYXlaVwgqyKCx3rL0dlDR1PQARYXtIQEQ9LoBgXgARiyvAZXLIV1LbtezJI3IFBPMDCLZYq8cBiKcWCQjmBxDMFRCRKyB7XLVkdi2+uxbmG5Atdq0C31o5IoxGQKCLFQAgqK7fZqDmQeisLJVqCHzhpSpVG7gwJalUSSyE3axSgexH21QqkCBog0oFWho42IA8kalUKtDg4IMNSJcylaoBZDMQaQAiOYu0EE+tIbuWKiAtu0gby7sW7kOrgWMXwRc+kFMLoI00k1qESKn9A+XYfzmnFsepJfPUcv5yvrT4ubnE0bS5WHA2r8+/WUl1dTtRXsvHTdZaau4Sh0bUQ2WgixXlA4VLuVikzcvWNZkNY9SMEOL5xvwcmIwRBAinqKgI9kH82ryaplqruUlHyaUf9C8qSmEyUhpoVlYOThsgXhaVwgoyH+2dnXUopSOEeI1IDAGhNvjGmgr6OulwHMSfzYvjKLu82zo5Xk7RFCw0d0tuGcxpagHhiTH6ACFWlW6GFcSP7dRhMBy0wDSMVkB8PEAHVhBHaMpN58bgYw6YHHhSWxuHNkD0cBzENyCDmXXXDxoMHRTygXt5aCoMRtu8DLntj/rK5Wo101ysXY9O95qpfBA6blRooc0bSYAQq0oZceO4GK4y5HwseVeTRzfeoWqEcN7mFQ9DF4tim7c0KUlGGyCMcbHCEkvN5j0zMzHWTWWTCK/BoM1LdSddW4ElQUDCUEHQxg6zidrH5KDb8vL4Lq9zjWkwlhPGvBC5WPV6/eBmWEG8Z7PO0kHzY3J+sxrG8uKxSwUZFkeBzcvACkKuVaO3ebAjQSqNhRFsSKUJP3Vex3JKS+nrgzBmujsT+yCD589XU0sIm8/nox6ArIURbLgBQq+L1T49fR5WEB/ZXL3L53PSl23z1vBy3ACJO5LxMxjBRcZP4kIGCIrjOHSxfI6D7KIaEA+bFwDy/Jp4GEFF6nNugODNbUP0jaRDF8vvSHqmnmpA3Ke7E4Bkr4ERVMS7A0Ksb49gm1cNYpnHMWEuFtWDWg0qt+WhzAfkWXDFDmHExz8bNCC02rzEqlIa74ul5Lbr9e3cZYgNtrczYjYv3S4WkwGJT0zMfjpjbu53IYu5uYyns1N/FR8UIFo614PQavOqk+9cGGgZOPXx9aCrwdDFljd2csO9HiQENi9zAUmMz9i46cj6h6E1qB6uP7Jp49yaxMABQcvKynAaAaHR5p0dPSwXyuVy4bqZIAlRD10VflDHDXMFae/szKSWEDQrKwuPCEASs09sfxiXEBf6QQ5w0rXbT2QnBgoIzTZv54ZMugBRjgoFgq8mevsEAslpbpCAfJ3+QWa4K8iiJ0w9eSddO6yIhE56fOqJ56UJIFsTVgNGpCELQMdq8rSxR06kxjMBEG+tCIoAUffvF6ybiSksLBmtEgSb7bPmidO71WGuIHUhsXkZCEh89iZpnDQ2Qfrz7SdrjAVbQhYFaTUnd/weoAlOv+m5+IAAIe7XxY9EF0s5Kpf8WQ24UJdck0g+T3b3qIgfXC7XhYH5l3b7SllY6G1HF3OLAp9rqfti1S12MJ4YkBrmAxKfvQNcxhPW/zGPj4QhONserweIrN7ugxAPQMoUWGTavCUX10kekYsEld9IumbclgvOzsZwufpbt648mF8Fola2f3/rSjt4Cd4j95j1siP431n1gsZsxLlYaFJzs4zxgKRuAuVD+rg5fO5e6cm1cdKEHQEBQrPNm5lZTVcfRP/DdzvJbC4clUhcAVHW9vV1jk8OtLa2vHn6Adn24v7T+mFLa8upGw9G+y6BttXQZN/7O7nEjhtcduSOj/T13SAP+HK0r+/SAzWtFSRKbd7EGtDCWd8T3lUeuU/FSeM2JgYCiFExTN/d3em0edWORYLKz74WCB65AvLFLwUTH8rlQrlAIH+FyHLu+FW5QCgQyuVfXU1/YzdXPXRVDrot5I5n08kdJa/EqGO+fDtdeGAaSCnfqhJ2fc6lt4KgtC8gZyIgqRlPxcWuDTMfgJCHsbEP51KXBoQlk8lQGgGheTavOnn2zrX/s3f+MU1lWRxvUFpLKrGzG5a7r5I+WNh56Rtn4rjGuKKiNs92ZU1GkslDGJcfApUBxR20pBvQxB2ZZRzL0C2CWpnoKiWoyAAzauSXCCK7dRbRFdEMIygqoM6IrLvJJntvfwCthaL2tg/lCG3fPffVf+6Hc8/33nMfIJoHxwxmOLopiig0PTK0AfM0jP2qhQR60zc5x2NJACyAIJmXuTumIxgK4rE3YUf4XeIzRkCeFmPOQVIPOzwG+tWnWA7loVwExG+hMFj4ocDr9gmaZIV5W8UqOXnyY5yAsMmmIg1JldmJWAgQ0PwuzMO7WwBZw/KYAQIUPmMYJrICeuwBsXasBYQOhhrmQgIg2+V/qiaJ5mgx5hwEg8y7+EOuJ+n8eT/N9N0W6n1AAlYJnYcQjwLiIxKJcO7FCjp/SwYoqnXQERD9fKRSyeFM6f4gxIEEd9A123eOdABEf9LWsXHQnPDHAv1J9DL/1U8J4sRuXo4B4vc+zNDDBRywiLeChX/1cwlI6PKIiLXYAMG9WbHv1P2qDJhANH9sP8WyjHaeuDgBzr5gWCBLLfGASc60B4Ro5Nk6mm9hv6omgVYNwB13nKLlQuZNTS1x90Ih5yNI2Cqh7y9DuQBIwDZf32181zLvxp/P3T5lIwgvmycuyUoAcHSzYwEhv2Zs4740GoWHGoubvWkk7ACx64gYQukHzFx07lhF9LiKJVry+yXc3mrC9/+N74xfCThhc4Uz35vH9+52d9w5CFrpY+WVGqogjnECCGMBZIAgdczIJiwHQOT2gMC7KXOeMr2bF0sA+SI4WLieE3z4hPsGB//FzyUgKz75A06ZF6OKNbLU3VdttxDyXATpp63XkwMkkwLad4PwR5DQZctm+7xhgPhtnDnzrQ+4EUF+9lOw8H2XgPi45zhXb6yDdNhKOuQVhI0ApxHk7sgUi7e5zQUg7E44xQJk46AYewRJjXO7zLvd/qBl7gES+LnvzPcWcAOQtRCEhX7eVbHwraSz3Q0ZNiWWqSCdA2KNIJWZZLMlR7GCMAEgkTBJLzMCsp3BHkFwyLxcL7lds1Do+2UANwCBWbqzlRCPAoJRxbpppAsOW0bx9ha7Ae0YQcTdRpB40QyCvJ8AEwLCDCCZtxy+XGRwRxAMp5pwXuZd82eh7zYRNwARrBL6rnIJSOjS8PAFUxEQlHgcQxMhFk6hQOJ88bgRRMycIkBzNMOy8gtGMCEg8B2xZg4j0bhX0tOzsyPdLfNuXDwNiHsBwbubF2M9CFMJk+nT0WJxyYAG0GNl2eciiPgMHPZlPdmpOUZATQQI2pNCNKKtJtfdsdXE4yqWj0N56DQgrw7IL7ACgqpKcSXpfRUEILUmQwYA9vtCnosgsEVDAkqtBrR6QkBQkaJ5CR3OtKiCIQZvBHkTZd6pB8jslSt+vQQbIDiPHmUj+9UEQctomqqxmw4xd5UKWwTJVGjNqUVlBkXIaKoxxRopHijQbt4B2NEKSKaiNJqpjJXR5mSGjayWKV69KHdiQJaFhKwWTQPCcUDQLMgHHyBYTzVhOg1FdRn3TT2s3UgWdxpMR8QWqSvfsG8Q8sHIS+7lGep72DNo7wnLK0kztEazjh3FWSb4apG7HucbTBfFeFWsuDh3y7ycPxdrCgKCV+aNj0/FeS4W05GdDV8dB6Zcbm1i5ai0tuNeTzwLG+VBTHKmefcVaym5dezIyC2VuNYGzPUgGGRehwfoTAPCdUAwqlgjleMud03BjANcMi+Ns0GnSGvW4QnzwjrItMzrdpk3fO/KBVMXkEkrwrpsRs50DGSCxMOee9rtxICEREamu3esODndfRoQTqtY3DjdnUmJBUBb/wgdoUWf9tzDPD2vYgXYl4dOA8J1QFBVKQeeD9LXr6FJGhWfU7pBMY8jEYSLMq9UOumeEon0TQBk9t7166emzPtC5zt0GjLUanWGo+Dl1QiyOj09hGsy7/Llk+svUS2PWBoh8XsTknS37Ljm+jMKxUxJampqB8N49H91laTHuTlJn+NQHvrCgDypLbwYOIl+qtv5bWp1oWm9alrFeiVA0p1UlXrpATos65FngnhXxdo49/PuMQ+WflFAJLczd8VNAhDV0zYlqVYDmX5I9doDgnWhkBsqltfM0wuFAYvntt/L3b1pzktHkKoT88Ncc/SkhdbvWxqRZSQufRGGDZCYK1npE/ov53Q6NG0a/6uduCa51WT9iiXTgLweOUjAirmmqoacnVsnBkSiCpulSkqKsg0OSVJSkh9s5cPYEMh38Iepwmw32ZJyVXksdSdJIkl6mkC3q7ABsuGHXd9O2GHLra8diDqxZ5yun12p2sNFFQtVlYq8L/M6LJu/virWR3/Mzzh4PC05d/c60biA8JcOh/OHH9U/WilBRxZIwm7Dz/8Juz28lP/bzuF3pNJRv1T69vDwSgRGWOfwsL+VkKh+5aV34K3SzS2y0xgBOVeWOpFftEV52u56/7XScQAR7b9e9pKArMUt8873epJeklP//SBP/DivvkfMpQiCwyAganVdUUNK7kfjAhJVQehOUQoFqWk9hEZ5hVp5S5HY2rLrTtJtY+LhQORvQH51+yHJBy1AD/N21dMEUGMDRNr5zfdvS9FUqxYnIC7NARDB0Wtl4xUrOnVNdiV9L76VdC7IvOzNBLSl17zHV86lCIJW0jEAoqEodV1TWlfu1jnjAqIhCk1VCWDXUNSswAolWWZoSCApBEhCAQTkFPRrrX5IBt3sr3pSS2tHjiGUhqnMWCSVw3vcAEhMb/Km3rz8nIfmqxsD+XmPr5Z3w+aUEMHlHr5w0QAAIABJREFUrIeXYUNXqEDQm9W1SGB9u5zSFWAFZN2VvPw8dO/lgYRC5IuB35XfZR52V8vz8tM6FyGXNqvTh3sqFvazeScFiPksLOZuLO1hQFyerDj0bKtzW2f794K2915VHQSE0qjrTuQU7/7dDKFzQEDNPJXqqZHWHYIAkDr/pKinbcAMSKIZEOSPgmjoJLOiBmLJVtiU+CzqOa23jSidx391QDb8oK9WAkKh/xeEZSBTQRGJRcp22FzwrWCL7LiRBgrStAfyUPCdQPCPzF1HfGD6od1jAeRGrZLUEAr1d4ItBEURjYuOnidoDUHXwD8+B9pkQCOD91pd3AMkpKQk0us5iBWQ8oMHWxkORRCf+CFdjcFgyB8x+Jdw1NLy0sZajsWy4I/VUrJSrFaZUmm25JR6XdlBBAgF0Dwr7X8zZjgHRP9F4CzpmibZsUNRFcrCH/1gNLg7FhD9jza/VMqvpvUNGrJV9RwfGTTlFpl3w6d0QX13b4usMQCO/4L6hzdaaHofbE6MF2yJpcu6cvszIRsxZ2WlIUdrZa1woP+trcYCyIZPd9R0b+2thvdevXJdW5wbc1ahvbe7t1ahC4g5v8PUvfvK9R09yHUm96UiCDr2R4QNEC6oWNYIwuvIzu7gcSqCDNVkFCE7PsZOHD9htib029RUZbEG+DNqhgbDiOWPApaXl19zv84CCDJ10X//7RwQZak/3/x+7NDmahkME2gJxDgKCPTDFAO+Q0Cgpw2dg+TPd8LHPrcsFMJB3ipAsUG7Oua8An2EGNgAIQqzYVw5t+MIat3RelbRvBqpEZs2+ZgB2X9N2wevD8TCJBwmGnsEBxL0SPvafz0x/rPqAhiTBH9v6oTdykJfUsXCenAcNkAYJojHBLGMpdyJYcSs2Fa+ga6gn2WZoLERBFV4BI32GO3Pgx+DWPQyWokF/Ywcd016aPrO4jPQikfsQvGFEeu60JXclTxqlaOWMmIwjIwaDDD1VRmTAgQNfCsgLTJzbJA8eTAGEIvf+q4qpwAKOY5rhTR1R8V3DyDmgbz/WmHQ0QeJcHiLBP9U2ABR/p+9849pIk3jeMMfllx6CZO78/bNkF4nRpJJZyUx+8e6rufGpBlK4oYIyaV7gFFYoCC6FZurmU1Zc0Y03mZLIOCuwGLUPdoIIpYqKlhcFkT2OJYtx/aUHwcLFoHARpa4/937vNNCW/khMONBjjdKmXlnJtHMp8/zfN/nfR4XfPHDMUYoDaHSnJAgPTkxW5mdeHYcALkIgHxEtxbAqP/kSvLXWpv7i0QlebZj1TKvnKVHF9pVKgUgHl//MJXldHZ2wRe1x1fhrHG6Y8UehNP9/QlPs5prnP7Eq0A9Xny+S6ydWJkF1184LDpcfKWv0FmD7x9WiEhQg7n4uNPda5B3RyFZpU3FI5sMfxghBiEFxwsCI68gb26czTsbGKfmxx0yvgDSslrui4AI5aaW84u5WKGANCwDSNI4QmxYMP7GRBpXMmNccbriIoBgEkBpKn2K/3rEd38OEKJU3SOAKL+jmYEwFevgaEuTBXEoAMg9Wvx6YPAdZU3xerbc+ThiDYDIW7w659AhOWRew5MOrWsihWOgXRT/TRvitFqOLmmATF3+WgoaaEFaPWxBh6Lv4UE6X2cSry+9QPjINLFwOLe1nZoop+EEI6w583d5mVdFRkRU+EhNFX8Gj+zt2fhH6nYRKPxb9svjbIWJBOnC/ercxYP0IEA+XtDFCgYEFF4BPboebEKSJsyc7cVK/aslAAGzsQggN+cBOdhI065PQwA52BjP3K85P24OAPIt7fBHcV58w/c37EhfNLAGQORtfyCTzIsBYUotDENriw18ZhqDWEcNdpRp6CoI3UEsiHF0VrOIg2on84CQzYSkwokwVl3OkGpzVKbAMIKjBvrwcMUKETBUWlNjR6HFhKS3IEet1sqlwr/khYCKUKmWk3kRW25y5tadOp66mMwbBAiOyP1BesrCgEQ/b+KqZu0cCUKixe7ixlEz7YhN0mg0GukAES3If4i3FexiBQHyLW3r4C6EAHKVLvVmq5RlZkec38WKd5HvnZ6C1KiePKUq8cdGuvXT1QMir4qVs2uXTBYEsYxjqr/6sm6wg0GOYY/COiGQN570lyrqnlR7sjAn7XwYIFB7l2nt8igGbyBUcl0N3dke9HoUHm8LOVZcamLY9hyF4r1aM0q/rpZTxZK+gc5nL5ywUFhd+DgvO0qlfAVAQOZ1vRkm8wYD8sYNOn0mYyKF6TZqdntn98AC4VAa4/gpZjcZ0lqQ5Lv6YhxNl9m1CwDyj7SirqspBCZlaqoYpN+LLxZ9Lxyr44B9G0YlvZeE+UXDXz2DAJ8E8Hgqbj0CErfArlKJAEFVCaTOwjiNHFA10aC7Zka2BIoA0s1DWwR84tERKhQQvpYTqyxS++sZbbsuM4V7lKDDt1NPmhA6xBsG7XTrJATtT+sZdkYtp4olw570EZfJ5MzPPFWQHbHESnoQIJpf1dLY3DoDC4XhgBivmbniaM2xei79ctLzZwgClpgbDLJVEwHu8wvRUlqQ/cqyH067Mkc7OPplQL46o214O/mutnUbZqXNKcq8H8WXzib2jJsZAkj6lPfc13qbL/Hf9fFVR8816sem8a/a4rfJ1CplXjmbeMqkYgEgTLcOctgvNaHTMzqSy47faDTDg4vk72QAJ0b4UEDw9WiGrBfy18rHBnhvRU07ie0NukaGxYBgC1P6UAcEeW/1Wg0yWhDpm3hufedvLmdh3dnEJZMVk270+QGAT82xWoHu05dUpBXNZAyZTwMgQfNDafqqHTGRxqEf9LYdz//VV2yEeF7LafVkwLEEC4WnRQtSguOPq3atVmurhxiELBT2gYVQ3evrTr7bV3VUqbz4rK9hq3+hsO+msqdeywgsU2M/3as8WK/X2+J6GuM5Aelt00pVWYceh09aR6V/alUq1ol3Pnx/IwKS/hCeAVVFH8V6yFCMQ5F3UldRXDHnSeecEEAMcH2CGHt7rB6DguJJMqPak+NrQxgQcLGgI+5hOEvJGoPgryaJ65xv3fNL/+O848uku8dkuq98OfepMWYM9bunPgPjkfR8yv3Tlhiffx5/Rv/sdv8CDMTUud2xx/LdL6IjNQfy3W73FPkDx2sG5Nz3/ZBzc3D0ZJwyVdmTmX/y6D39gHi6LHeW5J/kTp8bzZ0Wfz25V1mWn7UVz0EcPtrcfN4b9WPuICSbnO+Pw/fVNleQJyp7RiuaC7MglQqm9q4KkN/94be/kdXFipIHELHuIZ9pZlmTf9hZ2mUAC+JvMMiT3mshgFCZZuxBze2hIoseVt9UhfNzC4tY7GIpKOyYIRpZxtxdCl4ht4ol8YhILTge9Potku5uzEia+zTWOS98mYHHtZT0nTGajIwt8/NJ+DMaMuHFi/FURgbRsjLmR5IUG6ZU/h/YBxqvBgrOnflkOHBGFPtC/pURESoV/hERuBdPq1563ryusaYNUzJn8+6SS+YNAAIRh9Y/OFr/gADir6oLZeLGJqlgQPg6s7/BZ+BRlYWYK5B1WYEFC6KgTnZgQBDNCGMveJnXQaQfUSusamKciC96gd/z521c1ZtbIuUey2bzftc3Npj4z1ratl/+/6tXAmRrWLXKjSLzBgCpM6PSzvnMi4FwQB6EWpAQQGAP7qUWDtGsxeR0D5MYBN5ra1bFfYFmWDp9jfWrl+lye/iwNUpqPEIeuDwgmughO1fidFd00CvOq5IFkItNWrZc0FuGlesEEJll3kMyWxDRZVLzMKC4KJF5mRHx8fwozYS7WN+YA80IFZ7bOVYcprBs53COx6ATg3RIPOF5tdWbX82ydOukQT4LckR6mffP+/a9tTILEmn82YRwtM2UDqymjI/kgET0jDbXOHOfKP8/ANm7bds2lZyAgOhU4l+toB5PDd8Oan6ggEKj3WFB+qDdfyfcKjyYrGfQTUjcIgVKQcV6zzf1kAJMnk6Y5+J5maqayFCbd8Ut2HYbD/hwsH1rh/E18PFqG6aSlSrVugEk6vehPVckVrFUsqlY/tf84zaQrki0famJQ+1E5i1NIK4Shif9r+pQmXd/PUMEYoVCN5HC/d3ThNAuteiPkRiEn0jRusTmIk/sawRkGQuS8/Bh7HooXq3B8XeGcUtk5HoB5HWNV5R5P/yTfEG6jDKvHxAe+q+NUDzFP61FKH2nGsJ2xjWpo/gD1dAuyhC2UAj9By/rKEp3pwMxI7ozYEHU2GDcaWJYNMJjHwylz+jw83QTaI0u1jIWJEqS/sIhT/zjnj1rqou1Cchrlnlhw5SsMi+2G/Ucy7qGe7NwzACFdwEQlnFc6T0JCxo7w1NNFPh6VNLQ5c21w/uvrsV3N/TmeAvtNGIxMNjE4PnO4Wlfs4AB4jeaiqVUbgIiLSCyprvLp2LRgf5P1GA9jWhWYBmGgfRbkqwocAi/3nQ6vOAYEC4om9cw2MYhWhBohnPEYv8L+2WMYBFoztGcwrkM2DFr4sjzaOy7TRo21jrIJiDSy7x/uXTp1xsPEJPFFmiQRlXmmgQWsYJjQEH5OxRmdeATFlcX77+4FbbcWixkyy114HwHXF/a/oEa+GqGJULB1v3BqQ5LFY45qMFCO8xbxOfJZ0H2HzmSI7GPFbY9dBOQ9S/zylT2x2q1zuPCV3p9t670TvL+5XPsSllnb/luG9TBF89tuTXwVnz9cI64HZGipn23fPhmKvBQPD+LT932rHkH+2uXefedOLHZH2QjAbI9Lm6vLEUbQuvsGiieDyROiTIvnKHCLp6/BWb5uSM4EDcjBq4Q59dcyXfZqibSZ/OuXObdBGQZmffdd9/fvtFUrCV3q8+vg/zPx9KAWHfuPCJ58erNHoVSB+n/Ze/qg5o48/BMDCyBRFeyCYedXI7EQJ2gVOWslwMk4rSAEu7IzDEWCAFhZIgBh4DAwBCYUgGjYvzAFjkGbsTRQ88TqR9Y2tKe1Y619k6tJx1PHS2ndeZOmJv+4z/37m4IScgHwd1kSd7HGUPCvk+W3d+zv/d93i/toJgPBeKPVU24DgNDKLB5X3f7A/oFAk5pGcoMfaDvcDgf+NnmrdA1+Xr7g4WTQYLSxXrFYUdEMUMgvNUhnHXhnjNILo0C8cMGOu+ebmhYGBkkGAUSvpbNnmpkhkCS3mJzjngUCKri8+lrg/hhbd6tTS8v6bYuhAzSd/ZsMbW1DZaM6Zt4hu6XSNjJzBBIKlsSsifcvy6WPzbx3Lp0KUP04dHFotzmrVYImN1ID101xV70NjMEIuCwpyb9bPM6m1UKd5iyPO7psHnFg8wWSNhvd4FzYjFCILhf4OTqOPak82tr6etJ94OLxSB4yCB9CQnF64PM5g3bspzDjqxkgj74U2xnbXTfNtKDWyCeXCzK+wNQh+mhDBRI+P5ICedPTBDIXg5bsmcOAqHV5nU2qxRmkCB2sQDe4UgiUxjQRAcJZLWzi+PTjkLG7JPOxAyCUt5RuBAEErs/kh1yUOVvfSStDnGeQGbZvIlJSfTNKGTCFmyMzSDUDzVhZWdno0zPILHrOBLOriT/6iNxEziJzU5nUfrUxWq6fv0szCAubV7KXSxtqULFdIGEvrkLBOeyZH+OyEpZjZ/CSv8LxFktAmYQ+vpBmG/z4ilk1UGOJESyqVPmH3XIkjeDr+dEOOkDcWbz9tO5LhZ0sdz0g2Tt2NHEpVggTB/uTipkchmHLeGwl72qVqqys6N8h2xVatzy1RKOhM05uD88bC4CoXfKLewH8amLhdY2NvKYL5Cw2MWvpoBEQhaFSCKnIg76DBFTkcSXsjmR61bGhs1NIPTavE5mlcIMEtw2LxGEsZPr3uJw2H4BhzO1eTI2NGyOAqkupXF19+C2eZd6XPZHGKQCAUkkfNXaDyIiwcN8kQ8B0lZkxKYjq2Jj3ZkIPlw4rvgPv4H9IK6gu/4+xQvHoUkqO8+ewQIBgbgldPHkHsHavct9hr1HBHsmF4Mvdu+y+dDF6luzZgfMIIjLTiLKbd7cUtVCEQjAr2LDw7ds2fILXwF8VXispxVWfSoQLjp7lVWYQSzYEaQ2rxOh+OrfXJYfdrR5c+jc5Ra6WO7WxdLp+qi2eRdWBmFm1c+XG+jAfhDf2rwO00NxgYSFQniF2Fn9IDTavPisUtgG8afNu2sxhHd4c6W9QOIU0Ob1TwYRbqhSozQLRCL5NYSXiJBI7LaBpmQRfigQ7zPIpf9d/ryK2ioWv7ZW5iAQNoS3sBMIzTZvQkIx7El3gXs/fnGhRU1lM12oENtVBzYtgpgfXvlIINDFcmfz/nj5W323hkabN+1tiPlhZmUimTIlOREKxB8ZpEJ3/6K53lBOZUfhoMLvc/UCDNmlmKgWzgfxj4uFthv1QwbqbiaXmumhEDagd7h7U1APNfHcD1I1Um+6WqWBYchggeRVa+m0eeGcdJfXDN88pfyH3voRNQxDBgNUglg0CgT2g7gerFhUdFbYdtVspqyShVbmVEbBkGYi4ISp+Y7mVZv+8kMbRZUsxym3EEwXCHSxPK5qommpN9erqRKIvc0L8fqQJXd2QpvXLxlE2pdVwUVQdYvJNFJFSX+hsLpUkARjmlqbl9bRvM5mlcIMMmPLEteobbtR362hQiH49FAUxjTFNi+dAmm6fj0BulgeUG7Ybi4zQCuLmeCl5W1Mok0gwb30qIcMki6VppM5pF2vHzKgXBiNzAQVNwbavPNwsYqKLFNu1e3GsasUDH1HU1OSwdMuUalMlSFIEngBF1+lVOYA6lqlshK8NCqVjSyE269U1oLjc5RKFbk5LigmBC+gOcojt8rNBqWjHLn4M1xckgv3lm25hPZcSvdcXJILccslc8+VM4ur38rFd8EVNcPFs3KpZrjICzXDRZtAKnS6Pjia163NSzyiNNsp6S8UlmKiVHBvMSwX3P5UEVYK7nuKCNOC+54swjaCb0sTifJYCLpRJOrEG/WYKAVEjYIoFjWIiUBMJIkxDAQpH5CAiKrEsEGSS2HhAiSdIpGFKw0huJJnceVion6Si2/LVeqUi4UgebZcMpKLR3JlAy4QpEkYwVVLcuWQXEoRJuARXNUWLsQJl5JsSuS44gInRHJpZfiFElWTf9wMF3Sx/NcPQj7627p7KegvFCrEuSC2G8ViIhAxsROBYFgaLhAMsw1qMRHUpWIMF0iuGN8Qgy8WD4Lg6bdy2QS1DRfihCsHF5sY63fkqsQsXKRAMItAMFwgdlyWoOaRXNmDYiKoxQ5cCpJLyyO4qi1cyGwuTEkOqbLhwsT4Vly1mIWLFAhGCARwxeFcGMGVR3D5QSBLgwC/dCsQbnpFhXR6EAPaZjQPGV63v1AYp60GN5yv1VaDG54j0FaDG56q0G4EAklRaNPw2FYIOoFAOgUKEM3CPK0CKEO4UauoxNcQ1ApA8CRqtVoQiCotwdVo5YoDXErAheJcAgsXiEA0jeDSkFwyK5ei1sqFn1CiLddGey5wFTptuSznxQNc/XZcKluuODuuPPKE8Gi245KRXFEkVzbg4s/iAn9clA2XwJZLIEimUSBCHk/GciaQ934XBHjvrIct2Fgzzb/yljJzWdXrNkPIcUNc8sUylNrbFxZZmvXaXFxHLnR+XCzauLhz5qJLIC62gV7y+yDBkjkv2oBWjZj03W3QMgpQeGfzLgkeuLN5s/CedCvahvTGkXLYzxdcAnFh8wYR3p9LIx2Hpm2ot4zK+YUQzBeItKkpy3ErcGFxQjChYq4CQZB2o77MAGMpmAQC4Qb4fBA7gZQbTGe6A6WOlX/anIX0mJ/ZeTQ27zsmTFnecj41v4QCCR5skErT7S0+zXazsTtAKlmFj5vvIQMPDttVIHY+OMyy/v7QJW85v3xwPMAEgs8qZUEpzNmlbes2mwyagBiU1XHuuQ4ZyLQXCHhvFcjuEm8Fwr3SHGgC0RUVrYHLbMwZLI2hXl/WHjhOlhOBIPMXCPJl4AnEic0LYXkeSvv6shy1UN5SZhpaGMuc3D09NjyGNwp69M8IFTw13Ufyx83g03+lgzbIbX2WRSB3JyxHcgcyz4+fG+79eb1VILdeDA/3PrI2XG6ZHvX8dXjs4gYiCd0em/4x/ykodp/MIHgR86PAEIizVU0gpi+Okx2mUPWIybgg+gvHP5WvqFuRseI40lPT1Uc2Op50vCiQ19XJ5c8rgABaL5ECGb8BjozGj0QGCj7bFlMnb/1aZhHIwKmMhjp5ycXpPLNT/tG2mIaM+AtAYsc+jo+pK5A/bwL6eFHQXBddcirm+OwiC1og0qysCtj15YVAEASfX7gA+gsLP26+8Eg9PvrGyX0do80PwSc3C07uG8jselZ19/Q/wZO+cPchQiCswt3kkfFf7UMGot/488u7EzWtT0iB9Gxr/fY/4P2h76YFUhD//P4tcMB3SMdoxsmf1U+vZTxPR27WlPy3avxaDBAIKPI5UeReIAgEH28EleAC+Dic2UJA1WXDZW2Mt7JOfHoAd2mPbTsgRXZmfiFE8q9kfIh80vAh/ssrGQ+tAkGOWY6sAUcOFHSBfIB8AgoQArmSQbRRvsm8sH5aIEfxbDQKFHazpkuHlzvV+iR/NONrhAV+BB9fybiMEBSH1weEQCBcArf4nD1S2utNRsZXsvI1mnx1W8sLPOxP/FSiw/8rRtBypLzKcPta84xA1s8cmW5ppLN6ao5KgUCKO3Y3PzQA3C44YOlP3Zl5AX+i/h2I7RuL4wWEV/iYbNCDNkjH7tbpItIAEMgGqTQRVrG8RLnBNDyiZvplK5z4242GeHk0iFMieQzgaQQZP/fRH6PjY2JsBAKOPHNjRXx8NCGQfxDp5/uuO7hACh9HR0fHAMi77kwL5DyRH/BslEEcC3LF+RPfH71Dfny88CeiRDQo8u+AcLGgzes91Ff1+qvMrmRxC0fl0Z8NGyfwKhZofnxVTliwA9vkdWfMZaM2GYRFHDlmnKixCoQ7I5BDvXocxnqpG4FcBgLBK15cQiAl00XSA8HFgjavazibj0zg/+xdXUhbWR6H+3JerhAoG7nkQS4ig3ihIPtgh5npbuclEVxhA+vDXE2jFkWNW5OGUVxMpGJuCDIGiyk1EYdW14+d2nbVqY2mrR/V+jlWXKNOaaWuU9vS8WEZ9nH//3Nj1GqqM41dDfdAe67ec345uf5/5/91zrk5jlG3TdIf63wheBNLOeiDeEppyPblvyZ+ImAyzeCell0+SGu2R24JZlSrLP9eMMzQBwF7iXrnosWh2kOQKdnakk0s2SWnJpZ8KVrMqhggiKJBIhcmN9J70tkTkC+cSv87lWQNDfEO8Pc1/QxpW204jX71q5Qn2wQJtwQzqTV7AoO26JsjQeBiqA6+75SmU7uHIF5rIzoe3iCQaJg6802vqJPeV0fhHtXFAEFwV6lymg2JqF5TI5BAX13oKjjWoazp7PzvHbOvrTwliDfI48Tu7LX3/ehYGxOEJzs1SCO2zOaRIJzQuQnX+YuhMG/Q3vfcMZVH48TvEMQ5rKt/6VgL6IbOYmy3/+1yLUfDvNBldkeXkx3FYqJFjyJLtWQG68OMZ3+Ieqpfi8wYBTJL9A7+yCxUO1R6PVmQJJiRiqTqncEguO20VL8Fte2oluRXXTotkmTBSxGQoFPolZpmKXwJH2thnGbaXC9VW9QyEoEP+uBvVjw+3h2BIGzOPbfpmvn4/r1VhmFw0Hm+J2B/gc9v8Gk7PHHVdJ6O54T62+mP6gyrNadxsSL4IOCga+SWF3VleQKna7yBecWau0Rcm4QOuobHW9rg4tMr1Nl4Cv7HwqAmhROEjRbCivN5Ok7In9TdIGxrB+3yoC4mCBKtshbgBN7zc9J0kOZYA75F1NTlL8jCrQ5e4HwPgCoDHtsrrrEwMPMmj+c6l9YCGq782XawfMBT2KvhKx87bln5ZHjqRJwfS9bA5SYq75l16OT7GQiwcNvH4yWSYm2ME5JnbtFPW5+ED8LGZK7+TZDz3P1gIUtKimx+mq+ZmquPs5funHe7TUtkuYIu+vBW0IXo7Owbt6uw1FB4p05cKywlsxVLDAm1vActZyueL5vcph9xcpovxNDuwjrc3CRiCBY6YCWjimsut2slLgy8uVzxdrsLGwsE0UYnk64CFdtju221P2vryC9GDxF0OGl7NdFiGNR5XLYRLuUZYeZquMr79QVBjt9wBQRfnsfdy+/It/oFrrH5tpUr43tu5en61IDC99hudaS3J4LeTuY7Xb0azPD26updtt5sAWa5aat9w9YrcNwiEefSG2ZsvTrgheiv4cp99RlHK4BFFTcLHcd4UZacAGbk8yC3DAVWxULBC7zc3UEM1yy7AwHashFknWXF7ctQLTdnT5zdHnmxYlSc9CmaPp3K7kuj0US/IAwlgRnclzadjqlZcU7Xl0bmhMalIos3KPTHEW+H0JlBDIP2f4cx5gQPzFR+oeZ7hrRa2xPF2qdP0tB8bigGgvD9Z9Hq7QerAEOKTvAjwaROwd/OccmL4DLmv8Bfp/clwcd7NossR5zIVUmFJyBfqJQPI0iUwrxpF3WdS3rilMwMpp4MAV/HRAaZAz9ttmIFJ6WLuFZhTvdP6i+ijnHWogZgpuyPwxOY344ka03H6Ecb9BfnbRh8bwtQgky00Jt9aSHEKd0M/hbVRNurmkVwG+lC7bYgOKV+RP3wOSyjJLcqsnpl9ZLJfc2hpFljmiDR2g/i7cBk08vfg7cQrE/0Wq/47T84V/NxXc/C6Jvm7/IEJAhVF03B9lL0GmvQuNpBkNBtUDtqShB0Qqr/4R6ZTM5HgrQn0psYdVwoMCHiTOhHIg4D1rDQ+RDKSCW/CAT5TzSeWUmkMO8WQ0ZtphXlEIeYJsjZrQPMP7Qsj/g0Ot5zI805WHP3YsqNVt0TrxXE1zmQlyIk+yY1lCDPqAZBWRcHG8BrTNutQeQ1p6gJKEGWxzQpfHlZXpggIjAM1avkAAAgAElEQVQiyTmHiJ7JHQTx1yyKg3w5LT4fEiQq+3beE+alJccy6rJJymsRYpkgUSwLo68nNRNV4I5c9TcUAzvWU65i3Dz/QYEU15q+hyA1m3s0yC6CZLSt2jcK7zkMtQ07NUgaIq5Y4i6mI0FoMopqo2H7Vb0Zil6vjhZBiscvn36vBcVabJgvVBJJCkEOdNJv4n60tgBIqjevrKNTa1htnGy4C9YPZQA7lQJz/V6CvE+D/OS1Ug+jqYOCbmmQtGE7XQIEbr+6KUgXkTYFOfRB6IrsttvNLdEiCFEdIPtMkVTRXKC8Rj2GCbLfrtLfUvxPh0pDASdDLcf3M8TPC4+0uEv5CrgU00FhY4sgTYfUIEAQ3G9gGNYk/7BTgwzb+4EJ0+DVqEV/SufzotlenkaxGp6picGvmyglH/HsgGvNxzpfqJTjEcVCJ72++WHQfgVMnoEU/r8YcBJQ9luz+ZvNI9bybBDwOR164SFlENIgur0apA+u0cQy1Oo8zc0BrhzXL1hlDZKOJlYNRdQA/5pWdflleVw5EEQcyOa/ax5Lb3iBauujEcR8z/WwWhEvhSAHOum95ZWV9x/gNL882dkCimKsHs0f5/pkZWX5jNRbX0wGfCi3TYEhlHV/PW5Hmyq/GoaQb093IGXaxjozyCxibvyy7nvMeANDWnpzRu2cAkTfA2msvgravS7zbazQiJg4H6hMLt/4BXWR70U0vlPL6dPFB6lXlb7iYaGkhLJilSD7ne7+24potljk/XdiDiKyqpBpXmTB91+qclT0HwZ/chj6P9r3TE5YApmt29uNRAddZp2Ts9UJbzJEv4XonF+CihhwwxyS0RJala3KiUp2Ivf9Yd5QKEu647Y5VMrG5dgkyEc4OE48us6GVdyuIE5ltx/J7s7cv5w5mCAqvWQyjSr5QiWKdQyLOKdr7HGPcDVH43JUpXaXHCz4rH7FZhrVKwxRCHL8iuF1RzJXWfbyiJZdMYdSrqH9hYqMxSJBIu4qPSkF94Ak/b8HYbGZKiRFhcQiQfZ7gc4JM7PI0W08YA6nQkiRw3azQHn3VEwSRDm0IXJp6e7OPZzUs9fcplElXxiDBMFdpQpBSET1mno4gjDme65mKUdZlBVzBFGp1WolhB9B6g9PEHx/oauwWskXxhxBlPI+E+sQmfSwGyLdcVU4FB2iEEQp+6tiOV+oECTGCJJRUlKsRF+iUsxKvjAGCXLyw7xHqRXU6l8h76qilR6b8hr1WCPImTOXlUkvQqlKTS35NQ/HUuEySQe0UWfGxzOEJGXG43FSoSouPjOJECY+XMGcpYqPj99dwVDU2xVLex+AxYaxMrdBImLtANkHS7UflvpQWAgSfSx2G0t1ZASpGr/cnajV4ii1Wi2Oa1eFaxnZ8JLGOPl9GWe12rhwxUCFg5UrBDkAKy4yVgiE3QbZF4s9FJb23QFtV4fFOtRixV2hLNvNggOMrD8kZF2CIXyRkHUOGn6TkPUlQ1RfZSV8DuM5l5XwR6jOdyX8mZD4T7uyviXkswtdF04Rcgqqzwj5tqvr00wAyeo6n0RBLgHI59tYJIz1CcVKCmFd6ErYi5XV9TuKlfUOFjyFL3dhyeOKk7EyAetvFKsLsWBAMtZ5GetSHMX6RB7QOUKxvgGscxQrSR5X/DbW14DV1dX1J0K+zqJYf4UB7cIKfbmvdmF9sQvr1JERhGFZ7bjRmEFI4nWjsZSQUuP164ngmxiN41rgj9F4OS589kmJ0dgNotRtNOIJyKlGYwk8vctGYzEIFIBUERLCKpWxMgALQFrO7MTKPRRWizygfbFAgKvO/I+9849p4zzjuGRsg6lBJzhMCVhnnNoJCSHNQruc+VEIKCI/gAki/AcTwWnBmM6lwQTHApVZIXLSoxCnyTLcAE2p1jUUN6EkLEgLs9RUkSpRTZWqJduiLlIiokaLQpsm6zRp7/uewdjYYKcG7uz3+0cucMfXr8/Px+/7PO/de7qjKv9e0l/o6IPA64Z/r2HkpXN7DSd4eRGslyBW+ilsUAhlXncpy2E06peeLyzaRNVDQEgKfe4khQChSBTUFAk+d1kKtakIBrWWDWqtFgaiVjsCA5HSNsDgoSiNCpnUw6BmvUqAFwwe1quNIiEgwAsBoiWh18icFwIEmLBeKd5eAv9eCSkUiYJaS0JAtFrK49Uy71WfgLza2DeHAFnopWK9Uj1eEBAKtctM+ffa4PGqJak+X69cYLJygACVDetoCIhOR0NAaJ1uPRs8ZSh4biSwy3vAQKRpFIg0jYKaplFQ0zQbiPRb815v6NigBl5lQXkd9eM1F9SLvF6Jlc4FtR8v6VEd8gImbq/3A3nVIEBeB+1SzS9hshV4QUBgg8oPHnwrpMsgBbZJhrEu1YcIiuQkAkROskFN1gJAdpJkHwxEUg4B0VByBAhFtsCgpuCXbLKW0rJBjQAhWUCAFwzqeS8UiCQb1MhL5fYaoRAgWgoFNUVB2FpItxe5wKsPeAn8eEFAgBcM6hFKDgGhkJd53kvDerFBTba5vVBQL/BSsV6pfr1ItxcJvYpZrwLWq8S/FwQkX07KVxgQGsWQjkaA1NAIkBoaBXUNjYKafRbub2rcgVjzKQKkhg3qGhSINAsIzQKCvMpraLosgNfWmhq3FwsI8rrBeg3TLCBeXvS8F+hBXgdeKvaGDV8vaVBeOrdXgpcXwXohQFC7Qp1DrbONGS1LzhdWms3J4GVyO80VwDy/sxOEhKDCDDdEsrkzl92AAJGZzZ1g9K0ym82gkQlgAxqZCjbgDVd2zpkkCxZ5dc6ZLO+VvMgrH3jFroWXajmvTo/XjoqFJqqW850JKwmIrLy8HMScCmzgOwYb0MpXwEY2v3Qv3EjZR+KCP3ijvHz9/IYAmzLWpMyfl8zXa/2yXsQiL0+DQvVyt0vFei16c+XE0l4hC84XNgUuZQlUMlwzjLCJQr9PwZUu8dNSXkH/MojhzLO8VhiOXcap7ridCTxfKNtZ35aPgzGiAMEKcb7Q0WW/HmilLJmG1FbgcxTe2ar8igoVBoQ3EhB6Z8D5QlmDnMKAhFep9StcxcIKs0xjDGMK8G1XVVSUis9QeAFJoTAgvFKzqcv1dxtej3TVepCVnCjECr+kzY4u4xi+vxDnIFgBPjKbw2i0tvopZQnY64ywuCcMyGr2IbYmOF+4mBBZW4MGJ+kYkKhXnWls0OInDZFpqBEMSHglM3eeT8CA8KwLibXC+cLFHyYu84Y/SddQcpyk807VVqPr+uLs5HyL17ddrXwT1rNIXuABBJd5+ShBnd5lWfaxCMdiJFjPopj/egBpaxjBgPCwlGXSM4xpmau89kqUSiFWqFIqJS94TnRubq4MA8LDQZbJwuhN3om6oNL7wwSAJD2HFaqSFgKCq1h8TdThfKG+lfCuYmkbKrwAEbUnYoWoLetEGJBIqPW2TjI+84W+ZV4AyK44sQIrFKk3egEia6mqSsWA8FI2C2OxLlxt0fdydwhIXhxWSBJ7A5KqIXGZl699iG1s3LLwFnUiGd1Vyh9AxGL1KkssDhkQPA/CX1kZo962VBWLw4Ao1PvUiTmPet9eRfU+ykkEL6sIBZANmoYKDAhfS1lWo8sReElrDgMijs/rPVO6bla5yppdV9rTmxcvDhoQIjwXgGJA1ihR1zOWyfnnF/pems1dQOI3bm9PEklEwtWdqAGvJpJIlNu2J8YHCwiuYvGbEJOe6TLNXdjrr4qVx8nUI2WdSASDNUYiVCatmpRC8IIASpHo1PY4MQYkKmZDTF2e+UKeAKJO3CsEeMTMbvsgpaSgsGjVVFxQUv9B+6xEBBA5tkUdFCCqouLCSgwIj9MQNF/IEiJLWTRRyEFAxBt3xYDv8pfkLWtyc5fg/KZToN+KaU8U4zJvFIionnQx7seo8yMHEe+VKEWzv1zDBbxytbMipeQYLvNGh2xNRqOVP1Ws+O0gCXipeG3PWdUpMMzqiQ8GkJ319bjMy/M+pGm0ye+S1lwERP1oViicLV7rk1b1ImhFr3p5QASykJ5zhAHhoqxGY5MNomLu9FpomYuAxMMBVtvan7NaoVJSKsZVrOhI1K3GQQfoQ3hwLZY6Z1YoKeXAEtvEXokwyV8XggGJPKH5Qkc1H8q8+86IlMpCLpy0oiSlxF8W4lvmLSzoy8WA8J2Q43qjxdSsamvQ5HMbEPEuiWgbJ57RQICWtCuWBaQSl3kjghCT0a431eX63lHINUDUW54TxvRw45xtkghfzFHjeZDoUPOkxa6v5nwVS92rVIpKuHHKCkVK4dvxywGSULshHM9cwYCssaR1k+OM7zIn3ANk33ahMKmFG6cseVYoOROPk/RokU1vZGa8bw/lICAvgHFNLjdOWCUA4WU1BiR6SllN49M9JLerWPtelohOcWR9baJdItmLAYmeQVaz1XJluofjgByTiNqlHDljpRJR6bKAqApKSnCZNzLUOjl95ff/IDAg4QQEl3kjR0TrGNPlqBZgQMIICC7zRlIaYtLbPfcXYkDCAUhCX20tLvNGTinLyOhNaJAlrWuuw4D8fEBwkh5JY6zigpmu8TEWEJvJVhqDAcGAYM1L1kBqZ1xGeH9htUlvsWJAwgAIQRACDEiEAKIhtd9eN9qtBHHc4uxvaseA/PwcpKR2J85BIgWQnfVtZluTfWzyepdzaor5HwYEV7GwFhIikxF1k13MoKv/SNbAIAYEA4LlK6lN7zo0NZCVNfD5RzHCEAFRL71urUcKtSE+Iypm0gv78A1TkaS66uNNox1ZQEf6fwoRkLy8gpLEoAgxiAt+LCk0qHEVCwPCpxFWYUHBvx1M/0AWAuRQqIBk3Pn4teHng+Hj8WhHZtrUdI4aA4IB4REgDfK7Fnv/EdSBZHVMhQ7I4W5dEIBkPH51c8ehqbTNF3LEkQ4IXvYnkgDR9Ew7p9x8AEJOhgiI4nv7X7aqgzjsWvbJp4qWBx3ZVw0rB8iJB4PlSx5wy/Whz29sOwIe7GdXcGXe2g1teOG4SAGkVvPQ7h5gQZ18EuMPkAyDWmFobGw0sOmG+/8GgzhO0dio9tlvMLAMzG3h8Z+kd//QGKfYf2nPH7eIVwqQXx/4V/efljzgzX9+5lWdOPHX++8EKFz43YWrWFGYotscjHNqwN2JnPULSMbN2/+psow7p58OwejOyJtxOcc/zHt8u0+9cWbikdizP0+sqJqYeDoEw2ZmYmIufzfoR+/DsVXjd+lnc1YMkNgDF8ffX/KAN/dc9fr5vW8uBAAk9r2/XXhGQPDl7pFV461rPe5oso+iXqTj7JMnuxYH6f5Lu69cTt+9OzvtdKI4LuP7y2mbd+/OvHLtt3cb77z6ru55tD+b3Z/Rcjk764f9cYZPDm8+PeSp8ebFKTIM+y7v+SJRsXY5iC8gf/jmQoAFhaR+dwVX5i0uxI8/iCwRrY4uV/+hgY6Osz/5BeRielb6/YfMl2mZdw0K9Z+zu69MGL/MzuqGgLw2DABJz8pE+7vvGjLufJx98lcG8O8X3qOpvKKbLnhAGHKQE/cetj5wjo7fhNc8nfj681HnzLmLP4Jf28tjz9m/veUadT5cHxv79eBtFRhY3Ruc2BF77uLDd9yAfPWdc9Tpurkj9talw2fhvgP3gMNtNHfx1cXR0fGJMrhrAO7CVawoz0H6SvpyQS9SbTNdNzoHjgQEJO300P5GEPQfDRkeH868OtTYeOda2gJA0q7O7QcJx+HMz8SXs3/3f/bOPqaJNI/jSW07nVo2jVSgtIRSpHvYkWBAj+NljhdjdvCFBJv4B1TIQYF6UTiPFzeQE3KsWl0FxQU99DguK7sCmmVdrBxUfFlhPc/Fl1vXN1ZFzhU0esianLlccs9MeWu3QGFrnR1+3xhH5+k8wsPz8Xm+32dmnj/axFu65svFAeUz9eiOAUl7mHlGe6SYCn6E+v9nCqIzo7yTuo5OV53G8rS/Kwg+kqg9/x52VF+OTPlRfdVVTJLXWzkCSH+GdmsnuvZjLA/NK4tPRdS2aoPRiQE0PbuSoT3SqUfXjhQBIHM+5pX5jyQuW8py9p1rnASQxL8PiemplvaTOl0L8Sm915KxecIIMlL+JSpXiXxaFNUnUKHOdiXk6dbO4IDG/7hiBEnbTmR+t2Onhejag/p/tXldj0VBHESnM3+D5emJUw+2NGeUP8JSOxJr1tQeQyUIk+NfWwFpeFh69vmGHnRt0Lo7tyrv7TBZqMZ/b+xppU7tSbWUnt2x8cpg6ccbr9xqvLeDNxtAJEEeHhDzcgeQ0ZdXSzds3FL2v8kA+ZTeXQkdP6nL7dYeoDu5cvjYBEAYa4GONCDK4TNyueJAna3ZEMaRsTmX0bgidgUgpXSnP1xQGWiyMH9M264dBURR+T06caEUDR5prdoDFtTxJ3qQ2u6BQOZaZMIZk364oIa29g2DVadNrQgrNDXb98Cxf3cuxYpPXwgxL2emWCnjb+CQSNetcJhiMWCoxgG5ZAVkcAIg1vKRo/FGsLx6yH79UKVUZr3KIE4qXQFI1bdMCFXzfcNg9W/pUx3UKCCJB+i/X6MYhG4FKCr/Ym/STTt2XmzRjwKSp2gso9Vdej+1XVv9Rc69iMkCLidjXthhiquJVuqqebgTgLRNA4iuRS6XX584lzJmWceN1a1EV53KBYAgEugQCgFys+af1r4/BkjbKDDoO+pQBNy3S7G+eXroiEKrkI8C0iGXa2kR6IraVj1FBB9C3n72gEDMy2E5fibdBpCSVmt8q+y7NQkgyKUHH5FnfjU+hGhyTrTRH1Ct/pKYYc47GSCnJwfk5DggDdsVBDOjGgekYTu19dC+nOaxKdY/Egdy3kfKyXmALH//00MZWuIgb/aAeCXHxkLMy5mE1/bxUCcA0X2mqN6rE6mynskdA6Lsu0x0xZwhGumU18jcv6troZgpl3H4MnHAJVMsGhAJDUjaw/Kr9Kl2ygEgqde0jd2llyImApKXWPlgxL+MTLESzzOFPWXhG8r+xsNSe9oVjXtmDwikWFzyIAnxKeEzA0TZlxHQVZGlac6YBBCNRZH5VVZzAdFmVEU9MacwpoSOhnVZuS2K8h98RK4cQVKvUecD6XyWcADI0YLM01cKqmjjvWHLlggGkA7Go6S2016+9iai5HAG84HDt0ofNdxk6r2ipwGpDARAABCDM1uw2QCi8nmqJ2pOHC+QFzsERPdMH4BcvMZCBP+QNTxoNSxCCyEfePGiW0GMr667ZARZg9UOlg5se5oRoPgxIKjoOj2KVK5BrBw7YY156Vh4Z1mLPoABJPPPT1LbE6u/23mjm+oKNF2gGp/svPFQeymCKZrVOojUOynJCwCZU4C09I4AQB9Vmmedckpb+SKj6le6voJyGpDxcuOrAqqLviGlb5CqGRq+2Wt19MnnCpAPpjLb3hG6ZKGwyjqCVCP/cadbT2kHLLQHYRYKe5kUq6P3oMnS2/Ue+tTD3lNBmHWhsPcklnZBoSW0mfvOlF7FTBe0vTWBae0FFKElBv6AIZOeiAoDTm1min40hjiXYuUbmsCkc8WCxFTEJE0LiOq2+fX4MUqVFfvEbF7CDB7JZnOIcGK5ss9srtDQoe5ts3kITbFeM55DJX61+9zXZ18bha5YSTf96S7ddzf23/01ts7DVJZ9cc816j5m6kene7JpiyE5nP3cdDH7OWMusu/uQb/d9mLKJKb+TZty7mF3Pn+OSdKy30dlvDvbNm1CVWFYRNrFbZu2oU+i4Ykpmg0gC/1lAMicSrFEyizj2NH4+FBbXZZOl/VYX71Xo9LphPR5n5FyH5FSp7P2ISVdZNSNrgsajWL0y/XPpF/rvMpMupglvjHxJEipjq9DZ1Ehk01IJKNnRpU6VfM4F/MaIOada4DY3DLyOLH8X4iEV5dnmti+kbea8Dp6K+/+vsyibdz85pvHOQ9SUl/vDYBwxYTYPh7qBCDK4TNE8MAXx7cS1TO9r+qNvPbnm1aFVq6gOr/FWAIIpFhc4iM+P36m20Ar+04UUxRV3OgOPpx4HsTUv3vf7s83YwAIyPWARDqTYtkTokH+2/y6zh18OPPAlGTMS7BjimW3tTYA8vOOef1nvgVblFGn04lVIpYA4j5BijXnYt44Mi5pxoDAq0enBCR9PQAyh1MsAATeagKAACCzB8RrradnEADCDfE8bB8PBUAgxQJNNOnvpudHAyAACGgSQGYT8wIgU8e8MMXiECAGP38AxNUmHZ5J54ykybHJ3mwGRLUafUm+Upa01koc/wDWQSDFYtUIsgjnz09iR+t4LxXgy51YB2nyB0AAEDdJHMbnvyxhR+usDeXjH4mn9SDR0dHgQTgiXpLt46HsA0SzV60WVLCjteL4asEuMaRYc8mkpxsi2W3ShUtC+fN+yY7WMuD8l0MQ884pQCL9m9gNiEi0EhcUssKl81bgAl9HDNutpJfU53oAIBwBhPUxr8jnQwF/QTIbGqvkJR9fLp4WELgXi0OSFtWXeLAbEM3QAjX+VzY01iKcr96rmR4QiHkhxXKrC1mBq9UssOnkAr6gMGr6KZZ3fqQB3u4OgLgxx0I9c9lbT3o99wv46l2a6QGRJsEThZyRxO7xUDYCIhIvwtX40qK321JrC9EXsdzhjteQYnE5xWL7zYpMB1w5Ty1YluL1FtspwVegxgsdvxYSAOEyIP4G1gMi0izxxdUCQWF8+NtppaSElXzEx/4QjcgJQGD7AxhB3E5ISCHOR4gsW7U+JrfIM9pt8iyqJw2r9gsEaj6+dEgjcgYQiHm5FPPaPbvAUkBEml98GIoQ4eO4QL0gdL7bFLpALaD/TT7+ctE7GpGTgMDt7pBiud2HiEMWLRPgAj6ixK1Sq/kIkfnLh8RCkZOAxKdHQswLgLgfkSULV/mGqnE3Sx3quypsiVgzVYhgG/N6eHvDNtAwxXobiIijQvbuCgv7yG0KC9u1NyRKLBZOnbJBigUmnR2KEmrEq8Vu1GqNZtodTQAQTse8TT8nQNg5stkCEhRHkhDzcgWQ9CYDAOJaQCDm5ZAk4dHR9reaCDVC0EykiQJA5lCKVRgCmqGG9tsAkpKfDzEvZwFRq924DscRharVEwDhSb28JAAIR2Lektx6DztA+KCZryZCisVRk263T/oH83DQbDTvvwDIXIh5YyIXgmajyLjxmDemoiIcAOEIIPmR6dHQDC5VEqRYHIp57V4cB/rpgpgXBJpCHgnx70YDICDQGxUAwgZJk2NjvaEZABDQJCbdLuYFASCgiYBEAiAu9yAVKSngQTiioHjbTTxBP12QYnFI9ttAgwAQEOgNT7ESUmAlHQQCk859SeMqEtB0IJwkSQ8MW0uScV4Y5hlDxqF5VwlJJqNDLknm8jBJMkmWoM/HkiT6vFccGYO8fRC6DDkYb3RA/2UmoYM3hkWjSsbrKiLH6pJY66Kz5WnrCp+sLlRJPaoLm7QucqSucGtdSTZ1BaFvbqyuWKnjurysddFPzqIvyGOmdSUzdQEg3JCXQeYXi/qvTLYe/fhjF8sM6OdO+snS0c89xk8Wj37uCX6LU3iYNH6xXwV975bMj0SdJ5K5zLtJthh1huj1Mv8i1F38ZetRj6qXyQzWuiJH6vp/e+cT01QSx/HkXeZSEhJfSJrGbRrSA7wme/HQw6rL48JroiZ42IN9dmPZlKyJ0miDRIIlIbiNIXQDaW2RRBOK4AaDuP4Dq/zVsMIi1CpU8U8giGDKbc/7m5n28Qq4WW+V/D6X92dmvqVlPp2Z1weFkNa9pZmscsKy9m/L+kncew2yzCL9co1M1ukvZQmEHNNnWXlWAc86Aln1WlatqM8qKxV/LmBZZzNZZIesMr6UqNzMEs26rEr4gTJZVvpClZ7lT45lldIsFGTXCEK/srheNP/BOqJ5J0HEciqIuIMgv5hFJoiZC2LmgphZpxZzO7WWRVjWDoKYuSBm8x4tKyvItiwmiC5LJwjr1GYuCMuqhSenE0TMFUTkgmzJ0gtizgiiy6oUuSBiRhCRCyKiILtOkHKZLigPy/IxmDnUy3I5/MIrYQO/8B9leT9sDsjyARBkvyxDNy5sleVK1kyGXlNwTJah1xyBDfSaH2SWtYdnXftSFslmFfEsa26WvCWrPCerFULKIEvYIet0TtbhrVm1X8oiO2cVQFYt/QNalrWPZ9EX6og+q9XKnlxuVhkKgiC4SEcQFARBUBAEQUEQBAVBdi2B9T8bSGr8naA/qTuG8qtfm5m4uYCCILsD1wf/9ySmtNv1J2uUdkErb7v/lZHOscUuFATZLSPISAOJOXIFgWNNkOaqrxWEDPlREOQbonCne+udhTlC2HU1DXBMyPFcQZzHt8Vu7h436M4asoJsb4KCIPnGzHpfJHJztYikRjbY/xpKjK+SQGI8Eun7PQ0jyMrI1Ywgqf4Ir0mPE32RvnsHNUFSI1D0jzbMpEYWliFhmP0FRvJzJLsboM1Wx5ggqfGcJigIkoc4l91Sp7dXsl0WrviqTsKZ7rWmV664ZPR6VSl4CARous8FYTU7JQusz2Nqpxryqv72Ci6Ic8onPfaaLMPZL46rkR6r5x+bpE/FIMIj5ZzXrQRfgR9jUpO313LO0rXZpAgFQfJ6DT55kSSHTD0Vzrj/HZ1OqU9aapTwgjWwvAbv9K7mNiaIsFmzhcSMltF0YHmelYMg0762t/sCifmmpawgquXum6MJN5xwNftH3xfOxKUbxZAdWrLOxE0gCG1SEWA1UBAkb+m+03eKbtzBYqYGcY6BJlPee2wxrbzTBKE1YTggHbxm+CPsTzlGW6ggziFlkmnhGM2MBzWmII0dg4BpNXyIPsIj/xIoeJnvdkHRHG9y3Y6CIPnMr2caPbd80O2718CFjvlQA516JX+Lfn7m3xTEzmsOxNVgBRw/IEyW8HcgyAkYJIajExPRFSPzhvX7drp5qFwGi9gumVXmXGtVJ5h4/q5Ac9MGa6IGi1EQJO+rzv8AAAK9SURBVG8xJPu9522KyUj7KfRh2rXtxJno61Ulm9GmF6QjW5MKQt/+Dd0vQy+YIB+MNoliC73ICnI7K8hDPlSQh47b3S/DL/jpLtdapokU+oiCIPk7xWpWzt285FmmEydyxddzNO5fYksI70jd4JhuBBF4zdcJtyYIAUE+ckHaNjyeAY/HM3HwPwSZhPoNmiBVW5qgIEgeElOD7wkRYLIEb+SuO21182AKTJnmrDBCDEH/1tYgMVPwDaEShU9lPyichukWXYPAfIkttV0TjdZtgsDChE7PnLAeAZGe010+xXqeaVKEgiB5C6yzBdplTSF6R9WUpdMEy+3uD22vqAu90tymIFOO66xzm2CaFFND9wkJxJUHAruKNSs9OcWWGT0V2wS54q6i9ky7IXNWudsCufTqFzQppnHKkxYUBMlXnNO+kuHG6C3VwiY/HfOWKt7zb7xuXOm12SY3BZlWSzagpsMSvkpiRlN4NRp3/HWSX+btWPPfWB3s9zVlbyHRCQIOhDYaV9xKexHk++8uJNaMli7S8dL/6fVgv4qXeZF8JjDrUySlavgp+3DbObbI3tBTj+iK+9O6o6eFf1CotNsDsyVQM3SJ1qxRIs/ggH72x29WTD11SFD4NnvJtmaRX8VahPWHa50+RMnf9GrVNAQr4adKV7ZJ+K0dBUHyF8GeqqsbSJOZiTS7phVNs9NJz4Xq6MFAdNDqTEUrSDL6RiBOqOlJkzNQMxm9mBy4MECnVawcLFiuuzCQ1mKhAd3M0DgDSVXXVb9nj2ZIeuqq08kotDRsaYKCIHkJv40wc3OuwZC5q9CpnRIEIVPLQMuzYml3H/JywfA/HkQ7YjEGu+Hbe7VQEARBQRAEBUEQFARBUBAEQUEQBAVBEBQEQVAQBEFBEARBQRAEBUEQFARBUBAEQUEQBAVBEBQEQXYN/wL9GbE7FwPhhAAAAABJRU5ErkJggg==" alt="services diagram"></p> <p>A container is an isolated process. In the swarm mode model, each task invokes exactly one container. A task is analogous to a “slot” where the scheduler places a container. Once the container is live, the scheduler recognizes that the task is in a running state. If the container fails health checks or terminates, the task terminates.</p> <h2 id="tasks-and-scheduling">Tasks and scheduling</h2> <p>A task is the atomic unit of scheduling within a swarm. When you declare a desired service state by creating or updating a service, the orchestrator realizes the desired state by scheduling tasks. For instance, you define a service that instructs the orchestrator to keep three instances of an HTTP listener running at all times. The orchestrator responds by creating three tasks. Each task is a slot that the scheduler fills by spawning a container. The container is the instantiation of the task. If an HTTP listener task subsequently fails its health check or crashes, the orchestrator creates a new replica task that spawns a new container.</p> <p>A task is a one-directional mechanism. It progresses monotonically through a series of states: assigned, prepared, running, etc. If the task fails the orchestrator removes the task and its container and then creates a new task to replace it according to the desired state specified by the service.</p> <p>The underlying logic of Docker swarm mode is a general purpose scheduler and orchestrator. The service and task abstractions themselves are unaware of the containers they implement. Hypothetically, you could implement other types of tasks such as virtual machine tasks or non-containerized process tasks. The scheduler and orchestrator are agnostic about the type of task. However, the current version of Docker only supports container tasks.</p> <p>The diagram below shows how swarm mode accepts service create requests and schedules tasks to worker nodes.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA6MAAAM4CAMAAAAOGcSuAAADAFBMVEXR7v2J0NEAoqIUi8YlQ1aNxOIUiMb////M9PSPn6iSxuSWyOXa7Pa/3u+Lw+Oay+b8/v/0//////Sj0On2+v2S0fJwx8jg7/cuk83116SS1NTR5/SO0tPR7eyjZlMiWajq6+34/P672++95eTZ8PBjQlXL5PP/+dOz2O6X1tXl8/dZqNdVQ1VQpNUkQnMkQmD//ubM9f8tr6+84/fu9vqBwuU2mNDn6Ol8ueBXb38ZisfE4PGUoq/V6fX///wiYqqa3t/y+fr5+vmul3VGYHApra3///klj8kijsmJxumb0OzUoXbp9flddIGX3d06Q1bG7/5KQ1YkQmm13vWEv+F6jZjN0dX//e5UmtN1iZUiV6WTzOyf2dnI6elGkc/L6+t4xO6eqrGGZlbC6v204eHw8PAkRnsjT2yl3NxvRVXP6s7a3N/z0qEhXIH/+t4iU5fu///O7fslRlgkQYyn5Px9kp216P2ImaTEzNHn/v/Iy6XW+P/R7vPju4349O6cZVP85sDe+//R19v/9NHz9fWPz/au4N/XqXZ+SVXc4uWlsbni4+QfaZafzeeb1/ist7+9yMtbYFyDlaBDm9Lx6uNwtuPv2cCs0+uHUlRaUFX56dBqrd4kQYOQxeOtpqYpTWEbercYg7+0vsU2hsU7WGpme4f74bI2ebRuoMRtg5C00NqPnKXBrpCAn7Df8/PbsYQgbbLpxZWpxdGym4GWWVTiyLJjkLusyNt2gIjq7/YcdaiXfG0kQnFqbmyIt9npyqVOaHiPqci3gl5grd1wX1dVY3A6Y3nD196dl46Z0fSBfnQ3UF69nHy+kGpNfqqeeF7P79267O2ZtMiudVPKsKBEtrbb0MLQ27vgwqBmx8i+9PW9ubrw1K7C5+eo3fgGBgbC2uo5ZJFKhrmcwt9wjKLPnG0hWnRLbol9rdK9ybnS49HZ5u6ExO1Jd5y0uKmTbVjKua7M9Ou51uaPj4GmiWlekKWSwOayz+MsSVyXudfk6u82NjaR1NQdLTiMwtsIjY/3zNaUAAAgAElEQVR42uycfWhb1xXA/ceDy2WBPKsOXgisTiEf5Dsk1Bu8vRGtGMYimg8sWYWWmSCXoNZxlnm2MXVjR6OVtdWeq7qZM0Tm4m6eGtJ60UIoSVHWruu2puAYE/AIWbywDHep2boE96+d+/Gk+570ZNmxYjs5h3y8d+45516J99O599wrlREUFJSlLGX4FqCgIKMoKCjIKAoKMoqCgoKMoqCgIKMoKMjocpIwpa2E9FIaJaSbUi/xUtpNSJTSXkJas+q1XB2z1GFCeiiNEEJpPSHVlA4S4qe0i6tDhBjUIKSKq7so9RMySGkVIfVMHaK0R1FXMzUlJMLVy208iBAyWmLpoT5f0DCCPl+fYQz5fIYBiiHD6LOrqWFY6mGubrapW7i6lquHfb4kU/sUdS1Xt0h1kqubFbXScfNyGg/0iAghoyWWbvqt4T5Km4PBFkprg0FKaTBYS2lLMNhMaZ+lThapFqG4OpijbpHqJPdR1bVZdYtTvZTHExzyI0LIaKnzaL0PnmCUeUo9EoSMll4QNGQUGUVGH1apDQ4iQshoiSVU1YeozVuCWDNCRh9EzagFWZuvDCOjyCgyuqSlJVmNCCGjJZbWwWGs62LNCBnFmhEyioKMIqOLUTMaQkiR0VJLuCuIqGHNCBnFmhHuvaAgo8gorkeRUZzroiCjyCjWjJaVJI0IIoSMIqNYM0JGH2nBMwxYM0JGsWb08ErtcA8ihIwio1gzQkYfacHvpiGjyCjWjB5e6WsJI0LIKDKKdV1k9JEW/M0xrOsio1gzenilubYVEUJGS51HDR8yijUjZBTXo8goyoIxWlMlJLSnGG+zqqqiuH6suEJmcwpUXZjXq+mo2j1nbwTtPua6wV5E6EEzWnNVs+T5M+2zep/VtJ8U188rmiqzODUe1p5pmseLAb8ni/ROvSn+j4SKnOoavb29CffWwUKtCyTpJnMa67qPPKOelxWStq+czfuWpq0qrp/vz4XRE1u075TP48WAX11R3js+056bY82IvRcpd3wKti4Yo6XtIznyL6zrLgNGv6Fp/0vU1yf++3PG0muzk1c8oyyukMShwsYb1s2PUfCrK8pbwDwnRkejuwsx+mzlA2C0vLR9GJ2eOc4FWpIxRGgxGGVg6oT8bb+mHWlbQEYhrsmFRS+JCEbnZNjaM1Ts/ujBAoQkk3dLz2ipxWivGcOa0bJg1KLubUik35O1mC6/fypDlhn3+7t2q4yaFV7easagZa+w8laQuD9c4UazCR4dWWtCAmG/v5K78Xj5TNTwaqUIPKcU9IS33dwe6/h+rU6vKL5mNBKNhSeeEBSe3xSJhMaF/vwmbyjm/4rdTULrb2PRKG85f8HrFTbnY9FYIr0+4h1wpiimjMQqBwxXB7iMhhPpaJRHHY2yO5rTseLrlKyVfRiKh/HxhT3e0LTMozXT1DCkr2tUZHTpMKrDavM0Q6/xS76IbNgonvZrv+C3v2nKkPcB3P4B/u8/nGkhL2kNf2Jr2uv5Gd1xUqs7y62v8Fzt+atwfUfbtpM1Pt6UY2ILr8xb3+faF5+wGBXednNbLPNTfgUdFceocdQqNNFkulK8N43wrBvyzTMHJKOdrKeEpec2bFYfZzNvPZWzuORGO7KBnA4snDn2Nf52GXQXK+mJPKd2rPo6hq1YqcNQPYx265XBC7Aqb0ahqPb16FA3IrSYjLJEeqSTJx0pp2zVH1j0CfIYonU6r/IKYV63tmva0xkQ5FzXtiK05F14djzZejJ4iKqPw8QePhtonaV+TTIqa0Y2c1uswDlREmNDi3bVzsooPODx1vU6f5IB1/76+hsQUegnRgBawei1S+Uk0HqHMpr6640bOtOPDrJ3ON5a6Rlz1qDg+R/tZP+6OYyWEQ8kthGd9HfzwnKbZFTtWPXNHbZlpQ5D9TDKPOOJ9BrG5eRamGp4vd61LJB7VKzrLilGN2yRSU1ruLdn4DNRQ2Iz4JsrOsb4HWeUIwrmq1nLt70pwOEtgfK25Ie/0jOM3o6FpVTylAfWU/HvAis/JuQ9uLu9N/6lYBQaHy93mtjDq5tF287vGfiCfWZkakbgbTe3xTKrx/drN6PR8uJqRuly0k+TdEYHRtPAC9M9BimN60HKJKMheKINyx5kIwkk+DLWTOWtEzd2G9RYAy5uDslLOttsmdEDCdt6Ue3Y4escdmZ42agOj9HWLv8N/kmhrEfdo2Jdd2kxCnQCMIDPMZgR6WyG+G65eVUACXNZmAiz7PiCTLAeq+XEYe3AIQblL9tJpjwEtz/MpLInBTTgpTPGVrEtTe1zmJXVfOpgNGviCK/k+oZ9bMr4qqb9SGHUYW6PxW63Fl3XXcnmrzwvpTLXRidJzcgHOD2VomKqKO+BfR1ETk13icfdKTPiIyY+XcjhKONrp3VvMaR27PC1daAOLxvV5iGn7nx+a2fUJapzPepFhBaVUZgTAjCAzQ+sYui2nRsOc/SI2fjn2plyIG8YZsK3ZdaVZeBXNO2bDMpTbvujgtFjnZL1VWw6zZeQbE6qMqqYOMJbclashIn+0j/pGoVRh7k9llLXDfuDs9V1J+XDfpAzyp9mto5LzZSL66S0YsOXebRmLTzg3rUdCQ5H/oLvpDjJBZnS3eEu8SQu6daOSIZRpWOHr8qobXjZqDYPmNPGe3vX67mMukTFmtHSYpQDA6A27LSmldv22Q8IMPL+oh3jMByH1eeZJIgBSfF15wIUbn/fOzgxyP/cUDYxV7MOIReLvOZ52caoYuIIb8kttRuFUYe5PZZtk2bW5egk4WtJljohOWWmm9NpXRz7MXrviJoRKAd4m6kmHxdGJzsSRnf3SBubQLs6sI+Cg5k1YWauq3Ts8FXnurbhqYxmPVh8bioZ9Yzl2hQ89WBgHl3k9ShLnGzSeChbm12tqVuQMjtulk9/VuqchVxnzUhgaEED/3xdZJXLNkbtJmr47HitqpSdUYe5PdbcGE03kR13eKUzRY02dk3TnZBbAdoAUDDaxiFayQgWdZhOPiE27kUK5dFdRNZVU4UcfkaU6abRKS7Vjh2+thMJ6vCyUVUPeFHjlMIHhViPsk8hOrKiI+EeFdejS4tRyG7PNAGj2wsy+pEo6ZDjW7TnL34k5VQeRlcVZLQuk6vzM+oIb433qgujDnNXRov57c43Mx308yltJCJ2KwBJsZ07zndSOMHSxtxjQqMnIXZYdFIzncsoMePRCk6guwOLKNLoRsIM4C/Ao3Ss+jpXvPbhZaKqHkeFHv72izER8aHgHhXrukuJUVZfeU4uSjM5KzNpNMd7w2w9+ga5DCi38erNaXcoCzP6gibPz4re8jHqCJ+TnxsnWisVRh3mrowWdRbwHnuK4ysYf3SUn4Lo4AiNbrKuBaPpTs4oneEHPDyxhLULmofRx4jJjdgxgaS7A3w+TMtTTrIAxxbH2Y5V35zji7bhZaMqHrxmVDMuXloyvYKXsSbsNoXy6DDujy4qo2w/5Drf8H/DWp42tPN/OBOH4YITwnYoN/OakVy4XnvKd3dujB7fL0s6xzU3Rh3hlfXoZqs0tNleM1LNcxndOgdGqdHTU5+tkyg36jU7EWhddTN9wQRtdMOfnm7LyNVhZCJ/sUbp2L0z+/CykvFIUjYGdVT1xb8ErBktGqMiL3W8A4ieLuczXra7QWous72XGmtP4z2597KK10phthsA17fK5amCz+e2HmVRb8Jt40lXRh3h1b2XQ2KfSLuuMOowz2VU7rFWVd/vb3cmS+ubvM+OS/trTcjo4jD6x6GhoYv8ay98lyUAT/+Bya/6v+BpVZxhmIoxgj+RILKyEsx2WZnmpzdCqXX8LH4uoyyukIuXnNCwqC+OJvZrrow6wqtnGA5MVo+fzHeGIWvuiMWOHZ3paSuuZoTi/r2XligitBiMMuHnDY7wRnNgnaVhc179rFJclSCy04KbldN3jOVcRhV53QkNP6wkem5wYdQePiMnXrXOEB5Sa0YOc0csdmZCO7APGcXveC9fRrXtT/3jP/KMkLnjd1z1942yuPkhR2JSkPeJPEnAcq5o0a6UKU15Gd1q27DkdgPsaPy/n73K1KIxx0QNn5WAGN2VdmuZafmp5s5Yb7Pzuwz8QfztzvsQ3HtZBEZdJBAOR63vhJk6iYfDU/m/Awot0d3zGEb/x3v53gIsKwv9zkn+8DC68N65jUY3Q6FI8TUjFJffM8Lf7lwyjOY+4gs7isC57FG9X+sP8vUjo1gzejgZXWjxnGNfpiEdY0+rNdv/s3e2MVFlZxz3w7EnV+E6AzOhhKzOmPASVgUjLTu5DgZqSBqHKOwOlP1gogYaw1ZNDQIxCgIbBEQocaW+dZGVZanduHZdUzWuZttiq2ub7DatiZvGbHdrm3bbfug2ZD/1OefeO/cCizKjM1yH//8DnHnueXnucH485zxnuCRGAA2MgtE56JXIVnXYDUax1oWcxyh/T3+4w/SHLMRdnZ1Y6iJnBEbnpJLe+yMjt/YkeljsR3H2AkbnymjJvAwLRvEZBjDqbA3M/dmdEHJGYHReBNDAKBgFo0mbM8LfpoHRuKu7IQzUkDMCow4WckY4ewGjYDR5hWeOgdH4q725Fnld5IzAKHJGScso4igYBaPIGYHRha3qgXGsdZEzAqPIGSUro/jfhmAUjCJnBEYX+P37ehtBGhgFo8gZJamazvcCITAKRpHXBaMLWiM9eHYn8rpg1Ok5o8FwuEk8mydMtIbDYUU5Hw7TLrXJNDdNNw8qyuCjzI3CrERhNgeexexYf2prB4AQGE0Ao7WBAE280YDI8FYEKmhSBgLjFCQCgVpazgUCg4a5KRAYpVk6xRyYYW6UXZ1Xzktzo+wqYqYRAqKrRnOE8BTz4AxzAv05PzgetT/IGYHRuMtfVsarFaWd835FqeN8vbKec5+ijHDerijVtBhWFB/n24S5TlH6beZiYaa1Xqc0NyhKM+cDitItwFfKeJmi9HDerSgUapots1+ae01zgxy4U2yLab4Xy4ET6E+n5c9Ie+36GPyBwCiUIHVWB/rxLoBRCIxCYBSKTXVgFIxCzo6jzWAUjEIOlguMglHI4Wvd5gowCkYhMAqBUQiMglEoKfejYBSMQoijEBiFniCODlSM4G0Ao5Bz5QOjYBRy9lp3YBSMglHI0XEUjIJRCIxCYBQCo2AUSk4Vg1EwCiGOQmAUij2OjoBRMAo5m9FxMApGIQfrKzAKRiHEUQiMQrHKBUbBKOT4OIqHzoNRyMHqBaNgFAKjEBiFYt+P9oNRMAo5Oo7245+ggVEIjEJgFIpV3WAUjEJgFAKjEBgFo1DSMhoGo2AUAqMQGIViZbQHjIJRyMlq6Ak3410Aow5USNMyOE/RtCLOczTNxV2alsV5kaalcJ4hzVma5hfmHJs5ZJi5NJea5nzOg5rmEWaNc4+mBTnPN82lcgTTHBnYNPvlwPPmz623x38emz8QGI2rgqpK83GlqtJM7FNVP/eoajpNSlVN5TxVVWkmpquqh7tUtY8mpaqupAmvqjSph1SVpvNidSlNe1XNoymsqlnSTPP2jLqE5rdpJmzyVJU4WqqeofmtqkOElBw4Tw68TFUJLDnwvPnz0y8ffhSLPy6Pxw+OwCgYdS6j+lgQGI2bSoNBmqv5wSDN75RgkNZywWCGaQ5Jc4ZhJjw8wWC+NBdJMwUQm7noa8wZNrNHjkCLSJs5f7p53vy5tV6cj0bvDxgFo/FVUSjkwizQc0aNMeWMQunpGt49MBo/yXUjJBkdRF4XjIJR58rVsA2MglEnKjUvD1lJPY7GyKgnJSWEdw+MQvFUicvl9/vbiVH65op2e46cERiF4q0yX3dDQ8NIU20/fev2lYFRMOokBXNyFnxet7R4W2Nj43jg5ih929bQGV3rotTUIDgCo/ETckYijo5OMkOTo+2doAKMglGnQbr+psnoxqYynBeDUax1Haf2wckf6oxG//xOrHXBKBR3ucpGNsrV7uSdHl+0jZEzAqNQAiBtHzwnGD03Xu0Co2DUWcJnGKTqBm6Kxe7Gka+iborPMIDR+Ao5Iym/r5YC6Z3x4jK8F2AUjDpSnf0VjFX0AFEw6jjhb9OMQNo9ODnZ1B3De2H9bdoyKAb1gdFEqDQZ5spnExNvL31kjfzH5IwWQzHoDBhNhDK+kQQaPnJk+NE1NDAKRudBQ0uWeMCo0Nnh4bOxMGo9c2zx4nT8vo5SS8FoYnJGgtFvPfN64aWXHnF1VkYtgVEwGhdGz5x5KoyuXpTk+uWsjPr9LjAKRp2/H124jNr3o2AUjIJRMApGF9yxSVGRC4w+CaOhvr5UMApGnZ8zWsD7UeSMwCgYXXCMnsxKyA+/Y+eYe04VNxUcjbbv8mo3GH06Wjk05AejT8KoPyMj9JQZvci+nZAf/itsxZxAqrnEvFF2vWt71VowipxR0uaMPmffS8jPLXOOjKYtj5rRjlVrwCgYfUYYLa/zFVlFz/RSms8X2WwcNGoajJZYLR/f6qDvivGamhF5JT7bWJFuyiNWquWaxqi9otUddV8ylVHbbegNbN6YfeSajNb5rhhJyTKfzw9GY1BKVhbyuk/EaNHKlVmzM3rymni+Q/0QFQvf3UzFt1rspbSficuXqdRW+aWo+sUiXnJX2H5b8odK+vYD6xkPVquad61Wl79DxbEW0c8RavvB6X9lM1aw9ORhMrw/xQG69vedot0eMt+jzutvsw3ur/G0rfItMUC9GLpDWMdX2RiNuEEeb2fslO0erD7ahO/vuPnxX5l3r1+SY4NR5IwclDPqWMXYxI8Yq9rBa1oZ+z4Vh1220nK9tLuF9oZU6zpjew+ltYrZ7D1Al+h1wQ5zUxhpVfhjvbT3kGzFNjPj6ztu2fZ1+Vp8/bPdgci11ZxT5wVktTFqqyg7vcMYRcJCQv2c6D/CqOWGrMZes92D1Ye8tsH9iXi2BTX/ruzo5gnG3gCjYNRZjHax+nWcHxdx6ICMaxdYwT6rdJFKLn5jM0WjTMautvBPNguCNtFal/aAz1P02SleS1mtumTpHqNa1OrTlnIKvFcPlVwgqKhVFUUxYuV/vOMwVbA5IK718cLfs5f35GZT6BXjWmtdW0XqdOwQvyHA7GIFy0QTi1HLDVGt+/4h2z3Y+pD7UfplQrGdmu/dn8lOU5TvYmv2g9FoFdQ05HWfiNFSTUuZjdGS966/IPZrrcxb/rGMITX/nsizSq1sq6h2gVjJZPVrJSqEjcHo7/7h4sdHjAeDls9otYlCVyZNf5H7oejHc7Mlo6eo7nJZV3RjOcD1a1R5w5TBZnhKNU7vl5140y7JXxGEtMmo5caLerU02z3Y+hDOCL+2iBzvTual4l+KeM39W24wipyRw3JGx+7/5Dat9rw0c1818j1WiSLbL0irJG1jLkkQrWAFXAQQrSE/e2BmC6xWRIwsvUlxM1OuVnVSDUaPcpNG2U3EAa5fk8nci/oi9037ftSqqHcqkrkUCI/qYHpnuGFVi9yDrQ/JKK14H9Kl24z9cxftktnDj0LIGYFRhzG6a7vx/HuvdX5hlXJ3mo/HL9iSqZ+JtlVWrdXhSvtQXlmzbnqrwsMF+3RWBaMr3CYtBqNebtIourEcMHsQTT7X4czNthi1VdQ7FdVpg/mqvhD2zjyG0avZ78HWhxFHTX1Tzx7R8hxxNGppT+PZnQuaUU8wmD/rWvdjxr7obz/YasXRYw1XIqW6VvZ+cW9vb3FxMS0/t+oTn8KRHgB52h9/c4KZy1Gr/ckpcVRndMV0Rr06ozYH7IwacbStMsKovaLFqBFH+d0ZcfRYQ0ivVmPdg9/Wh8Ho7ud65TVxkHPsPxRQI1EYjCJn5Iic0a7DTOzQxFSnKS8gFDs8q3RJz3Pe+PVlt1zkCq7kfnQ1L7y2ZoexzTMDmNmqVUe4i1o8jlGbA3ZGM5k8vTxg7UftFS1G0/ShxIbSiqOGG88b1ax7sPeRm10v1rpVIuIXXgu8eOPEVn0ULxgFo05itPCwSM7W/FccIx4QuVZ+T8/rGqULjP3NJdKwZ10iQ+sWed1TAq6xEM30T/fw8g/Zy3siCVWjVZcs3dhMtDyOUbsDNkZpgXq1RSRgI4zaK1qM0q8Itoyn3Z2a1zXcMD4BYd2DvY+OVQXpLmJ79yLZfN9FVkU7grZsMBq9Qvn5z8pnGHIePFgXeaE90KXlmBYqz89nGCLP7pzJaPkHjJ0TB4SEU+El/fBw2D219FdxCLpP7t3EeajIvIh00Ws09wsqKpnM/kiKIq0oGsnS3v2PZbTE5oCNUX5RP4y1ckZ2T22MiqPYiRP281HLDYNR6x7sg+Vmi/NbGoYF6B7eELiyievSZzCatDmj5+invGGL8eJPkWwEq/o/e+cfG8VxxXFLGdg2BXF3tmUsK/4l+YeM8RnhckaUs46gk1Jc2T4kzuIPhGJxiGDs2Lg0QIxNwQLJwVEFiRsgkNYqtlrckBoMgQCSFRAk/KiaiFYpiohIQhWgSFHaSvzVNzO7O7PH7d35x3lvfe9FTsY7u292o/34zXs7+93RbXTLDkLmJ2HN6DYtpgydpNEwSFcEkSEIi1KLrRj6ajFFh1BobtF7uAXIOOg/Se/2wCXdlziqkrVupWnVIq1mFKKMXmd4XWeMLpRPQN3Kd6brjNw/LpdqRmJHvWALu7ewxU8X2JFhp5GtEi6uQb5aiLeBRcrbtKLk/hfsd5jVkx6nYV13BjO6g7iJu0f/RbKKPr5lXTI+e9nleVog2p6q8FaQF1TYHX9I26js3QuzG7/H89Rh9PXs8TFNPgE5xB/qrY1rx11hJxFhcO0aDD78e32suOTxFEQ5Z2Q0tvXPm2eTfJT+jSYDgtHQ8PDwr4Z/SVe0ra23kFGHz5cRhdF4DWaOrybpPeJNoG9kdAbVjF4pZ8u1O3RGa9p4k860eixkNFrNaHyMOlPw/kNGZxCjJwlppBVDndG1am76OiQ662cCozXIKDJq53yUktgjyJQYTXsR6E3efBQNGU0RRv9OSGsTLe32hDPadtvaOIqMIqOJtQyfzw6MtvFg+aJWNdohnsPQEq+VjNbOm4fancgo5qN/LSKBPoimdeSjDhXM1rNgf3zzotV13SnKR5FRZNTWjLYBgafaeFa64Jnno+ypKTLKrbtoMN7a002hyHnTVJwzTg1OZDRxVpieboP3Xl5/AlPde99/P/cHmpaGMfrVl2lWMlpQVlaVRIw26wt8Y5lLKHKai3NWxqnBiYymeM2o7bs6icn1nMitf6P2l/8t1tNSrBnROHpuKM7AJ70K6h35w+rIO8WrwYmMpnpd94Y8tX2vTV7D0JaWOoxKYp5G8c4Ir0UI8U2hnmncQN8E9xv7jCKctFmCjFqP1/Llyf/eywv7CRk6y+wYIYEO4/NRixmtKi3NmRZG/ULMU8hl+sdC1wj5qK6Vvnwa7CJHuhtOQRw987G2q1DPVE3fAIw+LuKr9r1jbCm+EOHUBDo1DU5kFGtGsZbTk63bxNsvjUnF6LTVjISYpySXyYU+Qw1s2nqCqWbmOZn65hX46VCEeqZq9HWxlfBTTRnlwpxvcZkwyasu0KlqcCKjyGgM+0Hib4TxmoKMSmKeklwmbHXfv3N2jIkhfAMhj6775e9W79lPBiT1TO6lpIhuaHnCdT7dP6F9R3ey1FTyKgQ6MR+13nJsoN35Xbm2vIj+UkerRknEaDTtzilmVBXzlOUyObkQOEM7qaTJS2xt/gnCVMkuu0ebhXom95JNKuo5qo/UQ0vKSY+qi6J59QmBTqZLhIxizSj2cnr2wEV/DHOqPokYnbaakS7mKctlqhKAlfvJIwD1KFdmEN9Dk9QzNSesCxLQg65cRjJ4qGaMCq+1QqATGUVG47EL6sIFHcajHdJaQLH54MxmVBfzlOUytQcoMM11jNFAyCXFtBRSVs9Uk9oBB2e10ZXLHn0GT5N11Ivk9QvxVAYZtd6KCwttpt3ZlmSaYxk5OVnT9OxFFfPcK0l+qox6u+tCr2wiX2qMsmDp3/yw2aCeydisEXGUqtvTOEqnvZmSCOcKIdCJjGLNyDZmec1IiHn6JMlPLY6y+i5dYcQZZfRBkrpDqGfq+egino/SCe5bCvsYE89HhdcVQqCTaXAio8goMhoPo0LMU5L81BcLdRKifs4lzwnZ6fndVHl+QFLP1Ou60FV5mwToNDmwmtd8NZ1OzasQ6GQanMiopVaWlYXfH53cGob+/uJpmesKMU9J8lNnFOBjFVtNmtP9izr6bUOhnqloCSnvOsKfj9K+R6pOp/AqBDq5BicyijUjOzM6bTUjScxTyGWqgpwK/d6D+lEnmnDepZq4Wwrhd6GeqdoZ2rXxPj204k/gseKAtnRXeJV0QrkGJzKKjCKjcVEqxDyFXGZk8x7yPFWbQj1T79IW+HqDvR5Kb7CLR2PJq660qWpwIqOWWemBA5iPTopRR1WVb5oYTZR59zSQPmuGRkaxZoQ6DLEtCNln+Pe1kVFkFBlNHqN1oWoFGU1WcxRMfglDiuej775baPO57gpPrYKMYs0Ia0ZJnI9aNzQyGtsKMjKQ0ckx+vzzdo+jCjKK+Sjmo2jIKDKKjCKjM9NK09OR0UkxWlBbq2t3zspCG5/NQkatrhmdXfmsLZ25NSO08RsyOl2Mzl4S0QYJaQ/7hxxfYkebjYwioxbhNWfOlLz3YmLnybPmnm1TM9XuVN97KUSbiCGj01QzMmf0298ZbMYxipZoQ0angFElw8xeI2TLcwZrJ59m2NQciAsyaoEVz51bkED3ayIxOrP+D/qKi7OQI2TUtpYCjIqaERoyiowio8goznWRUZzrIqPJZVNTM0plRtGQUWQUDRlNZZuSNQwpzahYw4CGjNrQsGaEhowio8goMjqjbUreTUtpRsW7aWjIaCIMa0ZoyGgqMHpggW5X29vbSbtmJAKjci/86/ECu1g14oKMWjFTmwrNMaVaejvk27BX0fKEsF0AACAASURBVJ5l1GBv2Oe9l4OR81FJcwxtIoaMTofJjHJIj2vmDmMUtqgdx22GqBmj+I43MppQmxINbMroT1drVvoA2Dv/XEzbArsNr7aL9ZsyKmlgz5qHNk5DRqcpHwVGfy6kf3KWQqJ5Pi5E7aNn1GTGqDDUBZyAFSOjVjCa1rY0diS1GaLIKDJqlU3Jtw3DGWWQRo+kdkM0rdiM0RnwbUNkNDVqRkZGY0VS2yFqHkdnwPdekNEUZDRWJLUfosgoMmqVlWVlORLCaLRIakNEzRmt6u8vRkaRUZvVjGJEUjsiap6PYs0IGbUto2aR1JaIWlHX9d9w9ynd5YPO7qJBp7FnjVPx0t6oRg8dx2hRfB7OGeeZr3Eio1P3Z6ywsCAxjJpFUnsias5oRk5OVmIYDZ4mmUozyXM2k7Wvyh2VLwcW8d6oRg+NezDm0xXZ5wdkybhOnPlCRpO9ZmQaSW2KqBU1I+/IudVKNoDWfW7IANue8opFip/2RrXs8TDKfLpyIzL6DWkc14kzX8ioHRiNFEntiqh5Phqb0V35tCznys/Xsgr/Bq0pbYTdPozQlEHblb+BTXpKZAZMXEiHbsj/UKsLSk3YWX7vtURltM8r/GnjGRgVY0S6rirD+YnhvBvyq5DRiVnOsmUFCWQ0PJLaFlHzOOpbtmyOOaP+sdA1QrbudJ2kbxCMbqczwZE6aA5BMziibexuGKLtEKP9zMf0daFSxXuTXOdxtOEU5Iqfv6Pu3d0A/z3lpL1mLiRG36beQv10g970djf85wK0H+u3P/fpyyVf031GYWrt18aD0wC7zvfTzi3CdR2mHql79fykkf2fN/DDkNGkqhlFiqT2RXSiNSNXF71xt/45l5CNvyGkdbsS7OLN9xyVv+WtrbshdQT7lBAaf2j7Cvx0wLGZDDSWWK4ixH0F6J7Pd67x0V4TFxKjH8DWlfBTrchNunPgIjtOy12Zz1z6yhL8rFPEePwSMvXdtHMLu6495YRchWagifty3qXDgYOXFKUT9oLR3E3IaDIyKkdSGyM6YUZzifv+nbOAxyWHcrmOHKH36yVFeZ+4t+1jrX8QmElmEzK4W7lMUWjZRFrTlD37yQDLDilo9KekiDQ6leBNWj4SuWNkFxKjcNgbaUrLE0BXatKdz29X7taRheH5qPuAUnkbBpHHW6XNdQ3nFnZd+0hoMYTqchif+YI/HzAc+IJgm0sWQJzdJEZDRsdhWcuXOxLJqBxJ7YyoeT5aVVqaE5XRBSyarqO/vU/yfJ+RAVqzfXK1VN24CqJQNjm6E6aEFLsTQC9svewe9cmMVl57sJMFshqnUlKkMuqK7EJiNJtU1NMMsYg8kprQFaLhdp9IdjWfR9iBrdvl8XRGDedmvC7nmYvVfN6QyX1lk0A9xzoT3N566FDe/v1yZDTpakaGSGprRCda16VVGPbvwDmwctJa20V6NCp46wQEtmyKAg+N4omJIY4C1neOXYO5ZJ7EqIkLiVGVQu8YOSg1oWvQwfbQJ7uazz69LivG0xk1nJvxuiAjPfTPY5/UEY1RmPE+gK5PCPxJgHBPNn59z4H5aHIyqkVSeyM6CUaBmZJN+kfMv9AhqtzPghK7ozmFKpQ1ERntVD3IcdTEhcRoJxlgZOwjjVITupbwSpH+IFP3qbWl8XRGw85Nvq76lpfVph5HNZuvuG6wRsViZHQCVpieXpBwRlkkHS+ibffuNdmB0YKysqpYjAa7yCVPb2+vx+NZocbRQ5sPG4KgxCiLVf7ND1fIjJ6ASPSz1+Y0R4mjeRHjaI2IozVSHF2nqJNaE0bl8SRGDecmX1fBZ4Q8fvPXu6S5busLvayPPqtx3bn2Don0vBYZtbxmJL30Pc4oOkLI+nj3/fd/o/VuHt5m2Xpdfte7TrMkVLl8ZRRubooHbFnYxW/9fTDhNDAaaGLTytCPZEY7SSudlnbyOBrS89FILoz56CI+r66Wmtokd5Wcj4YMjMrjrdKKPf9n7/xjqjrPOH4T3/VuHYSLYpQQUiEZMYpeGmlpR8QwGpOuLPeCWTAsY61sEB1oD1K3ClW7QcaiMl11uGmn1EYIw4yxza0IdquJOGfR7B+W2JBio1Pn1sQfZfGPZu/zvuc973vuvedwL4fLvQefb9PmcM57nntv0s993vd5n/O9Ie9N/VxbO6BeDJWiTh6rgVRCji84+/yGgrOra/VVKzKatIwCpDFOdMuiZjR7E6mxAzhQ2ZzIuu5i9r8nueXz7skn3T46h/wMSrGsrkuP3g9QaBXACjrI0JteOnM013XfIMeCXu9HFWR7C10v+hf5RF03QghzXZdGK7hCKoPKIUxEr6dDXfeorOuKmIJR+XovkZ5yfXpuem/q56KXVtLE+oDQkCwWrwEv/JCQHRTc6696118OaWlERqNTRmmpN/6MQiaNdS0aPaN3KmwZLSPD8WS0PC0tdVpGC/5AyE3YIdzBDmEf8UQ6TT3siFKgAvY7OuwbAUImTIzuoWdfOAiLuiCkQrY1udhrEUKZmb6hRzvqVQ9hsQg7lsZUV4nJGVVfD0o+h9ko83tTPxedQpN3YTuUfl2wWG/CduzzFQRWwb+F2yqI/EZARpOsZjQzRc/olvxEMjptzYh16PB+oEkomlSVwWEvTSkF7GjMI4ox+uCPoMGnMZf/CVfY1X9Cq87kgQ5YgVLaKr/IBluEUCo8f4Ro9Z/ACXlIGR2B+1qMN+qTMflcVXm9rUcI0T+86b2ZPtfWK1A66u2HZAmxnvb+AipK/lv0PazvB3grz2Fd11WMaqODg39aox/naa0HBpcbp2sNRulfXZq45duDyl/K/eN0qqdppjCtcPUeG6s9IMOdmhYaoDXP86PBqeBc9OtyVfHiCWhXUVFh6JGqkkNFj8LPrpcBvOvbjOlP5BDmaMt8IYeA76GQ+5SYYa/X1uazem/yc+0qepRjjnWoqCjHCPYo4kY8Mpok69EIi8QKVuk9Azhe3UzGoLWzR9P46aYzQcZoL5wllc/xVed9bnv/LfX+yQmPxtpEaa6UYbLvB4i4c5wfPuvxfP8Si13HAvSTum/Ct3x7Ej8/GkfRafCryfFOkNEkZbT1rNg7297M1pMEfmKixlMmTq8LymNCAKQ7vxR/HWWI6aprzu7gG3TNRpirxq4dzcQ79T06ASvVSsjSfkICJIZZ8LxjNB0ZdYm60tISwCggdn3Dd/5LKRnQYD1JyH/+7O/cyU//msEFjNadS72Wz8a0bqJAnasdpbnQ3+nJ3kxXPqlZtym3q7TR2wHSc28qaIS5DEOL8+DqgJbdd5ZUft6XS28hdZ/njcJO+12WpcnwawdPaI4Z9ZWWZriQ0XXIKK5H7TZLNvNkxnLbXcboRtig+ZTw4k8/wEUpOgZZbpyQ6iCkw7pmfdv0JGTeaqCLnh0Ieu7kk7d46YiFae3gmReiVwdFzaif52xYnsI9enRt7tajKGTURYxSeLbViuLtswDXMegyoKwxKj13Rh7eAkbPM6CPAGllfI5LF6/5ZPsOOrKpFwpGfamaUdcVYTzv/OYMqwXROa9k9IEIQIfRv8v0bwn07kRGk13lK1b45pxRmv7eMo5qgJp1Qb7PuS4YtvdCZ7nVQSgMbfvBa1T3YREJM98mcuE0L9JKRo3b8/oGvzQSIJJRSjrPwxCPM/ryLO2PLlpUjIwio/OsZkTJ7Da2NquD7D8C2MiMtoqG7SZWwoWUyyu3vUGV0WrO6LWDYqjBKAToVALPHqMJqBktfK/Nh4wio3Fm9AmjRShqRi+8oGuSJsTWn41wSnu0MEZ50df/r58HTIz6HTEaF39da4/LMLtOqZLLhExnCWgvm+DhY6UBqI0XaKzmnshoDCpevjwnEYzWmOe6DK47YrKqHfjHlGZm9IpeB1I3cA5crKCZtDmU0S307NAnazRYuqpz3eH4zHUz1q5dMUNGt1p7XNr4bmYSp4w2RGqcnf6NWN8Wq7knMuqGmtH2HSKnbZSMVuhrRgpXXbOJURjIl7BXRy6M7RgfCRzWu+npoC1GXVek42pWkboj8iiNql3RS1D6q8weow5qRjYelzYbmA1kW4qzuW6oF6idlG4H69tiNfdERpOeUZrUYJeE7720G3C1hu69KIxS8Crbdaq31e4kPOPSa5WdcH+PmdF1Gr/IRpWxWa7YvIH2iQEtORg1PC6FSab0uFQZDfG9vMGfBzOZZsoBymCzq2cEqqUNp+rpab4ZdlJ3LTN1CSqD9Qg6o5YGncioE62Nq3enXQ9DT9fH0KzAexj4QhJ6GHqWj14k6oqRM8qKRr2po9AQeBh2Vcjk/uIfXiKQkKHB6OFfa0UYAL83tfgA9AXCZgwN1Hj6M2hHqjyXy862e2ZxPWrv3WmbzrjHpTTl9JYYHpeM0YJPiX+ixOx7WUUnBP7ASpNp58NN4pESZbB01eQ+m8MB9kBo1W5ylHmBGjacJntP8SpG9Eyy+pLu8slvUwbrEXRzzxJrg05k1HU1I49mNPrBnFcWZH8vTteE1IzUXsCBoNILCGOuQpG3slmEgVYIw8KjnQdtOukZZ6Xgpia9FzAJ6rq6x6U05VQ8LpnN2G5Cvh7qe/njfKhXbww17dSfHZODq6SrJvfZrKtgi9hTzFyTfgEYNpxexWRTlxIdVr9+8UL0NmWwiDDBzT1tDDqRUfcx6vHcZsj5WU+9srHJTw8/Z67rsqvZF9n/i/W32J7o7YO8p541yN+GL/CXjTB69/1kZz/jkTUHU3rF6S97koRRvh5VTDIVj0s6xQQj3r95w30vmXNJiGnnT68x7zBlsOKqqftsfsDmyDdo5oYvAGnDqZhsipcIif46xDnPvzfkYBmBvSU7g05k1IlSsrJ8iWDU4xnt67unRX2a0do31ZdrXPu4r29qjcjLxcV56sh/K9eosoqL2W3ZfVPq6dlhtDA3N2um61Hw/VFMMhWPy0xSR9faEwy7EN9LBkSYaadXZ1QfrLpqcnrA4aQFrDRf9HJ/JGHD2SBNNkUYU3Tm8vmS/qi54sgpI6TrjFoadCKjrqsZzSt/XSc1o6+wmpE0yZQel5nQg9Gt5zSz7yUAEW7aaSRAPlh11dQdOQs6yF0K6rEW6X0vptyGyaZ4X2p0w+WT32YMVnZlRGq3MuhERpHR5PXujIJRxSRTelxmsjYpSGxhvpcARLhpp54BxWDVVVP4p9Bpru8DyJA8IQqyVZNNfTlqil7DQa58mt9mDFa+GxijNgadyKgT5XZ15SCjjrw7lywpd8KoapIpPS4zyerv7tZXiCG+l+F5VN1K1Qe3SVfNdMHonkDdls1kwqv4aoMNZ4PJZDM8jxoun/w2Y7CMkK6be1oadCKjbqwZzR9GHdSMmG+QYpKpeFxCktoTICe94b6X+no0xLSTJ0BjcKl01TQYZfVdaBXSF5a6DedOabIp16NKdObyeUPHWnHklBFawNzTzqATGUVGE7kedVTX9S/yKSaZiscla++hK7zF4b6XYvFnNu0UeyZisOIWangFwqya/57LU+nShlMx2VSWtTI6uHy+DzfKcjB35DQiMHNPO4NOZNSJSgsLfcioo2fT9u9PnXEeJWT7uGKSKT0ueQ/DEXKsJcz3kjEaZtrJJQcrbqEGo/T12M8yiR895DacXsVkU5cpuuHyafxWoj5YRmDmnjYGncgo1oxcWjPiHpeKSab0uOQFmVMBcj7M95K7xoeadnIpg6WrpvTz/FAUaeEOYcPpVUw2hdToY2DKOfa68ZvDcrARgZl72hh0IqPIqFsZ9TGPS5MpZwSPSwvfy8imncpgxS00okqkDac02YwQveTQ3vd4bZe318vBMgIz97Q06ERGHa1H334b16PO1qM5Ob6ZMuouQYvSrAdFRrFmlMx1XVcJFqKrvMjo3KvrySeRUWfenRkZOY8Doz8hZFsLMorr0cdsPeomrf9eUTwseZFRZDSZ+3VRyGgUKiwvx/1RZ/uj6N2JjGLNCGtGyCgy6pzRZ9bMb21ARpHRxCg1sndn1d695bExaqXGxsabof8MPeFKWXh3pqQYz718IQsVo9KQ0RmqgfCnk5wzWk/C1LRvPjGq1oxQMxEyOiNlxuaynLbKUjfDGSVjq1ypw8goMpoArc3L8zln1EZ/IWRo6ITyD4X2nXlVGU9NXYtf6vEU1owi1oxmldHuBar2zTNGUchoohhtjxOjjcgoChmdlbnui18zqa0U8yjOdZHRpKoZhSo2C4zHJ4/KmhEKGU0so0+lzw6j+5BRFDIagyx6GCijx/9u1gAyGlGyhwGFjMZDWDNCIaNuZRT3XlDIaDLI4tm0ODI63/KofDYNhYzOoTCPRi2sGSGjCVED5lFkFBlNDll4jp2KjdH9ts+9hOZRtz738tWIn116jqGQ0XjI6hnvkgzfDBkdqq+v99cbIhHyKDGuNtF/b3a7mlGpVNSMhIxOw+iseGADo0uF9oV2P4StR006fnKpK2TJqOKBjcJn05JVlNFnpPXPaVtGG80X373nEkOjpRaM4vOjyKj7GNUA0sZuQwvMMs6faCLkf25BNDpGU1AxahEyOp1m57cNzYzyTNq4YBqdOO6iLGrNqIPfNkSh55iDmpEzRiGTNjXOK0QtGZVCRpFR9zAaRSbtdhmiyCgymiDldnXlxINRzzSZ1G1Z1JrRnCVLypFRZHTO9atXXslzxqh9JnUfolHVjJBRZHTOJPx1Fy5bljFDRu0yqQsRRUaR0QQpJSvL7rmXKL2wIzJqnUndiKglo4W5uVnIKDI65zUjwWiUz79EZvT/7J17TFRXGsDnj5O9MXHjDGoqaRRsFiQWGYimaihDQEPSwmZgbJmJm9CWxjGU56hLxAGLugZau8Qu0Ppgia6uGMVUsVIf9bFEV3RFjbtBsxrj+4lu46NN+td+3znn3nPuPGAAGcDckwz33Hse35m58zvf4xzuBNOkoxJRI2ZkMPo6MhpYk45ORA1GDUaHKaUkJ08dOkYDadJRimhQRtOSk8cajBqMhj29Kkb9NeloRdSIGRmMvqaM+mrSUYuowajB6DCl5KDP7nxFjOo16ehFNCijE1JSphuMGowOR8yoTj4OglFZk45iRI2YkcHoiGN053pI+/kR0nLzABkVmnQ0I2owajA6TClr+vQgexj683svvTOqatJRjWjwPQzaszsNRg1Gw5iKXimjTJP2C9HYG8kmk+fGbz1GzMhg1PiUAqXE5nc/EakZX5csA2dUfXxKyIhejCeTTKZzxLGsfyA9/dlg1GD0NUvfjhsXZNO8TUv0xDzgmJGANHRD91EOyTOZ5pEf+8Xo5HxsFWZGzWlpE0Ji1NZlrVOq41tC+G2rTW/2Wmw7Zw0hkremQBMlZQeVMnIt/bgc0kANRgcaM+pn6ptRhLQfvuhn8QNhlJE9UmNGEZ+TieBEhPAbkfvIO72WO78PZUVMElU00F+m1KeSfEdS6JfxLfc9UIPRkcOoaU9/wkUDY5S1GrGMToEvbGQotNwlrt7V2f6DC/q+KZKoyFfD6Jr4hKTQL6tv2WB0RKRQGDUl91Wh8nRb2w/PPAEY9WDJTK3iR7va2uLUkxtw8gsru2wneR6PbwNPrKdyvagffn90ZfSiqb6MLoo+ZNaKD+kraoxK/72bHh3tv9ckIzraHEAQGpmLos1clJSFBrP0wkW3koBAxTRNU2GURi9fFvJ5Qx2jAd+CweiIYrQvZ/K5ncaVHHP8GH2aQ0vaP2UW7Vl6Vvw+njz8mkWjnpSbPEdoDps83MgaZGP4qYCcPwknLZ5hYdT2HzqW9gqZ0W9wQO5vsfwAZovjpIq2LjyeUSJaeUPwT+lbay/TPFtyxtbhbo6HT+uYvyBFuQIfmPssSbXI2eqcl/mEbJaEi24lAYGKWarG27DXIo9euizJ1xoyRq/YSYvFtzOD0ZDThLS0kcEooKSmj/WMVh5RC5YisY/ipXqtYmkoe3ItzViXmfarF0vLqZNKlkA+b4j0aNa4cb09uzMTRnQKZp9JEqP7YDjz4TWHLXKdgtcyURH8VkgTnVMIWQwzUGmFkgjv7AQQsE3ybGmt+3Cx0U+QUgVZnLsATCnL1tMar6FwqPee1K0kIFCx5tXSjqTRy5eFfNGQvuXjQHCFX2cGo6/eH7UdGlpGz4EGPJYcixpwr0fHKHJ4a8FHT+20pBJ0wY8fxC6HuTw1+yLweisu9vRzqLLWc/ohTNjPfsleAWfn4ypR+26juIOaPWitGxZ/dFoMcVkUZxdZWKYxCte+Mikl/yMJSSUFpNSkrKkl26SKgJsLA0fkmFk5bgfNF0maTIqthiR4hZsHL+v7irODuJN8BUG2pQJbUlFqFveltHxx9XcbUHjiBbLUK7oVucRAxTrHUxq9z2VVvmgIg6wDhLeUKf6dhZvRlYW5uY+phZ6ezr7RE9K5EZ6OlzPW5eau/pWZ8LZ0c8bq3LE0o6xcnVuIjDRAuY6V9AmKDRrhfyZmFLKjJqkwS9QpXM4F+xYqihPO3qC1WOHqXK0qXGtggkNk1PnTxsHsYeg7VcI8u5b7lAuzZUYng4J9m5eQHtNlMLOWcb27FmhMpSbsC6pVQcXWmyjFVGnCqaOOMuoCr3R4YkYlnfe9VNekWjRGI0lCNqOqZwexlkP2uLU9UVSkjIKezMMOvqMNHLdnKc6rpy06RmdgJwX8YTaSoEjGbQ1tqWUREy+GjxwoHCaHiaJbXc6/WEw4AKM0evlyoixfbQiD/Lud3LJQsT6dhZfREmaMWR+Y4RNlH1kXt0Ey8dy5n3taf4UrMFGhW0BaINN+jrb72UaPjj+LLquI+yE13Z5UVFMj8Dy6GcwTwLNVtE7T8g1SQ12h4qR9kp2tbL5zMvuv+C3eeycKvq4ob40f3/ezOzd1MmtpCBn1/G039R6RPT2jgGYpc0TnEfIO2rEuetZ6/871i598+Ad2IlnIn+WoDaDuZrzYVD6Ecd2p06fP6i1m5Oxu7gRrM0owWsODOR2kXl4U0SoyRqcQx0FI8WDslsSgXXspSw6XRkyhdEO20bf9PnavdlC7VMuCaMyDWrsP3YJP3yO6FbmAxTpGpdHLlyX5oiGMjvyL4Dj9Owsro4kbVPdnBhooOPuh9b3FTBeymryiHPldE8/cIxdklizh22/YgX7oavRdTQ47/2EjM/UzpI15d1lHmK4rvoUR/9ZO8QNcU6uefYC9WwmxExIsYu6rQk8Oei9giPv/drWNOWonPoyCrqxn5StQP86jNJqEYjzd9uWHX8teLOrbl3+EtCcGoYaLqdnDts/IrN4WSY9WkW3Unqkhrkgx9YmKlNFpmn9uzVanX5dOj1KFZ+ti6lZuf5d1Oi1Gl+XhKrETe5LUrZYLXCzDKI1ex6g0fq0hMgpXyoQGcQ2PHgUub95IawC91eQFCwB8fKUaAxyraMhrqxl0a8IPs/7UXUCDYtNwQnny3FpOMzsff0Pvxc5fu2MINV60AAAp3hVNdWHxswb4YoLNAgYIufU4vWE/oxLruNuiD0BD+NR8CtGxf5DV8IIxmgHEJtxOw1OcCLBlwu6TW0P4pZdN3AYgd5KHOK57lUZol5AAjG7Vlj8X/jdft2Y6+bl/pGmFvMs4j7YaPkZ3ELL43eVji/R6NFXVRHxRJKPwsVSRMur8nBybvW7dutmzZ2ONhp/OEu0ZjZzRT1n4qMdXEFee1TmpclZjtHTyOtrvIV23PBesWNajqYH0qDx+rSEM1HUFY8mKf2dhZfQuWYKCbcBBHcCAEHzHlRvMLT0R3/P/wawGz72MMgpjtqkZOrFhiGyHXZ0RGaPoPGTAPFS6in4gcEeKVIOzi/7nNdRZ6mV3B3ScvhCJ7cEtfF2UUZDhzub95mm9I6JvpKQEJzWjO59902+2lQ1xXNfDIrTW+3+x+zP6G20bkQ+jPBi8Hb0HoUdzyOJT83l6e8gZnRUX18uzO6vo/YOD3h9NYh7dnEhCSSsi7lZREe7PDNyiQ2Ogx0+1W45vxG9GSa262Mj90c2sk7W+gnj/VUJUFfNHo6it60BzLfHI3AWiW5ELWCwYdVN/VB29fFmSLxpizEjpwC79OwsrozWEfJUMX/SGx2mUykaqthBAOCYk2bqb91i4TRxF9WiTlwfiUNUqXPXiUZiTmdyfrSFsmqyh4F3tjFPNmomiDhjW0K++EBR4VBmLueFHCmbxx8x1LkChmerU1mvMqKE1h5vbfW5qGTyj4ESSw7dnenA3vR+jeYFs3S++bFsAJ46dcbEmfpUzCvaKfvPRkDLae8yoijTB5HgtB6ZTOa57eBXGTh3ZcO8gW5JPtkkV4f60ZOE8/8CsVMeDJbaPOODeVsf4MAr3xXmBf5tkQWAmH65QvolHUSLLGWWR5AiYu8tFtyIXsFjEda3jzdLo5cuSfNGQvmVoEFXm31lYGaUmvPVOWxZf0N1ihk/mZS0YtjC6vRYecG0+ayecUabv1IzvUWW0jh/P8CN9c7aG1VfRMeeM1vE7xgIPUmGRajiDLQTTRAeo4+bdkDqpWs0UT1cIxqitm69KvpwXgt86eEaBv4U00PPI7h8zWlquxoxc7A8qXvAD6vNVYF+ojNZTdetmqvbp9rlzhpdRG3g91vl4TxKyxfooLlr+3k4nyn08e12qiDMyaUwE++veUeqcoFX0z6PcbBKMEnIih8/hOkHYqeMocw2lLLer0Quai8tSZtGtJCBQsbSQBFO8NHrp8mUhXzRkexigy83+nYU3rpvJfZ8n4LKBG9HkBWrHd8CxiGm6AydV74gxGqUyGmUJcFRkJvXHRG1xnjM6UWJUVxhJ17KZ25CQxFbFRQgpUzyl6M3Az+6sZhsFii9lqbbN0DNKV1Fw4SRVv/aygVOJsaC1dO0FlzpxSea9DZzRFZo/2kL/+4VtKsLdDo1Dzmgfz+7EfT7k5vpa6pyd4cHVA7glZ/FtLL+2kYfbRUWlBN5XPQ/F35yJUQHqczwxibjuGXjdy8Eog78ge9KjcwAAIABJREFUlreOiVf3GbGsGp+iERDrA4vcrSQgULGwCogjSR69dFmSrzWkb1nJQBb8Owsro+ZNzWzvmXUBtUqX1RC3F0yV63ept1HFPa0x9kEyWsKCs9vvXAjAqL4QGGVRN2puI6MnTvF00yszGiTh3pF7/0hhZkI4GP0/e+cfE9WVxfFJeuvLWgjDr7CGoEAiEgRGIym21CHoZpJWEhgai9HUbZ2IcUVxqGXXtigtEtxVaY2sqPiDaquzhKYsWm27SrXtimu7rqnGmrgx1DYrYtGuXZesf+0997437wfzhvnB/Hjj+SqZ9+679703MJ8595x73r0AoCu+5B34OtvXMCaH4WjH4AHizmGo6r9/iOUw0Pdal5AzcJ4F1XlK0YOzDkps/bbtg29TROscEY4Z0b8AD79o7Gt7sZRqSzcfjqm4eTMcrZZLNhYXF6nOAK5eUvFDs+cL2dq3lo/ddHsxxcVZ2tMqLuDpMP+gC7bNZeq7VxQrr69qaNZ5C+HNYbCKQaudLILjuky/seB1NwsS0Y/KyEC5GYaIgmOUepVVZ++kiN6phlH1wVoiBqCqj1PE6BcZWa82/Knj99/XfHMnfIw678mW3tKiztdd4M4FhD7v8B5x71QbGFUpGAymE9KO4LFwuUfRYoo4oyGSD4+UGEJhYdTWs4PFfCAvkXYm+GjoF2yIFF7h474Ejlub7cExCh7Ij9LoqZZRzUHqFrOAFIwC8ZhRgZhuceaHN5WM5mRne+rrHqkIc19XGkX5rq0H0oq4Z7lAdCx5irxFzKkXa15scB+pcl1axQC+beedXjHT/uINHjMK6fhoSnp6WiQY3YSM+vOF5p6L9rCUftAGjiAfjJQGRaBeaTCMVh+XJ9SEDRWjmoMQWYYULPBs+NgLD862shxtBaN6MSPb1Qti1tIxKSM0xOOjpozu7tE5OscGurvvOxU1R7vnyEeyFXl+JSU5UvGoI5bnBeSuHjLqmyDONfRwxU/50ninhcXDIUDG8hnA0/pkBRtqpOWBM8qis4Ob23tEA61iVHvwCLOCB+w8SMSCgEMPIRcCrK0PjEL3/YrYq7Qkh4VRnLvzUVSYcgHdeXalG/gQJMsDBDYXi7kNbk9rfTD+aJMiOnvUrPFHNQeh5y06azWqXMCuRBWjeWlp+jkM1l1iGs/KD+Yho3o5DB0dOcholDMqjXpYXCxrwCbm00Pv8wYL2/Ds9hFHIxhan8dH/zb2lec8Vg1Rn5eNdPNjlNHSRO1B8UHbkRcviz1tfhMr/2dWnNUHidm69eTc92ZkNIpiRsiov87B1tWrH+o/F1K9evXviybkQu30OmZfDu4aKBdgLj9KrJi9lLTaW1tv1zxmD09OPTKKjIaO0agTNeI8rtvIe766yt2+ffznR22QdISM6szdWVRUhowio/4bdtrRvhknbLxSQdyP4nqUr/MwtPcMYV8XY0bI6ARKXgyiK3EiGMW4LjKKjE6wPhIHTlzenyozZ2UJyGhQ/uj+/dnIKDIaiGxbrx86NLAuLNfCmBEyiowGIKsvlbJSUpDR4BidPBntKDIaQqE/iv4oMoqMIqMoZDRw5SYnI6NBMZpVXl6EjCKj0S6MGSGjyGikZb52MREZRUaR0fArLS5OJ38IlrK4I+3sved1BUvK6JPP6unWwbF68KzhNEl/7k587gUZjUTMiOdAbHPCtg2eSp3mPV9XX/9ik5mo/2+bZEBhzAgZjSZGpTUF4OHTvezxtN7EwBkl9UoB+7HJ6OOTUX7qcWR03K+x+HhPyYDVMCvTrS/Zsh/X2AOkLm9pv+ne/gpnCOl6TKlthDww4sfpCY/vvSwnJ83NKCoAIaMBqclOLB1sMoe6u6zPmxP4ud73wOjLsfOrkmNGT6ACEjIakGoJmQmvrbzH228WkNFxGUWFRtjX9djXnSIucMXc0jpnUJeIcUblvi4KGQ1jzEhcz4sxejRRQEZRyGjUMconvpYWdUNGUchohKSTw6BgtEBARr1JzmFAIaNhlILRxcioV2HMCBlFRpFRZPRRls6zaRKjzcjoeJKfTUMho6GQbsyIWL6yWA7C8mn0lUoxiT4yikJGI85oLRmjacgoChmNRE/N85xjR8YyusTnKQbnb1bpKQ+M/kJdZb6R/VH3nGMoZDScss3XysuUKnlzVXId1PI9hlG13huaawTleX7z7phRPCogIaPepT8Htlnzz4vmaR7i+rTeL0ZXvmuMZ9PSPTOqmAMbhc+9hM0f9U9aRid1AXoHV7qlZvRT+YCRENVhVBbShoxGM6NPP6fS0EFg77HxBAb33P7njKCnfWI0DuWnkpHR8eTT2oY+MDpTM0PXSV8gBUR/VWKMKcdm6jGKaxsGJZwrJTzywKgvkBoJUX1GcV5AZNSgjI4PqaEQRUaR0YiN7qWlmUPD6HiQGgtRfUaLOjpw7k5k1AAxIw+MeofUYIjqM6qMGSGjyKixGPUGqdEQRUaR0Yj9irKzs0LGqD6khkNUn9GU9PQ0ZBQZNWLMyBukxkMUY0bIaIwy6hlSAyKKjCKjkVJ6SUlWKBn1BKkREdVntKykJA4ZRUYNGjPyDKkhEcWYETIau4xqITUmosgoMhoppc2bZw4xo2pIDYqolxyG3Nx0ZBQZNW7MSAupURHFmBEyGtOMypAaFlFkFBmNlLKTk7NCz6gEqXER1Wc0Ky+vCBlFRg0dM5IhNTCiGDNCRmOdUQYp0Uc0fTDeZHIODjqCZWkizoGMIqNRpJSyMiEsjHJI9RB9YzlZUmk6RshL/pFz97/aEv/PESSj5QkJ8aFktGm6H4tL2l7QqWv92tLmdyNdLdQ/GTJq0JiRBKluR5cyWlppWuAnXxnLyTJt2YJwMxrqmFGtHzMbr11eNdvzkaTjJNXvRnqq1j8ZMmpoRk0nn9L1Rbkd9ZevYfsjwGjTxy6fzVxzfqEeo1N1sdJvpCcvJ0NGDeyPehdn1F/9Jj8KGJ0If9S2IlOMDVs9bEm77j+ULVPanp+ZqQzLz5Bw25i5IktVQ4WVupW70YrMT1T5LPJlhCR5c2NmkVU8mVyquVlkNLYYzejuO+kQGXU6nSzuM9DXd3KOSG+O6Q1a43l3/ZLuvr5RfvDbCrJM0cLhZpTudTilBi/2yXv0bG/1jVZGF6N7/wLRtJoO+lG/Yqdba3KVW032XmpHr9Fdy9l7NbOtn++7vYoeOrFOanjC3RVugja9idYre1j5BkUNzui1CnI0UdNKbCTs+lK8CQ6d4jJC9THpfEIzNP5TPpwsqUcqlW8WGQ2BOhISIspoxnkW7nUxRnu4DbxrZ2Xf3aDbPaTmmXzYG7nB6t/ewee2H2kwOdlnjZxab3LyFvUnKhmjLvi0kaq5/AI/s1prlpr42RbRHUvLBDJqLitLCYrRZvr+ztG3VeUQGglZeZren3KrFlbDorsWeOeFs5M2wfTi9KdAmLWFkDMUx8Oy60pVmriQVv5rBSG/VNRgjH5GYdygbSU2+jNE9OjPXNFwypcRZu2mN0Ov/sqb7ITvwWJ6qUL1VF5at0Fxs8iowf1RT33ce/KaT5I/2iOV1KynyFlIvbwnH6PVM7awDct6aMfF406SgMThPdJep4mdjVQwrKPIH20lNXMEYRe1TRSkmdT2rSIF8pYwhTLaPJ0c3SD80w6MTiVV24VZ/yBL1k0h+0yCtZUUvq5yLWFd50Sh+u+qGrRZG6Wxa50wppXUaJtJWHtPXHdWUFyG3iDppzaYkMV005IApZRRCnW/WfisgnQqbhYZjT1GgTmX44XlCkYzVhGLKz79NoWrgJlFsm+p6R1qa3qdpkv05WZuzgDYxhbnwG3adbs/Wvka3bv5/K8PEGgODWr646/zBrQPTU71OwYuUJbb+NlOvbqjyxlFjFo/Oj2XGy5g9OIds7Dr0Dx5izFKuQKiGjmjnQIsEFtKS6u+LxKqrw+4Y0ozplPEZp2/9Tqzj8oatNn7FeRmIrTUtGKNppDCSrZNfpQYlS5D72wZG3ChJvM445DWSpVKPyTTyuSbRUZDoPK8PHPkGL1EXZ4/iuZUYnTYTpYAQ5S8XlbEDOhwPthFWlbK+PoPs7i0cCf1RWnjZSLwvU7aYB80+Jad8TWxOQybHmaMwkHnRPqj5cnJJUHGjNqvH7hQAbapFZa/+WHQLCi2gNEPwWHk0R0wiAIvXTudVrr1Tbki/DOdmcHqqwfO7yCqGrQZ+Yo0wFCLthVr1MrXl7V+TnZKjEqXoUS2QNERUvjv3azUdpl9n1R9TJVPyZVvFhmNuZgR5bHOIUZ/3Izmk3oXxIS6452MqgIpXttpuvTyoqWS/X1JiuvSBoxK0/DpB0PA6BfMD90tnrGTfxvkk1caYHdm1MV11y4Xe+OpQtLXbKNwjmILMFnIbRbQJAZooZSHeQj0bFWMNko9f0UNYJSWQARI24o1aiSHzbzjvVg5vAKXmbXF0iDWo7/wFl4rdcYqyYmwVMo3i4zGHKPUzO2UshEkRqF7Wk/OfcBDsQtIVZtU9UkxgvuHRTuIklE7+KHasRcWKYawUt1vX6X6mXmhQQzMhIxR62VCRt5+a+MmBkXS1fN7+Jrp0hZg0gq8cc9RySi1wD9dgG6/itEj1Kg987u4WlUN2mwx9Sg7ud1WtRLtaKnWjqbq2tH/s3f+MVFdWRyfxFNf4kKYUYwSogIJSCgKjaSYEiAshmSzNMDUFlcT6kKEuFFgwLIrUpS1Rjcqa6OIVmt0m1aW2K2/6m90122Buv6Ka+ommo1o46+ta2J1zfaPzZ577/vJzJsZYH698XwT5f2459374H3m3HPufXekSzC5cjWczd24cWNubq5D32xiNODKS09PDiuj493mMDzKFJ/Pzh6epnWuUMdZ1Cwt6BltBf0oqYHRNsVFNUHQGI3Pz88YC6P1G3guNRsf/+zTs2tEiKdtOUQ8yqPFL8DA6LmdVcJ+ssZoLXOJDR08eC3UleB91/PgbJHcrLhRgkgWIY9zhzOKkecC4TybO8Rm/VK84FGRGT739TFdY4nRqMsZtfIocfg8o7bf9wmy9rvwUNYKpWgVj1/Z934/r/af0f55soaCw+hYc0bZG1hWtBIj7F3I6Z1GqeQiLGxXtxpFdxMa0j64DkZGD4GTjZ+maoyuzcyaZH8fdiPQtyqgeZVWgpshgTMa3ay4EZ461cEyts7y4Yyy2Pg/EsvgViGHECdNvMT65bj5wC6tyYR9WrMbidFoZLTK41zAti2DFcBcaLEyUML7usXMu6anKSSq8ajo67q2XHvhMjJ6RYzABGASUtAYLTmPHzrz2JgjRyDrzQrWJdW2OCa35P6AgVF0Z9CPH2fNqzQ/ins30HQeH0wt10oIs0N4QTcrbtTBRmDfLFN6wwZG0efyAVy0YEOl/Tt57Jx9FOAeGxVt0TWWGA0GXsFeu9N7zqiMZXKMOaMbfWVdcogqhlJ4CohlcrvaqhXGnimMbuXxqMjdXs3EDQOjzFwEvFf7+i+3BIXRMa/dWX+FJV56DqAbKjnAWHWeRXLVrQQeKX6Etz40iL1YhOcbeVCEH8RgVvcMI2nO19icJBjasgHDSLWEMMPPg92r3Ky4kfQlQ6/urqQyqlYjZfNB58vMop5NHHl8mp0Us4+G5ugbS4xGXc6IcbiAAXVFG3tpBeEWETJnp00dSilDhzpth8xYqxqP7hcDN4axFx2jWNC5TvagDTURmTNCtef+qHxQluTm/mgftoWQDP7XXiBJy9wivvbcXP08WbtU8kERNz3psYTdk5VsJBVsy02ym7ZQtWjXmlWp1qNvLDEaVYxy2O509+rnMLCYc2hz3m8ugDxaArX/e7qnjHHoQpQb4tIG+PzBWdyDwvO/1LCL7E/nRxcb41GeJIaeWD7pocsWqYz61NoKmIC+dAPss0fAM1MQyIsRoz4Vk5gYxjkMNnnqXpPHuYBsR5vat7CGT0yQS/OEEpt2xILWI0qZqmE5I/1cwIPlwWE0JyUl6Gt36mK/aBMxGuE5I3UCfY/+HW953vzQIsHwY4ZZ1jGeFnq4U4zKoLNlgezDCkGyOHxmrjGvy7vM8qT9ugeuCM0Z+RezPlNiP2KUFGpGba6BXuU9NFW3e3vl18+KoWkxlniqTlIY6O1N0ebyufLy0pTDT02m+LX1vtCbWHTtzolJo31Dkxi1uFK6u5PDy6jPvvBiWyTIfO3OKVNKQ8BotIoYjfScURQwGoqcETFKjBKjxCgxGqkqysmxRzKjzyKe0dLNm2OJUWI0mnNGPmY55OWVRzaj9H0vxOjLzWjEiBglRsMVj378cTwxOqZ4NDnZTowSoy9vzsgCjFLOiBgNqronTCBGx7Z2Z3x8MjFKjFI8SvEoMUoiRolRYjQSlVNaaidGw7x2JzFKjFLOiHJGxCgxSowSo8RoUBQb1rU7o4HR+JgYeu+FGLV2zuja5+46TjkjEjEaWkbHv2Gqe+CuTW9YTeP9YfSVCaQR6hVi1CdeaWkByet6kUdGx1tQJusZxcbmq4ySRiFiNAQ5o5ip3oSMLt+kVx0yOtWC8vXVfT8hjUrEaAgY9a5PAfaO02sTwC8pQCD5K+rrptmJ0bFI6+uSiFGLKsoZ1XJGJGKUGCVGidGXTwGZw/BSM6rNYSARo8EQ5YxIxCgxSoySiNHRKyDvpr3UjGrvppGIUYuKckYkYpQYJUaJ0ahVYNYcm+9N/R4YfT7fgvKcANfWHCMRo8FQQHJG6b7m1Lsxask59b5+UbGkUYkY9cFoINbAHsboqeUGgQdGwVhkn5UZ1a2BTaL3XiJUyOjURTo9Hv4qmjujejX1LIp8mTJqeH+URIxGLKNdhkULvhsJo03XrLAOw+t+MRpDGqEmEaO+FJDvNnRj1PZHZO/eKVUGRMft0040YTlLIGrOKH234ZhEa6WELGc0jFEX86SbxvkQSydZw4t6YVQTMUqMWohRm+0XviG1EqLEKDEaLqV0dycHhVHfntRSiJozmjxlCq3dSYxaLmfkjye1FqL+5YyIUWLUUox696QWQ5QYJUbDpZjERHuQGPXqSa2GqDmjOSkpicQoMWrBnJF3T2o5RClnRIxGJaOmntR6iBKjxGi4lJ+XlxxERj17Ugsias5oUV5eDDFKjFoyZ2TqSa2IKOWMiNGoZdTdk1oSUWKUGA2X8gKxdqc3Rt08qTURNWc0Pj8/gxglRi2bM3L3pBZFlHJGxGgUM2rwpFZFlBglRsOl0owMe9AZ1TypZRH1ModBXbuTGCVGLZkzMnjSESLqun27xnepxNuxHixjXZQzIkZJ/jMqPOlIvegRgMU+C7VVw8Ly4QcvgnMFMUqMRoW64+LiQ8Co8KQjXRil2E9GC8vdLc+EilF7UVG8OaMFF7M6TX5rJe84vP9afRbwS15aENB6vF/KtBXEaGTkjFRPOsJYtHjUfjSEjHrPGVUehcmeS9dXO1/zejmfBfzTRNMWBLYe75cybQUxGjmMck86wnRRFDBacuTEW55Lr82c7R0NnwX8ZHS6D0YDVI/3S5m2ghiNlHhUeFIzRF0Dhw8fn2PYq1EZxb1uNf/z7mH93rReLCgz6kqTD/MNlVG9gSvN9tvDL8rDE4+2J52Ue31LknLYz5nK89yeNCyzXrIkKV5XQDHQn8/x9udYknRSuWJJUo6RDt05pV61IbpzqrXpbaj7S3RzYHT3pBz+aVJSMjFqFUZttuOeD/+7goeqQ//kIMl7x8o5oz1fsR3nXMHkD/zU8kVib5Dv9XBGry6F1/nRG9z3yowaDA5A7du4k7UulIwWXIJvpDUVPUew5losV3Cd3d7ydDyGPw8Wna/Fu2i+UXHQwWI2LCtlHyljd7VSFHCoBoo+Os1uqbZb6V5ucLaw/2E+MnUedknbv1JOr6l4Xg2wi9PxjzLY79DOlYh6V/FSvB6dnZBsvUZrmu425Ju7vpP/qVaqJnKT1cOisccaZUZFK4jRkSm+qCh0jHrWAWWh3doVwncKFZZr2wAMrEc7lb1drI/7RD2JjD6qgCqOeKuOUaNBcRYAPv6j7ASbr90ZF+dl7c6Jq/HZXMaa8DcAdDLvA9T14QdFDT9WWLSa/WhuhRkOOXatxCN1HwLsFQUcqoHanQTox/POGjXg7ZKkzwD22aWZqdByCK3m4b+5kqgWuhgd55CdldItdg5/BT9jzWL1dkhyqUKHzk5Itl6mNU13G0I/x3Z9jdebqjcpdGiHszcA/Bn/CJ8IRkUriNHIjUdNNG0pZPXEJj7EP+Usmw0RgztvvbsHGGqM0dqzsTfxsTzoYoEnnDlbM3ABH4FOgXZPzTvVgtFfZQpGbTpGhxmwq51578O9rlDGo/zZTADY38Ge0Mm4+yp6l6UwS8RuuJ9199vjCRwEXhaZPCtJX0BWi1JAMRBaD7VzJGl7ptp1XA97HVieAbcMGralwiabVP+EgcSq/d3NP02HToRnb6OUvYOdy76C/lOuVwsiZ+rshIR1h65p2m3IPdtUWOCQKi/BwkZ9PKo7nAC7bVLBepjNKpRbQYxaj1H0gAtdAq6D5S50jow11wGGJVK1e4XovyKGrbKnZcOmn7DOLXTJ7tSEUaOBTb6ayxYGRndjr7JkOmf08r/s0vY/5OOjrCIoaSCU/B2dDvqtJ/1vKQUUA9G9/LJvruKehT7Di2MpyFohXYIFCTC7XODzvVwtnvu0DO44WC1Odq5+qfJZoaDGedbsFEaZtWRgVLkNuZs9eH8V956FDv2lsrXDWOPdHKny5oBDawUxOlKlTJqUHGZG0Uv2sIRRb6yL7XAqbY/6nj9gjP6Vu9odDMNi0WW12a5mQnMLot3AE0s3yswYNRqw3VeDsXZnRkaOT0YLled8PTrzuu9u2yWV0U4DCAjfOv0DrzNQtO3mngtlqjNj/cnOmanLL0AX+snO9fxKUsF52KpVix3UFtEVvX/ixAnsVnwv16vVo7dTGOXoGRhVb0MZWfp2zyD2u2cYGNUdrk/F1t+/VqpvBTEa0Tkjs7ETaIL+z3n2FcnTTUhQxl546tZ1GqDh1++hfmBBJbK4VfSVq00YHWbg30hOoHNG8sP9f/bONjaK44zjXmlgarC3m+xF19Q54bNdy5goBPWki+MXdA6itDoLcBSDK8PFkiGOXNXYrcGNIALHjYoRsUNJnFRFagIUcNNrgLZS0tJa+cBLLi0RlVo+1FJJvySVUlVVVE5RVXVmdvd29wzYvtu927v7/5Fs/NzNzrDMz888zzw7l5rn938gwrxHvppi9AE7oyYB2oQ3GxhbkHqInQLlD2TNg+TkefLGQbbePUBOKtoKeLt5VR4l7hGrV11fsoIm+rG2MxhdNY/RVTZGlQNG6sDOqMUsElGErX3NUYDRwmNUOFKRvD0r1rM7y+7M6H5jcvLPiBGMLrfsjzJGf5jGaFoDbzDKvv356uvcx9gZXZ/mR48PRHWnlGqgrXX/RMink2PPm2td5h7fvUiefmHz4EWykzG23uJH9W6332QrCt7LYOAIUzj8zjxGre3SGF1/N0Z/yjx8y2jFt9L8qN18/F/v85SfOQowulT5W1uVPDNaFpi8pLF0ZmgBRi9v0HWLM3rSzuiZIbPG12DU0sAtRkMNDVWLZvTR3zzC87G/EIzuTvOjbNXK/ehOKspy1og3WBroWy0i88qXtSnGWGS+du+214RvfVBL+rC48jGz25foe6RzL4OZb9OwSzY9aWd09zpbuzv4UT60eYweIIOHxDeLH929zmr+/es7tTE/YI4CjBZezkgDberqVuZJv8t8qrbWHZq6cXvIzuh1bQdGV4rmFKNatdETJqP2Bm4xuqicUYrR18hHe+jGD8g397zw8FpV0Sc8ixS/Qbe9R7S87n8ovSnyuuwNlgZG9LmGBXyfWVwS831k8HtsyctTOgyydw/x3G3nFitTzLxqz7efJYNl9H72xr1WRkU/1nY2Ri1Dm8/oj9mb/7pV22dNXcpiPk862Rrj4Ff0NbwYBRgtPEa7Lm1+RY8rydMsHtVSsR8+zP5iY5Qzpi1nP7x0+Y97/7GZ54GsOSMN7s9sOSNLA08wyjdJ1nZs5YSxCUu+E9cmPP+7HmQ++ktt//Mn94k3HDIbCG1ktJzie5zC3Wo6zzcg+dc3FBEMru3YrK9tTabOcwvfA21i1zqp2P0oEYFsqp2NUcvQ0hhtO8iabHiZB8tbrJf6i2lmvxXI5UtE2+wxRgFGl6gqd8/uXISeIxpdDMTOl/brey9lxt6LhVH2xs7v6w5xkJcAku38teva3stW1lq7mnXvxdLALUbvfXYnm5vXzJjuGt34Fuer83fCDZHOL3Ab06u82uLXT/AftonKjbN7tDesszTQFrvXea3U2bfMTUle1vB14yulv+KXeubv1lDymmCbedlXn+WNP75PN1LDH7J+LO1seV3L0KzXE7rJ64puTf0glYrWLmUx/0jkBD4ts40CjBZazohvdN462jz6PuGOkTN2puHKVaOGwcKoyAGdrbzC6/te0asdpmf0Ggb24vDu/82I8kBrDYOlQV5yRvO1MRz+XEsBbBxP1Xi1tVWHG40fng+HQ5Y3mA2Mlz+/56/VtuPh6nk5BsNwPBwOzntJ6+eO7dKGNv/f8s4dLmU1p/4x1lGA0QLL66ZqAQVCF40fdqbljKylfW9vsVYNihefI9bLpNcCvr3FM4zeFS3v/v+6OTQwuvAtqqnJ81q3rOyTl7Waeq1U/hMB1m8fs+d1xXJYr6J/5uMhsxZ/+Kz+ovbTR//crDEqwlpbA5cY9VVV+Z1gtFQnIBgtjLzu32ZmbqeeTSu7MjPz77tU7O2fuT1TM2Q+xTZjPtIm2j157wY4FxCMgtGiFRgFo3lSo9+vgNGsahimp+vBKBgt6pxRgTOKcwHBKBgFo2C0pPE6ehTxaHZnd4ZCETAKRpEzQs4IjIJRMApGwagXpQSzL2Eo8Xj0xIkaMApGkTNCzgiMlqqCPh8YzY7RFSvgR8Eo4lHEo2DmVeNGAAAgAElEQVQUjIJRMApGvRlKqioYzYrRYDQaAqNgFDkj5IzAKARGwSgY9aL8FRV47iW7514aGvDcCxgtgJzR8k1FruXIGYHRAme0BLQwo8tWQEvUMjC64K+xykoHzjP6WhFo0+OPb7r3O+5ydmd9vT/FKJSBwCi0OE3Ozr6ZSTszZ7QSykhgFFqM2geOJZP7DivZMAq5I6x1HVjrFoEiEx2EdEyOZ9AytdaFwKhnc0ZFoF3nEmQ4ca66HbcCjIJRLyo8OZskJDk7Gca9AKMekyM1DAWv4OjpBD/QPnGua8l3w6xhgMAo5JbGJ5LD4lOKk0uPSJEzAqOQ+xrtHtY+SXz4qVEwCka9JUeeTStwKe0ts8YHrM22jC9xtWs+mwaBUTeEnBGl7bu6TyUSiWSSfTnVfQSpXTAKRr0WjQ70joyMnJ6dPce+9Y6Ngwow6iU5cuZYwfvRga6uronu7gn2bSy8RD9qnjkGgVHIrYCUfwh8V0v5WCaNkTMCoy5PzyBKATVlzGjqDGwIjCIe9SKjEBgFo2AUjJayHPlsw5Jm1PxsQwiMQp6MR5EzAqMQGAWjJaxGvx/PvWTFaGh6Gs+9gFEXhZxRtoxCYBSMglEwWsqqr6lBEUNWjPqqqvy4e2AU8i6jyBmBUSg3Gmsp7wKjYNR7qmpuxlrX8KMZMRppbq7A3QOj7onnjBSfTxFPqbGvPv6sGjMExddFmalhDi5gDupm3wLm/IyHM5rxeCAw6iqj9bJcRem0LIcoPSGvoDQqlm/MXE9pgyxHKV0pn6A0JMvTzPPKcrMw+yn9oiwzRyLLKqWtwlwjzEdlOUh9wlwhy5WUVspyhZ5DVmT5KKV+Wa6htFmWW0XHEUqXySuNdWN+xnOjpfxGxuOBwKhr8re2KmAUjIJRj8ekqspmbI2qsjmoqmzah1SVTeRWVWUztlKYp1U2vyOqysCqUFU2Y5tVNaqbfcLsF+Z6VW0UB5kpNKiqDcJcL8x+/XwzRZgbVbVZdOwXHfv0jqPC3JqX8VxoKb+Q8XggMAp5NmcEgVEoNxoDo2AUAqMQGIXAKBiFEI9CYBTKix/9GRgFoxAYhcAoBEbBKARGITAKgVEIjEJgFIxCYBQCoxAYBaMQGIXAKARGITAKgVEwCoFRCIxCbjHaC0bBKORtRveBUTAKeVcKGAWjEPwoBEaXqhclqZHSL0sPURqSpH5KA5K0g9I+SYpTulqSKI0Y5jlKa4W5R5KC1CdJPZTWSVKtMNcJs48qwhyXpD5K5yQpQGm/JEUolaTVlDYK8w5hZh2HKH1I+i+lUUl6kdKYJMXyO57R3n0/z3Q8EBgFo2AUjJam6mIxNmMDMTYdg7EYm9nRWIxNyni6OWQ3K1QR5kgsFhfmkLiUMAcMc6NhDrIZbzNHhdmnm31Gx9H8jqerd9+FjMazo7Y2AJDAqDuKRCKYAVnHo5o/hsCoG8I6zQFG28AoGAWj3vajvrq6Rtw+MOqO+vtrMQOyZhQCoxAYBaMQlDmj0Z6eOdw+MOqOAoE4ZkDWjCJnBEbdE3JGDjCKvC4YBaMe96OKzxfE7QOj7mhuDgUy2TMKgVHI44wGgwpuHxiFvMso4lEw6p76+nZgBoBRMOphIWfkAKNt0Z4elGuBUTDq5XgUAqOuKR5HMTgYBaNQsTMajMejuH1gFPIuo8gZgVH31NODyQVGwaiXhZyRA4y2hXCeERgFo7lh9FimOSOUGYFRt6QomF1OMAqB0YJR+5GuyZanTje5pY7u8snRw+2ujH2g99hoRg0jc3N1+K8Ho+7I4YeqdrUkSU40ctgdP5oZo8gZgdECiUfHy3NEKFd3tXf8KBgFo4XB6MAGzs6GjpHeqYFqt3R4dOLYadFRYsozftQXCKBcC4y6JAf3R8MJBs65MeNHxZU/Rl8jzGMPjzp8MzL2oxAYLQQpTYScyl1a9AjvbpdH/CgERgtBE2z1WZ3D/tpnWUzqET8a7e/H2Z1g1CXV1Tl0ducuttJ9M6dDP8yWu2OOrgQyZRTnAoJRF+VYzqickNM5HrvjXWLvBYwWMaPtCYed2iI0zvo84om1rhKJ+AASGHVHtbUxR64zRUhTzgd/jJAWTzAKgVHvi+EykfNOx5z9xaCAUTBaxGoiZCDnnSpJknTykQDEo2C0iNe6pwhpz/3oZwlxcrsHeV0w6kE5lTNKkkQeRt/hbNIo83rd1atxdicY9TijCZLMzwo7jHgUjBa3nKphYGvdPIyerXWdLAccmACjYLRoVRSMjmXKaDAeD2EOgFEw6l0/ipwRGHVPTj2bVtJ+FHldMOqinMoZlbYfDfX1xQASGAWj3o1HITDqnpw6cwx5XQiMelvFwKgyMDGS4dmd/2fv/GOjOK44jtCTpn8gde+KI87lzLmAAMfxnaNTXaTmyF2tkyimxqY9mwgHhdrGlh0b2YKALP8CY36lYCNCYoIQBRcctTKh/IgtBKQUqDEh+QNEqQy1GpoQqSlUcmlRLUTfzO3e7RH/4C67vr31+0rGMzuzM8PefubNe7eeLSqivTuJUZ2UmirFj1F/wKLOej5x7oqzHV1HcV1ilPzRsKpW52eq8wWnICkh7SjFdYlRkzK6OT0jglH/yZ7liWlHvXZ7N4FEjOojnb8f9Zc45A0KrA5HaKuCBkcv/zVPYbTBURIRuZLLuUocvVLoqGRUf5REjBpfIzLqOpkLAF0bcRl7ku9afQZTTXldPF06H1P4+0OL52aHXOa5DldV5ah9l3jyXWT9YmkfQG2dQe0oiRhNTEYLGgHWtAMcklzvBVO1zaxSbDEPkJEpUossSwCcl5HlGczaiP5ouJyxO3zbeyxazItAnG5MO+ouKyuie4AY1Ufd3Wm6MVoPcJ6x4+Bcv1WkbgMUMhvAsWZ2ARBH4Y/OmwuFFlZwHV5ba03Bg6pyJPvtKcz1GdpPLHLeu/WRUf1RihkRo/pJx5iR/wYc4db04ZX5jfA6P7IEqjfa4ACuWP0cx3lzkVFX332+gq1EiyozGiq3Qf4yLKoqhyQsenGEXg3CKMV1idHEZBTXp1uCKbSVInUUV7A2hBHLQowixLcO9uE6eJbCaKgcl733e3p6+gG+xvwu4zLKJLfbSyARo/qoeHaRboymKF93urY51wdZ5YzOimS0Xn5XYciOhsptofcYzgi3ZUhGScSo8TWGHd1bsT/CjkYyehRgzY83TKsM21EVo9X2naisrF5ilBgl6WJHuRdqPQUvNUIhP7IVapsjGC3NRDNazaO19SPY0UrI5+bXdXbhcoMzmjZzJvmjxKhOunvXrhejfBX7Hx7NFXFdTF3IRWhVDG5Od35PqocDyxi7kxcM3kYwWlUO1VOY9TrAeqMzSjEjYlQ36fksoOsUwBX+/ailalswVVvHIuwoHvkzgDMbiyBj2bOMshN4eGEewBHJ6IwmJ9PencRoAjLKCn7CAz5daxFXkfoUL3UobntVGNr8zNv8caO/tW2DLeKgupztK8cy51cWJU/+KDE6+TTHruvenQ1ZWe5nUyr5W7z4T1ZW76jt7s3KGuOP0IlRYpT0LRnVWUZhNDUtjb4fJUaJUSP7oxQzIkZ1U1nZbGKUGCVGDSzaF1ADRj3u1lbau5MYJUYNbEdJxKh+8nqnE6OKtu/4BTFKjJpVJrGjMTLqXbWK9jMiRolRA9tRihkRo+SPGtuOEqPEaCIwGqf3eDuMYEdprUuM6qcFC1o1aecxXIvD6JcC7DSCHSURo8bXNaiJjx39nxHsKIkYNb7QM8yKy8zgM4IdpWcYiFH91N2do0k7KwAOT/jgtwNka9pejIzSvoDEqI7SKma0G+CDCR/8GwB7tGyP4rrEqIkZbXkMjx0TPHYpGyCgsR1ti8mOpubk0N+mEaM6qbhYo5cgrNDYpj2f7dZ0qRszo0gpYUSMGl7ba6CmYkJ7bOnU2geOnVESMZoAWgfwsW8iO0TLvZAZg9G05GTyR4lRnVRUZNeoJW7WlrZMnDO6B+BxhVEYpZgRMaqbtIoZoQI1AJ07JsiUtmUDwBvMKIzSHtjEaCIwyg4jpNC5bkdAX2vq27T7LU4o/JYZhVESMaqf7PY52jVWsVB+h9Ljzmy91HlN7qNTe5y27yZGiVFzS2JtSyEaPYFYlb1bh0V1RayMptK7DYnRxFFJYPdbv8mueS5CUdHT2bl0z44N+jwuEbMdpZgRMaqfWsv0eVGJ7zn0YHh4yBetJB0vRqyM0vO6xKiO0jJmFO3Kcmhw8Nwmn4EuRsx21N3aWkQgEaOmY/Rgx+DgcJ/DDIx6JMKIGNVLcQx2nBtE5VWYgVESMWpCZT0Y5ow+6aswAaNeu532MyJGTSYp0P6EMzrY8cBnIEZXUFyXGDWaZs6Mjz/a8mBQ1lBLwjNKcV1iVEfFK2bU1q8w2jHgS3RGmbeoaA6BRIzqo+Tk1nh06+sbVhh90u+QEp1REjFqNvkc5wZDyqvwEaMkYtRYagkMtbe3dwwP57W3n+tvcyQ6o+7iYtq7kxjVSWlp7njY0Z0bBgYG+trbh/BXW0VJojNKMSNiVD/FKWbk4Zt0Bfp7BpiR9uuiuC4xSoxGSGaUJTyjLDU+yxFidFKotfVuvLr2BPr7TcIo7d1JjJpT5rGjJGLUlDKRHU1bsGA2faDEqD5atSp+D8iYx45SzIgY1U9xjBmZx45SXJcYNSej5I+SiFFjr3XNFNclEaOmlHnsqOT1TqfPkxg1I6P9FDMiEaPjSKtnGFJfiF6POjsfvWAkdT26P86A7MQoMTrR0ipm5J0avZ5++eXTqYbS06fjDGiUP7bNKSsLTnXJpJhEjBqU0alPDYYojmhqTIyqLicpFhGjYygnx60Zo69Gp59xvWogjTegl5+L0ZmkKEWMjiePVoy+/B2T6y+jMjrdbk+TGV1JzmO0KiJGJ0STm9FQzIgYJUY1l1Z7jhGjxCgxaviY0SRm1Hv37hxilBjVR1rtgT25GVVNecQoMUr+KDFKjJKI0SgZdRcX24nRScaox+HQ9iFtq6N35LtLo3cbUswoHozu//4IB/0By6gnLHHuYk1zj1mibbop/TnOGatjEzJ6HGCLpoimwGtrKWZkMkZPwA+/edC1Oj9ztBMKTkESqxzlVhir6UqYNS5/Y3VsRka/ALyYWjLaCIssxKhejPq6u3PiwOgXUPjNg5vTMzLHmKqTWFNPlyXapm0wa1yux+rYjIwu0ZrRlFEmwtbW2cRo/GJG/hLFp7GqvJuGsGMSTo5QQQbJU+JQPdA5T0HF+oy/1OBwe1LCt5XP4UhVRuEIvRarwVGSqmZUHqANp3jVqEocveETpGc7VpUSoxowSjGjODLqOpkLAF0bcRF6EhNwBlNNeV08XTo/Ismsv1MqMHb6EibfnO+5zg9d9dzME1nFc+S5Dy2qFmUrdxazH6RzO5qHxfvPiuK1zHOx9GA6QP55DuTNjuBJctPhAdqgtI8P5V3e1L5LctJ/kR+trYvoOFSamIz6gi8I80z3KXk+33h2BgKbcuRYkU/ybwpMCzGKVcWUNFKdUKvTmadiQ+AfobmrYVNAlSuowDP9IUYjC4lRTRjNWblydvSMFjQCrGkHOCS53gumapvR80NdA0CbpEoWpAQrVG9k4vBl/PlrIy9PqseScwDOXyqeI2qRRdVicDrYBtDJgUsSviXPfoxAHuFeEMB9TL4jLIPzMlaaYQ02HR6gTR5KPvZyB5PZWGtx8FylC7njE7wUf36UmIzKgSA+Sb0jG0vMn06H0IyHV/bRaswckxm9gOk/8pmrXNTpWquuI9vFejiw4T1emv8rka/6t6hbGpxYrZ+I3B8eBhkNzq7w5g+UMdntc4jRb8uoJ6aYkQfpOs/vCuf6rSJ1G3CBiTQca+YffJI6iXf+eYldyIX3WVU5VE9hm7chX0uwPq6QXmRsfzm8FOEWqloU2grO7zLXZ8FmZ1lscGAK82yFjDo83/lTVnARSjPnzYVCNMDXeUyJN83CA5SHkoun4/339hTeVK04996tj9QdYxtYWvUQovBNjcQoXujX5SntkCSCbAfq/GJVIaajOv7fBKjBdGGQUY5ooSTgDqq6WVUnHF4SeT6zKksOofc5ojeUnGAUP1lZP6eYUbzjuv4biBneBg+vzG8UNwaCUb0R6cEbwZ8iYFKSVrnCcfwUjyIyfPp2nrHIjH6K66J9h19R3MK5iIdV1aKYqk8JhpEghdH8e25WMPAnC54vSsphi6vvfp0wiIssgtHwAJfbxO2JrS7G0/OXcVNQjsMS8wNTd2yDjGXBjr5OSEZx4PyKNcnrA6Tp1xJfGnw+reFfuWItjzWg5p9DzvWC0QsyiXyh8fkrPm5wj7BwnbDrCqW/d5zGw0ckPstB6X+9+3HGhF1iWoCv3CKHjOJFh4x73r1oaZXTiVEtGPVIkhQ1o3jHbwndGCJ1FK2PTQTgrUFGlST+5Peg0vEGUn0NIowdWkxY8/f/s3f+MVldZxzvkpNc0zXpC4Wk/MGsAddWfrywNnt1aV6DNSQbNAjdgjGKTumrAgGD1EwN6ooOjB2rEZuqpLVZp5uziLRu69Da1WrROn/UpjZUTF1rpyvqSG2T8sey53nOOfece7mAvvy6L5wnae993/e85x4v93Of8zznud/3s4ADFb1Hi0++GvltgTNaORVnuB/mY/d0KcARYG5X/PHLHVvpUiH87QGKoYA/2IZz2n/DUE4x1g1fanQxWs9HF34XWsYio3CG8HwcEC4PZhLdiNQuGXE3En+78JFOAK+xQvOF5DTrlmM8YLdRjFLUvofhHOUgfxXACXUrhR0/F13AuQPYI3PEd0rE+VmQbBgdm5xRvJ1kzWrgt0y8ypPoIheMyt2Hl8v5T3BOklpFI0ZFNJP5mI6K3iOfh3Lc6mW3lNmB6wr8KLlFuF5K8IpkPKqU0+hEtfYSJw6YZM/MHtQayGPVoqOgA82NzZxRLQaiuRf4RBS2mdmAJp+MIDbbkL/mteLVn4DaazynLdvUYyhut1GMbhdZATiPgOYieW/OzK6TX91QgB9elR/CREUmE2I9Z5SS0jn2jAYSEqZE7Uebync6/KgHo8Xr2duhLVu2hEKhOIFLbvlXNNfFjj7u2MFs7zqQH4XLQ3ZrNf0XXCHbBIwu4YPphrv80id+dV+F2482lec7GK1K3kJjecuD0Xp+B4lZP4rOcncA7onfNICPg9PYGge+MkPeqeDfD+/xm2QepdFWSr7Y638Ge2K54NhRjpDH+Omn5RWIcSPZ0mlnwj1XdA9/5MlxcOJY1cvYUwdjUa43+43RN+C2E6PxKPzBSkSouJ7DVg93Tk9GoQ1GhtbR43/BUHIJRY2RtXnw181qz1wiIlWJSoTiUbtHcT+YK4JI6vboDjx0ZQNNo3eJ6XYt5TvAk5AfzdAGmKYxWsGK0EVntc942s1ohOLRbN7d9NhkFEhpXgvcPPAubCvQ/8GLn9gxyeQV+D+bUbA0Qa8y4nhynMdSKjGKk9ol6n27e/7heq0jwWhpaVdMM/qkHxiNLq+L06pvMfdKeV3YO1oATHgyivHRtYC1IZ29GoD50t9/bVUuprzu3nzwkP9aYeWetgv86tKDDwQsrUe5pnC/Ff9Pmdc9yIpwAXYqD3WftorPwhVZy5ph2nupEKMl7FoboMYozytjV6ucjNKB4eqE0WWd5YmlWKxhgDNXUw83QDhjl6/i/VAxCtNSF6PHRWYH/jJLjxwXtmtQRoNORh90MvqO7OjK2nGRM/IFo7g+2nX3jGa9ydgJXH6MA4dGewCHN6PY9Msj/II4CJunCjClgemi7QfwZaFIa/CbPThPrUdLTHbZiR1MMgqgsRNHGF8/gasCvt+Nyczg7K14/57Du1YD1BilPOSMQsxQuv0oHrhWjG5XrNYZwYz/jxdgKoHbl7AEssJeQ0ly+EgKMmFqOm81fWm3MzvcP6Mw15WVYD+APbt7+jAXOqzpk+QwjI5VnVGg+Em56p1Fe2fusVQy96S+Kxa2r1Bi6NIOscRdCeBty92PpQlUJ8R7BUqKsrUeuVViYdGNdtntTlxiZzfuwe6/LMR0P7T5BNftrrzQAGEodW3ZAxSJqjwKnWi1PngtTgzNdeBDOLqln8dsLWAWFRscoyVSqk6AWFMkb67izFZntNGqm0qz3YfTZYz5yeynvh2YUbs+Av1yZG1doegeImGeM+LhaVb7O1/ww06blu9DRheKbY/j3QVtbW2/kZ8snPSftr92aoyK7+yDRuftbnra2h7xc73uulDocfdef4FSKCTrZcNNoV6+t3FjwLJyQ6FevXIsd2OOV4/rnK3Ex7h+Ei8/yVXH4F33M6ymUGiK18IFHRhG91As1+tiwQHQh9kbmreA3+Oebk8hTl50RhMpYIFGWAf2e3wXme0emFF0zLS8gj6zFReoKabFV3ztBWIPPucWqeLwMP3DhpPRsnRWhcnaiwWseRV/Pa9zUtkpXj91LzbZzyK/wFOYKBi9CS8yYHt9By/awq+fW87O4ArD3pFnNCE1NQa0O8MDrwCNmfmM0SQWpJUTnNMTJbhz5qvQRwxn/W5GMQM0bzUljZ7/7BmsUoDvDMxoMXjqos97X7zF12Cp/GFzuahhoNjjWm8TzmC6h/cfNpyM9rzHimoIRPinwXYN8nexgOe6qlkaTnGDjMEbh2s4o4hoCc/yioIsYLuskBdglYzfZ7yHweLXG0adhrE61gHiegp/rihPrwV0MUqVDWlaLSBiNzCj4Z1TmSgO3K4liPvUAu4WXTz6qA+1OwG87bDBOwsCeRv8JThFFvnf+fcxjOqmFuzws1t387nuGkx4c5jZmUd6bmJCg9wvRFx/Cyb6Na/rD0YdMaVhVNXT4xz3Mn/rENWQBPEJJcf66EmRMke3K6pCKAPgsT56Upxsej+LO5Mr4mElXrL/4Vn+YTEvSln6XcDPOaM1xNg5vNu00raqE3xqM/pWAJa1UhjKXyKjEtGexcJpAp1FjcTo3NHJGeWkpBg9o/HCqKc1lZf3xg3eZvOd/jJLMbS1M0HhcFP5c1peKL4cjhbwd14XqFzZSV6RRVbhtgTRPCaD1cM1iGaGcLnVfyjg7hYnt1WdsrLhGLakcNbPOSNjltEFHC0b3rzubQxE32DNXzO2CXns7nmJRWp4sLpYMLpITourP0CieY6JffMs2OvggX+MjM7sNIwaRo2NBKPgOtMAxtbr4C5hu7ITp7GN2oqozigTOV1yvNUy4C4R6eDxO9eNf2tjwDA6EdjK8aN2J+DVCv/NhUlva1kBBKfAaLBfRmfjIgz60UK29PhsYWmjyejQc0bh08HGARu4FTfDp1m0ejp3Jt4p0x3auDylQu+6R8PoXZpP64zOsuZfYgIXth2II8x1D/c3103DBDAGomsoxaSDPkqMDkNeN/7NQYBzq2dSFXd0jN6ReKfMbWjj8pQK9RycYXQCMEoKW801uK2mDG67nTMqxMhUZ3QRZXAz5EdoN1+bMX00/ejQaxgGLSVIcmFQwarui3Kue0finR7jutrvM6FJhtERtGXL/Kjd2VNWwNddqHJhN481M5G/nnZ638koogyzXQxa9woPyraPJqNDyRlxSUwsydN+nEDT3bTVM50YXOVPqzlaahKeubaeZ9hjT75McI3C1aFL7VPT83T1qA/OdRTD6DjNGSFuH+CCCpYuUD0D7hS9XfoCLhRv6sMo0lnFV2uevz/lZjq9iglGhQ4nMvrFe1xN0yHUqalnAgZZt1iQltWLYXofLEhzaH6iEp142oQrc6KAplL2VHsk3kkF9MF/3Ipk96cRqtQ+OXtCz9OrbzU4l5KoYXT8MkpVfYl8FYYHohepFqO6mq+Fuhglf5uh1QJW/3Q049Eon02zlA5nDZVpvsJIw0YT6tTVMyfHZcGrn9H36tJJds6t+amep6BnyoqWWErZU+1R9Ii14FvZABqhmton969cz9OzbzU4l5KoYXQYLDm5xZeMAnQrV/HAVOSBzn3N66e+P8mD0UmiDun6Vmp04zKf8c70eV5X6XCiDOZv8dlorkklhTp19cyZCKxdtyf1xnTNz82f8oeZ6lnkMct6MV0q96Gyp6bxiUTVTWV7V+Pz3KTl56URqql9Og/Zt2/LHlwfJVHD6LjNGXk/sbZv377zgzV6/04a+SWvq3Q4c7hkSRJ4ME2oM0dXz4wsZkWXLR2Y+D6an3w4h45M544vUSl7ahqfQmAXm9dyRj00QnM0tU+dUa++LXtwfZREDaMTi1H/6gJGpTnmWLMQMpioI60Jdebr6pmsmr1qORjtq/kprenTl08VoAtUyp5qDxk9gFKx4jdaPDVCn9HUPnVGPftWg3MriRpGh25dXUa7c+xyRgosscaB2nqaUGenrp5Z7VgQRWD6an6KKfRi0UGipuyp9rBpHneYQrfaQyO0TFP71Bn17FsNzq0kahgdvzmjGGN0ypRAdIxKHc5ZilFNqHOWrp6ZWbrelify8qM2o+ELEJH/7rl1/MlQpewp97Cp0NisS3cwqh1aV/vUDundtz44p5KoYdQw6g9Go41HlQ7nJMWoJtQ5S1fPnBm3oUAsiqp41KX5yd1oAwlnImVK2VPT+OTxKP3mwwHmYFQ/tKb2aR8yw7vvOHtwfZREDaNDt9LSBYbRMWNU6XBqc11dqNOhnrkCo71EV17Xqfkpe02zrOLbjO1Syp7rlMZnEv/htKofbvyIORnVD62pfdqH3Jvv2fcKe3B9lEQNoyZn5AtGw9H9tqGl6XDqjGpCnS71TEBAZm95cOjW/CRD9arX8NcHAV2l7Kn2qOklpbPsrRGqqX0KIz1Pz77V4NxKooZRw2hs54yUDqeQLCGtd12o06WeuaeAfuvSkjKabs1PMdk9S8oe+8GbKWVPtcebonrnlQ6Upu9HI1SpfcpuUc/Ts281OLeSqGF06NbSMs0wOpb1umFbh1M3TahzEFFP74/XhXqluKZS9tQ1PrM6vguEPR9YcWjEhZ8AABFCSURBVBy617mIQnqenn0r83rPMGpyRmPN6JSWlvwoGR0jqytk94IvbYDAc8A7yGiMxTBqGI2FZ7xH2/QfpxhrM4wObPPnlxpGJyCjVuVt9eMUhlGTMxr3ed3HY1G7M/6hu33Q0zBqGI3hnFHAijlGfWOG0YEtEAgYRsdUh8GYYdTkjEae0ZyurlTDqGF0ZEw+VGUYnWA5I8PoRIxHJ4INzuj3Uo3dpc03jBpGR5zRhORkqd1pLBozjA5gw7Y++qMJYSmD3vKMGUaN+dlSjEVlhlFjI2z5y5Z1mbMwgjahGU1NbTFXwFBN6QIaM4z6Nmc0sc0wahg1jPrbAjk5CeYsGEZHKsmx0FwBxgyjxoz9n72zD4rqugK4nTkzb9s/ml2m2ylpQCyhaAQWR8bVP7qWmO5Mqp3NbjsDkw7gKKKmCoxQpurEYIlKa0omVdIqTKLFinUs4kccjREbGz+jiE1aE/yYapMaJ2rKJOlM80em59x737t3cVVAFxY4xwHuu+/c+67M++35ePcdWJhRFo5HmVH2dVliC+d1mdE4CueMHogdnTAhnX8LzCgzysKMjkbhPQwszOioEPf7PxgNcqe93+Pa2vL4JmBGE1v+PipeTXv/TvEo54yY0bjJg3o3bXQw+s3Y/3nz73iz8LtpCZozQkbPjfBSKd+/I6NWXmlpCTPKjDKjicuo8ev8SgpLP2UCM3pXeVA1x5hRxSjXHOu3cM2xQcsZjWJG84uKuHYnMxonGTfOzYzeN6Ncu5MZ5Xg0oRkNMKPMKDOa4L5uSkobM8qMxkce4PNRzhkxo8wo54yYUWaUhRkdyB6GBQuK4s3oxm8PVCF42tcwsGvWZrR6+qw807jKPRfLjPZd2toeY0aHQ153F0wZqELSXvAO7KKL4OnKvuoWGFe552KZUc4Zjby87odQOFCFpNSBMlq7f1uf7ah5lXsulhllRgfZjrrz8vL7w2hSWlqMWp/z0g7YD6tXpB24A4J6aGBeWl4MhaDufjwtbVxvRlWf4Qk7+oEYLfvQWW5QLz1qvXmBGIzG/n8yo/2T0vQiZnSQc0ZJOwBl31IM4aDsKcvKrIdNHuvlt7Cz7Hek8Bo1F4+3gkfgpIgK2z1naMhJY2jw3bBUUugohY0HwZ5GNvdVKkbfC0Grx+lzAkdHX0+oW7XhdrSj7+Gh781PyiYFjjRfX2iPN9ZbR5P8Kctm1F5LwR57scwo54yGFaMFqQDzXwKoWIoMQLsn+A5E5loX8XZ+IgTwJEWBAEfxqzrpOXHbL4Kx+c/R7e41hj6LrUPIzlzFvVSoywI4hgo4YW49wF82ALRIRg8DtC/VfUoMfT2hbuGVPXToQxXImSQu8ip+ZVvmemnWLSG6fNRacn8vF1u1khllRoc+Z/TII32PR3cBdLitwyFosuj+v4HHNyy8oV8YY+Weharl5QuhYoxVVw8tyklNJlJmkvuoh+KpiWgFFxIuKq1KCmugbDKaODJpydA8xgqsgZzlqNuA3G+qNPrUIK2vJzSmpivXZUDrUutimBhNhchvaJFPVxrrxUl8D1FT+7pqLdCBRhjuGZsyo3eXS5dSmNFBzeuilSmmnzuJPPRmQZi1ZIig12shn96t4KvB5mHfvvxejBpD8VTnx27r5T98L4qL1w5NlZcgRiP/yrMKLhz3IFp/DMFVj2X0qUFaP8mZULfElZFrIvpZyWiTWM90j7HepL3igyIzI5pRe7Ezyeozo5wzGmpGH344vc+MojHaj5Il7t1MjO8qVgr/9hp2nkKbKhxMM1WqGTWGopWC+R/8U78RMVPaq/UXXjkVIpNWnoEa1/42S0wDbwNxr/sccfT1hLpFV94JFJNamVmC0Qa1HmO9aFKpF132KEaR2VXU3opwM6PM6HCKR4lKKT6yRGcANov73pZvkZmKzag5NOm0aORMjmK0fI5S8KqkDnqaZEdRpjuJHupTgwx9PaFu0ZVnSnOYmSEYtddjrBdj2lXSb45iNLdeuANiIDN6P/JoStsIY/TW1xOb0YLnoMO/du1av9/vUWw20M+KlLWi90CytKPBn338eC9Go4cm/ePEBnBsrlAIvANw88VfrpC5Jmv9f9DOwSpEqxDDwibL6FMPVaL09YR2i668RnxkBOqyejHqrFfZUfy0YTvKOaM+SNccaBl8Rsc99lifn49i+CbSqoeP7vNQPHdlDuVdFkGErE7uwWk/TqYsK3m/Za5UcZs/KxnNNofmHsyZawe1NhfZVnk9UHwpqDm8gewf9niFi3qELqD7lBnV+npCY2pJY85T4jCKUWO9GHgWqtDUMtaiutG83iuxy4yOLkafCUNxgu8F3AnwkduqzYLN7gCSM7c2DK1umcxNQs+3JrceXl9JXmgL3ubtIqUqGG2dZQxFrK5WWsHTerMeKeDQiWipPyOjuQsi9IQzQzDqJbM2tlL3OYza+nrCFXpqohHnrPju8+9CNKPGemlVD4mmwSguFsPa/1qUhC7mvO59yYIF6SOL0ayEZzR3L8C/6fljDT1LaRTQ3qAmTAsDtLip6ftRCOCyyN6IWNIjmo3G0J2kFLY9WEtmehqPAGyhp5bIBVIEx1C3arlEC2dt0n3K1zX09YS6Jbzsi2oRUYya66UHocc2gMGoWAt+AIhnr/bFmNERkTPq2r1792rZ7OlRfSX4j4634zl9iSI8LLUVXLpxPmQzGjWgxNWze/f4uO3XzVu9uqTPjKr9N1cm08N/ypkWpJI7+DIlhHwfket6kW74xd/BMzNoL8+LGchoOYKwTg+1gjsIrUiHM6tQKD9Lk2zbQeZ1o8gH3RxDqaeTFj3maV7u9NmDtL6eULdk+ooGXTkBFSvlRKrXWG857TO6eVCc1Guxcmn10HlPvpjR4cNo16fi83rxT7GN92JzNfXhnbAJf17fIM7t65bW8pTU/KFQmCL6lgHMdomdbfAGjrwV1gNQp5MSmq2J8v5ogd9/4Pbe9X6/2kobWO//QrZW+NfaO16ff94dNTTo938RVYxKKKzwf+Hsx13h99/2Jy569xn6ekJz6twT/3MHLEs/EYqxXpolui6WXGysBTCj/ZX8/G8kCqPPbLDT+U14kCGRwlCpuUYgK6WiRjq0SmbrAJQY7amXTyaqew7aGkQ66sAScuj4He/+S10Yvoa2tB7D57toBe7jCszocMkZ9aBH9UZHdzqaSF+DQA4JpO+r5EHn+B6yjS1K88tzv0DTOL3bCUCFHT1+PQStq7d309bzq+OLbqHT1q6Yvrnf541bPaOSkhFbz6hAx8BxEmZ0uDCKjOWQd+uaIUCkH1ULEK5sCWWxyghFGlznlWYX2lpvNKOksU56yNkuGZ7CDcFo4TB/x3vopPwzOwZmRkd5PIpM/lWGpVlQhVFkl9wS094tfNUKGYjuIaU9CkDXjmsfXL6d0WKBphqAs06hTnKYmdEByuNpafH8043M6DBhFCPIJYt/+3OUT2XSR9hAKLNbn9OpP2cQcjMEjb0ftpiMYnudY52LqXN6dzwZHcm+bvyFGb27TJiwOkEYpacCS9SXYJTyRdK0LgNDilFTnrcZXReL0c3O6ae7xbfEecebhRkdlvEoMXrsCSVXRLhJzq5wWc+HYf5R+9zE2xhttd3gWIyGmVFmlOXBMHpWZHANEakKkT5aJrKzZuQqfd2uX+8+5/A3I5rR4mhfN76M9m8PQ9wlMOBinSR1C/tRsJMZjb+0tc1KnJyRdFq7Dh3rrBF0Rb4akuCFZVzqct3aMm0qaWY7Q5xY8zMjr4sBbJWTMyqMO6OJ9vdeBl6skyTGbgVmlHNGyuJFvAor9HBpE0M2tZurhR/cqhxbaCTNsga1B8mL/EYaXPbzVOX69rylHrZQtskbfzuaaIym3g+jycwoM3qXpNG29OO0IbDR5TorSFVbAQnAFx5Kv5UlOkkz0lF6XexhoIOyL7efALBNLnz+5jnaw9C6oPQVsPcwxNeOjps1K39IGTWKZAbT8qIZNUpsBo1nKEZ5UK0RmJfmthk1xjGjQymlpQlTu1PvBWzvdiFkYlvQeZnbdfYCwpOm5hsNUUnf2WpLUaTaNcPuq6qOP6OWsxduUBgtr6d3N8vr4Sdip3yTUSSzNvw5fmY16WKdRolNdc4SzW00pExU/jSKcFKVzrJTcsu87mVGOWfkWFK5p37+R3ILUaGdrqXQ8vpL4tzNy+bu+06xMUHsnl9y9VZIZJKWhSWschO+T+ypj/vz0cHN6xbspTfatgLtoM3MgBqjSOYi8XtpdIp19i4JKt6FU823QVRIoJfMnsCvqZZTpXO6xxzHjDKjJqXbt28vvcO543hOX6LEPDpunnFdSr9k95YOXs2xwYxH11DN7J0KSlF+zC6SmYwu/q8utDnFOs0Sm/LcShlyQutKoli8+40a5Z8gr5miSufhEL3YbYxjRodYioq4duewyxlthWZ6cRt81dYZKDSLZMpCm1HFOu0Sm5YqwikZpWYwVfSKUijI541kKJskPgHGmqU5mVHOGY0IRvtTA/v+JbceGjIzFp+CRqpEZBb3kq9f62KdRolNS9cbtBw1ryDSEhUZ1u2SClvxhzmOGWVGR1ntzgcggTMwMRladsHmWvR3zSKZMieri3UaJTbNZyqOmhdj0Ba39J8LP5SMZmZMN0tzMqNDLSkpjzKjw24v4CJ4fQ/MrgtV7Pl/e2es4kQUhWEuCBe7LYLg4QQMSTPDgk1AK2Uaq0XUxmZDmoB5AsFCUIRpbLcQfIeFLWwWbOx9AItUvsYW3nuSWW7WhGU3mWwy+b5iWQ5JZhjul3vnZOafsMydn0dn8s3COpOIzSWOTqM503n00+vnaTQnjtIzaoKjnRs+23BVYhj24/dvv03Dq5OQzEv5ZmGdScTmEkcfTuNvg+hPZ/9+nI/mxFEcpWd0i8XuL3t22u971vtJQjIT+SysM43YXOxoeNn559jBffMqmH/+IT6gaT6aE0fvmLJh2Z134ujmr9c9swc5ndlPpD4JyUzks7DONGJzsaP2o2hMCv1u73jzc/r7aPI+HKVn1IB5tF+Wg406+uUwXl0w/euTkMzLhm0V1plEbC7q68a0zR/xao93f2PdngZ8//BKNCeO4mgDekYHm+0Z/bf1RSGZ1T4lEZtLlgEnTx7NXvzi5OvlfVDXvg9HN0PV7MBR7vG+K3CUnlH9jhbtNnlGOIqj9HVxdC9R5Xy0cTkMOErPCEevrnUHgx6O4mg9iJQ4Ss8IR/fjfNS9bDZ/cBRHd9zRPWDpNQyj0RBHcbQe8ryPoys7mvSMXAY3xOHoRnpGFw/2gfH1fV24DTi6AUf3m061HME2HF07ZTlBsdV5xiGoFXpGADgKze68ZVmXo4Cj9TAc9hgBqzta9YwAR9cOPaN1nI3iKI7iKOAoa10AHIWmclAULY4CjsL2wvkojtYH1zDgKI5uN/SM1sHReMxXHY7iKODofs4AR31GAODoVsPl4KvTardzjgKOwvZCzwhH60PivXs9kYH3XZFT78ciHd8RGVt54v1EpGfllj8QOfb+VKTr/cDKpUgRg8tCORcJ43Qo0vZ+JBKW0JlkYTFt5bbI0MpH3h/Hct/CzqblsOE8lsX7wso7tz84iqP1YffXtp0Lg63rXBiDx851fMtyeXrOda3cs3JwwsqnNiAnzoXBP3auiB+SVXPJwMqlc8EJdRfBCefCKB86N7RyHr8WNDhhzaqw4TD4R7bhLO5JUZV3a3+KyYTLtXC0JiwDu6cax6BqHIOqYZ6oymEMTlTjvKUanFCNTsyXi/ghcd5SjfOWanRCNTghGuetqhznLdUwb2UaJqi+apy3VAdWzm3DwYld3R/AUQAcBQAcBQAcBcBRAMBRAMBRABwFABwFwFEAwFEAwFEAHAUAHAXAUQDAUQDAUQAcBQAcBdh7/gGwsBs5hLJULQAAAABJRU5ErkJggg==" alt="services flow"></p> <h3 id="pending-services">Pending services</h3> <p>A service may be configured in such a way that no node currently in the swarm can run its tasks. In this case, the service remains in state <code class="language-plaintext highlighter-rouge">pending</code>. Here are a few examples of when a service might remain in state <code class="language-plaintext highlighter-rouge">pending</code>.</p> <blockquote> <p><strong>Note</strong>: If your only intention is to prevent a service from being deployed, scale the service to 0 instead of trying to configure it in such a way that it remains in <code class="language-plaintext highlighter-rouge">pending</code>.</p> </blockquote> <ul> <li> <p>If all nodes are paused or drained, and you create a service, it is pending until a node becomes available. In reality, the first node to become available gets all of the tasks, so this is not a good thing to do in a production environment.</p> </li> <li> <p>You can reserve a specific amount of memory for a service. If no node in the swarm has the required amount of memory, the service remains in a pending state until a node is available which can run its tasks. If you specify a very large value, such as 500 GB, the task stays pending forever, unless you really have a node which can satisfy it.</p> </li> <li> <p>You can impose placement constraints on the service, and the constraints may not be able to be honored at a given time.</p> </li> </ul> <p>This behavior illustrates that the requirements and configuration of your tasks are not tightly tied to the current state of the swarm. As the administrator of a swarm, you declare the desired state of your swarm, and the manager works with the nodes in the swarm to create that state. You do not need to micro-manage the tasks on the swarm.</p> <h2 id="replicated-and-global-services">Replicated and global services</h2> <p>There are two types of service deployments, replicated and global.</p> <p>For a replicated service, you specify the number of identical tasks you want to run. For example, you decide to deploy an HTTP service with three replicas, each serving the same content.</p> <p>A global service is a service that runs one task on every node. There is no pre-specified number of tasks. Each time you add a node to the swarm, the orchestrator creates a task and the scheduler assigns the task to the new node. Good candidates for global services are monitoring agents, an anti-virus scanners or other types of containers that you want to run on every node in the swarm.</p> <p>The diagram below shows a three-service replica in yellow and a global service in gray.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA2QAAAJsCAMAAAClEpAjAAADAFBMVEXM9PQmRFcAoqIWiMbR7v0lQ1YCoqL///+Soav/4pFbcoFcw8R0zc7/01b///2Onqe85ORmfIm/5uai29ug2dpieIZjQlX7+/v/12fUoXb/2W7/23X/+dL/1FuT0fKBkp5yhpNqgIyQoKpcqNdwg5D4+Prz//+13vTI6ekkQmTX7++W1dciWahTRFaG0NAijciir7bBx8v/1WDt7/Cns7r///Z80NEnkMpfdoSH1db9/v7r+/tIurr/34VTv7/N9f8kQnKqnHT/3X709vZtgo7N09hjsN3e4eTB9PTq7O0jWKEkQnzw8vPM7ct2yOnW3N/Dy9B1iZXl6OrJ8/O7xMmlz+hxzM3R0dLIztKFl6LC3/CXpa55i5h3nKWw1Nj216Xa3+J9veT/5p/h5efH7vDS2Nv/78XH7v7/4YzM9OkkQYgEBAQhZ623wMVIYXCt5ucOpaUdqalxx8ilyc1Wvb3/89Kl6vVVZXGdqrIREREjTZmDYVQ1srNSm9Ld29mZ3d9XQ1VKQ1Z7kZxGlM+0uLKfY1O/vr3//u6oytaKmqRxUVWYnJ/M9PCxvMP/67Tb/P/Fy59XU1VlZGT/6attbm6st7/R6NG28/Wa2/ccHR666/7//uWq4Po5OTmjo6Mgdrd0QlX/7r5DQ0MlJyhTotY2g8BdXVudwclNTU13dndKfaiEqLGIUFSGze8wMDCsrKyStr7/+N2Ojo6FhYWBf3m9h2CqclM0RFf3//+WlpXQnm203OHN9NvA6+7M2rYiWIqWfmDH0qVwuOQ7Q1bA3dagimyLb1X54LO9vZbr9fz/+Ofb5vFTjbbhuIyspYPy6+R5w+/r5NuFs9C5sYqL2fHpxJF2YVhARFf89u8iapuTlH21m3+71+f9577cq3tlmr8nUHHQ6+bu1729z7lsqto7Z47N48CKv+jSs4XOx6fayLKntJk5kc1RkKDn7/YdgMETd359cVrg1LxvqMLhw6IlUFZ9lYUIl5nS4s8Si4/k8PH43Y/mxGMFXFskUGDz+NFF5p/0AAAgAElEQVR42uydb2gb5xnAa8bxng7sF39QLrHr2VZ8KYZ8kCwZxAWTLuebUCOQLFRymrxFi5BnQq7fTEVLQuLSpUpQ8iEIQlKWBJovIf1gWELIl4x6I22ytmQQ6LamZdARFloK+/NlX7bneSXZjpPUf06W7uznR/DpTu9J4fz+7nne5947v8QIgthQXqJDQBAkGUGQZARBkGQEQZIRBElGEARJRhAkGUGQZARBkGQEQZIRBEGSEQRJRhAkGUEQJBlBkGQEQZIRBEGSEQRJRhAkGUEQJBlBkGQEQZBkBEGSEQRJRhAESUYQJBlBkGQEQZBkBEGSEQRBkhEESUYQJBlBECQZQZBkBEGSEQRBkhEESUYQJBlBECQZQZBkBEGQZARBkhEESfZ8uk7OzUxdObd6zkzNzN0bpUNPkGSr4+QV3/o4N9dFR38FdFVlzIinNcYKyaTOVNNMMha2rBhjsVQqzFjRslSmm8U8tIsVYIORMFQ6cJtKstErvune7X2da2Z775jv3L01fFPYrJTktZKrWmndM78KI4w2Fa2QzoxI0GYsz3mKsQzn4FSQc41pnAfBt1wONqdyOdgckWWNqbXNnGdgM+fgYTVXMhir2NDOKObjjKmbxjwtmQmuuSPIkVBe9ahkc4eme/s6R7b39O4bm141Y/t6e0b6OreP+aZWG8ziFTlQ7p8cGPSvnu6hyf4slyN51/YX+LWrSYxNhUjJFDYVwKZcSWVaxbYYS5hF8CORRvcMQ9N/OOKpiTCIFY7lE2BqKqQxvRqpNNyzhHspO4RBMW54VjEjlQuUs7MT491r6AjjE7PQEUqm5kXJ7vnG+vp6pteXLvaOdPb6rqyuM4bk8kBUicLhGlg9Q4PdUUUZzMrVhKtSQMbSJmZ6VZmrzOA8AhvsDESlcCG+Ed1ANcCpeNGEr8wEIcDpnJdgQ6RSRIETupccK+b4pF9R/N2DQ2vqCLBP92ygFPOeZKOHxvpGxnzrpgcsm1tNghDhE0p0oLz2JEHGX8lgORd3gVvpPITUQkkOMRbimOmZVhGGU0bLO7keLhQwN4hYjeQyZKcwVrpft5A8G1XGs+voCIH+QcWflYuek+yKb2TE54TezrFDq6gy2rxbGeDy+gjMRqPlUtsSBQ3yONOOiHETxI9wxoIOrrqmOxvpvIEBLqfieK8Koa1YcG8umZQH4JS5zo4gZ7uVWTntMcnuoSSOJENJp1b8nrw8pGTldRPgfj+OSloeLtIiu4Fzpx2sQMd1e2KmJi34vyY5t/C0kEqIxNZd47FcvzIhO+gJ40o2qHpLsjPTfT3OHPONQcK4UijTSv3KpOyEsjLQyjNYzExBNsY5Fh1SxQTzFipWT6wIZtilUgXXXeOazaODjjpCwO8PWF6SrGvU19s37VAyX0+fb2aFL7IC/m7ZGRNKOdISvTJV7Ju8pDM1FlaZxzEzNgRgUZwMuyCJTMtD0bKzjpBVJnOGhyRjMz7HgQxD2b5DK5xZc7NOksVa+SM6vpGhDE71cTuIZYQSSmbobBOhxcw8lmqwQJKMtTOs2WVHyaJgPMotL0l2bszpiAwBUVcakXUPOj208qSyMaMyXWd6JYgF8aCdZ5sYNZ40MEZzlalWrC0psAEJCXfaEbLKbMlLkh3q7XTumK9nxLfi+WvWsWQc0oTmhy8zGIDAVcmYbIugJwqQOQZwtJk20y2u2CZl/5DjjoBn7LSHJEM/nNPbt4JkpUnn5y9xbJs6PKjixCbTtgy29dDDYTGDBGuR+dYFtYzchLMtREPZ9JRk25shWecKkslDfueHVh7wN0kyPRSJQHZYDRXY1kZNG/UJlXqyJSO1qqyUnXeEfkXOeEqykZZINtgtN+UE5vhIFUIROIUHKxYjFvLHWONqhbHRMS0oNyOlySpyhdLFZyUbbIJkk44k0/IpnHyUq4TJq+eQyBdwghZOFVM3VLIASbZBko03JZJF1ymZmk7itaKc5b4JEO7CyOOk51LJ3qjDFGlWJLNJMhdJhnc/5nhAddOsB5dTzFQZC1dTaRdLliHJXCNZsYTXX/MF1ftdvyseb2W9PV7FWw1iyQRJRpK9cAhmVjI4R6ro2gL9k9fX1PxTSfqwtQURFWcacohnCZKMJFveO+KmzjQedHUF8eJN6Z017XBbkn7chnpIEu+fyWVIMpJsSZGDsQrn8Q2tkTWDmePS0TXtsKMtkolDmg+lICmwm5AUkGTelyxs4ySOQkxjruflbZ6RrEYyiMPbtEGSbV3JtBhkh+FSZsMncaga63pwwLwPL0ePWQfu17Y1Kpfa0humsekxy7y/sOmLAwcO1NemTkhHda3xAKourX5e0MQnwRccMD+pFzw0ffQYfF1DMlVr1z3Zhsr0HA/qJNlWlEzXcXJ5riXx66G03z4lSVLHn/dMieW1PezRvLR7V6M6sXNJ08O/fxuaSMO1EsfJv+KKdOcVMOeGePnqZ/VqBqx+tBiunhwX7369B8du16Xv8EOu1iX7N7z+afviWaKYwlmfZoIk21KSxe1cER+R1prz+22pTsfwfO3F9/rcZWn4faHRu9LwhWebShK+O3OqsfZLdvK6eDH8sSTKHxcvS9IlXex/eO/ojUa7w3vF2E36D7w+WpMMHTva7gt+6Qje0BXWSLItIVkchgmxUqiFD7LagbHoF5+LoHTnywew3L8XdfoAMzsIaUd2PdV0/3vxJ9sgDuls9CZErve0z/8Abl3oevDPE9LVWP5/26S3IF49QqPOihzye/0hrPzx/hf/AIeP3MKxmyRd+8vwBSEZOrbTBSNKzG6DvKqRZJteMh1yxFaf1XfUdEBl3jor8j6IXWfmhSv45uNnmrK7kvTaLnYQjPtVffM7ovDxgfgYDH2f1qMd+PUY8kPpG2z36IQknReSfYO1Utjt/EGpA1Zc8mT0sFXRmREq6CTZJpXMKFYKjJmxlhfqdyyOnh4vjKJG30UfcPwEYW150y7YDEO225gmIpBcgnv16uJDbIPGokqwfHUvRDMhbN1GaCdMxbWBE3X/3EMhh7er6yTZppMMshSTB2Nt6VU7hE6LFfXa8qGIThCsrjL2wP61Df++XGgKCu7ehaWOO785ffo0/wzSxr0NyUCpS/rLl6XvTkFuCNuO3DpYSz2Z+Lij2K6WgWLyOd/wzz3o6TBjleoqn55NknlDMj2Fz+PQ2jVb6mm5GstavLmBVmFUQ75tNOkSkuHmjkZFY1EyLHWchSzw9RtiCWENfvxo4VLa7l3iR0OyDneMyJ6hGJE1podJsk0hGV4LjVSSbSyvPV8y9OtDyAMh0IxeXyYZW5DsjTfr/H1BMvYVDMa+giwThmXv38YB2qJkM8eXS/amVC9jug78Exi8VCTJvC7ZgBLlbX/ezQskAzW+PSjizOixlAWEfrYskt2QOpb60ZDsriT96yZkhLD8+m30SSSJT6WLC5J9hC6/toe5Ey2Jf/0iFifJPCtZdlKeUIYKukslu3hduvPb2kWyLsGSJkKyRpkfmv7ujYGz9eqi2FGU5fFSmbjM/Gi+XunAPXY+Jdl5NrPNpQnjAkH+Q3+zgCRzs2R+JRpY953RLZCsVpdYcpFs8a1aJMO4NPxKbXMHZJUgz1VROMBL1h3na3NAMBeEUVrNo7snsKy/VLJahcWlCWMdNZ9iLGGFSTJPSVae6Jfl2f6A7GrJpualRo1+edOaZKIg8qf/PviJJIr/OJPj59VPMCkcFqELr0GL2iG+uPa3+MewuHRruWRY7XdtwrhAXn7BM37/z975x7RxnnHcF8m54zQ4TOfBYNT4ircgrRFgZ3KvoksxhNA4AWOkgmwYAzsjUZxs8UJQu6ytG2k4M1WiiCX/ddGaIsWKxKRKmURIlij9MVRlUhs1WvfPqkr9Z41EFjVR/tv73p0NGIPP+M53r3m+f2Bf7u69+Hmfz/s873vv3QuQGROyGJtaqsLIkFVg7195k2xNJFsxrerdH4t3y1BQ+pX0BU+pwpSKnbGKH6YmbmH2MiDDY/4GTxjFeNaDQllv2AGQGR4yLmbn0R+OMT5kYgC6TK8XycQ8Up4g/J9ZsWP5MZ4F/Kw0V/i2NJhvlhJB4X8ijk2PXpQGSI6shAzPDjn8c5oACTNr5+MAZIaDzMJa42q8rapY9F3Mdcyu3/eMpB58ESrE5aGXfXLZISuEf/aM9P0tu+vS5Ai/0HGsvw8gMyhkcR/KEQfj6rwSrhj60Z/zno2x0RzEknmzVjiAn/UEyAwIWZxlG9R776LmWmx59XVdH/MyctY44qCFyIgAkBkJssFGFMBiHEMQZL8wy8+qgLLnjc14KWuAzDCQNbCsTeU3CGutio/NRr99pbf6UM+sJ1wNkOkP2SDqiMVtPEMYZPSuVyO9/wCScijCMc0Amd6QWVg3r8W78LUPZRWAkAI5B1AkC/IAmTZLJ+WGDI8kBm08QyRkIIVyMSfZwpcBJA6yGkNAFrewHdqt6gIyDmSsrXEQYcJDJFN/EcCN1idDWTpnieU2e5AFyAiXvD4Zx1qDW2h9MtSdUmFh9kIWARzsWG80ESArVcgYm72RYfgtAtloe3lb4ZC11hSwZnTQ7VM44NQA6WIJpIvLs3jsdtvmICNszeiD4+V1BTOGyhjd+DKBYNZVTLmghWd4xQ0aCofgpmQrwqxIW4LWTY7no5RmgCDIFstqWlXoko1f2vgy04NZU0ILa8/DypzbFwA3JVudjHvldDk8BOLLHzS7hRkjCLKK0bby9kIDWX1t2eKGVxHCjLsxczzRtmYCcM4kYXAa3JRsOVHHYXXm4mPZfJNGjg0GqgmCjD5ReCirrR8/n+MqHmTLVUBxdtaa94MvFmYE3JT0TtmanCbegEJZXq2tj+V06JIVAFnF+bby2oIYa0O9usVcl+nnVoYy1JbZg1zevV3bJCytTrpGGLuVz1K39sE8ntBoYLqJggz1yuoKGvtoq28tO5jzKt5AkJXNyMesvs08JW21Mz3gpKUQytZWPx/M475Zh5uL0GRBRh8sqy2v2ew4/nhdfev4qIKZewO8xcrJNzksmxi55TvccRe4KPnqQ9lelvrneYZXNqIfZGMBL2mQ0ZfK2lvLa+ry52y8vba+vG589A8KLlLtirutNh4niYObiGNxO2sLOMFFS0C9vN2ddZJw3MLacyc0DWwjE6aJg6zixCjGrLy8vrVGuVpb69EZdeNll3YpG1cKxC0nj57c1GyaeCPrtkGyWBqqdiFQrFm75DYUyuIb3TblfG7Wx0do8iCj6V0HR8vG29rravOArLauvQ0Fv3cWlV7E2cz7TrJuS0dD0KZcQV+Hxc26g1wARhZLRI4InkrnttobszkCyzZkdYSYr9FuZdnGONMrEAkZimaLJy6dzzNbHH3n4F93Kb2AEJ50dk7yg8FGxExesnQEbRzT4gHvLBl1uZh4rMGe1RFOHj26jiNY7b4Yx8z06fW/LhwyzTNxbsZJV4ebNzWNZnIAECspCWPTGz6UEVtvCKS/T7//tMnYNu2maY9sHYdzrKezt0WxBsJj3UBYKXbNvH0j4fUcwdZh61/jCF19Hl3vkxoasj4XB+OCoLwi3Ui/8V49aWjIWpphzAK0iR5GxAuQKZG3EyUGMBkKtAmFA7wHIMutAT4AHSrQJuVAGZCjGiDLoc4WB/gKqABFJnsEgGxddUUgTQQVqu4ZzguQrdsEcS7IFEGFy4l69l6ALKtGeiCQgVRqsJmBaoBstYSwCwADqSdHvxHGz4wF2TQ3DeMdIFUxQ2mjEyBLhzGaHhsDrwCp33T3VgNkUqbYXA3+ANJA1b2TDoAMq5+bhjFFkEaY0XSfl0DIhMqdqur48Z3aCjp7mqjy+2Ro6EESfzxDViQ7vk01PVnatl1zvQhAaKHfbidET5ewq/16q0L2dGnpCUAGkGmubU8IhOylF1TRzx69oLUAMg0he+l7pAi15sRB9oapYC3MVZkSJs31O4BMO8iOmUjRb5aWhK0H2fzQ0HwxrAuQAWQYsu0oXfRuNchCcyETQAaQFREyD1P0e0V6QjZVWTTrAmQAWSqShZnIloFsYW5oFiADyIoOGe31FPldO/pBFkoOmwAygKz4kCE5J8dKH7JQZXGtC5ABZCsh87q4nlKHbD6ZBMgAMv0go4VOR6lDlkxWAWQAmY6QYfV1ljRkC34TQAaQ6QxZb7EeES4+ZMPJheJbFyADyNZARve4qksTsuhQke4/A2QAWQ7IxCEQoQQhq4rqYV2ADCDLCll1YMZTYpANL+hkXYAMIMseyboCMyUFmX+2iHM8ADKATAlkxXj/aTEhWxiKmgAygMxYkGHOIo6SgcwUMgFkAJnxIOtiJp0lAVk06dfRugAZQLY+ZLTT5S0FyGaH5gAygMygkGFpuKx0sSCbn9LVugAZQLYxZEKzdtM/igJZZUhv6wJkAFmOSDbCuEiGbFi3kXuADCBTChnd3UcwZAu6TKQCyACy/CBDcvQQG8kq9bcuQAaQKYCsk+sVCIQsNGsI6wJkAJkCyOgB3kkeZFXJoSqADCAjBTJak9nCGkM2layESAaQkQMZTQv9XsIgM4VMABlARhJknslANzmQ+YdnDWNdgAwgUxrJPM095EAWHZoDyAAy0iDT4MWnGkI2a5xABpABZMohQ2oJk9In8wNkABmRkAn93AABkM1NGcq6ABlAlk8kE3p7DQ+Zf25oGCADyIiFjIg+2ZyxGAPIALK8IQv3C8aGzGgCyACyvCHjIoJhIQvNzQNkABn56WLYuJCh/hhABpBBn0xLyBQt7vdVpcpzGis3fvoaIDMkZIlKlR+a37GxX+UNWZcq/TJ9+mTXf0C9tldN496iqAMAGXGQ3c1Rbfnq0Osb+1XekIW5fuNB5p9VFKH2v0W9oipkZwEyEiF7WX3IXlEVMrpTjYVfVIZM4f2x/c8DZAAZCZDRxksXQ0llEz0AMoCMEMhoujtsJMhCIXG6YiIUSm2Lm3ei0Sl5NZdEyJ+IRn+yDFlIPnZHNBqd96eLuRMdTtsKnWPaMZsuYnWBSGhrfrlPlrETINMBMrlOFfhBCrKEdEjWY1aUmmiZTXvJap8xmb4ajk5dSKQhW72zIMh6C17DXUXI7prNosX+TlHPLTdTp9+isD69gMc7zlAPvkAb78qQXUcb+yZQA/QlPsR881l82ufUvsdoq+mePEZyhjp1V9x95YJo+5UFmkxfv493/euPcm19fY4y4517ATLdIEuNZijwAxmyT9D39zJqL32MTApyi+gZXELTL8XtP30glrfvqhTCvsRnmh89lCBb5VCFQiZEmgUjQfatNHIoWubQFwigxIeUrMMT4ngH9R36/rYEmcjYRfTP56RDzOY9uE6aKOoaRe2eSI+RmOXdR1CpqwvEEUw6U6qtu6mdNy8AZHpBhpBR6gcSZJixt/0ZtZc+ZjmzTAlzdeN+aguDfOijlB+YMWSrHarg+2SCwzCRLBG7T72GrHMDWxJ9fnMf2RjZz/zpsR3/RdQgRBBbKCA9bronQoYSaJGxBLLQ7s8W7nwghS9szd1D76daMHwOdeWZ1N7VBaLmjrr5hriFawsjd+XYIdxoXgbI9IIM1ZhSPxAhw/tOmTJrL33MCsj2fVZ5+nnKfFmq+H07F+48RAddlbzikbiFG+8Mh1LjZrTHaZBIVvWR+JvE9ugeju/UbWwLnAeIDc9V0XBoM4G//PTQQylXxMYVP/GZl0Vr4k3/cpWJReDG6oApo0B0DVyfplvX8E58iNjw7X+TaroIkBUHsqeZkCWU+wGq66tn0WGn5ApeUXvpY5YhS+UuiKNP5C0cIY/sxUFzj1wE2pnhUGpA5pr0GAAy3HH9HP/UhBi538Ofuye+kYKbZKNvseGkX4++3HyIcuYJeZcY1RPX38RN38tyfSxDdviClJQjjjIKRH9um+T8/wDOMOSd/5aLBMi01mnzX9YMfCj3A7RluU+Zn5P7BStrL33MMmR75D464ujDVAWjw3ZPpE+9cQ3vzHAoNSBzFrTorUqQ+ZNzcmKA2qEH51BOgH79Ef/ZdE59C3/DAWyvZJrvcE9LBCSBALk5GEN6LPbEMoZ10wOR4ij96gJRwilXhLgTmZj6P3tnF9pGdsVxe1t7hilo4raqHmWrFjS7dGshQd2hDw2yV1WjYltxsVw5RkXVQ6oq0AZSi92YxjWiriOwjUwqqBWQWGFnqQyWoYh8sA1Z6MM+bUJh+5KUZfelpN2lLGUfAp0v2ZqxPkYzd6S5M+f/4sQajaV7z2/Ouf97Z+5lJ3uiy98QhgUAmc6K5NKll6/IIVMeB1wN+LkIgqz3To6Ruf28S3/a8TzDf62fnn9RHlBI1i6Gvf2HjF8UzH312+wX/t677M8t7nLC/uc/DaycAMMPtMSkzg3NTtQJMukJH7xZLwvrLw4N1c/0O4BMb61WS6Xqi7MWvvI4EN2MGyJ+jb0nn0qVQsamyT+e/n6rfvo6gZKAQrVAmOk3ZPeWxRqYHctevP6E/8nGf0Pj3pRD9pwtz9++JEB2ta6PlUN28wxkD28OPv9N/UzfBMj0VbC2l85Fmk5GK44DDrKroj0h671OkJ2XQva2FLLGgEIEmds302fIhNT9cHDw2Wdslmd/vs+Xzqdlwpbk6sQNtK5z9tMjoVx82noVQKtycUsoF39wXZLJ7sCKjx6psJ8srzd1F7uIgwucA8/2/49uD8h7rz1kJx3P/2vrTLn4FP2tLkzWFe4jZOfqO9Xe/4Mw2OXcHt6+YOvsX5wMeG9IIBMGqFzBeKHeRPdzV+/ebg+Z7IQn49/3RONDrNT/dpV6JGndL/SEzB+OTXuyvgml8mU907GgG2fE1svJ/UILC7+LOOD7mitrbgzIe68tZBxHb9Qz40XOVxFOz/5DiKvGgEJVLjp24/2D7OfvvFO/Keg9Ya6QawO+Brjyd7Hg5qzbp3LIuL64c4mjR5jOuMAb8m0hk52wbtY+FCz8N/k5FKEalUB2Lf9SN8gCu6Q6ZcO4IubJpfdqXqIlZIrjQOjrJ/xBst5rCxln4fMdz/2FX17iCkR+FuDdQTFvNgaUKW7aXD7duGVr8Dz/5bk5fP7rcbOEd7927l/C+hgZZPz04yPB+fjvucf/EMrHtpDJTsgNgC++fq9hMnrow69zE5ayxr30efKlPpCFfeTiqJ3qXva5DXI3iCNiq8elUjV2Mk/WDDKlcSD0NT+9dVvWe+0hu8Jen89/cO6jz4QFIFwgvX9vWZyMlgUUQsgciX5B1rCpxI9/Kyyl+eQvYsa+dYFfUzYkLqeRQcZd8di+EFbBsAcN3flhJ8ikJxz45NsnPpJkWdXgn6WjhF+V0nrsCMxEyMUxanJsdMm5QbuUil50Lo2PTVLjG2QCO8SCR7zfYWsLmdI4EPuarfK4TCTpvfaQNXS8uD5ySLQmT5dV1QMKIWQzdKIvkEm3HxNrZa48EMP8I/4Ln392e6AJZOJKAGE95+DzDy51Mj5kJ6yvE/2QzWXCizv8me7+SW58fJovLugwT0QuUfY1l6pqkV6apNbIGbwQYwrFZDlDnDLW4lYXhXFQ7+snQvXX2HsdIBu4L8TMx68JLwvrj6ULhMWAQlkupkh3HyB7cPlas2c3NFRqA4+Xl++1eGL3ya+vLLc+6Mx7JCe89S3pO9kXlx80fgDRXfy0VEY+BgqzjI26SLWipyhnNIQTY5zfcSidMGp7P5nCOLjUofeav+mf/LH1v3Tr8XLjLU7NA0ozZI5wPzLZO5cf9P0ZRLc60/nW8Cu19AHi7TocE4vUKKlFU5Mbu/ggxvsd8osCPK1Kf8h+fw+L1uXmyarJI7RtN02O2F2aIKMnp8gYJoglOL8jcObXVoOMySZ6Dhkm4iBz5NIFpIlsxUk5SW1aoxZ9WCAWPKrkDxr8DutmslT3e7drguy1azhBRgS2KxmEcTdDjoxpZIx02adIDKbLHIVicifTBDELQubufiNOTZBdNsCArAvIiEgRpcWYXdScyEhyiaI9xvc7ts/4HRYek3U/stcC2f9eLGOVyQjbOkqLMTo3SWuGbINamzA2YbamfoeljQ8m1MNM9voAXpARxGb6AFn0kWOaq0VW9lHS4H5HvpnfYWnIZqPunkE2jOHWSQgtRtI+jgAyllQDIxbm/I62JbYVIQuRqR5B9uwLHCFz5/KoLEZycg4BZFMjxoVM9DsYgEye3hO9gcz7AkvIbOgsRq7SQwCZcTOZ4Hd0EExG6whZ4sXwMJY7bXr2EFmMaCAzbLmY2UkXNzs/o8mikDGBXkBm+zWmkBHrpXIQIOvQu4mDfKWq5CZFi0KWoOO6Q8aW6dhChspiNDFknf0Oy2eyiRVGb8hS8xhDZkNjMZoWMscm73cQAFkbBQN6Z7IwPY0xZIQficVoVsgOt5Pbh4qPBuNDL8gSPgZnyIhVFBajOSFT6HcAZF08i8CKYzLeYtxfAMjOauEgXznq6qFM1oUsRsd0hEwY8WENGXFY2gkCZDLFlfsdABm3CwWjH2TzWfwhI2qaLUazQebfLKZ3uq6iLQyZN6xfJvPSERNARhxrtRhNBll3fgdApq/xEZtwmAEy/07+ECA79TuSxU01T2KyNGT+Gb0gM8WYjLMY9/cyANmp36HuTjtLQxahvfpAVh/sYQ8ZZzEmADKCiFd5v8MGkHXt4kezukAWm3CbBTLOYvRaHjJ1fgdAJlyfdMlkzITPNJmMIGrJY6tDdrif3F7X8H4wPtBDFlqJmwgy4jhZszRknN9RcBAAmWqFvOghO71N1hSQhTRYjPhDJvodDECmXiu7OkBGmAoyLRYj7pAFqpX8seZtZawOWYIOo4YsGzAZZERmb3/VipCFanvpHQ+h0lMEyE4qu1k/YsjitOkgIw7zOyHrQSb4HTbtJwLjA3W5mJpgTAeZaosRY8i0+x0AWcMkCFrIGD9hPsjUWoy4QmaLcH4Hqp10AbIZ2o8UMvMZH5y86ixGTCELVEul4xPKfrkAACAASURBVFVkpwPI/K5ZhJD5Ew5TQsZZjB6LQMb5HTkPwQBk6DQbQQhZxOU3J2SMKosRR8gO95NlJH4HQKaP8cFEU+YsF1VajNhBxmTKyWIB8Z6+ABlayKSrIU0FmRqLETfIIrn0HjK/AyBrHEfthsH4UAAZcZCumRkyWwyt3wGQSWq8eUSQud1nIBv+Pi4a7giZd6d0aF7IvILfQegC2VtfwUXDOpWLs+0fqaMcstkocwYynNQBMmKhW4sRI8gKvN9B6AQZTtIHMrcDTSZjVlKEqSEjMpXt1d5D1oOtk9bLyf2CXicHyBAaH+6s7JmX/34VL3V21Qr5nL8byLDYBNDG+R21oF6nZ179Kl7SqRliIV2MDxPqKFk1WyZb1cnvOA0vCBsuBbkiAJlCdWUxotmYfWRcR8j08ztAUmUnEEAWn3dYoKmC3ViM5OikSzNjNLW0gqPfAZIqPMNohyy1Yom26sZi9DmpRc2QrVEbKRz9DhB644OJWqToyFS2AwoPnXbZp7RXiyNkTJcv4uH8Di8EeM+EIJP5/RZpK+UWoz+6RG1oZMxJOVf0sA5Wj0ul6ipEfg/rxWgIjA/FUm4xztJ2jdaHi01k0zoMLTm/IwJd2Uu56WmtkAUt5NQepDeVpjIntaYJsjlqUdi9A2ndUiiivp8F1Fm78xoh89Ix67RWsFxSaMnNkOOUUwNjS9QcGUf98cHvwHRMNk27LdRcC8WiwlorRU9RU2rHZYtj1Cg5i/izg99hQCmDbGbeUo2i2GJ0ZMm1SWpsyUl3CdiGc2mEsjvJebRlOO93BCCq+1MBBcD46EaFfE5Z6mamo/SanaKoSfuIctkn2XeMOF3RGaSMBY94vwMGY/1R66lkgKyplFuM/kjURS86l+bGlWtuzblIkyvTSGtw3u/IEMBYv9T60XCKIItZzg5mFFuM7LHBWCTli3ZRLEZ985GYF22lyPkdhxDpfZQ/ogmyXZ/lWiys2GI0hHi/IwSBjq/xwURnrdcwyi3G/itxnAe/A3fIwla8Rq5XtuNYfNDwkYYtn0EIO8Ln1lAuWlOFdM5h/E/pKBSTOxm4d9IIkNFxDZnMoo3W3Y3Sfcq32+B3GOZ612r5ohLIfPPWbDQmlzb2+iSbZye9V/NDeBtEIUY1ZAxp1QXdBrcYF47zlWoAYtvwUgCZP2rVjrQtFIsLhr0CCH4HyEDyM6rLReuKWa+UjWkxujd5vwNkJMXpIECmgrJCOmdE3+cQ/A4jJjJ6Ri1kYUvfOVE1oMXoqKWLm+B3GE8+1ZD5spbOZUa0GNeP4hDR+EgBZFZcVNVYaJcr8OxCkL6QMR5LXzVttoiBLUaQoeRNqM1kVpdtvVRuvpPiT7+Dl34CnamvEs0f0wGQKdBm+qA5ZF/CSwCZ3kOL5h5+Z8jis7D4tJo8agXZd3ERQKa/Wty32RmySBQaz93cYmQhe+PLuOhnAJlxjY/5FWglIrBdyQBkIL0gC8KUDCtPM4sRIAPJwiQBxocGNbMYATKQVBMpgEyDbE0sRoAMJNVuVh1ku9PQdi0sRoAMJJU3pA6yKOzBI8ifyxcAMpAexgcNmayVxQiQgdBA5nZAK4nDMs/e/gJABmqtyAQYHwgsxiBABmqp2ajKTAarqk5Vk1iMABlIlslUQtbilmqwGAEyEDLj4//snX9oE2kax2+4hJkJtEMPcg0pMW1s8AcrtEkOQqDQJo2lu4HW0ELT9KTXNk3w1H+WclVxWatou0dKVbqs4p143rpr2Vv1EMrBocuxLuKWRa540l5Bi+ePsguyf9wh7P5x7zuTNMk0XSbzvpNMmucL0s68MxN9nU+e9/nOO+8DkGWlZTkWI0AGogNZUwf0Upbey7IYATJQrgIqn5OBNliMMYAMRDUnA8l04+q5ToAMRNNdHIbacptZjAAZKFcxlROEHTCtSq7bKYsRIAPRMT4qfEW4vOntuQs3ADIQPci6wV3caDF++ofTABlogzqGwfigaTG+B5CB5PIkATJ6lN24es4NkIFkaupRB9kgvOqS12L87W2ADCR3FzvUQQarVW1mMf4NIAPRMT76OOilfAqdu2AHyEBUIHODu7iZxfj5EkAGyv7iTbrB+KBrfvR8fvUgQAbKqEMAyGjLfuQuQAbK8j2EWnWQ+TzwQtkm6l+6DJCBMnKGVeZkbLQZem8TyJQZHyMGw87Jyd44+rVrcnIynt7/JdpYyRzT9e67k/2GfI3iFj5/ZH0zcyja1zO5AyAra+OjwmtGE0O2+gGzsMwwRuOu3xjaGCPD7Hop7v7rPN5g0F7xmOPfMFhzFzc0GgzN19DpxruffMB8hzefnRUbn8SlM+f+hTYuxwGy0sunGjJYSYcIsjcnmJSMh6Wfuz4S4UjvfSgeY0xtHYzLGw1rqd/Rn5No85t029GL0tX/m2oAyErNWDSoFjIQEWQf7kEMLKw8ex9Hoycrp/eIRPybYVr/2T9y+izDIKzwMcaF3i9vIwK3yRsxcnd7R049lljCyM3tGDmF6PpYurpx7n+YW4Cs1AoJg6ohCzmh/8gg+3MqHuGj78wjOHZ/xjB/wa0v5pm34uvHGL5imIfyxkWGeRsPIl88xpDt/ioVtt68j0Pi+pkAWekVjrrVQhaC9aoIITtwUfp5NPXz7bjhkCCmVDhMSZCJx2Cg0AAxt/GeuA+pDeP14QnpMmK825s5EyAra+MDXtskheyteJ6fhp37k9z1eSYFmbRvLQ1UpnH3MeadS+K+GQwZCoTMr+0TExORXzLMd/jMg3GArPwh64F5+PQhO30tbW5kQzYjQZbdiCBLZVyIr5MYQ6Mx3XoycyZAVnp1BNRDBqIP2aLkMz6PzOeBLKcRQdYqRbI1MZKdYJ7+7nBK2wEyHcm5WQEkgKwkkKHMilnCz5P/vmcjZLmNmUgmDRcZ5nKeqwNkpdewEFYPmS8Yhh6kC9lMyjE0vHm8ETJZ4z2G2S5e6YuU8ZFK0e4fNv0DINOR3D21BJEs2gM9SB0y0a/Ahnw+yLIbUexq3SY5j9jCP8YwH+PWN3sYBiDbMsYHm2yCjqILGfYIn/T39+AZUQcuySCTNeIIxizcvM5kHkYv9fafQowdvQiQbRnIwsPQUZSNjy+Yde3aJjc+chsNq99jR1G0FI9nTasSn1gDZPoZLSZDJJCBqEO2e1nE5PlHizjjkkG2mtOI9MdPGebpf56lHqI9OyfNJb4ExoeeFBScZJDBHGHVkG2mr/fvX+lX0riafuXlfvpJtWEFNccL/DyATGNtnlQpg6wPkjLqkCnWDGPcm5pkhQeP8NKmTuV0k0EWEwLQiaWDjGl9GTf0fc+kZy0CZFvQ+GADHFgfJYNs9dj6TCqCQAaQaayQjxAyyMlKCJlh9bZkJt4lYQwg01hNSVLIfkrVZx6MjV6ZVq7RsVsPzlSr/LRA52CwOelpUipPsjk4GA6UM2QIs+TNm5/sILsGQKapAkKMOJINdm7S8uAKr06jv1LxTwknOXWa7ShnyGC1Kr3L554NEEM2nrdOJ3tmmk/4rS5bVWGyWax+nr9SKGads9zUPrOpcJnrI5wnDJABDDo2Pli2OZovLRvjE3U2m8tirfO3KJe/zmqxVdnqEkMPCvq7xripRpO3oXHAHhEcSiVM2QfqG7ymhgjX5wPIQDqGzB2rzceY34ZYUTVabLHaXC18IZR1cRMm74CgarTomDCbBri+8oOsvz8OkJWBurp95JDlTcd4f5UlwatVi8vWMqR8xBiK2k3tAqdWjnpEWbjcIFuTFoUrA8iqb10ZUnETTI+eUZGZd3tU3AGebg3f2PJ4WBqQ+eSoVp9P2Kw8iVyuxBXFnz875W3nSFRvijTVlhlkM+szqfQNWfXYEJ/AeYDLplhSloE4KyxpYIc9nBCxDzTWeJWrRswxOE+HRs+ifspbLACyQLRrw2DR4koQQdZiq1M8YBzk2r0CEWQOcw0XBMi00IMh3m+pwthY65TLanGJqTk/WsDznECSizSaTN6ahsZ9ytXYXmM2mdoj3KxGU5fcTiqRrGlW9uU15K/y82SqsyWmlcbjiGmCI5PdZB+vBcjo6xYa+ldZVN0M2Dir488rpiw0LjSazKoyc2HAjPKN8ZB+jQ+WDXp8uWNw3mIhZIzH401lY/Iw1252EELGNdRwXfqBLG+NiZytlcwScYa+nEZdQXaG92MTS+09YLVZeKVZg88zZfYOqL4RBrzmKU8t/R4IuSlBJh/NTrcQBzIcyvhRZY8QBNMAKWMolEWSeoFMXmPCcOqEOENxQdp6dg0vfr/0+/QrZGfFxidxHUKGc3Oir1u/8qyhj2vwThHcAVPmGocGq4j2RH10IJMLA0IsBOp5ZYPVCdMUMWSCd19UL5Bl6lCIC3r87F56Cy84kF1j4qG8xoTeIEO5uS1B+FXbMqRowBiKDpjsRLdABH1Xu2n3gJPrphTJ2Nq+nKn4FEaLSOhLTNGHc/VmjlwNDZxeIBPrUMyt15i4j9fx2LHzxnx2jYlv5yXIcmtM6AwyGrm5y8KPKYoYgreR8Bao9wqHqEPWHKIFGTueY33wLisFyCxWhZAhPsjVaNYVZJkaE5gqcevOY7x0x2Lq1bG1ebEARW6NCZ1BNoYRIRTCVEkoC3D7vFPEo5l6rtjeRyGQBXNe3cRBiAJkFoWQ1bRTgGyfV0+QZdWYePE4/UJmG17hvg2v9pZaavGhvMaEziA7TyM3R5wqyMqCDuJAJoYyyjN/fDQhc+bMxC8yZA00IKvXVSTLqjExs17GD6/FnVNjQlwizphVY0JnkFHJzetsCQUGmMduihDfAxGT3UO3B5I9FCGTda6rruyGi3qETOQIofU6s38ke2VusTFTZOKk7iCjkTYoM8DQSMRBfhOY66neBGxICFKFLDAMkGkM2ZsTGyCT1ZjQG2RURjSKDDA6NwFl94vtGHdShexQtBYg0wKyDcPF1uzhYm6NCb1BRiEl4/HNpCQxb9TfTUA5J2PZzqx5kAAZRchQ2nVg3fg4jmtMSBe+lzI+smtMbE3IrOULGUsXMjboBsi0gAyXkTiesfDXUs+k78ynG7NqTGxJyJQNF6lYzI01NG8C52wnbcjA+NAGMvww2jjXu/Itg4aGcfHJ2DsvV7IfRmdqTFQwZA36g6xPCNGHbH15OYCMJmR4mJg1rQrHrJSf+FBeYwIg0xFkviYFZcUKhcwtdAFkWkBmOH1WrOLyRApVXXitReMSimUbakwAZHqKZLUB+pCxs+M+gIwCZHmUW0Zi5/79vVmNv1BRYwIg0x4yDYwPlg33OAEybSArz9WqKhqy4KAmkIHxAZABZOnJGVyzVpAFADKADCBD6uYCGkEWk64MkAFklQ6Zr5PVCLIA1wOQAWQAmXbGB872+gAygAwgG475tIMMjA+ADCBjfeMebSELAGQAWYVD1iV0slpC1h11AmQAWYUPFxUvra8OMrejGSADyMD40HS4GIwBZABZJUPWUUC1OzA+ADKArHA5FbseJJBVPwLIALKKhazLUcA6xKoh61v+ESADyCp2uFjIAqmqIXMutwFkABkYH5rmZI8gkgFkFQpZd3ORICOtZQuQAWRlClm4wIW+CdxFm/UVQAaQVSBkQY+vaJD9uPwKIAPIKg8yX4Hl3Yki2eLyDwAZQFZhkBVe2p0IMv4RRDKArMIgC0WDxYQMSicBZBUHmc8TDRQZssTiqyJBttWKAAJkZQpZblHnokSyxeVHFR3JTu4oF+0FyMrvYbRU/O2HNrJQ5lKak6Gu0V1pKgRZoXp98Od0dPl14ecAZKSQhWJFhszqIu/bhK1uSNGnjQ+YBOLudXjrSwzZkvHCZSqMvTZeXQLIig0ZSsicRYVsyF/VInUQwYARXWNa0acdmjJNEHcv5XLBvq+3F6aFp0euPt9OR88vXCj4Uv36haw8igDGhHBxI9loImUvviJIyywu/paiTxvkasjHi+1mR5AtnW786cj1GKVrVfuazx65XuB/+f/ZO/uQOM48js8GJuNu4+5qYleUPV8uQtKQ4luOZSDQuNkzVhtfVuou64qnq2i24e66GLRHwzUnaqKGakxz/qFHtPGlS3yHIolpc6SlhCN/XMIV8l8JHIWjR8pBAnf9455ndn1rxt15f+aZmW9CzJjx2ezMfJ7f7/edZ39DqxgyPB4CWEEpC1m/OcvZwRygU4LvSZ9MLWuxcrs+unMsOSKP7mVLI3/7VSpZ2+Z75hYpq3QjVqz1jPRRyGVOxeyZ0aeFposO5Y0P6urmEuH/fS8ikLVzfDUPCGX5Im2PDFsNsmtxcGJ8tVXiMScnFgbRQ1YswULxDjDbcoAMBCHxyjgsDDJ3d7XykPWbszerMoECP9/CdWp3FPottaIO7iVLDqpAZi0aDcsRdYpmwvPlqCGTwgArS+24mfylCnMsl0UzBor7bkFxrDBQpTxkVLs50xmn7PvHQo4siITLnF+tNaXW0iji4OZYDqdUo7kOq1amF1aq5Bi5ZLVnDnHKuG2AibtdyuFKqLG5akVD1mixFQmCrL6OQgCZ9VpHsTO7I2Z+8E4ZO7KcmeabPF6uJiXXkucXOn+dtpy2nUdzGfaOhEeL5Bp8cWJ6HSlkXebiTLGMcazNS1IOu8TeyLG5DqdUKHyIxEBG9bd0ZKU6s+BE9phnKCvLcoJa9xofH4CuT8nJsKQ15vBNGWw5jXkW16WU6w4UF2Hr2vjEpIzjN4yGxy4ihOyEWXwo41qbD1+21IoOZJevC3iX1eWoIKNOXDWfzHKmpjqLM7O4K7PY6UyFIbCdn9dGVwfyc9IsFosrI427MlzgJzIu2QIeGsU1KKVvz+7lu1fH53oRUtZuLi4WW5GVtZzgZKiCksEvriJz5aYISPtaRWVBhMgj/PAqCPZl2dmAnJ9+yizm9Csru+wkSDJv9vN+tQJPd4rNn3Op9jB31Tbm+G35AR8Sz6NhTGLffg+Qp1doZJBZW06K60QBf7yL22vV2zLSxCSMtrQMQbhcL3UghAzkjF03rzFG/tNT3G+XXWtfPiHo1eiSZl99aYDHcQ2Unvc1VyDJFBnfvk4JlpGmjA/N2amZHcLjmLO44yrXWbbb78oQHsv8GS5/t5DZ1lFAIYVsRyzndRfKSmldRaPhmT5l3mfByvgUupSxC4ASK80FIFacmtXRwnnGrQtcTrPkCVuW4M+zpPkD/Cc9d4nI4yMhZFQFTRnatsKgb69cjto7Nb5SgI6yjmwnLMyzs8u4C9YYztTMk+ZrPLKaisL8S2kWV9rp3MYc7mrMPZ3mApV5fjd/xhyF3bR6IINXlsHZ5kU/Eh71KfmCF8fCow2o3m3/TRCTADTOVB4CVILq3NyyzCvYOzyBfH9jbh70s7jLlZfb6E8J+ASUDfUpYjN+aSGLP07aUDnj2yuaEdP0yvTUIrJ33N/eIihdvLrM+yg52koFpYulbYJCvVv0ajiJI5nH5jEIi/n2CIyI3rnxVWQroCnrif7lrq527upaftgvcB5yVNU1e3w1nOVprqsSRBgtxfGUGDKqrcBALObboxDSlFGLdhZd3+1QH2TQ6dI3YrRSvj2r1qcnFilDUqnGJsVCAukhcwd8Oj4r1phvj059cz2rJQYdEqlEksU6MkSyIlubfk/KyvTCuhvpf6F8PjzjM/CQIidxSDSQDJBRviq9nhbFfXvWYDq4IOuKZN0wVl9KqxcySsQntXFWzLdXQe3fN9KzVmFQIjojk8oplwcyR2GN/k7KJBrfnk118z0zRQYm4tQqWdUjUyTz2fRGGTrfnp34hQUjZRSTK0q5dEkmyChPnb7OyfrE9Kqa3rJVQMc4Q9up2PVhDCCD/1H9FGZ9M2h9ezappGMcnnNmaX65OiB742BiBYOHDqpJ/5btckbv27OnjGroGIenqiXt3icCsoP7Euvl8+f71SS7TCekdy48ps4bUz4VdIzDUG6pP0oiI2T7X77UAWTNa+NTk+pcsme1qqBjHH6qC3hUBdnv3k2m9w+oQ3JBpiLfnlXyd4z77zG89EaS91OVUuhWFWTvEkkUCTYRqtBrskDWMBZG2iiKQwkve/uP9P146VCyNyT9B0lkhiy0FEzXLGSO9YXpVbWvrJC9Y5ymIKNb5ThEMkNGeO9oNpKp0bdnTxll7RgHIfsVLvp9Ysgcw7YSDCEjhghiIKRByCpWpxfWMfnonKwpI4DsNQIXHUgMmSe/GsdIBpQejKZrDjLo2zdgY5jJ2TFOS5DR8nwSTwHICHs0ojHImud7piYpnDpzydcxTjOQNcv2zB8lIPNqLV1Uu2/PNkfL1v5DI5DRNbZhnCGDGljyagUy9fv2rBeRXB3jtALZ9Road8giwWhIE5AV4ODb71VHytExThOQOSg5k3+lICPuzGoikmHj27NJlpRRC5A1B2SdNhWDjHFAcIeM8e0dFL6SoWOcBiCrtg0XaAWy9OBSCGvI8PLt2SOx5B3jNABZgczPh1Q0kjUFZzGG7CLj2+MuyTvG4Q5Zq/yfH1cUMiLdiy9kk1Pja82UBiRxxzi8IaN98jn3iCCDBgialFEkZDSevv0eKaOkHePwhsxRWERrD7ImNIusxEEGffsV7XQylLRjHM6QFSjTIVRxyAg7ktvSoiDD2rdnDcwSdozDFzK6JqBMZxblIWNyxg2MIKtbnZ7A2rdnk3Qd4/CFrN7mo7ULmTeq+AemBUNG98714O7bs8gqWcc4fCGrUqovJZpItrEUxQQybfj27HapNB3j8ITMfV7Bp6KggYwgQsxv1UMGfftybTJGWaXpGIclZHWBQKv2IYPrP2a9KofMNxoe6dXcI1q3KZOkYxyWkLmHlXy8FzrIiFkl138IgMwNfXuNP7RSgo5x+EHWqvTNGISQEfYNNUPWNxMe1f7jh8S3/8ANsmP1tnodQQY5i9rVCZkmfXuWjFF8xzjsIOv20HqDTCEznydki5r07fd4r+I6xmEF2fsv9x1SvjULYsiIUCSkPsigb79I6UbiUkacIGv64fm+Q5TuIGPWfyiwZpgPZJMT2vXtWSWqYxxOkEV/eKlXyAaCQbtqILPGfXt9SUTHOGwgSyeIjQP79AoZkS7/mmGukOnBt2fNkAW3/8AEMlD9g3xJx5Ax6XLEqwLI9OHbs0h4xzhMIItG4VMZdA7ZbDC6gRqyutXxiUGa0qkEdozDATKYKTJzuM4hI+xLqCOZnnx76VJG9UNmXwpuzt96h4yxQGTLGZNDpjPfnlVCOsapH7Kl7XuxBmRMzhhCAxmtO9+evSbl3zFO5ZDZQaa4fU0ZkBEy9hlOAlmRHn17NvHvGKdqyOzR3U96NSDbDGezIYUhc68sTK9UGYRBWfl2jFM1ZEvR3av2DMjiigSDIUUh6xvRqW+/1+Hg1TFOtZB5AV+hn9X4+oJsyG7fk6T0AXCE+A54xG4XBlkr9O01+8FMIeLXMU6lkHmbosFX7wnpC7JHJHk2cZznt9Kq8w+mD84IgUzvvj2r+HSMU2skm11iuYJ0BdnQqSSQsc5DiSF7mz9k1jbDt2ctzHh0jFMjZPbZPXIhfUWyZJAR3jsEsbEhM2SDE+NrrQZTLOLeMU4cZN/Z7RLzBcqQvVcPGZCx3EXkbDQKgczw7ROmjBw7xomBbOju64mzfN66bzKdTbCmQQOQDcXNnFD861CIYeRIJBK5E3/b4DsPIk1ntiAbiu879CASGdjYvQ+xMcvkjGB7qGh2a4jdA4LJsCkycGNoE7KdAyWErGplYcHw7ROIY8c4UZHsnY8Sz4289bEp4eSNP2Tv/JFkjtg/PyfP3YDbx+H2J2skkKnyNtzlMVn5AmwdfRKH7Buw8Sn4+myE2elvZ3buQzC9Ge1PTZWRKyago79hXuaTNbgRH5DofGoiTSbyPz/GztazEbgZGyghZL2Gb5+kLuPYMU4cZMelhcz7gtQ4ZJ1XyKN/ZighyScxgj4l7n1LMjKRv4RZ4lGS/Jwk37oQgwwy9icv4zXGdvrixo594rfNRk1bglzd+3ZzCw7Y+XXs7+CH4dl6tPlvcKAEkMV8e0NJxKVjnHogC4Hy7l9ahwzmgH8FCduX4IqHAHwFotHdKyRZ+ebGgx/B924ze5BvBWf+4mUgg4x9CBNp8PWz33b2fkSSt3bsEx/1KxgH/27vPW4ib3mJuyCoMQMCsMCA38AoxmzBswUychMzkMl0KxFki1M9820GQ0lFc2j/wQJZrErYrBa2yofvXi0btiALxfdl2WdnMXJkdkctsLsyGFrKrb0DL6WzxN5lgwYgu89Acvd1QAlABHz94Abg6BwMSUMAlfeYUqzyArRXwV9ufxxnrPNrEM/i+SYIhVv7bKN77lh0wHuf4QhQFR/QZHrvDCicTb+OB7S3z8A/4wOZmJjKDlnDWM/conH7mRNlyTvGvQrZI2g+AH0ZSzaIU8z2riz/sanyBSwA3oxBdvcf4B8uMLk/k4b8Yuc+T2Kjgtn1w1ii8lksS4FTKawMYlvPZmAq9MVgHLJY/UH+vGzQAGQAK1CMwbgEMbkH0fk/e+cX2kZ2hXGNQYxpIKMqC3osbDDEdFNspJeqpSSoileJEhmNHlTECIHlgoOVPoi6KiG7yaa0prWLU9akC90G2hRBTEDtFkxRnGRDXFJY8pAsG5J9SMqyeUnSzVJ2Qx4KPefeGf3zWHZsjf75+x4iyR5PbM393fOdc89cEVuHTGPABvCgTMEEOd+8JwMeZb9Eo/jqp3x05ZgqZIc8JWOW3mW6IKuSKuE0DsxQ4ix/9OoyfbPyyvWpdZQNZL95/70PULffvGXcYMe4tZDdUtxPxWhQFLYjU58wQBWXb6YNirKsKAf2CMgEYzQpHj1nHiIunnXMTKVG4ja/O81nXbUyA5pzs/knMt3gtOGYqyH/6LMS/ionY7dF4eKyCFZTJ0VU4sjzTxOyYxY57q9kfYQAcbuNd0gGxcCna6r78rVHF1V6+qdyQnr/PzRDlyzhE2mK8S1xaQAYJAAAH+pJREFUIkV5ag8Z1+1/CXReQRtYxrWQ0fTHc91VBoAeH98j1mpcPmfWFNwUTgmEXaRrJxijK6ocuLNy8+8yfFnH6JWzUhDbY333Fgexn+x7Qpd82mu8Q4Hr2tv0SkJWn3/0WQmfDOBFomn6M3okvo6fZyf4+xpW6iCjOemU6TKrOrsOZDwjuo/MsiO0TkguZEFRvqhC9iHPZNYEd9YOsujf/oy6/auq+Y5xayEjWBgD9nZcALurKDcaXD5fO5ESEDlvTH0pX3BGLR7nbouU2jqmiq5y0cwMjonUXPgdjpCX8xS5hIf5cJkHS0P+0WeRjP6oafKFp8g3Th+9R7MI/bnD60J2wqzTXz3jfvSzE6b2rg/ZSfe11+gtHq6H7C81keyMUnuitZChbr81NdsxzqbwcZfN+pyo+16UjqPB5fO1u2i+ukaMXZsxL6g85sppDoHWMVXIpPG5y5BReBRUrZTeNd3PDXHUdR4sDflHn0E2d919nNzxZX78h5hTTlqlePmsFrK9/I4cPi8i2YUmzSA1kLG1cA+/bWF1YGahzi7SVHihWcdH6Hfv/xHEbKX+0WT7DxvIhEE8elp5do7SJ4JjWm9w+WYthMn5ivyMBGTuOtH2I04bvlZqj2ms9i/w160L7zFovJ2tZiULPFga8o9+a6u6ZRY97pqPXM43Z7Az/LoWsmNcDOHyovyW+PET37jRHDI+4SUrET4yQ5dTTm/0RBQ+ak+0NpK99RaA2Rpl6+8YZwMZI3WeZrzvXqfHBY5PDS6/BjJZcpyRP1XVRpDR2b8ol1aE43QfXjlpGSYBWUP+0W+QPeal52ldzCVcxmfqpM++Lr5eDxmzSIaR6OEVMFGBdG8AGZ+QLkA6PUXznpghRV7Hr0QGbZ2I84C1kAWBy9Yt4zo7xtlAxknVxwcJnbuUlB1kf9/g8usge0RZFV81vpaW1z/x+caQ3TfE7VA0RTdC1pB/9BtkBMIyF+B5DVqYgCl6MnzH81l1MboWMs5QD8ui//3XPL/YL9LX5pDJEy798JwsU/Hy80fldHUxWp5IsWr5m9zjA9pY61hGu46Pq4ry8EvljTfp8SOx8CK8fdXl10J2fIaOkk0MhGbtdW8C2coTxf20bGF1tpqVWJHsQj934d82W6pWrb6ox/utuL3XtQYyEflOVZc16kG0haz2hF5xKdxmRbGurUq57AJkrZbtjnF2kF35tSx68FKZKF8wQIeqLr8WssOVWuNBK8G+8u6JS+ebQfbQ+NrsjxXD41R1OXbVLHyskzb0B2RX78k//pZ0i/yOPRBEfP5tlw1kbBj5/ZDr9e5Lf3BtCFn1hEWDb36VC/+VBmHZ6ShOBMhaLbsd42x7F1flPMdsyZaNW1Z5Xrj8BsiYSRotC1Z7x0FhRNaHzP2w6P1EdguJ3tiPOXaJ019dNstttfnHTrifTP93Op1e5ya66n0/N8VBc69ywmyeTbk+dzNd26RmfyJA1grtttkxzhayBWVYQMVLxsK4TxFHIm2oLEbXQCZM/w1Z+fiv5+YD8coeMrrmDyq95Zf2eJ7I3J/zjiPfKdcuRlfzD+xWtV15jaJ3u1vCQZvXmh3jbCE7elq2VD1etizg4/21N080QMaRj5iUbVXs/i+8uR5kRkk22vMGFlJikbuaRNS1VYn8A5BtVytFowjI2mkZG3aMs7/VxczBuCvRHOZXZPOvmTbUQzZnNnCYDcKP7ui2hY9re/gOwwXJkS57gIcfnjfvMuRX9ymWHav2C7sb0wZAttXbiLIuV2mjcAbIWqaGHeM2fT/ZptKGKTqmbL95wKyxVK5bKODMoObYffU/aZs2ALJtqGQYOiBrk4J1O8a1Y7eqbLok78lsumGIS99wt05Atq3LUOaN9L2ArC2q3TGuHZAtterD6wDZdpU3jDQga0uVsWbHOIchy87SNS23at84QNaCC0LpWbEMyNqgyo5xzkLmNYxSC08HyJy8KoCs1cHM2jHOOci8RfKIea8LkHWf0hTK0uksIHOYMnPHOMcga+b+AVnnpZeMhq30AZkDEjvGOQGZns67XJ7Z1n+CFiBr5VXy5NlueACZo+LtP/IOQGYYS86MC0DWapWNajMIIHNkxSz0wXt/et5SyDxcuEp7XICsNyAj10FZc1GkzoDMMcv48+cthCxtGLOuLXwGJCDrdHqmAzLnVPpfiyDzFJe4t0N3cjQAMgebQdLPXr4AZI6oNYUPnds6SlmnxwIgczI9e/b8pUcNAYmuhMxbXOI6Vdb5cQDInNSugQFPMFUYx1Y6XQaZ7uF93Url9gwDQOY4ZJncoqpGMz6Q0S2Q6UWxoKm3axgAMqchk792Uns9BjS6ADJvnsJXsVhu5zAAZO2BTI0k/aqaS8bBR0chSxubuqUdkPUkZKzg/GAqqPqGwEgnIEuXRLE+6wJk/QyZqvoonE1qgTFQ0lbI9LLX5VpaKmY7MwwAWVshY0XDiwRZeBKl/XZBJj2i3rFhAMjaDplUQNN8ahDO0WHI0qUSr4iV9U4OA0DWIcjUEIWzCS2AmqNTkGXLK+wRS50fBoCsU5AJ0MLzk5SkJeNYrW45ZHnR9LvSDcMAkHUSMqnEoBZV1bgP6LQGsmyRw1c57+mWYQDIOg+Z6ouralTTcmBnu5Bl08WsSzdKs101DABZF0Am1tDiSXKO4ZFEBARtDTKvV2w36+m+YQDIugQyqbFcakJVx8NI0l4JMt26Id3j7cZhAMi6CjJVfPhtQBsMqkOxKFjaFGTFJYM/AiS90q3DAJB1G2QiSSPPOKZpCUrVsGTdBLJyccnj0kulfHcPA0DWjZDJ+n4mrqo5LUXAYc26UZ4XL7/PZfpSuQeGASDrWsiEorHRkBocTM2Tj0SeJuSPJVU1/fz5s052SgGyPoJMpmmxUXKOY4PcHrKTSRuKT1KeWtBSQ6r3xcCunhkGgKwHIDNn8HFuD0kU5v07D7VgJDamquOaRtNMhAtC3gFABshaD5lUJhGgQZYaSewU/+iPhQksTSPDHI1XklNABsicg0xO7MlcjtuLCzT+Qn1bFfFPjvvZHQ761OBEQ5UVkDkM2cCuXtGAQ5CZRZFwgtxTQkvFCbhIP7EWTebC7A5T5BEjtosYgMxpyHpJnjbM9zQMU9rrQTWUjPVyU1YwSv43FxghsAZHCLKhJvMGIANkbYTMnPsnuCQwyE3GscUEhbahHkrYhuI8OSQ0jf6dnx/fTF0HkDkJ2X88vaXvtfWNDVFQyywWMtyaVaDn4UykiwMX4TU6P0rTgqYRWZlwZvOWlyAb+EGvaKDXIIM2p7HwaFAd0jQyXxMj8xTm/PFoNwQ3+h0iYS5oiP0XhlIBgiwUeeXmMW+PGRpA1sfrS1EazpHcYli4sTFKeeYTPjU4Fm9n83GQrGtwMky/w0RhcNQqaEyGt7OpMiADZF2oUDxD8SIRGAnyDaIBsmeFwCRFvCRvm+VvZSNykLOsMe5xTsxTdrioaSE1KP5L/2hyQlV9LYiooX29pX8Bsp0W3/xxQiCeyGVEgIvzYpQWVEOFQoK+nEtQnJkQW9ZNjE1QEIpwj4UvGqWMaSgapfAT9fvpy3E+SSgT4wWE5Dg9H18MDKm+lFbgJTy+hSBcCBBTsXDM11uFGAe0G5DtaHFgiY/FuAqRSFL4GRmR5nJCsOdTQzLuaRo5vVHhOUc0jWgS+Z68ISeZShGvo4vzBGYyzKeKRHHnQIcFyCAIkEEQIIMgCJBBECCDIEAGQRAggyBABkGADIIgQAZBgAyCIEAGQYAMggAZBEGADIIAGQQBMgiCABkEATIIAmR4CyAIkEEQIIMgCJBBECCDIEAGQRAggyBABkGADIIgQAZBgAyCIEAGQYAMggAZBEGADIIAGQQBMgiCABkEATIIAmQQBAEyCAJkEAQBMggCZBAEyCAIAmQQBMggCJBtQbt/9def/vi3/2fv+mKiutJ4yPbkzkzCJT7wT/6I6GAm8WEFJyHXEFwQCWJCJZopFXcopkgIuk9kmxoI2EXUTSWta2KELJhINmvpA8ni4mQTTUlLBe0sNDbY+i9tDdXd2sTWlz7t+XvnnDsXmJk7d3YGzveg3DP3nHPP7zu/c77znXPvd6E1cjl/pWtiVpXgS5Eki0i8ba3O2OTKgIRfiiTZ6rNYm9NZlZMeg5TmtTuveKUCohaturGlZsf7OyOWi8dff/tomVsil6Ik815wVhWkl27Mq6poj3wKa6+oytuYk16Q1946KzUQJcVqdzpik4NlEr1UJJna2p6TnlMRm7XYvrGgoMIpTcao5OhvHU1Fma7oZXNzhuNgtQQw9Uh2xVlaUOWMWSpKC9ovSP9HFNPYDkfTZlf55q3Nm5oyIpazTacO7NngchVlHD4qMUw1ks0689IrnBakvSDH2SV1ELHscBxwZZ4qjslaPFvkKm9yNEoQU4xkFyrS85yWpCq9yimdH5FKraPIdaDYEauc3eBqekf6P1KLZBPOnAKnRYEltFlYE9bVTSnKYt0LSxAE69yWHiFR/db9ziZXs8OCFG/IzDgYOa5RNNQsQyIwFFRvtR8kJcnOW57I4LIsvao19lXZI+CpVCZGwb6SVW58fmj53/wAfBw7CHct5Y5KXs/I3FBshWSOs64iR12kuIalrdBQswwJwJCpHqs3kn6QciTzOvMsT2ROZ2mOcyLmR8gFuyuVrl7QuTK4Q9fBeyuSrDB2/AKWckcj1YebXU0Oa3LAdfb9SHGNpqFmGRKAIVE9Ve/q/SAFSTbhLN1onWR56RbsRazb/KzVwIXwd9tFstyEkaymuHyPRY45MsqLHPtjI1mufSSLGUOieqpeeLF9zZGszWndWkT2ovOCNZJFpAvbSJYw0XZusjyRORxF5cU1SUcyi0LVuyZJdsVpzX9PJd3ZaroYdmvenpo5/Oe8z1dzW09Wgj5fyxSnW9WdTVe+PT6Sg120kFxtfaBbcxuLgjKP7jeQDN3ScJu/4urGj+Rmq/Ts7Gz0j2ZSuc/nm9PiqynH1kzLHHM0uZouLlM+avcUBjjEGa4dkGSXvLCNIecCh7CBZLZgmJ1NS6BZ3fBJseqpehHJpmCmmhdriGTn7STZ0Dj48SQAYGxK+fYcQPK4hCTf+RRdeRY0pluYhkewLvwDuPkmGva//RBfgGuDijqJ/0K9gC8KXn2FLu7/RyDZLx+gxLSnr5FbxLrRI6W9Ap7LWNvQTNlXco/k5itXBr4hF9viS7LMPdZJVuxqPmxaOgHj5u/H0fqGcmaCNuoBJdkRjMY1DA2PsJFktmDIHC9Qm5+wmRWpfhdTLyTZ/S9DjyRnslVJBsEHryBe3coPgMq+QZycloY1mHbV4Phoy2I3XsL+KparZGAc/+GpFItSZvR7OJKxjGn1qNMY68aPdAKAq+zebrpoFyrvOscu3ooryVwHrJPMkbnVYVY4B0Y348zDPpb0PenUuPkA1B9TRIQNJLMHQ8hE5N4YGgVgBA6wA/2goxKpvpqpNz/rFcszMiVJFgHJ8hHi1772XIbGHLgz530OtTNGkx/fxsPccMjxAWcy73U4mh2qnv8MQMpNjKJM7iC+TZ1/2QfGaltKxKLgKAgHzepn0zzJYKJn4cXiS6jivXi1ZqwbPtJ30+DdXQpWs2eYLFWEyvHFGXcQjstkuI4byZrjQLINexzmhgMC43kfRzKUVg8bdYt0e0Sy+kPul724kwsIiySzCUOYFWV5CAvoGMQ24k8aVj1TLy77zlzwd+R5JckiIhkcP7MR2thp0TWK4EbJW6ix0DnFk2yGjrBopBv241+JbVGIC4PjpqEoOIa+C21JZWaaIxkcGrdrZGAnmjbUzR4JKfH8NJpBcQcxVo4v0E/vpQjJIBj7UKdHkxcjGZw6OhBzkLlNGgqbpSptvQgMA8I8yWzCEGZBfMPT5DCe2Jao6ol6ad9QNXUy6TxZyUsyNF4p+b1kyMM2+Vt6Mh7XBnmSPaLsU+66il+bOH1jG+s8hcz9ZCgqQG18jdcJUtQCXKOrtS+mlq2bGi652JTBHUSoPMBMHDjadwwmG8nMzUUdg0CIZJOsHbDh8DKXWI34lr2KAWGeZDZhqN5DizHETvQg8H9d9SHvIr5V80uSRUwyvPn1EM4zR/4M5fAoUgtMJgObt58oXkc6ELIRNA0OpGrQd/rGh4AjmVgULKC+MsyFD1OhPP3oTc20brIfRxQPrSJUAO4gXOV44L/5V5gr4wsQV8e2jSQb4MGgJAuloQ59DKZRw81P5yYeYZ5kdmEIDcQRLX8U/HgOTqKooKkwkpGyJckiJxl2GSKTPo0tpLtR8n+xFqAaBJIR0uky+42eTSeZWBTMQDqNOPBBqwa7VTwLJSZ1030YPO778SIDdxChctTHWK5UIRkCA1tniBSUZGjOuMxtkekku4dJJiIsOD5swhC5Ogb9IO3QJP4f+RiNJNsuSRYLyR72gid/+SOV73WSUXOBI9l1Xs0TWM3gyalb/EwmFKWTzKAT7/N/EN2OTYXXTTsIXD78hHrJJdZBrhs6yAmW62nKkIw2YAZwJPMYSMZNdgaERRe+TRhCg3L4EZz6oIU6HMAPJ0kWF5JBXYyIycuYi7nM2pg9/caLANpIm3NjvegkE4sK9SujTlRvzxe9yCccXjdRojowDjr+NUoWG7QDhir/dRKkDduhKXvNRTKTqYK5SAFiWNOtLT+y+wwIG0982IIhLOvn69AkhP8/PonLkSSLC8ngwpmuDH45Ub4UWjhDAx3qR1yTbWHj3dV+5NRQFXb0lLifDEUF6Kamwjs+2v4+vUR7HSgMr5sd24F1uEJuzkKx8gDbAxq6daIodRwfe9liiJJMZbu+yF1Yjx0fOl5LXgPCPMlsw3AI74htwf5H8rxG76IkWUwkQ5oaQ77iriykVuoCVryTQD+ZYHDhQ038oZ+Oin6yZQLvGAsrCv7WgY4kCC58PyCLZ2xMhtfNOkgb2k8iA7vofh4n7mfPNvJTGvWsJT3JZugz3+X2yZgbHWE9grZLiEcf4oWnOQFhnmS2YagF0MLuEjnC4xnmSTYmSWaBZFiL9x+UPYc6gmiTzeijPbfIetiwGe050/jyJFIxck49qA5+SUc8dM7gyMXbYlEoQ/2ZRsNmNBwknz7YP/8p3vEMq5t1EBU5kokrS99I1SvH3rWFX+fRpuhSapiLxDN+5PQt/sQHOikDG9XzGdtvhpg8aPwcoOFNNSAsbEbbhqEfeLAhcw8AYmeS4qh6JcliJlnoWA7SdL5+9CZtSRFIFjqIs/sYPhbAZIwcT0CLDqEo7hiPeKwq5DMLq5t1EOSRBP8OOQWEyrkjQSMlKUIyZahfb+oWxpkQQJ/QY1XEVdi5S1ENCBuPVdmD4QQ9UtU2TXcRSHFUvZJkse6TKezoKjmXCpPrv8bbMNSYqA+9T0aPlOLToeRQqmcB2h5o6JvpJRrni2LnX+9/Ps3rhN5CyjfWrb+3NjFObCf9DRC+cnbx5G9xPYdvK8kU9dkH8IkXXtIlFl5IzZJ2PKUHhG9+hxdDP+OTHiLCuWzlZSuGbJmIbNBhrpcQ9cp9sqhfdeEl2NBDX6nAe5CLtS3mbzMs9jToL1gEG1rmNIVqSFP3l1UbisIZahvCX0gJ1rZwt4gZVhC+csXbg6tPFe+iuoheKskmm2CFYqP41nv5SwHhhGKoGVJD6k1SSQWSGa1INYKvgmiKcNMyOVTVTIvJ+SlIO2cyP3UdosO9ke4/aCvilFgMk/zjnalIsvUpNpIMrY92HypR0Yn7eDpEpaQoyTolyeI/kw30Cz4hKeuZZF19SfvZr5QmmTpL3kqO99vcUlKQZGpZ2X5FkswG76Iy6zt+fMecJIQk2XoWm0mmqTL0hySZJJmtJJMiSSZFkkySzHaSCWEJlo1RsHi0tjGWbxXFJ3bF2iYZwSiBITZslGAiG5EyJNNYWAIcXWCZ8AfkIJDncfR7PRHHrljHJMMYqQkMsWGf+BPaiNSZycibSzS6gHmMAvLiO8DfoYpSIoxdsa5JRo4BB1Ljs+arkqxQksxMxfisNokuYPpldvK1vrpnffhkeAwdKKn3upOFZLmSZGvd8UHfNTfVdNs0OQz+cDr6b7H9X0MmpBTJ1oRIkinm0QVwWAIaXQB/EWLe56vlnBzo6xO/Qf8bPl2V7VaCvgbyaYlYYldoXGQFYzCFtUKyKOJ7mIaHiAAjY7mzvjfeXuGebLfG7iV/8QEoqEr1exR3tsY1RSx7xSgjhh/XE8nMogugtzD04BEw4aOT2MkRiqGpLvacxsEKRJLdBfU36PvqscSuUITICjSYAqDBFNYKyaKI76GYhYeIACP0oW5U7i5Sbjd5mfOa4KLi6kZfs9LYWvxjQwAKqtK0f7Lj4nfZB0JMyuYrDosyIoYgWV8kM4sugBbcevCI3NCH+bgTrfTMwg/CWfKAB4Bp/LkCy7EruKv6yrVEsijie5iFh1gdI+8kS0QvaqJy6YvWnZwpwtfdlUWyq7AP7D5mCEBBVerJoi/mDPSHwg4YyhYrNkYZEUOQrDOSmUUXQLOZHjwChz84gz8d0Slsi6k9f/pK/LgGunX3/9o7n9A2jiiMswez2gWt0MFtLGVtxzg5x4oFYoMIqE7A7aFRaElEBAoGu7rkWDCUFOKL8CHOwRRMKTSGtodCD4KmtL304EOooUeXXAJtoSSHQqC9l+7s7M7OvJ2VRl5ZWqnvu9ms5qG3+vTmz+r9cr++dpKzKwBMYXpMNgDfQ4KHUMjRiTfuc9JRhXb+JX+SFh7cz9fE2E/95gQtUtIAgCK4pUFTqxdH4YYVGFsMDCgjYsQUmsw6S5PRzpqWQBeY49q7sd5JezPgB2bnH5IvstfiriS51IlnV2gydoUlY1cIMIUpM1lvvgfLEd9bSjlH5MPtddInRIsDP5zjWXWe3xvmYvuDWkGrYR5AEdzSvSPWuPGl+FaCsUFgnzJi0RZlIGIaK9mZQgAldIE5rlEp6wLoThSAyd7412vucok3mZfmYbArBJjCdJlMle8hwUP0zxFtk8lcwnMnQtiHGNtdGfhNgt1LAYAiuKVl2pnOb6kvvhU6NggcUEbo1wGI+H+rZJaELgBNduCnGfxU+qLecWfa2g3eZAf+nIKxDzR1doXFkxUEmMJEmiwfZ7II3yMmRxE8hEKOyL7vF2xO+ICFs/iddBDb/eCTm3hCXumWM40HUAS31KJr9xY/2xPHFgMzyggFIMCIKaxkW0a2dmZgdp8uMMPRBaDJ5uUm0+kTWOHjUcGlLa6L2UzIrtAV2BX+UnqePVPiwRQm02RrMSZjfI8+OYriIRRy5B+uBJGk3dtAbFKE3r5E1w0QQMFOSWnZespT/8SxxcBXRQACjJjCStY1SoXkJqtljUPZ8FG6gMxkltRkPlELmCwJu0ILyAoOB1OYrkqmyveI4iEUchR+1smKTW4yEJuuy12nuXXJvcsaD6AIH0Vw/fVN9wm/mRxnMhIYmAxGTGElKxsFO7nJzpWMrmz0KF2gfyX74wfz02CdHTXZUNgV3gt8mMKoTTa7OASTVep3e5hMIUdRPIRCjlqsUgTTxajJQGxvpnjjF2+xRPbhPxP3subZcH+1wkMymckeCNNFnjISiZg+k+n71eTzxXa2aEh/kRulC8DdxUglsxiz4MUR990W3JGB2RUWY1fotBH7vAhTGLXJ1vLJPbZrLqz2MJlCjkQ8hGKOwgfdvBdKTQZiewXyt6/o/xiA4tgDUIQmcz8mP30rbA2KY4PAImUkEjGFJuuSMpRQBbt9KB/9R3rQGdIFmMm+jKtkAeW48x09wxZNNgx2hQBTGLHJtpvmbmKTNc3czR4mU8hRFA+hkCMyrmfKZw9JTZKaDMT2PgKav6UBABTck6vkyOyIP04RxwaBRcpINGL6TGZtVN06lHDbo2h0pIM7EboAewqf0AWkazJyx99532MWcBZgd2QI7AoRpjBareTMelKPLc1eyNzqYTKFHEnwEAo5Infx69/XCa7i8+9jACxi7ODxjAP/NvMACs5kpC++sP0OxhYDA8pIJGL6TOaWsoKdbBe/VDK24gaHdAGaWZ8uIN9dJCeOVC9lE/gYdoV3sSK7gsAUNACpGJHWM8uVXEKT7ZgN2WyxP98jzJEED6GQI2uOPd30OJZy9Ao0fySVxv/wiwAKzmSeba7Fm0wMDCkjr0bTbjKJyfS9dimJy9rn7OpGbANt+nCwxegCNLMOpQtwlYybKziUIaH9+YF0lew/Haopsis0GbtChCmMVI92zYRbH7nKhcw9vcc5mUKORDyEao4c6296zT9X9XiGOh/bP9wONv0EAAX/Q6cT8EgUGFsMHKGMwIgpNFl5o1qyC+1Teqxo2zXjuF8Mjy7An/32pAs4zz/e3OzRpyMxuwLCFEaoK+6KaiGRyZbN3dX+x+hnkyOLXNO3/UoPNkUMgGKOPySTfl2DwIAyokzDGJfJ9M5G27VKoVgb0GjtarFgZ117dk+xFBzOG1dnV8CIY+tPeGcpX2kk8FjdbGbWx5Yj50wSd/5J3+UUDCynjKTXZHr50HBtls1mbbukLJu8IFuoGvsdfWyaQHaFs5rLm4unXZc18mY9c32qctRZuf3RGH4PMWqT6frxISlMtWKxoKxisVZ1S99+d5xvfBLZFW9dztVNc22nsTToYqzRzJuzC5kVZ5pyZLXYhsaUm4zQCrpbe/uDzBY39rY+PC6P941PJLvi4komV6+YplmZzatrlrwiv7C0fW/KcvRsZkadpzbZJptMTSi74sp7d5d2GzvNxTVlLdebC41cZvv6m1OWI6t8+/7Nn3U0GWro1ezW5son2wPNFi8/uvPuujOFuZgQSAaaDIVCk6FQaDIUCoUmQ6HQZCgUmgyFQqHJUCg0GQqFJkOhUGgyFApNhkKh0GQoFJoMhUKToVAoNBkKhSZDodBkKBRqCPoPvy/wYL0XaYoAAAAASUVORK5CYII=" alt="global vs replicated services"></p> <h2 id="learn-more">Learn more</h2> <ul> <li>Read about how swarm mode <a href="../nodes/index">nodes</a> work.</li> <li>Learn how <a href="../pki/index">PKI</a> works in swarm mode.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=container">container</a>, <a href="https://docs.docker.com/search/?q=cluster">cluster</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a>, <a href="https://docs.docker.com/search/?q=node">node</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/" class="_attribution-link">https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Findex.html b/devdocs/docker/engine%2Fswarm%2Findex.html
new file mode 100644
index 00000000..49fa8156
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Findex.html
@@ -0,0 +1,10 @@
+<h1>Swarm mode overview</h1>
+
+<p>To use Docker in swarm mode, install Docker. See <a href="https://docs.docker.com/get-docker/">installation instructions</a> for all operating systems and platforms.</p> <p>Current versions of Docker include <em>swarm mode</em> for natively managing a cluster of Docker Engines called a <em>swarm</em>. Use the Docker CLI to create a swarm, deploy application services to a swarm, and manage swarm behavior.</p> <p>Docker Swarm mode is built into the Docker Engine. Do not confuse Docker Swarm mode with <a href="https://github.com/docker/classicswarm" target="_blank" rel="noopener" class="_">Docker Classic Swarm</a> which is no longer actively developed.</p> <h2 id="feature-highlights">Feature highlights</h2> <ul> <li> <p><strong>Cluster management integrated with Docker Engine:</strong> Use the Docker Engine CLI to create a swarm of Docker Engines where you can deploy application services. You don’t need additional orchestration software to create or manage a swarm.</p> </li> <li> <p><strong>Decentralized design:</strong> Instead of handling differentiation between node roles at deployment time, the Docker Engine handles any specialization at runtime. You can deploy both kinds of nodes, managers and workers, using the Docker Engine. This means you can build an entire swarm from a single disk image.</p> </li> <li> <p><strong>Declarative service model:</strong> Docker Engine uses a declarative approach to let you define the desired state of the various services in your application stack. For example, you might describe an application comprised of a web front end service with message queueing services and a database backend.</p> </li> <li> <p><strong>Scaling:</strong> For each service, you can declare the number of tasks you want to run. When you scale up or down, the swarm manager automatically adapts by adding or removing tasks to maintain the desired state.</p> </li> <li> <p><strong>Desired state reconciliation:</strong> The swarm manager node constantly monitors the cluster state and reconciles any differences between the actual state and your expressed desired state. For example, if you set up a service to run 10 replicas of a container, and a worker machine hosting two of those replicas crashes, the manager creates two new replicas to replace the replicas that crashed. The swarm manager assigns the new replicas to workers that are running and available.</p> </li> <li> <p><strong>Multi-host networking:</strong> You can specify an overlay network for your services. The swarm manager automatically assigns addresses to the containers on the overlay network when it initializes or updates the application.</p> </li> <li> <p><strong>Service discovery:</strong> Swarm manager nodes assign each service in the swarm a unique DNS name and load balances running containers. You can query every container running in the swarm through a DNS server embedded in the swarm.</p> </li> <li> <p><strong>Load balancing:</strong> You can expose the ports for services to an external load balancer. Internally, the swarm lets you specify how to distribute service containers between nodes.</p> </li> <li> <p><strong>Secure by default:</strong> Each node in the swarm enforces TLS mutual authentication and encryption to secure communications between itself and all other nodes. You have the option to use self-signed root certificates or certificates from a custom root CA.</p> </li> <li> <p><strong>Rolling updates:</strong> At rollout time you can apply service updates to nodes incrementally. The swarm manager lets you control the delay between service deployment to different sets of nodes. If anything goes wrong, you can roll back to a previous version of the service.</p> </li> </ul> <h2 id="whats-next">What’s next?</h2> <h3 id="swarm-mode-key-concepts-and-tutorial">Swarm mode key concepts and tutorial</h3> <ul> <li> <p>Learn swarm mode <a href="key-concepts/index">key concepts</a>.</p> </li> <li> <p>Get started with the <a href="swarm-tutorial/index">Swarm mode tutorial</a>.</p> </li> </ul> <h3 id="swarm-mode-cli-commands">Swarm mode CLI commands</h3> <p>Explore swarm mode CLI commands</p> <ul> <li><a href="../reference/commandline/swarm_init/index">swarm init</a></li> <li><a href="../reference/commandline/swarm_join/index">swarm join</a></li> <li><a href="../reference/commandline/service_create/index">service create</a></li> <li><a href="../reference/commandline/service_inspect/index">service inspect</a></li> <li><a href="../reference/commandline/service_ls/index">service ls</a></li> <li><a href="../reference/commandline/service_rm/index">service rm</a></li> <li><a href="../reference/commandline/service_scale/index">service scale</a></li> <li><a href="../reference/commandline/service_ps/index">service ps</a></li> <li><a href="../reference/commandline/service_update/index">service update</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=container">container</a>, <a href="https://docs.docker.com/search/?q=cluster">cluster</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/" class="_attribution-link">https://docs.docker.com/engine/swarm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fingress%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fingress%2Findex.html
new file mode 100644
index 00000000..ffdaeb45
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fingress%2Findex.html
@@ -0,0 +1,66 @@
+<h1>Use swarm mode routing mesh</h1>
+
+<p>Docker Engine swarm mode makes it easy to publish ports for services to make them available to resources outside the swarm. All nodes participate in an ingress <strong>routing mesh</strong>. The routing mesh enables each node in the swarm to accept connections on published ports for any service running in the swarm, even if there’s no task running on the node. The routing mesh routes all incoming requests to published ports on available nodes to an active container.</p> <p>To use the ingress network in the swarm, you need to have the following ports open between the swarm nodes before you enable swarm mode:</p> <ul> <li>Port <code class="language-plaintext highlighter-rouge">7946</code> TCP/UDP for container network discovery.</li> <li>Port <code class="language-plaintext highlighter-rouge">4789</code> UDP for the container ingress network.</li> </ul> <p>You must also open the published port between the swarm nodes and any external resources, such as an external load balancer, that require access to the port.</p> <p>You can also <a href="#bypass-the-routing-mesh">bypass the routing mesh</a> for a given service.</p> <h2 id="publish-a-port-for-a-service">Publish a port for a service</h2> <p>Use the <code class="language-plaintext highlighter-rouge">--publish</code> flag to publish a port when you create a service. <code class="language-plaintext highlighter-rouge">target</code> is used to specify the port inside the container, and <code class="language-plaintext highlighter-rouge">published</code> is used to specify the port to bind on the routing mesh. If you leave off the <code class="language-plaintext highlighter-rouge">published</code> port, a random high-numbered port is bound for each service task. You need to inspect the task to determine the port.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name &lt;SERVICE-NAME&gt; \
+  --publish published=&lt;PUBLISHED-PORT&gt;,target=&lt;CONTAINER-PORT&gt; \
+  &lt;IMAGE&gt;
+</pre></div> <blockquote> <p><strong>Note</strong>: The older form of this syntax is a colon-separated string, where the published port is first and the target port is second, such as <code class="language-plaintext highlighter-rouge">-p 8080:80</code>. The new syntax is preferred because it is easier to read and allows more flexibility.</p> </blockquote> <p>The <code class="language-plaintext highlighter-rouge">&lt;PUBLISHED-PORT&gt;</code> is the port where the swarm makes the service available. If you omit it, a random high-numbered port is bound. The <code class="language-plaintext highlighter-rouge">&lt;CONTAINER-PORT&gt;</code> is the port where the container listens. This parameter is required.</p> <p>For example, the following command publishes port 80 in the nginx container to port 8080 for any node in the swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name my-web \
+  --publish published=8080,target=80 \
+  --replicas 2 \
+  nginx
+</pre></div> <p>When you access port 8080 on any node, Docker routes your request to an active container. On the swarm nodes themselves, port 8080 may not actually be bound, but the routing mesh knows how to route the traffic and prevents any port conflicts from happening.</p> <p>The routing mesh listens on the published port for any IP address assigned to the node. For externally routable IP addresses, the port is available from outside the host. For all other IP addresses the access is only available from within the host.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABGkAAAH3CAMAAAA/nvINAAADAFBMVEX///+NxOKDv+K3x+DP2eoAoqIlQ1bM9PTo9v3/4pG02e3X7/aG1dbr+P6WyudSu748tra+3+/N6Pf/01a/zeP///TK8/OjZFPU9vb/4o3/1WDe8vrK6vG54+m65OskQnL0//+04ef01qP/1FvO2Org+fml4+Wg4OGT0vN3ys1wx8qR2tuh4eKA09MXqKgeqqq21eZgwcQwsLHG0+b/4IfG4/P/2XL7/v69y+K5zONUQ1XQ9v8kQl/W6/gpSVqz2t2Nxebu7cEkQmrI8PD0+fv/2GvM9OvP2eDE6+1pipao0utbe4pSnNWu1u0iWac/XW3D2epjQlWh0OqFW1RFZXQ3Q1bX4u8iU6BJRFZjgpDa7/vR6PUxT2HA5+h4st5ykJ7///r//u3/3H8kQ3tUdILA9PTh9P3/99Lq+fqewMinzdGi6PXK1+iv1NdFls9NbHzRo3SXvMPGtpokQYr56LODY1Sqjm2Lr7f1wGu94+V3mKMiY6is0dQ3Vme43+Dk7/eczel6hpCZWlR7nqnj5ObDz6Do9PqiyM0jWnD/+uCFqLH/12TN15PM7s//7cYiXpzf7Pbu///Q0cPc+PisnHXj//+UuL5Eisa27vjx67z14pHS3+12x+mu6/iKj5Sqn5Rcp9m/yNU2gr8jUJXQlF+PcVfS1dWze1fx7uzyz5y9yJTNw7KPs7yZprSAo60jU4a2ur+Tt40ibrOIgGuETFTmx4yZr8a1roPM8eBsr9tyXVZxUFWl2/j32ax4dWnbtYHM5MJxQlWvwtA/RFa+pIXCjGGGl6qdgWUed74kTmvH1rDJ8/+Sj37t4ZFzu+WkcVPCxsHB7f/ix6iPlZypqqdakIPt2cP36NanzudZiKtslrXfp2RaV1eEoL61vKREfaVkdn/buZCExO2nwJAkQ1p5o4jk79Tb3ZEfbnnZ8uhhnc5VlL9UZWdAf37rtGc9bZb85Z6lo36I1fGDtNbE39Lzy36XvNykwt94rcg0YH5up7UFmZsTiI2Y0OGs5eJKu7wIIeN/AAAgAElEQVR42uxdX2hU2Rk/1XIoFIXKDnnog8M8+dgXGYyzRUJAKOJfsgYXNjNYkuahYk200DxsR0Jp+pA00aB9MNGoMSErCVYtuyYbTP2TJcXEKJnVElNLX7SCtAtKHwr9znfOvfc7994ZR9k73km/H6w5e++Z79z7+873+849M/ccIRgMBoPBYDAYDAaDwWAwGAwGg8FgMBgMBoPBYDAYDAaDwWAwGAwGg8FgMBgMBoPBYDAYDAaDwWAwGAwGg8FgMBgMBoPBYDAYDAaDwWAwGAwGg8FgMBiMd0P2SFMzFnJHBgauH9AHlwa9skH3X16Z0tKDgTszSSwWoF5rL60Gn7yzJR0s+xrLjj0YuLwhcNiAmi08dFvLjQ0M3NksQgxUFbl4GzYv0ZEb9CRlsarJZVQV0qOybk51rqVaqfCJ6nR3sSjX0P55XB7CQuI2nhtXHzqMxY2n3VqJY3jk/FZf2deY6LqK5z73HTagZp9iuU0Z6b6J5X8mAwaqidz0VAOWe5orQG6IJymLVU1upHCl3yfuPtX2UqRKJZc/Dmi2COaZI8WTOBH+ELEnmYeeLZKWYwfobBtVT2uBWHi8cFTKTdjHe2aeNEo56VbrOi7lDixBLLxcgH4+K8QoxMTMIHTVfqIR461/knJnr132NZa9BI2N3XAacA4bULPtqnxSyitJFY76Cu8FDMQVYeRCObO8cBdvKXJyg56kLFY3uVHCkX4q6CGq7aXI9lpXnKlma1kgeYaWA3mGCH+I2JPMQ88WSctxQ5diEvsnXPB6YPaS3N/fdVMOAU3dewwBgEXFDwZDd6M6mj4sD26FuDgPYZDCAEK07JEdcASy9t+tsr+xdqS6a5+cTdPDBsQsdPrzJ5DBSdUyWMrVyI6kbSCuCCVXTMu6STzkDuOiIzfEk4TFqiY3Ws850u8Td3/+dVMk0Ff32RPIIactzTaOs/OMW/Y3RoQ/ROxJ5qFni6TluCFxXJr+majR/aq7MXMaLvi0ptnJmCnUSqRjWradUPW+bOoHTmd1BDi0pQw1t+VQmpZ9jYFlzNSjKqLIYVGYWJsW1Cw4RjksdxUaB07POFdFDcQV4eRCL5kVFmsRkmt5EsmlLFYzuZHClX4q6EHVJinygtx4H87VyrOWZruDETfP0LKvMSr8IWJPMg89WyQtxy8Y6l6lnGDQWRUuOTd8bp2683k5m3T0dOXZvEPHDjEyvH2d5lfd5ZR3ZynTOS9Bh6VlX2PA9xA2Vgv8kMMQLvt7LbMttRkTKh3JFnRhYl5JNjUQX6UJI1d09u1W5SmZmYycXOpJQy5hsZrJjRKe9FNBD+RfIu6gQjiCufW39ZZm63okz9CyvzEq/FTscwsTHwor/5KzxdJy7L4aGV4ndP90nhVbvO4FSn7WmYv6rhMt8OcxPq9+o1kab4WR2/l+d4SnpF1FSUeSln2NOZGH/HiHHaUhZp2IAr8lc/Nm4LnGNhBXlCQXRMUZMURJLvGkIZewWM3kRglP+qmgB/IvEfcp+JPoHP4IaSOa7SiNm2esnONrjAo/FXvzAE0yDz1bJC3HU8GRrNu678LozsgL3AcdPXvBAHhhpqMuyB+r/z3jTgI0YCX4aNtWWvY1FujL5hrESOenwjILJ+acYBAtekZuVlRPMBQjV039nq0QuY4nDbkei9VOblTwpD8g6DT/khSZkuODjer7xK2WlNsTvirPBHOO1xgR/nrqglGtNF7msRxUJC3HOBhAFetah4+50+LQPeWvRWgwrDSLwg3VS+GJsO5XfyST3SD4cmX7GHy07QQt+xpz5ipy+3xK486zOWbbTaSNAnlqwv3lQK0Kw4CBmCuNn9wsaE5Hb4XItT1JWKx2cqN88tUOCQq6L/+6SgP4qkE7y9NsN6t4eSaYc4SnNK7wW0qT6OxcZ+VfOxUUScvxDQbzbZk0w7qpRpy6CguGNvMFxyZg3cyXnXKn2W8aI5ADaLlI2q0NUxpq1pNpNaKU26D/X5J19wMGYq40PnLhHvAWK0Ku7ck0YbHayY1eaQKC7s+/ntJk1ovsLTXhQjTbGQaRPOPPOaQxIvz1IWLvZR4rFRRJy3EOBrH05a5dj5/V4L3B9Wf2inClGXLuclRmfN9RwfFbL3b99OtRPELLdjDMF3l6Mk+untkpN1J3/uy4bll9KGAg7kpjkav64lBvhcj1eTJHWKx2cqNXGr+gB/KvpzSf68m3nb1Es4X35ZObZ+ycY49pXOGvD4o9yTw0FRRLyzEOhuwIDtHasYNPS3nwviiiNDjTlbsKd9moNXTKG1DWjwg9gzaUFglS9jVmuGg3j8G+MQ0xC2ROahceUtP2+BBRAwNPv4GYK41Fruq9z9MVItfvScpitZNbAaWxBT2Yf12lydzXSbKDSrlbjeYZWrYao8IfFHuSeejZImm5N8bBMC33J/FhsK1fXJOy50QR7qflwTk9IpxMmS9qL7h31nUTmYEouWeV/Y2NOk+rJoospaFmIbsf0pzuUAk/qQ1uChiIudJQctWIZk2lyA14krJY7eRWQGmouIflX28eDp11DWSAaraZYCN5xso5dmNE+EPEnmYecrZIWo75pOUakX2qhoHQ9eR/hxU+EmIxv5yk3MOtdRwQ3TfgyRW6e9tm/Mwp0TWY/wGO3Ht+KAr71FMjLTtGnMbUL6KaxaLzG3xXabAeNasGm99R0/nQ6cHRz5OicFQNS/0G4j8j7JCr7qhjO7KbjJzcEE9SFquc3OiVxhL0sPybcn9P81zH+BVLszVonqFlX2NE+EPEnmYecrZIWo5rMMzpEbv8LTyG9ig2HOxXv/fSOdUdTz71njNHTRG6u/kq7pr5lnabVXaNuNPj09J6Q8McNvWIWeVDxFn9xo77uofPQIyVxkeuc0OKwcjJDfEkZbHKyY1eaaigU9XW0k9S5AXQ7HR2WtFHNVvXo3mGlF0jjveJ8FOx1/Vo5iFni6XleAaD7lFd+Juxx/2C9M+OZML5VXXCHQ3iz6cPfo3Pn1+oWo+avfdzFtXPCsZ/Iqyya8RtTCyqF5pfbrCvwannmYXLugjFzDdpfGbGLxNfhxiIr9L4ybWUJmpywzxJWaxucivw9ETEnar2qPS+yqCvz6ufLlDN1vVInqFl14jTGBF+KvamHs2/9tmwtBxvjJgv7t+EbGfnp3oeMqs+85vAybBywJclztlmoexMpec6O3+fLsMAk1uKG8ri6iA3CqU5awu6pdopT2mMuOM7UPJRv63Zpp6XZ2g5RZRGN0aEn4i9U4/mX5IKiqRlRnlgrhjxQLZczSWphGp2MM+UyjlE+ANib2Ue72zRtMxgMBicfxkMBoPBYDAYDAaDwWAwGAwGg8FgMBiMiqFr8HrybestPtgscg/tz6ljxVH6LEU2zeSqDek2l09fua2sMnKjRLn9ldRDL/iiouthSc+UHxX1q4DTUVyO9q3qJY7Lf/s/h8eKovRZGgpPV9UiKu9KLvyzqXz6ym1llZEbIcrtr7QeesHnitKeKTsqChfjuULN2yFV5opepF6iBtcisFbNSNSU6sWlzxK0NK6qYHhXcv1KU5q+cltZZeRGqTRl9ldaD73gi4rSnik7Ki7EdIWaygRDNv0WrJXNqXmv//9daUQ6Lb59pVll5MZRaXxR8S0pzXRMVt1LFyYOLA3k72xQL6TnX6dFbmEG38QoTMzoVTOyfRNq5+Al3ItM7zezBFWvNyMZV0YG800z7q0UJr6/iNbUjsRr084fUk+n3QV1LjE2kG9q/R4em1QXofc8zo3l800/0m1DjeVn8y6nxDxuapxv2qLb+GBpoOnnh9VC9Oti1enGtnQ9zOdfqdVn8ncUcxO7Dae7IyMX6n1YDrmiAC2t9fqzRa53GbElN0q8MSoKEx8I9Jh237mkxywQvhfcvfyxYwwYVFSjI4njaD30go6KAnSY3+3W/q8/Ak44YPsjEBXUPI2KpYnOwfxy3005bjrbe3+oRGR+uQcXcU+2S73pqrs+j96jCuqplS6mZOZ+9pb+xF5nKyxv83nHmlqC2Txm4h9SD4MhpQ6at+vrJs2OIwC1mtkf8ELkSi/uzGets0rNi1SDfpm233lbPoP/zsVrWKJx5SRe4BkxL8/36keRe5GRi09PbybXXf/GpDyLXGff6W0xJve9RsVfsZDCVRmyNfIUYdYl/BNfLxjfajmO1kOlwagwXjmVdD+mVuRLeN0iEBXUPIkKcw9/hv/+MRuPoZ786rNBfNn8yRdSTuZqcLcs6KlmPXe1+noa9xDGXeSvJHFP4jHcd1jd5Mo5tUt92rW28XUf7hJskqXh0K1nlGan2h6xbnn4VgNYVB+rW36yR5GnFhlaHtYb39+Gi+o7RpSGmO9ugH7Qdxc3Hlbm/9O4MtggH13vj5vSPJo4qpaZaf2XunuzEeI1Z4GBKMjFf95MLhC4sVUt9e8oDTGvmO85d6RRNxVTct9rVOi9Bw5j91MraRJmkfBfjNW6O45iL9h+Eh1JHEfrGUfuTIKtlzN9Fx3iVyaOoYNItwhEBTVPokKZz7yom7goxy9viQenbXP/Y+9qY5tIzvCu1Q4r06RnSzkqQXVufiD6rd4pWvUgEs1ZSpOcuco1HMSAbKUKVKI0LdyfIBcHRRF3UrmkiNKqh0rgBEGtIaIE9UQogjapWlA41IqvVuJD96Pl+q+Veqj90Xdmdndm107WcbzJTnkfJI9DJq9nnpn32fnyvIyy7dYthI/YhT7N4jr3CeuqN5Dv/AEyA5weNRnpLCQ0vbenz74JFazRuwZhTn8+4XEGO5+jNNbF2FfAOryld+ayOHzgIj9hD9x1x1iEHZOWTSiNY36KtPFApLxNnmi5RPgu8GcFoz2RjkumyIYRYG03q8fR4MilL/7kQnHoRbg7rtqzJ9k8MA8PVRp3moljOMldUq/IU82hF12x5ttzWGLWIhIIs26QtxroiucRIedzlKaZxeGFRnjP6jzQTvsScrco8wrZvOQVtN1vacnQREcQAfp4JFcrom9uygnwyW9PnqJzAOiBbbfALSZzyaT5LuOlZ628Wmjf43OFhYuWncHJJ8Y0U2Td/ZcSdLdfhAPYDmO+84lkMgl8rrEuMRNrkZL5nQecu8mO27edhVFpGK02x2wgt+cwffJMBkcue/ElV1yMLpTGMX/GuRuU3k4bUnKX1ivoAPQQvRqLNt9RD7MOkVYvEA3pVhp3e9IXMPD02jBbHHZiLew57O4WHq+QzOclrwDzu3lBN4RJaZoZK3xf6DQX0cdA9NatWzc+abpJjucvtP15c89hTooN2gtZLZyrb+0F8cvAhtsZnHxCabihrn8n7E5u/drG8QmuxmKVXTL/Q6vjs4+2bjsLpdJcd4rNKr13IxtavD4SHLkWwz7k0ugu3JpQGse8/RzkHxVScpfGK/IH1m3d+tuetTQAwQR58Hty3JJ4h1mZSKsX7EuIriorjbs9m62Y6DBzo8vEloI0s1+LblHmFZL5HZJX2EIWIqVZ45SW/9AMw3A2qH+X1W03iO75r23c8/cLZPVpKPzejXatWS8c4UZ229ZmNIcdVsPLnEMnn1Aa7fav+HLpiFUIjzO82seX31xKY5v/9QXyjqQ0jOswKo3TVe39hRXkBBt5B0cu/zg/cuEh/di1lyqbf2QtfNLHamjJXRqv2MFaqO066MvkFJmZIOd/yqeoDrPw/h3xmOGjkiN2Q0oNJ+cTj4z87/7KzBTtXk3bQO4WZV4hmX9T8go7Q+iUZoPDKV32Ok0XEm6PU3wDBvs9P4dp/2ly7xI5xojJmaaZS5qWJ9Hx5WPXc/EMOXnEIuqKxaGdT1IaU8ufosHS17idAWahzDxdiz9ScUwD5sE12UeyMOpW84VRaURXtUoJvfWPME0KkFzrUI0PufC+TGkc8xPWwP+MELVnU2nKvSLP2u1aA8yZ7r9Bju0l527wpXiZWYdI6XnDG1JqOHd72koD86Y7v/gNYdOkDQlH7eVu8bpXaRzzeckrFFAaHsRzUuTJ0221GXY3PFTysrXh10dO0ggzx5hCi6UEulFCI4UmrFH3FOfQyecozZvfZHasma3kDKx9Dr1MtltmaQ7Naz65wo6oxZqPO8PLIRzTeJWGblKI2X4Q5NIXf3Jh2sYInJKURjLP/gbeW07wjEXmrsYr6DL+niPsNMFjzcWsReRNEaeCRXyjEdY1qeHkfI7STPBd8Cl5Le6FtXK3KPMKyXyT5BVCafaFVmmgEu6vXPSxsyD0v19letlW1GiEGRr9l5y7rh26ap8yoIPI90x6JmSG9vwniaZHxFqSsfM5SpNfQd6OMzuyM9AGPGHQi93bbkEr9sTY8QFpl9s2D4Y/HKGB12CIarUJ5H8yFHalYcu/j4Mkl774k0u17UlC4ya85oHJF6Jaro+IlYXwkbvEXkEfGSdM2px0kiQxy4jUOJG2FJyMa3cu0YaUGk7O5ygN2NmeoHb2yWMauVuUeYVsXvIKW2lgJtySCCmnlILjcqbL5AOoBQ1PM8kfnixMDfTWZk8Ic2e6SmPdXBAnw6R8YvZEH+OZzfRRLjtD02krrM5u/kmzmr9pvY84PszOKk2GXWkue8K01Z1c9uJPbu6m5+SeZF6cBjwSXnKX2CtgwGdFs6QjVIlZF5GWFDgNKTWcnE+sCMPv2/5BpJE624KSukWZV7jMC6+wlabZPYYO09oXZa/NFXMYZPQoexrzieedN9hpyDj9s7dv0AXxqLDWQRe07tOj24fovODkv64yZ3DyWUoD/5ljkdNodBrZGbTc9+nyV9s/KTm3L9EMlyRfE+b5sclzd8XqO4t8syZcSuNap+HR3C44h2mCIZfvlfiTm6cHl3tuSEojzFuRg+73hpjcpfYK/rMdDl0wC/n76RT5wxGnF/TQBjqXotnuOA0n52vmjwx4ucNOZ/+hURMrwnQLSnSLMq+QzUteYRebik9ov2PZ5yeC7qgyIp4NrV1OhLCBbKZWKR+HmYMMFS7PaBoUgWrgr9wdQDJfHvKsKZkM/SUqVmz2MJCbHxwcmY3c8mhBKpC7lF4hM9skxwGkkjFmxwh0N1yTN14gb5X9/t1Cm818uVckk2G9oWbvZtdCgi9y3meBb76FPWqqK0tYH5dTVV4Ig+Sq7RWuOXSQYwpf82FttitsTT2w3hqwM4QcLFryDJKrHBbiFc3B7v40E0WvuvoLIetqXfnzXMJUd2c4oLoz0O9Snkgguc+UV5yZ3yg2ZOaDQ/5Ho7XvZo6NBSqvAZsPHrnB9z9mIrnPllfkxgI9HhCweYSiUoMUIBAIBAKhJNrb28eQBQQCEShMQkgJaUAgHIyVSqVBpAGVRhm8XyqNIwvqucQg+MQo8oBKowy2EPItZEE9oNIEgtHRUzhSRKVB4JgGgUqDQCAQCATCD7nR0VGcPSEQiIAnpbgijEC4MDY9PY1PX1Qadagdn55GahUErgij0qgFXBFW0yVQaYKhtX0Qv42ASoOQxjSFQgGVBqEOBgqFLcgCAoFAIBCLhPHxcVxnRyAQwQJXhBEIN8YGBgbakQZUGmVQGhhAahV0Cdx7QqVRC7j3pCZQaYIZKo6NJZEFVBqEUJpMJnMKaUAogz9lMgPIAgKBQCAQi4RSqYTr7AgEIljgijAC4cbgw4cPcZ0GlUYdTD98OI0sKKg0uPeESqMUcO9JTZdApUGg0iAWZ/aEa5cIdVDC2RMCgUAEjSQ9E6ozNMK7qK6nIUnpeickaV2PQtKo6zGeqwX+AJKspg1BMqxp+yEZ0rRWSMBQFhJT01q4rZiuF4WtTm6ryG2tZ7ZMbouaXM5N7te0YUh2yrZ0bssq3l1uK8VtieJRW3Fuq9VlSxSvzJZU1buzV3Xnwqra6K1qa6WqJueu6mwt0TpLS8S9topzV5UXz+zv6vpI2Frurep6UdWoU9VUPaqa9q9qdo6qmo6tWKWqFsurqjUIW/t5VRsqdLpipU7nrupsnS7r3+lC7F+0lEN1PC++P2rXEZUGlUYzyQfkHioNKg2vakpPDddrQAN1LDYYRoRhvWEYnZFIIyTFSKQISWMk0gnJ+kgkZbBcMcNYCUmLYbRCEjeMOCSthtECSbdhxCCBjFGepLjJtGMr7bIVNYxebrKbm8xCknXZ6q1gixfvo9cymVGreDqz5Ve8lXLxqqiqKF4rNxkvK97QLFUtVlXVeJVV9RRvvlXVRVV9W2KIEHJvni3hV9WKxXPbqlen02vodPH5tIRky9Xpuv1bItVVeK1DHf+i5aJanK7XmCbG2UgVO2PxOJTCaHUSqJ+RdRIomhF3EviTXpFAeVfypBsSQ04kW1YS99qCZKiSrZVeW3HZ1lfBJ675FK/XZbJSuaooXsWqDlVV1Wx9qlpNS9SpqkOFQuEt/6rGq6pqb1VVnXen65270y2gVefVEnNUtXJLdBHyXWX8q6UlaylTPVQma5oNvevT9APUwy6qNAYCoQq40iiFeGfRaDCTMXNhQtOiRxVut00dHR0vYfdFKINSR8e0iuXuLbL1n9oxrOtsQqcshuAfAoEIFukIW1VewAqNzlaJEAgJWzo6cE6KcE2hIpHG1gUNapY3RpFGhHucSL/3hDQgZMQ6jYV9c0jt6u8qFAr49EWlUQcdhUKXqmVfwJKwqSXVbrd23HsKQmkymcxFpCEQKLj35CBp7qx5leZurFvtMQ0qDQKVZnHQkmZHhmtCWmfnCtXFpv7+/l3YfRHK4GJ/v6oT01SEfVWhpsmTrkdwPRjx/4LVn0PUC6sqjGki7JtSNX3fKVqMzHY2eNUnEXXDShe1nwh9eZ8+ffpADWaXy8R+9uOIeuEz5ZLQXYxma/5a9+wLwp9GsusHt9J8JfTlJYT8TQ1mV6HSLJrSGEZD7ZtPDYorzX/AJ/6LSoNK4yjNl0OOg4QcDHsZl0Bpngs7XgSfeBDuIlZWmnCX+eDBgw9C3/bPVVKaLy0LOejeU9jLuHpWpTFrPFKT7Sym51KaL4SdkmXfAaX5driL+MVKSvPiMsSC8XlUmsVVmmKk1m9ZxnR2743CSrPt7NmzP0ClQaVRRmm+d/bsj1VVmsZnWGkUACoNKo1iqL/SZFPpTlQaVBovns9kMr9EpUGl8R6oibUMB7MiHH6leX7btm2voNLUGa8QQt5CpQkEX4ceq6rSGEZQe0+LrjSfOrxyeBPgZ9ViFHziYlU5/8fe+YW0laUB3JrDWchDIBIk0B3sw/FduASj6CI2cIsdp6nF/plC++AyOMvdDljqwnYXlQXZtzpWpg9CnbQ0L65raCFQhcKo6HYRKjQPbalbYftkCzIMtDtv+33nJrbTSUy8yT25f74zMDe5uVQ4957f+X3fufe7sRPHm4k0RJp6N1evPXmENNHh4alZdri2gqQpe5QQ+H8jGT7hc9JEK2u/uXDhwtcVHUik8RNpvjqasLjKHRsPjTuFNNHhxFlggqZF4oHKWxZIs13JgR0RTTNYsu2EP0kTbR2bOjuLzK2gFfBcyYHCMJKgi0QaP5DGE2tPw+3AGc2ETDweqbQF1tfXVyo4Lk8vTSTbjvuONCbEbWwimTzR7GfSRKM3K20r3323UtmR9VNGL5MmkZhlGqAgAuJx6Ou8wsO0CLJGudbUmTTNJmcM7TCqeLgGvggEV88aR5Am2jo5dnbWJoQbyWTsuBdI0x3s73cEaRLtsww4EBHM3rkXYBZPtv3WT6S52T4FstiBQABV1GrdCr4YMdqU26IDSBP9dhJjfsPsiRo3+EcNUQ+GlyJNU6x7zN0ZYQydIoG4wWxvAv6M4iFRX9K0QtcacSRBxdmXw7QPBEdbPO4z0kQTiQ8xv13CKH3RGaRx/drTzYYxCJ3igqlokUCk7TPfkKa1YQqj0ojNEBfyj6i2mnqTplXqosws4nqDqPF/RmF1RDPaws1Emhq09gQzAgGDqWk4JE74hDRRyfCApqBbRRxR0+wj0rQ2nMXr1uaY35C+qHZyLEWaL7snLVbCioWOhOpPGpx340pGg3nqAoG2Np+Q5phKhiNqwv4hjWnitucWmdQmTWnPenXtKdGOw4Epa5FAh8qkcB1Jg7MuRIsqEX7cJ6RpjpomrkQX8e+o9HCvkqZhEoaDpo40BpAm7AvSwGDQFDJcC8SVTr11dZpv22dFQNVlqyHEm11MmqlwMFh30mDwpFJpUPNVhk/1Iw36vVKGK45L60maqOzbiDoPVwnxUqS52DQ16eKM8HDDWUPdKTNniA6FE0T9SAM9K5QyXFMbl9aTNImGWYhphKqeFUqlxqNrT8ca4ArVVJIGw6cTPiDNsXbFPSvUxqX1JI0MTNXNj0JTec3aQJp2B5CmHUljqCQN8wlpGhJg3Up7FuLSz3xBmptyvVSohHhAHcRLR09jky7OCDc0wHhQChocEGHvkwZTCXG1PaspTdTUkTQyMFUa8kcUdq03156iRBob5121o0EmanxBmoTykB+79jiRhkjjQNLg3TSKSWP4hTTqQ36hMNtee9KMNYXDziCNUDogOnxBmmEijZdCfoXJxdo/jeCEtSciDZHGdaSph4h3qFvX8+YqN5GGSONK0sRVkybgYtK0J44eJdIQaSgj7ALSBOpPGuuVsJyTESbSkNMQaZxOGi+sPRFpyGmINE6PnjxPmq3bOzuX3zE2vYCvdkovLDyDTWYha7CtpxM7F9Y78JiFlds7Lzq2FjoyEzuX37P07Z2T24JIQ05DTuMA0kx2x2LOJ80Ml+2OMcqHgoyNcH6FMf0Mv5P/5TVvxK/Y3pgb3vXnTtzcN4g0B128eg5Avd0G24UOE95wHnQkOf5y8jJ8FXoum9m5kIVN+inAO8lygP1n5DR+dJqjRxNeXuWePs/3/pFb4rxxnvMexkY5v27g3kZgzuJ25gF+R9J0ve19BpvHf9tEyrxaeMn5ESLNAdfu9LLEcu8R6MxdCe+WfiR51/j0aZPY15MIdmgt/zV38BsPJMl7yGl86DQeX+WGSz9qLsEAACAASURBVD0EMdNp/ia9zD9nOgyPoX7YOxSUjiPEDD+XxFEyzjTYDA0wATCCkTO/yi8RaQ64dkd574vs5iD/wrjH7wuEN9gh7L1uXOP8eTbXid+h+1//dfUOAmdvYQmh808g+XVBThOwposfQn7h1JC/9qRJTHZ3O54084P85+0A04U5CKZXOQ6ADQieUpn38Htq0yTNHSan5VsSTr19AKdlIs1BpIHOug+bNT7Ut2bCG+NS6LVd6OPP0Xk6oQNh7y2mG3KDMFoE7dmAHienCVjSRcshvwOcJhZumvJwRli/hv3/GJAPZ6qlf42/esCvgOIARfS5nVP4oyTNrY9JgyMBvhBpDiCNeMK7nn+dZJokCMIb49D5wd6Qnsli/2WWJWl6B/bhbfavGClFGnKasrrohpDfr2tP+uZ5OQlcwhCqcYN/v8av/wcmYjZ/XjLoPL+RzFMlvxmBPUSastGTmYLZyxpI81vp5d6nq0hypMjWxFt0R0ka6GmWB85+/5LTHEia0rrISoX8rFzIT/fT2E4aJlgq9xbNhT3hr5Z4zzwfegQzBU4Jz1fi8rr/lDTkNJWsPWUeFfK+M/yLrcGrfwSS38OVvQ25/5RJGqQ2bO4my5OGnKacLpYM+YWDQv7ak2Z47OJFx5NmTV7jZm5gDc7Y1WAaV0YeFiYOdq+I0xBpKiENyExmcxV5Mj/Ysgm9eY+f7OQ9OAUvZgOabkZP55KfaiI5Tbno6QBdtBry09qTzaQB1vNdg6WX8FKf7uQY9j7h6PJwUmA21n/k4KhEmsOTBqbPh+Dx/x7EuBQzmLuS5HeD+eU+zMV/RJpz5DSHWHsqqYtuCPl9usqd/gG4ckpaDNPvcf49ag7eUoNO2sUHMcU/TqSxtPa0+IyxOXQazBJ09SBbcH4F0vzE2NYyJhcORRpymnK6aD3kd7XTDE81NTmeNGJaTg+PfzJDKQh1MW22iwySd5HtZTr5Q8oIW4ie0GBOrUqLQbhcDUq1aZT9ywd/J2/MJqexQprSuuiKkL8UacLBcLeXM8KC6SmYBUSRY9IrqQg7fJFFIo3Z5qTJv2ozx8YdmQ1bDOJVj3d29P5vlN9N7meEf5GnuUFOU2btqYQuWg/5ae1JwdqTKP2DpYfAiTSFlkqlNLMPP+nI1EpAdu7h+pecppwuuiLkp6oRVDWi1qQBWNey68lpyuqi5ZDfAU4zfiQUtPo0wpfdRBpfk4bq09hDmtK6KGTIL5x80VIdYSKNw0lDTlOBLloM+el+GiINkYacxhf1aayTxh2VsIg05DREGic4TbAveNEnGWGhRw48Uo8YRBpyGnIaWnuqkjTp07KEwQEP6z8k0pDTkNMQaaojjZg+j8+7HkSaS0Qaa6SJHPw++8pskZzG004zEBoPW32z3FfuerPcdCeRxh7SrMl7Pqq1RXIaTzuNj9aeTNLouYmJdXmexdbTicvyo0jnJi6/nyHSWCONGJWVC6plODmNJ5KLRBqTNPnC/bvmo91mZbj8w/icSGPRaWpDGnIa+5KLrnaasVg47DrS6Mu8dxvLf1wC5e96sZJ7yc8l08u8RRbzJ9JUQxpUxKxh3RbJaTyRXCxFmv6B/phP1p6QNCO8t0c+RoLVoHF4zANpYOe4rKRIpKmCND9KLcSnkC3aIjmNfclFWntSTZoZM3c5vzrUxwwtlck9AtKYCU2xQaSpgjQjnO+tzK1iNVWLtkhO44nkIpEmT5p/5T8O6JuD5osVk6MmfmjtqQrSYJEmIWt6NuoWbZGcxr7kogOcpn+8L+ajjHA+d4mk2eD87xe2c4NImltEmipJAz2K1YMhLoXxYM0WyWk8kVyktSd50vLvShjhV/9yWhb5xMIe+ZeEXCPSVEGa013jhUDKoi2S09iXXKT7aVSTZn6Vv2Foo/enO3F9cHqZXw2alYXXaO2pGtLk10iQNBZtkZzGE8nF2pNmKhwMuu9+mlEYBTuctwxAxNv1zTeDWCgR33b881u6n6Ya0uRfagaiv5u2aIvkNPYlFx3gNH2hZ2HfZIRbYNqdw1O19x6+LsGHlj8twakSuHNxiUhTxdrTBh96xsQM7wpZtUVyGk8kF2ntaf/+7VQqP4JSqbgo3POdSlX6lgQiTVHS4Hvqf/8SS/hbtUVyGvuSi66+nyYW6gm5kTTFyyZWXnubSFOUNEI6Yu+usGyL5DSeSC6WrIQ1EGyi6p4OfQDfZfVpPjiiJVskp7EvuUhrT0QaD5GGVWeL5DSeSC4SaYg0tpOmukZOY19y0dVO0x3s6yfSEGlq1shpPJFcLFlzryfkzVXuohWEypQVItKQ0ziTNNU2epbbNtLoZ4pUECpXVohIQ07jTdK4+n6a2EBo3NGk+XVdj3JlhYg0lZCmaHnyMjXLyWl87zTh/vBFL2aEi5Omk0hTNWlGipQnF+VqlpPTVEKaokWDhctCfr+tPelnhv4wN7H+Xn4pVA8ySZPO3Z5Yl2UoM+/0uUJFyhTWppT/UqHqUDrbkZvYThJpPiXNreL37pHTVEsa+0J+up/GRtLw1/go2puPqwdJ0oys5p9Rw2Ne4sfrQJMZufNuG0sv5asOiRH5oZFIo4g05DTFRFy4LeSvPWku9g/0OZo0/HnmwS+rByFp0j/wxWxmE3/AY15lHyBNzNqUg/wKYKl3O1PY17Jzl5zmV6R5k5m4bLrevh6apNn/ml5o2yrUo9RxZ4cMXgslzTPvtv7P3vmEtpHdcTyJhjdg0wUHIQTN4h4md4MwVkIyWipBpAqvzKK4USxFh4hgCblCDrtitJKcRWAtutTEoBwMTbNL9hLbgT0YQqGHtLj0nsO2bJo95La9tWzbW3+/98aesaORRo79RvPnOclkrJETfm/e532/v9+bpy/y//E0DT/LPwaa5oFja09470t/IZ/rdg+iD5EQ7DjpKSPNIyp57ghP4TrMNnz9D0L3jvsMzlcJLs+UPNIcJw1t0w8EnTykpNFOV8mX8Je3KAjVnSlfCMJjPL59Pk8JT8jHZU/TDLD8koHl10N8LC2/C6vcD1S+aLsHsU4LwenvvqekUalyB+59urvKy9Aq+WVtZ2fvKX1a9lvJywj3I8303qtbuMGkJg+RNLpTvOb1q6vk44Ubn6JG/JTcnX8GsrEI7/u8jKSpXH3haZp+QvztEMuvg3gfyy8YWH5br6dZ+tUnn4y1pvlAfWxE2z2Idtqz7w/6UBWrlDRq1g1kjdqm51f75x480mCsnv2JXNDJQySN7pTJwVWg0TNy7TxmNcmdp7Q89fAqucC0pJenOZHl1yBuZPn/aq3lNyLN7MTspIOr3A9vfb2g7R6kPoJPKvm9p8dIc+0jOq2W/0ye7+zs74CsWfBIM6DKTT2nJg9ZnubwdFWlCgrDX+Nt/8QHo+jN3s7Oq5tatD1N08/yS4KR5ReOQnyA5X/H83u1pzMkDb2boRv+re0exLYVuj9P+/QoacjvsWNvTr8i9xcw4f/Fa8kjjQFpvj2oNmnykO5Qo52y0DHSPDpIbB6oxd/0TXx6mubA8ksDLb8G8TG1/C6scv92Am/vR7rdg9hWiagtH6Op1UgDv+9+J9yAyeThLfJVWfjmD3R68EhjXOX+jLzQyUPKHe1UTxp6598IgYH6O1OLPxmQxtM0Ziy/Flpt9c1wyz8Gmubevbk5Zz6NgIb1Jrk7r9s9iH2kBfmygv32lZ40gKNruDflHcyyTf8AY+a84JHGSNNAwHGHcp08RNLoTvWkuT8h4CeI/Mhko/Q4/52naQZXuQdafj1pxtLyu6/2dO0H3D1oXr97EN1WiO4q9OYxwa6aPiCN8PCPeNG/4PQxpvmf/yR4pDGsPd3BoE3r5SGSRneqDQfQiD/Sz1s8D+/4gE6/FzxNY0ia4ZZfT5qjll8YYPm9Z7lPhTQDdptkqTFt9yB1V6FQn+3injxRkXXj8H19W9gjDUFRiDw5lIfqJ3MfnGrDgW5CCczHfAMhhX8SWuX2NI2Rexpq+XWhHU/Lf/qkGZ+dsEZdMDlsA6HBr3uk+R/g5Np/BUEnD2ntSTvVDQemEd/MqLKR/A2fApn2NI1wQsuvC+0Iln8MNM3s1NKafTPC4olI856PkFxxAWkCA/enAdW30E8e9lWL2s6U0jf4Psl7wnKAexpq+fUQH0vLb1h7+pmda0/i3DkQ3WWupIHxEHe+prk8cCcs6UD2HZN/QzahlKRBctEjzaHll0xafumY5Ze8Z7nPqsWQNCGeoMHxcMkNpNk4gz33BtlSySONIyy/EWlu316O2feT5TCdIPHdhDLkm5kJOJ80m+fWhPAVgXdk3UIa3pYfIJ7zak/vNyA2wINK/LpMCnMdD5blaYLn1nl/6oTfJaQRrSFN3CPN+/VaDHotxNc8TTmfNKI4F+PtS308i3pWkoZ/cpGn5T990mxMTUxYT5rYHISR49wbhj6LuoE0y+e2yr4wV/PEM9VuJWli5+Ce5QpxnpbfiDRLsxvrNs4IU/vk55epCfm4SnwLScN8KceZN8w1AWYlaWhdjyfEuRpTh1a5D0QNpxEh+Xx+jpUnK0nD7FNY4MnwD0VXkIZm23lCnKvld2iVGzP5a3iXSpzmXT/PXIKlpKFr97iJfMrwuDtIwyDu5ylpOBpTI9JcX1pbtnNGmGnREJchUUbQ8FT4VpImEKTjgVcKzO8Lc5U0lpKGrs3gJ2rKXC2/U2tP2G9zFDXhM2ZN2Q/T7gLPdLC1moYu3gP/JPHyTnxDayVpcAlByMdttVKYq1x0MGkoapADV/yh8tmMi3LIH4afH+INGktJQ+Pq56EWJfxXuHona0lDnyoLc/JPEswWPJX46ZNmbXZqajxII27OrTHNQVvYVPOFd/bNXXrwY0PlmamA6CLSiLHYFge1iB0XXuC2hnUMSCOKv4hhZirESS6GeE6Qhnma6+vLts4Is7Ye28AnZ0Ihv/+Kz1RLZypEzpi5Mhz2h0AslRemLomiq0gDqFlUCe6nMTjlhv1FQQ5iMS66iTTBuXVMn4TPPFdTDvOWi46tPR1mFZbXFkfogSTddzWDLtaUBF1YmIqKAbeR5phaNNP2k6m8b6QWDkkzH0ZFV5GGlkzRNJ6tXgwBZ/whvuXS0yfNXGz93hiRBntvc3JyctFUeylT0rxcXPTLlR1hwJVbW1tLly5d4g+ZsSANEDy2hlMjyA/QiwObb28H/mwSUvCHTX1RnUTFYpx/ZC0mDVU1KsPDGAgzzf9yL2S2+ZlaDJd5y0Uj0lycnVy3e0b43YzbsF+iWMzKnWoC/rILwCnB9+Cr3y/tJ7qUNDAmLq9tLA7Z8gFaQiZpJhabo6j7hdl41IrIWk0aZPgGrTWYkH17r+vwZ4KQ7IhqsVyemeIcXifXnk7UVqrsmCIkBYftdmsc/5fjQBpKm+Dm5mWDdmM7kYZDG5A9eflyXS7sGl56pG1uBoPWQdx60gDCkTUDVxnt7efB3e9DaNXDSGaLeX7RI41VLZLU1Tka+WybASfhkWbUFu+AMt+GAbACKhEOHbHVJG3RDm0MSEMNP+jFrT4Jlv1E8qUgYEz3BGEPjT47FE1TBtWiFab/9EmzvjQ7a0vS5FIkpRcwURgtDehEHCENjzTmWytNCCjDCMSuBtTJVxUxnmInHmlGlIy04TGfTNeCwRyGMRhU4LAdDLbg0AsGkTvFoKlmoeU3Is3Pb8dijqg9mW9Ydkoe+14HBk0LgZNq5zzSDG2NbhJwEpUJycNZM5ssHrwCHqoS9UgzojTEiS+RzqKqzrKYQmjrwAqZZLvwejIt44FNhwETXxY2x1e5RzBPoGly7+SQG13sbUKB45FmgCJcYV4TWV0BrMBB0b++nc6JHmlMxrLRwZsuS6MIwSzAIc1Cm8qmd+FQqrZRITYJybDXEmMf2NMnTWz59m175mlyyUj/FwJZ1tv1RMkjTd/WTZE0HDKENOFQqxePVFCrOJnaQtFYS5p4o4rzWp6QLJvemiymKSptkrs0itEIw0+ayXB8rVi0AcUHfN7ThpsywtXIoFeV3dQ29HKWTSEeaTQGRzvtZICaIwJwqZFm5t1VGrskaRPMWEWaXHU3oWD4CAFmdFkwMaYQt1oyr0tw9SoyUqhOiAyvdSv5nl0C69WeaCvJ2c6QMQU0wjwcAKcX9UhD+asVmDqYlIQRo/S5rIcfoxvwSNMXMbuJQomFr8TKdA12n8HEV8p3i9qdFi+2CzkGowi9JNUSbdU80tAUDagVeWXYVZ0CkePYy9mE4nrSKJkmFpiw/IFJyUK7Y8TfomyTshMv0gQgUoFEIQVBUVhJrsXmMKzWQUyVbjGiD2a0oRyyfIVdmevERdHtpFnfuHjRbqSJF8z5IqXIzDECJ+BW0sSL9Z6uwERSwzBSytZFjzRwxyho0TMpuV8tqQlRjB4ljBruikzUAhNeWcj3cqrGdgZp1u/Nzbmo9hRNmKrB0symmq1JFqpR15EGb/KjBaZGbqjDEhXR1aQJKCWcoTJyv1pSswIYCbT63UqdeqEu6gpMqa5o4+ZVuUGRUtaYp1Kv0IExJ1tZWrSENNVkFisdGVYa2U12h69njKfTir0GxGmSJtfZxmWfahHpWC2pkqkZSpNoCZ+JKRwpMEXiouiR5ghn1pbs5Z7aZLS5gt0cXbrIXsztKi4gjVLNR1kxhCUlza6NicJgaUbcRxplu51Ri0g59rAuC58M904tU98ecne1ZZINHBaYerjI2v7NiDRTE7PX3ZER7jEDPGprJLLNAN5McjLnZNJg+rLKaiJqUlIxn41sgfJvKi4iTa6eqRytJa1otaR6rTMku9KqF7KKrsCUTuREWyZlRiCNe2pPeXx45CRvjK8wu43AiTuTNPF2IdvTCkypTG1EbCjp7IrodNLgA3LRTAVzurpaUo8WiuSiGFC2O63AMJ6XuggjcvjEWI/9XOc0jzQgS07+lHEuxQRROt3NOYs0rV5RX2CSTyD7MPUVb4iOJU00gsYw2SRaLSnAaklRIqcQFUMJQykTZ1m/XRZvLDDVHeGXzJHmwYWPTkia2Pr167YhDc0Dv9dg6GQibBKqO4o0aoVEXfVeLZ2gzFZslmw4IEyQJhopYsI2eRgiXS0pnSrUUMuZ9jugGhOU5ezt6URRdGZz7KflmgNNJXEqleo8M9aR/IrtSVOqV5AtuI8bJiXTiZMud1/JErnqLNIoxVpdPF5EyjAYJwr/Z+98XuTEtjjOLKJFwwv0xk3+ghDewJvQZBUdcBbeSCMEGZBW3MhjlCfiSizUaRBi46pXtZnV7Csu8wdkMTB/wtvPov+FN8ni3eO1q6zqqnSV5Y9b1d7FNCSZarX04z3ne873oPl+kWlWwF56KTB5J5KQ2Zc0T0LlxneJ1UYwnKQK3CdTfNdIR0saTghWBCb+sHJ3MOFAJ0KaJDflZUPSmpaECn/vK11jORGYnBOMl7omzYe3R+OE5eKwWG9HhOXwjcLF5MUkiMdImkyvC0xJHh34fhVlRuaOnTQ/TzXl67PvKy3JJ1rSrNKSipnT5AQdj2dC0jGGP8VW0Vxkn8DaqnJfnl+dfEaYy3S+xVxC6JXCAxfHpnBEpBFnpuoT2SSHpKTaUgzI5ceonWDSfAknk181Vf84mfyGLwomjbDQkqARN/SjRul/MStkpy4wKRn7dNYT156EdjMJwtQgVRT5cZCGiyKil1RJSah6b+MFy2nzI3wWDBcj9tUNzyB8PfEO7w/8A1+bu2ffi4wOMBajpgIj5+J3D1hz1gQm22DZkTRPgDRCVxV3Go688Udnss1RThrEl7JJlZQMAqGtAzaZI/EnL5cU+TNyGfDVePUn/oGvp4q5i394qor3NIfWS8l8yfKqY0xD84R9cmsbad7/eH3edLLci2Pw3AN/8m5iHCnwZAKcWKSUNOEcWbWkJO+1K9FDWoM/giaExC9Mdk1LenWDuYuv51Se2od3WEapLC9ZrjGKyT7V9WS1p03+5K0tTBiJJ5+fGXSRRoTSmIIITFVSsv0RbmmZiaB2cUmBrAfmdtNSS3r19e6OIObDQR2WYhQQiPFEYIJflBgsO5LmqZFmkz95myvUeNBwJJ6XI3pI43o8s0xKJmjW0TZ+HlDIF0yTEFnKqrldpSXBAIzcdrlWOiwxW2b4RRMuLAkdc5awT3y1T5pfr86PQuXe6k/e1o0tBRxplvMpIA3nBppNBKYyKamD80U3CJ9Spm1zYQheZwofrJvbuThscqAgr+bIcChpjFQGfWohMClQQ37KFXmHkubs/dnF6WaE/d6SCDhI08F22gukwUgDY4NgvEMtKSl0duuHCi3+5FzowG4S7+JWzO0gVy0ysQdtXYL4gAHNSSNGebYuMLHGiJhHSHPS2tPj/uTt3e62DDecR1q+hyBNodYFprRjsxMOnykzcNozzOZz9oG5HdHwPU/z2W9J+c1IA6+ReIXl+RgvjaRJwJ+81x7jpHr8AqFH0ohOjtha1bveS8muzXeb//pm4DZPqzOu9SXJBLGmNt2pd7EBaQJL95Ys1xRtNnJld9JcPn/XVOV+M/k33aTZ1Z+8xbesGUNiEAPHc3ohjVEJTMukZNhTwMhFav8vc2GqeQ/M7UBLwn83mwb7XPN9SFOx3CS/LyVlDWNKZj/SnLT2tKM/easPIIRrKZE8RK5b0iRIqQtM1tpEyQ7XrM/+AxF/h4nmxQ8GJWG28hixUZA1YN6upIHmtpyIVjPCcsEf46WRNLW1pz95m6vayKfxVOiGNGKWZjWBiYnnvb5j50wf/uSiAFqSF9fM7SotKWJ4JYI8TdL8pHciTWLpYCIdVSxXUTBmfvsnze3F2TnFpEmZAWdZuDD4lFMIcDogzarAlPVsRJDxOH6QOiSM7ZCTq5vblVqSxCsWaEkhdzBYHyGNk0MWxiC/tmL5GDEdlKe5fneSKvdseGkkI1sO1sy41khja/oNJk2VlDSt1Bng/hfibtqdEjvAgN6iJVmlSV17p7qVNJwAIkI17Gsglp8iaU5Ve5qS0q0hl5GrkEZwSNnYoaS5/Zzj/5oM8xcmTcowyoDFLKHarvWVm5vwgUtzu5qWNEUQKLa/tpHG1EvvoWr40hQRGXHczAxJmuff0axy5wwFo1shdYiINBRKB5HmE/6UnycfICX69QdWGM6JQIInT2rpyXNNWZW2aEl+MeuyQmGdNB/+dXdzwxKBqTyWWB7x0iZpzt5fXpxcRrh83dMyFUQjlg2I15wmpPlyJ8e/Tya/g0XeZPJb/L+7Lz8MeDaipR+q30sSWHmo+nJQ0mxFS3JnUQ8crZPm9afbyeS/S4EJE84Y46WWSXOK2pNoIZp8FA0oXocp39a+QYofYdKA39Zk8itf/uhrLve2xWnlaKNmhHHxg2yoOmhJS3M7oiXpKgaOEfW4U1uQ5sNr/NV8nkz+JocUokAYNzMjaXbbRbTkT97e80lelTAZSJ7vfGQqwyAcPf3JMDKET59vJ8OTRvL2d2Q2Ih8yLfG6llTgj9NVGTA8QCwIpEm1+ONkcsuUtnsv/+JvshEUFJLm7fnlGZWkadGfvMV9li9DByYGzuPRh5Nala2Sgklzp6BP+JL+0sdc7h3OQ9vdkVnwi5xdTkha0ZIs2Rzwsebc4G98i0IH08J27+WXA5ywxvUoaZp77tGrPWU6T+PLSST0AOAI26pME2gLRPdJSYZ/WWaE/9HDXO6ddiflQ/r4v4sKpLHrIlI16Sg182EH0Rnka1DxlQWWw3bx038O9dwb16OkOUmVW6DWCM7Uy5I7i7E2HaIdlzJVlZR0C0fsaS73bivSg0dixAhZyrq5Hag5Ov5rP7eH32jacgzHAgITRE+K9hG2i79MRtJQTJqL6+fX9JEmkemuFxfBMidcH8Ym2lNoyYxIMidhVFQ9lDSRBlrjNxTscaDfC5bCR+uDkgKMGPxtuHUDqgHjJUQG6cGR4ePUvxzuuTeuPUhz1njeE5UZ4e78ydu751kuIAPMQiUNWU4Q6lXvZWHz8sGkiTSwU6nVmHChA0eu8KvmdmB16jCxB1qSQIcECLa+1SA9l7DcmAttuHuOaw/SnJj21Kk/eYtxCIKUBRSsyfp91Tto4On6REmqoqeCKVvjQ2cOOre+am5HtKTYg6ohTlwGVINvIuUYOuAkwnJO1XKSIxtJM5LmoNeXMpw/034rnJn4WVVk0quAeHVjSTM1pAFmuOa0piUpi84gCARlbepQdoXdXINgrxqkpzL6Sug3kuZoSHN1+f4dfXmarv3J28kZVElJhUkhJGGUINwSZ9BBGifVFMStaUlWpSVNg4i6K5xkbNmpWWlecNTRmtw3kqZn0lx/9/xktCffPYZvwrH4+6p3xwkjNCX7+s1WOgOSBny8HM2LKy2JkcWqIanSkuxGBlR9rFyvfE7LYoFAyzehcCRNz6Q5IZXb4XWb6u9AmKOlwBQyPHEArQzdXB1FVJBGBKXI9eKauR1QkeGzAO/CcGgqHGJA1W1EmmtKXWCK5e3dSyNpjoY0V++u39NEmv79yfd5fI1lUpInmY3ofhMTgv02ZxLgDEcaUYB6lzCuD0qKKi2Jx38asFJCb0OQACMKagLTnAylYUfS0EKa87OLt6eREe7fn3znlXo8SUqSrm40e/iqhQ5MSHsEvtg3aQQ7gL3gqrkd9HWChm3BTovj2KigN+0F/VPMvcAEehgK3Ef19ZE0PZPmhLQnrn9/8kcPyQ3SZVISMbp8/2w8+JdzC97DGDh63hdpnGBasOtaUjXNSEbp/f4w1CR67+tAUxC7FJhiedfJKCNpRtI0WuVjQRVo4PGskpLVnBTB/Wb0kUgkMRKAUW6npMlMGdiyUUsqitmqeiepvfiT7w1xYZ6zi+FL1TnsgcSRNL2T5s2bE8jTDOpPvikiQSpkXXxSDOx4pr8bBXOd4QE4vEz+hxZJAz55mazqD8ztTDKgzZ45myqRwJFmb2edjpdBjromMNmBu2cOaSRNz6Q5De3JH96fZurkvwAAIABJREFUfJFwcXJ3kZQM8UO8X7enNC/IK5qXWiKN5OIHM1J1aEhaDkoCDgaMDt6awrcNqASFiWna00SaAhvEe4EplotGwd1ImpE0DRYF/uRV/qWaCM9Vc1JmjeoIDZ6kHab5y+akMdyymVNfNbcrxZlMV2VMGmm3aurQoqMYEsdLyF0M0hPwnuaQooaRNEdDmquzd5fURE8BP7g/+QwpNYFJtg6ozucyDRx2ADh3+5PG9XP/waCkSktSZdNdUHGXk6JkMkCY1AfplSzfO14aSTMoaS7Or26PPCNM/MkHfBqkLGBrAtPB4+TusypQ0/f12bOr1zuSJitQym7RkjQzb1BBbfM6Dd1MKGYqgQmfGCfLRQvF4CNpeibN8WtPoqUNqznlfF1givzWkhpBzOj4QgaM9/HFN0ljI8ti6+Z2NS0pz+3GTQPgk8oPGToJASLGYdWJ6e0VTI2kGUmz7wsPP1HDtG8buRYLS4FJt9KWj4PLwO3WY5h4w54GmjJtS+EfmNshsrnKbFfaI07aeILWmmNXn/GSTU6lJjAJbQ4tGEnTM2levPjpp6aeez8+p4A0w/iTG1C5XwlMBqmB6SR8++ezcgzLH/9n7wxCG8fOOE6hyNYMXUgMJvb2Znou3TqZU+Q1SrbSmEFl0cUzMgIjhpFZ41UJ49rYTkE0LvJlIGDI7GnvxpdhutBDCj1MKUwvve5AWyihhnTJfffQ9+kptpzEsWVLsp55D2YMnlFiveT76Xvf/73/h+a00LRXUb/4/gdEmorETZvbQTplMW3Yu9jxz+KOL66pvZrjczrA99ctWhW/PwclTcikIV97WoM/eVKeEpiGwXWUBJX71+/aX8TjX8BO+3j8KwTWH1zmdgyDbr7brhVBS+L95B1vt/wOe2Eq1EW54hKYFK0VC4TilDSUNJ4X8yH6k7eGBWCLIzBpi29+X4E01T++0+NxEPLVePxX6OV/Yy2pUSs2A8rnkgWuHu6vaMeo4ATRJTAF1+SNkoYY0kSh31OY/uQNyJwKeD+tUz8I+DyQbhaLaCJxOyKds5sTvWOY//wXPkGzHuySUcUhH1KSiOkNEJewcta0KsGmU5Q0IZNme3f/mNiKsBCeP3lfsouSFq6IdM2uEGDQGcWaoyVJaCKhURKaUw3lUfF4m2H+9vMQdrgkoelUOAq3UZTsBBELTEVFC+VgCSVNyKQhWnsK40iO0DVhj6yOKyIVRioG4zTHdxDIjFp7WkuCrkQqwwFpvv76q5P4L2Ez3yexpFTUg4bNkAt8VdrpN3H2xE0EprDOjVPSUNJ4+E0N2J+808CeUPVxn5Sk7yeA+FwXmoS0x+Z2nYmWxEnQafHHiDDj8eqff/j+E9vyKcgqin2XgXp3QvXauc0BbhJVtVphlp8paUImzf7+yU+WVLk//dHaK8JCkP7kxbZbYBKH/hYOkjm9Xr1lbudoSZImNmwn31snLF/Y+2lQMsfBucl6MBlAThGDzJiSjaIEt9lyBCZFM8M/wklJEzJpyNWegvMnLxlNZ1d/za4fyKavX75bb/ZvNkoqOVqSJppTqcSMs9x6gcMGM1wQLoMNqMoGk190+qrhFpi4tZl9UNJQ0iw2gvEnT0KcOwKTigsHHd/yBkMtQF1i+kCS8yKa/btWKzNdI0qwf4bDOo3fC0gDfV3Nd9KUIP1UpgQmo7W+cySUNMSQ5tXug631kabTxmcA/M02NAVsYZxuBXrR8uHcJnCqX5BrsZsHkmq4mj2424BqHmlgtNr26kPgaj6vonRO9ntZZkpOgmhPgVow131yk5Im7DrN9vEJiRVhoTDVJHrlykFfnQhMLYaTV16aCWCabcjKtLkdPpfEAWJarQVykfudsHi96BRWfZSJIM2o+lc3aQxELTYWmEyGq0WjwQIlTcikIVZ7Sqo++ZMnhZsCE9/lVyEMHObuKtPmdgxTAutOGcofDYcwi0TcIp57KDkCy06j6YtYZNrHVX2hQUmfJIh9LDB1qlFp5EJJQwxpHj2KP18XaeyzML6AxtRsDy0F104KYn3ZcE22DOiVOK0ldR0tSS6oDQhfz2G2CGmqqqJi4BRWnw/ERskfebsqMdcCUx92cw+7kTKUp6QJmTTb269OiKsID/3YJ58b1HF84hLK8iqOMRT7t8ztcJLUKKhWZ+EEZknSoO+NcoeOY6W8WtIgtDEYVkoSB6JcHzfS4zmuFsXWopQ0IZOGRO0JDGFWsk3h7WqJS2BKtpZRQQaiBrE9rSUpOOBVyxdHrMUdyysyA/1tO4y00uaUnMSsoOk3dD02br7kCEy5aDa+pKShpJm/4llph2xOrbkEJkMW+54gA1WMuibdqSVBYPWvDah8GV56I1RNZ25WahncWDJd5PGEOPMCVlzWsBvhlnSUNMSQ5vjZ1u6aVk9L+pMnq1CFcQSmKsMoXQ/XNmCL8EDiJlpScqwl2a0pq7kA4spzFxYJ088Sl1CRhaWbIFRE2bUDyVS0ZuQDgpImZNI8ffrigCjtaXl/cmhIMqkfLOitjwgDXbTBs8HRkhoTLaldK6KvUXJyoiBWCZ5J0xjKQwwcz0dP+Rrj3Z+8YTRLeEKwwAS2w3ySgICgpAmZNKSp3Ev5k/dF2SUwyTV1gYDiKwPoTO00Sro+kIS3C3ZrxWYpKLisRhr8oSqOuYzhZa7Aa0vycEeCgCdEx7PUB8xVeFICgpKGGNIcHHz8NHzSePQn5ytGzCUw2S/zgqlvioPxgaRrcztHSyo266EeBlyyh2VLs3OvCqOIi0vWgubBkJkXZZiXa4GprTWrgSV2lDSbQJrd3WfHBFWEc978yU3OfYJJH+TuSwRi9WJtppbUrHfX0YBh6W65DQNjmWksHv38IsWdJFovWTGXwMSpRAYEJU3IpCFNe6os5k/eqBclYdK8WdGaM8q1PDzzrVrbJSKNtSR7i43R7axxRbBSX+5kG1drRG2+vGYssudFqE4liCAw6eSslyhpKGk8ZTXzjvgI3cbN+sEdJUo+B1tW6+0bjZJsk2DObnub60RgJbASaWJ8X0OzxSvzdw9XuPn7BuqyPUtOgmhpTZ3kgKCkIYY0Jw93t8MlTacwv0YiyNx1/QBsrNSb++f4nA6VFmPa3M7RkiQNHKCECNUaViONU3dycDucPXsgyzEzwVEy1FppkiAynNwgPyAoaUImzfOPDx4Roj0JMtO+p0RTtYrmpH4gKzcapPB6vVm51SjJ0ZI00YzmJjM/SFMVFTiBiYCjzSoPw9agO0/G35EgCqSulyhp1koaglTu2f7kpdat+oGrfFtvFuq3zO0cLUk0+6Uo/9j8IA269xYuPymzHcGtu07GCxLjEpiSBVMXNiYgKGmIIc3Byf5+qKTpyIx0V9o+kNz1A6Npd5SEuLEKssvVbqIlwbJq2K+QEDX+kMamjYTvX5NurqKSdvI3ndGg9ZLqShC5Wn3TAoKSJmTSbG3tviKlInzTn5yvDAvu+kG70IgJ8F+GsnLb3K7GcBBpeoWkIoN/pIEjAxWczN04nSoybn/ykj7AcyZPEsQOv3kBQUkTMmlI0Z70GyZ4YCflqh/UhSr48FrKtLmdrSUVOTu1yZUI/LH5SRp7DHFlqiS23O9gxwzgSRN353SaLxmmXtrQgKCkoaS5a7Q4ziWN8EVpLDBVDUszu4NbWhIc15YLqhNApA7fSdMxJQnj5VpAGnAMzC0ccXcliFxNLW10QFDSEEOag+P9Z2GRZuxPLnTNOq4fFAxLlRhJndKSdEdLKqiWcLv4QEmD08GY3WEGjjjZyyKDg1WpK0GEPTj8pgcEJU3IpCFDe7L9yRtO/cASNRQowB61MTa3Qy8D9KJaBn4UJzfjx7YoaXZ2Tk9/tvh4qDHMEL3KivrwpzCD6C0QmNBb1l8ezr/+9HRnh5KGjs0jTSxZUNqKqUkIMRxiTK0wrDgHknCDtqRlVDfxMbwIaUb5I9bjSLFv379l2X+j2fw7i+bzHL13efnmz56+yFH+gpKGjuBJc/Jq29Me4dHFRT5/drTE+P17CfDCXKKUH/2NXv6F3r1klPfo5Tf/mHXZWT5/MdrZdNJcXCFwZMvlvb1DT6OH/rxBjLn87TnD/MnbtYd7e+VyNsWyVxeUNHQsRpqtJ1vPQqgIj/JX7NLjG8QWBZOm/c1r9ly5fIPeffsa/+vrex/eqaP8aINJgziTKqcTy46XH777LvHtt0tend5LkcsaShpiKsIeSHNxZD930WM3nfE+Ehn07GU+nL/864fzN5lEYvx2Ar9kEndfl4ZHLzx5z0abSpo8y5ZhRnqHcKdLjezr1OtUivV4kf2zRN8YseaIkoaOaJBmhDhT7tlPwUy6t8TIfHn+5mW6h65Ne7k+nbG/52GWZfObSZozNpu2o32lkVr2+tQegnyZUNRQ0oRMms8//WhrSZX7xdOFPPdGVyzk9z301F06FFLLRQM8e9M2a44+20DS5NlsJrEqZ1YbiDVl9oySho4AK8ILak8INHs4sVjDgChE6RSxD957STMC0JTZ9Q77I1xQ0tCxdtJcsYeJdHat0VAm9sF7L2mu2F5ij133KCcyKXZESUNHYKQ5eba7QL+nM5TR9FLrf/BmiXzw3keaC5hZdv1jL3FIIsYpaUImzYPHD4JUuS/YLDzzovDgvdow0lylgJ/rH/bH+IySho77SROw9nTEptdeSoBxiNYZ+Y0izQjh85BlI5HU7BGYMFLSbBRpIByikOGjBy+ZSc1s0uQRPbORIA2bSRO4fKKkCZk0jz/6fEmV+9Gjk+fzSAPhUI7Ig7dMYt1yJmmSRxDg0RgIeVeUNHSsU3s6SkUlHFJoqZHfINLErrIREJ6uq2AEUpySZqNIg34JoxIOvQyJe2pmk8aO76hQnMBCDSUNMaQ53t3amkOaEVq0RKSWAJ/kaoNIs4NuKBWRqWUzh5Q0dMwhzZPfPd4NrCJ8wR5m2Ail+DubQ5rTKJEm3SNvZUpJs0naU57tRaVqyUJZY6NIc0hJQ0lDSXNNmnSPjVAx4ZSSJiiZm5KGjnmrpye7gVWEz9h0mpKGkoaShpImWO0pSqTJUtJQ0lDSUNJQ0lDSUNJQ0tw1Hm49eEBJ83/2zii0qSyN48w+nHC7ILQPKRdB2Zdl9j2tUFK7VCmuqwyOE6bo7j7E6bCsqF0GO9lVVidQpw8VfShsCXVHZixCQGY7saRaSBUr0tLUeVhhdyvqakrKarM4GhgGBvb7zrn35tycm3qTNsmt+c5Dbc79bmb6v+f7nXO/79z7EWmINNTckKbypxFcRISJNEQaIg2Rpvq5JyINkYZIQ6RZJ2natvxyC5GGSEOkoeaGNJW/CYsiwkQaIg01yj0RaYg0RBoiDZGGSEOkIdK4aZ1Ne/cTaYg0RBpqbkhztuLKcpR7ItIQaahVP/dEpCHSEGmoVZ80Lf/ccpZIQ6Qh0lBzQ5rmpuZOiggTaYg0RBrKPRFpiDREGiINkYZIQ6ShVj3SHN579n0iDZGGSEONck9EGiINkYZIQ6SpCmmupLLil/xAIpGMSUf0/nuJhWHZVjHBjoWsrFs/dMRLWBNpqFWfNIf3v7+3YtLopjuog1/pUU2k8wsu8DK9pjs0DGlyLCPEWmLYugvKha/znuWCbbFJ4D4rMmm/zTsexJy+kEhDzTVp2prbLtYhImy6gzr4lR7VRHYngR1uEYxra7hDo5AG/v4g/vF6nrG55ABjKyZ19atAjP5pxp6ZHYoJCDmUHOktmASieM5JLr9iTaSh5vXck+UOxYPfwR0UE+l8EzvCBbrTa7hDY5AmfJUVpJ3LcqVM4SKcF4GDbKUgrd0kfJutgm7hA2zVXNL08nOibCimfiGRhpq3SVNwB2Xwqz2qiXS+cJi7bC7NeTOhlXaHhiCNHmWmNOEOvgwMXGcPrAVLd5Zz2ZROMQGt48JyCKGdTJo92KF+IZGGmnvSfPzx7h0VvnPvbIVPI0juoAx+tUc1kc7XAv2zwzDjIoVgJp7QSrtDg5AmMxExSZMxqREzleQrlfYO0MkgTZFJYGYWg116Ky4JQea5dJivaXiH+oVEGmqezj1J7qAMfrVHNZHOxzl3QrvL1zERXMeUdofGIM1MWouYy0WhkKUE4ILTlxPZWMIUmZjLyBBactIEWhl7kuRxmlLWRBpqXiWN5Q7q4Fd6VBPZnQRp4MfcywGGvCntDg2Te1o3aQDqvD8/OQnWIhm1ohFpqNWJNJ1N+yt/E9Z6SCM7SWByMo2Dfye6Q1wj0kikETGXnEWaqyLUFThYIE2RiUhIdbCC1Jj4e5HoEGsaB2siDTWXpGlp6zxThyy3QRpl8Cs9qomNNGYmKpMY56nt0u5Aa5qoweyONdc0kV4JNHBjih8C91kmTmsaapst91QgjTL4lR7VRCENHBrK8ujCKq1pnEiTfvPdU1qmdiFtF4iKKBme42RNpKG2OUiz7rsn8bsVBU6XdodGIw3w95lYE65awXZO34ic5S4ywa17wbgUUmsVK0q8Cg7WRBpqrklz6KfndtehspyVeyoa/LrSo3QopMn3ijsm7CvtDo1GGrjdXBWEfmBtcDQ0N6VTTWBFMyQ/5QGEwa18uIFvQrUm0lDzdO5Jcgdl8Ks9qonDmuaZiCkMpUu7Q6ORBpcnE1qgVXxaSi3EQBTASI5xabDDZhK+l4qDBZuYwWaes8QfeQofxGWj7QuJNNQ2E2lsgx/Hur0nV+wf2GFzJ+4ft3HFr4NTrGql3aHhSBMWz0Zy3fQo3k2KR8LMCBl0yCa4X0A8P4ZtLiZMAlFmPXMpWxNpqNWMNBebm5rWSxp58Iu9Mao7KB3y+fycnOENuJm4pDs0HGm08DjokFk27oLwHnQpBD3vDRc6JBNUcskiDRwUJoG7+HHnRNEXEmmolUmawy0Xz9UtIqzJg98gjeoOSkcxabTINLrDR1nLHdgyvQlL7L2zZ+D0SdyNt6aJKpx0TglrIg01r+ae1hr8So9q4uRT6bXdgd65x6Ws5CVibzyJSEPN+6RxGMd6Jf6hv8GcSENv9yTS1JE0nS1nztHbPYk0RBoizVuZeyLSEGmINEQaIg2RhkhDzSOkOdPS3EykIdIQaai5Ic2hzkqfRqAalkQaIg21zZN7ItIQaYg0RJrSbcfurVuJNG8ZaXKJuLpXqbjYHJGGWvmkqfxNWBQRfvtIo0dt7+bguinF5og01Bok9+Q08SplLYk0lZCmVSGNUmyOSEOtQUjjMPGK10tkhok0G00aUWxOl4rNEWmo1ZY05zrb2upDmlYn0tjLWnqXNI9O/KvPqX+w9/KGkCbQnwzfTaVexrSZRCoBiuRn+QpQn0mKlSD8gms/rBsn6mXhTzBNCmmf5RIpqQq6vdich0njpKv/708+eHHi+1EizTra1GcnvlM6X//txYmPnIUtRZqtW3dvtiy3E2mKylp6lzQ9N9mHTqS51cGObwhpIsZ7H1bu4c9MXGvlVYQ1USNOMytXwsIwyItkwUIwf4Cf8UEapS2KytiKzXmYNE66nr9pvHDkJ0SaylucsbHivi8MYZ/WJPe0HtJUMvHm76VSPAWiTry2spYeJ81JR9IAaDaQNC+wFhzbiTWwVkTFPVzzBUUYS1SbAN5g9xUsTgmgWZ65j7ZImszL/g4lKiOKzXmZNKqu0MW6f7j2EH4eJdJU3AZV0szD6Hr8aYqx7UdrQZrd5w51Vkqa8idenb+Rib/HU514bWUtNyNpHuEreDaMNA+4fnNZrFg+lA5cxxCLHrUCLTkUNcffFhaIgohXxBvfl+AfkBZfWK5EZcxic5uKNOAiX12CW6gBR2mJNJWTBrx2EYQdYeyye9K0NbdcrH1EuPyJl6dAYLIFp3CYeOWylvUlzS6fr+v06W3mxz+dPt3lNz/8Fg74LY94bR2aEqv8jSINyhAQxWt42Ste2bw9ZKnF3+qO4F6JtYeALlH4BRpYTJiVKJbsURlbsbm6kGaX3zclS+lGV3AEHmA4f4Bd6CPSuFO255g0enu64IBFGuvQ+Q72FQp6vtdpzHor91T2xGvMsmE0KzHxeoE0MKi/TyE1/seXlfMP+UtHfyeO4YHMrx8Kj7jF6bL9FcYt4Yp1/+LkhpLGiGVFkDSIEMDNXDoQzdy5cyc4DDgJXM+M9AazSBRriQhamyEwu5b2YnP1IE2SnZrAZV/whs+9rsn3jlziID/gtIwk0jgo27PAx8Fjrpv/0R18z+sTQZqeL0LmoZ5j197xbRrSlDnx4ppHj8Ww/kGsxMTrCdL0mk6L0E+aH77084lAtJ047AfNQ3/lZ/17tGfjSIOqyKRBfgPJl7UwHyuZYRAuH+rOXmfProKSRaRZVrS0F5urC2lGrP/FRZ97XQtRhS/p7smNsuenzTdy42LwpXUISNMzbvx+xArNTI2XdfdUOWl+f6alZX2kcZx4cwzm3RCOeXnijVh/dXDYeeL1Bmlg2H/9455HvbhwvwVTwvPRHozBLPr8cG974ef8A3gE2j0f5ZPGU5g8/DzOsGGkidmlBVR0zwCtMQ4/m0wm0+2h4ADcnF5lT6YB57xKqK7rmh6z0no5uBDS1r1gvL7PPWFEgD3f9jrB2Dd+97r6rHvTG0QaN8oOAEh+9L9O8YkSZb7BPwBp/El+aArsTon14T8+g+OnRsuJCO/YUfvc0xoTr6gEsqrZJ958yEaaZe+S5pNLZmYQLuI+vJgYmeyD1c4noyK+Bh6RNKIy8yG8wEZEs2qkweSSSFLr2LCiHIbTsRLCHM9sc6y0d7Blo2Zl4c3warG5eq1pcPacmkbxytKVZ6Ccsn1EGkVZ0JKvWHD9smgeQf3G8A6U55kQ7N+Zc+pOpyWNx7Lca0y8+RGYdmfjmn3iRYxwNymcZpt4vUOa48aCfQwukYgTwIXbfnTQWGlO4b4P/7iReO2ZFmSqLmk03Gw0YX/CIIMKG0W0AOxpLRwVuSdAEOb5lo3ic4Vic5N1Jc12wwU+7CtT13HnXCyRRlXW1BKH73HoERLyWXPevB+Nm3onfpUC1OyrBWnWd/dU5sQbMXLad9lc1mHi9Rpp4F8kjbHQHBEe8dT4wJ3FaoYbVJU0oF4waw/Id6c1WEKapYUZe8gXklbMBpacoriWrdhcHUkjwgOGeO51xc1729/1+Yk0LpS1skw4jC2ZYaUzVoh/STlS/2CIBd91TZrmpubOekSEy5x4A1EelVwy3cGceHndS0+RZswizTg7Mip5ROa4o0cEa0AakdmTtBCfEdtCarw3zSzwOE0Cif8gbZLcVmyujqQReWounntd/bgh8shRx68k0ijKgpb7ZNIImfmYlkiTscLrGLxZ9HzuqdyJF0PCv+nFzIlt4o0U6OQ50hTPvWOyR3z9h9PYurq6+jaWNE6NJ/LWfMBjslAjS5dKZ3nlTVgjRqjFcU1TWtd5IOiFSz4ijTtlS6xpDNL89xgKe6yra5v/L583cbtBW45v05DmDRNv/iB/NkekrKyJ18ukOSjHE+ZFGFPsZe0x4wn+bz/9vPqkgdujuTfAQ5e+q/xHxGtLGte6Imi+6fMRaVwqGze09BtxGiHzoC1OM3Xtj/tvhYxtA3GnrF4p0px9Z0tT7Z9GqGjiletUlj/x1pw0Zo5EpEXMuL6VI8G9ID64ZkcuVZk0vFL58uZ+u6fsD6515Snvkl9JpFGUvWXmnk5KqVMMqY/hltRuHpK5x9hlEJaPWtw/MObx3FOFE6+2jom39qTh+z627RH7PvDC4U6bO9a+j8c/2zXfYe19qiJp4D+yGnuLSONWV9wq8sOfeXtFpHGjLN9Ps4fvpxkVe5P4Thsc0yBm96tdUwsMITPANX9903H/gMdJU/2Jt/akwcVlYS+r8XATE1cHDmXEXuLRapNGy8/+Z7O/sdzmDy51nZouRDHpaQRXyv6fvfMLbSO543gkOK+lNqKyYYlt0nDooTnowxUsBUJcx6klziYinMpxPovegVwZzsVXQpxASpo4HEpLjXEewtmBujV3+MUUQnMP1t2VIOqH/CFcD3oP8ZEmhWsN6T3ESUxJD/pn/uzOn91ZrSp7pdX693uIxtHqJ813fvOZ2ZmdGaYl6b+siM8Il0+rniUea8ha7h3dCcv7hrcJpNHvkJK7/YxMspbJmpKHd8lgv14hy6OOfGU+ZOnpOE1X65PGnCEh4tWk66xAGlhhWZuyGboC4eEf6HANfvThwK8OC+ue/vavf3PN29ZVW2E5kSaajef9sLun5w1vc3aNODvZv589zFHun3zRfLRD189OTr5cdPs8nMLija5AGrXpmf7J/lfMP7Tzk5NcSvwWW+ZdnsTX6f8HaXyzj7DXDW+z9qfRt/VpII03ugJpPCsBOJcbdiwPFGk0II0/zYk0udh0HE6WA9IAaYA03pIGTssF0gBpgDRAGiANkAZIs7tJc6EjHgfSAGmANGC1kCabyyZhRBhIA6QB0nhLGph7Qla5aDyuXv784tBfjMW/n/1maOhry0Jg/bfri+aVQ0PvZkkygz70sxy7Bn3urX/q9rTCydafh956ZqywfHBx6N3hoJGGZ1VQAotsUUW4Dr33TFfpKhWOmLY5sWjJSjdIpGGZdQlZIbRZwGpb6LrnRbWyqpBlTkRlVfUDSFOdNOWPjedz79ANx/+B/+9D+nSpvFZ1xTykTLiyQrfMnjeqB/3ctZ9Y0iondOftU/gP44HWpYCRxsyqqESJbtQq7ebArrvJr5N1lSSX0jYnFi1Z6QaKNGZmXUJWFdo6fRD4ANvESnhPGbLMiaCsun5UvXuaHk7u8hFhvC8b3SkPKb7+Hl2giheRnfz9mrFrqmFfmlu5Vdbajn39+QjecgyvFSEfoprjBX+/u0tX2ohphZM76O337pItoPVl7OS+sM92IEjDsiooUUGqfXHyhrSfA7sOqf74JIrhW5pVV6lwxLTNiUVLVrqBIo2ZWZeQZZkXAhavZyJxd2rBrqwqZJkTUVll/YC5p6qkwQcZUCUbQO3qAAAUy0lEQVSvkOVjmeW2DxZmD5Ple6hdnWf9VYJxGsxnyCuqNMdxGX5Kli2R9SPoc3MLZAumT6W0wgn6nmuLpGPzFENniVSu63pgSCNkVVTiCT3i4wo7wla4Dmk5T3gztmjRVSocKW1zImvJSzc4pBEyWz1kWebFgNVuEtn40ZSyD1vIcgUFZRVfBqRxIU2J7Y2KopoEZ2XtyEEk6kFaCozumR+y7WlnX6V98yc/fhO3EE/5hSUD8jdRQYhpTeFkxNyV/h1Ut0gDs2JbHNvCpBGyKiqxjDssfC2qdN0q3SS78tf1BYuuUuGIafuXSVqWHE8HbWHS8MxWD1meeTFg0adviQUg+lCErKCgoKyifnhHmsvxaDQApFlpe/yfZZM0tKeJaF+eeHuB9jtYLyPzybE3S2azeWAxMznxstEv/YgXV8lgxZ/IZok8rdmc6LMjtJ6cQa32FbqJWWXEurNQK5OG6yUqsfV2jgbwkafW6zK4HLYmzhXtukqFI6btXyZpyUs3SKThilUNWZ55MWBR/8bo0zzVrMoqQlZQUFBWUT/cSDMcuxff1SPCW/dMrRHs5y31HXUjWZRm/rigsZpz7e/4JNE5WtjCeMIKG3CYK4pppRO2K/0PTvMjFYJDGp5VuxJs70jxOiTl+g1zmFHWVSocRUFJTgQteekGiTQ8s1VDlmdeDFjMGDIWY9x6ij4UISvUD3uUivUD5p7c555MCW+a3W/zGBtzu0PhVsu8G2hru/0a2X9Mm6U7xl+nn3iNFBv+4KKYVjo5EGjSCFm1KaFzjYXr6NEGPzdmNyRd5cKxFZTsRNYyeKQRlHULWUYaIWDR1d/Hfz+1K6sOWUfS2OqHN6RJxo7GgkUadPN57Pm5D9kMKRLSUvM5aY6EybZB75CZv8cXR8yNs5fb2h5O4EG0U4tiWuHkjlHWK6inagxelD8OJmmsSmDQSJtTcdI8XtAq9/Ffsq5y4VgLSnJi1TLQpHELWU4aFrB4DuLY0A3j8QrZhzpkTdJYlbXXj2qkieaiHbt93ROLxSfCdoaoeNZsx9lw0izRWb/Xi2fIRWVzV/7KYb7Nm5hWORkze6qsT9Oi4zTdLqSxKIGnTuYWNBVpSIDjE0A1i65y4cgFpe7TjOwG0riFLCcNC1jEByx+yTzgQPKhDFlrn2bEsX7A3BOyrhpIo31248SJ9fOniZKrpB1wIA09D26lbQ7d5b4vdSnLd0+c+GlohQypielqd0/Feu6eUj4izYwLaSQlcG/FcjgKg8T7ZqNp01UuHDG9m++e3EKWkYYFbHHFOHhSmDYSfKhCVn33pKofzSTNTCuR5myR9iZxUSDQjx3UnEhDbnz0FQKJW4YP0s1/ZT+5PSDThGLa7gQ1DeTZsmV0a3yFnuJ1x3aEtCNp9vmJNIl0ZKNqfRCVIHvu65qaNGQmo/wJmV+SdJUKRxcLyvplVi2DTRqXkOV9GhawlTV6115iYyyCD2XImgpKyirrhzek6Ytmsy6kGYjM+KpPs686aVYpycljA6vK0w9L7Hma47Qzep0/jUBAj975tTlFK6YVTlDLPa8ZR3mvmJVkrHbSFDoLPpK2KmlEJfCRBR85XLdK849HsCy6WguHp21OrFoGmjRuIWtkXghY3Xy+4IzZbxF8qEPWVFBUdtXxdFDHPfeOTns3y70RSSf8M05TcCNNCdcBfNjwEml4Xzo3MTHxi6w2e/GNg5aW5Ay6UsfrR5aw5F8Vta2P8XjCgze+ON32wSL+69QieerSTGv4PV12cgV/Xfk0Ljf8bOai9sD+jJkjaTQy8OQPw8x75DIizJRAuZ7Dwk5MFLmyJfaMMJKhch9fZ9FVFwpHLCjN5sSqZaBJ4xCyLNrMzAsBi2gyliOfmafaCT7UISvcNpnKSl/mg1nuDR918XF10KqTBje3v1wjDxo8EY4KWuEDjyYkZl9l42bsjJwl/GTC61+i1Al6Kg45MMdM4/eKaifHNXOxpWU6vCpppiIJv9yZpjp7N6v38bkSs4eFU4SYsuZ1q8IBQ7KuRaFwxILSHJ2w53WCTBqHkGXRxiDBA5ad44RoQrQT1VSGLFOQK/vE+SgtD2a5c7FpF9I88lEXHzFv05k0dCxg9oZ5is2qcFRQSSSNEb90KSs57yZDzr65HTYW6eDTFNuuhcjtrpDmC3i4E/J1R57r5FK8wvmx7eEEZ9IMRNKdvT4ZpklEppzqA80qV8IMeYKTEoeEIQlZZDNGBhotugqFo0lpmxOLlnykJ1ikoZlVhyyLNpZ5IWDpOU5tD9niJ0FNZcgyJ1zZVeejtJxIE6/7vKcaRoS1zd7OtH+e+bjqXoA/6u93OytIZ1ea5+KU+/tf5ANomfP9+1VplZOz+OtIWs/0o0v12kmDKZ7ySW/RaUBYyKqjEorrdKWucuE4FFQ1LQNFGq5YDSFrCVhdO9/PT26y+KhaULUo25S5J30q0p3o8kl1SFWrDn41Z9Jom12JhB86NV3dqG+VaTllYc89j6wppCEDNf5oeGfQbVwmUKQZQNqmfXFbmq6ltwikAdLUaflsbtiNNJlIb6cvOjWFzm6nsYRWJQ3q1HT7YBSsF/esHgFpwFxIM+3l3JNvGl5SJzcCRpoNWst9oOyABqQBa+YsN+rU+KPhxbhrxS5NVdJoV1FXLdHcm9NCAt0dt6SyQJqWIU1+eDrnShra8BaaDprurlbs4buQRpvCNb270LTb08JMJyrbzQyQBsyVNPFoss+7EWFN03HD25lq5lhN7wwGzYYWPNLoU5GuVKIzMZNKNRg3XYVCKp3o7Ez3RjZbEuFAmoaPCO/1cu6JNry93aiT3yzWFNKoPrQqaFxIg7qMm4Q1xBINNPqNqd5IS47RAGmaQZp2j0mjo15NpNCNKsJMOlUo9DbOCqlUegbViRl089aioHEljZYZQKzpLZC8djfM0qQoUeNx9ZEGpAGrhTTj44cO1ceZjnuuqxF4w4u6FkY72GBL4HZ3qmXrgytpsLxXN5vSW9yc2si4PYkLpAHSNGbuyejWbEzhe3vS9DbQaLOL2109yKTBPZuNjY2BRhr6vketXSGANAEkDWZNpjkt7+YAbndbFjS1kgYMSBNc0vRFh7O1kobABv+7r5FGvra1iw1IA6QJCGmS8fwFb+eewIA0QBogjfez3GBAmhYhzQvfAduuffelhpPme98E27Z9S0WaF0CX7dt/VaQB2xlTkaZvdLDOWe7LuaPh8SqkAdshs5MGbGcMSNNA0oTDoWR9pLkQCofzQBogDZAGzJ00PYg0de7uORgKhZNAGiBNQEiT/zbYTlmPHQl5RJp6557uRZM9DqQZ/wbYjpmlbQBBPFIWzFPr6UsOejAkDAYGBibaofrnnvYMgnxgYGC12DYmuRFpollQEAwMzM2ysfw2+jT5KrNPYGBgYIaNhsOhbP2kuRQKhWOgIhgYWHWLhkOhy9u4e4qHpkdBRTAwMBeLb6dLs2fPofihQdQzAh3BwMAcb51G2/fuuTC4Z5s2GA8P94GaYGBgSs5kw7FtU4Y+KhwO410+oWcDBgYmWU9Pe3uy/gVPsiVDoVBHe3tfOHwUuY3HyObC6AWfBRWNxfCButlYDM+G52KxKHqZjsXi6CUWiyXRT0Ev6NOj6CXf3t6BXkbpyzj6ieilnbmMUpeGr2GFr3H6YvjqQy991FdPTb6kn3dJ+nmCr1Hqa5z4itWf1TzPas0/z/AVl7LaocrqJYWvYerL5ecZvvJSVm0/zyWr4zyrHZ5lVSqJeoJO6ataVl2CrqO+oIszl95ltTn1KxcOI197j4a2N0bDZ6Cy/2vv/ELiuvI4fmceDmXsFRRkH/Iw0iffFxlQpwQRAubPVhc3Vku9g4saWNJgQl/yoJsN0nkxmqy0kI3JalFDuyiaBBJMuskmphKJjVM0DZs0KdKH3UIfsqTp2/5+v3Pu3HvHcaKulpns9/NyvHN/93fPzzPny+/80+KYFeMV7z7bjoTDYdu295PuUEGvKqaiNxxupKKYXkwFGUZs+w0yLLHtXVRU2jbpVLjUtkupaLFtUsFwh22XaF8R7ate+yKXvdpXPRW7tUvtq0P7atG+WqmIa1+7tK83xFcoUL1er3qeL696LV71Wtep3v5A9bxQTfVyhRqs3raE2uIPNfyKUNdria2HGqzeuqEGWiJXqOSyz2uJrKH+El+63szqRdZpiU2F2pgj1DUt8UuFur39K1Qfi1kl9QPWNlEny1ChUExnOPqqmIpIKPSQinotar0h+UOixaFQiWXFOBWSY5qhuKyX8/GrASr6LCtORV0WX41U7A+F6vnMld+XRYaV2lerZXWFZEGtJ+CrNV29Yu2y1/NVr331al+7xVdM+2KXRYHqdfl9bSxUK1uoweqVbjLU2IZC3e2FGkmHut8LtTgz1Hi2UOtyh9q4TksYXwPZQo35ffVuKFQ74KsoM9RQINSHmw21b/1QTUvkCrV1nVBzfekeBr50odxfOnvzX7p86F8RfRWztpW+eCXXqSgS4Rq2RiJ8VRqJ8AitUhclkUirLvi/ZpLhAO8yjkR6dEHV7qOCqt1DBVVvQPuKa1/GZQ5fsYCvLu3LuBzQLuOB6lWmq1fquYyIy6Avm4qudarXurXqbSXU1hyh2rlDzdoSXqgDGwo1/j+HWpfb15qWKMoW6prqFW0t1B340vVt/Uu3baHmT/+KV8Z7LAAAAAAAAAAAAAAAAAAAAAAAAACAvCXx4dO91XlVI6f8dYkEAODSWaWi9/KpQktVF16TSAAA+do/nTtK7dtiJA0qipwGgDxVmpvvHc2j/ln2KygNAABKAwAofJxFKA0Ar2MScTs112FZifPDj2NLN5qU+uCK+8++Vhaalap9PNifGi4Ri+crM3T/p3K6t7xApurHh66blfP/pOsP5kqNYHzGrubfvVUeeNlyavhBki3n295xP0t085PzjzvEYEGp1Z/pfd0p42ppOPV4UFx2p1J8FDhp7FvSLiuXmlXto7irNLH+VCrV1oGmBSCP6KRees+yLio1OaNWqQ+rVT1v4xxRmslrSlWIRS33cdVeTfJk7qlvh8TLM/daXeXL5CX3ctKfZZSdUKqtym9IStFgrmuKtQFVYFW92WAMnHG684mpqJol5WlyXYdclz/I5QVXafr5De+jZQHIK6XR/fMt9Q/p7tKPv+RM5Av+6SPqxW8rURq2qOHPDltli1z+fENk6QzZXufr3zwVISLTBN+v+T3fVwcG/ZMw5IDe855Iw6zlPlmjn3xfZmmEijtKTXMtkjfp6j5nKqR0o0Na0mqfNnPxL59LFb1nIhGh2Y2GBSA/lYYYLbEczjGiD6jDUmeO1tOwaJGlpsJYTN56UjUr3f1UJe+VE+GRpelTPNihYYz6Mmb1k149J51I8v1zfqVhHy+7rOSf9YM6+XlJpsukD7UPLCchM8Ix1hVJrUSJRvjhcb7BtWLXjqQ2s67LR6fvjsR0JCI0xWhXAPJWaU4NuVkGCQuNnWpl1CIJjFGa0SF3bKRt2Sp6T7r7d3JNidDBQTY9KKlMskEeDSjNd65TznYuux9Y/TdlKthde+o0Tx6RvGlIJzez1h3lOjzWLLmX51JHIkLTi2YFIH+VJt1hqTMnLumkg/t0U1pp7ssHb7lDH218X7r78V18vfLXs33aICyzLKf39JQHlUZLECvIca0T08aAPiFFcZXGkRTGSkjKUnNOBPDomcRvJWdKi1y12B8dcuty9D882GpEqwKQv0pjloi571bw1mFXTRInXKWh4Q1Dg6do5YTAmQYJ0qesB3sP/c6IgIxx5v/0azvjXb7NMuTtQLlkR4frxFPfF+n0SEwuS9JDKcqpu6JwJCwfS63cHIleQgrE9oc91WP+gkYFoFCU5rqsMQmcXlT4LY6oAPvMLKyoyx9YbHjeRvjxUF9OpemsCnhqr/ZMSEhI2C7S1TPOY7Tc0XuiD7yK0yc+l67SfIxGBaBQlIa6uPrESo9TcijNKo2CYv3X0svaPDPspFfBV1/GcilNQ1C0Zj2ThMz9kGRVHOPxUX8T6xBPNb9SafwzQwCAvFaaY005c5r5uZTL8Av58HvZuqfMkpGV+GzGbHy58Aql2Zv2lJrz5TT8lpHEJRpR8RDr3GW9qFXlbQPOqjTRqQa3BgCAApinacgyT+MpDanEWiZOL/hTCuf7Jyw+Bwdzjp5WK9aZyqFUZvTvzTxvTInN83GZsO70rWXpOZug0tTMymrWCJoVgMJQGjPVKzMmTRlKc1GvBonx7ba/vWMlp4bfPaNtq7jjL399I6zF5o7y/02KNUrDIubKwvLw3CHbZ0L5TO0f5YLEY75J/LDSuKeiLssMdVBpeKJnEeMnAApGabz9NDx4CioNL3uP6OmX6zI8ovTDpCaOdPxxmbwx99ur11caViIjWnyPTH1/n+ZT1aTe5jf3N/M25elyXRfjj8dUBwYzlEb2CDdj/ARAwSgNd9jaeurRd1Wm0sj+uX+zlPB2O8o1ZCtfi0k0yJYPMjwXOTgRGGitURrJl9r53KScstqnh2bTg2kVE82g7KbGnGTiz0a5FslFfbhprdLI20diaFkACkFp9Lmn+R/Syzk+pZH9Mu2ff7VgFrnFdrXt1pMZrQ1yWGnyylfnm18xI2x24nwz9eSaMtmKLGzV8BSReJl2jfRenrJxOXygPR8fzKo0PCTD+AmAAlGa9Pnsj9YojXcA2yQg+silUDvrpiOakfKcSuOth5tDBM/SC1ayK+eqmRhyT2omxtPmkttkURoZ3WH8BEC+KU27Vpr2DKWxVjhnmb8SW3SVxptySRqBmPxJXzvdZo37m7h+dMao1Av/MCaoNHoqx1k2W3Ee7dJ3bitz+pJPWUpyI8tMV10nS/pN8y/KrTVK0+5t+LmApgWgACjrIY1wWCd4FmbtYCQxNja2Z8C7dibog7NeApM4Sfd7NvSqjCediZMTuaZZnJPBNwMACpcj6TTCO/CUQc5Z101MyTpk7OA3DsD/qdKMyh4ZTmnMaWkAANheeL06+vmeMVnluY/fBwBgJ3DGfetH2J0CANghqelu1joTfQGhAQDsnNaMTU19fessdAYAsLNag18BAAAAAAAAAAAAAAAAAAAAAAAAAMAG+S8UfYnBuurCPgAAAABJRU5ErkJggg==" alt="service ingress image"></p> <p>You can publish a port for an existing service using the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+  --publish-add published=&lt;PUBLISHED-PORT&gt;,target=&lt;CONTAINER-PORT&gt; \
+  &lt;SERVICE&gt;
+</pre></div> <p>You can use <code class="language-plaintext highlighter-rouge">docker service inspect</code> to view the service’s published port. For instance:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect --format="{{json .Endpoint.Spec.Ports}}" my-web
+
+[{"Protocol":"tcp","TargetPort":80,"PublishedPort":8080}]
+</pre></div> <p>The output shows the <code class="language-plaintext highlighter-rouge">&lt;CONTAINER-PORT&gt;</code> (labeled <code class="language-plaintext highlighter-rouge">TargetPort</code>) from the containers and the <code class="language-plaintext highlighter-rouge">&lt;PUBLISHED-PORT&gt;</code> (labeled <code class="language-plaintext highlighter-rouge">PublishedPort</code>) where nodes listen for requests for the service.</p> <h3 id="publish-a-port-for-tcp-only-or-udp-only">Publish a port for TCP only or UDP only</h3> <p>By default, when you publish a port, it is a TCP port. You can specifically publish a UDP port instead of or in addition to a TCP port. When you publish both TCP and UDP ports, If you omit the protocol specifier, the port is published as a TCP port. If you use the longer syntax (recommended), set the <code class="language-plaintext highlighter-rouge">protocol</code> key to either <code class="language-plaintext highlighter-rouge">tcp</code> or <code class="language-plaintext highlighter-rouge">udp</code>.</p> <h4 id="tcp-only">TCP only</h4> <p><strong>Long syntax:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name dns-cache \
+  --publish published=53,target=53 \
+  dns-cache
+</pre></div> <p><strong>Short syntax:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name dns-cache \
+  -p 53:53 \
+  dns-cache
+</pre></div> <h4 id="tcp-and-udp">TCP and UDP</h4> <p><strong>Long syntax:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name dns-cache \
+  --publish published=53,target=53 \
+  --publish published=53,target=53,protocol=udp \
+  dns-cache
+</pre></div> <p><strong>Short syntax:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name dns-cache \
+  -p 53:53 \
+  -p 53:53/udp \
+  dns-cache
+</pre></div> <h4 id="udp-only">UDP only</h4> <p><strong>Long syntax:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name dns-cache \
+  --publish published=53,target=53,protocol=udp \
+  dns-cache
+</pre></div> <p><strong>Short syntax:</strong></p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name dns-cache \
+  -p 53:53/udp \
+  dns-cache
+</pre></div> <h2 id="bypass-the-routing-mesh">Bypass the routing mesh</h2> <p>You can bypass the routing mesh, so that when you access the bound port on a given node, you are always accessing the instance of the service running on that node. This is referred to as <code class="language-plaintext highlighter-rouge">host</code> mode. There are a few things to keep in mind.</p> <ul> <li> <p>If you access a node which is not running a service task, the service does not listen on that port. It is possible that nothing is listening, or that a completely different application is listening.</p> </li> <li> <p>If you expect to run multiple service tasks on each node (such as when you have 5 nodes but run 10 replicas), you cannot specify a static target port. Either allow Docker to assign a random high-numbered port (by leaving off the <code class="language-plaintext highlighter-rouge">published</code>), or ensure that only a single instance of the service runs on a given node, by using a global service rather than a replicated one, or by using placement constraints.</p> </li> </ul> <p>To bypass the routing mesh, you must use the long <code class="language-plaintext highlighter-rouge">--publish</code> service and set <code class="language-plaintext highlighter-rouge">mode</code> to <code class="language-plaintext highlighter-rouge">host</code>. If you omit the <code class="language-plaintext highlighter-rouge">mode</code> key or set it to <code class="language-plaintext highlighter-rouge">ingress</code>, the routing mesh is used. The following command creates a global service using <code class="language-plaintext highlighter-rouge">host</code> mode and bypassing the routing mesh.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name dns-cache \
+  --publish published=53,target=53,protocol=udp,mode=host \
+  --mode global \
+  dns-cache
+</pre></div> <h2 id="configure-an-external-load-balancer">Configure an external load balancer</h2> <p>You can configure an external load balancer for swarm services, either in combination with the routing mesh or without using the routing mesh at all.</p> <h3 id="using-the-routing-mesh">Using the routing mesh</h3> <p>You can configure an external load balancer to route requests to a swarm service. For example, you could configure <a href="https://www.haproxy.org">HAProxy</a> to balance requests to an nginx service published to port 8080.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABHAAAAK5CAMAAADgnymuAAADAFBMVEXo9v0AoqKNxOK3x+DP2ermx6clQ1bM9PT/////4pGDv+LY7/farHu+zOOG1daXy+dSu748tra12e3q9/3/01bO6fjd8vre+fnlxaH///TK8/PU9vbft4z/4o0kQnGjZFO65Ou5zOPO2Oq54+ny//+04edVRFX01qOl4+TK6vGg4OH/2XB3ys1wx8qR2tvB4PGh4eK93+6A09MXqKgeqqq21Ob/1WFgwcQwsLH/1VwqSVvG0ub/4IckQl/5/f6DXlT8//+m0eo6Q1bQ9v/V4e7D6uvI5PRCYG/Q2d8yUGLH7/CT0fOVusHu+P3/12c7WGlRcH/gu5Xu7cGs0tWezumMsblJRVa+5ObV6/iMxebN9OsiV6B3st71+fp4maSt1exjQ1Wy1+3l/v9+oKynzNEkQmhoi5i02t0jUJiEprXK1udIaHfE2epcfIrItpr///pig5Dh9P1ZdoTi5eb//u2cwcj/99Jwkp1Vm9WSV1Tn8vkjWHHDzp756LMiWaik6vXjwJtElc96i5sjU3+kxczA9PSbX1T04pFvRlUkQYghZKrf7ve54OHQ5/Seq7KntLzmxIzR1db/+uD/7caqjm30vmr/3YC6gVyqnnaImKJwhpG1vMOSoK7Q0cK1qIQgc7mTx+b/01kkQnyKkZfx8fLN2JOx1tnNkV7QxqvM58We1/eooJjGztPt7eu+xsuBTVTL7dNofYrx67xFisWrc1Q1gr9kq9rUpHZ2x+mWuY3l6u9jkbKy8PeFv+d0WlUiYp7N8+PMmm68wKi2w5JSo9byz5yBhoskRXbH8v//2nmBe2heYmLdxqmihGeNhnKts6X32ayMbFRMfZOTeF2v4fq5xtV4dHDHvbSYlIUjTWja3uFzu+Xg3pFSaXdVj4OTrMhDeKO76v4kQ1oga3yKpqGHzfCX4fRXlsnt2cPJ1683cYTEqo+4mHnqsmfk79Sfvdh5o4f46dbdpmO+yrz8y3Nmeni87vWsyOKBs9HIrnfPzI7xy4AQh4zxyVY6kZgrpd0kVCAMAAAgAElEQVR42uydz0ubSRyH9/IOOeQPeA+h3vwjBNvSS8wpesnNUljcizSU9FCKlxBBPEULhWxa6WErGIhGAkKgh4IeLNTUsBZEBS+ak/Ha+86v980kGldrLSQ+T3c36byTeZeID5/5zrzv+0cEAOA38QdfAQAgHABAOAAACAcAEA4AAMIBAIQDAAgHAADhAADCAQBAOACAcAAA4QAAIBwAQDgAAAgHABAOACAc6HO8AYGfJMKBvhBObADIIhyEA/0hnOgAEEM4CAf6RDgTfp+TRTgIB/pGONl+r9/4CAfhAML5XZBwEA4gHBIOIBwg4QDCAYRDwgGEg3BIOIBwAOGQcBAOIBwSDiAcIOEAwgGEQ8IBhINwSDiAcADhkHAQDiAcEg4gHCDhAMIBhEPCAYSDcEg4gHAA4ZBwEA4gHBIOIBwg4QDCAYRDwgGEg3BIOIBwAOGQcBAOIBwSDiAcIOEAwgGEQ8IBhAMkHEA4gHBIOAiHrwDhkHAA4QAJB+EgHEA4JBxAOEDCAYQDCIeEAwgH4ZBwAOEAwiHhIBy4D8I538nU7dvozvFW8G4nUwo77OzrP7vlOgkHEA7cQjj+azEbqKUgRq1wNoQQzbCD4USIqQYJBxAO3E449W7hLA5LwZyFHU7iO8mdVEq2TZVIOIBw4NcKZ1MlGvu+3SEqNfQXCQcQDvxS4ci2B38HcnHmXDUh9lSLl22ldcNEq5Wuk3AA4SCcW9RwYk/EqZxVfSl1GWkxJd9m56cOnsjJ1ZYXnddB6KM8siJnYHU9gjjdCLLRnOpEwgGEg3CuTDgFVTHesGVjp4NOOLq+I6SNNm0xWalGNT7VHaa2pHxeWT2dkXAA4SCcTuGM7lts3SY7Lx6UvKgMK53CiclE80K75fDg0atYSojnJf/8SVs16lDT5CCTeprUcADhIJxO4Tho4ZhSjb8uRhumw+GuYl/oiZS0ip4pFZR9VClZiJmSXkif/tfUeIbESUN//kGJhAMIB+F0CSeZMn+eGOEMGdOs2BKx7HAi0T5q6iVz22wqNP6c/lRWF3R0OaimVRQzHyfhAMJBOFfUcOSUSPyQieaR0BGlHYES2yXPFY79nK38ROXcSovKW5xX9eaCzjkkHEA4COeqVaoVs61YR5qn7Q6+7wWbApsm2NhdgFY4/rxot4i8TDyzdRIOIByEc2XC8deFiO9ohDrkdnCF051wCkpQZhKlZlNRu1ZFwgGEg3B6C0eaYtaq5ZmaFfUWTkcNJ2qmXcFK+sz3m2/CIeEgHLh3wtnQE6lgarTXSzjuKpWcckk5iWZUWMvoWdmZR8IBhINwrhROsOptXTK11Us4i3ofTnbT7MMZ0tOpDbt3R28ObHokHEA4COdK4Ww60USVc171Eo7X3mms36uC8eK8rdxsiJ/YhEPCQThwv4QztbXhRhNln57C8WKflW4OP5pNOE178cODUvsyTxIOIByE88uYSKfTlx5Y+ZlNOCQchAMI52eCyk9twiHhIBxAODdOKW+/PmuvdJFwAOEgnLsUznpwURUJBxAOwrlr4cwJMb3lkXAA4SAcnksFCAcQDgkH4QDCIeEAwoEbCSe2/9Feq7C7v1+2jS35fnvr8n7Z8/CYr966e2qcMfzz7iHcFvdkdnzZclCyHb92DkvCQTgwGMLx1822X39DX4kws2Uru4rcJf30A6gk75Qjnum3e8GuGncMp1sgo3aL27F9LaiwN+la1PcHvPiUKxIOwoE+F072kb3OoKDufv7NLFnL9zMHb1PudQxhv1hKjG6/Hdb3plgX4vmHz+172zhjqCs0f/z92RnCbXFPFj7zQbeoax+G5LDnzy5e4EnCQTjQ38KpDdsbY0kdqLudR5+Ip+puEuo5UvZ2oZ391DWcDX3shXLPU/d6K3cMqZSiPDZkn19lbBS0uB294HnlqmNNWSaqw0123VxbTsJBODAowjE3xtoz7/LmF/9MvW8YRQQJpN1PTnf0VKewU1R6aLjdnDGkhU5NHgoum3Jb3JPJloNycFRf+1kwNyOtXbhJFwkH4UBfC6cmptNzVjjm13tD2iPbKpdMJee0frHf6JafNg/zXexKOM4Y9dcmDy2GEyPfaXFPpg7ou6qrhBMVWjhnnReek3AQDgyEcCYagQhq9qEKBWMP3zxpYe9Cv6g43E3Zeq96ZIOuyrwKtNQeI9DL8AXhyJaOk/nryjVBDedLyb/wURIOwoHBqOGEIogZu8Tat/Rz3jr99ORqxDw+XKWVE/nPbLCw7YyxYZwS3GpUx5mwpfNkE/ouFgUxooZueL2FQ8JBODAgwtHXOJXPh8Ob8cWGO5eJ2sI5KXr+W/0g8Xkh4l+HwwVsdwzZb/Rj67uzuu20XDiZvpvX6P5nfdfSIfsU4XUSDsKBARVOsKdG2IJMNKUXlS4TjjbIkJgt2XWnOTtB6hyjENxjtNm500a3dJ1M682uW52RcBAODL5wPP9bKhUv18ySkwwcJ03vUuGYZaeartN0V3fdMaKfU8lq+rVjDael42R6uJPe5R8SDsKBQROOb24HOqQlIsPIVMO7XDhGA5vaDKf2iK3TuGNM6NpzzLmbqNPScTK7nbARLHTZunU0DE4kHIQDAyac7Lz406x0v9L5ZqbUs98LO6WSLWp/oPpMM7h3aDjGivhS1+YKqzROS8fJgoTTDLb+1ILqMvtwEA4MqHD8ObXSPbGufsvVRQjNliLtZb/vNzqSkAw/H/V//1JPtHtR9yYeKUGofu4Y5mG+m6biowdxWtyOsml/uy4VpCLVpq5FD6ujlzzagYSDcGBQplTqQVJJoW83vBJUd8U/9VpQ9Q1rufO23Fsytwu1l1nqfs4Y6thIyiYlfdBtcTqq9lm9D0ejFLTSfkvCQTgwaMIxFZhNtZ/vsOy5wpmtRx3hmH5ZtbItxvVe5G96V04zrO20x/Cy/6pjmZIXHnRbnI52p3L0WTispx7YKZJbXC2OcGDQhOPQ6zlSF37x0+nwhhTdn3H+7nS7pOXiySbS6VKvYUk4CAcGTTjc8Q8QDiAcEg7CAYRDwgGEAyQcQDiAcEg4gHAQDgkHEA4gHBIOwgGEQ8IBhAMkHEA4gHBIOIBwEA4JBxAOIBwSDsIBhEPCAYQDJBxAOIBwSDiAcBAOCQcQDiAcEg7CAYRDwgGEAyQcQDiAcEg4gHCAhAMIBxAOCQfhAMIh4QDCARIOIBxAOCQcQDhAwgGEAwiHhAMIB+GQcADhAMIh4SAcQDgkHEA4QMIBhAMIh4QDCAfhkHAA4cCvFU5s4k5pffjQutszxBAOwoG+Ec6d8nVEJJJiZP9uz4JwEA70iXDuiPT2TqLueQdCsytbEskfH+7sdPwkEQ7cT+Gky9tpzytLzbQ8r2WEU5bN8uVAvvzYLtcRDiAcuDUvP8l/pVgWIpE1+ZKPRCaLx0LEi7L9vWw4ikQq8uWN7FV5ydcFCAd+nmpCFOVLQoicfIkf51ZVa3F8XP01crRUjT+MRJakcCYjkbwQCfmy/JivDRAO3IjVpYxyiswyGfmSESO53n3zcRGXL++ESMqX3MjxEt8fIBy4Fp8qecceMrXIl7Gxh1d+ZlJNpqaFqBpHPVefzOWP+DIB4UBv1zzWEyM7PxJrkUgltzB23U8/HFuoyP+OiGAWpl7yq8t8r4BwoJujatKpAL8ZOc596tW1eHzcc4Y1+b6YqZg683upMFNunvzE9wsIB3QyqSxVK+FS1LIQI9IUjyev+ERViPEb6WtVJDIsYSEcvoJ7zlrlTcckSOWWhbHJ//vYNYSjBu+coMmp1cJ4cYE1LIQD9xBllUxY5lVLUbncwjXLvPlq9boLUcurMjV1laDfL7yZ5AeAcOC+8LhSTboL2WK6eLcnPFrIFdtmGzcvY5STEQ4MNsurS9WOrXpqprP8u/JGMZNwFrASIrnATwThwKC6ZtlcjDBmarmrkcjL/G+f28jzrSXdBazlRKZIPRnhwGDxKa5/y4OlqPi7/C1WqnPJZPU2/zNrlTVnAUu776j4/oh6MsKBvif/Lr7kLkXFbz+Pud4q1f9lndX8O2cBS76oy0QpJyMc6Nc5VF5dpDDdsRR19Csqtf+xd70vbhxnGNoyLCXQD6F1D4JLwdz9DwunCLtUK4KRCuEoTVXC0YOUq3NYuh7Ohwt4U4zPUC17V3BX2sQhJ3BopA0CnwNyUuOSK6Gt6dGYpFUQ8RVKDCkEkw/px86v3X13V7rm4pNuVvs+H6yxpJtZvTvzPDPvszt7JIQj0TYHLH8tDSyHkAF9yeHZQ8JBpIhrDEELcigzK8o6wpsMLNOsH/ERm0XfwGJUdq7QxXwyEg4iHWgWiC6tqBa7l7tRT0N2pNbXgIHFr0FsOCzZg0DCQSiJTr1RqIl0rMHTsYW03bDd89x2aGDJDb8wnYyEg1ALFbtOKaZPoBVVSe2N2i1KnEZgYNmE6Db9OZhORsJBKMA1dNVR0QlxNS0vraiGO16uaeh6dQK/rD3QgYFl6csN5BwkHMSxwlkmDS2wosqlbnMCjR6lS3UgcmxJGBpY7KXecNt42pFwEBNG3zIbGrSimJ08oRnAxAiHI19rMstKGlhV8UubHm6xg4SDmMgayrCE4DMrSl43Z0zUzmm67uRd67bLb1GXBlZJvNQwnYyEgxgf11CK8XRCAisqb3ddL0uZjUqjAA0sopc97BZIOIgxoGUOdC+wonqk1DWyyboVtgOqb2ARFpKBWce9LpBwEEcEwzKbCSuqd5xD/tg9arquDA0sdg88nfTZuGM7Eg7ikZAzbPpvgUAryjr2fOlkk8YHoNd0WEScwMdiaa0appORcBCHBkuHOjq3ZKQV5VQVcYSVIRwJq1sCBlaXFE3sPkg4iEPANgfFPL8dSudbOBSrKt1ArRrhaOKCgEFgYLH54KDs4AU7SDiI/zOv6VtmR2Ql+sFdUR3FtsRrW5aS3lCr3QcGFs945UzcsR0JBzGcazqh7yKsqI7TxO03D4mcYZlGPJAtTCcj4SAi46Ssc2GWVlSp6hgYlEdA36kWQwOLvpR6uLEXEg6CrpucMrO5Ayuq6Kh+xJ1aapwgqwQNLLdYdbHDIeFkdQ1Va7KN884Jc6UhrCgjBWsoBZPGo9FjFxYEBhaPses0+9j9kHCyhJqU3dCKaqYnX5MqwuFotevs7i9pYBXEBU1NA9PJSDhZgF0t+hfIMitKLzvpSmmmj3D8BZY5AAaWzu0sDdPJSDjTikrTqdIZvhE4KOzmqFzq7ni2PS/Nl7j0yjowsGqk0MUFFhLO1K2hmnZ4jYi0otK6WW/694SoVaCBxeaZ7Yzddo+EM71oibSBqQVWlInX16gw0/GYZeUbWOJx623csR0JJ9WwqkWW7+gSsqyx3YAH3JfNp7lX52u2PT2LEKPe6GqBgSW9wh5OdpBwUoaO59/J7FtRVEdbU3HpWWqTxgfAGejAwBroy3Xswkg4qZmrVyJ7tfTZFsT96bnMdRoJR9NydOmbKwYGFrv8ctCoYz4ZCUfp5QblliLfjU5aUbWBaU2b8TqdhCPOX59dExh9wFfLxR3bkXBUlEi3WwL77er6YEr32+1PUw5nGFqe261F7tlnFiOmk5FwFEHHc+WFrMCK6k/xrYLZGHrtRgEYWHWilzGXjIRz3FxjaPxWHWBFWRZeMz8tYCfS0X0Dq0RfzIHZxLgg4RwPwM3IzIpaNq0s/GrD8+xMsY7R1kIDixD2nGMXd2xHwpkgam63FHlswHInOz9+ipPGB6DfdJqhgVUUL5hORsIZM1ptl10JT6AV1crWNpbZJByNp64qVGlCA6tHSNHLSkoLCWfiXENnMR3hQbX8LXPrGdwyN7OEQ7EimMcuQAOrXSw7HRwfSDhHCrPAJ9G+FVVoZPYhsyna8W+cM11oYPEnvHumZeM4QcJ5VBj1BqOY0IpiuUPcHhdBF1i2xe6N8w0s8UC+NqaTkXC+qopZYT+SVpTdRs8bEYXnlPmjsISBVRWShKyDhHMYrskJD0paUTXaqxr1NmYHGVR9LtVxo1uEBlapdA6jhITzpVBrFHgu0LeiCg3cvgYOrAwnjQ9GrxMYWB15I1bVaWI+GQlnBHJ2neWCO+HTG+lLHifHSDiHWojXa6GBJUSrhlefI+FEUbFtMR0Gz6e2MP2HhPNVJzuWOQgNLLos1+lEp5Xp/oSE489rNG40yIQfe4CR2XXR4BzNza0WyvWXRLOsAwPLIQUTCSfbaJvLBdgjSg2MCeIIke8IIZN6VhZ61s5gJDJOOBXbMiNzXmZFdXANhRjLCos/Wcc3sMTC3c3Yju3ZJZyK3Qqyerbcmc/1uJmAxjdifJOdduBJhDu15TKTTs4q4bSWdd+3ZFZUqeui6Y2YIGrmsh4aWDbRl7Oxc3L2CMcy+VNaAiuqhFvzI45njk1n0k09WMyzLU4KjWnf2CtDhJMzLHaTwiBiRRl4ByLiWFdYfXYpcnjnjIOEMy2I3l1n4Tb8CGXQ81xXqCDOcKYGzIrqUKYpnnPxChKEYhMd0UW7hWnP5GSIcGw6tTHQgkIgkHAmoSEVXEMhEEg4E562IhAIJBwEAoGEg5gOrDxvnueF1Q+3tz/+jnjzwRthWWLrT5/J0oN/bDtfiE1UH9LvfXYWfo3+pfP9fLIca2zl9e1t9zeJtyVgtbTs/PxUcITuD7UhFaQquKwci8v4gps8kzCKKgUXCScbq8ldsvQe62MPZgnDT1nfu8uL5Juwm75ALvLCzH/4Zy/RP1p5ixdP3gu+NfNb/s5zZ2LlWGPa5ptBY/Bt+V9Y7RO8vMEq2brMy5/kEhWkKbj5vdO8fPv8BII75EzCKCoVXBUJJxCCGNXHODwUzNXnKVV/O8Hg2lDVGSXpQAaGUD/QIfjpCJFWDj+ifZp1uDU6JG59/iQhT2naHTocvL8tEPL74Gublwi5wEvXCbnv0X68o2m7dGj8+hXa7Rf9r92R7zxzKlqONbZylTb24WW/Af9tCVjtOiv/jpArp9ioFEf4UaICVTEsuLQ8/4vP3yfk2qnxBzd5JmEU1QqugoTjCwGk9yEcHgrmuhCWmzEGF+wAVAeWE6oDZCBJ/VCNwaejRFo1Bd5kkeTdlB7wqzSyV2kH37xMdmiYtp6VAaD4K4sPHxNbC/zdO+S1M3R4sNEwx8cRx9qz5DZ9h2r4O5GyHFdBY+s8SptPkmt5+LY8KFAt7fvPneBj6R5rmda0eomNj0gFqk5vhgZXe4ws3eNvBZO68QV3yJkEUVQsuOoRTiAEMaqPq3EgmDSKSx//kSrKfoTB5fmLqk5QjjcGZGAI9QMdgp+OEGnVMHOJyG468z3RvbYW5vfpAe9rfEy8KA95jlPmBcGeGyfY9z4wF2n3vCYGgh+2OdZ3uVDv5GE51hg9aRuLPHh0YIG3tYfNr+c1WC09MR8J8n+XxfRt/6hgBapieHBXbvBfB6I2xuBGziQPLoyiYsFVjnACIYD0nuRwIJjXyUka761ZOsWBDC4AVQeWY41BGUhSP1Rj+OkIkVZuTLyw9LU5f0y8yzmaHvKq7T3OfjkdGjmfVu//5IYIxw36vY5tnBXxZb9yLyTgOdlHr1ItgOVYYzTeO7yxWRof8DYdNey7oNq12fl9ITFXTq3xUzjDjwpWoCzhDA2uVnv5l6y8R+bvjT248EzK4IIoKhZc1QgnFAJI7wk1BlRPyYjPZz6tvhphcPE9oDqwHG8MygCk/tWXmz/WImoMPh0l0sqZKPbjmuim9Igvynmf38EpoftH/PAbLK4XRHhvvc9i818RpWiaYZecfM/vwrAca8wfgDw+4dt01PAxAar1BxY7b6s35DT0nWgFquLA4FIZ8ucP4wwuOJMyuCCKigVXNcIJhQDSe0KNAdXv0ZeZvv0DHj3A4D7hBKoTUaBYY1AGIPXT/vDvqA7BT0eItIrjQgQrL2aDbIV6Uy72ZyNTahqjC+KFoiQTY9eJzv77dpAgOE0+EX+6cQaWY43JusIuLU+Y1hEPCQ6rnZMDiwvFGleBf10bUoGqGBXclbA49uD6Z1IGN4yiYsFVjXBCIUjQO1RjIJhz5KU3FpgBeSZC7DInDFQnqUBhY0AGKpD6dwXhhDoUEYYRIq3umGDkuPQr+26QEqe9lDytDR0T989rD//AzsET9G9+9meQD6e8T+4br9M/3TgBy7HGqLxfk3n5KOFofpber3ZdDrhdGjyWk//79iwbjYkK1CacRHAZ31xZnFBwo2cSRFGx4CroUsnzkqT3mBoHhEPxz9PinIUMHmRfQtVJKFDYGJCBCqT+mVrtbESNo8IwQqTVHROa8NWIyBnk9xZ4WmvYmNiQVshTNOoylxZ4IGuXZSVUCmA5JsKXJDfPDiMcWK3P1kxb7vAjWr1LlvYTFShOONHgcmf19uJkghs/kyCKigVXXcJJ0HtcjUPCmf+WtvIpS8YABvcnRUB14goEGgMyUBlC/aEORYRhhEirPCa0Bx8UCrd6l/hvo8c///Sw2NPeuOP/yl0yL/Nn4dUgq6/8pVD94rsiXQDK0TFxI5YliBAOrHYvGLAvVmTL7I8SFahOOJHgsr64szih4MbO5CqIomLBVZdwYvSeVOOQcG4KfnoGMrgW2lSB6kQVKDrDCWSgkqR+oENQGEaJtMJjYqXDJ2zrvJ8/Rshr+0Njz/LrLAu2+ib9lQuCSvfC6WVF3HZ/lbm1sBxr7C0Ri3U5+YvNcEC1cpFLyfwia/l/7F1daBzXFQ4tvgyxQx6C4ywIC8Pi7Vuf+qjJRilOjZIHt65osTZNFDZIqelitDVyjY0tBSMptJalgBKrrooqUJEsVCLbChW2K2MvopFj2ZErE1GiGIxVFGq2L07ees+5f+fO/sZ4tdfKXPB6tHP2zMx37vnOnTt3zsE7CziRoALHCccCF3rv/fg6gRu0JEXRMXAdJhyb3nOjsSYcESSusR5K7FqMRh26bR2MhoFc6idxiO4tEKRdJpwaASY+atvDR/zbCmBfw4bnxPhwLCaf7M7qMNvXhRNb3FmWre3gweQs3LRyJotwqFq5+pJjepWfACyAAIUNOQocJxwKLoxvnl4vcHMsSVF0DFyHCcei9zzR2EzV4YClF6dfDIPLOTgSdawIZB+MhIE81E/jENlbIEg7Pq/5tJfaA4NC3gPZs5+f4u3HnjefafUp9vzSLj/v9V/it7O813fvwt9MeX13OhZxOL/veS/7ItxK0m2lRB0MVlId8DYxNdOvCAflqFoYen7PS9dC3+eB5ULUy96EQWpQgfuTxgpcuKIeBPdUtOLg5rEkRdEtcN0lHIve80XjmF6HI6d8hiwGV7MvJurQ7cDBSBjIQ/00DpG9BYK0qz4xJ66THeb3pvtg8b1qR6NyuRgZXdbIfRzHF+Qm7/XXxIqCXv7XK/zfL61trUTPoNcw63UP+bVcKkLUgg3V2ylwhvpNlYAChwknAK66IECw4uBalpTrcAiKboHrLuFQeqccLgIBCZijnMHjqW8ARcrgQo5GHbKtlahOQMIApX4hR+MQ2VsoSLvpE6Jj9eFLaTPNptfDHBlHoUf5hJxv3wSLsDtfAipfvYS/OWDe+ZmHdQidv/Ksba1EHyx+DF6ZXtlqn4OSM2r5acFKuLqvYaYija9SH96bR4G7hBME1yKcSoObz5IURafAdfiWilA95fBrzDz0QKqXb1Oqt2EVgws5EnXotlaiDkbCAKV+KUejMdlbIEi73Ubkk/5SLdXW9nc1VTnR1vaUlTARdubbzrFlkX0pSy3fVpNfaXLkYgpCcIthk7YP4Qq4bhLOBZveLQ6PGcKRo0F8rwoDC2VwKWeiDt2OEcIRByNhgFC/lCNxiO5NFQjSYQtb2J4YwslP9eUGFsrguVGnWAQiYSAP9ZM4RPcWCNJhC1vYnjjCCVvYwhYSTtjCFrawhYQTtrCFLSScsIUtbGELCSdsYQtbSDhhC1vYQsIJ23eo9Y1/4X9bufkPd3npwO82fbiryK/ni+6lLRUPwfW8VRuv4uCWe5T1BXcjEM6mMrstkUNjBJyjhIHKd47EBsD0Gk3BUp5c5BC7F/xd5AS+EFeg4S/K8ohjjpemWh9wIyes3DXFwS37KOsL7gYgnBK455VDYwQsUtxAZTtH9rOeDbD8L1Zmmg0iF6nFpAc24dQWS+9UfC9pBxsdT8G1PuAGCac4fOUeZX3B3QiEU2a3pXJojIBzFDdQ2c4x62hGnPXxiZT/LVALOFCRu4OuDTXCeVRwPT/uPX7CWV9wv8uEE3COEoRTrnNsYT2+C7DEs4ObV+9k3vo9v1c8ffpB3EsvDT6HQ7DBQZGeI3VmEMoer2LptMgSFMRZHT+d+eIAgjE0MX6646FGhGubz2SwxHF66ftx9R+RE0H4DCr7618yHe8+hd+N8ZOQBZvTS5lMx4/EsbnEHzef05gS9VJuhzjGM6uZjp99w9gM1u1wp9Mt7ei7kel4ANluMm8BcoP7Jab7KwYul/tFOeB62fFMx0PTny1w+WlkxGlUBVxHCKekc2QHn0GIBjejFW/7BmCO+0scz1ZdDJwDCYg/iNr2o3JoDOEc2RvcFvtFN0isZTpk7XHdO3Kcg6qnzrE6+Pna6dYzXaxT9rmq32liq/v5G/DfkH9EVKAw+YBELS0uByk1FljdXOor8Yu9qmSXLLRMtEE6aDkyxP+IHPpEDL6U7+8nF2VJFN4gidpHeCJspRkLCeqUMEH13qZ68Z5uM76tDyeEn3NuDVLky8Qf4AkueudEaamDKjtfJcDFSYHS4EL2KJp63QJXFc3+c5XAdYNwSjvH/3BD5C9O1bLjEuC7HGCNe1OgM3S+bNmPyiHhoHPIF9GnfPzZXdF7PNI7cpyDqifOIa8B/r573o2BHzv86p/wdfYrlxhbhLp9PmbzUGWTBqAyIBRAHgOkh/xpxi7fXsKiyXCRK2ffZ6r8KGjb/oCzKVtUQ0GJoZaThMO/nGbJ1rNr9XyoBz9Ltl55A0t38eAa8+IAACAASURBVM/WU9cBnfgoP6mz1wnhEPX99bwfnPkMugGqf6VxZbyezZxsdo1wVqAgEes8+QFcvazb2KtSGFQCXPwoCS4AuP23V3YawiHqvQE4jd9g0eyqgOsI4ZR0jiOI1iz2QkjnqQBm5/HHyVehvMOi6QwzP/kK7UnsR+WkPbHy8q3bZ24q/FcG30c7kd7hBZ2DqifOAerr/p08eZN1/mGHG5h2zyFkTTIHYg0mEIqxpApnvTLRHAc5fYgtc0yn4gg6lrWGIj3TKh0r1wY1dvj9/pAf8AklpwknIiqS1nDt/DvI39u/E0sIYmr7Gs7oHLZ2Lw4oG8LR6kcheuOJg524YMrnZ+bYHA6eGPREGKWMipJPxzFyTlUOXPgoDS4/Hfj6YJcuU0vUc+SnRNFs5Mj1B9cZwinhHOlJYThhxe5tBGCJJ8dN5raXdtoiWIQSjpbThBPD8i7cFhdkH4pjDWbSO9A5POIcVD1xDjD/l14CUiL7jmDajmM7LEN7SJUjhsirzg8TMY/ikLK/Pvkl946xVCIRH0VchmX+1ntUG6ZptX1Cy5kRzgCre/2dKCwPMIUKmsBToolEguPZIHOn8V81eEH1iRM6JVq7SrLmXqEYXd33qidrA81COSN+cWOVAxc/SoIrazvyDmoIR6u/phOUQorcKoDrDOGUcg4YlfY3YomXATZlAVyrANZZX5WdGgKEo+U04XAFne++h/PHugpE9za7dwScg6hPE+eI1Ir86a7UbdAFcI6qOUcOJ3LpPe8Ftnv37vr2yDl2IT2ZvNE4vK1GkK9s0BnxKnQaXpighP8XOBq2T2g5QzhC0a2HvspvJner1t4rRvtmGp+o/5vs/3homWTNScKZ0xeAF32kHu93WporB65EuAS4UH5GaDOEo9XLGgDyUFUA1ynCyecc6RN13HzDL0NphF62cp1dAE+nAKtuu2DqH/VETY+lhNNgmTUmy7vz27nWrZpIYrjb9I4c5yDqDxLnULkDHSKcBn224g+oqIMj/VG8tuM8zvX8tL77v5PsBwNQFLZeXTUggHOgikVhY9nT6OAVLggMtZwhHG/1nybF7lgen5gWU3MW4Sj1/5hkHxPCQaxdJJx9UZtwoL4djsMrB644XClweay+Zz11pepr5KQoRNeqgOsM4RRyjoNoqOQcrBYYZcu9bOgjcftKCedjE3TEGEXbk9iPypkAkl7biWr2qs4NpqC9I8c5iPo+4hwqjjhHOJrE4RaxaQAmGVYHoe3ndwDD42yIDxnf7sIJk+1zKd/3U4m4dCgYbV6k2vggtKVZAlWjJ96FHCEc30ufgoLvDfJniA+MBrn2eCqhPekEIRylfkKusMRS8NJ8LhJOT4BwYNLmP/zeqYLgysU4JcDlf18MEo5W34vZvUVZq6qA6xjh5DpHegnt9xw33MyLbPEI6/wUJu1tgO8pPD2CNNqT2I/KGcJJxb2JpX8xHPQejWrup70j4BxEfZo4hzKrw4QjSo+SGUJMOr+M6er5RS4w0VNnWYsqgaOKfmEtxzgW4wGgcCg+IDDUcppw+gQq8na3wRAyAtm/kzUtiAkxkPCC6hO1qvIXmk/4xE73Jo2PBgkHnmOYKYBKgAsfpcHl93IAIM4H5FEvknQPKCdYb3CdJZwc54AJ/+5mXIVw0bMA1njqQhr4vAqKxXvEflROE84e1gI/GrUJh/aOHOcg6iPEORThuFLsNx+m/CIUK4s2jasA4Ot29JDkXs87BmVv+EV2znn9XUochpRNcajgvgwOcN+PrDE5XaPkNOFw+m3ZinrGiE+AAc8/5fVBDR9uxeEf4noD8lhcqeceej8KKvmAVdoEnla+5jrhwBNn6/WXxw4ufJQGVwK4hxHC0eo5ktvf9KCoUnt1wHWXcILOAQHkfBysCndOBGDEEzFc1ozAbZK9BLc+xH5UThMO19Pkg54eSji0d+Q4B1VPnEMRDh9Z7/IdxRQgsOrYLCDG6UlB7QtM1NFJzunFRpQRdDGeSbNN5MwtFQT1Xzcy5SfSJyLgkJ/g9AYeqaB6tX1RuzKucRpznXAWAlXlHju4+FEa3NS5wMI/ot4sJmyuDrjuEk7QOQDGZaxWBcNWArCFp2QEbU9iPypnJo35/uQnjAzf8WEV6R05zmGpN86hCCdmD6xdmhcD9JJWwWTOplNiJIfUnsU1jis4g375Dqxqe9NoextuGWZgAXg/iLWc7UIgtZwkHP5lah7nxVYOEFte5RZcg6mx5NcAziqU8bpFH4sb9RFckIV14uQdMa6vbHCLcKw5HFF8blIvwqkMuOJxSmlwsVjS8B1COEa9RyvvVQFcZyeNc51D/K0quxuAufzriGdUd4bOT1VFq1RW24/KxQTr8I8sLvU+/KxnJo3hYZXpHTnOQdUT51CnDfWpnH19czYvF5JXAifa2n6nGH6CFNyBKXH+xWtazOyy5Mh3eYbpUGDH1yreszoAVR8xZ6EUjiScz4iTfzKkKuCmaTmkgHrQH60auA6/vDlbYqBAAY5AeSgSffwRWnaQmJbKyTaSv/oV6R22cwTU5zrHyIirGXGONJaZY6NQSKhwxHmiW2TAnh8LwX2yCOfRnSNW2RFG7EnNP7GFsUd1if+zd36hbV13HL+TLycXGU2rjW2wYOA7r21gm6ZtZgURVQq2LJsI90FbZKitel6y+cbZYmdlRYE9tGE0EZYJ5GF2HCYyMwpzPUzJS0I62EMDg64sJTTLCB7eQ2EtlA1K91DCfude139iSb62dI/u0f1+Cf7Z0fXR7/zOOZ/7O78jyQDOfjL/1PM/EFxZgVPL4njG2XOiZ5ikn7D1X+uNqYebtL8+LP7d0LyY/RS72YvgygqcWhaH3c9WdGfzzukX11fyh/7l5WVHO+1w884r9p9VNY7gSgucWhbHz5eXnXTN4eYhORVHCGQGjpvHHlMLggAcSKhSqdSbiAIE4EAiFGOMFREGCMB5UsvFYvE8RhrAkUarxeI1AEdaPaSlsYpZDOBIozXGXgBwpNV5AMcJrays3EIUABwABxkOBOAAOBAEeV4ADnQ4ra6uohQPATiQEKFoDAE4ZfXmwsLCQ4w0gCON5hcWmja0KBpDAI7LhKIxgAPtCevDh3gTK4AD4OzR+ZGRkRXMYkgavToysgbgQBAEAThQQ3Rt/hpK8RCAAwkRisYQgFNWtxYXF3EvBnDkUXFxcQnAkVY4pQJw5BJOqaQW3i3uiJbd++e3ABwAp5HAefTo0RXM4noLn+zsmBYePXoVwMHqgCAIwIEagvBisZhCGCAABxIhFI0hAKesbs3OzqKGA+DIo6XZ2QUAR1rhWBzAkUs4pQJwIAjAAXDsbqlSmMUQtlQADgRBXtJBgDPGX1nqMxWk79p8vgyZnM+XI5Pw+drIBH2+sHVVkn6BzJymtZMpaFqBTF7TsmSooTkycU0L+3wluj5itTXh8yWstibIZHy+CJmS2VbMaitNplXT8lZbvMm01VZM05JkrLY23Utsu5ex3CuZ7sW33ctabW26177l3mZb4epdjWx1dYd7hS33Wne5Z6+r4Xp1dc9I7O5qvkxXSwfoanz83r2pSl1N2u1q3OrqXvc22yo3Eva6an/S5Xa5F6ww6fbvavCQXT3opHPd+uItt4/VHTiFiS+6CuAAOGbR+DaAA+BY7k34coX6AidGfgXTiuI3NaooSsLvL5HJ+P0ZMiW/P0Fm1O+fUMyrIorSSSasKFkySUXpIJNVlCSZTkWJkKEL2/z+O2RyW20FyQS32sqRueP3tynKjNVW63ZbHVZbrYoSJjNjtuW32tp0L2g2+b/BM2ful6y2KrnXseVeeJd7E+W6uts9/073DtvV0pNd3XQvueWera7aGYl9upqz2dU8Aed0lZG4s8e94JZ7Nrq67V7bkyNxmK4mq3c1WH1UDzzpdnd11GxLKdfV8iNxb2RkUZ71xRvhzMvUOcPZDEoukwt3dJAzSrajI7vH0EOtluncMjPbhtzu3DZ0Resus39bSpW2Osu31UNL42JHdfdmdjX5ZFvtNXRVOWBXW2vpqh33qnfVdlv5oaGhqUpd7TxgV2dEdHWmTFsdNU/gfbqaPUhXv5ghs4y9IM36SiazFvOydQTOXDyenhlN8OeRTwYB55oCOaB2hMAJnTWBI5U6EkElHRuLxOsCnLBvQuKp1b+4uBjFLIakwfjS4uKSjI7PZMw6U83AKfh85mYPgiCoojJ+s/BcM3DCPrOQBEHbd+EZyhvvIw7Qzn2V31/K1mNL1VqaQDShXeKnVEsIA7RTkYRSjy1VXO7aoDo0NIR7sQPA2QBwnNHi0NBZWX2P1QycuNYr9/DxU6qLmMX1Bs6ZM2fmEQZHJOEp1ZbSsXSNwIkkIq2yA2cDx+IQgCNAyYT5IuZagJPwma90lFf94+PjBmYxJI3mx8eLkrqe85tvpagBODGfz3xhNgQ1g579JlQvHd0b3rDffPdVDcBJTwTvVHqF8dGvQHVT567Qftn1/g5eGHwsR2SzOwP7jS9B9dLX9yKhNdM2N1bjKVW64t3ia4h5/bQbON93vb+MbfxLjsgeBXCEAUdR0jUfi8sOnM8ZY58DOPUHjgxRLQuc77lcFxi74HYfKwKn3WngPOV2PUdL47G7XSwPHHf7fOHChceuH/unygHnu0dcrrOMnXG7j89WBE48XhNw5hKZRDXgfNvtkTnyewLOy+528TvlgPPcEahmfQvAEQucoL/6ubhi441Uo3IDZ2BycvInAA6AIw1wTkxOngBwpAVOt/uXBYAD4Eg2ax0DzlwuIfmW6giA48SCGBwc/AGA41lVAk44kiw4WjSWIMM5efLkMIBT76gyxqYAHGeKACdPDsgKHMdPqYQDJ9TVWeg3pdr7cp+WxryNK5P9yYHhbgAHwGm05D6lairghJT0LXVLOsn8WvULB866qle53HxA5y0a05EBjwMnZEdHQkfOnTv3sq1LARwvAWemcyxWE3CSmVLQLcAJpdP9hAgjGgi02Nc6/6goOxf2BKKGrk73DXgTOKGuAqWOFpf30U7i73+pbkxPhweGARy7ySOOxd0BHCVGyyFqsSZgXy2Tk5P3bV1oKqpP9w17Djih9rEdqaMTIpB3exk4oVCXXf34xImLti5sYALpAeD0jvWrBmdN1DjoZN++J+9znYmzqPAkp8HA6Q6lKbaqET1I4ngwUfZIIA93exI4oa584Zb9WXgwUfrYiOzRMeBk23ITrgBOL+U3tCACurM3Yj1KzyE6x2kwcLritByiPSYXAoFo3bWZPQaMPuG5owuAE0ovm4UAwwxEnRWNGoauT7cJzx4rAacjmc03RdG4Pc55EzBUx6XT0wheGY0FTheF1uAsdya41o2dg5znjsMeA06oN71dCHAqfeTZ44A7gKMozXFK1aXdUqOOpzeb4sSJeAY4VmgFxJY/iegcp9HAsZJHq+pI2YhO6Ug9/5lZk1l5NPoi3a4ATpMci8fGeP3GUMWIr4wBjwAnpOVFhdbKHbs9BBwOc8M8iXAyroaZPYq9R1YCTms2X9sn/oVLo6XGA4cPXKAlKog3fI709XkEOIRyXRjKheeOjQXOJm8Cm6/ycjZ7FEucJj+lGovxgVOFKdDS03fUE8Dp0vrFoVzXOcmHPQOc+LKw5NHgxBkAcOokbVlkgsNTnB6R94sGAsfaq6q6oMBGxQa2scDpjfcTYaMCs/Ju+YFTCLe1NRw4PDUVmeDwaoPIPVXjgBMSu1fl5TGhm9VGAseKbUBcVi5yu1rxWLyj0ATH4u0a3SoCAoFj3om7PQAcM7ItggM77A3gpDVeHdOF3SSFpjjNfUrVq1HGGBUJHF3oumgccGIxQkBUcGAj3gCOluav5BDL8gH5gRNvbzxw4hpF0xAJHFXk4DUQOGZxTGhkabPqDeBYJ6u6SJYLDG0l4GRr3VK5omisaTR0Qnkjdl00DDhWmUFoYKNCizgNBI74OoDIwmNTn1KFABwnq/FCF4V5AOgJ4IivA4isjwE4dVaPR4DTD+A0TR1AF/jqMceAk58Lh90BHB3AcSLtB3Capw4gsPDo2FsbNK3xRWMAxykpAE5TpeU9fWHpT6lccCwO4DilHwE4qAO4Czixsc5OAAcZDoAjAXBaGg+cZK0fwOWeojGAgxoOgLNfDafRwGmiUyoABxkOgOP2DMcrwFn93draLz9R1ZWldfrpSnHpMzIfLK1Pq6sLa2vnJnvMH+8/mL3ds7rU88E7a6c/U6+8M3t2XUcNB8BBhuMe4OSzyaTrgaN/zEzdnL7KLrWp6s8Y+1BVU8+zm+pvrEeYX0390fzmQ8uwY+NPc/PbaWQ41eZw6r131s5N9amp+SWCtk4Mp3FIcaDzR9Ze5T9eKa7/ee3ceqq4vkLcn5pW3/v009OfAThezHA6a/1DeFKcUl3/Ifv3evFtwsobjI2q6lXGLk/z//UTel6bmv8L/5n4w44NnsqQ+fvkAw6bfy4Rc+6ghlNlCl9/3aTzKR8F8xWVQ/tujgP9WOb6Sxa4KdAU5A3G7r5n/cfGn/5KXzaO+QAcD2Y4njgW12nGl+hG+xL78MrrlNukCD03cupH7NLEu+zGBF3xMfspB87djBolcyOh6lfNJOiN4+xFZDhVpvBVdur2/IPj7FfG++yyzhnOCX2VXTb+xtjt+T88zXNHDpyR4zfJsHtLFHt2d4qYc1kHcFoOlzxu1wH0A9UBWprgWHwsn826PsMhbrw21aIaurkWpq8fN/dQ79OOamX+E3p85YEFnJuqudF6S+U36a8mVI6mF1HDqbImnmeXTV7fyH1kMZxz+srb7BWK8SsqEehpCiCR5i01ZZiGM+kSJUHvUsQBnJZDJY9P1AE2bNcBXJDhJCPJQvMXjflu6f/snU9IHFkexxcsXgelEDpkAw4EfISGPUkfvKTRxCbrNMNKAtsjkeh0QtZFayqSzGWDgTnoHqISpSGHjK5/SIZFaJkcJDkkaCAsNkQcccQ4cwhKLjIx4GEIyXHf773q7orpf1Z1vequ/hUEu7pLA6/6fd73fX/vfYtNlJ59gBuWZH1j9yUTO1cAJpHE+wvwIQfOnhk40CHYCSqcfApnk7T880BXNIXCBJVhBOZQ8+He+sjUBLTf1B0OHIB3iuGiffcROAWAk1M86od8gDdmH+DNL3l8AKxSyapSRX7t5CNAN8yratfI/2bI6AsYkrf5+791ksu6ARfjxwB7B4FT0MMZ4M16cUfnIInf6f0hnLz6jsNke2U1LNp8AFraBJzuNNAROBbEo2LZB8B1OLKAw8T9T4lV0DFsTN5dJl3zZPgVmaUwQDw7UPl4exg4qHAKKxxKt1/BsEqe6+z7//0f4ZH/MqBvwNd+jaPoggAOwPvTJkXgFFI4OcVjTh+ACqTHc/oAXlA4HWMnTpQ9cGbEt5v7BjBSjPjjUEN5AjdqVtzcywgcCx4O44MSn1oJA1bmw8kV1pqb5JcA6QLpM7yzFeImmAGXT0QjAqcQcPKIR6s+QDlUqf5UJVWqPR3Iz77x02yKO0tZv4DRIPIIxubIfahaIXCOrnBYkz5hP34HER+H+tMtBnfWEfzQXeoVQ96ngYMKp3jg5BGPln0AL1SpKmIdTvwOIb1fck2jRDb4j32+QgSEags5A8WAKALn6B4Oa5++D4qSAIUDq5taugAxMNoy4HwUlZY9BI4lhZNTPFr3AbywDqdj7G75T6no9Cs+JnwU8ys2Daa8bMtQ9DNf4TcRIN1oGlvwcGCC+mWYaxpgzIifw72Wty85c4Yv70bgWAFObvFo3QcoA4XTdLXpki3gBCvCNKZKfGtLZTLV9I7xk30QEhIWN28e3cPRElze7zYLHfmYO2Wwe4S+gBUhvf33WB9Im8afeDiXETgFqlQ5xKN1HwCrVPKqVHAc6QMEjq+o3eJ0wSD2Z4zf2mL3hCpHfEwwAqeAeLThA+A6HGnAwXgKRzwcC9IQgVOkh5NTPFr3AcpA4US75vz2tjYcr7uEwKlihYPxFE6ZxjnFo6KkPjjidx6rVAicCvdwEDgOAiefeLSkK3G3OAIHFQ4Cp5rycGwDpyICuBA4Dno4CJzKAY77Cscf89+tLtOYRtS8V0ZUDYGDCgcVDlapSgOc+JXeNiVvKkA3Agc9HFQ4CJySAIdOd55C4DijcNSQYl87InA8rXDa5qJBmw/Cu1lZD8KbDiBwnPFw3vG1InZbFoHjaYVTfVUqAZzI+tDQN+LBAVM/DA3xp8Yo8cTk0MF9BI5FhXOPRyQgcBwATomMR1yH4xZwjEcKwLNiNomRBWjs+icIHIseDgLHMeCUyHj0gsIZaw82VRxwIsukt3/qJbBln7Q821oPkD49vkySO+wVAseWwll4ODS0o1vXjggc54zHMlA4V6Ox9uqqUgFwBkhvlwIhXN9rG7yXzPM9zaei/KECCBxrHg4HjnigwHCbZe2IwHHOeMQqlUvAMezN+fCDmKKFFqbGXzHg7PM36RoCx4bC2Sdk99+JsMhytaQdETjOGY+4Dsc14MymZ1e/8kcLkMv6PUEhrFLZ8HAgG4rdh+0wqY1Y1I4IHOeMxzJQODG7U6qKNI0NexNerhFy+0b/ehiAs4jAsalwpgO99UImsm5hTTsicJwzHrFK5RJw9lOZlyN/vwJdg0KQiJFetIHAse7hTF9pqU/NrixqRwSOc8YjrsNxCTjzYcAMk6iz/FG0yvQyGbkq3pzBKpUdhWNUUwA4FrUjAsc549ELCmesye+vvHU49wgZfk9IMsoETcvr12woZgPFO0LeruI6HDseTvyOCKBbJrfiFrUjAsc547EMFE5bfVtTtZnGSTYIJ9gde/P2Axc3DDxf84cVwm0cXkXg2KhSrZGRDwq9T1rqrWpHBI5zxiNWqVwATmoxOIQ08ti0ha30snH2po55ODY8HHATyHer8HABq9oRgeOc8eiJdTj1XXMVGsBlK7ELFU5W4FCuGHv3qGXtiMBxzngsA4Xjb/NXWVm8RAd6OLmOjGK0pB0ROM4Zj1ilQuB4SOGU5kDgOGc84jocBI6HPBwEjmPAKZHx6AWFc8kfiyFwUOEgcCQAx67xWAYKJ9pVH/RylSprcFGBNCMEji0PB4HjJHBsHbhb3GngRM5mCS4qlGaEwEGF41HgeGAdTnu0PlrOwMmSI1IozQiBU4yHkzUxvUCMOgKn6hVOMBa862HTODtwAggc2wpnIFtieqEYdQROMcDJGmBMS+EDYJXKeeA8+Edi8psDfpIKLRLAiY+nsjCnDiKJSSMWc4Fds8P/0vrKJA87ik80Jib7dfRwDgNnMfvSPwSOXeA45wPgOhzngSPiiRbNoUUcOC9S29+UyCPCQ4xG9VRAZp9fiS8bYUd0AH6+qUWFg8CRBpzPFTgtiQ/gBYVzNxZtK2/g7E79/GloEQAnfof07YgP+DUTLwmpZb1IBGTuRTaMsKMleC/5vk9HD+cz4GyvGLIwLRYFcNKn8fHmP1Ymr/EkzMj6w6FrjVxEPpxMKcufVoYOEDjyfIDyqFL5PV2l4l1gk4yaQov4xhRyKsZONwRwFo39b5tc5syQvheEJ9fdY+cDBBZ5UlQ4h4HDD4h/yohFDpzM6QC5zV/WKql4zCcK3RciMgbKkknHyzoCx4IPYGa5yQeYED4AzeED4G5xCaZx1MBMJrRI3LtQaGviYYADx4BLN0MPT3PZCg2Q3q/Hxyc2+X7cWYrrcLIBJ7mz3gkplxmxCMAxncI1/YkAa0ShGM+SB7F5EJHs90Z1UJYXA09Q4VjxAUwsz+IDKDl8AC+swyn7KdUcTIADSVNoEb9326upW2koWA4c/ooqdIYYRzI2kN2XQIXDUE7nw2TJJBYBOKZTIQ4hQWGetCyB8Um6N8hj1sDTAbJkqE8EjhUfIMPyLD5AbS4foAwUTpO/vc77ZfHpzj49E1pk7PUnF//1t41DwGnp4t95bZ/0/QeO8R29qoFzvEBZXASxpMWi8HDSp+Ka6UAqtkVZqGGdaXdifHw9nGltBI4FHyDD8qP4AFilch448KWmjB8LmdAiuHczZITdu8ijT4HziIDCnw8n18mIDspopZ+iwskBnNFUXSojFjlwMqei6QRwFlPeZ0o77mX1RhE4KR+A5vUBMiwXPgAtygfAdTgSplTP/fAtXzSFFom8xj4+LJBbJuCwfw+iSmSNjE53ksc6zIlHq1vhFFyHw1rNJBb5lCpzagYO7wBaiM2qnnHpOH6AwMmtcOaMSIqcPkCmaVM+AFUK+wBloHBu3mxttbe1oa28tzYQ8tv7MJMzptAioU7J7ddw+x6bgcOo1PIdf8jPO5gEh0VZHBVOVuAAQiA03SQWATimUzNwRvzs5RpZPMtFJE0MfUDg5C+L5/UBzMAp3gfAKpWEKdV7RpXnMXNoEU8zgjAjspuACsrZZAo4yvQruOijIsKOyPCBoqCHk6tK1Q2NljSLRQCO6TTTK5hi3ONPiVxaI8k5/vESAicncDhC8voAJuAc8gGUPD4A7hZ3+t7BYLqwpX6WeJkKM/rsYna1QS72uZonfUTFdTjk4irUYE1iUVSp0qeZXgGKEeIxwYsQvzeqI3ByT6ny+AD0EMuP4gN4QeGUTwCX3I23atV7OG8ZOlqewPQoLRZ5jHrm1NQrDEXZzE5fgs3wTFcMZYnAseIDmJr2CD5AGSic9qa7YxVvGvu8vdPfPeA05M3DSWdbHhKLWbVj+l3KlCb7PYp7qfJMqQr6AGaWF+8DYJWqREfrMSVUo8kGzl+9r3BOljSAq6h8BQSOMf237gNQjKdw+Og5xr6nIZm8gW7xVTUA5ykm/nnHB2h0Hzh/ruvosVcWr++qdx04x4+dp3L7RaimubmhOoCjNiqyWxaBU/Gy3DHTOFgGVaoG6BeNUh/bwMYKv8/7wPEdG5T9PAxVasu6BxwfAqdiy+Ls5v3IRsaQXN0frAbgnOuR27BSfQZ3gSPfeKQSfQDHgDMWvOp34EnFXAAAIABJREFUHzinzzEGSByJVakWjovA6TimyJ2shqS68W4C57R041GmD5ALOCfaxwYr3zQWXoO8jhGqkar7XQSOmKxqUmdUEs0xN4HDlxxI9cdUifaYt6tUvobTrWwkltUx2P+kNv+lKoDjO9fB8CpP4mhyZ1RuAucLPkhqcmdUQQROqe7eIOgOKmmkUKX2CjeBw3dTSVP+HOVfVQdwhD+myhQ4EmeruYBz6cRghwdMY7FELSRF42jAG5my303gNHxx7keJ9ph0lLsJHL6YQ57EAfEob8GBx6tUYG+e48RRNcdxU6PqUkdhVxUOd3HYQCyFOOCNyW1aN4EjVHmjPIGjNjchcEpInNbzHAeNakhzpntoIRX+viabN64Cx3eckVyVMaui7H/RZZaoXAYOt42llTpCcnW5c2Xx9mCwPIDjO9n6VCgQfqhFHTXqzrXiLk39WU1rDjb4qgg4vtM9XHuoIRnSsclXPcDxtfaAaxWSJB5DMsfJnB7OJZseTpmYxsaQ0cOQQ7UQUyKNNUUd317/lpy5UdSlqhpi0knTg5LljevAYcQ5b4CctYGm0RIf/H7BXw/J1jduAwcMMgqaWYLvyHgjs3G9XqVKq5zjT88Xr+HpdZ4BewNmuEX9gu4GblwHjtCOVK0p/rh2/cJQzZEOVaPN8hvXXeAw4gzydnVWPXLxqMl14x0DTmvr4M0yAg7cxJN1dXX/Z+8MWuNGsjjuAVN1CGEhYRIo3/aWS0yYwy4yDAlYERJaJFCEvAujIUhIKBqBRiAEzm3Qzcr4PNk55LD0PR9gP0YOe1gCk9t+hhz2PZXaVtvdbnW3utXq1gu4Yrvddr9W/eq99696OjttYp940+n89PQ++a95eNdDn5y+e/LkCaOdWNfAAeRg7FgGjyfzUs/Pn+GjRkhyv6mdYNjUSejYNXDo0ff/OryKHsERTez+p8uTplbVAu6/2XTwOHun8b3zHSka14yxfzR7XCoLuerB/xzgjnvnQ+Ef7Yg3WwAc5Ph5k+DxvUAkGCB0lBdYg3/66VhUunBv18CpUP7mpEn4+Dmw4aMHrl0sdjzBuuOGab4HKtVSNlL5KBEiwWDaxTb+ldsAnBI6R0ePZ9mh+T6EAcl97/FjW0icR48bGTxpd57tHjhA8jJ6vEvQvnR+uX/459/BtTD8BsNiGdibDnLVATi3zI9qQaaRyQ7njjcAZ1ETc/CkCfNgRGmKKSr1ZeLQPtgWAIdHjxenU8LHk9/eJ/88PLwEn17yAT77lX/WsEz5BmPHDkLHtQHn/N3Ll30EDhMlIvm1LygwaQx4L3GiGANwmlsREgJxog++MwE+mWpR8G35yQCcRQNINByzKDSPjkR049GRxQf0sHp0hEhPjxpZh46d2fHv0Yod/7ZMpWpuKFBFN76Ww0QpkDuSYw3AmWtGEAFVFIGQDD6T5SgdfwcSq1AZgLNgoIjpvBfKGGPL3KfgWhsWR4EIAXw/CcuB8C82+LeFwNk1WXyBjEojkjhlDuGbTkruDMC5Y3JA9kQ1jmyIcEIYJhBtShYdgNPQl0aOF51MdBh0Ug4hd60kSxhxu6pjcn/H25v3bwg4P/zt3r1+1nCsyJ+Rbcn8Tbc9dwDOVAukssQeEyIjXOx0gtwqLq2MDsCZCxoVl7eMexFWOY37VCoDnQhJo1DF5xQKeVCO30tTkfYWOCvfl6qfRWPVvxNFjoSpgswXlAE4tUJX7kSAEhtCwLJOrMW3r32HRArti3UCHEt1PIuX2WEIuDNR3gPXmlFWK36poSBzJgng0yDM1L44dlCp6uYKcn73I+CtV3nhU1GVATjlNKmkKIPSHOuWVdHhFsvxHsBsAM7UmMbxEpe7z+WCnsEdBgmqmwXp9VYvMbWTikl++RCpoL2yATj18g3ELsJcJcpNiCDimy171t4Dx4o1lKIKmABl+dLJZ2CYpUJPBKpNAYeBp5iXYNBs8TWs4IPPsV0E6ajuTMWAy83l3xtV0l8uUjoAp7SHF99+2zfgiHqzZKlIeeKM3GH7ChxYa9WaFEWkeTRxZZsOwIErxsK8PZaEaaqTjLFz6t+mthIKiHSlkqJ03GXQm4pYA+Ac/Pz98xVVqof9U6mYpzfNk8aVnCjpMLXqCji4rkqEJNd1S8Oam3ZRi+41cFjh4kIVC2O5KaHXqpMWYp3Yn3Yp5XaCpL6SoqSA9tgGWfzKylyqOTwUVc9hEgldapGdAEeNZIleSVFOFMzfDimGodWvedEmcMTcRGVpuuqkx8HMSEVxVVqXovDnfJHSATjTcHNx1q+UyiaLrRz8GgnKHftU7GZD4IaBY6kZ47IJrxM3pQhLYLL4+wccy7Rja0JuUiiDQUDVKbbNOVeXAxkWl/5QilIztaD9t1nAOX7w8myvisYqT44XDos8WWN4TQmJtcvAYZU8dy1FWc0LlgWkA1qxR8Cx7FifqjoBdV3bzOeUXnxbl62aFCV1rk6sHzh7p1JlpDz5s/hMVAyeiiN3xJ0EDlPsRK5JUVJsWovVK4tQHu18SoWH7pRY14Ir1cnn19QIQhRUncy8mOc0xQ1GE1KUyp+XDsDZOVk8IMuLKKLGw6NQCqzdAk6hpqV6UmopGhHsej7ZsNiFDjLozgJH8RGmkUauVSfGVSeFCBoSwy0a+IsBV0ShPCSsVKKVrVp012wWcF79+8OD1Y42nJ+d9QY4Zal4pTnhxj5fkuydAo5el6JY6i4hyKWa28N50QA4ip9iSByRuuokVaqTpGOFxmp8UtLRy7OZ41NooZfS3bRBpcJLR/da2dCQ8aTbz4zeA8e1dZRGsIsc1i0lT100sBkXuYQyn9gl4FhpYNO63FRXnRJvsd2NiuvYtC5F6bSP22sG4CxicLEkbSTKha2FnDuh2FvgMN9UuKTC65ZCQekKcwC7fXg7ApwiyCLrhupUikioOnnOoiVANqohnUtRbmrR3ba1Aef8rDcNuGARJrLfylMxuF6Yxlcrn/UROK5cl6KKwFjxVSgRSVjfgXNqf9S+fvPddNXJUd1lXqCrCxXSy4aIoWcqdA9sFnCe/fjs3d4UjVNZaLHOUOilmMM0OfN7BBxFzcJrKUoRwqwdYYkFfZxICBzr4OD8Yyj/CsABpwBwaqoT7vlUjaXCETxZ73IpijdE1HK6PzaoVGijdk/3+7bI18GgH8BhhsGVlapuiVvo26AEi81VsrGOTERvPH37B/HAnxDv2TCAb758851CZAlVJ2PZhJkZPtfMa1LUzidRA3Am4RCtqdwS88OdeZSyLQeOJ9SlKNNsLRfMSE9aplegUXHdScq67dP/EJKAPyXALwxhGEKEM95ntXQ9SyA1KSrOzILunc0CzosPr56tdiO8Hx496gFwbrZMb/GZzTDi3NGULQVOYXpJrW4p6HarAQmWPAR/++dAoToZvXHI6elbGMCf9kf7cvXDm4YTRZxlUvkbpIzuq+27SjWtZXprpvCtXPj862lcsjxwFHdCisK6pdg6F53lNm9vLrp1PFQnp6lOT79++Zq2cHiTGZBVsowrWVVDxEKkdADOngLHl6a1TG9x9YyFsgeeIETG9gBnFArkum5ZeOs6FmhuYScFPBVWeIl0q7WeylvkG0E6Yq0c3sTjZ0L5nOa4eR9vYcsG4KxBFn93fNyHGo4YrTnoF03Gr7h0C4DDRmac1uqWcpKvaQb49pZNK2ZBMKckkjDZWk8t7zomu7ifr9Zgb1XgWE6C3WqvpCgpHu05aeYA5/WL1y93vmisbuxEYcTLJGZoip0BBzsN16QoTPT8td2kyNK2pWU6K9zyeK0w2VqvBC6RwxTPKNz+S5cHjmIEOb9J1LUURcWBNHOAsw8q1fyW6e1d9WlUbWDXWDfAccLx7Y2wbulk6z0XyELCz3t2aJZrmvTqONi4tR4X/cMwVuld2v9ywBE5ywHprDpUFajFAJkBODzob9QyvdXfWM1C098gcBQ3wJjmagu9HG0isE+F9dbG7nSzaWf0Zmu9iG//zmK7UWq7BHDMREakj6UoKV72+NleAufHP704Xgk4z58//Hm7gSMmm76/lJXJWKQs4Np3NwIci01IUfC7LX8zL5UZ4eaXdt+O9Wu5ybmShgT4e1TbXMTniwCnQvq1FIX7IAbQLAacfVCpFmiZ3tqvxBzO5nNfYesFThFLNSnK1+10U69W3WRsoyj4UnXt1iGn6uCpYeZLoK8pcLD8E3B5q2qI6A9J1ACcKbZgy/Q2rbozq63Z/nqAo+ROXt9Cr232flDmRu7OpvgF3thHm2ytx1UnQcNgLi+WR3oj4PiJjA2tjQrpkmdaA1G6As7F8YNnWwwch3S4RWSEd23FQ+XSeoAjT0hR+YZnQS5AUiGuETQp5kZSvbUeG7NV01F1KlaPHecAxw2wQiPeRPqQR3VXw9nuorHavYiS86uVZjlrDTiXsfwWgFPVLbPEcTc/DZivrecIVZGWqlM4TXXS9bJFXnuvdCZwmI+xsTy+SRRH+pBErQycHVepbNL5fWfFIBSsssSyfA/Oa+BcfPodPv5CyB8AHHh1UoebYKyw3Y5boyDDJ4ynqU6256xla8Ms4GRy+WsrpNtea4LjAJxVgfPh7x+2OKUKSPf3nWW4MHpcRLLElYBzCc9yyoevf6V+2tlGMxEnoNhSpDHKovDmISfGVSeqOuo6tzTcAs5fvrx9S6+kKIdo0ZA/tQmc169W3Gm8xUXj1Vumt2gx7w3hCbG7FHC+RPKng4P7eD++g4NT7X9fSpWqq8mg6PKqgj+eIfWjUJ6qOgGajSX7Xi0PnDeXFwcH3oQUZVkDOtoFzg6rVG21TG8rAcGd8Hin8mTRH1QNAA5MAEimzoVy2NS9xWfGbDFZumW6+H/2zqBFbiOL420I6sOy7OJgH+ozBEyWPQQFggMrCwkZCWShycEKQUJC1goUgRDM3hbdRrbPDnvwSfec91ss+ODDXuLbfgYTtp6qulvd0z2jbkml6qZ0GWI7M1Jp6tev3v+9/7NBdUq0HdWpaFUnFTa5zXCXr4Hz5R/xq8FI//Oq0dVpRGgjgHNUTCFJFle9LXSoJXjJ5f2NbRNJCjFwPkpSCmeqDzeL+YGjW8e7Qyu2AVkYc3ugU5t3VjQ1reaZBAfA8X813ywWN3Avi8VXv338VAle8Aucq69//IlL4IxomT7iTjVyTW+5c6+7MrK9fOXmBEcq9Ze3rGaL349OPevvDh0ZfrzcHehEDU7ztJxxd6PG8fGvKA5tfiGmf78ONOAS173AGez4x69KVWkyjx9VOoEIcKc5JLPW0J6zzltK8lfMZov3ilVaHPZAvh9my67cpJJHb1WnMg5WYd9sDwEdrnhlc2L69/btq4UAztTAuWRZPOLVhg6VWluxl0vWvlsszG7esvED/S88ASfQnHsOjnaYq7cGOmF+avivjbiYP+wsUlOjSMcr66nZm6GOf+JiBZxnL97/iT/gRKnL9evQwaLH3Z0dpxeeFaxL6GtJDene5Ak40Hy/p9QAgeDf5Kq8ba0XtaqTht9GUzTzZ9SQ7WQK6XCN2hvUPg93/BPXEcB5OHQuFZdJY0WVzIj7dxKTeWuu6tdLFEXrEnrIqJbLrpsTT8CBuKVTm4LcIIJnkLet9UB1CiQtAQ/liA+Hrtpdz/2jSHedaAyLUXEdAZzLVKnAMj3n/6XYYUJ3cK6tSujhtv3dOZhcHal8qW2+dwMHhHFtba3XUZ3MBKqNkD5rlmY7pMQrHBOkw+2qWUzyZwI4AjhjhP04wnHP4r24Rom3rJmTxodQTvYWRnMDHICHXXpUdeo0Oa1Up8wL+Fpg1MSZv7lBVdK2VlgA59yA8/qn73/kL4czuWX6KPkEmrdUJR+iHEl13AOHDz6AE3iZWaKdJieqOvmeY3O3whGolGTuH9wudGjZO78XAjiMgfPih/cPL0ulQkVzDi8EZtxTKSoIXDv0SLC/37pnRuCAfViQWSYdbyWlOm1yoqpT4fDaQx1rrdkqIB3fvJPF+4gogMMYOJcniweyVnD9KiIn3EhRriRb7SGE2snZWmhzARw9UvDdWObOQCdJDhxJBhucqKo5rf1340x1O1KUlh8+XgvgnBtwXn//4gVPwKmZW6Yfs4vdTd6SDnKxVyFN7VPDXKmeEzh6BHUyrtnaejRd1QlhlMOfKjW/TUaREeH7JFJUQ6xJlDsDMAEcxsB58vDJ1UUljdlbpve+/ETuSFHhvjmY0NwJIwEcQ2cNnKhoVadtaz38BbQd1YK4C6Gl7XP7G46gJ6u9XZ0iPXTse9EogMMYOJenUqEw0XnbC43jbfKWoaQdnHKOHAs+lTF3tJgVcIK4BIzcUp0g4EpD3ybaFHIzjqe8OZlJzVZbpJtp3yJzARwBnCHXjJbphyKu5TpvSQe5RHf7HtSkuRO4g9xJgVOVKSDmluoEIZbv74wrVRImlulHszxq55pvpCh1edT8SwEc1sBZPH16OTmcWS3T9x1TwoSW0LeDXJLS6AfDWJZkBabMpQYaGTjg0leliXbLWq8k8VdhBO6+/y/jr5bSJXet0aFUOkhm9pH5JQEcxsC5KJWKA8v0dTImABXWJpGKi3fFcY2kuuOTD2xZGQk4ig2qU6JtW+tBgtqRZGi1jO72vYpMvmop7cxczf2LoN819U868QngCOCcfnFgmU7Tl3S4PaKDXIzopE9wmaQkvHiAPYViw9kItDtjR3VaBpqa4xtT+u1U1+Kjvgk1DmSwN1IUWA+erJsJ4JwbcK54qjR25Nkt041MpVIUpEJSa0CpP6oycPRRMHc+HQ8c24iLW01ORHVyk7RstgB530NFfPwWu3V37l+L9IFOoAI4jIHz7Mnrm8tIGhPL9BlLRPTKWXakqMHT71YZFygJ/PzgwetvewKn8kN/ubbW21adsjI+IU4pZI2HDqnQ7M79y1N/hJBLAIcxcBaLC1GpkJXNq05BoncjRdnGaAkPx5Q0vJCOlLz5+U7gFGGeL3et9SwSasUDfK/ArFWeM8aJnDBcdqQobbxCKwEc1sC5FFk8nM0y3Y0zMN9ZSVFa7rvj/gBU/RsvZIJDpz0RjotjoCJX5S1rPao6AXeq4b5XirVjFMZycQvybjtSVBONGMYK4DAGzuPHL19eguNfM4tlugJhQ7OWotramSl+DqhU+Nu/w2uaeq8IcD5j4ASqvG2tB6pTLGlQ+lg3o0V8ejbTNDgwW3XJg+HHrLI4GPs+BHAYA+dSVCoUsLdMR+qWFOVPNwcTgPP3dyZGzSso218svvhNkn7vWOtJUgWu8UmGgaOPerTUIXuDWJ9WFSdUA/JgBhgJajmUdE5APQEcAZxTD/oMLdNtPwXEJCQ/kq8q6dGUwPnw9l/VYgHK/z8xcPCX/3VUp8ybKLpDqcy40KA2gltSVDTZygrgnBtweJhLVTO0THchjtpIUZBbmDh1VHjZf/BCgty0WLyV2yFK7/CG/AR34DnTniNLsvMZhYzLVlXrSFFeHEwbXAngMAbOo2dX1+eeNGZomW6Ybd6SmtdUXqVMuPeMzLII3ej0pP/iNcVf8sUC78ePf2VgF4zKHiP7RlraTG3DRZLrzrScSZeKAA5j4FyCSsWizUevPKjKLUi2JJDMbBrE6XB6KCxTRluqE17IUpIBOB8+fHG9+BbHOZ+/AS/wYmrm+PLkdma14S3Xc/+oFMVKcBTAEcA5/hd2Yst0mC/SkaL8Thv3iKCp8PeszJ2BTqDRxLKZ4IX84m/Xm5W9+f0fD75ph55MmWFpu8MnjR0VvdPS1T67HdssM9QCOIyBc3V1/XxY0vj9D+/nzuFMapmeml0pKvTHTSqgqAD38d2BTkR1Mq3QbV2FDzRv4tBOxv/AdqaJByItnDR+qjMVPyaiZquRlvvs/S8EcBgD5+xVqmIyO1G38CDUX0lRkjpu8rRyPIP0Ovm3ep2s0I82uZyD3eJFKhNDG3kKj0OwGU2niTYioyzWc/90WZJncxURwBHAOeoK5ClyDAi2O5WiaG6hHi2KMMoUQLbd5KS1xhqo9I19n/IH7SnAsBeaO4E7Yx/zDPx9rdGBo0TkaWmHK9y4MWMHnADOuQHn5tnDr+cDDtguSGOrKFWugQ0NlaKKLB5hQ8DGNdKEqk6dgU4WSXg7RqB0Qpq+wIHL1tpzmCJbIx+titYnZ9TLV6WOFFWm/txNoQI4rHM4j26+POOkMVimj1h2XxtltJaibElOBp/XFHBPMBJtJcAs1wOdQkmGvRfYPSKTuw24UJEhknQdsfYRCGmPl1NxnTKnKnu7ErKFuBgCLIDDGDjnrlKhciTLdKSQ1K2zzi2gasB3Vtp28UrbttajqpOa463mHnEE6uP4h0Ml8A01xqk59sfrhHWLTbgI+huGeG3zMmlGAOfcgPP0u8XPcwFnPMt0z5LLTW4hD51TP9uRbYC3aLNXdVLT0j3pc70HcFBTaiXhTjp8PTAbR7JMb0waLrYLUqd+xZXHvQAOY+A8enZzfa5JY3+MovvIgUqWtRR1ut5T+KVxS26i1TtpGdeHMzTjRDgkSKuprfOwEALGYw09nyEnTJyOFCVbPA5EFcBhDJwzVqkgPB9k06K3mZS1FIX/0z5lnzphDlt8n+q0LOPCHeFR+5uoByo5s0imN+QHR+YQmLtFsdyVoiI+x3UK4Ajg9D4GDaqzbcqkI0UZSdhOcOm9K2A3O7lKhyF1rPXokcZY+14hpsBZkuGYHsmVDGDGibxBy64Mp+IvsV9xPEFPAOfcgHP9+smTmY5UJ1qmowbON2spStKO8NFBLlhAOaq8sdZDa9WpHahpNxNsr6PHxKh0s4cnyM4KNI2ddAVh0qlc8jXL435fCOAwBs7jPzx/eY4q1emW6a62lqL6u/5j0IDqVMjb1npEddISkKWVCZOhRwPH9VVqpH50V6tuScdbpruGp6yHROGzrty0LRlLARwBnIswUT/JMt0IE2+TW0iSMrj/wIMCx6eqU0duWk3SzDxl6zDBDXDI/QTUzMY4Zq3gNKYe8TAw1ooOiaJSlOsH+rnsCwEc1sAZKot/9/zxY/bAOdIyXQ8gi5msB1AnPQBheJlzSHXKPMclu5rNp/iJkzftvA3BAkkL+2vcinWEObQeqrAuq3DRtLzmvPaFAA5j4AyeSzVL0jg6yjId+XKbZSlXA6iju8IC5GRWuWzlptuqk+dU7gxv7+RRv65B6AzcQb0h0udEVRtlvOxIUVDHhM5vXwjgMAbOmapUPS3TXSdTqRQFuQXZ8g6ERTpEALFlbjc5WW1Y1JbmGNWcuu6g2eLIJJmcML//aFX0qZVR7OX/2Tu/kLayPI4P+3DLWYWCjS3U3u1bX/IgvgQSri0OmKDYKPFfxqX/iNMSxKE6SKitDwvdpqAFHzTTh0Ualk5n2YcdpOyuLAydEWZJpMJQKFPQPljmpdRQil1QKew5594kNzlJjEm8uTf5/izG/vI70fz097nn/H73/I7ukCienZ6yziIKwAFwSpnjHHRbWjdvaJWRW8ix/um+cfc0P2pOqzqp5Sb1wdXLSHNjzgTX7bKAc6y7Z7JHvZnvoHuQR10H32gw6NFPF4OTl6esHBcAjtWAM93gdhsLnGJapneOufS5hVD2OZis79Ww0FqPPrD5UG8fazzVaaIFQnnA0XJSKnW7CxzTx/fe5+VHZ0+ob1hXinKNzVk/LgAcg4EzMXHpvLWqVKxleoHMZH/wZkCXW+iazJwKdU8NXh4VNjmpVae7fdcD5rxHrQLAOf3t9S6+uZOur/KBgt1SlHPvfefduezpYqdVF1EATlWBY73d4vlbpmflFtg9aLqr+WBoPG/V6XpAmwKZNO1ZiRkOfe/9aoaqK3+T8mCujlsU8frp4vjlqc6aiQsAx2rAuTTt9xsKnHwt0zNzCz1qVLDwCY6PaScdaeUmXYe9AO97ZfrqSmWAw6Gjnfs06cleWp3uEYnbExoLHUsV7DyuscFaiwsAx2DgtLa5rVYW7xzPXFF1jwbG07e5Tkm948NqI8vAWFfOqhMLuKnRYQv99ioHHLb/QDvZMmvj63VJ3zK9c2rwWHYpaq679uICwDEYOBarUmW3TB/uTOUW+EEunf2sJ3CwK7O1Hl9d3XR5WIjdGLbgb6+SwOESULNWw6F+vUZtzcGwclk9U1Q7JKonUEOLKAAHwCla+jNapnff7E3lFvp7gpOBu1mt9bSqk4e3j7Dy5bniwJkL9PaqlPFoAB50Scy3bBP9cLoU5eoLddZ0XAA4xgOnqSzgXJz2NxsFnFTL9M67lwfV3MJ4TzDkkXpDGVWnKa3qNB4K1ka4VBw4x9R8uodO/uhE5gZv8e5iS9XR9HSxxyL7LwEcKwGnAlWqE4ZVqbrHKWGGtdxC8PrkGI0X1uFumOckgmq/O0qiuVCwttYAxQKnpaXl1CGkgfoxQB/HukIND5gHqUpSVX8ZbSjmFVpaAByIwcAxsCx+eryrqysw6aGkcVHU9I0HRrVNTi61ZBuc+rYGM5tFAeeZb4YcWubX5wnZo94ME+rPl1Sztra+x56Ri32JGV8CwIEYBpwTsw8OtaRqSSR8vuWZEuS7Xz2MMtKmJLH+UvThI9VuSl0/04evvss3bNnnSyRaah04CUobWYnEYnbvYcROP7xxSYqvLb6UpDVVVfzoWCyiMDIlABxIccBpu9bqNy5p/LWPlCzy0poksSQOe9gNk5dda+tUvR9WL8byQdfhkRoGDsWNHHHYVInaosX8ox9JWVj7tP3pw4dPtpLEGZOtixwAx/iksWFVquRV2O51REuROKNNfOHFWvxFWuk8YJDTQS/E/Dq8PFKrwPEROeakka++05IkXMog/ruk3zhql8kMgAMxFXBGKG4iXvWa6HB4DysOr3M3/mKBPnjpaAdTFDfO4eTf064Q4qtN4CwTxWFz2mVShpQxmMHOGbEocQAcg4Ez8MXxtvK2Nlw82VAMcL6muKGTfq89opT6hy3LpcWFrMTs7FsrZGbLOAb5AAAgAElEQVSkBoHjI0rUVh5uypVY1BYhywAO5OiTxkVWqUYIsavTjCoJnVxFrXoZLgicZ0Rx0nCvrvAfIQHgQEwCnBbGG4dS1aCIOG0xa16GCwKHEAd9X9WWiM0pkxEAB3LUwCnuXKplErN55epfhhVrllMKACfBPEuqL3ab3Yo0B3AMBk5TR9ODo08aJ4jCroCmuAzXGHCIzDBafeE/xgiAAykMHGOqVDN02h8xyWXYV1PAeUYpaidmkBj9ORIADsQEwGFR4TBDUMjRqCWnOPmB4yNeU0xwmG+dFlxTATgGA6fjeEdreQfhnf9s4iDgsKiImCIq7LYYeVZLwJkhTlOgnPtWIQAOxARVqhk5apKokG1eK66p8gOHKCYoUSUzZBHrJXEAnFoEDv1bNEtUOKJWvBenAHAiJpk7MphbMIkD4FgNOLPutrYDgPOMxEySZyD8J6kh4LTQNySbxLXE6QVwIAcA58rAFfdRJ40TxB4lJpr3t9QOcE4Ru3mA47DgchXAqcEqlY94zZLY5CkPAOeIgOMAcCCmAI7DNMBhiYZTAM7RLKkAHMiRL6mKSBovAzgADoAD4BhVpaLAcZpnSQXgADgADoAD4AA4AA6AcyBwGtquNQE4AA6AAykGOB2PBlqPOmkM4AA4AA6AY1iVCsABcAAcAKcywHEf/91xAAfAAXAgxQCn7AZcSBoDOAAOBFUqAAfAAXAAHAAHwAFwAJySgeNv6rgC4AA4AA6kGOCUfRAeqlQADoADMaxKBeAAOAAOxDDguDuODwA4AA6AAykGOG3XWv1IGgM4AA6AY0zS+DNUqQAcAAfAsUqVCsABcAAciGHAeXBloAPAAXAAHAiqVAAOgAPgADgAztEDR/7x5Yb61f5CfH0prH+qcT2+vqc3FkyoIv7rht5v/0qPEawBHIhhwClrSZWKCjEGBI1ooo+qVJg8DBeMiroBzra09Zh/8UFi8uXj1DORf3DN+7RttonyVMoy2bnPFa/DuV4QwIEUDZzWNvds9ZLGyagQY0DQiCb6qOL0ecIt2ldJgaioF+DQ99/O3/yOJL1aWpCkN0n4ypQmH3cpQFZSNMk2oY68vfRuSJJWk167xcZc4O4XrAEciEWqVMmoEGNA0Igm+qjS6KNGwpcbBaKiPoATYVOUpGtfbXBPrabxQrGhXJDepF2baRK5L70NEzl2VXqdHDPEx9yTbofFFwRwIJYAjpKKCiEGRI1oohuvyjc8EhYZk/JHRV0AR74nJV0TO8cnhXSK8jo1fWFEpnhOuk4w2dHc9oTyha5Nl5aYU1c1hfiCAA6keOBMTFw6X97WhoFHpW1t0EWFEAOiRjTRjSfK7tIevf4yGEWuUuDkj4r6AM6trZXFJHC2dPBQv3qrYWYlCZwsE+XMLvO1fJZNEKmbX4VjfIbDFeILAjgQK1SpdFEhxICoEU1049VpzZP0DCd/VNTHkqpxg2iuSXoo5QlKDQ5hDmZCcppo+s+ZpXyLAkc5m8rhCNYADsQawElFhRgDgkY00Y3XKEM/vXq4IDHs5I+KuqlSlQEcbWF1TtXvz89Ta7Vs9YYAOJDqAsffdOVayVWqcoCjjxVlfj7MYsDFomKVADgpFyTzMdsp4DxV02B0ubmSmbLZznAW5U3a1axE6Fk/x2Y4ua0BHEhxwGlu9VexLK4BR4gBQSOaZAAnWbPaiv/Ca+H5owIznHsqutOL05x0XhzSFwSf8P8oT6WtO5jhQCxapUoDR4gBQSOaCMChT93e4JmHt5jhlLukYvBOO1q5p2bQ2BgAB2J54JS9pFK/TieKAZykayIqoekMMV0W5z7ZSblONGEzmnbdDQWsPJX8LeSwBnAgRQOnoeHEpfKSxo++eFQmcMQYEDWiSTZwdobUZRTT5Y+KegOOdmdAJH0T33bS50nX5TLhk0U9cN4y78eGpBXRGsCBWKFKpYsKIQZEjWhSaIaTPyrqDThq+oWuiVRHx9fD1CmUJpQprzVFhknkeXyVWkgr82fO7DWyrWuN1OQD30YVuyVt3cl8QQAHYkHgZMQA+5MnQlSIYaKPKh4m96X2PSLT2Ogj+aOi7oATUbddcr/JbG+Cts0smT2jCr0Ju8FAM6Dy3zC7D4cDPLWdU28N4ECMBs5sa1NTucDRx4B6T40YFYJCP56P2daCgt2SnDcq6g44JPIL9cPWe21pxBz34XOq8eylFTqTTODQJ1UT5Rv2X9dK1gsCOJBDAqe5eXa62kljoo8BDThiVAiKbOCQxR9YVPRtFIqKemzAtc/vUtLnZObZzXwFTUTH6cbksQZwICavUhWKAUEjmuQKrY3CUYGOf7rNCxUeBOBAjADOiYo0UZcP1siHiwoZLUbRYhTAMRlw/M2zJ9BiFMABcACcOqhSATgADoAD4AA4AA6AAzElcKbdba0ADoAD4ECKAU6Df/oiTt4EcAAcAMcqVSoAB8ABcCAGAef8pYmTAE6NAWc7+wAwkuNsPAAHcnjgNLv900gaAzjZ/e1Xch2xIZwLBuBA6qdKlesyLBzGCeCUApyzAnCEs/EAHEh9ASfHZVjtY7H1GMCpNHDUs/FILEcXHAAHYiRwpv1ud3WAczYXcDIP4zQvcH7a/M+fc+nvDP2zIsBRdpci7/hJ641xfiT7/js+N5Ebl9Q5Cv2CzQTZMXfquV7084/xeHxVc+12XH+Se+bZeCYGTi6/nv7po2dzLPg/AKcM+f7nvt9E5V83x/pyOzYfcE6eLPMgvKpVqXIBJ/swTtMCZ+QH6Y+5gPO3c9KfKgKcRa3BxJvn7PPWKjkr/UFr2vc+2Vj0PZ8mtvPDvOi0cOcqHzHGW1JkZWwi+rPxTAycXH79njcRkLbafw/glC53JOnf2bq/a479zcgqVTnAKeUyvP/8pVosES/DGYdxmhw4F3ICh/KmgsDZZEfXSa8ePmcHSmmn9W5zwJDkORixc1z9hHKE9fl7v/v0/+xdb2hU2RUvfniP2X4QAvvlLROEZcN+KIgf6gdxyDqgC9Gu0sToTu2qaIzSz2XbMhBEY/y30kJcs4FGURwZXOoUq0QS4quRDSoq2bSSRVtCVhMS2DZoDHH90J5z7rv33fvenT/RTOYP9yE77+W9ubPvd8/9nXPPufccfBYJZ3z0VZ3ksWE/wmrjlTPhhHGFP1kte57eg/9OGMJZTMKZAun6dusjy6qdWELC+fUffrr9TQln4Wo4eoaR6o2IRg0rxTgrkXAeYsqfRSOcfxN+WI30DCbtu0J1NI9gPkSetJVSKMKf1/4eQLzEUrQ+hw+ANpYkj8200iivjVdRhAMjZX8/zKs6tdAawnlzwoFR+xiA7bKs24UTzoZVX5womdN44WqYgiWgemFs6NSwVIyztITTYNutjY0r+OXJxsZWh19sgxuOGBhwK+XIpv9iEQ7CsJZV16HyXFSdfTYu0KKKO8jf33fMxseTQEXfd8BxJ27d4DUynodqcWr99EtHOI5juzKUheAK44FM/swu62a7IZzCkE2kJOlNtMINQTjiVqbO2o+Appt1MluWUaoFq2HQuXjnyyugerOo4XIgHJDt+btIHjfb8PLFPcp8uoM6NkM3vq1jAyNNt2rnbdZxLT8bXlTC8fxcp5E4gGuo/nrH2iPj8Xg8dhFYZe2V8a7m2BMkFmEwAtbcPaZiqdbGKwXh9Fg3b6ARGCMoC8S15+Pz1AvuLp1RaQhHg6w7SnIw9g/f7j70khFO4nKcboHNmPjnqWV2pRHOAtUwphKNdnRQsCSLGi4HwoEu8A5UAYP84ppDaoEda1D6k/zWQfpW3xxMCRaLcBAVmXCAxqeB0Gcid0hkxi8CcK/jLU+uWINYTSdAODMhLNXaeCUhHDBWxtn/IpjyBePqexyumSlVIchmjvLs4BvZLe8AwnGHeXp9ctugQeSOWNb1JSScX5x49923IxytGv7BAi0cR9GX1fBp8fKxi3o1XB6EA9J/aPn6W81ozadhfE/OJVBPPLYdmDne/DBxCy5gYOAouTrn4NUzsmrtIhIOMHrLKyBtdL73wL8ns/FYJ8xY/2a9PAoET7VNo9FoJNohAoA/kOkpVv7FBku7lwq9BdbkiswDyzruFI4rO9wB7bgwhBNGFrA8v5xMRtCXCPN1Zj/2oiVkDS2jq+NkLToPu+H+zf4FOI1/8tFHJYtS5VDDl4hWpiOqGp6NK4QzU6aEAwJ/rJ/p4F6bfGoOc162g+2Dd3BGDANj0FPBU3HrrMOdnkUjHAxDsah2FI8I1X6ZoQkr8Ao8SuwCNuWMV2nTT1Yfro1XKgvnNoDnHkXwFoQrqWZdXNAQTghZwBInoU5iGKm8i3jacetRlmFaShEp5PeNnqRba3Q+4/IMi+dQw69RC78ajKhqGNmERov/NUUNl4+Fc9Cz4nuBQs6TAoD+q21Leh59F9eLOCNepNa9wgiquIRDU9Mb6naF8UEicTaltaafRL48Yo0ncXo1E4leogggFQFTa+OVjnBq0R2TGAHwFojrsD54awgnjCzH0gHxPQjAEYTMaQx/uWp7V2Quut/sewmMM7mEhPN2U6rsapiUcFANn/aC4DDpeqJRw2Vk4Rz0PpFwmPVJnZrkRn4XGzPioP4uMuEAejGZm2ephhcYlLwusmXdI/+88Ocwm9OvCsZq45WQcIbaJPAKxxUDgFq+MYQTRlbEo1CMBcxg9/T6vjHuHnMcG2eusYmCCWdlzcrtJXQaL1ANA/2g4/K5xaJUQg1Ttc6ysnB6+SeoiKF+eWD8TzswYktAOEAtWxQs2PUZz0SM/h0nrOOj5MN5gMT/soMTulIbr4SEwwLbBF7huDp/BsP/vJZvDOGEkeUWDhnqwpAkmZYIZ1x44J0e5sSviCjVQtUweo2/a8YYi6KGT/skVSYWTm9WC6dXHhjHGulobU21Ly7h6A4K+eXcLfJHv5ZXVCrxVS4JuLo8N4zWwsmO61QWv6YhHC2yegsn4xHO9RQCm2pNrXBOHmZx86Q30apMwsmjhmdJe/3mx4iihsuMcGQLx6232DoQ8jVMedoDLkhJM1+D82Lr3uITThQwzFNeM5qvrFf5EE7huCLfnG23DeEUTjiKD4fBzH04zLDJnNq0Mx33LpK6+F82wmn69FxNybY2vJEalqtrLlwNL7mFg27+Sa9bftWeYREAdoFBRlxDgkPifH+RCYeqrc9UdopReVgUjCsGUiazNmkIJ4Rsupk5dNDR7gVZ+UVml0flI/BXAJaewwUHvZURpXpDNRx5CzW85BYOWy+yYj1bL4L9d6hpvbReZOyDhhd1YjdKEQkHfmS6o4oIp1BccYlJ31ef4TFvCKcQZDtxHU5D+i5tQsM1ZZMr+DocALPlnYZtoxZqyPuIecPXA9oFB5VBOMVXw0tv4agrYt0BfoWddMuyxmmF5/7+YhNO5PWrHys9iboyLArE1T3qOzr3m60NhSCb4ViSNTOoXWmsrEgeWsrd4ouagKv4anjpLRy+52dontagsX0qYw8oLOCkH1EopY/nMCqq0zhS+YTDYyn0WRCuGYlwzObNwpBNeHupWOSUYK49QLLseHupppf7mFt9Ood8NsKp2bnqizJKMVp0NVya9BTbUqn3vSWvjuOmUh+IkKIDt37enu/7hnCKg6shnCxHIpVqnRNYnkyl5uRbqRW0i4phDrecBRCOKfVbCYchnGIdhnCKdBjCMYRjCMcQTskJZ925plWmEJ4hHEM4hnCWhHBMqV9DOIZwDOEYwjGEYwjHEI4hnNBxYsOqlYZwDOEYwjFHIYSzu2nnBuM0NoRjCMcQjolSLTHhpP/KknPb7qnufQfYTlj7Lxe6u/k5P5zL+7y1Tu7l7u49O9npw+7uz5rEMy8udH/+Xyd8rmnkT191fz7vbd6ERvasqzbC8V9VQgJADqIiPfcNQOLocFU6Rz4PNRLAUvRuNRGOeNk8IuuLti+w9tcXuvfNz+mR1YmsaERGVjc+DOEURDjugJdUaIrlQMcdsO5dS5z7x6DVwhZhek9O2iyPMRxXvVShDyhnyKG2wLmukR764jG88JbF3q4ywuGvKiNxi2WLVdJGqM9Z9JyKq9I58nm4kQCWvHeri3C8l80nsuLlJYF1WHb02o12GFmtyIpGJGT14yMX4exsWrfSOI0JxgEvixnWXOjbxLbAdoLYb3oqJ+OmXvYSyaXjVsuBp82Y8Az38tCXGPS4l3DrKNvYI59rGpnCnxilrNTOCDRyqk79tconHPGqEhIAcqxv0yOejFt97r5ljW0CUT5rB3FVOkc+DzUSwFL0blURDn/ZPCLri7YvsLixnuTOS8KqtKETWdGIjKx2fJgoVQGE42CJBQZoF+1MS4xY+zG1Ae4MBC3rZxjC1PaeTHdS3kroqdvYlfAlt57tSYHvoeqewj/K55pG4Hegy51B7LMpGlfQs2ed6iEc/1VlJLp4DZKWttBzgCXC3YnZD1Rclc5RzkONKFhKvVtFhOO/bE6R9V9eFlhgdYTNL6ipthEUWQlBCVnd+DCEUxDhJEWe1kQ9G+/peGwCsJ1gnSG4nuWvZANoF9O7o1t24Pcn/Ad5it370B/yuR1uBHqfDOGj8OOdvNjDUFvVEI70qjISw2i++Pvqled6GAzpf/X1B3BVOkc+D/+YgmUya03TCiYc/2Vzi6z/8rLAAoeflTtAbkMjshKCErKa8VH8sPjKmpqqIJyxD4c54ZA2SAP3u3t/i061xLBvcySutOxIciVa25ZI7d3tGauP6cHjDrXGKIMlwffP7XAj6WY2XDpBh3exFGqUr7pKCMeRXlVGInW4icEeexaEJIH9cHJvI20KVHFVOkc+D+OqYOn3bvUQjoRsbpH1X14WWLB2PAvnmR1EViOyEoISsprxkdeHs/wtfThV4jTOrOOQA/VfDQx7sC2FsCYOz9liAB3C6SsV9MVEIb6vIenVCEAWkc+1jYh8+Q1ebop0XfUQjvqqQSTAgOfGnP8c9EPfI+ECVXBVOkfTUUojEpZ+71aThSNeNrfI+i8vCyz5cNBP481H5TY0Ius3kghLqTw+TJSqQB+OI5C8z+Du5BEOh+dclMwhPkWwrO/ilP3MzjB3/Vn2DeaFoJJi8rm2kdog4WSqiXD8V3VCSDidakROcAUcm704iIxroHOCHRVoRMIye03TCo9SedKTU2R90VYEFp5eg9cTYWQ1Ius3kghKaXh8FJdwzn16rjrC4hxJmJi2zDfeFcE+dN/32nrCib1jJ7pwbouhwunuZj+XtzW292EzxgDkc00jfBo8CObrCBtX7kBVEo4dRAL5RsmJ5RPOWL+d3oVXKq5q5wQ7SmkkiGVVE04+kfUJRwgsrsZo2ffIW4+htqEXWU44QWTD4yMX4dSs273BOI2VWaxfvp1gTMZDZXd8wqFhgJUCOukhl9d89FaP0ICSz3WNMO0A5quYUlWoD2d1HsIJIAFgBaq3CMIhOce6pXYAV7Vz1I7SWjgCy2omnLwi6xOOEFgABsFP8tILShtakQ1OqZqzjo8yiFKtLpdBEc1v4dj2i5ebN/edrCdAe0grZCGcmGec3Fxfz/pN2Jnu6MebtywbJK+bfJ5rStU+XNlTqtWf5CEcBQm0XQLVWwRXXOMq1A3iqnaOfB5oJIhlVVs4+URWEI4Q2HZ+LgWYpDZ0IssJR0VWNz4M4SyMcLbNMRMTe6RLlyI6qYZ5sV9YkBHb+B1+rn/fZm7+a45yHm4EFMUztprqKvwYLYObCpWlzUo470XulNGU6pPIf3IOCxkJqgbg2HrCoZCUe5QiUQquSuc4ckcFlX4Qy+omnDwi61s4QmDTcTaVTwr/i9SGVmT5DEBBtkufQr2IhLO9ZufuPITzyzIjnPdyE04Py+5Pyw0GtTUbk2IdDq0RH7aO+6sYiPbhTi+7+j975x/bxlnG8eykns/naQd3iUc9UpAoQSKTjP8JCiSW3YLHVCWailU5biM3aUtSjZF5hFFSAoyu0JJFQu2UsT/WJvMkWCdYybYgsfUHbWGN9kPAqmllf7SrVFGtU6b+sdE/eZ73vV+O72zHdpyz9Xz/yOuzXz9+n/fH555737u8C3mvHYzAefwln74d+Xk+On5X/n049/hnWmc8VLVFgWOvCdxMYcEl3zHuP1xSXV9Wr/mNY39dYGR5XTY1cEp1Wd15W4cNGTckPGlEMTYbzl3WqEF7zZ533dPUfSM8JbLaq1RL/n4PzeEslgIO20gQN0y+wDY4uve7u3fvfjzjO/mPh7fkNzNOeu4IhdhWYZD9vwd9z5/GuYZzf371X7jaePI0doC07bUvBJ+F8k9O8PUduPoLzcfv8DxXeIuaK3B8zCFvaAZKki4xaWzWBHh9Bit29+6DVs3+1LzT+MzPcdKYQSWvXkO2xrE3lK/AyPK6bGrguHRZs7cZwYmtwwJUnk2y77zE685mw7nL2panjJq1/5iHlsWXPDTRgAGBrzhw8OS7f5Oo3zxv7nZk3QRusuLkTnNqzdwX6QLa2Y6b+dzHd+/x2V/jZwedjVzwGc9xLls/LwqcSf9cv0eqtrO1x1888Ldq4mSHbbcjs2aNfMdsGyHl1+tBW+PYG8rnasSoy6YGjkuXNXubyQqrw5r7TR1+jdedvTYdu6xZg1bN2n+sXsBJJJVkCeCk/YueifsRfe7A4WuvbJtBttvOMduWRnnA0bvxWfZU7dXXfMYePZdlZufMQdwQUjwgsFy212nzoSDLCPu53gU8i4TOQ9ZrHxbc1OAOnK3+fhjn3pjC6fZPug0L3VWzJoyevxw4ej724M7rsq+wXm2N48t7XWBkWV2ardtkwOHOOndZs7eZzts6LN9v6tpV84Eqe206dVnTiFWzx9y3/HIDTqTafanKmDT2scVoz9wrMl/sfnF9/mxk5NOybi8PfdvKeXZk5MvWHFv6iZEvOb12svLEyIj5qNYIZA2VD5wfAsy9UbeLrlM4dqgXr4m8fCHHes1vnKINVVCXoaYDjnOtuHftvA6L/e5TFxsuDRUq1kvLmzRuWf1VKt+8v3uu3SNXVGWMijWUSyO6A8fnb5+b80KI094NkVa6AeqySYGzinVU0bfWclmcTeJ4Y2qzH67t0o3XL4oAB+u23xMBTn/R2NGjon8xukpaNeBMZ5LxUsBJwzVVd7snApwut3mGRgUOhDhdHpgh68E4K03AIZWcNJ5VV3uVCqc2O70w0wBh/4ynr6gqAc4SH+xrXLMIva0+Ag7JA8viGOJ44jSMFx+NGOAUBY5vHgK3ubW9Yp3phkvmhqxZAk6jAaecSyr9NDyz5tMMXe2NGPaXAI5vEgd81+KaXbPOdDHgpQk4pJLACauJwKpPGvt8ITwNt3au5TxOTz/OIy35mg84oUl/e+dca3d/5+JMfWu4fWaxs78bGrbHP9mQvCHgNNykcXnAwdNwD5wI1ww5M/2trf2NypsSwMEA0t++ONfK1F0/6b8IuGnI+RsCThMDJwQxjn8RTobdXZ1wIu6pn/Ak3AU/3A9XdA3Km5LAwWl5f3vPDPO1foKQCpoSziHzaR8Bh1QOcLLZaLS6RxviJR9tME7Dkxho6GfFOqsbz8KTDTssSgMHqnd+jYLH+aV0444LAk6jTRqXtUrFY5wQIgdPxIuLnfXT4gw7CfvnzzZu65UDHFB6aWlpaz0Fv5du7HFBwGla4DDknF2a//UanIQntzb2wCgTOCQCTtMDZ1qNZ8oEjqV76ilGusZuPQIOAadJgJMIT0/VZZWKRMAh4BBw6rYsTiLgNAhw7vgqqVp97d61As7X7yJVrc86AecOqpfq9Rkn4JBqIyfgpAKDser2Fk8OyNkiwCHVSIXAIdVGBJw6AkeWher2Fp8SZLmNgEPAIeCQSgMnCMCp7l+MDgqCHCbgEHCaBDjTXyTVSsFCJLQBcCaqm8OJq+GgC3CyAVLNtOxMQRWySjVLWlUFU+HBKieNJY2qkUQilaVY1atURZapSCQSyaY+qQbAUTNUkSQSqZSGlOnqI5zpWfd1KhKJRNIVkGUhUzVwJgRBVqgySSRScamyIExVf0kVERSa6SeRSKUULhXglAWcaCTaB+ESVSeJRHK9ngq29ElTgzUADrv/LyzHU1SpJBLJScGMrPSVAZJygdMnyDL+q9EgVS2JRMqDDVAhXOohqhUCJyEIQqKlJSXLA2hdUXAaOaKw/3c8pCi4dVVGUYYgiSuKCklSUSKQQEb4WhCSNgi6IIEwqQ0SuEBLQJJdbks1bWWcbIVbWrJ5JlOWySA32cJM2mwNcVt68ZLcJLfVUsJW1t1Vt+IFuckAN2lzNVjS1aHKXFW4rWSNXS27JQKWyYBpstauZivudKkadrpAkZaIOHW6+rq6NuMrLstQLm1WKDl/sxLgSBOZ2VgsOg2BToumqbIsa5qWAfxAAr+oQJKEGAiSWVnOQDIgy6qmtUDGiKYFIUloGuBKbtO0NkgCmpaAJKtpEW5riNsCk7OWLUWW49zWECTcVhaSsKYFLFspbiuoaYBZvXg2W3rxdFt68U6ZxQsvL16CFy/sVDw3V63iFbpqFa8KVxPurp4q4eqAu6ttVbmaLeFqQUsUuJrhtgqK5+Zq9Z2uDFdX2umqc9XW6Wrsap3GV19cFuLRmBSJT0m1BI4kDbL/cCwIMRbvzLLlK0GBZEgQ4vjQFUdcUhBwN3MAHkRYMcg/zZ4AFVJsgR1XzaYg0SQpBckgj524ZbSlCkISkgy3Fee2FEGIQIJBliRFuck+y9aEaWsakiizpRcvmVe8IV68CC9evq0AL94EN9ln2tKLFzGLF7eKl+eqXrxCVyccXJ2twFW9eIG84pXnati0NWi5OlWBq4qDq5pbS8QcXI0XuDpbrqtuna7A1Uo6XdypJSpx1bEllJV3usYZXyo/ipZHkRUAh8U5qQQWLaCqWNCUqkbYvz1WsWkSqppAz1QVn0+PqGoKS6OqUOwoJBN4y7KqQk1MQDLIEyjlVAW2IBm0TPaZJtFWjPQC+zwAAAhHSURBVNlSua0ItxXmthLc1jS3Ba0dK2GrwuJZrmqr7WqgLFdTq+mqblKzTK7UVqC0q1EXV/NN5rnq2OmmatESha7mdTpHW9MVuNoY4yuVSE2VT5AVAodEIpEqFwGHRCIRcEgkEgGHRCKRCDgkEomAQyKRSAQcEolEwCFVqfEnH3los6dKNBZtFk9IBBzSMj3aIW646KUCretYaBJPSAQckseH6dhTorivQk92ihsowiHgkLwNnEP3H/bQMF3/KwIOiYBDIuCQCDikZtPYy6J4gYBDIuA0a0hxM/d0liVXYm++u0kUH7yi6R/dem+bKO7ZO3w0lwtL0vgLuSu33hHFBz7GVaQbb0NW8d//M8zceuENOH5wl74x/dgf0NTlhz/emPdjN3K5D45gzsvf+77x3vgP8JuX92ZZhvfg9YdP5yJQqjb28bpcbi8zMnYzl8OHjcdvYv7XdwVNk4lfbBP3vJoygBOD8uZ+maWmJeCQvKdHYbBelKS/i+KBt0Wma3xOZ+xv/FA8cFoUt7Acezrw+NnN0vqP9M/Eq8PMyueNY3EHHh550Tg8sHnZ9dKPO+wZARg79eNehWdgugveXTAint4P9IKKlyTpc5sM04Jh8j52uGAA52iHZZ1EwCF5Czh8mH5FZAO5l/09jjHMnfhqP0QT3xAZcDBHL773mLT+ZUzv+4TR6W7I+09+zFgCWcfx894H3sXDn9linPVfAAPwC/czQlySjG/2PvIGR5AJnC1P6aU4cgiO3se4BYA3Oiz9Fj/d88k2TPbZTIobLuqeMN4MUMMScEieBg5oNCyNYcSB6+RHYUxvyMC10jviZR04GLA8fq7jEhv1owm81Y7xh61lj+LF1Dr40vGYdBQIcBtAc+QtgysGcNDGbU068hH/Ig+FMOsNwAREWmPjbNI4inhhgRYD0iv4ZbZejqUSb0elsTc3cdPc5K5n3nolxj1hvJmldiXgkLwOnO3DRswBfIELqj3sUoaFMzpwRoeNCyaeV/oLoxMGJtfZMYRF2zdi1lEW2BzZaXxgAWfAMIqxD6LrFPvs6CEWsmCWfbxY4gn+AxBFDfNQ54T0e14W0OQ2FgMxk6ekmOEJ402SmpWAQ/I8cK4bb8CYHn+RhyA4tDeZwHmfvYGvTpjfhjcROGfYJO6tP/2nj2eQ2QzMM9/5azQfOKMmqX6zkb1xXM8A7wBYDODg3A2k4+waq/cS4+Dhu8d/wiIoJiAiFNxmEspy+PlDVtlIBBySh4GjrynjEN6CNyAbAxdHOQcOzi5LLCzZkHgO9UeMO4BLGHhce+hH39JZwC589u/65vKNzgyacGhBhIOx0mPM0nN9d/Jgycjy//bO5iWqKArgu4eLdi1CCN2I/Q+BMU0tBNsENQRFuDFcWG8zFDUY1USbIB1diEgFY4u+W6RjGBVCteibkFJbRG4SBEXatOyec+/7mtGxRRO9+P02Mu9d7xtneD/OOffc56DGSiZgefZORWd89FDfVRAxmYsYEcn485H8hEd8qQgHUiacD7oapUiw0RUfMeMleO4KtbK4fbRPnBMucH28eKaucE62J2Yq74mGGJ+YlO6FmX5QohprPXOdlm/RGzdHYlMGwnnIl4pwIGXCMXe6F9zaW6qEM5UUjkmNMsNP3YvForTP+NfCs5VMPeF0J6e6HQ2RZOqJhE5d/ZJMDWdFR1KN3lQ4rsgDCAdSI5z+bBThjNQKpzA67hgdX5VjmRXt/PPc4lJT/uY71zBT2UQ4H8OpxkdjEY5objL/wKRZknfNDtrlr/aomXhd4bSMdQfvABAOpKeG0x3VcC7VCufses+suXFVWweDIou/8l5ijsNt9VOqrg3KPCaw6b2Vk/jJCO/niK5mxd6V+92kcDpmm/YHy+iAcCA1wnHVYK2mZKuE88KuG+ng5QtX+pqGPs8d32bHtsv9v3Tnk13rlmJO7OEXNcIRlwV2WHo5enFrbPOmiW56XmqFyEQ381mdR4QT7LQa1CJ2UjhSBJogqUI4kDbhRH04klElhSPr5JO2NPNBi8b93uKiDTz8Vnk9oYUdd768Z2PhyNzOXXLODJUjTikzXtbbKQHNcG7etT/LWTefNgO1VQlHO41zJFUIB9ImHLlve3a7buGkcCTH8b6LUaRbz0QeevPruXM6dnvQhzN0KbG3oUY4Gj2VZUumP+X2Kpif10NZWXXkT8ueiiPBsV650lCr3TBVKxy9+mSGbxbhQIqEY/djFl6HCz8x4WifTfHgjzm3Km73XZ26//mVVYRugCruu38nt0nR2HXwHBt7/9RzsYuuqHdIvKSzaFugHHNtzyO6k8HOLFHUOsLRZkGSKoQDqRJOuAO8UCOcaIu3ueulzdfu5lR6ZoPgxDK5q65wfNlVtWiHHoiuWglyuYorGgWBUv5tOLNGOusIR1M+kiqEA/+ocMpWOOUq4WTWZNGp8HVX2PgXlWOGXKNN0T0Qxz/hWvgeH9LXa+5RF8XVeG7T3BoWaHaEZZ4l18Lz2D3gZtlzGzuj4rQsSIWB0hsru4J91E5sSveX2LTMq/DVIhxID81nMu4/tkiFpjZDyS/cLXVejl7790ql0kJb7Hyp1Dn9Gxfym6p+0783faNeCUauZGamSoNw4P9hJgwSok1UVaL4U/gNHg8IB1IgnF7trZEAx+3HBkA40BDkSTUtXztLuh70hc8DEA40EH8ittJEvQQQDjTWOCdyVjctq/gGEA40XDkLYwMDY3szLAgBwoHGC8fApwAIBwAQDgAAwgEAhAMAgHAAAOEAAMIBAEA4AIBwAAAQDgAgHABAOAAACAcAEA4AAMIBAIQDAAiHjwAA/ha/AKlOhcmgYHs1AAAAAElFTkSuQmCC" alt="ingress with external load balancer image"></p> <p>In this case, port 8080 must be open between the load balancer and the nodes in the swarm. The swarm nodes can reside on a private network that is accessible to the proxy server, but that is not publicly accessible.</p> <p>You can configure the load balancer to balance requests between every node in the swarm even if there are no tasks scheduled on the node. For example, you could have the following HAProxy configuration in <code class="language-plaintext highlighter-rouge">/etc/haproxy/haproxy.cfg</code>:</p> <div class="highlight"><pre class="highlight" data-language="">global
+        log /dev/log    local0
+        log /dev/log    local1 notice
+...snip...
+
+# Configure HAProxy to listen on port 80
+frontend http_front
+   bind *:80
+   stats uri /haproxy?stats
+   default_backend http_back
+
+# Configure HAProxy to route requests to swarm nodes on port 8080
+backend http_back
+   balance roundrobin
+   server node1 192.168.99.100:8080 check
+   server node2 192.168.99.101:8080 check
+   server node3 192.168.99.102:8080 check
+</pre></div> <p>When you access the HAProxy load balancer on port 80, it forwards requests to nodes in the swarm. The swarm routing mesh routes the request to an active task. If, for any reason the swarm scheduler dispatches tasks to different nodes, you don’t need to reconfigure the load balancer.</p> <p>You can configure any type of load balancer to route requests to swarm nodes. To learn more about HAProxy, see the <a href="https://cbonte.github.io/haproxy-dconv/">HAProxy documentation</a>.</p> <h3 id="without-the-routing-mesh">Without the routing mesh</h3> <p>To use an external load balancer without the routing mesh, set <code class="language-plaintext highlighter-rouge">--endpoint-mode</code> to <code class="language-plaintext highlighter-rouge">dnsrr</code> instead of the default value of <code class="language-plaintext highlighter-rouge">vip</code>. In this case, there is not a single virtual IP. Instead, Docker sets up DNS entries for the service such that a DNS query for the service name returns a list of IP addresses, and the client connects directly to one of these. You are responsible for providing the list of IP addresses and ports to your load balancer. See <a href="https://docs.docker.com/network/overlay#configure-service-discovery">Configure service discovery</a>.</p> <h2 id="learn-more">Learn more</h2> <ul> <li><a href="../services/index">Deploy services to a swarm</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=guide">guide</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=network">network</a>, <a href="https://docs.docker.com/search/?q=ingress">ingress</a>, <a href="https://docs.docker.com/search/?q=routing%20mesh">routing mesh</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/ingress/" class="_attribution-link">https://docs.docker.com/engine/swarm/ingress/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fjoin-nodes%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fjoin-nodes%2Findex.html
new file mode 100644
index 00000000..5ad31fa1
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fjoin-nodes%2Findex.html
@@ -0,0 +1,36 @@
+<h1>Join nodes to a swarm</h1>
+
+<p>When you first create a swarm, you place a single Docker Engine into swarm mode. To take full advantage of swarm mode you can add nodes to the swarm:</p> <ul> <li>Adding worker nodes increases capacity. When you deploy a service to a swarm, the Engine schedules tasks on available nodes whether they are worker nodes or manager nodes. When you add workers to your swarm, you increase the scale of the swarm to handle tasks without affecting the manager raft consensus.</li> <li>Manager nodes increase fault-tolerance. Manager nodes perform the orchestration and cluster management functions for the swarm. Among manager nodes, a single leader node conducts orchestration tasks. If a leader node goes down, the remaining manager nodes elect a new leader and resume orchestration and maintenance of the swarm state. By default, manager nodes also run tasks.</li> </ul> <p>The Docker Engine joins the swarm depending on the <strong>join-token</strong> you provide to the <code class="language-plaintext highlighter-rouge">docker swarm join</code> command. The node only uses the token at join time. If you subsequently rotate the token, it doesn’t affect existing swarm nodes. Refer to <a href="../swarm-mode/index#view-the-join-command-or-update-a-swarm-join-token">Run Docker Engine in swarm mode</a>.</p> <h2 id="join-as-a-worker-node">Join as a worker node</h2> <p>To retrieve the join command including the join token for worker nodes, run the following command on a manager node:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token worker
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
+    192.168.99.100:2377
+</pre></div> <p>Run the command from the output on the worker to join the swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join \
+  --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
+  192.168.99.100:2377
+
+This node joined a swarm as a worker.
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">docker swarm join</code> command does the following:</p> <ul> <li>switches the Docker Engine on the current node into swarm mode.</li> <li>requests a TLS certificate from the manager.</li> <li>names the node with the machine hostname</li> <li>joins the current node to the swarm at the manager listen address based upon the swarm token.</li> <li>sets the current node to <code class="language-plaintext highlighter-rouge">Active</code> availability, meaning it can receive tasks from the scheduler.</li> <li>extends the <code class="language-plaintext highlighter-rouge">ingress</code> overlay network to the current node.</li> </ul> <h2 id="join-as-a-manager-node">Join as a manager node</h2> <p>When you run <code class="language-plaintext highlighter-rouge">docker swarm join</code> and pass the manager token, the Docker Engine switches into swarm mode the same as for workers. Manager nodes also participate in the raft consensus. The new nodes should be <code class="language-plaintext highlighter-rouge">Reachable</code>, but the existing manager remains the swarm <code class="language-plaintext highlighter-rouge">Leader</code>.</p> <p>Docker recommends three or five manager nodes per cluster to implement high availability. Because swarm mode manager nodes share data using Raft, there must be an odd number of managers. The swarm can continue to function after as long as a quorum of more than half of the manager nodes are available.</p> <p>For more detail about swarm managers and administering a swarm, see <a href="../admin_guide/index">Administer and maintain a swarm of Docker Engines</a>.</p> <p>To retrieve the join command including the join token for manager nodes, run the following command on a manager node:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token manager
+
+To add a manager to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-61ztec5kyafptydic6jfc1i33t37flcl4nuipzcusor96k7kby-5vy9t8u35tuqm7vh67lrz9xp6 \
+    192.168.99.100:2377
+</pre></div> <p>Run the command from the output on the new manager node to join it to the swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join \
+  --token SWMTKN-1-61ztec5kyafptydic6jfc1i33t37flcl4nuipzcusor96k7kby-5vy9t8u35tuqm7vh67lrz9xp6 \
+  192.168.99.100:2377
+
+This node joined a swarm as a manager.
+</pre></div> <h2 id="learn-more">Learn More</h2> <ul> <li>
+<code class="language-plaintext highlighter-rouge">swarm join</code> <a href="../../reference/commandline/swarm_join/index">command line reference</a>
+</li> <li><a href="../swarm-tutorial/index">Swarm mode tutorial</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=guide">guide</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a>, <a href="https://docs.docker.com/search/?q=node">node</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/join-nodes/" class="_attribution-link">https://docs.docker.com/engine/swarm/join-nodes/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fkey-concepts%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fkey-concepts%2Findex.html
new file mode 100644
index 00000000..3be49102
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fkey-concepts%2Findex.html
@@ -0,0 +1,10 @@
+<h1>Swarm mode key concepts</h1>
+
+<p>This topic introduces some of the concepts unique to the cluster management and orchestration features of Docker Engine 1.12.</p> <h2 id="what-is-a-swarm">What is a swarm?</h2> <p>The cluster management and orchestration features embedded in the Docker Engine are built using <a href="https://github.com/docker/swarmkit/">swarmkit</a>. Swarmkit is a separate project which implements Docker’s orchestration layer and is used directly within Docker.</p> <p>A swarm consists of multiple Docker hosts which run in <strong>swarm mode</strong> and act as managers (to manage membership and delegation) and workers (which run <a href="#services-and-tasks">swarm services</a>). A given Docker host can be a manager, a worker, or perform both roles. When you create a service, you define its optimal state (number of replicas, network and storage resources available to it, ports the service exposes to the outside world, and more). Docker works to maintain that desired state. For instance, if a worker node becomes unavailable, Docker schedules that node’s tasks on other nodes. A <em>task</em> is a running container which is part of a swarm service and managed by a swarm manager, as opposed to a standalone container.</p> <p>One of the key advantages of swarm services over standalone containers is that you can modify a service’s configuration, including the networks and volumes it is connected to, without the need to manually restart the service. Docker will update the configuration, stop the service tasks with the out of date configuration, and create new ones matching the desired configuration.</p> <p>When Docker is running in swarm mode, you can still run standalone containers on any of the Docker hosts participating in the swarm, as well as swarm services. A key difference between standalone containers and swarm services is that only swarm managers can manage a swarm, while standalone containers can be started on any daemon. Docker daemons can participate in a swarm as managers, workers, or both.</p> <p>In the same way that you can use <a href="../../../compose/index">Docker Compose</a> to define and run containers, you can define and run <a href="../services/index">Swarm service</a> stacks.</p> <p>Keep reading for details about concepts relating to Docker swarm services, including nodes, services, tasks, and load balancing.</p> <h2 id="nodes">Nodes</h2> <p>A <strong>node</strong> is an instance of the Docker engine participating in the swarm. You can also think of this as a Docker node. You can run one or more nodes on a single physical computer or cloud server, but production swarm deployments typically include Docker nodes distributed across multiple physical and cloud machines.</p> <p>To deploy your application to a swarm, you submit a service definition to a <strong>manager node</strong>. The manager node dispatches units of work called <a href="#services-and-tasks">tasks</a> to worker nodes.</p> <p>Manager nodes also perform the orchestration and cluster management functions required to maintain the desired state of the swarm. Manager nodes elect a single leader to conduct orchestration tasks.</p> <p><strong>Worker nodes</strong> receive and execute tasks dispatched from manager nodes. By default manager nodes also run services as worker nodes, but you can configure them to run manager tasks exclusively and be manager-only nodes. An agent runs on each worker node and reports on the tasks assigned to it. The worker node notifies the manager node of the current state of its assigned tasks so that the manager can maintain the desired state of each worker.</p> <h2 id="services-and-tasks">Services and tasks</h2> <p>A <strong>service</strong> is the definition of the tasks to execute on the manager or worker nodes. It is the central structure of the swarm system and the primary root of user interaction with the swarm.</p> <p>When you create a service, you specify which container image to use and which commands to execute inside running containers.</p> <p>In the <strong>replicated services</strong> model, the swarm manager distributes a specific number of replica tasks among the nodes based upon the scale you set in the desired state.</p> <p>For <strong>global services</strong>, the swarm runs one task for the service on every available node in the cluster.</p> <p>A <strong>task</strong> carries a Docker container and the commands to run inside the container. It is the atomic scheduling unit of swarm. Manager nodes assign tasks to worker nodes according to the number of replicas set in the service scale. Once a task is assigned to a node, it cannot move to another node. It can only run on the assigned node or fail.</p> <h2 id="load-balancing">Load balancing</h2> <p>The swarm manager uses <strong>ingress load balancing</strong> to expose the services you want to make available externally to the swarm. The swarm manager can automatically assign the service a <strong>PublishedPort</strong> or you can configure a PublishedPort for the service. You can specify any unused port. If you do not specify a port, the swarm manager assigns the service a port in the 30000-32767 range.</p> <p>External components, such as cloud load balancers, can access the service on the PublishedPort of any node in the cluster whether or not the node is currently running the task for the service. All nodes in the swarm route ingress connections to a running task instance.</p> <p>Swarm mode has an internal DNS component that automatically assigns each service in the swarm a DNS entry. The swarm manager uses <strong>internal load balancing</strong> to distribute requests among services within the cluster based upon the DNS name of the service.</p> <h2 id="whats-next">What’s next?</h2> <ul> <li>Read the <a href="../index">Swarm mode overview</a>.</li> <li>Get started with the <a href="../swarm-tutorial/index">Swarm mode tutorial</a>.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=container">container</a>, <a href="https://docs.docker.com/search/?q=cluster">cluster</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/key-concepts/" class="_attribution-link">https://docs.docker.com/engine/swarm/key-concepts/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fmanage-nodes%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fmanage-nodes%2Findex.html
new file mode 100644
index 00000000..41b8ef5a
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fmanage-nodes%2Findex.html
@@ -0,0 +1,64 @@
+<h1>Manage nodes in a swarm</h1>
+
+<p>As part of the swarm management lifecycle, you may need to view or update a node as follows:</p> <ul> <li><a href="#list-nodes">list nodes in the swarm</a></li> <li><a href="#inspect-an-individual-node">inspect an individual node</a></li> <li><a href="#update-a-node">update a node</a></li> <li><a href="#leave-the-swarm">leave the swarm</a></li> </ul> <h2 id="list-nodes">List nodes</h2> <p>To view a list of nodes in the swarm run <code class="language-plaintext highlighter-rouge">docker node ls</code> from a manager node:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls
+
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+46aqrk4e473hjbt745z53cr3t    node-5    Ready   Active        Reachable
+61pi3d91s0w3b90ijw3deeb2q    node-4    Ready   Active        Reachable
+a5b2m3oghd48m8eu391pefq5u    node-3    Ready   Active
+e7p8btxeu3ioshyuj6lxiv6g0    node-2    Ready   Active
+ehkv3bcimagdese79dn78otj5 *  node-1    Ready   Active        Leader
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">AVAILABILITY</code> column shows whether or not the scheduler can assign tasks to the node:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">Active</code> means that the scheduler can assign tasks to the node.</li> <li>
+<code class="language-plaintext highlighter-rouge">Pause</code> means the scheduler doesn’t assign new tasks to the node, but existing tasks remain running.</li> <li>
+<code class="language-plaintext highlighter-rouge">Drain</code> means the scheduler doesn’t assign new tasks to the node. The scheduler shuts down any existing tasks and schedules them on an available node.</li> </ul> <p>The <code class="language-plaintext highlighter-rouge">MANAGER STATUS</code> column shows node participation in the Raft consensus:</p> <ul> <li>No value indicates a worker node that does not participate in swarm management.</li> <li>
+<code class="language-plaintext highlighter-rouge">Leader</code> means the node is the primary manager node that makes all swarm management and orchestration decisions for the swarm.</li> <li>
+<code class="language-plaintext highlighter-rouge">Reachable</code> means the node is a manager node participating in the Raft consensus quorum. If the leader node becomes unavailable, the node is eligible for election as the new leader.</li> <li>
+<code class="language-plaintext highlighter-rouge">Unavailable</code> means the node is a manager that can’t communicate with other managers. If a manager node becomes unavailable, you should either join a new manager node to the swarm or promote a worker node to be a manager.</li> </ul> <p>For more information on swarm administration refer to the <a href="../admin_guide/index">Swarm administration guide</a>.</p> <h2 id="inspect-an-individual-node">Inspect an individual node</h2> <p>You can run <code class="language-plaintext highlighter-rouge">docker node inspect &lt;NODE-ID&gt;</code> on a manager node to view the details for an individual node. The output defaults to JSON format, but you can pass the <code class="language-plaintext highlighter-rouge">--pretty</code> flag to print the results in human-readable format. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node inspect self --pretty
+
+ID:                     ehkv3bcimagdese79dn78otj5
+Hostname:               node-1
+Joined at:              2016-06-16 22:52:44.9910662 +0000 utc
+Status:
+ State:                 Ready
+ Availability:          Active
+Manager Status:
+ Address:               172.17.0.2:2377
+ Raft Status:           Reachable
+ Leader:                Yes
+Platform:
+ Operating System:      linux
+ Architecture:          x86_64
+Resources:
+ CPUs:                  2
+ Memory:                1.954 GiB
+Plugins:
+  Network:              overlay, host, bridge, overlay, null
+  Volume:               local
+Engine Version:         1.12.0-dev
+</pre></div> <h2 id="update-a-node">Update a node</h2> <p>You can modify node attributes as follows:</p> <ul> <li><a href="#change-node-availability">change node availability</a></li> <li><a href="#add-or-remove-label-metadata">add or remove label metadata</a></li> <li><a href="#promote-or-demote-a-node">change a node role</a></li> </ul> <h3 id="change-node-availability">Change node availability</h3> <p>Changing node availability lets you:</p> <ul> <li>drain a manager node so that only performs swarm management tasks and is unavailable for task assignment.</li> <li>drain a node so you can take it down for maintenance.</li> <li>pause a node so it can’t receive new tasks.</li> <li>restore unavailable or paused nodes available status.</li> </ul> <p>For example, to change a manager node to <code class="language-plaintext highlighter-rouge">Drain</code> availability:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --availability drain node-1
+
+node-1
+</pre></div> <p>See <a href="#list-nodes">list nodes</a> for descriptions of the different availability options.</p> <h3 id="add-or-remove-label-metadata">Add or remove label metadata</h3> <p>Node labels provide a flexible method of node organization. You can also use node labels in service constraints. Apply constraints when you create a service to limit the nodes where the scheduler assigns tasks for the service.</p> <p>Run <code class="language-plaintext highlighter-rouge">docker node update --label-add</code> on a manager node to add label metadata to a node. The <code class="language-plaintext highlighter-rouge">--label-add</code> flag supports either a <code class="language-plaintext highlighter-rouge">&lt;key&gt;</code> or a <code class="language-plaintext highlighter-rouge">&lt;key&gt;=&lt;value&gt;</code> pair.</p> <p>Pass the <code class="language-plaintext highlighter-rouge">--label-add</code> flag once for each node label you want to add:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --label-add foo --label-add bar=baz node-1
+
+node-1
+</pre></div> <p>The labels you set for nodes using docker node update apply only to the node entity within the swarm. Do not confuse them with the docker daemon labels for <a href="https://docs.docker.com/config/labels-custom-metadata/">dockerd</a>.</p> <p>Therefore, node labels can be used to limit critical tasks to nodes that meet certain requirements. For example, schedule only on machines where special workloads should be run, such as machines that meet <a href="https://www.pcisecuritystandards.org/">PCI-SS compliance</a>.</p> <p>A compromised worker could not compromise these special workloads because it cannot change node labels.</p> <p>Engine labels, however, are still useful because some features that do not affect secure orchestration of containers might be better off set in a decentralized manner. For instance, an engine could have a label to indicate that it has a certain type of disk device, which may not be relevant to security directly. These labels are more easily “trusted” by the swarm orchestrator.</p> <p>Refer to the <code class="language-plaintext highlighter-rouge">docker service create</code> <a href="../../reference/commandline/service_create/index">CLI reference</a> for more information about service constraints.</p> <h3 id="promote-or-demote-a-node">Promote or demote a node</h3> <p>You can promote a worker node to the manager role. This is useful when a manager node becomes unavailable or if you want to take a manager offline for maintenance. Similarly, you can demote a manager node to the worker role.</p> <blockquote> <p><strong>Note</strong>: Regardless of your reason to promote or demote a node, you must always maintain a quorum of manager nodes in the swarm. For more information refer to the <a href="../admin_guide/index">Swarm administration guide</a>.</p> </blockquote> <p>To promote a node or set of nodes, run <code class="language-plaintext highlighter-rouge">docker node promote</code> from a manager node:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node promote node-3 node-2
+
+Node node-3 promoted to a manager in the swarm.
+Node node-2 promoted to a manager in the swarm.
+</pre></div> <p>To demote a node or set of nodes, run <code class="language-plaintext highlighter-rouge">docker node demote</code> from a manager node:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node demote node-3 node-2
+
+Manager node-3 demoted in the swarm.
+Manager node-2 demoted in the swarm.
+</pre></div> <p><code class="language-plaintext highlighter-rouge">docker node promote</code> and <code class="language-plaintext highlighter-rouge">docker node demote</code> are convenience commands for <code class="language-plaintext highlighter-rouge">docker node update --role manager</code> and <code class="language-plaintext highlighter-rouge">docker node update --role worker</code> respectively.</p> <h2 id="install-plugins-on-swarm-nodes">Install plugins on swarm nodes</h2> <p>If your swarm service relies on one or more <a href="../../extend/plugin_api/index">plugins</a>, these plugins need to be available on every node where the service could potentially be deployed. You can manually install the plugin on each node or script the installation. You can also deploy the plugin in a similar way as a global service using the Docker API, by specifying a <code class="language-plaintext highlighter-rouge">PluginSpec</code> instead of a <code class="language-plaintext highlighter-rouge">ContainerSpec</code>.</p> <blockquote> <p><strong>Note</strong></p> <p>There is currently no way to deploy a plugin to a swarm using the Docker CLI or Docker Compose. In addition, it is not possible to install plugins from a private repository.</p> </blockquote> <p>The <a href="../../extend/plugin_api/index#json-specification"><code class="language-plaintext highlighter-rouge">PluginSpec</code></a> is defined by the plugin developer. To add the plugin to all Docker nodes, use the <a href="https://docs.docker.com/engine/api/v1.31/#operation/ServiceCreate"><code class="language-plaintext highlighter-rouge">service/create</code></a> API, passing the <code class="language-plaintext highlighter-rouge">PluginSpec</code> JSON defined in the <code class="language-plaintext highlighter-rouge">TaskTemplate</code>.</p> <h2 id="leave-the-swarm">Leave the swarm</h2> <p>Run the <code class="language-plaintext highlighter-rouge">docker swarm leave</code> command on a node to remove it from the swarm.</p> <p>For example to leave the swarm on a worker node:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm leave
+
+Node left the swarm.
+</pre></div> <p>When a node leaves the swarm, the Docker Engine stops running in swarm mode. The orchestrator no longer schedules tasks to the node.</p> <p>If the node is a manager node, you receive a warning about maintaining the quorum. To override the warning, pass the <code class="language-plaintext highlighter-rouge">--force</code> flag. If the last manager node leaves the swarm, the swarm becomes unavailable requiring you to take disaster recovery measures.</p> <p>For information about maintaining a quorum and disaster recovery, refer to the <a href="../admin_guide/index">Swarm administration guide</a>.</p> <p>After a node leaves the swarm, you can run the <code class="language-plaintext highlighter-rouge">docker node rm</code> command on a manager node to remove the node from the node list.</p> <p>For instance:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node rm node-2
+</pre></div> <h2 id="learn-more">Learn more</h2> <ul> <li><a href="../admin_guide/index">Swarm administration guide</a></li> <li><a href="../../reference/commandline/docker/index">Docker Engine command line reference</a></li> <li><a href="../swarm-tutorial/index">Swarm mode tutorial</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=guide">guide</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a>, <a href="https://docs.docker.com/search/?q=node">node</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/manage-nodes/" class="_attribution-link">https://docs.docker.com/engine/swarm/manage-nodes/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fraft%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fraft%2Findex.html
new file mode 100644
index 00000000..8b672c37
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fraft%2Findex.html
@@ -0,0 +1,13 @@
+<h1>Raft consensus in swarm mode</h1>
+<p>When the Docker Engine runs in swarm mode, manager nodes implement the <a href="http://thesecretlivesofdata.com/raft/">Raft Consensus Algorithm</a> to manage the global cluster state.</p> <p>The reason why <em>Docker swarm mode</em> is using a consensus algorithm is to make sure that all the manager nodes that are in charge of managing and scheduling tasks in the cluster, are storing the same consistent state.</p> <p>Having the same consistent state across the cluster means that in case of a failure, any Manager node can pick up the tasks and restore the services to a stable state. For example, if the <em>Leader Manager</em> which is responsible for scheduling tasks in the cluster dies unexpectedly, any other Manager can pick up the task of scheduling and re-balance tasks to match the desired state.</p> <p>Systems using consensus algorithms to replicate logs in a distributed systems do require special care. They ensure that the cluster state stays consistent in the presence of failures by requiring a majority of nodes to agree on values.</p> <p>Raft tolerates up to <code class="language-plaintext highlighter-rouge">(N-1)/2</code> failures and requires a majority or quorum of <code class="language-plaintext highlighter-rouge">(N/2)+1</code> members to agree on values proposed to the cluster. This means that in a cluster of 5 Managers running Raft, if 3 nodes are unavailable, the system cannot process any more requests to schedule additional tasks. The existing tasks keep running but the scheduler cannot rebalance tasks to cope with failures if the manager set is not healthy.</p> <p>The implementation of the consensus algorithm in swarm mode means it features the properties inherent to distributed systems:</p> <ul> <li>
+<em>agreement on values</em> in a fault tolerant system. (Refer to <a href="https://www.the-paper-trail.org/post/2008-08-13-a-brief-tour-of-flp-impossibility/">FLP impossibility theorem</a> and the <a href="https://www.usenix.org/system/files/conference/atc14/atc14-paper-ongaro.pdf">Raft Consensus Algorithm paper</a>)</li> <li>
+<em>mutual exclusion</em> through the leader election process</li> <li>
+<em>cluster membership</em> management</li> <li>
+<em>globally consistent object sequencing</em> and CAS (compare-and-swap) primitives</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=container">container</a>, <a href="https://docs.docker.com/search/?q=cluster">cluster</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=raft">raft</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/raft/" class="_attribution-link">https://docs.docker.com/engine/swarm/raft/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fsecrets%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fsecrets%2Findex.html
new file mode 100644
index 00000000..d91a6558
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fsecrets%2Findex.html
@@ -0,0 +1,333 @@
+<h1>Manage sensitive data with Docker secrets</h1>
+
+<h2 id="about-secrets">About secrets</h2> <p>In terms of Docker Swarm services, a <em>secret</em> is a blob of data, such as a password, SSH private key, SSL certificate, or another piece of data that should not be transmitted over a network or stored unencrypted in a Dockerfile or in your application’s source code. You can use Docker <em>secrets</em> to centrally manage this data and securely transmit it to only those containers that need access to it. Secrets are encrypted during transit and at rest in a Docker swarm. A given secret is only accessible to those services which have been granted explicit access to it, and only while those service tasks are running.</p> <p>You can use secrets to manage any sensitive data which a container needs at runtime but you don’t want to store in the image or in source control, such as:</p> <ul> <li>Usernames and passwords</li> <li>TLS certificates and keys</li> <li>SSH keys</li> <li>Other important data such as the name of a database or internal server</li> <li>Generic strings or binary content (up to 500 kb in size)</li> </ul> <blockquote> <p><strong>Note</strong>: Docker secrets are only available to swarm services, not to standalone containers. To use this feature, consider adapting your container to run as a service. Stateful containers can typically run with a scale of 1 without changing the container code.</p> </blockquote> <p>Another use case for using secrets is to provide a layer of abstraction between the container and a set of credentials. Consider a scenario where you have separate development, test, and production environments for your application. Each of these environments can have different credentials, stored in the development, test, and production swarms with the same secret name. Your containers only need to know the name of the secret to function in all three environments.</p> <p>You can also use secrets to manage non-sensitive data, such as configuration files. However, Docker supports the use of <a href="../configs/index">configs</a> for storing non-sensitive data. Configs are mounted into the container’s filesystem directly, without the use of a RAM disk.</p> <h3 id="windows-support">Windows support</h3> <p>Docker includes support for secrets on Windows containers. Where there are differences in the implementations, they are called out in the examples below. Keep the following notable differences in mind:</p> <ul> <li> <p>Microsoft Windows has no built-in driver for managing RAM disks, so within running Windows containers, secrets <strong>are</strong> persisted in clear text to the container’s root disk. However, the secrets are explicitly removed when a container stops. In addition, Windows does not support persisting a running container as an image using <code class="language-plaintext highlighter-rouge">docker commit</code> or similar commands.</p> </li> <li> <p>On Windows, we recommend enabling <a href="https://technet.microsoft.com/en-us/library/cc732774(v=ws.11).aspx">BitLocker</a> on the volume containing the Docker root directory on the host machine to ensure that secrets for running containers are encrypted at rest.</p> </li> <li> <p>Secret files with custom targets are not directly bind-mounted into Windows containers, since Windows does not support non-directory file bind-mounts. Instead, secrets for a container are all mounted in <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\internal\secrets</code> (an implementation detail which should not be relied upon by applications) within the container. Symbolic links are used to point from there to the desired target of the secret within the container. The default target is <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\secrets</code>.</p> </li> <li> <p>When creating a service which uses Windows containers, the options to specify UID, GID, and mode are not supported for secrets. Secrets are currently only accessible by administrators and users with <code class="language-plaintext highlighter-rouge">system</code> access within the container.</p> </li> </ul> <h2 id="how-docker-manages-secrets">How Docker manages secrets</h2> <p>When you add a secret to the swarm, Docker sends the secret to the swarm manager over a mutual TLS connection. The secret is stored in the Raft log, which is encrypted. The entire Raft log is replicated across the other managers, ensuring the same high availability guarantees for secrets as for the rest of the swarm management data.</p> <p>When you grant a newly-created or running service access to a secret, the decrypted secret is mounted into the container in an in-memory filesystem. The location of the mount point within the container defaults to <code class="language-plaintext highlighter-rouge">/run/secrets/&lt;secret_name&gt;</code> in Linux containers, or <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\secrets</code> in Windows containers. You can also specify a custom location.</p> <p>You can update a service to grant it access to additional secrets or revoke its access to a given secret at any time.</p> <p>A node only has access to (encrypted) secrets if the node is a swarm manager or if it is running service tasks which have been granted access to the secret. When a container task stops running, the decrypted secrets shared to it are unmounted from the in-memory filesystem for that container and flushed from the node’s memory.</p> <p>If a node loses connectivity to the swarm while it is running a task container with access to a secret, the task container still has access to its secrets, but cannot receive updates until the node reconnects to the swarm.</p> <p>You can add or inspect an individual secret at any time, or list all secrets. You cannot remove a secret that a running service is using. See <a href="index#example-rotate-a-secret">Rotate a secret</a> for a way to remove a secret without disrupting running services.</p> <p>To update or roll back secrets more easily, consider adding a version number or date to the secret name. This is made easier by the ability to control the mount point of the secret within a given container.</p> <h2 id="read-more-about-docker-secret-commands">Read more about <code class="language-plaintext highlighter-rouge">docker secret</code> commands</h2> <p>Use these links to read about specific commands, or continue to the <a href="index#simple-example-get-started-with-secrets">example about using secrets with a service</a>.</p> <ul> <li><a href="../../reference/commandline/secret_create/index"><code class="language-plaintext highlighter-rouge">docker secret create</code></a></li> <li><a href="../../reference/commandline/secret_inspect/index"><code class="language-plaintext highlighter-rouge">docker secret inspect</code></a></li> <li><a href="../../reference/commandline/secret_ls/index"><code class="language-plaintext highlighter-rouge">docker secret ls</code></a></li> <li><a href="../../reference/commandline/secret_rm/index"><code class="language-plaintext highlighter-rouge">docker secret rm</code></a></li> <li>
+<a href="../../reference/commandline/service_create/index#create-a-service-with-secrets"><code class="language-plaintext highlighter-rouge">--secret</code></a> flag for <code class="language-plaintext highlighter-rouge">docker service create</code>
+</li> <li>
+<a href="../../reference/commandline/service_update/index#add-or-remove-secrets"><code class="language-plaintext highlighter-rouge">--secret-add</code> and <code class="language-plaintext highlighter-rouge">--secret-rm</code></a> flags for <code class="language-plaintext highlighter-rouge">docker service update</code>
+</li> </ul> <h2 id="examples">Examples</h2> <p>This section includes three graduated examples which illustrate how to use Docker secrets. The images used in these examples have been updated to make it easier to use Docker secrets. To find out how to modify your own images in a similar way, see <a href="#build-support-for-docker-secrets-into-your-images">Build support for Docker Secrets into your images</a>.</p> <blockquote> <p><strong>Note</strong>: These examples use a single-Engine swarm and unscaled services for simplicity. The examples use Linux containers, but Windows containers also support secrets. See <a href="#windows-support">Windows support</a>.</p> </blockquote> <h3 id="defining-and-using-secrets-in-compose-files">Defining and using secrets in compose files</h3> <p>Both the <code class="language-plaintext highlighter-rouge">docker-compose</code> and <code class="language-plaintext highlighter-rouge">docker stack</code> commands support defining secrets in a compose file. See <a href="../../../compose/compose-file/compose-file-v3/index#secrets">the Compose file reference</a> for details.</p> <h3 id="simple-example-get-started-with-secrets">Simple example: Get started with secrets</h3> <p>This simple example shows how secrets work in just a few commands. For a real-world example, continue to <a href="#intermediate-example-use-secrets-with-a-nginx-service">Intermediate example: Use secrets with a Nginx service</a>.</p> <ol> <li> <p>Add a secret to Docker. The <code class="language-plaintext highlighter-rouge">docker secret create</code> command reads standard input because the last argument, which represents the file to read the secret from, is set to <code class="language-plaintext highlighter-rouge">-</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ printf "This is a secret" | docker secret create my_secret_data -
+</pre></div>  </li> <li> <p>Create a <code class="language-plaintext highlighter-rouge">redis</code> service and grant it access to the secret. By default, the container can access the secret at <code class="language-plaintext highlighter-rouge">/run/secrets/&lt;secret_name&gt;</code>, but you can customize the file name on the container using the <code class="language-plaintext highlighter-rouge">target</code> option.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service  create --name redis --secret my_secret_data redis:alpine
+</pre></div>  </li> <li> <p>Verify that the task is running without issues using <code class="language-plaintext highlighter-rouge">docker service ps</code>. If everything is working, the output looks similar to this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps redis
+
+ID            NAME     IMAGE         NODE              DESIRED STATE  CURRENT STATE          ERROR  PORTS
+bkna6bpn8r1a  redis.1  redis:alpine  ip-172-31-46-109  Running        Running 8 seconds ago  
+</pre></div>  <p>If there were an error, and the task were failing and repeatedly restarting, you would see something like this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps redis
+
+NAME                      IMAGE         NODE  DESIRED STATE  CURRENT STATE          ERROR                      PORTS
+redis.1.siftice35gla      redis:alpine  moby  Running        Running 4 seconds ago                             
+ \_ redis.1.whum5b7gu13e  redis:alpine  moby  Shutdown       Failed 20 seconds ago      "task: non-zero exit (1)"  
+ \_ redis.1.2s6yorvd9zow  redis:alpine  moby  Shutdown       Failed 56 seconds ago      "task: non-zero exit (1)"  
+ \_ redis.1.ulfzrcyaf6pg  redis:alpine  moby  Shutdown       Failed about a minute ago  "task: non-zero exit (1)"  
+ \_ redis.1.wrny5v4xyps6  redis:alpine  moby  Shutdown       Failed 2 minutes ago       "task: non-zero exit (1)"
+</pre></div>  </li> <li> <p>Get the ID of the <code class="language-plaintext highlighter-rouge">redis</code> service task container using <code class="language-plaintext highlighter-rouge">docker ps</code> , so that you can use <code class="language-plaintext highlighter-rouge">docker container exec</code> to connect to the container and read the contents of the secret data file, which defaults to being readable by all and has the same name as the name of the secret. The first command below illustrates how to find the container ID, and the second and third commands use shell completion to do this automatically.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter name=redis -q
+
+5cb1c2348a59
+
+$ docker container exec $(docker ps --filter name=redis -q) ls -l /run/secrets
+
+total 4
+-r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data
+
+$ docker container exec $(docker ps --filter name=redis -q) cat /run/secrets/my_secret_data
+
+This is a secret
+</pre></div>  </li> <li> <p>Verify that the secret is <strong>not</strong> available if you commit the container.</p> <pre>$ docker commit $(docker ps --filter name=redis -q) committed_redis
+
+$ docker run --rm -it committed_redis cat /run/secrets/my_secret_data
+
+cat: can't open '/run/secrets/my_secret_data': No such file or directory
+</pre> </li> <li> <p>Try removing the secret. The removal fails because the <code class="language-plaintext highlighter-rouge">redis</code> service is running and has access to the secret.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls
+
+ID                          NAME                CREATED             UPDATED
+wwwrxza8sxy025bas86593fqs   my_secret_data      4 hours ago         4 hours ago
+
+
+$ docker secret rm my_secret_data
+
+Error response from daemon: rpc error: code = 3 desc = secret
+'my_secret_data' is in use by the following service: redis
+</pre></div>  </li> <li> <p>Remove access to the secret from the running <code class="language-plaintext highlighter-rouge">redis</code> service by updating the service.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --secret-rm my_secret_data redis
+</pre></div>  </li> <li> <p>Repeat steps 3 and 4 again, verifying that the service no longer has access to the secret. The container ID is different, because the <code class="language-plaintext highlighter-rouge">service update</code> command redeploys the service.</p> <pre>$ docker container exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret_data
+
+cat: can't open '/run/secrets/my_secret_data': No such file or directory
+</pre> </li> <li> <p>Stop and remove the service, and remove the secret from Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm redis
+
+$ docker secret rm my_secret_data
+</pre></div>  </li> </ol> <h3 id="simple-example-use-secrets-in-a-windows-service">Simple example: Use secrets in a Windows service</h3> <p>This is a very simple example which shows how to use secrets with a Microsoft IIS service running on Docker for Windows running Windows containers on Microsoft Windows 10. It is a naive example that stores the webpage in a secret.</p> <p>This example assumes that you have PowerShell installed.</p> <ol> <li> <p>Save the following into a new file <code class="language-plaintext highlighter-rouge">index.html</code>.</p> <div class="highlight"><pre class="highlight" data-language="">&lt;html lang="en"&gt;
+  &lt;head&gt;&lt;title&gt;Hello Docker&lt;/title&gt;&lt;/head&gt;
+  &lt;body&gt;
+    &lt;p&gt;Hello Docker! You have deployed a HTML page.&lt;/p&gt;
+  &lt;/body&gt;
+&lt;/html&gt;
+</pre></div>  </li> <li> <p>If you have not already done so, initialize or join the swarm.</p> <div class="highlight"><pre class="highlight" data-language="">docker swarm init
+</pre></div>  </li> <li> <p>Save the <code class="language-plaintext highlighter-rouge">index.html</code> file as a swarm secret named <code class="language-plaintext highlighter-rouge">homepage</code>.</p> <div class="highlight"><pre class="highlight" data-language="">docker secret create homepage index.html
+</pre></div>  </li> <li> <p>Create an IIS service and grant it access to the <code class="language-plaintext highlighter-rouge">homepage</code> secret.</p> <div class="highlight"><pre class="highlight" data-language="">docker service create
+    --name my-iis
+    --publish published=8000,target=8000
+    --secret src=homepage,target="\inetpub\wwwroot\index.html"
+    microsoft/iis:nanoserver  
+</pre></div>  <blockquote> <p><strong>Note</strong>: There is technically no reason to use secrets for this example; <a href="../configs/index">configs</a> are a better fit. This example is for illustration only.</p> </blockquote> </li> <li> <p>Access the IIS service at <code class="language-plaintext highlighter-rouge">http://localhost:8000/</code>. It should serve the HTML content from the first step.</p> </li> <li> <p>Remove the service and the secret.</p> <div class="highlight"><pre class="highlight" data-language="">docker service rm my-iis
+docker secret rm homepage
+docker image remove secret-test
+</pre></div>  </li> </ol> <h3 id="intermediate-example-use-secrets-with-a-nginx-service">Intermediate example: Use secrets with a Nginx service</h3> <p>This example is divided into two parts. <a href="#generate-the-site-certificate">The first part</a> is all about generating the site certificate and does not directly involve Docker secrets at all, but it sets up <a href="#configure-the-nginx-container">the second part</a>, where you store and use the site certificate and Nginx configuration as secrets.</p> <h4 id="generate-the-site-certificate">Generate the site certificate</h4> <p>Generate a root CA and TLS certificate and key for your site. For production sites, you may want to use a service such as <code class="language-plaintext highlighter-rouge">Let’s Encrypt</code> to generate the TLS certificate and key, but this example uses command-line tools. This step is a little complicated, but is only a set-up step so that you have something to store as a Docker secret. If you want to skip these sub-steps, you can <a href="https://letsencrypt.org/getting-started/">use Let’s Encrypt</a> to generate the site key and certificate, name the files <code class="language-plaintext highlighter-rouge">site.key</code> and <code class="language-plaintext highlighter-rouge">site.crt</code>, and skip to <a href="#configure-the-nginx-container">Configure the Nginx container</a>.</p> <ol> <li> <p>Generate a root key.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl genrsa -out "root-ca.key" 4096
+</pre></div>  </li> <li> <p>Generate a CSR using the root key.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl req \
+          -new -key "root-ca.key" \
+          -out "root-ca.csr" -sha256 \
+          -subj '/C=US/ST=CA/L=San Francisco/O=Docker/CN=Swarm Secret Example CA'
+</pre></div>  </li> <li> <p>Configure the root CA. Edit a new file called <code class="language-plaintext highlighter-rouge">root-ca.cnf</code> and paste the following contents into it. This constrains the root CA to signing leaf certificates and not intermediate CAs.</p> <pre>[root_ca]
+basicConstraints = critical,CA:TRUE,pathlen:1
+keyUsage = critical, nonRepudiation, cRLSign, keyCertSign
+subjectKeyIdentifier=hash
+</pre> </li> <li> <p>Sign the certificate.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl x509 -req  -days 3650  -in "root-ca.csr" \
+               -signkey "root-ca.key" -sha256 -out "root-ca.crt" \
+               -extfile "root-ca.cnf" -extensions \
+               root_ca
+</pre></div>  </li> <li> <p>Generate the site key.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl genrsa -out "site.key" 4096
+</pre></div>  </li> <li> <p>Generate the site certificate and sign it with the site key.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl req -new -key "site.key" -out "site.csr" -sha256 \
+          -subj '/C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost'
+</pre></div>  </li> <li> <p>Configure the site certificate. Edit a new file called <code class="language-plaintext highlighter-rouge">site.cnf</code> and paste the following contents into it. This constrains the site certificate so that it can only be used to authenticate a server and can’t be used to sign certificates.</p> <pre>[server]
+authorityKeyIdentifier=keyid,issuer
+basicConstraints = critical,CA:FALSE
+extendedKeyUsage=serverAuth
+keyUsage = critical, digitalSignature, keyEncipherment
+subjectAltName = DNS:localhost, IP:127.0.0.1
+subjectKeyIdentifier=hash
+</pre> </li> <li> <p>Sign the site certificate.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl x509 -req -days 750 -in "site.csr" -sha256 \
+    -CA "root-ca.crt" -CAkey "root-ca.key"  -CAcreateserial \
+    -out "site.crt" -extfile "site.cnf" -extensions server
+</pre></div>  </li> <li> <p>The <code class="language-plaintext highlighter-rouge">site.csr</code> and <code class="language-plaintext highlighter-rouge">site.cnf</code> files are not needed by the Nginx service, but you need them if you want to generate a new site certificate. Protect the <code class="language-plaintext highlighter-rouge">root-ca.key</code> file.</p> </li> </ol> <h4 id="configure-the-nginx-container">Configure the Nginx container</h4> <ol> <li> <p>Produce a very basic Nginx configuration that serves static files over HTTPS. The TLS certificate and key are stored as Docker secrets so that they can be rotated easily.</p> <p>In the current directory, create a new file called <code class="language-plaintext highlighter-rouge">site.conf</code> with the following contents:</p> <pre>server {
+    listen                443 ssl;
+    server_name           localhost;
+    ssl_certificate       /run/secrets/site.crt;
+    ssl_certificate_key   /run/secrets/site.key;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+}
+</pre> </li> <li> <p>Create three secrets, representing the key, the certificate, and the <code class="language-plaintext highlighter-rouge">site.conf</code>. You can store any file as a secret as long as it is smaller than 500 KB. This allows you to decouple the key, certificate, and configuration from the services that use them. In each of these commands, the last argument represents the path to the file to read the secret from on the host machine’s filesystem. In these examples, the secret name and the file name are the same.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret create site.key site.key
+
+$ docker secret create site.crt site.crt
+
+$ docker secret create site.conf site.conf
+</pre></div>  <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls
+
+ID                          NAME                  CREATED             UPDATED
+2hvoi9mnnaof7olr3z5g3g7fp   site.key       58 seconds ago      58 seconds ago
+aya1dh363719pkiuoldpter4b   site.crt       24 seconds ago      24 seconds ago
+zoa5df26f7vpcoz42qf2csth8   site.conf      11 seconds ago      11 seconds ago
+</pre></div>  </li> <li> <p>Create a service that runs Nginx and has access to the three secrets. The last part of the <code class="language-plaintext highlighter-rouge">docker service create</code> command creates a symbolic link from the location of the <code class="language-plaintext highlighter-rouge">site.conf</code> secret to <code class="language-plaintext highlighter-rouge">/etc/nginx.conf.d/</code>, where Nginx looks for extra configuration files. This step happens before Nginx actually starts, so you don’t need to rebuild your image if you change the Nginx configuration.</p> <blockquote> <p><strong>Note</strong>: Normally you would create a Dockerfile which copies the <code class="language-plaintext highlighter-rouge">site.conf</code> into place, build the image, and run a container using your custom image. This example does not require a custom image. It puts the <code class="language-plaintext highlighter-rouge">site.conf</code> into place and runs the container all in one step.</p> </blockquote> <p>Secrets are located within the <code class="language-plaintext highlighter-rouge">/run/secrets/</code> directory in the container by default, which may require extra steps in the container to make the secret available in a different path. The example below creates a symbolic link to the true location of the <code class="language-plaintext highlighter-rouge">site.conf</code> file so that Nginx can read it:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+     --name nginx \
+     --secret site.key \
+     --secret site.crt \
+     --secret site.conf \
+     --publish published=3000,target=443 \
+     nginx:latest \
+     sh -c "ln -s /run/secrets/site.conf /etc/nginx/conf.d/site.conf &amp;&amp; exec nginx -g 'daemon off;'"
+</pre></div>  <p>Instead of creating symlinks, secrets allow you to specify a custom location using the <code class="language-plaintext highlighter-rouge">target</code> option. The example below illustrates how the <code class="language-plaintext highlighter-rouge">site.conf</code> secret is made available at <code class="language-plaintext highlighter-rouge">/etc/nginx/conf.d/site.conf</code> inside the container without the use of symbolic links:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+     --name nginx \
+     --secret site.key \
+     --secret site.crt \
+     --secret source=site.conf,target=/etc/nginx/conf.d/site.conf \
+     --publish published=3000,target=443 \
+     nginx:latest \
+     sh -c "exec nginx -g 'daemon off;'"
+</pre></div>  <p>The <code class="language-plaintext highlighter-rouge">site.key</code> and <code class="language-plaintext highlighter-rouge">site.crt</code> secrets use the short-hand syntax, without a custom <code class="language-plaintext highlighter-rouge">target</code> location set. The short syntax mounts the secrets in `/run/secrets/ with the same name as the secret. Within the running containers, the following three files now exist:</p> <ul> <li><code class="language-plaintext highlighter-rouge">/run/secrets/site.key</code></li> <li><code class="language-plaintext highlighter-rouge">/run/secrets/site.crt</code></li> <li><code class="language-plaintext highlighter-rouge">/etc/nginx/conf.d/site.conf</code></li> </ul> </li> <li> <p>Verify that the Nginx service is running.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME   MODE        REPLICAS  IMAGE
+zeskcec62q24  nginx  replicated  1/1       nginx:latest
+
+$ docker service ps nginx
+
+NAME                  IMAGE         NODE  DESIRED STATE  CURRENT STATE          ERROR  PORTS
+nginx.1.9ls3yo9ugcls  nginx:latest  moby  Running        Running 3 minutes ago
+</pre></div>  </li> <li> <p>Verify that the service is operational: you can reach the Nginx server, and that the correct TLS certificate is being used.</p> <div class="highlight"><pre class="highlight" data-language="">$ curl --cacert root-ca.crt https://localhost:3000
+
+&lt;!DOCTYPE html&gt;
+&lt;html&gt;
+&lt;head&gt;
+&lt;title&gt;Welcome to nginx!&lt;/title&gt;
+&lt;style&gt;
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+&lt;/style&gt;
+&lt;/head&gt;
+&lt;body&gt;
+&lt;h1&gt;Welcome to nginx!&lt;/h1&gt;
+&lt;p&gt;If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.&lt;/p&gt;
+
+&lt;p&gt;For online documentation and support. refer to
+&lt;a href="https://nginx.org"&gt;nginx.org&lt;/a&gt;.&lt;br/&gt;
+Commercial support is available at
+&lt;a href="https://www.nginx.com"&gt;nginx.com&lt;/a&gt;.&lt;/p&gt;
+
+&lt;p&gt;&lt;em&gt;Thank you for using nginx.&lt;/em&gt;&lt;/p&gt;
+&lt;/body&gt;
+&lt;/html&gt;
+</pre></div>  <div class="highlight"><pre class="highlight" data-language="">$ openssl s_client -connect localhost:3000 -CAfile root-ca.crt
+
+CONNECTED(00000003)
+depth=1 /C=US/ST=CA/L=San Francisco/O=Docker/CN=Swarm Secret Example CA
+verify return:1
+depth=0 /C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost
+verify return:1
+---
+Certificate chain
+ 0 s:/C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost
+   i:/C=US/ST=CA/L=San Francisco/O=Docker/CN=Swarm Secret Example CA
+---
+Server certificate
+-----BEGIN CERTIFICATE-----
+…
+-----END CERTIFICATE-----
+subject=/C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost
+issuer=/C=US/ST=CA/L=San Francisco/O=Docker/CN=Swarm Secret Example CA
+---
+No client certificate CA names sent
+---
+SSL handshake has read 1663 bytes and written 712 bytes
+---
+New, TLSv1/SSLv3, Cipher is AES256-SHA
+Server public key is 4096 bit
+Secure Renegotiation IS supported
+Compression: NONE
+Expansion: NONE
+SSL-Session:
+    Protocol  : TLSv1
+    Cipher    : AES256-SHA
+    Session-ID: A1A8BF35549C5715648A12FD7B7E3D861539316B03440187D9DA6C2E48822853
+    Session-ID-ctx:
+    Master-Key: F39D1B12274BA16D3A906F390A61438221E381952E9E1E05D3DD784F0135FB81353DA38C6D5C021CB926E844DFC49FC4
+    Key-Arg   : None
+    Start Time: 1481685096
+    Timeout   : 300 (sec)
+    Verify return code: 0 (ok)
+</pre></div>  </li> <li> <p>To clean up after running this example, remove the <code class="language-plaintext highlighter-rouge">nginx</code> service and the stored secrets.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm nginx
+
+$ docker secret rm site.crt site.key site.conf
+</pre></div>  </li> </ol> <h3 id="advanced-example-use-secrets-with-a-wordpress-service">Advanced example: Use secrets with a WordPress service</h3> <p>In this example, you create a single-node MySQL service with a custom root password, add the credentials as secrets, and create a single-node WordPress service which uses these credentials to connect to MySQL. The <a href="#example-rotate-a-secret">next example</a> builds on this one and shows you how to rotate the MySQL password and update the services so that the WordPress service can still connect to MySQL.</p> <p>This example illustrates some techniques to use Docker secrets to avoid saving sensitive credentials within your image or passing them directly on the command line.</p> <blockquote> <p><strong>Note</strong>: This example uses a single-Engine swarm for simplicity, and uses a single-node MySQL service because a single MySQL server instance cannot be scaled by simply using a replicated service, and setting up a MySQL cluster is beyond the scope of this example.</p> <p>Also, changing a MySQL root passphrase isn’t as simple as changing a file on disk. You must use a query or a <code class="language-plaintext highlighter-rouge">mysqladmin</code> command to change the password in MySQL.</p> </blockquote> <ol> <li> <p>Generate a random alphanumeric password for MySQL and store it as a Docker secret with the name <code class="language-plaintext highlighter-rouge">mysql_password</code> using the <code class="language-plaintext highlighter-rouge">docker secret create</code> command. To make the password shorter or longer, adjust the last argument of the <code class="language-plaintext highlighter-rouge">openssl</code> command. This is just one way to create a relatively random password. You can use another command to generate the password if you choose.</p> <blockquote> <p><strong>Note</strong>: After you create a secret, you cannot update it. You can only remove and re-create it, and you cannot remove a secret that a service is using. However, you can grant or revoke a running service’s access to secrets using <code class="language-plaintext highlighter-rouge">docker service update</code>. If you need the ability to update a secret, consider adding a version component to the secret name, so that you can later add a new version, update the service to use it, then remove the old version.</p> </blockquote> <p>The last argument is set to <code class="language-plaintext highlighter-rouge">-</code>, which indicates that the input is read from standard input.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl rand -base64 20 | docker secret create mysql_password -
+
+l1vinzevzhj4goakjap5ya409
+</pre></div>  <p>The value returned is not the password, but the ID of the secret. In the remainder of this tutorial, the ID output is omitted.</p> <p>Generate a second secret for the MySQL <code class="language-plaintext highlighter-rouge">root</code> user. This secret isn’t shared with the WordPress service created later. It’s only needed to bootstrap the <code class="language-plaintext highlighter-rouge">mysql</code> service.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl rand -base64 20 | docker secret create mysql_root_password -
+</pre></div>  <p>List the secrets managed by Docker using <code class="language-plaintext highlighter-rouge">docker secret ls</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker secret ls
+
+ID                          NAME                  CREATED             UPDATED
+l1vinzevzhj4goakjap5ya409   mysql_password        41 seconds ago      41 seconds ago
+yvsczlx9votfw3l0nz5rlidig   mysql_root_password   12 seconds ago      12 seconds ago
+</pre></div>  <p>The secrets are stored in the encrypted Raft logs for the swarm.</p> </li> <li> <p>Create a user-defined overlay network which is used for communication between the MySQL and WordPress services. There is no need to expose the MySQL service to any external host or container.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create -d overlay mysql_private
+</pre></div>  </li> <li> <p>Create the MySQL service. The MySQL service has the following characteristics:</p> <ul> <li>Because the scale is set to <code class="language-plaintext highlighter-rouge">1</code>, only a single MySQL task runs. Load-balancing MySQL is left as an exercise to the reader and involves more than just scaling the service.</li> <li>Only reachable by other containers on the <code class="language-plaintext highlighter-rouge">mysql_private</code> network.</li> <li>Uses the volume <code class="language-plaintext highlighter-rouge">mydata</code> to store the MySQL data, so that it persists across restarts to the <code class="language-plaintext highlighter-rouge">mysql</code> service.</li> <li>The secrets are each mounted in a <code class="language-plaintext highlighter-rouge">tmpfs</code> filesystem at <code class="language-plaintext highlighter-rouge">/run/secrets/mysql_password</code> and <code class="language-plaintext highlighter-rouge">/run/secrets/mysql_root_password</code>. They are never exposed as environment variables, nor can they be committed to an image if the <code class="language-plaintext highlighter-rouge">docker commit</code> command is run. The <code class="language-plaintext highlighter-rouge">mysql_password</code> secret is the one used by the non-privileged WordPress container to connect to MySQL.</li> <li>Sets the environment variables <code class="language-plaintext highlighter-rouge">MYSQL_PASSWORD_FILE</code> and <code class="language-plaintext highlighter-rouge">MYSQL_ROOT_PASSWORD_FILE</code> to point to the files <code class="language-plaintext highlighter-rouge">/run/secrets/mysql_password</code> and <code class="language-plaintext highlighter-rouge">/run/secrets/mysql_root_password</code>. The <code class="language-plaintext highlighter-rouge">mysql</code> image reads the password strings from those files when initializing the system database for the first time. Afterward, the passwords are stored in the MySQL system database itself.</li> <li> <p>Sets environment variables <code class="language-plaintext highlighter-rouge">MYSQL_USER</code> and <code class="language-plaintext highlighter-rouge">MYSQL_DATABASE</code>. A new database called <code class="language-plaintext highlighter-rouge">wordpress</code> is created when the container starts, and the <code class="language-plaintext highlighter-rouge">wordpress</code> user has full permissions for this database only. This user cannot create or drop databases or change the MySQL configuration.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+     --name mysql \
+     --replicas 1 \
+     --network mysql_private \
+     --mount type=volume,source=mydata,destination=/var/lib/mysql \
+     --secret source=mysql_root_password,target=mysql_root_password \
+     --secret source=mysql_password,target=mysql_password \
+     -e MYSQL_ROOT_PASSWORD_FILE="/run/secrets/mysql_root_password" \
+     -e MYSQL_PASSWORD_FILE="/run/secrets/mysql_password" \
+     -e MYSQL_USER="wordpress" \
+     -e MYSQL_DATABASE="wordpress" \
+     mysql:latest
+</pre></div>  </li> </ul> </li> <li> <p>Verify that the <code class="language-plaintext highlighter-rouge">mysql</code> container is running using the <code class="language-plaintext highlighter-rouge">docker service ls</code> command.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME   MODE        REPLICAS  IMAGE
+wvnh0siktqr3  mysql  replicated  1/1       mysql:latest
+</pre></div>  <p>At this point, you could actually revoke the <code class="language-plaintext highlighter-rouge">mysql</code> service’s access to the <code class="language-plaintext highlighter-rouge">mysql_password</code> and <code class="language-plaintext highlighter-rouge">mysql_root_password</code> secrets because the passwords have been saved in the MySQL system database. Don’t do that for now, because we use them later to facilitate rotating the MySQL password.</p> </li> <li> <p>Now that MySQL is set up, create a WordPress service that connects to the MySQL service. The WordPress service has the following characteristics:</p> <ul> <li>Because the scale is set to <code class="language-plaintext highlighter-rouge">1</code>, only a single WordPress task runs. Load-balancing WordPress is left as an exercise to the reader, because of limitations with storing WordPress session data on the container filesystem.</li> <li>Exposes WordPress on port 30000 of the host machine, so that you can access it from external hosts. You can expose port 80 instead if you do not have a web server running on port 80 of the host machine.</li> <li>Connects to the <code class="language-plaintext highlighter-rouge">mysql_private</code> network so it can communicate with the <code class="language-plaintext highlighter-rouge">mysql</code> container, and also publishes port 80 to port 30000 on all swarm nodes.</li> <li>Has access to the <code class="language-plaintext highlighter-rouge">mysql_password</code> secret, but specifies a different target file name within the container. The WordPress container uses the mount point <code class="language-plaintext highlighter-rouge">/run/secrets/wp_db_password</code>. Also specifies that the secret is not group-or-world-readable, by setting the mode to <code class="language-plaintext highlighter-rouge">0400</code>.</li> <li>Sets the environment variable <code class="language-plaintext highlighter-rouge">WORDPRESS_DB_PASSWORD_FILE</code> to the file path where the secret is mounted. The WordPress service reads the MySQL password string from that file and add it to the <code class="language-plaintext highlighter-rouge">wp-config.php</code> configuration file.</li> <li>Connects to the MySQL container using the username <code class="language-plaintext highlighter-rouge">wordpress</code> and the password in <code class="language-plaintext highlighter-rouge">/run/secrets/wp_db_password</code> and creates the <code class="language-plaintext highlighter-rouge">wordpress</code> database if it does not yet exist.</li> <li>Stores its data, such as themes and plugins, in a volume called <code class="language-plaintext highlighter-rouge">wpdata</code> so these files persist when the service restarts.</li> </ul> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+     --name wordpress \
+     --replicas 1 \
+     --network mysql_private \
+     --publish published=30000,target=80 \
+     --mount type=volume,source=wpdata,destination=/var/www/html \
+     --secret source=mysql_password,target=wp_db_password,mode=0400 \
+     -e WORDPRESS_DB_USER="wordpress" \
+     -e WORDPRESS_DB_PASSWORD_FILE="/run/secrets/wp_db_password" \
+     -e WORDPRESS_DB_HOST="mysql:3306" \
+     -e WORDPRESS_DB_NAME="wordpress" \
+     wordpress:latest
+</pre></div>  </li> <li> <p>Verify the service is running using <code class="language-plaintext highlighter-rouge">docker service ls</code> and <code class="language-plaintext highlighter-rouge">docker service ps</code> commands.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME       MODE        REPLICAS  IMAGE
+wvnh0siktqr3  mysql      replicated  1/1       mysql:latest
+nzt5xzae4n62  wordpress  replicated  1/1       wordpress:latest
+</pre></div>  <div class="highlight"><pre class="highlight" data-language="">$ docker service ps wordpress
+
+ID            NAME         IMAGE             NODE  DESIRED STATE  CURRENT STATE           ERROR  PORTS
+aukx6hgs9gwc  wordpress.1  wordpress:latest  moby  Running        Running 52 seconds ago   
+</pre></div>  <p>At this point, you could actually revoke the WordPress service’s access to the <code class="language-plaintext highlighter-rouge">mysql_password</code> secret, because WordPress has copied the secret to its configuration file <code class="language-plaintext highlighter-rouge">wp-config.php</code>. Don’t do that for now, because we use it later to facilitate rotating the MySQL password.</p> </li> <li> <p>Access <code class="language-plaintext highlighter-rouge">http://localhost:30000/</code> from any swarm node and set up WordPress using the web-based wizard. All of these settings are stored in the MySQL <code class="language-plaintext highlighter-rouge">wordpress</code> database. WordPress automatically generates a password for your WordPress user, which is completely different from the password WordPress uses to access MySQL. Store this password securely, such as in a password manager. You need it to log into WordPress after <a href="#example-rotate-a-secret">rotating the secret</a>.</p> <p>Go ahead and write a blog post or two and install a WordPress plugin or theme to verify that WordPress is fully operational and its state is saved across service restarts.</p> </li> <li> <p>Do not clean up any services or secrets if you intend to proceed to the next example, which demonstrates how to rotate the MySQL root password.</p> </li> </ol> <h3 id="example-rotate-a-secret">Example: Rotate a secret</h3> <p>This example builds upon the previous one. In this scenario, you create a new secret with a new MySQL password, update the <code class="language-plaintext highlighter-rouge">mysql</code> and <code class="language-plaintext highlighter-rouge">wordpress</code> services to use it, then remove the old secret.</p> <blockquote> <p><strong>Note</strong>: Changing the password on a MySQL database involves running extra queries or commands, as opposed to just changing a single environment variable or a file, since the image only sets the MySQL password if the database doesn’t already exist, and MySQL stores the password within a MySQL database by default. Rotating passwords or other secrets may involve additional steps outside of Docker.</p> </blockquote> <ol> <li> <p>Create the new password and store it as a secret named <code class="language-plaintext highlighter-rouge">mysql_password_v2</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ openssl rand -base64 20 | docker secret create mysql_password_v2 -
+</pre></div>  </li> <li> <p>Update the MySQL service to give it access to both the old and new secrets. Remember that you cannot update or rename a secret, but you can revoke a secret and grant access to it using a new target filename.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+     --secret-rm mysql_password mysql
+
+$ docker service update \
+     --secret-add source=mysql_password,target=old_mysql_password \
+     --secret-add source=mysql_password_v2,target=mysql_password \
+     mysql
+</pre></div>  <p>Updating a service causes it to restart, and when the MySQL service restarts the second time, it has access to the old secret under <code class="language-plaintext highlighter-rouge">/run/secrets/old_mysql_password</code> and the new secret under <code class="language-plaintext highlighter-rouge">/run/secrets/mysql_password</code>.</p> <p>Even though the MySQL service has access to both the old and new secrets now, the MySQL password for the WordPress user has not yet been changed.</p> <blockquote> <p><strong>Note</strong>: This example does not rotate the MySQL <code class="language-plaintext highlighter-rouge">root</code> password.</p> </blockquote> </li> <li> <p>Now, change the MySQL password for the <code class="language-plaintext highlighter-rouge">wordpress</code> user using the <code class="language-plaintext highlighter-rouge">mysqladmin</code> CLI. This command reads the old and new password from the files in <code class="language-plaintext highlighter-rouge">/run/secrets</code> but does not expose them on the command line or save them in the shell history.</p> <p>Do this quickly and move on to the next step, because WordPress loses the ability to connect to MySQL.</p> <p>First, find the ID of the <code class="language-plaintext highlighter-rouge">mysql</code> container task.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps --filter name=mysql -q
+
+c7705cf6176f
+</pre></div>  <p>Substitute the ID in the command below, or use the second variant which uses shell expansion to do it all in a single step.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker container exec &lt;CONTAINER_ID&gt; \
+    bash -c 'mysqladmin --user=wordpress --password="$(&lt; /run/secrets/old_mysql_password)" password "$(&lt; /run/secrets/mysql_password)"'
+</pre></div>  <p><strong>or</strong>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker container exec $(docker ps --filter name=mysql -q) \
+    bash -c 'mysqladmin --user=wordpress --password="$(&lt; /run/secrets/old_mysql_password)" password "$(&lt; /run/secrets/mysql_password)"'
+</pre></div>  </li> <li> <p>Update the <code class="language-plaintext highlighter-rouge">wordpress</code> service to use the new password, keeping the target path at <code class="language-plaintext highlighter-rouge">/run/secrets/wp_db_password</code> and keeping the file permissions at <code class="language-plaintext highlighter-rouge">0400</code>. This triggers a rolling restart of the WordPress service and the new secret is used.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+     --secret-rm mysql_password \
+     --secret-add source=mysql_password_v2,target=wp_db_password,mode=0400 \
+     wordpress    
+</pre></div>  </li> <li> <p>Verify that WordPress works by browsing to http://localhost:30000/ on any swarm node again. Use the WordPress username and password from when you ran through the WordPress wizard in the previous task.</p> <p>Verify that the blog post you wrote still exists, and if you changed any configuration values, verify that they are still changed.</p> </li> <li> <p>Revoke access to the old secret from the MySQL service and remove the old secret from Docker.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+     --secret-rm mysql_password \
+     mysql
+
+$ docker secret rm mysql_password
+</pre></div>  </li> <li> <p>If you want to try the running all of these examples again or just want to clean up after running through them, use these commands to remove the WordPress service, the MySQL container, the <code class="language-plaintext highlighter-rouge">mydata</code> and <code class="language-plaintext highlighter-rouge">wpdata</code> volumes, and the Docker secrets.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm wordpress mysql
+
+$ docker volume rm mydata wpdata
+
+$ docker secret rm mysql_password_v2 mysql_root_password
+</pre></div>  </li> </ol> <h2 id="build-support-for-docker-secrets-into-your-images">Build support for Docker Secrets into your images</h2> <p>If you develop a container that can be deployed as a service and requires sensitive data, such as a credential, as an environment variable, consider adapting your image to take advantage of Docker secrets. One way to do this is to ensure that each parameter you pass to the image when creating the container can also be read from a file.</p> <p>Many of the Docker Official Images in the <a href="https://github.com/docker-library/">Docker library</a>, such as the <a href="https://github.com/docker-library/wordpress/">wordpress</a> image used in the above examples, have been updated in this way.</p> <p>When you start a WordPress container, you provide it with the parameters it needs by setting them as environment variables. The WordPress image has been updated so that the environment variables which contain important data for WordPress, such as <code class="language-plaintext highlighter-rouge">WORDPRESS_DB_PASSWORD</code>, also have variants which can read their values from a file (<code class="language-plaintext highlighter-rouge">WORDPRESS_DB_PASSWORD_FILE</code>). This strategy ensures that backward compatibility is preserved, while allowing your container to read the information from a Docker-managed secret instead of being passed directly.</p> <blockquote> <p><strong>Note</strong></p> <p>Docker secrets do not set environment variables directly. This was a conscious decision, because environment variables can unintentionally be leaked between containers (for instance, if you use <code class="language-plaintext highlighter-rouge">--link</code>).</p> </blockquote> <h2 id="use-secrets-in-compose">Use Secrets in Compose</h2> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
+
+services:
+   db:
+     image: mysql:latest
+     volumes:
+       - db_data:/var/lib/mysql
+     environment:
+       MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
+       MYSQL_DATABASE: wordpress
+       MYSQL_USER: wordpress
+       MYSQL_PASSWORD_FILE: /run/secrets/db_password
+     secrets:
+       - db_root_password
+       - db_password
+
+   wordpress:
+     depends_on:
+       - db
+     image: wordpress:latest
+     ports:
+       - "8000:80"
+     environment:
+       WORDPRESS_DB_HOST: db:3306
+       WORDPRESS_DB_USER: wordpress
+       WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
+     secrets:
+       - db_password
+
+
+secrets:
+   db_password:
+     file: db_password.txt
+   db_root_password:
+     file: db_root_password.txt
+
+volumes:
+    db_data:
+</pre></div> <p>This example creates a simple WordPress site using two secrets in a compose file.</p> <p>The keyword <code class="language-plaintext highlighter-rouge">secrets:</code> defines two secrets <code class="language-plaintext highlighter-rouge">db_password:</code> and <code class="language-plaintext highlighter-rouge">db_root_password:</code>.</p> <p>When deploying, Docker creates these two secrets and populates them with the content from the file specified in the compose file.</p> <p>The db service uses both secrets, and the wordpress is using one.</p> <p>When you deploy, Docker mounts a file under <code class="language-plaintext highlighter-rouge">/run/secrets/&lt;secret_name&gt;</code> in the services. These files are never persisted in disk, but are managed in memory.</p> <p>Each service uses environment variables to specify where the service should look for that secret data.</p> <p>More information on short and long syntax for secrets can be found at <a href="../../../compose/compose-file/compose-file-v3/index#secrets">Compose file version 3 reference</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=secrets">secrets</a>, <a href="https://docs.docker.com/search/?q=credentials">credentials</a>, <a href="https://docs.docker.com/search/?q=sensitive%20strings">sensitive strings</a>, <a href="https://docs.docker.com/search/?q=sensitive%20data">sensitive data</a>, <a href="https://docs.docker.com/search/?q=security">security</a>, <a href="https://docs.docker.com/search/?q=encryption">encryption</a>, <a href="https://docs.docker.com/search/?q=encryption%20at%20rest">encryption at rest</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/secrets/" class="_attribution-link">https://docs.docker.com/engine/swarm/secrets/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fservices%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fservices%2Findex.html
new file mode 100644
index 00000000..2efc2b4d
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fservices%2Findex.html
@@ -0,0 +1,154 @@
+<h1>Deploy services to a swarm</h1>
+
+<p>Swarm services use a <em>declarative</em> model, which means that you define the desired state of the service, and rely upon Docker to maintain this state. The state includes information such as (but not limited to):</p> <ul> <li>the image name and tag the service containers should run</li> <li>how many containers participate in the service</li> <li>whether any ports are exposed to clients outside the swarm</li> <li>whether the service should start automatically when Docker starts</li> <li>the specific behavior that happens when the service is restarted (such as whether a rolling restart is used)</li> <li>characteristics of the nodes where the service can run (such as resource constraints and placement preferences)</li> </ul> <p>For an overview of swarm mode, see <a href="../key-concepts/index">Swarm mode key concepts</a>. For an overview of how services work, see <a href="../how-swarm-mode-works/services/index">How services work</a>.</p> <h2 id="create-a-service">Create a service</h2> <p>To create a single-replica service with no extra configuration, you only need to supply the image name. This command starts an Nginx service with a randomly-generated name and no published ports. This is a naive example, since you can’t interact with the Nginx service.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create nginx
+</pre></div> <p>The service is scheduled on an available node. To confirm that the service was created and started successfully, use the <code class="language-plaintext highlighter-rouge">docker service ls</code> command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID                  NAME                MODE                REPLICAS            IMAGE                                                                                             PORTS
+a3iixnklxuem        quizzical_lamarr    replicated          1/1                 docker.io/library/nginx@sha256:41ad9967ea448d7c2b203c699b429abe1ed5af331cd92533900c6d77490e0268
+</pre></div> <p>Created services do not always run right away. A service can be in a pending state if its image is unavailable, if no node meets the requirements you configure for the service, or other reasons. See <a href="../how-swarm-mode-works/services/index#pending-services">Pending services</a> for more information.</p> <p>To provide a name for your service, use the <code class="language-plaintext highlighter-rouge">--name</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name my_web nginx
+</pre></div> <p>Just like with standalone containers, you can specify a command that the service’s containers should run, by adding it after the image name. This example starts a service called <code class="language-plaintext highlighter-rouge">helloworld</code> which uses an <code class="language-plaintext highlighter-rouge">alpine</code> image and runs the command <code class="language-plaintext highlighter-rouge">ping docker.com</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name helloworld alpine ping docker.com
+</pre></div> <p>You can also specify an image tag for the service to use. This example modifies the previous one to use the <code class="language-plaintext highlighter-rouge">alpine:3.6</code> tag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name helloworld alpine:3.6 ping docker.com
+</pre></div> <p>For more details about image tag resolution, see <a href="#specify-the-image-version-a-service-should-use">Specify the image version the service should use</a>.</p> <h3 id="gmsa-for-swarm">gMSA for Swarm</h3> <p>Swarm now allows using a Docker Config as a gMSA credential spec - a requirement for Active Directory-authenticated applications. This reduces the burden of distributing credential specs to the nodes they’re used on.</p> <p>The following example assumes a gMSA and its credential spec (called credspec.json) already exists, and that the nodes being deployed to are correctly configured for the gMSA.</p> <p>To use a Config as a credential spec, first create the Docker Config containing the credential spec:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config create credspec credspec.json
+</pre></div> <p>Now, you should have a Docker Config named credspec, and you can create a service using this credential spec. To do so, use the --credential-spec flag with the config name, like this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --credential-spec="config://credspec" &lt;your image&gt;
+</pre></div> <p>Your service will use the gMSA credential spec when it starts, but unlike a typical Docker Config (used by passing the --config flag), the credential spec will not be mounted into the container.</p> <h3 id="create-a-service-using-an-image-on-a-private-registry">Create a service using an image on a private registry</h3> <p>If your image is available on a private registry which requires login, use the <code class="language-plaintext highlighter-rouge">--with-registry-auth</code> flag with <code class="language-plaintext highlighter-rouge">docker service create</code>, after logging in. If your image is stored on <code class="language-plaintext highlighter-rouge">registry.example.com</code>, which is a private registry, use a command like the following:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker login registry.example.com
+
+$ docker service  create \
+  --with-registry-auth \
+  --name my_service \
+  registry.example.com/acme/my_image:latest
+</pre></div> <p>This passes the login token from your local client to the swarm nodes where the service is deployed, using the encrypted WAL logs. With this information, the nodes are able to log into the registry and pull the image.</p> <h3 id="provide-credential-specs-for-managed-service-accounts">Provide credential specs for managed service accounts</h3> <p>In Enterprise Edition 3.0, security is improved through the centralized distribution and management of Group Managed Service Account(gMSA) credentials using Docker Config functionality. Swarm now allows using a Docker Config as a gMSA credential spec, which reduces the burden of distributing credential specs to the nodes on which they are used.</p> <p><strong>Note</strong>: This option is only applicable to services using Windows containers.</p> <p>Credential spec files are applied at runtime, eliminating the need for host-based credential spec files or registry entries - no gMSA credentials are written to disk on worker nodes. You can make credential specs available to Docker Engine running swarm kit worker nodes before a container starts. When deploying a service using a gMSA-based config, the credential spec is passed directly to the runtime of containers in that service.</p> <p>The <code class="language-plaintext highlighter-rouge">--credential-spec</code> must be one of the following formats:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">file://&lt;filename&gt;</code>: The referenced file must be present in the <code class="language-plaintext highlighter-rouge">CredentialSpecs</code> subdirectory in the docker data directory, which defaults to <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\</code> on Windows. For example, specifying <code class="language-plaintext highlighter-rouge">file://spec.json</code> loads <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\CredentialSpecs\spec.json</code>.</li> <li>
+<code class="language-plaintext highlighter-rouge">registry://&lt;value-name&gt;</code>: The credential spec is read from the Windows registry on the daemon’s host.</li> <li>
+<code class="language-plaintext highlighter-rouge">config://&lt;config-name&gt;</code>: The config name is automatically converted to the config ID in the CLI. The credential spec contained in the specified <code class="language-plaintext highlighter-rouge">config</code> is used.</li> </ul> <p>The following simple example retrieves the gMSA name and JSON contents from your Active Directory (AD) instance:</p> <div class="highlight"><pre class="highlight" data-language="">$ name="mygmsa"
+$ contents="{...}"
+$ echo $contents &gt; contents.json
+</pre></div> <p>Make sure that the nodes to which you are deploying are correctly configured for the gMSA.</p> <p>To use a Config as a credential spec, create a Docker Config in a credential spec file named <code class="language-plaintext highlighter-rouge">credpspec.json</code>. You can specify any name for the name of the <code class="language-plaintext highlighter-rouge">config</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker config create --label com.docker.gmsa.name=mygmsa credspec credspec.json
+</pre></div> <p>Now you can create a service using this credential spec. Specify the <code class="language-plaintext highlighter-rouge">--credential-spec</code> flag with the config name:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --credential-spec="config://credspec" &lt;your image&gt;
+</pre></div> <p>Your service uses the gMSA credential spec when it starts, but unlike a typical Docker Config (used by passing the --config flag), the credential spec is not mounted into the container.</p> <h2 id="update-a-service">Update a service</h2> <p>You can change almost everything about an existing service using the <code class="language-plaintext highlighter-rouge">docker service update</code> command. When you update a service, Docker stops its containers and restarts them with the new configuration.</p> <p>Since Nginx is a web service, it works much better if you publish port 80 to clients outside the swarm. You can specify this when you create the service, using the <code class="language-plaintext highlighter-rouge">-p</code> or <code class="language-plaintext highlighter-rouge">--publish</code> flag. When updating an existing service, the flag is <code class="language-plaintext highlighter-rouge">--publish-add</code>. There is also a <code class="language-plaintext highlighter-rouge">--publish-rm</code> flag to remove a port that was previously published.</p> <p>Assuming that the <code class="language-plaintext highlighter-rouge">my_web</code> service from the previous section still exists, use the following command to update it to publish port 80.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --publish-add 80 my_web
+</pre></div> <p>To verify that it worked, use <code class="language-plaintext highlighter-rouge">docker service ls</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID                  NAME                MODE                REPLICAS            IMAGE                                                                                             PORTS
+4nhxl7oxw5vz        my_web              replicated          1/1                 docker.io/library/nginx@sha256:41ad9967ea448d7c2b203c699b429abe1ed5af331cd92533900c6d77490e0268   *:0-&gt;80/tcp
+</pre></div> <p>For more information on how publishing ports works, see <a href="#publish-ports">publish ports</a>.</p> <p>You can update almost every configuration detail about an existing service, including the image name and tag it runs. See <a href="#update-a-services-image-after-creation">Update a service’s image after creation</a>.</p> <h2 id="remove-a-service">Remove a service</h2> <p>To remove a service, use the <code class="language-plaintext highlighter-rouge">docker service remove</code> command. You can remove a service by its ID or name, as shown in the output of the <code class="language-plaintext highlighter-rouge">docker service ls</code> command. The following command removes the <code class="language-plaintext highlighter-rouge">my_web</code> service.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service remove my_web
+</pre></div> <h2 id="service-configuration-details">Service configuration details</h2> <p>The following sections provide details about service configuration. This topic does not cover every flag or scenario. In almost every instance where you can define a configuration at service creation, you can also update an existing service’s configuration in a similar way.</p> <p>See the command-line references for <a href="../../reference/commandline/service_create/index"><code class="language-plaintext highlighter-rouge">docker service create</code></a> and <a href="../../reference/commandline/service_update/index"><code class="language-plaintext highlighter-rouge">docker service update</code></a>, or run one of those commands with the <code class="language-plaintext highlighter-rouge">--help</code> flag.</p> <h3 id="configure-the-runtime-environment">Configure the runtime environment</h3> <p>You can configure the following options for the runtime environment in the container:</p> <ul> <li>environment variables using the <code class="language-plaintext highlighter-rouge">--env</code> flag</li> <li>the working directory inside the container using the <code class="language-plaintext highlighter-rouge">--workdir</code> flag</li> <li>the username or UID using the <code class="language-plaintext highlighter-rouge">--user</code> flag</li> </ul> <p>The following service’s containers have an environment variable <code class="language-plaintext highlighter-rouge">$MYVAR</code> set to <code class="language-plaintext highlighter-rouge">myvalue</code>, run from the <code class="language-plaintext highlighter-rouge">/tmp/</code> directory, and run as the <code class="language-plaintext highlighter-rouge">my_user</code> user.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name helloworld \
+  --env MYVAR=myvalue \
+  --workdir /tmp \
+  --user my_user \
+  alpine ping docker.com
+</pre></div> <h3 id="update-the-command-an-existing-service-runs">Update the command an existing service runs</h3> <p>To update the command an existing service runs, you can use the <code class="language-plaintext highlighter-rouge">--args</code> flag. The following example updates an existing service called <code class="language-plaintext highlighter-rouge">helloworld</code> so that it runs the command <code class="language-plaintext highlighter-rouge">ping docker.com</code> instead of whatever command it was running before:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --args "ping docker.com" helloworld
+</pre></div> <h3 id="specify-the-image-version-a-service-should-use">Specify the image version a service should use</h3> <p>When you create a service without specifying any details about the version of the image to use, the service uses the version tagged with the <code class="language-plaintext highlighter-rouge">latest</code> tag. You can force the service to use a specific version of the image in a few different ways, depending on your desired outcome.</p> <p>An image version can be expressed in several different ways:</p> <ul> <li> <p>If you specify a tag, the manager (or the Docker client, if you use <a href="#image_resolution_with_trust">content trust</a>) resolves that tag to a digest. When the request to create a container task is received on a worker node, the worker node only sees the digest, not the tag.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name="myservice" ubuntu:16.04
+</pre></div>  <p>Some tags represent discrete releases, such as <code class="language-plaintext highlighter-rouge">ubuntu:16.04</code>. Tags like this almost always resolve to a stable digest over time. It is recommended that you use this kind of tag when possible.</p> <p>Other types of tags, such as <code class="language-plaintext highlighter-rouge">latest</code> or <code class="language-plaintext highlighter-rouge">nightly</code>, may resolve to a new digest often, depending on how often an image’s author updates the tag. It is not recommended to run services using a tag which is updated frequently, to prevent different service replica tasks from using different image versions.</p> </li> <li> <p>If you don’t specify a version at all, by convention the image’s <code class="language-plaintext highlighter-rouge">latest</code> tag is resolved to a digest. Workers use the image at this digest when creating the service task.</p> <p>Thus, the following two commands are equivalent:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name="myservice" ubuntu
+
+$ docker service create --name="myservice" ubuntu:latest
+</pre></div>  </li> <li> <p>If you specify a digest directly, that exact version of the image is always used when creating service tasks.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+    --name="myservice" \
+    ubuntu:16.04@sha256:35bc48a1ca97c3971611dc4662d08d131869daa692acb281c7e9e052924e38b1
+</pre></div>  </li> </ul> <p>When you create a service, the image’s tag is resolved to the specific digest the tag points to <strong>at the time of service creation</strong>. Worker nodes for that service use that specific digest forever unless the service is explicitly updated. This feature is particularly important if you do use often-changing tags such as <code class="language-plaintext highlighter-rouge">latest</code>, because it ensures that all service tasks use the same version of the image.</p> <blockquote id="image_resolution_with_trust"> <p><strong>Note</strong>: If <a href="../../security/trust/index">content trust</a> is enabled, the client actually resolves the image’s tag to a digest before contacting the swarm manager, to verify that the image is signed. Thus, if you use content trust, the swarm manager receives the request pre-resolved. In this case, if the client cannot resolve the image to a digest, the request fails.</p> </blockquote> <p>If the manager can’t resolve the tag to a digest, each worker node is responsible for resolving the tag to a digest, and different nodes may use different versions of the image. If this happens, a warning like the following is logged, substituting the placeholders for real information.</p> <pre data-language="">unable to pin image &lt;IMAGE-NAME&gt; to digest: &lt;REASON&gt;
+</pre> <p>To see an image’s current digest, issue the command <code class="language-plaintext highlighter-rouge">docker inspect &lt;IMAGE&gt;:&lt;TAG&gt;</code> and look for the <code class="language-plaintext highlighter-rouge">RepoDigests</code> line. The following is the current digest for <code class="language-plaintext highlighter-rouge">ubuntu:latest</code> at the time this content was written. The output is truncated for clarity.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect ubuntu:latest
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">"RepoDigests": [
+    "ubuntu@sha256:35bc48a1ca97c3971611dc4662d08d131869daa692acb281c7e9e052924e38b1"
+],
+</pre></div> <p>After you create a service, its image is never updated unless you explicitly run <code class="language-plaintext highlighter-rouge">docker service update</code> with the <code class="language-plaintext highlighter-rouge">--image</code> flag as described below. Other update operations such as scaling the service, adding or removing networks or volumes, renaming the service, or any other type of update operation do not update the service’s image.</p> <h3 id="update-a-services-image-after-creation">Update a service’s image after creation</h3> <p>Each tag represents a digest, similar to a Git hash. Some tags, such as <code class="language-plaintext highlighter-rouge">latest</code>, are updated often to point to a new digest. Others, such as <code class="language-plaintext highlighter-rouge">ubuntu:16.04</code>, represent a released software version and are not expected to update to point to a new digest often if at all. When you create a service, it is constrained to create tasks using a specific digest of an image until you update the service using <code class="language-plaintext highlighter-rouge">service update</code> with the <code class="language-plaintext highlighter-rouge">--image</code> flag.</p> <p>When you run <code class="language-plaintext highlighter-rouge">service update</code> with the <code class="language-plaintext highlighter-rouge">--image</code> flag, the swarm manager queries Docker Hub or your private Docker registry for the digest the tag currently points to and updates the service tasks to use that digest.</p> <blockquote> <p><strong>Note</strong>: If you use <a href="#image_resolution_with_trust">content trust</a>, the Docker client resolves image and the swarm manager receives the image and digest, rather than a tag.</p> </blockquote> <p>Usually, the manager can resolve the tag to a new digest and the service updates, redeploying each task to use the new image. If the manager can’t resolve the tag or some other problem occurs, the next two sections outline what to expect.</p> <h4 id="if-the-manager-resolves-the-tag">If the manager resolves the tag</h4> <p>If the swarm manager can resolve the image tag to a digest, it instructs the worker nodes to redeploy the tasks and use the image at that digest.</p> <ul> <li> <p>If a worker has cached the image at that digest, it uses it.</p> </li> <li> <p>If not, it attempts to pull the image from Docker Hub or the private registry.</p> <ul> <li> <p>If it succeeds, the task is deployed using the new image.</p> </li> <li> <p>If the worker fails to pull the image, the service fails to deploy on that worker node. Docker tries again to deploy the task, possibly on a different worker node.</p> </li> </ul> </li> </ul> <h4 id="if-the-manager-cannot-resolve-the-tag">If the manager cannot resolve the tag</h4> <p>If the swarm manager cannot resolve the image to a digest, all is not lost:</p> <ul> <li> <p>The manager instructs the worker nodes to redeploy the tasks using the image at that tag.</p> </li> <li> <p>If the worker has a locally cached image that resolves to that tag, it uses that image.</p> </li> <li> <p>If the worker does not have a locally cached image that resolves to the tag, the worker tries to connect to Docker Hub or the private registry to pull the image at that tag.</p> <ul> <li> <p>If this succeeds, the worker uses that image.</p> </li> <li> <p>If this fails, the task fails to deploy and the manager tries again to deploy the task, possibly on a different worker node.</p> </li> </ul> </li> </ul> <h3 id="publish-ports">Publish ports</h3> <p>When you create a swarm service, you can publish that service’s ports to hosts outside the swarm in two ways:</p> <ul> <li> <p><a href="#publish-a-services-ports-using-the-routing-mesh">You can rely on the routing mesh</a>. When you publish a service port, the swarm makes the service accessible at the target port on every node, regardless of whether there is a task for the service running on that node or not. This is less complex and is the right choice for many types of services.</p> </li> <li> <p><a href="#publish-a-services-ports-directly-on-the-swarm-node">You can publish a service task’s port directly on the swarm node</a> where that service is running. This bypasses the routing mesh and provides the maximum flexibility, including the ability for you to develop your own routing framework. However, you are responsible for keeping track of where each task is running and routing requests to the tasks, and load-balancing across the nodes.</p> </li> </ul> <p>Keep reading for more information and use cases for each of these methods.</p> <h4 id="publish-a-services-ports-using-the-routing-mesh">Publish a service’s ports using the routing mesh</h4> <p>To publish a service’s ports externally to the swarm, use the <code class="language-plaintext highlighter-rouge">--publish &lt;PUBLISHED-PORT&gt;:&lt;SERVICE-PORT&gt;</code> flag. The swarm makes the service accessible at the published port <strong>on every swarm node</strong>. If an external host connects to that port on any swarm node, the routing mesh routes it to a task. The external host does not need to know the IP addresses or internally-used ports of the service tasks to interact with the service. When a user or process connects to a service, any worker node running a service task may respond. For more details about swarm service networking, see <a href="https://docs.docker.com/network/overlay">Manage swarm service networks</a>.</p> <h5 id="example-run-a-three-task-nginx-service-on-10-node-swarm">Example: Run a three-task Nginx service on 10-node swarm</h5> <p>Imagine that you have a 10-node swarm, and you deploy an Nginx service running three tasks on a 10-node swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name my_web \
+                        --replicas 3 \
+                        --publish published=8080,target=80 \
+                        nginx
+</pre></div> <p>Three tasks run on up to three nodes. You don’t need to know which nodes are running the tasks; connecting to port 8080 on <strong>any</strong> of the 10 nodes connects you to one of the three <code class="language-plaintext highlighter-rouge">nginx</code> tasks. You can test this using <code class="language-plaintext highlighter-rouge">curl</code>. The following example assumes that <code class="language-plaintext highlighter-rouge">localhost</code> is one of the swarm nodes. If this is not the case, or <code class="language-plaintext highlighter-rouge">localhost</code> does not resolve to an IP address on your host, substitute the host’s IP address or resolvable host name.</p> <p>The HTML output is truncated:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl localhost:8080
+
+&lt;!DOCTYPE html&gt;
+&lt;html&gt;
+&lt;head&gt;
+&lt;title&gt;Welcome to nginx!&lt;/title&gt;
+...truncated...
+&lt;/html&gt;
+</pre></div> <p>Subsequent connections may be routed to the same swarm node or a different one.</p> <h4 id="publish-a-services-ports-directly-on-the-swarm-node">Publish a service’s ports directly on the swarm node</h4> <p>Using the routing mesh may not be the right choice for your application if you need to make routing decisions based on application state or you need total control of the process for routing requests to your service’s tasks. To publish a service’s port directly on the node where it is running, use the <code class="language-plaintext highlighter-rouge">mode=host</code> option to the <code class="language-plaintext highlighter-rouge">--publish</code> flag.</p> <blockquote> <p><strong>Note</strong>: If you publish a service’s ports directly on the swarm node using <code class="language-plaintext highlighter-rouge">mode=host</code> and also set <code class="language-plaintext highlighter-rouge">published=&lt;PORT&gt;</code> this creates an implicit limitation that you can only run one task for that service on a given swarm node. You can work around this by specifying <code class="language-plaintext highlighter-rouge">published</code> without a port definition, which causes Docker to assign a random port for each task.</p> <p>In addition, if you use <code class="language-plaintext highlighter-rouge">mode=host</code> and you do not use the <code class="language-plaintext highlighter-rouge">--mode=global</code> flag on <code class="language-plaintext highlighter-rouge">docker service create</code>, it is difficult to know which nodes are running the service to route work to them.</p> </blockquote> <h5 id="example-run-an-nginx-web-server-service-on-every-swarm-node">Example: Run an <code class="language-plaintext highlighter-rouge">nginx</code> web server service on every swarm node</h5> <p><a href="https://hub.docker.com/_/nginx/">nginx</a> is an open source reverse proxy, load balancer, HTTP cache, and a web server. If you run nginx as a service using the routing mesh, connecting to the nginx port on any swarm node shows you the web page for (effectively) <strong>a random swarm node</strong> running the service.</p> <p>The following example runs nginx as a service on each node in your swarm and exposes nginx port locally on each swarm node.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --mode global \
+  --publish mode=host,target=80,published=8080 \
+  --name=nginx \
+  nginx:latest
+</pre></div> <p>You can reach the nginx server on port 8080 of every swarm node. If you add a node to the swarm, a nginx task is started on it. You cannot start another service or container on any swarm node which binds to port 8080.</p> <blockquote> <p><strong>Note</strong>: This is a naive example. Creating an application-layer routing framework for a multi-tiered service is complex and out of scope for this topic.</p> </blockquote> <h3 id="connect-the-service-to-an-overlay-network">Connect the service to an overlay network</h3> <p>You can use overlay networks to connect one or more services within the swarm.</p> <p>First, create overlay network on a manager node using the <code class="language-plaintext highlighter-rouge">docker network create</code> command with the <code class="language-plaintext highlighter-rouge">--driver overlay</code> flag.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker network create --driver overlay my-network
+</pre></div> <p>After you create an overlay network in swarm mode, all manager nodes have access to the network.</p> <p>You can create a new service and pass the <code class="language-plaintext highlighter-rouge">--network</code> flag to attach the service to the overlay network:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --replicas 3 \
+  --network my-network \
+  --name my-web \
+  nginx
+</pre></div> <p>The swarm extends <code class="language-plaintext highlighter-rouge">my-network</code> to each node running the service.</p> <p>You can also connect an existing service to an overlay network using the <code class="language-plaintext highlighter-rouge">--network-add</code> flag.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --network-add my-network my-web
+</pre></div> <p>To disconnect a running service from a network, use the <code class="language-plaintext highlighter-rouge">--network-rm</code> flag.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --network-rm my-network my-web
+</pre></div> <p>For more information on overlay networking and service discovery, refer to <a href="https://docs.docker.com/network/overlay">Attach services to an overlay network</a> and <a href="https://docs.docker.com/network/overlay/">Docker swarm mode overlay network security model</a>.</p> <h3 id="grant-a-service-access-to-secrets">Grant a service access to secrets</h3> <p>To create a service with access to Docker-managed secrets, use the <code class="language-plaintext highlighter-rouge">--secret</code> flag. For more information, see <a href="../secrets/index">Manage sensitive strings (secrets) for Docker services</a></p> <h3 id="customize-a-services-isolation-mode">Customize a service’s isolation mode</h3> <p>Docker allows you to specify a swarm service’s isolation mode. <strong>This setting applies to Windows hosts only and is ignored for Linux hosts.</strong> The isolation mode can be one of the following:</p> <ul> <li> <p><code class="language-plaintext highlighter-rouge">default</code>: Use the default isolation mode configured for the Docker host, as configured by the <code class="language-plaintext highlighter-rouge">-exec-opt</code> flag or <code class="language-plaintext highlighter-rouge">exec-opts</code> array in <code class="language-plaintext highlighter-rouge">daemon.json</code>. If the daemon does not specify an isolation technology, <code class="language-plaintext highlighter-rouge">process</code> is the default for Windows Server, and <code class="language-plaintext highlighter-rouge">hyperv</code> is the default (and only) choice for Windows 10.</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">process</code>: Run the service tasks as a separate process on the host.</p> <blockquote> <p><strong>Note</strong>: <code class="language-plaintext highlighter-rouge">process</code> isolation mode is only supported on Windows Server. Windows 10 only supports <code class="language-plaintext highlighter-rouge">hyperv</code> isolation mode.</p> </blockquote> </li> <li> <p><code class="language-plaintext highlighter-rouge">hyperv</code>: Run the service tasks as isolated <code class="language-plaintext highlighter-rouge">hyperv</code> tasks. This increases overhead but provides more isolation.</p> </li> </ul> <p>You can specify the isolation mode when creating or updating a new service using the <code class="language-plaintext highlighter-rouge">--isolation</code> flag.</p> <h3 id="control-service-placement">Control service placement</h3> <p>Swarm services provide a few different ways for you to control scale and placement of services on different nodes.</p> <ul> <li> <p>You can specify whether the service needs to run a specific number of replicas or should run globally on every worker node. See <a href="#replicated-or-global-services">Replicated or global services</a>.</p> </li> <li> <p>You can configure the service’s <a href="#reserve-memory-or-cpus-for-a-service">CPU or memory requirements</a>, and the service only runs on nodes which can meet those requirements.</p> </li> <li> <p><a href="#placement-constraints">Placement constraints</a> let you configure the service to run only on nodes with specific (arbitrary) metadata set, and cause the deployment to fail if appropriate nodes do not exist. For instance, you can specify that your service should only run on nodes where an arbitrary label <code class="language-plaintext highlighter-rouge">pci_compliant</code> is set to <code class="language-plaintext highlighter-rouge">true</code>.</p> </li> <li> <p><a href="#placement-preferences">Placement preferences</a> let you apply an arbitrary label with a range of values to each node, and spread your service’s tasks across those nodes using an algorithm. Currently, the only supported algorithm is <code class="language-plaintext highlighter-rouge">spread</code>, which tries to place them evenly. For instance, if you label each node with a label <code class="language-plaintext highlighter-rouge">rack</code> which has a value from 1-10, then specify a placement preference keyed on <code class="language-plaintext highlighter-rouge">rack</code>, then service tasks are placed as evenly as possible across all nodes with the label <code class="language-plaintext highlighter-rouge">rack</code>, after taking other placement constraints, placement preferences, and other node-specific limitations into account.</p> <p>Unlike constraints, placement preferences are best-effort, and a service does not fail to deploy if no nodes can satisfy the preference. If you specify a placement preference for a service, nodes that match that preference are ranked higher when the swarm managers decide which nodes should run the service tasks. Other factors, such as high availability of the service, also factor into which nodes are scheduled to run service tasks. For example, if you have N nodes with the rack label (and then some others), and your service is configured to run N+1 replicas, the +1 is scheduled on a node that doesn’t already have the service on it if there is one, regardless of whether that node has the <code class="language-plaintext highlighter-rouge">rack</code> label or not.</p> </li> </ul> <h4 id="replicated-or-global-services">Replicated or global services</h4> <p>Swarm mode has two types of services: replicated and global. For replicated services, you specify the number of replica tasks for the swarm manager to schedule onto available nodes. For global services, the scheduler places one task on each available node that meets the service’s <a href="#placement-constraints">placement constraints</a> and <a href="#reserve-memory-or-cpus-for-a-service">resource requirements</a>.</p> <p>You control the type of service using the <code class="language-plaintext highlighter-rouge">--mode</code> flag. If you don’t specify a mode, the service defaults to <code class="language-plaintext highlighter-rouge">replicated</code>. For replicated services, you specify the number of replica tasks you want to start using the <code class="language-plaintext highlighter-rouge">--replicas</code> flag. For example, to start a replicated nginx service with 3 replica tasks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name my_web \
+  --replicas 3 \
+  nginx
+</pre></div> <p>To start a global service on each available node, pass <code class="language-plaintext highlighter-rouge">--mode global</code> to <code class="language-plaintext highlighter-rouge">docker service create</code>. Every time a new node becomes available, the scheduler places a task for the global service on the new node. For example to start a service that runs alpine on every node in the swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name myservice \
+  --mode global \
+  alpine top
+</pre></div> <p>Service constraints let you set criteria for a node to meet before the scheduler deploys a service to the node. You can apply constraints to the service based upon node attributes and metadata or engine metadata. For more information on constraints, refer to the <code class="language-plaintext highlighter-rouge">docker service create</code> <a href="../../reference/commandline/service_create/index">CLI reference</a>.</p> <h4 id="reserve-memory-or-cpus-for-a-service">Reserve memory or CPUs for a service</h4> <p>To reserve a given amount of memory or number of CPUs for a service, use the <code class="language-plaintext highlighter-rouge">--reserve-memory</code> or <code class="language-plaintext highlighter-rouge">--reserve-cpu</code> flags. If no available nodes can satisfy the requirement (for instance, if you request 4 CPUs and no node in the swarm has 4 CPUs), the service remains in a pending state until an appropriate node is available to run its tasks.</p> <h5 id="out-of-memory-exceptions-oome">Out Of Memory Exceptions (OOME)</h5> <p>If your service attempts to use more memory than the swarm node has available, you may experience an Out Of Memory Exception (OOME) and a container, or the Docker daemon, might be killed by the kernel OOM killer. To prevent this from happening, ensure that your application runs on hosts with adequate memory and see <a href="https://docs.docker.com/config/containers/resource_constraints/#understand-the-risks-of-running-out-of-memory">Understand the risks of running out of memory</a>.</p> <p>Swarm services allow you to use resource constraints, placement preferences, and labels to ensure that your service is deployed to the appropriate swarm nodes.</p> <h4 id="placement-constraints">Placement constraints</h4> <p>Use placement constraints to control the nodes a service can be assigned to. In the following example, the service only runs on nodes with the <a href="../manage-nodes/index#add-or-remove-label-metadata">label</a> <code class="language-plaintext highlighter-rouge">region</code> set to <code class="language-plaintext highlighter-rouge">east</code>. If no appropriately-labelled nodes are available, tasks will wait in <code class="language-plaintext highlighter-rouge">Pending</code> until they become available. The <code class="language-plaintext highlighter-rouge">--constraint</code> flag uses an equality operator (<code class="language-plaintext highlighter-rouge">==</code> or <code class="language-plaintext highlighter-rouge">!=</code>). For replicated services, it is possible that all services run on the same node, or each node only runs one replica, or that some nodes don’t run any replicas. For global services, the service runs on every node that meets the placement constraint and any <a href="#reserve-memory-or-cpus-for-a-service">resource requirements</a>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name my-nginx \
+  --replicas 5 \
+  --constraint node.labels.region==east \
+  nginx
+</pre></div> <p>You can also use the <code class="language-plaintext highlighter-rouge">constraint</code> service-level key in a <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file.</p> <p>If you specify multiple placement constraints, the service only deploys onto nodes where they are all met. The following example limits the service to run on all nodes where <code class="language-plaintext highlighter-rouge">region</code> is set to <code class="language-plaintext highlighter-rouge">east</code> and <code class="language-plaintext highlighter-rouge">type</code> is not set to <code class="language-plaintext highlighter-rouge">devel</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --name my-nginx \
+  --mode global \
+  --constraint node.labels.region==east \
+  --constraint node.labels.type!=devel \
+  nginx
+</pre></div> <p>You can also use placement constraints in conjunction with placement preferences and CPU/memory constraints. Be careful not to use settings that are not possible to fulfill.</p> <p>For more information on constraints, refer to the <code class="language-plaintext highlighter-rouge">docker service create</code> <a href="../../reference/commandline/service_create/index">CLI reference</a>.</p> <h4 id="placement-preferences">Placement preferences</h4> <p>While <a href="#placement-constraints">placement constraints</a> limit the nodes a service can run on, <em>placement preferences</em> try to place tasks on appropriate nodes in an algorithmic way (currently, only spread evenly). For instance, if you assign each node a <code class="language-plaintext highlighter-rouge">rack</code> label, you can set a placement preference to spread the service evenly across nodes with the <code class="language-plaintext highlighter-rouge">rack</code> label, by value. This way, if you lose a rack, the service is still running on nodes on other racks.</p> <p>Placement preferences are not strictly enforced. If no node has the label you specify in your preference, the service is deployed as though the preference were not set.</p> <blockquote> <p>Placement preferences are ignored for global services.</p> </blockquote> <p>The following example sets a preference to spread the deployment across nodes based on the value of the <code class="language-plaintext highlighter-rouge">datacenter</code> label. If some nodes have <code class="language-plaintext highlighter-rouge">datacenter=us-east</code> and others have <code class="language-plaintext highlighter-rouge">datacenter=us-west</code>, the service is deployed as evenly as possible across the two sets of nodes.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --replicas 9 \
+  --name redis_2 \
+  --placement-pref 'spread=node.labels.datacenter' \
+  redis:3.0.6
+</pre></div> <blockquote> <p>Missing or null labels</p> <p>Nodes which are missing the label used to spread still receive task assignments. As a group, these nodes receive tasks in equal proportion to any of the other groups identified by a specific label value. In a sense, a missing label is the same as having the label with a null value attached to it. If the service should <strong>only</strong> run on nodes with the label being used for the spread preference, the preference should be combined with a constraint.</p> </blockquote> <p>You can specify multiple placement preferences, and they are processed in the order they are encountered. The following example sets up a service with multiple placement preferences. Tasks are spread first over the various datacenters, and then over racks (as indicated by the respective labels):</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --replicas 9 \
+  --name redis_2 \
+  --placement-pref 'spread=node.labels.datacenter' \
+  --placement-pref 'spread=node.labels.rack' \
+  redis:3.0.6
+</pre></div> <p>You can also use placement preferences in conjunction with placement constraints or CPU/memory constraints. Be careful not to use settings that are not possible to fulfill.</p> <p>This diagram illustrates how placement preferences work:</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABrUAAANGCAMAAABk1vXyAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAMAUExURf///wCFx+Pn6cvLy+3t7eHl6AB7tuDk5wCHyAAAAAB3tP///gCDx9jY2AB1s7Ozs/3+/vz8/La2tgB5teXp7Pn8/uvs67W0tMzMzOHn6sLCwt7e3vf39+bq7QB0svX6/QCBxhY3Tev1+8/Pz+by+MjIyTag1OHh4fL4/NfX1+73+67U5+rv8vLz8wB+xNnc3tns9un0+ry8vACGyOnt79/j5/7//9Tr9svNz/r6+uXm5tvb2uTo7B6JvuHl6QmAuSCWz9HT1gBxsfHx8JWUlMzn9YO92yKWzxuTzt3h5FpygX3A4+/v7+nq6R4+VM7R0tne4rnCyS2SwwmLypmXlq25wuTk5KTO5Q0OD6PU7Li8vxWFvDSVxbm5ug+CugN8tyaNwGCr0dTo8r+/v7m4t8Tg7//9+9XY28TFxd7u9o7D3iUlJcbk9OPp8Hm52c/W21anz9Dn9EJcbmev05+sttLS0pbH4VKt2hwcHLXY6zU1Nr3e8C+b0jqXxprM5oHB5Fyx3OLw+NbW1nBvb5ueoZ2bmiZFXj+k1neKl2R7ioeKixmRzUCbyG2CkM3j8Gh+jU6izDNQYr/H0svBuJaYmxSPzHO219fh6Qd9uG6y1W1vcf769keeymm4363X7fL19rizrDBNYKWfm9XNw8/c5iA/VNnUyne+4sC6tY/J56nR5sTM1obE5Rs7UMPGyd3n7o+fqk5QUaWlpI2dqJKTmKWorsfR3QEGEe7m3bG1udTZ4LGrpPv18HC64IOiw62ur/Tv5uHk5imY0Gegxp6jqn5WSKrB2ZOtyhJ6tMW5pc/HwCSKxuLb1AsFA97Yz35/gCV9tZ261efh2kuo177T5EWIuLPJ3TYeCViWvQ4YKRwFAUMxH3+y0qawxMrR2A6DxrCcgDWQv/bm7kFCQxiKxVRDMmNRP3qQr1p1i+3y9Lq5zg4WQzdZeEtngCgYDY1vVV1dX72rlRsqQJCBdfHl6Zx/XrZmAHVqX2a2/y87SqORf/764nkeAOOZRP//tv/bkFSdcg4AACAASURBVHja7N1tiBT3HcDxoSdXdpeul25t0stl8yKRhDwQI2ajTa1kpVJIQqtQg9F4p8blImosoQVJbJr3h4iBxHDX+sJgSVJ67/Ig5nrlwFvaVDa2d70XTWGhb1LfFgnU2s7s+hSNuns3c7sbPx8Qzp3ZHW/153f+c6MXBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAV0ldxrsBQGcUS7kA6LBkKRcAnZUs3QKgo5qlWwC0Z7Ma2wLMdsq8GxBbs5reDDR3XmiWIKaBmts+QKPJMk4w95GKZTegwWSZJ5jLUMWWN6DRZpknSGah1XThAHc5QQsXWrIFc2hW05uBWCJkyKDZaM1tH+DKkZmHJ8FNG61YdgMuDcy8tA5uzmjFljcgmO2oGDGIs0SyBQnHx4hBnBmSLUg4PUYM4oyQbEGjY9KCJ4PZMlMwv8slEwbxTodsQaLZMWF8dS1YsKAFs2WmINEJMWGoVryjJVuQ5HyYMFQr5sEwVJDkSsmAoVrXCI+7nKDtllrOC1Gt2MfCUEGS6yQDhmrFnB3ZgqSrZcBQrRiHwlBBgpNhwFCtmM/knAuCasG8VstUQWuqde5sKvW5+UK15nWhZLEFs52LM6kbVUu2UK3YB8JUwazGoue/KdVCtVpULWMFTc7Wf86mVAvVasUqyVhB01MRLrT+rFqolmpBZyy1zlz4HnWfmy9US7WgE6r18hnVQrWaHazrjkOmfuX99E5jBXFX6/SGQLVQrXgH6/yV9/dTRWMF8Vbr5aCgWqhWrINVvy+3rmisIM5qnV9wqRaqFd9gnTt7qVqnNxgrUC1oYbUaWmpFtfrf36KvG5srUC1o42rVb3IKCtGXt1wiBNWCdq5Wpnb/YP3CoGqBakGbr7UymUwQFEL1arlCCKoFbVytmlq0zp29wd0Y5gpUC9qhWhcnqxhE/TJXoFrQztWqf3nr/dM7g4K5gpiz5ftroVqxj1X9/3T6/LrRMligWtAW1Tp3PlqqBaoFbV+t2j8wvv6dGAYLrjETNxwK1UK14q1WFK0bfU3LYEFyQ+FbhaNaTUxV7fLg9e8eVC1IvFreTVSrsXk4c6P/E8NggWpBu1Trsm9Ucv16GSz40qlItcerwE1SrTOqBa1dJZktVKvx07jLv72WakELlkmWWqhWE7Wp3fXeSLVMFiRzNme0UK0kRsJkQSKnc04IUS3Vgs5ZbBktVCuJMznng5DIaBgtVCuRUzmTBUlkR7RQrUTGwmjBdYcjZbQgrmq5ywnadbElWqhWIoNhtCCJ+TBZqFYyKyWjBQnEJ6VaqFYiJ3RGCxKoj2ihWslkx2hBAv0RLVQrofEwW9DYiKXmbSrhq10tdzlBe2UrJVqoVkLpMVsQe4ZEC9VKKj6GC5oKUSrWXeEmr5a7nKDV3UqJFqqVWH8MF8wiWynNgjlXy11OMH/Z+vKxudF2UK25ZMt0wVy69cXZufYWUK1YMmS8YM7d+nLeJVSryXmKdVegmW55h1Ct2LtlwCChbnl3UK1ZjpNmwXyXy9uCas1plmazHYhr2kC1mj8HbGwLALSmWu5yAqCTquUuJwA6qVrucgKgk6p1zXJ5pwFoy2pdWS5vMgDtXS0AUC0AVAsAVAsAVAsA1QIA1QIA1QJAtQC4SibTqiMP95W8/aoF0EAvQiuijwof7Bta0pJYHp6sDlR3x/JapfBzKdU/n+gnfaoF8JVaXk0OVAcGqkNPLwqCU+lDP43vlUt9PY3uOZZPl4u/iuWo66e2BLdX66+1emLgwCLVouOGsqcVR72l7xZvPZ0wH6WJbLpczmazWxYFp7pXxVetwk8Gdja2Z8/xqfSB0bfujuXzOVh8PVhbfCX6+J6pdHadatEZVly86BGc6v3O/B//VO/SbcdieJ2evkW1H+c/qR6/s8QtrNam0dG/TqVzey9Vq3Tpi0wXPywNZ654MHNxW+ayJ1x4xvBU9/YvHumqfTLD9YfGK+kNVx8kU8rUHwqufOiav67Qp8UNwWT21+Hj05VsOa1adMj548mloW1d3ysEwcnfvxFbC1c0uOMHtz7bNRjHYcefHQ3Gl9Zfabz3mc/81hL/Wis/Ev2ZrWRfqVcr88gnI9X6FcMg88JEtbrv768GwVNj4Qc/Dx8bHtuyazLc/k7p4Ex10+v3RauqYzPVdQf2hrt/d2LN18Idh+4vBMvGyt1DExO1BVTmybE3F4RPOrA//MlDM++sHquOPByU3p2pVvfsDw84lsvtm9hdCFZPVtdtWhO+ZGly4vkXZqpPhH97Xzrui7s+2Vfdt+PO6BUv/rqevPCUmgfveGom9863Zw7tXbbi+FR+z2ReteiQSTy6cPC2rm0Lvxn+fX9yYVzVKh15ocE9jy78cSxXJjMfL9wVnAp/hB+eem7hhw/4rSX+tVZ+JPyzerySfaJerdJYMV8pZ8OIBZl/lfPZbLH/0eChSj5XyUdXEY9Pda/Mp7Pp/ol8Np3N7+mp7XWonM/9Nggey6+qFMPn5sL1TrG7O1tctaR+Hlfpj56U3fxSEBwsDs0UixvvLU2GPy/nN28ozdR2/WHh31P5dCWb33R3MDyTnSjnix8F90zVjnvgzvC4ufAlwiO+WAgyJ6JLmsX+HwS1p+TzQw+fX2iVK/25cuVQrlzem3lvTc+nqkXHVOvD8G/6FR9/85n7YqzW8efea/DwRz68O55DHgk/gaPPROeeRxeu7VUtklprZQ6W02+fv0J4+5a9y/4wk/3nvcH6Snpg7/4TO3rCiqzbvuBEOb0hqkdu99bpcnd20/a3ZtKbnw+TlN4z+q2x9KpHg8e6c5t3jE6Xs0OFB07k+t/evr8ejfFK7tCO0bA1Ly8KlqfT6T3T04XHs7nXd319Jv+n+8InpJ/YvrU0lt94/7J3K/mPwmqlsxvXTG+NjvvSsvB5v6gd982tb02lNy+Jjrju/v3Tu3uGx/Ir9z55sJL/Tf2zOTi0L7d5pJpbOTISfU2toFp0ULVGo7PI18J61Ko1vP6uwcHF34+WP6X1XYODXbui1cvi3sFjK6IiHBsPNz9+b9/JcMsdtRe4bNvqcNvyZUFmfPDWbbd1jdYOcEv48G2Dgz+KLkyMdz0w3jX4j55g+OPB3ugYDz629NnFXcfCzJ0c7O26oxDt8lm4y+OFoBTt8kj4y+i7643x6AVq1/yGb188uHh5+OHwhc01Kw4ff23t4Qf/uPazvp7Skd8dPqpaNGXR1ksL/iVD+y7YccVaKzvw9ImJcnblq5ffjbE8v/HhzKfZVTuDTCYTfCPdH66SwkXRL8N6ZP8SPSu9+dEg+Nn/2Tvfn6ayNI6fpC4v7g33tr2pl62dSwJ2/TGY1WbmLoVxydSss8kOcTFZjcVatOVOx4CaGNwYFnbkzb5YYkhJlMntTDeBMB0x+M5U03HIkkijhDDMaHghJGx8g6/9A/Z5zjm3vYI/gJgMyn2SJrfnOb9K77mffs95zkGADAva0xoq1r4Hagl/geFzT/q3j+xQhkrrWhOz0g8ohSQoBNT6hmm8k6jCilAzW9eCTCDXyJT2Z6CkgLKMNBYVXKG6F/kZ2hX6dd7i37BfRCTkOTaKRf5rfdI92lfQ93/yd6+k1pkeu52udqjl2OaglvjAolZe9fpTKl6BaPH6E/JdYsyosWBITlcTczCWxMtxv5zyy6jSjFGbLxcbT0CqOBPyRv0JJtzMHBRJJeQocCQvu5Kx0BgpPJATqaR6V59OxLwJ/yI5lIAE753r5SzmsBwNJuVFH+i2aDIahAqQVQ/kmD8k38IL6uYDcDQWSnpD+IJcpo8MO9RybD3MOt7T+mXp3dUKgVvk6xVaS1AiEU1qA0owahV+mZqcX1JaawAsn7GH/jMpnpmcnJyV/oXUuokLTxqACcgU7xYnpSbwAfdukkYF6UaeobNRGermjbhBawF9SCW66xFdBOXUQSg1Hwdg5Sm1GpWKHkhZApVnzGs/U+0k0HbbpM+wXQAimZtt6hCt5Sq9T+BFHlLuiAFzIXLJnNKOmzSG99UzhO2aUDatbbdDLcd+ZTPoDCGZyFkzhOaOZY84p7b4gF/RTzzhzwNw0VKHpBkBMsnjWVIYVGO/dZsz8piOvmXLp44v6+aMOqa78+ptj4cRBYssk8CwnHaTvFdNL4fD4qi8GBAncnfqRM9wdKcH5JF8PizmsQ95r0yzTMtjWYAZILWQU+uzWMEIEWegLk9gmw8umLuTfYqGvlqva0+tN7jnCzqoHK3l2DqsvR84dcNGLYnbi9RCrdU6kDl9A+cNKLWeP9K01qU2Rq0BwqlVoRTRLiA9QN6ICxFUPkgtwF4F9RVBaymUSCupBTKK0qxRUU4AtZ5iW+YjhVVZ/JZTq0/h9ZysBlX3HaMWT+rn7ULWpg7jnvYPVu8Rq0gPpdaxR22tSmvbKXhde73WatekstmppTvUcuxtm9u21z1QaVlf8wqtJd/dtr0xJJ/XbetaRq7FJw7zt+IwA5s37TYH6eWMjMtWhWRaN7hPTevcV8hR4JXWtUrJ0QPIwb3suprWAhwahmQykWzBATMKIgqy7KalojX4aICGCjlaaEIdw7p28kpp2pzMmxGhXCd9MXuT1grsqSzbnh1u52bZynbjFIDGBqgvBzKWXVqhtei6FkaP60CtPwASmnrrzHoJqHVPOsluo2faqe5OsFs7LWpNRRBoTGtpRzupcy9Saz8M0pdoLRrazrXWUzoa5qULtFhndVlr9bIUt1miVtNlmlKH7fbi8R2ote5pR1m/+oT4cVYEaSM2gERsWqKvc6/XWvszdrtYniE8fm1zDByHWu8Ps7bvqS2Hn2erXNyCu1ZQS1VVWY6d91kxhIVjfV21gBGDgQMR4a3v6uqq8rb4OC14xhyiivnUkm8ltQKDFEMUfXl1kf6aTEahTFcKmGNQauXVBCb4AWOspF7IxY5AygN5DOA4DoPDQGrRurGyQ7mo5bY+BgZj3KnhPwLfpLX2BV1lC3Y525y3NLSalAqh9fCZNUxMsBhCapRa87huRRYka10LrbKo9PI8q6m1wKb8CBVTSC1La8VtWkv6BgvRdS1GLdB4Dy2Jk+frWoJ1PIZFrUaMESm128u1Fin16/ms8N0LCH4++5lnrthv8N1c647GOHNQO7cpvkCHWu+L7asETpW/zKzr1dSqb6z8TZZwGInTITnmTzFq7baoFcNNXaHxMrU+LlOL+0CH0fyrtZadWrcZtZK0TGjEohavJHbdylLI8SyLnFpUa4G6Yw+NQrLkpiM5FQzFxvHFt34NO9RybI2285RQIQzsX0NO0UYtnVPraftH94tK6wGyq6g8vHz98cUaEEatvZ2f/PKkYzW1EB1HL38A2V7UWvlZ5fT1kRqutZT4TYwh/J3bopbYV1Qy7R9cv/+1j1MLpF383C1o5NsStaDdU5ew3W671sLYxqMfQoM7ocjQYVaEWZ/2d5KOWCRbd+R7zVFJGbrsUMuxt/dF1rqqqmyACjRaVrlyhtBaG2LUyqvRP2Y9Zo5Si21IDA9G6wJZsAB5CbXsvt1UJb1Oa2GyOJEcz1ILM2qJeXWMVpL1WFkO5VqsLIxaIqPWOI8OTpbcjFopbzSYSoaCjFpv1FrlPwfarvJEx/ZjzmzhFpuTGABonV7b89qYjPSXtJYW/5OY1qSKWa2t2HSAGAuSJgkRuPrrkqYVixHpMtAjwqiFe5MbNaUbo+Y1AZynanC/Fl3Xijz1IXGkotDNtVZ8VitKUms77tei61pQORYTIk/dQK0ITiD+bx4b0aB+oNYPdCQfe8SSTvB2yVwx3kFEKCpBg1fI83mJ+i0l+CzyPXTthPXhFiIP10Ut3+F4hdC216GWY2/re6xyVblqG9ZwiDOPISxRa1oeoVoGqPVAZp7SBVlNrRd9L9daFItm7s6BspCiteDygGFf18IEnsUcjO3kKXathYtj1E0vbKfTTKgjkHHEervRGMJAl6vBuXu2lH2ogNJaWzS3aNzPnLNCEJoHBq4Q43H/Us+55akLcD+LY5M9Pf1nffCTa6pnqSdzdi8x72VAjLjTGQxxhwI4CfnxJDgHbvhIQ+YC3OLuxcxXUGTbJCTu51pr6PET62yMDA80ZwdvnL6sk4nJDNJNDPwETfc/gT48yXDy7KPtHq4h5hNsl2yfxCqN29ivwzDAeBG+QRK61SH+lLEmLPV05uI692tdBN5fcqjl2NuxMCgtV+Oa/vHAamqN+UhhWAaMzMktyzAUsmROjXbqxLNteTW1wNcCvjDzlbTWhJrmIwDUmJoOYBQ9xhAyJMGb+iwMouZqTi1g32IAE0q8c2O0IHyQ5qxda4mj8lgAngoYhYjuQDP/jKDWbpF8CaD6BmMIw12gUA85988Wk1orzgB8zWARV4MMT/bTdZ29MXgOXCuiMRvsdqQFbacCWscC2oPwTCsRtFaH7RxCK49o8jptTbNMoq1qk+VZ0U/DOpLQMG3nG+qrM67PrhxUhKObQGw51HovRmIjQGuNgXHisFym1o/XyUROxkWiZNSHW6ZiwVTyPO7J8qaCfhrdzqj1oxWNQTd1cV+OaS3UTeag7E+NcK3l9UYhA9uvxSRYAXdbpUIgwozhO6ieJhKYQOUYz4I7s4KpBHSu8J8WqrUw8qIwCPn83ltYA3czG8XtZmVUbVBruRuqqlzOKtdWst3w5L3w9qsVN+ijWqscmbHJ7ZqgxNt//W441Hof7HNUWu41Dq+5oPWA1/PBTjycIpFwfTS3CFrJmE4lEphmzAUTCTydwhg9gjMWc0E8FsOsuquv8ulm7aduVgsLjAgMRo/Bm/o61EtBHlofmPFDoS+qiThdT3+sFbogIfh7UGlWljA2nvp0NylUnafUCt7lBf3sbAw/czObhranj5Qmeqbrsxv70+2CP12zcwdtHWuPVyg3NlWP3iFqXR1SNsMUoUOt98FAalXt20A5OhnhFgPlgHnDOrtdDIfdqyY1yIs+Nk3Cf0qK1n/NAnlW/ZIj4D3h8ItVhVflMaw2X57PWFmDvW/6BndAhrtcrj5HbG0ZE3sV22FKm8Ly7w61DrQpwjWHWo69BXN3gdTaNL0JWAH074bt2iDxHXs37ayg8LPWN4t5rna8KwPGd1IQTjvUcuz/7J1dTFRXAsfv8FE+5oBDHVTKICeCiFAG3JExCNKNBJSskxgmYdZI7NYusIPoQtpKpgMq1l0edIlpM1B2xDa7RAMlNfTBJhTMil18mCaGdcImW7KTtZiN2U222fZl3/bcAe7HMCg4A8yd+//F6L3n3HuEwxx+9/zvzLlhoGjHjtjI+TG6lWUtvvMQEaqHvsOpb56OqK9Iq1VM58FaIFxsi6jpwuKbNJQCHxHW4zWkGi7c4N/BDmAtsKlYYnfkGCLmq9FWVekU1Hm6y7GxmXgNqQYtugDWAptP/e7YHQZ0A6wFwPpaq27nTlgLhINtKeXlZegGWAuA9R0szpERfF4LAFgLAABrAbB6a+2GtQCAtQBQCFVxcfi8FgCwFgAAAABrAQAAgLUAAAAAWAsAAACAtQAA4GWwtbW9hRWdYC0AAFAGfYeTI2z1XABrAQDASpxLfSXCnlSiJHLt9lxYC4Tjh1iemYkVnQCAtdaX9BsnTw7AWiAMYPVcAGCtDbBWXWoqVs8FYbFWRD2pRGmUGQyYqMJaYDXWwpNKAKy1+ejKc3L2oBtgLQBrAVhLGdbC6rmwFoC1AKylJGvhSSWwFoC1AKwFawFYC9aCtQCsBWsBWAvWArAWrAVgLQBrAVgL1gKwFqwFawFYC9YCL0Xf4eSPYS1YC8BasBZQBqcLCx3Z6AZYC8BasBYAKrAWVnQC4bEW1iGEtQBYd7KvnTqF1XNBODDExR3ToRtgLQDWd7B02+27YC0ANt1aWNEJAAUBawGVWysFq+cCAGsBoBjwpBIAYC0AQMSiPXYWnQBgLQDApiiof2bgnbnzvbrVn/Jj17wTHQdgLQDAxjMxN08pNVJr9YqHlM50ywvqfcYT6DkAa232FSdCD6BC3HOUTNVMzzXkrbzcwz1jwMzKPWsrUG+X7SspKcHaGLBW2BWE0AOA1XDXRx7nsn8Ndn7cVNhsthK+uGiopKnfZnOmscJaj2m0tzGb01Y1jtgc/Idt0vp7CzjtnUZdVaFtxO5vp2nIZnPks42yodPcsUJbN9fUP2Ib6Y3Ct6nUnDp5qASvHFgrvCD0AGBVND2gLrs475o3Go2ui+kc1+zLm/MZKXm8i5v1mRLZYKrmpj2slh65yXFPPNTJuR+Qcw2swMXGjW5iwMc281pZ3aHOu6zYOfGAlRh9l3RR12d9O7di9VxYC6HHZlNmMBh0eC2rjyd1tENIKB5SknfuBqEXOW7cp6FsW0Nvc97rPlNPR4edTct6amo8dKqAWcvktxa1XhqYJ65utk2tgzMN9Ke5rM7qI9du2KeN1ndm2jw/i74+C/FJJUVffKAsroRzrTfdSEuLA9Z6YegxIoQedm3/iCT06A0aehS9IPQojMbQ42BOzntYh1CF/Ogho5LtjnReRkxD4z7Skc1NXKM9fLmJzaHMnJsfFh9S6wHBWi4np532se1xn+kEfyC9wOo0VpvBzRSYZ+a0z6LwBlBo1jJ8l6Q0fp8Wvs5Lr9t5uA3WChp6lIQeepgloYcn2kMPrJ6rUuo95IJwtUd5O3GZPuLgNdTqn30xa9XPmxaCiaazvY3TvsTqJWv5p2l+p81Ql6O3d+gavcTqyCR/8Aw19Tii8jUVmrW+SEp6X1GcSUr6SRithSeVvDj0mKEkr29Z6DErDT3mFkMPEjz0OMqHHok+0hnNoUeITypJO3h5r5K4XB/OCw9dnMVSpdy51tLLWTtNrfwvYzYSTrDBwqZUTD1G0VpNs9fYFSBNlFhr0H84s9ZDojHy13/GjoWBxJh4QCmZGsZcK4CxpO9qlUTC7jNJj2CtjQ49slcRelQL1npB6KHjtK/nw1oBv7Zjt29RFtsvh1Fbuvd2K3b13IkG+ti8uD0rs9bV7gBr/dpHp2q8srnWRcFa1HWuhjFXuLDvn5l523yUDkZfMBGqtcZiKuOVQ2XC+0kfwFqbE3rclIcenuWhh99a9PFC6OEMFnpM86FHVH5SIzRrHdz+y9cUxduvvrotjNZS8JNK0u4R69L7kv7u8w8KdnXnDGIt7T06tY/P2YNZa4ZeXXr8hGAtNrj6b5Cj+2CtQGvFxycoh/haWGtjQw/dLPUHHctDD8/y0INIQw9nkNBDF72hR2jWytnyq1IlkXD87S3lsJafcZ/miEPLuStazU/+QXp2cRMPyNVumbXYgBrmtE33aGc2XxvMWuyycDCf49y9BYK17tj90zdYC9aCtdYWekzLrCW5fPQsDz2IdCA6+dCjr2ZOJaFHyNZKUBavbbkMa/kpm6EkMa9naj7PrJ1m12QDDYs3gcXBMtFFrG9dr+aThrkG2X0twVpNDynpnBvoMlUvDRbzQ1fb3ICH9qTDWrAWrBWW0MOzFHrkCqFHgLWChh7aKA09VGatUlhLwD3dRSilZJBdlM142NbVYSaacaNLGCzaWQ+hpJVNsyh1nb9uChwsfBDh9p9KOrv5ff9gmWbXd8xzrdEXTMBasFbEhB4B1lop9PiQXoW1YK2osRbHGXq93sYS/2dyng15vbn+svYD/CTpWbv/o4v7vd72bM495G3sZkXZXFoJ+0vb3c5f1pXx22xuxY7xthuEfc59lrV1Oo2LPmAtWCv88HGFLPToem7o0SW7ryVYS1WhB6ylYmtxWvZHu/i9mJ93oFmnlZ/2XMxmMxeN9O3cCmvBWmHX1lLoYX5u6EEResBasBZYI6GtngtrwVorhR79aw49Ti+EHnz659+WhB6L+wuhR3s0hh6wFqwFVkmB3d798nELrAVrrZhOIPRYk7V2x8JasBZYf9RuLaxDCMJEaKvnwlqwFoC1VmWtvra287AWCANphrIyHawFawFYa12tFSHAWqpH7dZS8DqEANaCtQCspTpr1ZeXWxTzw9rnGL49OTkpeXD38KQU8R2yubel5aPiQmY3peWDN8WWRmUtiR9r7BYacexTzahIb2npTQ/dWvGVgSWV8bLq+OfWv6AU1gKwlhqtpahfpcNHTJQQYhwUyzqNRISKEmrVUEn5EfFR35PSE4y3xZamJCcQckAod5LFCmo6Oqyavm47/EZdTWN+aNa6X9xcG/DibW4uFfdYdUBr95vHS5e3U9s8DmvBWgDWUhzZg0STaNJoNFRirTyqEZFaK5GI5URqLekJcmtJKjQSa2kWWzKxJgcL1GKt1K3JqW/+YsCRG4K1LN+fmbFICypuffu/IaGBrP+ceSirTsj45ul/vTGBzeg/OvPvO7BWJFmrrCjOYpE9mc+/LyC+O65MVh6nEyqKZBVFK7WUtryluKI0TuWs1VrLR62sJMigDj7OX/r+gFqtlT5IE03ENdXZOTUqll5i+wJTTqG8vVNa/licNIzKTpBMnjqkFZ120X9LRS4mTXopWx29PZD6CmNr6tZDbbaSl7RWvOVpktxaGbf++i/RWtv+nHQvwFp/+fbL5daq+Ohvv4W1IshaurjMFJ69B8WyPXtTRPaKEjKkSMszRd9YZCdI7lJkSitSyoTyT4SDUzLVPtlco7XuF48Hhh7FxZK948W1y84oDhZ6FB+HtdbETZKosd4uKWBI7rjkF0gRr+TSZeX54icVs2UVa2gp337RRUiPSiZbfX5rMZKTk09dP794k2sFa1VkVWTp9Vl8TUZWhT4rZnHjT0+/ZNbKyNJXZC2oKMZvrcr9C0fz1irS6/X+eRdrIou31s+9MRn7WfX+eKHt1xespV9qOvB/5w/Xw1obJy3Lkj820lraT6TFFnVPt9ZorT2fXrkrGzmV5X/4ul8YyQc/vfKZfGDFZ3719dCykZ5x6zfvlsJaa6Cgk5isJzb3a3BMnCeCzwAAIABJREFUjSr9WeCNLS0tq/keapasxc+4klPfqBtw5q9krZivHn3+w9j3/2TDQP/HR2Njv7urT8j45oexsXd5a/2fvTOOiSK747g3OtBHBPR2Sl22e9xpN6sJeieBVJdxjOekDV6prBnoihWpSAQpeFW40zNHI90l1h4ct0yPO9NUbndDt+4VCnWYW0jYkqAGcovBGMlCNCYGlOihYAiRv/p7bxZYBfQaFWqZH2H38Xu/94OQnXz2+3u/fUNGFc3slNaiIm1/aHxwykUBtW4/fPCgGKaY2vFGGBBqMWWnHzSeEZWLhnGPN+5wALVoxg2rKuwUqVMoplxgOTj8OqtSa96ghbGSrAML+TtMulA7O02tx/wZ07BZ9tjEnJk2z8yUTGTeCpVa359arec9T1DLZg2l1nn7k9RyWGdSi6sTJJVa/42deO0Hy3+/4Oh89TXUu1Fh+58VFLex8suIsFAjm1yfH5+dWokXkAUdQ+hOob6zF1n60Og15soAApdF7knsHkDHjiFlu4poLf0Ikgv86EgDXidbkNym10/4UYFfvl2IqQVLLQUoQBYUjvQhi9/iL2/Q34QRwtotXD92jNgjlwlvng2iQAGSL+lVas2PrcfMSt28EiyEHCtWhtic/u818djMLAs2xwC3jItabM1BLZrjOFrpzJ0awCOX0SoCtehJF9FaQC1aSxMPUMvD0ErDL4ddQWqRHFp6so+X1irU4mianq2rl4RzKrVC7O8b3lz+2yWqPac9/U4lcfknzh36TVX2lq1hMy3i3azRuagVKD44hu66vhlAR250DaB7J2+iQNvBMb/cs/0++sqlGwSkTWmtZN6s7eyTry67gEbTy8bRaKVzWG5jRvoCVzG1uvos14xuUoqgTQOo3AMJyxu6e9EOT05HDa4mTtwi1kjeDVKd/2zJuIC+K1SpNS+20gjQ2r6w/4H1uphXXWqtN6U+R5VzdmrRhsxtCZJkTqHDuXUHJCmzhQvndG5JqsfU4nQJ2EVPU0uXFy35zGk0UMuc4PN5gDj0Kl8TDAi1qOQcnxRdn0ZW0CW+Jm8ephZdAquCeUKLHu0lCRDu4VRqTdvuDz9cNA18C0Gt1ZXniqqy9+yLioqI0Gg0M5kVkXV0/+xaK/4CujOkrxu+63L2Ba7FxHf671YCRuKZb/rlHgBZRU7mBPqsYWpfS28y7G3tlS9uv4AqYF2vfG0E8LXXjaOBWsCnxvTC+OA+mNyzLH7EX54PIZUMow/uZBEjG2nh2sTknL0P0axdhi/6RKf3d+0qWuzUwhtVMQv9L3j1hVaGYemqF30OoamWt8EXn85Raxy8KPAdhzldKy/YBBtQK7mVt9n4DoIbQi2qixetAl+cZKoVbYLAi3aOrhYEqyCatZhaRrJAKdVrnTASRKAW1WXjBYFUHCl3EzGJhGQo4XZOpZZqL59acZWlRR9v2Qq8IrTSRGBwPV4gjNLsKs2fa18LtNbtRG13L6GWiwZBZcnFLjp1EHMIIb8foV/iMjrRWqmOfgs4CLXaYrgr/fLFmzjGj+Q2TK3Um8MIPbqEN6pYZ2/gKoV7CIFaU32E01rLhJvlx4/h/OXzQa1db7yx6M98X1a2LvLH6oX03NR6CXcqAWpZPW+7BWsNAKe4pQweGroE0Q4u0ZPqBpeulk/XTmutnMMpTpvVhdfdiKwVOmq6baI9ZSm4MLW6BWuzrqQ+uDPGSy1lTbwEK0XvwW31uOjBxTZJYE0+Qi1uTX0a5L+uUku1l0ytjbkfVGUHgYVxpdFszf7k/c8PHdoXyqysqnOkhWNOrdUWM00tFj+GUEs+5YOXdnoSx2Cg3a3s6kM70kFYYWrdTuS+JdQqxzFSM+kh1Nc9LECBixTLEmqZQqhFfjsz8RExUiHUj6HRf5kn5oda6p1KlizZbjKlrlQvpP9FalHAJFaLGy26bdbDFFsnWNMAI1qt0SE2Z7Sez9y50y2Q0rtCLW17yaalMGXC61jAUXOX0LFp5yqH6DECtcDh8yQxwYqi2EyxTkHSOgFuVHD7qj0pqR2+w5VqIfU2yT8fJzrpSkpM6mtoUVIrrvKDqi37poAVtufXVUW/yn1nNZ7b/8VUaVCT/eXvgivm1FpBan3bK7cNDU2gt/bfR5+9E4/re/8eRHdWDw3pOS7y9cMsplYneit/rXOYUOte/lBnX+Bqp//u1bNDQxSLqWVKil97pR9SxpobuoMJyws7/YGL8Xoj+VxJO6dY8ENft+POjqnUUk3VWrW8WUtjIAG1XDRuFHRhFyglsdnoEASeF4SOKWqZupqwh1DLrqV1AKZqHMML5+2YWrgWKEoeOthzCAnrCLWkKUrmhFQIOV2tTYD80vyc+a6enrsYqbXx+FHQWLgSqAFgbfnkaGnlyZBPUFd+Eewd1OwqXT3lfZbWShxDgYrLfehUfHUfOsL3I7knfsQvfyeevtW2/b7lXiGhll+uwFOYWujI6V50r/DKABo9zY/fayDdGB99Kp4elnucw4GeX9xHgVMP+4BJOOTy5VsXU5/ofAdk/kMc96vUUk3VWriDPYRa3ZPUyiDUEjNXGQyGGyCKaE4JEr3bShStZZ6klrQUYgwtpIeQikxw8GIzreUUauEeQm0Xj/sIybVnAmpJQC1SIaTcvNV8sJqfJ2qpdypZZNTKX7IfRJYmCmss4FZ21aHckyueiPsJ7iKMiMo6mrs25Hazz9JalHHcgpDl0waamoDBo0G5J5WaKEAIBS4Bo8ob8L5WBjAGfTWIqSXj4SMPxToHYYAUajl7cfwfC6v75EuJ3YPww5ne8ga2awC7r5lmHJzRj5B8Zlillmqq1pqkFhDIzlLVQkeNmy+uIcW/jFY+nWVYOonWbWrR4iCn0NGgL7MRal3nGKdgdeFvPUO1c5ha7SmsXtcEKUtu4AohTshLQC5rM8ulkKJHUopieJwB6Etk3Cq1Qu3E11/v/qH6Yn8R1Cr6JAuLLE1ERNgeINasJ9lv3BoGMmuqNPhUalFrcB+sMdacFM6lGrzRdtzcpzd4va7kzDQ6XF/2I6/XQ3NrJI8WB3GmBF9mDUxRq8xsns9bwwJ7TDnRXnMa3Z5nTqFLXod4PW2s9daEa417vWbWYIcQ44For2eWN5jror12xmCnVWqppmotQi2XCYRPZoKNN7N1gujNa+JFD9MFI0NOk52q5YuJ1oKpzDyHUiEUvbEOcBtb+Q5zXrQviXRjNGUaYoF3oMmaYZE1023jJRKSeaBJOWsjpOgBSTrqD8xbhfDVoNbfNrz5pwW/U0jcX3fv/umrTq0wgqyoiKy/FOWenCtu7RbNx6UzDtGY40QnisFOluzbTp26xDIMpWWUU57g7Rt+opQgmtEzNJ7SMuGsnlG2csGHR3heyyg5iINj4InFP3IMSTPDID0bzlLhKrVUU7WWQi14yyfwvJieQtOxNp7vwJ/Xagcugc+TOkktEiO1YmqJPoEXpBaai2zFG1vFRGt123B8egPQzcMmw4Toc0hJXBkOsTbTM457ckCE16FSK8TeW/7azxecWhv/vGHDe6/ulRJ3/Ogepbc9IquqNH/FU0LX/iz3Bdxf6//srpAqtcDWL/sPe/cb08Z5xwHcJrGpD3OYHJA/4D8iAYwJYCfBGDAmwOKCiAUyUwiz+WNnHoEkBBThxuPPAtqaSkQMaQqCiZYXnRali1pp0tQpUzURTZPyYqoUJq1ru6lR1UnVuilv925+fGeC4QDbdz7f4/t9X3H23RnsO394nnvu9xxt14A6YlRLUTvSo6BnA1JsVnbbbqMKFopKm62nGE0Z5Giy2bpH6hRNH95W1OWGf9icOvLPzvBT4e2yF47YOh3hdTanbLbWnuzN8E42a7ttthGHovPEb+qyHRXdtta63KfhVTq7bd0sEwqdDO9+ZDP3KaglNrU65OkvK5Vs/EEvQUbQ8vjmRg9Z2cr6KKgFarkWFnYUB0xTNNXV1XjfNJYKtZhpVulqS6i4U3b0B7pak4J+TIGKNDFln+inwid1dHW0DvoJjdBl1o/8HFnIZmpEOVinaUUVoPabwBXUArWSMevOIEmgARYkMTa/Y4BFQgG1QK2i3Nz0q9XQtLDgkuGclKgllVkhQS0pqKXvmx0MN7MIgnJPTPhKk94PqAVqiUOtYhGUlQK1QC1QK4VmUQQyy43GsXMJqAVqgVr8qJWCOoSgFqiVIWpZnMMUQd8uzHlyMMmrRZKgFqjFy4fYVMzhbQS1QK0MVsvibCbRrVktvgAPE1pKXC1rIBRaArX2qmWtnw4EAtPMTSHGm2gJPcAccpeiy8wYoPno8k16nGrh9gbMGV4fXZ6kRwVZSzNOLW4BtUCtjFVLH2yOXM5q8fHzZStxtWSynBwRfKqiU+vSVu8b4ai3mMXIUjjyS/QD5XJ6Wf2IXn6sZlZYpO8XLH2TWUE+R6/wLrOCfIZ2zzLzRANqgVo71CoDtTJTLXQ9K3I5a2yUpz1KXi1xdC6JTC3jjEF9PhwDrVbOpd7zdNSMWjNqetnwCaOWgV6WP6TVMl1kVlAzan3CrKCm1bIG5Or3QC1QazvV7e0boFYGqlWIxmAoKcIdNO5z9xWoBWrxoVa/obe/HoWptKKvj4YpxzwaXWZOYFN02Uz3EGrM0QeYeV8t0WXmTnhzueF+IagFauEWUCuxBNaJsFmkJ2jkcaegFqi1V62bc6FUv2i/oeMMqAVqYadWjaED1Io3/rUh1M7yjM/zutuwWlptAT7RZoFaqVdLxltb/gC1FkEtUAu7BLq6npjSrtZDAw51CC3OQVKpJFrW5nne8SvVjYEfYJRrf7qr+h6olXK1Uh5QC9SCJBnjvfv3+0X/W4bcaLA75eN/kPapv6iuYhWV6m4FqMVrXJWVoJYI1FJglWxQK42xWjVi7xz0RToH3ezXGsaGh70cRhT+NuwAVrnxu8w7BtOr1obLVZSfdrWaKitdEv4amsq7VotVRs7lVcggENbogx5SSZHN+w3CWGkjVs0c9n/l+jGcciITZ6KS4Pxa/TUPY3q78xsrKtolfJofHTg2gFWOHT9XIoNA2LK0ju7QWl3bd9wKmsvYDO9Tkhn1+0dF8JUlMrUeP3sr1bOM33zrXVNmHUquqakFDt/jjeeOY/Xv47FrjfD1AWFtaK21HNA5CGpxTeGDwZY7oNbuPKopL4SDI9FOC07Vc2WykqOuInziam+AjxzClsAsquzucR50hxaoxUUtLwHVc/emywBqJa4Wp5lKpJ6ScDLh7zBZWFPI3wZib2iNRxpay/4D1wK1uKkFM5WAWqBWuqPJPX0iIwZ3bC12sKV+X7TKWdfvwPUr3b+O6uR6god8f4BaoBaoBWphrhYu1XMPS7lBzpJo/U4WtTrUbBvI6/FsaAUH42hogVqgVsrVknynB6glhFp4zFQis1oPrBtTHp39ICby/dW6KGfb4A0s1RpdJ+JpaIFaoFbK1ZJ6pweoBWpt5/GzZ/dLQS3WVDXH19ACtUCtlKvFU6eHOuZEnO9/Tw9qQXBTq8ugPrB6riBqld7b2hJdRSf9+FCcDS1QC9RKQR7VzBTyfiKejzkR+2t65zPrWAK1JKHWITOVCKKWGKvn0sMw3HEWHQS1QC2Or15cfCW2olPg0VzK1dpV0QnUArVArXjVEt9MJVUe1Du4Fm/lAFAL1OKWokOq5wqiVn7jFcwrOoFaoJZU1dKv0b2DcW8wrqNALVCLi1qHzFQiiFr4V88FtUAtiapF9w7OJjAliTk0PQ0314BauKuF/UwloBaoJU21Ir2D1FpCo6tywoHDPkm13DodqAVqgVqgFqiVXJjewT44iAV7xyfcbieolR61LJmlVkl7e7UGTilQS1pqzSfcO8jTEYNV+P3T9UajCLpXpahWzaLfYnpdZ+BHEp/LGNQqA7XwUytn2k0m3DvIQ468uoFVvv5+dcadsyJTyzr9k35NitUK9co9zc3Dw95l3x3nWNWkvza3ScqzQko8+cULU1jM1wVqxSTYQqSjd7Dsqgq3vMq4qwdia2sJcJex/gMlQZAkqWtra9O1kS2e5peffRkahS42qbKVn4/FZw9q7UjpmhLdWRwQ/GB5pbr7S6zytUpVBmqlVq1dFZ1SoVbO/ByK0+mbWPd6PRQiTEd5hpedoTMySaZ96hRWKavIl+CnBGq9zugDUkkRE6WCv/DGj1WfGs9ewCfffnhV9UdQC3u1IkNfmdGveuP8Ut+Xn71sHqLItjBds1KU6/LAccySNyXBlnGXQX0R1IokUix3dTwN4wIu31B9ejYbo9hBrcxQa1dyXryo7DSHnBPuIUIXlsvXNyqpb0PN6ePnbFjl+rEfSvBC5Jnp6YA+7Wotqg3pVqswuIoGvIfS0i0BaoFaYlALjXyPvAmmyeCEW0nqSM/ymFk634b51/O67Q6MktUzcNwlg6RDLWN/f3+apzKxTKCptLyTyeK/NOk3glqgFv5qbY98NwWcD1ZJnc7j+0AqXYUNp/K6HTidiIqegTxQKz1qyWQ5ae6c9XvRJS1f0vA4V1s8yf9PCmqBWg3V1RsaodWyamKnhEV1CHfer6UZnVtuRuMzVpYkUa8M1AK18JkVsm+QUlItweSH43CrngtqgVp7k/qR79bQm+UxF7Xz29vbd9/RYBmbHdLpVmerNDh8iA0bGxvJn8agVoaolegUqhdZp1CVi1kt/VikhtM0h11wm6lE4mpp5pzOKlBrdx7P3Ev9rJAP4+j80wdWhkkdMVuFQUdh44nTHOoQglqZka3FDpYs7ouQqZx1gw6zeP9EyzJFKcl1P5d9gFocUuhua5sAtfa8LTFlrtI7K6QJNbiI4THRu8Wtei6olRkxWVizby+3pjTBDdKeQOSSFscaTqAWl69nmKlEsE4PdbJzGetDE2G33GJ3C9Ti0ulR1Nh4VAYRf/oiNZzmOO4F1AK10tLpMcmp0yMBtdD/dxG3ghpQK1PVmirDo3quxKNfW6WU5DDnGk6gFqiFYadHYmrRblGzVSJ+m0AtLmrhMlOJtIOmJaGICe69HqAWqIVhElULuaXUUT6/aP8iUEsKatVPT9+U7NTxITQtyeoaD38/qAVqSUKtyEmj84ybQC1QK205rHquILGaJyfnhX/Z4Cq6pMVLfweoBWrx3id4JuU0xDfyPTY5pWPDOtIr0m5CUEsSah1SPVeQlD7r7X0i+Iv6KDQtySQvOxNYLceeU8uhOPBptofCx3zMVgfuEtRKcRqqq0s0MY88ebiV6l6Q+q7HyYydNd8ZIqkVURbWBbWgrSVQ0lE918/rtCTxqmUatfKg1uZCa13sI8WtT3c8ndvauWuLutbbdXv3E7PV7nS2joBawoVtVshywfvuG0pKGuJobskCbkLnFmNzC9QCtYRSS/iZSqo8vE5LstJGDMVziTo46F2pmjRyU8vx4psbf83a+UjB87v/+Wj7SG7819//7IrZ4uSvv/jfr/Y0nbRf3X1Huy9Mv/jvdx+BWmlUK7YOoSDJL25qKoqv+3J8iCREeHVLYLUUigMf2fs020OHdXooFKAWqLVdw4m/aUmCL72z8VyZCykJkhpsnggGdja6Elbri49j1bI/V313a7up5frm411q2d//27/3qnXrK9XPb+33Itrnn78NaklMrZia74ck4CZJr+gGEwqr1mbtyK4ujM6R2pin93R6jIywdXqM9BzQ6bFzl6CWZNUaXUeXtGaX+NtjoV4f1wUCc4tSqaQoglz1eMe3G137qWXX2rVZdi3iRlvgsF9AP5zUOuy/j6hl1zpOarOYthZSy37BjtZWILUuZ9kL0FGtzXIUaMNtLaRWeGdZBReiKmU5vo2opdDaHfRroP/qIqEh/PztswVZ2ixQC9Rib26tUeSgU2xqlR05IZhaiuI//DT2n8GT7//sH6+X/s/e+cc0kaZxHMcMzdsE9LZdtTYVV2UrhFMkrcvVcbxcJu7iHi7VATnU8wea88cVdw0q554atfU8b4Fd292uG8/lWo4FMbBUSw84Zbvp6kksxFsiKQRCQgTJLj/EGKN/3fO+MyMoNEY9rUKfpGXet8/7TibMzGe+z/u872jrzNWPXj/sEofPPqoflZVPVwV9Ri2x5OrD1Jrw1CIvLZZvignBkcavjRRNMUJ0/XtMatEZXH720a6qHjstU9YNdlUdtwOqnPe6qnyYWkrn0a6u/GLqodaitjUNdg2et2NqfXuvarBdKWMNlqquwXaGwdRSNhyt6vrqPLloWANf1ZV/B6jFZlig1XFy8aWIRoQYUMsyWPXXaiq8DmGYWmPbmo2zFF8seqXuZ6l7jkT96tmP/2mp5bA9Ti0+lx1BLdsoalnGpBYXnFqqEt4d1loTnVoxOSQ6uDcks9Ri1ikih00SXXvzxtRaqTeR35OH0HGN5oEf7fSjz4qZkjYEVf7MZk1DC9rZj/5JsEW0lu4uCuz3o3wTbpeZhzxXNIYB5Nnv9/TogFr2xjYU2ImESGHqHQQdZgK1wAXloQCunfZDHrFjgEmstTJRnh8dK6ZfOLWWb9p0MPSXQphaT0utiM2fyGetS3yV7mdTwZ7j+INQi6ZZ2isk1Y7Y0NNaB9ZaD6skapGEXagRqUV6ZGV6+AjUws60hCn4gRGoxcq8YyTusiV8ripYRm+YWhODWttPRz/PS4uf1z6MjnzMFPLf/CcwNrW60ZBRPYBWVjr70fG00hbU03sXDV2GqszmaT+gvspr3ahHJ2ktldNXq+tExyqBWvfL47rRse1XWwOXdZ3+oQKg1uar6KfmjFLyUMdAh4VpV+Fr3lW/5/wfkkht6p0qYivsgtby5KcV9aMezYum1itirxq1ymavFtbGXTxVssXDt2bBIp7WIWKkQ8w333y0+HmoFfFmjmLW0rPj5hQIQq2M7JoPprvcRj0to2fUw0YaoCoKaiowtdi46S5XVhr9kFr0kWzslEIDtYzTXfXl0My7rR5vEGrRR7a4XPUVRHPR3pkuV3opUIu4kK5lMr1oktaCX2rS6PA6hBOVWkJ08NT8kBzn4oIdSxWjoLX2i+KdwajV02uy+lcm3gZyUQl30c86qEpgrrVkNl9r8RyfUjOA+kyS1mJ1S9bXP/D/VAzUupRgsrYGtt5Fx2rq61o8NzC1GlrR7naTzosHtW6joQIKEFg4Bzo9TDGMOI6mA9MoxXGtoQJlwgC6ZQpTKyTUeufz1cKz1TvfvyuamD50USr/XSh/LJXfFVd0/1Eqi7MgD0pl8SWQ8X8hpV9PWnDx+aiFo4TR8uXj5RQIRq06zsJbeM7I0lYeNrncNHaJg7NZbLy5mDri4MwWzldLS9SiSjmLiwcQAbV4m4WzlbPeIs7m4m1GFaYWNDWbOTOOaMjoUtyhjU9XgQvsg4yTZRSZzS6z2ey2C1qL7Nw9Frb+z9QyqNXTXof/08SiVswpEh0MSTgqpmDHumXRilHMOpUY8cug1LqSyjhbVyZ2op8rMZqOUd3o0jSSQ9jYgpDfjxBJTydaSzuQhyswtTzXU1UlLZha4ONHnst4XCv1QT9C99sxoEy3QZLJNJ1ArQGULyVoKAf2E/vM7hXGtYhLX5haoaFWRNk5ASkFk2YLtuB3wg/7FojlH4XymQWSg/jiku8lh4tC+ZxUXi0kus75XKiYtC/+uSKEJEq4cZYiZ5wsChecWr4OdRHn0zdabMa0uQ7OqCzlzB0LS4EyhiIuPUVdxxlVErXYuIo0mZX36bV1nHvXkiLODeQxd8gaeCAWUMvJ+2pT9pQTaEU5bOm4w3TGCVBbKNQaktz12GrsgtYClxmOCyep8Pu1JiK1NocuOliwY9WX0XJFpGI0s4LmEKZ2A30kapkIapQ3h6nl+faNKTU1J2UqDY211uFOFOipqGslWutKqsrZj6m1O2sKOBWTHELN3DstKNBMKRkNoZZOoFYhUIs8xqXe6SLWJ45rvVVJg74LUytU1IoQ84UWnRPtkCilzhwSy2eEcuIhyUO8lA9KDuL7uf8oOZQJQYb5ZaSi7PElSJ+FWhGHP5XLT28fF6dAUGpdMDJADx/bwPnsNGPlcr2AKUaldpiL1Q5bVnJyEdfOPhzXohYmT84GREG7k9DOYi4u5dzJk2Mdtl2YWoC++g49JUYUfXaKKQVqlXLtKlpcwsY7IkIIxAMX0G/tbJhaErVmz35vglArZu/v5ZEKRQiig/FnN4HKAmDKNyzdMAwtkVnBqEUbJGpVXvUHbvTikaxe+GzvtbZmNv+3DfXE9/ZSMnZufa0GqDUPADP/606itdCteb2daGhzJ3qr+OtenZ7kEHpTEuY3tnkuG7YYTdDh5d5p3ahw0QNw0SkXkguEZohRYg4huPzrJsoPj2uFilov/679LNSKmJqjmLUqcXxTq5xiGy0+1srnEtS4UwBIFMnGAGrxHMcLuYOEWtotFijzZqCWDdotAadSKIOTrRpTy2u1cDY3UVWsEycI4hxCTC4pQcNQZHZhc4taC/6CS5haD+3gn9/eF/IZ7nhFp/df9E62n5bj6ODLHzqes3eVPJog60DO1s3LJGZFf3lKutKfpLXshm40dKIbea4n3PZ7djftRJnNugd+z4oTTfuvf9ftvzUPU+sBChw/2ipQy9PX1I9u6Rrb0P0TJ6r6TCQbY6jpxNHWQDNGINAId4gKE5z96H7ToLhyxqPztVAAXDIfm7AcplaYWqNsOWCrYBycAkGpZZOoxQGcVA187iPUMiaD7ZKxFI2pBYAxG2udgtbC1CJaKxf7JJMIIU1FJTk4czGtYqErt34ktci15y11ud0ut6vGLmktWVhrjTQ8PXZxyKn19nt/K3vB+1hD0jAOvPToYEHOUjnsOVpxIOejGBB8G4UYoXzDp8OvohybWt5hajEl3X6Ehi4pZYY7mQjtvpnZTBnwMBUauvFdN+oDavWZGoFCnhVtmFqBe+C+u5hmGnA7TyGhlhX77+xJwNTSWdsQCnzlLzQpi2AL/cP++FAvaK1FjmeHAAAgAElEQVTdN8HnvFIWptbLoFZc3OtLrcVr1s5a+qfX/xR4ErX0Jbx5F5NRxLUbcEiQwcE/reOCUalkvHo6anIaphaO9ZmUVkItIBGDt6ycL02ppFJIDqE3hdEscdiqvTM6QEiZqxnsx2AXihaCHvqUlBT4SDmE5mqltm7MKV0TlFqvhE2Nn7Poxc75XbQJC61ly1/UqPHHOcuXjyVZt+PQIDBr7YdnhQN88xM5ZpbiwMjXJwfRWt4PKtJkMm1sOWDCEJudVavBi11MTsqqjKpIga0jSVnGWpqdO2UXq67okKm0SetPKveU671zy5WxNUYVBe0yZmZlletp7WT42pOdBX3Q2jeMMplSnZ3UQcXuomUaNelm1DQRdaxdnbS+WiMLU+tl2G+12oxfhJ5acVHPlkS2dWN05MHX/hR4IrW8dZw5u563VSsbeFtNtgPnEFo5W822La5qQx3XTqiFtVaShVALnNZbgDdqB+ebmV3XTnIIna6sii3AOycgEGjky67jgVpR4JL1P/bO7beJ7I7jA9QTmNBh2IlZEGgcpSYxdnNrhYHEdghkvSBAybo0bmTXN2qt4iLLkYW3qdcBR1lFaqLIWm28sUTSt02JeFmkReruQwTvVR94bx/61Lf+CT1nxk7iS26emTMe+/dFgMc+47Hn4s/8zvmd72/7h2/3mNSU5ms9XkBNvnkL2RitJa8HB1qetFrv356/w9LVnmzZuA/DkgnFB3aeS7CYWVtl+NzP0emSA5+44jiTweHokM5ih8NhcImZ6pfQLd5J/J8LvYxnMzo6TrZhVqG/jg6H1OfnQLd4BulNLjlwgzZDB17bhZ8X26BHjlpJtWgzHR0n24BaZO7cZE2PVepXu2d4uM6dEAmxQd1nwB9GLRQrbT8ee7zwtatt8m9fPR7bxo5Ok0++GhsbW3g7WaSW6zKi0Dd/f4OptXAOPdyeMLjmf8LjWr+9hB2dvhPbf4baLrw9+d2bx2MLH6FXXBfRo7Efvq3hjbH9BrX/2tUG1GohRRIMgwItNdMwalUqsaZCeDgLIWpvFFa4U8mslq8KSXFGo/a/2I1Yy9huxOL2LmDZd3abcW+DyuXDG1QdiPPnz9d7JBC2eO2xdXdyaEhxRyfJBfd+fz+6xXt3bXx8ArcxXBsfvX4fv+DqHx8fnWgz/PzqhOH+5xNtrp5nNz9vu9x//V1//7v5m6PXDXi90fFx1Pg6epN3/aPie/Rc/Bfu0xgf//Edds/Fj0Ynarnn3r88fvNHVxtQq3UkpQ6qGGjtQy2bBye6I0SV933G/FtV3ZStXss453TmgVrVZ+7z7ttYL6TFmfe3iyoOzn4oLUtzie1T94rL3VKBYutiqUFxntfz0vIHS3EDSg7zDjQCttRxzzUYdv91uYrmSuhB6QXpOdclg9TIgBcN0oKrmMwuttl9XTKFcrXtabzzdCUzXVIboFbrKJoRR7RUznevolY2zOMcDM9W5XidpcYAXqtTy8OyLe/5XgNaL4pTgxel5ac7k42fSk9UziV+VTmXeKn0RDHVab20/KkU/c+cXvpEyT6NBsAWVIWU2U0NxNBeg4URMXUwrfJ2KqjFpUIsTTPO2NFY2erUgkoltbTR95v1vXOJdyYbvzYXY6vXB88lNr0qNShiLl1qMCfdOs3c6/yg5CeO+DXHFlBLDrSGnz2bBGhofbfq9bBk/N3LqZXN4c3S4aMaBgC1gFo1qPVh/eA7X3u73E286nyv6GRNc0ZrbAG15FBr/pQ+3HObWTY/z9AMkyBQcLWMWt6QGN8dff4KUAuopYXsG51LZkXfEWNL0wR4oJY8ap0CammqSCIoZmHMcQQ2toda2TCNAq3AcaaGAbWAWppoSmlq4ZSMoJbYAmq1ArU2XrzYtDTh9RhJ4sxBNhAn8+V2qbXixyNamWP52wC1gFpNQi1x3paGLhlArVag1mZfA7jnmqbm5pRMZqLM7gDL0+xImJSB0w615kYYmqGPWbkBqAXUahZqYWw5tfMkBGq1ArUao1LJal+fgu65ZrdTdKt9mSb2DYrU6ipgZ/djO7IBtYBavUNDj4g7Ok31rSpOLSriFEIDQC2gVrNTS8lKJSVmkRnQKqNWNoN7BxPHrjUE1AJqPapyz9148UDt3NeNpe6yi5/rvXv3iux3jfpYzQqXALWAWvqjVmSHWSaS3wD7EE4P+Fmar6euK6aW5Zc60n9vArUUVnWlks2+L9WmlnHQWlbw4dbw/LwCP4JeXsh0AbWAWlpRazBbU0blVlCSWpFkQAtmUZQtmcynnAzNOOup38V9f+bPf9GV/nfmH6eAWupS60FnN+nC9vVWKqmUm2eTnCa7EagF1KKoD6s1tW+Wg7W79goD6lPLZNOKWaLm1hC0QnWlf7Rv/+6M3vS9coMwQK1moxbCFqPNbGP5PoQOl4508j5Qq4a6z56oobP7ZvxZb9dc4cQNtak17fUzGjKLiuFZWssDda79q//8SVf64z8VdD8z+nmg1mHUItLpoRi1qLDAx7TYjQ8v9/TIKK558dyTUV3p1Ed/uAvUqqbW6Ro6cQC1TtRa4bS61EJhlk90q+U1YpbdjaDFJ+vf9q0LutJDRXfeTDQa0f5SaGxqEen0UI5agxl2LUrpTo9+//HH53T0B33aU8p1xQK1yFGLi8TEMItnAwmbRjOm4wxNM3kKpGM1NrWIdHooRy1skqFd/ruMw3D1ib40fEu5Lw/UIkWtyFxmhBXDrFB+RqOdaA3zNM3H7fDLD9RSj1qKXIi/LrsQTRU9hgpSi1rxaZZIKOuX+5a+pOR3b/9rb+8VPRwkXVMLRVkvAwyun4XCrDmrZjsxLNC8Nt34oOalVnnmuyrU2lh9b1aLWlSKYZNGOK1AQK1dWaIxHGXxNM/QHhRmtWu2D+PoM/i24FwCailKrbkv19Wm1lTfknrU4uIMA7dyIDWodYgPYWNSi4tsJZ1rErL4UDKtqf9vHn2KQBpOJaCWstQymozKX4gV1OpUkVrU+ZygpZEuqGn19PXrA7vWyFDrOD6E3PRW3h9gWOz4x9ChsNeqYZiF7ygBWkAtNailyoVIklqU2SPoMSMDpHcRoZZlc339KDdldks0lvQgYolBFkN7CmnNx3vdOHvQSxmNRkjGAGrJoFaVD6H+qYUzMl7C0BaoKal1BBnN0Vhh2bnG4hiLR5FWIOdeMWkaZYmK0TTNxyi30xmahrMFqFW3rly48DNOc2op40O4qxQD80FArUctzjIwO+dO+H0IWEyJWMt5m7khdg92xMDZg3mBX4O+EKBWw1+IB1OLu/DoUa+Sn9qeZ3mieUocEpzKQC1NqGU3mrMrs1uxQs7vDNAiryRgBZ05RKxG6XXYCvLS5OLdWsag48fRUZut5b0xNKKW2iVhuzysj+SxHfrFs2dX4JICapGgVtesqK1UKuWOh8PLyyGfb4RmBAlXmFcYWMv51EojTVyMjGBocUAteTL5GRZqGVcp+/SG+pnvvkQ4HI+7U7b0yrQqXmgRp5AhaLImzz0XBNQ6OrXa0zSP8cQIgoACKyReohXPMCxDBwP+cN4b6Wqwgd2snylCC6glK9YCz/daev7vRbWplXUzdyQx9EjA+TLs9kanOWW/Ropn8+QSleRVKmlxcb0PHzbFziMUa0nUQpzCpMKowuxCtAr5c0m3LWI2NeCusWYQtHLSDwtQC6iltDb7VHd0oqbDOaRMJuQL0jwmGLsW8Be8UQVHje15liY3awuoJYdaevEhbJBYa5YOilpbWwuEPJnlXCIfS81GzFZT4+6aMEszoSwF1AJqqSICPoSlA2C0DmZXbHOFXMYZZASELl/CHVXq0uvysE5iQ1tALaAWsVgra4uKms5mzVaLkdPBnkmhsNC5QgG1gFp6p9aeQzE44C0sO3n2jhAMJb3KTOYgOWsLqNUK1OIOmR7bKPO1Gk7eIM8HdioIAbWAWs1ALYpqtyN0RWOJEC/cYXwJRcCV4okZEgK1WoFar5budXdpTS27/iZZTAd4ek+RcaAWUKs5qLWzftq9PMIKTCDhlR0ncTmBVPo7UKsVqPWg8+xtzd1zu75YXJzS1fHNZhC0ChxQC6il1C9G1Z2bttRqb6eMkZgILo9b7qk9QCz9HajVEtQ6rFJJJ4ESqoOrnZ0PdHV8EyzN7u2rB2oBtWRufXi4h3hVyJnN1wdXpUPgygRRwBWWmZvh5dk4UAuoRYhaX3xaU/tCyLpYe4UDf9Ll1DLWRGImxt7KyUAtoJY8VbvnEqDWVN9quQ/hZE/P3Yo3MqXDKOAK+uV1FIaFtShQC6hFhloWa01x+37x466gR2pF13g+WHYRxplgAKgF1JJBrapKJYNPb9gV7/Q4e4h77rVrVe657VQk5mFYRha3Bj1CiIR1KFALqEVIOqOWGXtilHd4ZKPRFSjJANRSkloVnR63Vej0OHKlEkvKwwhyuNWeDrIFAhYZQC2gFlCrlhIszYQ5OMkVo5ZHEIBah1BLlU6PY9TXsqSWgyzzsv5uvjgRiwygFlALqFVD4qBWFs5xxWQKZzIx7T9GY1NLFR2rKqRx1s+yI8l6U9i7PIJH/T7CW729vXBDCdQCapVreqRyUAsk82IxGhvBDQWodVgtY7GfcCReZzchoT5CkBxqXQVqNSO1LBme5uNwhjefgFqHUQud/bGQwPjT9W0tTtJGF1QHtS7Pzw8BtZqQWm6GZhPQBwHUUp1aBAxjqjLfD6MWRQ2EeSGYHKhna8ZlMnmEoLqxpROPIqDW8WSrnKn1f/bOqKWNZo3jK5Ygm7zLypAiVNaQWk0NSqSQYiXY01L7Qs1NhBaJJGkhFwkiCcVISLW1N14o0puKgrWXYulX6M373p67Hs7VgcP5JidxN85MmzWzZjdusv//3ezOPtndzO5vZ+aZ54FALWeodT7xxWm31NrE5pRFaknSdkrWctHr/FweY4SQLdRqE9EJ1OJ04fReQbMBtZyn1tnMO6eppQb5XxCilhRZPFLI4XXeGhgjhOzQ+6Hlv0AtYR1qPvk1FmaBWl2gFh8boysSo5YklVcVJXWNEYfu+BFC/a7I+PiseuPU2guEeoJa0ayP5OD0Dmp5nFpSZD2rLFzDJ6nhR4iWBvUFOk9PTws9cJ7jq7KJ0/ubaLQ6hT8S1PIItSSpmtLI25jlX1hXsGoEgrqoxvhg60/FdY0cvcENArWuLXVubljqIWpJhROi5SyPEoYTyuoY2hoEdUnRrE/OjZl8QiLmO6hlr866Ty11enpaeNGYuuhTFoqq1YeIKE7GQRm9tbQ0jLYMQbrMxwdBrc7elZXDw1eg1q/6HnLcT6pW62hY+1tOkdetYsvZvMYv7w2OIA4hBBlqjA8eSqCW7QqmtCclUOtXnQYe6N9IO2dNGRHeV5plIwH4w8sKhoPeebNs+JmvNcvvdUqNfb8ofVgOnHV0ioWURkoWvZNiCe3EuT4koudCENUV44OgVmfUQqaSVhrb/BnRmROaMWRQ6mezvGvwrVmeMdJtPW6WfxjdtmZ5WUdM+LNeDH3u0DVivES0lMWuU0V2cNEWqNXJoEfy5eQt3IY+UmRV9vlMIwKAWqCW/ffF6JI83DU0saZveDFhlPWeUjw/0axhtMEPzQrbRuesWWEzrFNrUy996TzKyyJRctawFdxXnFu0BWp1Qq2Ne70RPRcSVJFcFX8Q1AK1nHuZBJu6xBm/gVaI/1IhfuUB9jwYC0rCWo8t7+CiLVCrk4bWK5lKIDE18pNcEX8Q1AK1vKp8QktvWzrCwUVboJYXqFU+Pa0hQlH7F+v+1fEHQS1Qy7OKpRRiyQM+nND2HXrpgFpeoNaLUODmY77Hy2tr7o6NEa1DqzQMaoFa0O8vu0LKogd8lBCHFm2BWp6gVmDABTHfHw8NuDoO4cVSrQMJ1AK1nNJoL6eOt4ytT1ramXCeoJZHqOWC/Fpuj5571VItUAvUskHJ+/e7n8v4d3aOjl7nJCz3tmIJ7bUjmbZALVCrW9RyeaaS8gIxX6qlY+2JnEUcQlDr+vo9eu4NyEocws56W0Ul68iiLVAL1AK1Lt6qDVeMq8fhK1v7J0gcBGp5llrS+L4lbIVTzkTRBbVALVCroXauGNLFAhjE7AS1PEwtabaBLfHqtawjUXQRhxDUArUaZ9fOFQPqTGOIQ9iaWmphraGYcZuerRnSAz1J5WbZqBBultf0Xkz8soLxhBea5bLRKVJtpJZ/dlUhFfHqzkTRTX78Y34OjxSo5XVqFWWzrFqQPX2taBEx31tQ69nu8tDy8vLAplG8KNU1ZEQbnHiglweMELjbAWP/nu6fN/WXccADYxHwjwGjwjude+Gf50HbqHUxt2UBW7GE9sn+RVtqXXiiQC2vU6uQISSBOav+l9uoFXkXGhiqK/Dzklq6HlxSSy83A7efB4wKTWo9NypcUsuo8MCg1tpQaMVGaqmFlJYRD3pRVEgVrc5l1LoHavUDteKHSjtXDAjUcoBa2zPLK88aihkUe9aU4cbwsFk2VuiH1/gK6mUFY23UbLNCWe/kjE+EdoP2Uesic0laeCx9NqWkImh2bqLWUvLl7V44UVDravlrRz45h4cL1Oo6tdbO6x0hf9x/1SeVP35VBX23eYX4dmhv3E5q+csJ8Qjw/lpWWUezg0AtuxXckn1HebQTUKvr1OqCTm2mliTlF5ScaNSLuLNpjaH+pdZM6E9Qy1xR2aeU0ExArb6k1ort1JIqRDwyrjMOGVDfa3t398PUjVNrLxB64crbM27J672yjQYFanmbWtIikY9VwbpwyICuI9Wu5HAdUWv3+XN3vvAXlTYBCDloyb7DApqUpX/eRYOvHoxD6AS1pEVZXhT9+1NKagxPAdST6IxEIq4cKShk2gUgZJTPEp+SLhW/RRuq0gsq6Ft0faM9N7XK7ojS98csu/lblX65HnCW6JxAkLdEz3ictyS1tTTGWvpWpZZ2TC5CynM7Yowl7qfp7XhzeUDlOJ1xz8TGzVLr6eTkIz68SnDM8Rf6ysznX6h1/37H1AqeKL6oYN1a1hH/3ORtCfKwaqctZTqoGKy2PqA3vfCseL37I4cK8RFZIQ3JGXrFFX2TLo0uWA5usTtk+qTnfez2NH3hv9VYS9QBa2yVsSQvXOZc9tcIaylH+VfiLNFv4520zBzAMCXKbCfKJ3rdnzhLl6tM/bEMayldYPqvl2YUopy45lv7hvNr/bY89vvnn05/yuU3v4Q5ak3eudP5TSikFGH/d0dSliQHR14irJMlzU3309VMhAZaKPDMrH74z0CrAwYe9uLFHywQYsHrXS3m5Aa4fHURllqyj0qhA47D++wOQql1kGW3JxhqKawlllqMJbJAXxk1pr6PoxZniaUWYSwx1KoS1hJLLc4SjY0Qy7CWWGo1z7XBeDm145Z/221ZIc9mJro+AGFPaIlyWtiRsJGyRLX5IqZHBkcG784nb11oiZofvcXqK73qp9wOOlA7x21/Sn/iK7dj1MQS89OmlqaFLD01szQtYGnJxBK9HcnJjb6KOTzRXG/PacCUWlOPB1odMNST1CrV369RKwdMvSoljrL6a7oDauXFqLXYllp+jlqEodZrzlKxLbVUnlqlttTym1Kr2DzX7FHipDjlmn/bbdR6EWKp1VODHt+yws6BDqQsGZ4cHBwZGTR0d5jpgzG6N0nf6/fZHYO3WP4xuksfn8l7rKWX1NJH7gAKxqfcL2zQk73DWXpE4XSXs0SZssRZmqeW5jlLSQonM0uPeEuq1DfyMrWiR/XXs9XP3anYwa/zWm/YyaVojDbxPLeDjtVws1FRZl6rzO2gIFBr3AH0VbbDW6KJ+A5MLEX4A+g7rsDtKDOjTNwO+ok9xVuiA4Gx5rb8myk3/d3uppZNgx6B7jyIRSKatiScEveUF+4xJjcGG+C6EEetEapBhlp/cDtYarHbNxhqcQdw1GJ2MNT6xRJDLc4SRy1mO0ct9gCWWtwOllojrS09ogfUb9fHPgo67GFqXSww7pFY734J6nNq2fMgPujSg1hSiNgohb9KiP0OGcO372zYQK2vXqHWxnyynyLle5haWGAMaoFa19TsqpIui1V1xCGjDq7R6aUr57WYmR9uSmjJdF6LWhKc1xo2s0RPc9pkSo2fjWIsmU3OmVoavmUy13ZpaXq0z5IDepdavdTVgkAtd1HLX05rq2JzaAdHChIBQaAWuloQqNWeWjsrVcfcFLeJKIzWlSwifUIWtLK5+WUK1Go1xCET0TEOCNSyXz9m3jlNrZWZPccyx/nXFSKW6zOc0PZVtD9IWGdtoud2hVpj73/8cFs8skYGY+RRALVuTtUf56rT1Ao5Ry1pSnhqq0LIK7Q/SHwYok2mkq5Qa/ZzaMZl0XPHcwRptUCt7unpy0fJYecfxC5Syx9LCDq1q5+0HLKFQz1GLfdlKjnUkMEY1Oqi2kXP7Qq11NvJpI2hfbZlwfDveeSHhECtTlXIWIrlBIFaHapdppKuUGtu/uPHpI29rWNZcNXWuoL8kBCo1WFXS0FXC9TyHrXsyFTCKLIqOPQXTmgnyA8JgVroakGg1o1SS8ofKa+FaFSRkR8SArXQ1YJArbae77FIJBhUjfKw3dSSFhWxFJHBVSWFz0QI1EJXC+phaq2dr6gOU+v0v9l0Op1a3S8dFyvVfGH0zvw/l2y9rOCJkhFxf/fX4JABgVroakE9Ta0z51cZB6M+WZa1Jw1pJJtJ7P/9n3/v2DrBVBB0f487FI4QArU8QS10tUAtF1CrG3EIZ19VKpXFw8PXJ1u5TJYoiiJnM1tvXx3YlmHav03Exggb+SHjaIUQqIWuFgRqCUTPVYORcD5a/Pt/iaz85Il8lDuO7tjDkHhJExojdCI/JARqeYRa6GqBWp6jlp6izT95/x//qrzdWvBpGsmcVGxZQyU6RhhOKfvDaIaQALVCLohD6C5q1bta2ShaBqjlLWo11PB8r9+E4E71OHUka/JC6ZUNn2+iY4S1LMEQBySg8vn2ylUN891MoIVC5om/90KtDgi0iUM44544hPWulryPFY+glkepZXi+j8UqJ5k6uBJva50+DP9n73x/msjWOH7uquRmRmaGacoYilNC4MJWYYGsXaESdktklwjJAhECFVoERiWKGrO9MQKu+8YX1xiiETElywtMxQvBd6SYQuCSVEKI4cdC+qLLxo1v5K+458xMEVRkCqUt+HwTyJwfc2YYeubT5znPOUezj7CLgYAMkDZxn7XFfv2kLm1W3zj26RM++2nMvD02dgtMLdCXTK2P1iGMALU4vX4zahHa5DjvFYmivde5Q4NLq4/wfAPzBAIyQCAwtUB7gVrJG3Z4J3qWvZ5aYXJ6pKynlvlW+2LqBmp9uA6h/nx3JSUyjtYdjXBpjiMsYeIgIAMEAlMLtBeo9bE6f/y3fpedHrXZj7Zc891Y01skUkWNO9khVauPMFfr3iYgEAhMLVCsUUufadxtd5m2/bXM9280MGJhW84OupVGHNVQlBM+iSAQmFqgvUitCEjzrpDnbzSITGHJ9rdu1Ogj5LrEQgjIAIHA1AIBtXZGLYVblKNzu2tmmK8xtksa6t3vgYAMEAhMLRBQa8fUkrnFUB0t2/4+yNzgNNRrg4AMEAhMLRBQKwzUwtzqoJieG9v04LUymvY1TnWIsEIGCASmFgioFQZqIX3NOYpxdG7LhWc6Jzq0AK+GghUyQJ9XWk7OHfAjg6kFijlqpeXselxCbXZViNcwtRYxVOO2Zm+19DDdGqpxsGUJaAvdrqpqT432TZj177dTBVMLBNQiOvPX3d3+BnV97HbIy16c76DEwpptdS/RpmXSFgRkgLbqGimHv8+N9k3kLra3d4KpBfqCqZWPtTFn49oYsSM9Mbe6t7HIU67GISsIyABtQa0tdiqJDLUeHU6JgdVzwdQCakVNiRZLxufWIYyMOI7TZG4xVOX90Fvv1FFajDSyQgYEZIBinVoxsVMJMbU6wNQCakWHWlus+R4Zg686w1CmoZ6pTSfanFzI7V/TNocYAjJAQC3NphZsYQzU+qKpZfn660RNNWscDNMd8u1pDshgbGnwgQQBtTSYWrCFMVDry6bWhp1KPt9dOhiqN+RYwjZKU0BGDmxZAgJqxaCptdYr6YULUYBl4i8nf3sX5jYT8vfycEQMUouLXWohU5tdLAx1cMvk0LaKLmxZAgJqxZypJbkPHDly5LdJ3IWlmdHIz0/xNPN5/ItwNHSyD/8Q/h38pSmv6UIyUCtM1OpM+UnZDItMDFGkUmwtrQKAW0ubP6jw0Qnm9S0ah4aub5taCLXaRVuIIfB0J6VthYxKphL8HiCgVkyZWtJDtj6vnmWH+wi1wuXEl9xXNFacGX2cnxUGBxTdP5qK3KO5iJ4V2Kb0PLZiz75sYo1a31VVKdTKufsvRe3qht9n2tX0mJK+1R6skKNk/BqsoM4nqQ2mF5W+nrooZ/zvH9lndkAtdLOSobpDswe5XkbTChktdqYtQk+epmn1qLTEGZ1oLGkkECgJ/27uUsI+DcUEakXF1EL5D+ty8/Ork9gVc/ioRXuFp9pqugYqjGG5pGumQi/hH0QvJJ1K4Lwz7NO92hVijVqoU4XS5ZRsVbVKxmIwfVdJ/x5MZ6tbG38fTKstDAXT6lIYqY/kVMrhRdNOqEXfORcytrQGZDSKtvOReO6u+SdYgRryIFatfxmj8b+XXjGi1ToWlrYyAjUoY5y4V8vmp5aWnlwGau1fakV6VEt6WIf7CT3RTF76hFpccYbBMKl0mjKDejhhiTf0ka6V8S45w2I4jqRqi+WQ8n1wXZkrw2L5Cr88vG7hZEZGn1ycUH2cZJ8iLqGySX2xwXIUyaeThvM9A3WlpKIr2F5xhtFrsJzCt1RusZSSa3szMnGO4ajsU6IP4lv6irgzg8WqvAODGIGDpJL89vKwK0CtMFErqLQzz1Sp/rzaYFql2HfB9DP168/zYEjRRC8AACAASURBVFodHGoJpocUShmH5NTz3z8wLUKkFkJ3ekXqSWhf9jSukHGpUOzlIvDcvUsUJoaVcbRgaolvw0ctyRfQ2tjEHNXhC5wOy2VXrc/QWetzRA/OiaKOYRr24/ggUCsqphadoFAL2zwqtWYFlhdk/5r0mmd5ln2hHtS9wB9rYbhJ4Nn6b2ZIpUE9+qCM1B/US/0Cj3VCMbuah5NwtrCCK7tHLwyw2Ajy9rM8zw73Sf2knvAYYdMIZzzIRPTsaDyuMoJc/QK+UMVxbDuxR/LwIX+VI55HfHfs6BWUTy7BVqhhHJI7PZ1vOpLeXHfgB/X95xFGgFphplYEPQChUos2NeqYc5dC6mqF4jUtOHLqdDUR+JMxtbp881NxZBwtnNSivXNaDTfzwrQ9XO5Belyspcd1txB9VnS0PvXNMef24RTU2FjRKerUivhcLcXWQu9tLc/Jyb4J2b+2INSVFhfEZ+KDplPJs811qbiaMPxt8muer/852dOEgYYW2Ir3ZUlfKblZr4WrxWX5qhEkNB1K9gyQFt2CMHyoHMOKHTxe7GYf6LPKByrKyozSDLuSVYx/mTE0+abJ8ne0mx3+NsstVBiRhxeGjyYvDIxigs2ydSeKq78xrhUrPcHVn5THJ13EP0knlRy6n30M1PpyqIVITAZTGRK2Wpk4LQEZXJfoiMCkLe8Sc1v20RWdVqmV/HI+EHAqly73BQKt94kbAx84yYuy2HfLtRwI1GTSL0sCJTlKLXzCMdIBTvhyvKSQtPKKanAu31SiX8hJf+B8XIf+2XcHN+Y0I7oUN0AqJJ/V2Ut82NYjDbeSZ+laPmaenCfW11pW1vIf0khJoFVx8SYG72utXOl+kmup6LpryXZHQq6aNETTf4qFuWjfaaiqqj361PrP4ZSoUmsXTK3kxIOyErM2s7VSE/ILktiX66Ix6AlhxCw9HFVi+1wP5fzXmDsTzXW5cgQHGTSaxb/VMrdSRg4X2KvEPgqOKpm9A/VXZNsHEwZjJlNFJGkFcwjbeBwpJK491wBm36wgU9Q7UIdr0jPYrPII8tCXG9PQNaBEOdJeeThMLlbeLJy7Lpdzj6YFFwLyCJtHYwSfyGbPBKi1J6kVMrZMlaKmJWha7JGYtIWpRSJS4ils7sjUck2JVtHKFF4mTr454j18a0Klb/CB6MAWkUG0+YlHsfcVg3NsOId+MEdO6E1D5lXrvTdyocnlF+N0+FTlD423Kid1mZA0bi3Bx/eQND+NT6MacVUmLs5q7UIH/eTKthpE/z1n881ZrZ0oUcn6L+7f07Yp3IRI7gtfkdyXw4TKlXL1WwB91u+ftt/zT/f4py4hOcZkdV9Sy2gyZUZ9Pl/uj1X/HIrmDbSF39QqP6DKsomtxefl1bP8ijFILam4vGCWHzF7m1VLBhPkUEFBgVsYwbx5wMmBf8dlMjxF3ua6gg1limtu9n0sBAaMXkYf5p1byV4QBslJMzKHCLVesys4XU0wNouhJ7cyTKocwBaTh5V9fbP4cEIY5tC64pk1g4qeqeDomYrgS2hiYHTzIMbE4BM5kG4Aau0fahFsOUKZuHXTTjk19srdH5RRqbVK9VxWqEX/6ehenp8TF83IMk0VlgT8Y6SSw7m8JL7NRYY4ne7avF+noypbA9PMXQ4Zpqle+QQOrTJUzxNcyDyXfH6qoa17SOk38TpdXOO8nxKfYauOslNvppzoAaO7tvxqWjwj+aZ09sbuYxiXDa3LfqbhNPp7KY7q6Zq6jLNsapZnTsf0zo9Pk9E+fEVbd8DfjTDw5HKbMiYmjffY4+xF9rieInXsEDfQDovU7Y64nOvXo7mCS25l+Ee1ysl8LKxPUwvbWvzFi+k/kFgHmVq0J4nnm5sVCilfIyaaeV4QBH49tdJUagXL2GB9+gNqYVuLcOn/7J3vTxPZGsfHC7d3MyOHtnNLqW2mRnCtRe6CV2YtFXstue4LIS4aNVJp+TkuZNUaohuDuOLbawzBuFtTVzbZG3+gWd8ZNGpYSaRBs6k/IH0hJtzwRl/vH3Cf58yZFkR0KtxLG/tEpHN+zJweZs5nvs955gwXHafUQvUmPLFiHav5jkatK1rCJgon3IuZ7RepdYRWotS6obb6WSobN4vs3msN8NNmp3EhIMXuvMc/mM96BPokR6351Jq3em7WUAuxldbzxmF974dcmoe2Ovcx61iIWhc3VT2N883avJaCw/wYfFQekOBRuj0g+YALf8T5U0Atvhs/ijOlQAlCS+HU0QAJdgK1xFN0l/dpaEeSFwUifxjSE+SxSxjjxdNOAYHzHHKmpMdOzitGYPfeWGg/VpZ2ALXE4AlB4ApiocssaTjOAxbhYI9pu1AJmrgzsYiaz+75Pe4G6Qf3lP+m201xKbyJifsX7pF9+85xOctW6+KXflarvriEWrF9Aa3V6GZuNQqjYWvjwb/WDpuT2ok69PZS2/Auas3OkxfWWkqKWpD7qppWcmjUKjxCE6qdjFqwlwG1yCCjFuixFLWoWmPZaFfMSFr8oRJr5Pydr99HBdYjc/vEYcxRi965mUzL3xMfSS2KraP6i+uMfud6luKhreNEpEb6F6AWqJOIRIKXtRhCYdPtyUejwKPoBDmt3q09IIF9k5OP4uQmZxcNUDKakLqp/23GHZ3gz05OTo6JEXQxBtCTn5BUarlT1IogM9+QQKcwRmaouz7Oh6HaAz7Qx60XQehBrq8LUqZJC1CLXKX+PRLUkoBa++kRd2G7nqv73aPld2t3w1PSZWitFtvxKkZOzz+rhliPQJ+05Ab/bLUlk1qD3tTKEJ5BB7MFtFajdk4jjFgUA6Ln3rVGp+Yh1IKQ5lGLMYmjwfMLaC2cocKduDWtNWxNRqWr1EoVFzStZWVCD+fIUlqLOS0FdSIs9R0dT6xVnmfWHx3Ing9AizNBXwzSf7P6xHTGmylPQmbaWyGXBVsOx0cJvjTntnRGvxtbiO/oYr/Scf5D1PLVBKcvtnKMWrWjPgmH9RmnGqiBMQ6jvOjHeSn/DqAWNima8F9l1IIdEJxwImKPJtZG/fc5eS61AhXwazPv+6cw5v+c3h/GDTg3JUmBTkatKcIOEkZqUYk0xSeThuM0znBA2mXR2jUrX6XPupcvJ/j+l3FD/0vKrW1xKfyOOMYhPketnNTSrPzYWq/e+2XlbWphCIbpl8LbsjJeeBfQYDLCB4w65zyW+dTCQqm8pNZSScOYZ/6aQgdqMq3FAjSMHplRa6S9ESfKFA+naa3o+Ts/IgM9Rk1rYQamImGMzAUoeDR2/X7nNf1RldaPGJ8hpKUw7Hl5Xk9mnAY5ai3mGgpJaWCrsllf9HtlDbm02GmZ4xEftUh4IQ/hfZdbPQXfULegFOp+UQWKyEk9c/QKHSU1j6idA2oFv6Ra62aSWvwlNbMPtv9lYdR6S2uhh5HbTIJfArWeq9QSW2itSZemtaRgF015AdTiVWqRgJrUA+XpLhi1rjJqpfKptAIcGUKiwWCQvqfQIuF33YyXsR6BPplFrVZn7iz+BKWW41hecZ5O/4rgmUstgEPbF/ZvzNbbMjfcbt1pL1h1iBu5VrjWbi/ZCJ/Ms6mFConlNUKeVdVahbdBd5kbD9o3MK1lNm9bd8WKvjumtXBia5vdu7bByailXClsOmj3fvOrUaMW98xs3mn35rWtme0hxNRt9jOrNnDPrDS7YY3W9EYn/GDnRccLG4tprEU6a/J6SqDPMkRt5ai1WGzpn5vWGf3OHRc/6n6yNVyRvNIqj7aqViEvQK3kqlZILdhGdxvOa0UT5Cyto8CWNkDMoxaboKIX3SxqodZypaiFFBLGSKBPo9Z/kujhVGoJAxh0oZpGrWSSIAO1aPQgegi1diHo1EW/6K2i4LC9ij081CBd2rJ1kOOOxPmWdyLf1arZ0dSNhmtXf27hx09PalForde7eKwy3pak1i+NpVy0pN1qbvvLeaAWV7/KbLWiChoZhw/tv77mRjbeMNKCGMU63I5+vdl5VGu1H8Fnj9utzOt371pDSbvZ2oa8+r3pFvP6tUGlps0WUE908kx5stFqNTeBpHvSzuIohvHgTTec7DAsY7jNCk16TYNG1GzV0Xj+hhwdp8ePjjdtbKJ2KJ1eq0Ns2Y2ZcB7kqLVYbIV13667d+lb+93Y/zELO3XUSP3JU0p4v/h/m1rRCRL2KHfj/IwTKBPqcnqqymRvjA+XKqZNZa751BKmSOi4R/FUvZDnai0S7DGx+GygVm+F6Ys4+dyiUQtDKso8iuPuOUYtDPY426kotS/6ktSCpEssSaUWai0nHhHa9echOZmv3S/slH7i3vixaQJA6+ytLTbbVreeLrO08Hx/Ze4szhazHOCXQmoZ7Qgt3c4uwZT0snH4URDK6+ssHC53KQhKflEdZstCbVHRICaprwBR6xjphppn1Da1IuX1tSamtRqMjqIij1pPu4aj+UX5DjlZGn4XqYdKFpGVOiiS2i/LMGGTMDvKsplWMmm7gi/ELD0ElQO2ijMCFzlqLRJbIunW+7cXToR4XStfVNRIafsIW2tEAzmls3DSDYgQ8tOQQHE6IYaAWtwf0zA0TMd6ZUgkNYmJiK+Ss/M+Si2/Sq3AGuQe1JjgQf+88VNqJZBa9pjomzjgZtQykGAixkdOgG5TqSVUx4lhOjENmOHW8zRYYw8PhRIBsSdJLWEPUZM6gFpINjjiYyc3AkeEdn3FCU8JCSQSwZC22uCU/5TwQLqMV3qCF32+SCQS0/VMUV+AN+DjZDnLDitbGqlVV1ycdyyDXtORitf4oC3v83r52HGZMLWVo9Yi7TDP/6D7XApLNbrez5O+j7CiGQbgXr0KLZpIDesDsa+cXFEiEgr1/3viHyAcf0sEI5HgYZlTnk5HQpFgt5NbF6ypoLWuI0Nij2Ggrx2Lh0KRmi7cfki1Vuwq/P80HgkdcDFqBZ42hyLNQ+gmjLHJpPrRIFRrLuM4b5A+cCXcmIBDB/v7AIQY0jgnaThOA1gGYgegXXtHsV0X4SBqfph1pfIg+K2SmKmg3yuomu+6rjGgLABk1TXZmLPMkFp4Hi7WvCAZajPna8lpUGuZbR2I1OoctbLfjP1EP2H0Rr+n7SO0tBCAlm5nl+J0J/2aJrcbn5/cUtUncw78yCl1tltrBPR/OGy2QyhFFPoolKDWUitwcvlW2ybc9riRUmqmwNVWHWI+HKBWn6NqK93yJI+nbKiybcD7NSN7vAoObbvlhsMpLrdFc338yWbDJKOLljGpi0Ior222SoH6PmxqPvN9uGXBRQ8juNzM9A0DQk9QFA1D2XGmOU9c/6nzU77UhkBqLcGbfAZLivPWZdL3uvdztlDLcywv70wG3OTlqLVYc/cSUe+4J4dJQNfAk66P8ETIIKa1wpTwMflvJcrye0WmGvn+jiJv15M/3Jz/3UgYEfmavqw40b7dvfJvN5e7Eae+61iuEZZKrSXAdjUIhkxaXU+O2n+TueywvSBTM6DvctRatPX1kmCHzrKdAX1PCwmnRH57Gm24xBsMmfZ2Dva8VoZb99LcwP8/Ru2TK1dcWOY/cs+F1X//bpmwtURSy1iQV5wJeiErrba4OK/+U6eWsTy/2pP1f8q+ZqLb3d7Fh3QRztgtpfEij1afSC5m2pW43u/LAmqVNot8lrzX5Prqz1Zc+L7UiWZJ3Z1bnLMtdRbIC2UY56TP+u4L7omllF7fveKz1TuWRxgsldQyHsvQxfWywTyZ0XnLSy1HQcGZouXugrrqRS6wJfREpF6d8e/uZqIr+p2rbCb6HwXbDlKrI9PO8LrtXdkQnneYN4Q6smLIsJwGbK3c/fDkyZMPT6dOov+yd3Y9bWNpHI9VNotM4pr1hmFL5LhAIYQNCpMR3ZClVIsK1ZRotCC1QkQkZMVFIsSGVg1CvEyZi6VSEUMvUqVSoZeIipFG2ruVesNX4AutTWLOcZuU47c4tp//nc+JTxL72D//j895nnOpQNYFisAYuVRUoCeILUU5Fv3qs6IC2bre/auKmXlKhNYr66wWZ4QpTvS1xowCW0o0qq3wYstirzXo9yctHieNJof84zpPRCnTYG1rnY8yHNFSY4+IwheET7XsB5qbgygP2rSVaXKWQe2KbAhUe5wSJQyg7nYqUEgCmjwZeejDKnwoa/SJYod91PcvFRVoGcXom2pL8TglbFi0LFu0Wt5KzoCGPnbfutcF3V6jerr7/G6nlqfNL2KrK8FeCbsNK+TRUXHTDom2pN8/pLsXF2jSIffIDkPkyzo8a6R884QnuOtQsiCVGs1ytF0iE4bO3lCCpBEsFcvpiIA0glHrsYALo5ZihwGMWooKjFrlWhn1+MyqwVTprVbRiIYSqfHxIHR7rUcv2Gk9tKymFjvul7jVIwkzPG09uNDais6nigr0SuyjohxrKaWoQLYuMVgtEZnlHxrXfSLYI+K0WCsVwkf7SJohzGucn+T4AlxRGk/dDsOkbZOOq//k52NJZ9dddmzrGBfqhYFzRQWaKLmuKD9Dhn5XUYFeq4aeVEtONy2Lf3VltSDFDKgVqOXpHB/yVzU0iNjRJRdeVaBf2NmjqECPTNFf8HKspaeKHWZRS0lUoR9a4t1khzjbVpEnfKm8UiF0UIcc/49n0Jc1armytAPDqy0uw6wWCKhlwKNuW9I/9CVrUqZTK1Gj1pA/2WaI5T1c4tNkT6KHFeY9WZtrDEcEo9HC9HQO+rLWB458C2S2B4HVAtmGWiJAol0pSdgPiaZwoXE9tktRgUYIg4pyrKXZm1qKsgb9jWccvUzW1guebKmxNEa4CJcqCARWC9Ra1HKK1mi6RPTBvUX+HVmT+QmyKPEgEFgtEFALpFKhA9IYGQVmiewS7NjluDUYvQKB1QKrBQJqmaC9LJ8meq0fyWKpsL4p9gVPOv0dBAKrBQJqgdQ9EnKEi41LNCmLImk+m4cjC5I1urUrahUVnOziiqEPKspPUL/cUlQ8atQSimvSL7exaVEGTbBaIKCWaVqjySb9iWZrh/B91UoFXm2BZD16VW6nfD7hGBUNCD4k4eS6fLUdL79AEPqs2OEUtXSBV/juI8xR1ZL29vKGFbGvwGqBgFrmKbTDk8XRHSY2W54Sx63BkQVJ2i0L8Xiciiuo5Ysj+XBq4eUKamEVCmrhLcUxal2XUcL8WfP/tbFW68sgOSA1iqZSbdYfvVagViI6NTvbhkVZibbNIrWh+e2ds3g5Nmf9o2KHRi3NdqKvrJVEo8aGnI8t8Qckr7YCR8TxduHVFqimM4pq91Hzoj6jwv15XIhaj8p4+Tai1qlihycY/xQV6OlrRS6ifO2UcN7sm5bBViv4y8uXU9CXNKrn3q2XQC2xF40nr5b7YmlbBhVLg9Eiq6AfL+9BEFKuSsZaUqxK9mMRoOSiZNLYoGTPMgyRMzqsMKQxmKRVW+twvYBO5kVobSysxmIxLNLXXgwXehQKKcpjaJQ5oijHXlXlG+wQrpWsnuzHKd9Mr62tlifYfesWjC9p1SDEfJc0K4dWwqmFo8aPUSuJl+PUUuzQsKU61JLAZegRWOaJpr+PFRniZEG5Cf7bSUtYRTYkkDqtlEqf7PDmMLzva/edW3qe2d3543yTV2IY/VYr2NcN1NLutYBanmrQd8nxJJM4a5K4cGrhGkTU6lJUdDVq6ZpaHR/loi9CRulXf5bfIYnsJJotwqXG0qot5sW3ukouPZfdhCtKo17wfNYOcQhX5+O+Y6t/xHrTb1lGTyAEaoHX0qmohI3xqWBCFCpNKIQOEktYQd5SMDqodG0GXGUcUZjBMeK4TqKmOXr6W7eSDE1D9FzN1KJpWyQn2xUo36rrzo7RVosFaoHX0tmFnorMsDhF26w/ZeyMjPdMhsT4kMd1Eo9Tkc98Y0ZGbpLjgFpOp9Z5ubw96rqzI1otxkirBV4LvJbeHiRaLcuzYRudIi48x2dJUs8Tx3WSEDfHTKwDtVxNrUA4HHJddC/RanETRuYzAK8FXkuvzxny+x2XV7Rjq8KTjBGSx3XyXM3IyO4BtdxMLVdKeqtl7HJFoBZ4LZ3fnkwOJpx3agtkY4TkcZ2kyzfDHwWAWkAtV4mVrJahEc3Aa4HX0tuFnLlMPXxANEaoIq6ThEKOfscCtYBablKBM9pqgdcCrwWqq8NJonmEw2rMlucd02giIVALqOVI9Wc5zuDg0eC1wGuB6muNzxCsNVYR10myZgd8AzYBtdxArdjJ5pbL4ihLVqtkcJtALfBaoPqEIUu1dVihC+SN7qUbpJ0EarmBWk981IzlM9/Z++vre836sj3JaoUN/gNALV1eC+IQOlifMiTj8WNFFUuNPZ78BF93/jtQyyXUemg5tUYfzlPnTRuxoI23WqLX6uuGe55WpZLJp26nViIajbLOPL1k8QhVxHWStC5iKwfUAq9lHbXe+ISfm/NVHfkl462WZLaCwU7o9baWtdTq8vt7rJ/5nggGjf8R/UQTBFXFdZIsXIWZ+3qAJlfhIKKTdmrZJA5ha1DrMeVrErU87xkTrBYIqOUEaiV6TIkq9SlDcsntLRKtSL7WLsekv8JcbnFy8hP0ZY0qHB29s8MsB7dRK7bkNcFqgYBaQK3GWuZJ1kcWaHWxQQte/uDLe2wgH4tFoC9rFGuT3+k2aoHVAgG1mk2tw0lm+eZPRbL8B1VP+gUvvRyAjus+uYxaOdFqzYHVAgG1mkkt0UZxBIGdVMV1umqWYwBbQC2HU4st0l7vMJx1kD2oFaqq1nlDslhFbShUu3EHwnJBNR72WMMdQs2mVniOZNGWurhOktZowBZQy+HU2qx4mSL0cpAtqNV7OnAhqZa19f72RU33qwUb8vZZFVIL8vZ+NUl9ZF8uOKld7PL2RpUg4eOtJlHLs8mRLNoaVmu2wG0BtZxOrcCOsckgQUAt86jVeykII5L2q9ur1S1RtTSuF/J2DWvn8vZ8depDb1kuqGLNcyxvP6xOWFiPl7eaRC3PMrMUu/kCPeLVjt9L2IIhf6CWc6lleDJIEFDLNGotjPhenUmqOaXRM1m1C3ZB3q6t4V2Xt3ert/HArlxQiyKxJW8vVO3J6oxw2Sxq7S2SmKLDCjOtsmERW+k96L1ALYdSi02D1WpNtUSWjpaj1uVns8e+doWZ3iZRS5pqcfNCqrEis6g2sHXBy8/l4BpyFbUE4bFbqFXgTLNa7NRsWxB6k0alhvw91mPLfXMIx06EN/3NohbZhIzDSVVxnWrYYrLrcBW5SAsDA5cuieiUX+S4bMyctiF6rh5B9FyLZr4vNJFank0vyejfGr+kejikkGGy4LaMUCAQGLPBz2Rb4XeObpfLZ6Z/i4kLjCHmuy5BphKRWkNDDqeWFEX35ofG3ix/pLovPMvw2ep6sMDm8HAeriiNKh0cwNQW4pEKtObEPOWWvLRpsZyAWkAtfZrqGXzqcGqRpTUu0RpWVG5mmcyVkYOY7/qeK+wRPdc1Yj/QXs6sWE5GeC3WljLk8EEuY481M1IWRspKag0mkyYehAJNkLJE/VJjSfk55mpBGFBLj+ySqcQ1+iRNxTDtvqCbWlMv79lSfePgtcxCysYTsw/K1vZl71ePTuZ9XXiO37n5pviM4zREbc+nae5oD6gF1HKS1TJ11rturzX1r9s21Z9S4LXM0enIttnD5myguXElSgwJkIqMhpH8jt73HJPNxfRTq9OWAmo5UNOcqQuMdVKL7bv9/S1b6vvv7oHXMkdPhAGnxSoK7xDNfq/Q09qucWZxedKrj1r/fv2jLfXrP4Fa+NNYPY0Zt0NTJD2CmTXr3QCv1XnndveDP9hQf/nbd3f0zyEAr+USanlWKkzhxg+NFflFTfMAN+cY2quPWv97e9em+o8B2HIKtY7366ohAEKv6u9gccwVs9Nq6aRW4s7tnx780YZ68JMR1AKv5RZqkeWHzE3y7zS1nk9L1NKRy5j99e7b17bU299+1H8JOYVa24KvjoRHjT7f+7juDr77lv4Ls9NqsUAt8FrmUsshgx5ks9+n6SVN76A7Qmsitd5r/3nB53df//B3G+qvr397HgVq1TTga68jqiG1Ig+peju0W0otKda7uTOLgFrgtcyllkMGPaTYFzeHsVCd1fhasUmv11vUHCjj4/O7v/9gxwvxz/91E7UWNjY+h51OratY72aOtoDXAq9lMrVMGfQIjfY2+7j3Z/mjm/1eieH+z975xzSRpnHcVKfcDOuk3lC1wRYlmNatAmLLKi1DTru9a27JFqy4AvYHK4mAIK7KHZDuBbbNetFlWagcJNweQYJYbrPSA8lBTpdT12CWXHIxbsDsnRey55rsebtrLsb96973nf6kBUphWn7M12iGd94fbenrZ57nfd7njejw1swSQC1CYo50NYCj1oqg1tXU7Rf3xppasnevXXudvfdYlk/xTezmet+2dT1HrchtLS4PYcip6R/5vkQTcV/ARPz4nz9PifbbqiH48281lllJa0SPmSU5FN9aRFLVkaXT5ai1Iqg130klUaHW3svbt/+SvffYIeGHc5Dqoqi1cVfjIY5akT7hbthwaK1T61BWVq5ghhvEf5cxK9Q6lnox6tSS5ZPzbzUWRBr9DncZO8uslKSoPJJ1bI5aHLXCpharJ5U05fAJ1rNrLS6nwBqn1vJQbKmVO0/2XHaoNSMPoeCNDewfuBPWVuPMatIYSfT7GRNBHl0nLM+WEPkRuFfWOrVIkqPWsqCWwEqxl4BwicRRa81Ta76TSqJCrQOqXbs2s/1Ow91qTEYQ/R6ffslqrQcX6RaKbK9eMLfWOLXOOJ21K2G3xeqnlpbVBIQctThqrSJqsZrz3aPasAJ6I4t+z/QG9zuLCYmpaoEO0DVOLQR+jlqxpxbMilG03I+M46jFUWvtUCvTQma/Om+tyHK/+wm5Cc01C1re4qi1IrTaqSWoJvhE+XL/LXDU4qi1HKi1KSrUgluNw4iOqiEii373nRMfKAAAIABJREFUe2LtMErIBXGLoxZHrWVALSfBblYMjloctVYytX7R4Jc3XHggkdXztbyykGGcaiy8RC525sYz3NKGHQbPUYujVuypVWZmfasWRy2OWqxQ67WP69ner3Us9bD1kp86gZqrvbJ0eFXOyCmHKm0CKkmBkslkScJNC80TFV5ep9J2UrvozxVyiwg7LoOjFketmFNLEIWtWlGnFkZjM9nhXxJ8O1RRaAaFWY+jVjSoFZgbgxVqpVTxDwaKJA+GlIREopBMUO05UNlmcz7EHWCcG25OSDWAtGSZDOBslldXJQnD2Mq0RJj7PVAlHUZS0t589NUw6nLU4qgVc2rJKT61EjYgLIRamGr/6UC4YI379d4SLHH/6eAWI+HgaMy/H45aa4Ba6xraAnX79u2zbW0Wn7l1yepRdhGUEakdcQsCjAyCG0O1nJwisxnYcQhm5eXvyuW1TQ2AZEKhAI4ry5eEYWw1mEmLYAk+2/S2YkJCmC1Nof4rEHLU4qi1nKi1QvyDC6OWqFVzJLBuVtdgC897+4rhHB3cQhRGzwVdg/28WFBr254922L/S1iL1JqheKlK9Uagt0IoYCRMQmoog2oqhYLOwqPAutIC3EHCNTNsMxpzTO18ipD4GXAEBWYiJJkVmGUWwLFOwigHGJN5MBZakaYjDEaTszNHIjEVa4PBJff3Hi6IWrR65mwRqbG5boOi8GZ5QD8ctYJ0NTX14mqlVhT9gwcSE1WL+NKEpBb44mKY+9vrd6F2U8tb5KUWKkHU8t5CF25q+RowXQf0Aa/c1Ao9YfxaL30ewvVb13z23GVBrXAj32dZxhIitjWUlZSW1svlNRBnyFzLZ1Bm8llm0CKDGAP2mBVirApaY6VNKTMwlmRdZPS730tuggYXaSo+Wx8Q4iGolvitei2EWnRj4T8CJy22vtDn1MBUhS30fC1mcafsLBzBOGrNrlPXrh1Lijm1Lm9PZSEPYRT9g9u2rt+5iJDhUNQa02GYXq+DxTS8ECHU6PX0fUgtdE/kTy3eGCpB1NLplfBbT4MiACFELYyn0+uVtLvrOFTFW0SjtohaWJxO58EUEjPfYNU4mjVqcTnfVxS15lW8315VZKeVQZRBy6zqLORYdpERUMuHMQm0xkxejHW4MVbmNBFa4aYl+oiFTksRXyKhzNXlZ7zkSjJTfF8WjYVQS/F44pvKwJK7wzdzPT+oxye+/TSwReXjiQ8rw+g59+7wvdxYUCu9qakkc93KV1SolfTHq3+pXXr/YD4RNf/g0p9UIup15Z3otg/103H0xi3ddleeEsOkfaBki+EIjSX2oSIftaRv37LZXC00oNbQCZvt1mksDts6agcXNKKW9G2X3TbUglCzy5V30mW7kXjcZbOhAc7Dtnmgn361dIsLmXLKNEYIYdjGn7qYPjlqsaTcxkbV6qHWPE4QAcCYmciulR+t0bZ5MGZsb+fPwFh7Dp8yWtHiWJU7ziOdifOYDWV7LdXVc6SUT6ptM5skB0mTublDK69PT5ElA2rxAbcscuFs1ML84plo30XlYxxRyxfDpLiLQ2phqCRhHP+20tMOFCFq4b+tRJ1hM50etK8iFreZoVZI74Z/66XPQ0hRxdypkDE9X6uZ5BPa6AzFwvlagD4Gg6tbYzvNU4F/XQZgYY11aRwuu8EAGDSqsd2yuxe4ELUSux1DLoOjPwG0A5U0d/S8K3ZQpLkzAn2K4K8N3EfrW3SvwWZw2HpUAGMuMIC61w4HOAKpVdAFGoBZQW+0OwxQ3ha3ujV3foexQi3ufC3w3BOU9z4W1FI1NuZG6Q3XEHzvmhVjjUG/ogdjyKkIMUZQBDlXnIc3HN9ZD+Pxj1KkpAbF5AO2QSVtYs5w9g18ptxiNoJeCeSitJr4SISpE3ArJLVEarEujRbDK7E+TSmG00OsH2n4HlKLBvd0YsyPWgqeHtYG1PrPbl0aWtxK4KXpK9UMtTBFAfhB7GGfeEyvpBW8tDQRLFInpIG2iFp0Aj3GDM9DYoYQKcbS9Gr1Gs/5vnqppY1m/CAr1HLkYRu7B1sS+iBI7tsdN76wgyKVCzDoiuFOj7jXbuvBPNTCzo+os7o0eeCWox87D9oVjA7mMUWAWrwugDjsZyhGkO61G86NpCnHzuvV0tHB/qxRzTm9slEPqQXHQqtmiRnHjxeCP4wjfuxNXYKq23GDx9laUdPVVNapdepXv08OePrakJsbrdURmZkMeq6PD8bYWYLqtMBAD1+cB+kfqO8Nx4ceRxNCEBOTD9gGVczsRLM2e7egtVV1VOe7WQWoyPcIcKv2aTC11K0Dg+/VVUzfU8epe1/UVby88ClGS5/XVQw8B9QSJf6NKfJQa7P0+UBFxfR1NaDWO6DdQL86TtwFir57yEPUkj6frqgbuK5Gc3zg+o91Lx9+8d50RcXAVwlxCa3/Bm2fKAC1FNIX0xfgE6Puzf1IaKVL1PsCtH7nczVHrbmptS+EXpljsoRssC/q1ILHw0UtfpAdWwuYNhBIWZA+GGBQSy8sQpYTgEthxnE7gxFELVq3MyPDDTQlBiEFKPPnjMJRzVduW8txq1/JY5yPBlsPeHbD0k7CJi3Sbkc/Dzz2FXQ5hgzAtmPWvvSMmEWuMdXJjBOoGmdrRUu/eeV99ncZX06J2ftzUvOeWBIfvy7JShbLGKciszgG7bEaJs7DCuM8fPH4wDYD1hlEERThF8QYvPuMICgP7Ph+3PrXR58EUWscx/GXFfjkQ3HvI3xyegKwKve/oOgZDq4K7uKTA1P4hwkeain+/mh44Gt8+N7ucXxiePoZ/rJHMT6FTz/Cf3igANTa+yP+1kDdxAVkWbVO/XpieFLe++VbA6Drh4rxZ/hk3cQHTwG1PnuB73gIphvvChgH6gP4usTjU5PffYnv6ME4as2h939yOJRmTZGS/NeQ9Q9Hm1qCYoJPaaM2HCvUOqeMc1OrhRcHjSZALSWKrVD3GexQNi+1ErZ2axw2uwFS6xyYD32IWnYDqIeoJZL22TWGodOMrWUYUgJz6r5dA/pA1EL9FHQZDIx/EHoIu9EIjIdwrA9VZYtanK0VSg2nXlt6p8fceQijO0UvhXNiSdCRJcAey3RHDHjj8csYlZaWOnMoqqoWuQzlNYy07r1o7h1onZ79Z4yMXmZRBGVs/mhHCGoN/6kSAOvmnv/hn9wQfz81/Hnvs+EnsOiblPGJHx78oXVq8gHP4yHknbyx+9Bd/MJT0O6euPUZfvOzr/EnyRv+z965BjWRZXE81VaT6TCELAlojARGmQFdJLATXIEYhxXZiUNWUNCMbiniTMUX4jiAQUYX3IRZWQYfwIJb5WODDxQtVldkjKUuUzIWlGCxMyWFFJRfAFMjT8vaYj/tvf1gFZBpNs8m93yg+t6+3Z0mdP/4n3vuObALUOtsE7EmSjuHfMoAtYj9Pfro2PkW67e9xL1VfcSJ841zLNBDOESMPoERGeq2l49JSyP11YbtlQvbOhq+xxC13m7Lfr1nSnvrrQWtnuEBDnoiYH2SEqe9CUUOplYKNq61+LTWytZD0+BSjBRkG+4k3LbgNRO0Vi0cYyGjMdSYz3ZzQrZarcIpaqnB/jQLOO6kjKQWDrRWQv2dhGwy/BCXfXYbmm+tGi5jNpWnJMvuIK01y5weLqXWss+rBFdYDPtSzrZkiTddy3j8UGiTzkcvQKN4F5S3lUaWYOXxw4VTzGtlNhPvZWAAOvf+2Uf0h6u1AC/NxGglFv6MeL7wFTFaXFw8SGGEpJYk7lxxcS9xNKSZ+F0dHj5EHHvU0bCmuLiPGAihtFbD9e46UptJIO4Ccb7kyJ3ix11E/7ddDe0BOKYG1Lre+tMTKowwOlmjSdYwTg9Jzo3ix4OTQwwRtWaB/VIgFqQ7sT6JI6klqUmoT8YWmcpvtZnKT8JAjDRVS6oxS4WFWvDQHSmVcBD08illlIewvFa1mJrXSgOMUmhIraVIlipbUuv5izZlSSlq+ZjKzwceMSekQOJp+AoLnNd6ZGZWJL8W+a6GuAysRlrL/Zweq21yeriUWjzeNlZiK2TFDBZtQWptnMlnyCOZJVxZsguicQpqAa11og5XUtS6F8APaCL6y4iiOjxzhKRWqw5YZ7uWppa1eTeh07VCGUa8qOMrXxFH2zoIOEZHUisz9OUgQRRB5x/UWkV1gDjPDOQhkFpkP7gEQYyS8o2vqu4yQNORPsXYlzowlEDUmo22M13gJXBi/WKHai1VnDnhga8JiCAghoz3YTQhGUPo62vOBjy5WaultNYDP7gLUCvV6AuOOI+1pJbX+9033pKQ0RhGX78bCd3gwG6KWrjMnFDvZ05NSJGAgTfum8gYQrhdO3FdFr7YVF4/15SKtNYsc3q4mFqlK1mlx904g2d5xtS6IhYIq9YlllJ/f1NrrRfj1OpX4lrwE8ivSlxJaa39WcuXr12bjAcGUoN6iYEe6RBJrSJKa7V1NHTngEFZZDSGVJnzcjc4pUqJUdSSAqo9z9rQR2ktLV+KAWqN9UJWkh7CP/6VtG4VQFjL04Z+y6MuRK1ZaKISoZfwlDPfg45Yr2XuBtSqMdZi0pw7JpMxLRnH486ZTA/mm+F6rc/gtFaK1MdsvAUHSXJumEz1YJeq2rgJDK/vUfMb54A+U71F1WJKwbbD8bctG86lpoFT34fzWvNumMrvbzedlDa2gIHGk7HnwMUaa0z1lZNyPbWYTabbNcYepLVmlbmYWjxW5SF5vH3yzZGOolbhFoCscSk3tdaiqXX2FVF03tr8tKG9+mnDQyvgzPOQEaLzidUamqUONf+jEg6C5Al6RE55EZ3t1uoO0NVLPA+3KuOTAwG1lDmWcP+R1qK6mpu1gRS1LnboflwABvYnAeLVBR7pgTGEFwep+Au+OpAyUpw1Px394iz4BB5OrbCQkCjRLHsW4aSWwKlFtRygtaIbyRwV0ZpomLpCoU+GyxBxsKFRk124Qk+uAPbRU4PUGr0lGgcbjRq8Ua8nc2pgGr0iOZo+iUahgOeQxcMh8MhGHOzm4+TZ4EB6HF+jiZ5IrWhcpgf7J+9AWgtRyzaxxSbjWsYW+T6Wfx8zppZ/6evex2mppbzYQYwOG4j9dVoYOXgQxhD+q4/oHB4++GJnGUDJKkqQ7R7uIkhqgV1dxE8/KkeeEmPD1zvbwwG1rE2jw6B3IAAQKoSiFmDc2PAgQfRbR1qJseu7j1mbiIdgu+GhZMLjpqoeBEORh/AP76z/Lsrln+LNZYC22hWBWLw5w6k3YH9qvSUL4JuZA/mvL6B/bcn8xEHMPBW5tH7K3IJTpxn8uTSE9tJa78/JQdSa9K+Qv7+js+t8GlFR6NJ7ZFUekixrfIXdCWdMrTdtKmqVGQYAtYYM97SSsj6dznD0PCZta9LpRm8OHsuUPvr3YKuusz+zuqOzPWnI8FBZ1qtrHTMOfhPebPimr1U39r2ELxkBfbq/AXwZ/mT9jwFsr7kV0Kc7Fl42CJM+SUYO6nT7Uw33lBJzl07XmZ3U1Nmu1Q4ZiiYHuD/bDQ5+SU2jeS61Pgl+9yOXUyvswNcfHLbXybwjVwi8xLucewcL5r1v7zyEHlQVcsOiRT6eTi1RTMyEJEWHPyjwd/BF9xy469o63+zKQ8KyxivY4dX+1GrUkD4N8qcK08froa9Oih2JT5bINDBdhk98VjLGx3N6cHKQKjQ+Phru0iiksfE9lVAvZYI+vZrajymy4i0SDI9brsEboYeDr5bI1mapMXiBQBk4mZovU0Tz8ViFYrLTQxK31qLCJ+/wMGr9TKUSp1hURXCw3bLnRq0TeAlPOTkHZIxWq7Wh2IaHUwsGIrv+UXC37LmXIr7yd/ancPo3wVJslVaxrLRlf2qNl0eYmIcQp/vUVJ8aez2nINzC30wviFN5B5lONYaPn5VMU4iP5yHkT3SjTKzcijsqo5NQiKjFGjT2rFRySu4lPMSxQBgPp5Z7mHvnfHcOtGJDQ5PcUWzxEoWsfITeX4jlv7E3tTynKuTezZtLELVcQK1ELy9BeiSPW4aohajlDtSKiVu8OMC5l9wrZyW2wg6x8xEuzM3NteHp93Bq+QcF+XPhUZ1t1MqFicU+59oLE1ELUcstqOWcSiWvW+FmdmKLtY/QJvNwanHFZhm1SleKnZl+EFELUQtRyylii62PEFELUYtb1PKOhDkxuActRC1ErSmiMTyDWiHpclZii62PEFELUYtT1AqB4YNs1yMiaiFquTW1rgZ/7Oi39Jn8KJdTi5fLLoyQ9BEiaiFqzTJq+ZcIvQTrQjj4LSBqIWpNolb+h8H55MbOA4zRuXIvM+2rVHv1+ICdVMddpv0p1c5j2gVUEciw01RzfXCB66kVto6d2BLtEjo8tyiiFqKWk6l1SgCglcHFbwFRC1FrErX8CwqoKOQ9wRG00RD6gWl/TUsmph1BY+0jpn2Xlm1Mez2l3hZWUM3g71a7nlpQbLGKnxIdF25xcJ1XRC1ELedSK1HsJV7BSWghaiFqTaYWj8lyFlnAGF2M9TLTvkxrrfEBtEvxEtM+Q2ONad+lktUuOU22Tl+e4JhwDbWA2DouYjOwcCY1SxC1ZjG13CGjk12olSgWi7fmu+gORDExMaL//3BILZWagya1C7VWxcYGiFz+KLgdtRxnb8sc4xpq8XIFLBerbBQL9jr0kyBqccKuVlR8NSuoBaDlJc511R0sWDRvng3vPNE83+3xnLT5c3fYzhsZyp7rXGrx3ItaUGyx01DbhFvzELU8nlpBhYWFLl8OHfXnd4NtpBYJLdfFvNuY852n9Zvrx0mb6xdr+28P1dfybGqxz+m+5JB8+vB3f/A+syEnEaSWVcJBS/r7tf1Wm7+H/MRdhzmRHMMt0JmfdyaSy9Cytb4Wjxe741ectB12gBaqrwWvHhcX6rHUClsn/D071pRWybf9Ypr9GVuqqmxYjCw6+t5ANidtzbUB2/98vpTL01EtY2eZi6Flu9aCM2MLuGh2gQ3SWjbPjNqJWnE+i11BrRkU0NolnjaNQEaVWGBD9lzeyQvXLnDSrl3YZPvXwJVKJQha7qG1PNqQ1nITEy1dutQlgo+92OLtk08XJ29jpRJvUcrACU7aQJodvgZELQ+Clj20licb0lpTW/7d09DogqmFVAsYPbNzlWnT8e35TPsSFd8e9AnTQb/mzzDtq9SraVneEne51cMCAUuxVZg+XWYnG6kFyZ2EcdAC7fL8IGo57f/Dv7geWkhrIa1lf7v84Rtrif+32HgP1fFbpn2aphjTfodKkcGsJY6IoNd1FTDtjyla7az4wV0yyYhK5CzFlnd+lfy/7J1dbxpXHsbJC9Pq2Hs60YQkrt3BodglRrZws6KN3TFdJ0bRRlYjdzcIQXmxhLQziigODauRAzG+aaqwLNtVLCxRJ1UvrKbtaqXt1Uq92P0Kud/9BPsddgaMw8tgMzPMG/wfRYoNnMEM55zfPGfOeU7SoR21RllALZ3k3EcEZXjMO1ALvNagdf/6mdnWtcSvFxsf5Tbd6VhLzHeuJf6l+cDRMsZw8/fDRte0faYj0clA8VTfke7cCau2gFpALfOrWMIERRgNLfBa4LUGb7U+/dKj6gD+017g+GX6kVk6qf7Nls2foQkeqAXUsqo2N0SnVTD87wBqgdca+ChC0aX1WxxMPzVN2LQMs+XOY6YM1AJqWVM8gwgU8Rp/oQjUAq9lQYVNRC1bsn+zVQ7QeSdQa2SptRUO81alq5+rUgROlE3wpwC1wGsBtdSpXO1/pVUojqRnZAC1RoFapkjPJdfup1jZpdxZJEAr7zPDaZy6cg6opdxrzcyMfA4hUEs0W33fyAtilPYDtUaVWpbdqWRzAxMUyrpMcRqnHr77LlBLMS/u3VsfdWpN3bw5r/s5CC+YiVrlAO57WpWngomXQC2glrWoVYgggooHSXOcRvLGjakLUOutzU6TpeduhXmtk0wPxjsa/9TUlIFhiEnM9L3s2R3FEYmMjK0qQkAtxV/A6moCqKUZtYoZiiIQw0NFAw0rtQ4XZrWm1tz9D9ou+4xKz1Vgtmw+BjO+bq/FRGJeqMsK5U2nc1bIfD+NWg6nQ0JOUmYBh3+g1OITmKBwyQf1DDS01LozPat3D2IwtUSz1ff9bZKv4o2uaCeyWCx6oC4PuU6j1s6spHrywvlH6QLsAKlV3CcQgapp2AkGBNQaJmoJZmu//1fn4jgDfQBQq1uPpsclNL3W6/Wu25IFxj8YGLUcOQYRFNrYhi8PNDrU6jHo4Zc7SuI3M7UEsxWTMYDCIbRPQsUFanVqdvxNCZ3pSa25j89IFXhzYNQq1xAlGq1F+O5AI0Stb/QY9DCcWuWqHLNlS2PAFlDL9NRi0wHBaGEwWqARo9asHoMehlPLtk/LMVueCu4dpAsCapmBWmw6gikCB4JgtECjRq3BNMTrJqeWO0bLMVueEqaCfqi7QC2zUqvBLERkyvC1gYafWu0z37Wglj/1asdlLmrZOCTHbIlBun2H7oKAWjpT64hZVBTWaA2dSEFArU5q/fjsldZeK7zwzG0yank26Kwsc5bHMegSRkyHC9O3zU8thzcTQRRBoYRJF8GR5y9dmoLapFBLu7uTxmPLbNRq36lEG2p15BCagFq2HCJSsrAVpQFbI6aDnZ1Dj+HUejo+fecEmxUsUaLPQgnOrDe0ID1XjSZnzo18em43tTRpiOanlmC2KrIK+DYAW4O6+HY6neQQfA5dqOWa/fj2972I5q1EMCIIRJiXWbBTiTrBTiU22/q1a0CtI7NFycpkGivmX2PL+TIU8kGLUiguGs0MQ7KILtSyORwOqV7LscllGEocGsTVzLaZl8EDtYBa6jS/tLR+wXBqLV+7Zji1PBs4Ki/C1f0aW5uQnqtCWZpODMNexvpQS6ru+rz7+Tiq382iEsGUbczMzhqopUawl7FuDfEUar03OWn8SRDMlkzwCNiiuHoNgp1KVFHLIjuVmJBapGuT55IbVQohQkAWimS8pl+fBdQCr2VJat2eM99H9eRpmWZLnEmI9kigFlBLT2o5XEWWZVN8LphN1pgqgTAlEgsTiWTIbf6zBF4LvNbgO+/FOb/W1Fr4bzrYVKghb0pQWWiNRZdrcc7pNKAX42WbLXG7rTq2gFpALd2olWKq8Xi8DiqMRGAJP1CRUpp3WeM0AbXAaw1aPz7VfL3WWoXCx0INUULzIwihNcYYhknko9FKJZnNBoNcKLSd8rGLLqdT6zvMZI2Oyn2Poui2HEAtoJZu1BrbbrQVgVYirzAVY2pBniWtcpbAa4HXGri0z8aw+csJpkWRumIBQVVxCtQqvSr+E0WLVKMEmDFMNFrKZPdEiLHsojYEKwdQTm6ZuQpCNdYH1AJq6eW1eIxpmkZEIMJs1PY4fnPOWqdJNbXmd69YUecezoPX0kh65BD627YxcRcFudmyoBTP895CocCl09lkslaLikwTYYYEgokwEyEmMCxaqiT3cwLAip5BdndJzMjuAcg0gROFGFALqKWT12LTnNBEQnyZdYndl9XyMFV7rfPvv2VRfTaArh68llHUOlljY2MteHMXtwSYeQWQZZMixWICw+iGDxMAFktEM9lgyCvYr4GYLawgy50jcCBOALWGnlqndRY6ziFsaSOWk0pqkVcuf/a3GSvq/csz6nkDXsuc1Dqpxjo8PoFhodxeMhNlIoEqEscSRXwx0UqSC5WLzguqzJasHUuaCsXEaceq0nTvPvnKknpyd3SoRYZfvfrG8EQny0ut1yL/8NaHK3YLauLDy2/fAK81etQ6utD0Nwjm3kq95PaStYSAL9F+CfSKRUsNeCk7sk/ejiVNbeYpgiqo+ESf/+WqRfXtD6PjtQ4Xpp8anp7rOdzZsXaS2NSVczMqQgVuvP3WJytvWFArnwyCWuC1LEqtTon4KgSzIr1E74UREYtm9hSxK63IbNlSVYJilG9ldOGrq9/+2Yr604Offqu+CVmFWqfvVHJdQuMnNBbJAic3lsVn0wt3rE2t9yYnnwO1lMk/dfPm/KhT6+a9e+uk3tRiw2FNYuccbNnLZTOJSJymV2nReMlmlzuBM0rMVoAgEMMpvTF+439Xn7xz1oJ65x8/PVA/MWpYqPXlp5La6vV617+lCwxkL+Oh1Yh7LXPIbOm5hwuP9N5fi1xfWpof3GdysKlCOlM3Xkfs4nh2rs/rkwIituW/5RaBURyjJKvsL37+4Orff23FhngRqNU6vrwlqZ4fzbElswBQC6gF1JLaqWStcEBqPOjRnZ67u7s+6E9G1o1XPhLA9Cqm4olSkuNPt11j8kN0xVJsNpn11ijM8Irs1ohTa5PnUw4LNNXTqKWLgFpALaDWyftr9Rj0WFM16KHjTiX+xXIofTRmiFHDdp08Oik/RPf4vXIBTO0pidUZcWpZRUAtoBZQywLU0mTQQ/f9tUg2JdguJoDqtmsjsxfy9RwxVBCie6xylEYJr/xyQC2gFlALqAXUGgy1NJExu0L6PVtewXbF6ne74onSXqgsiS4+rnzBcDFNYKoiezIhUAuoBdQCagG1gFrSZnDTyyUTEWJVTHKTRlcSM6zi4/MlimY4mcOEQC2gFlALqAXUAmqdNGLIixM14nQDXdlC2/T4chXvqzg4F8E4ESKBWkAtoBZQC6g1LNRaMJhajRFDNpVroouKRZOct4kuZblOx2Iz4jChnPnzQC2gFlALqAXUUkot/nFB61nIB88emYBaTXQVxHkaLVMMXaRnQ9FS4/ZhQkIGt4BaQC2gFlCrH03dnDdBizMbtdpXGWsip9vtMAm1GujylEPpWnOKYaKUrihaatzGrbwcbgG1LKHDhYWnQC312FleXlZRaSCHcORzCLup1Z7opE81NphaDdWnGDIxcZ4GRVGRTPqlz6X8TCzmonVu9TWJHqhlCa2FwweGZ3gMQQ6hjum59gl7JztWWh6xr9hPL9GDQSu9XrcKctwSAAAgAElEQVTS4wiDoRZkvgO1utC1yddXdlEUxuJEDTFAvs+tu/xd3Mqj1Xg02MfV+ahnY2xvly2xtyFpfHdhc37/+PG2zcpSuVOJHGrZfzXzeTtC7L+Z+efxI/blc/85tYS0/vVw5q706+y7Le8AXksLre/uLgO1uthVLiGCicTre3cRzOkhvMVKrdbdlTjF+1s0I2m4nECtYw3LXsagvtCvI7Um/nrr9+2vXXrx89dnj5/+7tYXK90lJvo48r0XP/9wVvKZsy9ufT0BXkvT656u3HsjqKVFDqE6lator5jK7bUGyDe2nZyTODtjWwTGkkuT+WSEpgXDlerolcf41ptesqg1cbGztXx0seXabqXraYkS0mo7TscR7EAtkHm9llA97fajOtryw0dH1Dp+qEkte/2Rie9+98VK87nG/0fUsr8uUT/0Gy0P1X84opbdLk0ticfBa2moQ/2pRZ6/dOm5yZpWc/Y7yf6fvbOPiSK947idc3b7rMeLskcd9xbQYkGkBzS7JsIyV7wp6drjslwH2ON4p2TPUg48wa6ipngzp1ZoERYxl6vlFkqs9I6yJ3LspuzRoEaiED0jUaOxIYDmTlSMIfpXn5fZBQUs14i3xvkmmJnf8zJg8uxnvr/ntzNFGZ4HyOPXTuZV5x/MWBtbFTn9f6ng9aC5HqixKfntoBB/BK6o6X9yfoiituj/oRbb6q57dNHS7wVMJTVov4DUx9Y0W+Fum8/NKb2ie47kCNvvvkbL1JLlq16r16ikY2KMKMz2xsSYGIyamBh9P6IWS0shL7UoI4ogal1lYS80jjHiA0wtmtJIs6Gp9awpRk+jITjEoAuwmFp0r9HoBZmHagZILXjBmdtestdaOP0qbMdCf4JExfn+2grPC6md4hJ6gPzUayeh81LkZFWXQe9VGVsVB/m1CVLr6Jz5xrX5iRBcirz8jCrPlIE7VQqVl1vfgVp0yXVwo+SRUPAJ0JPi9UunwbePNiu118G+knlMnXKi61TKrC2622BMJ1NLlo96LabVkfkjUeyDt3PsGrcoCplGmtU0iWJnE5/GsprfiDYU8lLL+DOHKDpS9ZBanQGwF7xZo1+Coc5rLKZWxBGHKHTWoQHsbkdqoV04rlmG2tEFfuxCY+E8bWpNkwNbOb2FyCR5rW6XKHQ30rLXemY6HPZr8oLvyHc8iiUtv/OcS7mtqgxPQHIR2zzn0ofxJm8H8pj1wMP4ZNeO/bt8f21tVc3kUKD02snEnEOIXsh7KXIS364uq81VBL2/eVN4VOjSWSeLw+AKUeVUlx3cmlG5KS6yWqVQIG5Vzkktelo1Ekt5DzzU8oaUOkItGlc1qRG1PPVNNIMOSgi1WIqdlvRgceLE2xG1BWNq0bMkNzC1WFamliyf9FqQPryt087ZSik/Oyd0itBh9TZxMMTzkEEuTnCL0gYXplaEXXC7eFubGo8Tub4Wqp+3uR2cUIpyivBHcDt4nLNgW3mBF/paEuAQ3N4scg7YhqiV3sT1ocILdo3II5EdMUMTzwsO8fENNdlrLagR2rOHMOYXPwx7Geu1w6Tl969J519LfJPOXw6TXlzyb8+Af5Hzf0gdwhqq8Pmq/aRD2A8O+/7iesKz3wMjC4rWbj2YD71XziH/DWjfS4GUm5iXVV2bn5+cnJFRWRQLVRUHFRka+krgorhtydWJuSp/RLrcxKwcPELi1mzU6lUatDFJei1aB1pLkkmL8vAplqSSu4hajDaBhLzU0sVbLEYtotat6BgLa0AmKz2ptERNqMXqNKVORkvm1rNajcXI6tItFhaF1NTuUqMWU4uheknSw0BES9TqedPinLk9JlNLli94rWbeVscm2I/VqY8gkDSLtuNnRFsqk+CCDGrm+1q0raLQQnuoRa8xGaAlSoVNtjZmNxyX7jqWqo1HIUgt2JTGUn64RpBtFflup1Hfm2RUw0518S6u3KT0MyFqQWi14Js/TWFhZiH8ucYSr9XnhBQk15O91rPRKslabf75fknEey36SwM5bfgDOa9s8HSQ3p61RzptkL4FucvTQXoURtRP8Nkvd7zzPCyuokP+7/+v28bwgqKju5K35FfnKhSHchQhyIBt2BDir1IFBSEo5SRCZSFV15bV1u58nbBKEaRSeITyhK/OpJahfnjvZLH1QY9BaWgeLbZur2mkGQ2KfAipxZyZJCEPtXQR94ZhZIyB1DowWVzcUWdQql3DVmvHSTWmVsS97dbi4S8QzJj+4S8ebp+4eGYShh6cUkPSjVit2/fqILV05ye316A7xojVn2PhnS5IrY0jxcUbWyiZWrJ80mv1NdIISPGQPgYlwksrCmHnBEGWnb0MgozyUIuNeS97mYMATY8wk5Zgt7mzs13cVclr2To/N1Ik+QjxQ9FK2m8FGlIXYbe1UUqWTW+yOXjBSRZEbwyRUdrXSmNYDe4ne61nrVfC44g8D7JYJQXCpYRg6Lw7xE3vEB617vlYXvn+834cIarGSC7YlrEr+eCWsk+y8hLfzcnBhPIPgU5sA/4H4UyFFISkmJIqt/rAZzOodRqAro5icOmitnUITHScBbfaUyZxCFIrfRRM3BkHNwxeap0fMd8ZBV2nouE4c8c4mGjR3b3c1TECJ4iG1Ip7CC7dGTaPYWdVf9l61jxxYWDo0h3UrjttBhPD5r03IbW+GgWfXYCrjWoeB1g1OkItcGkY/golMrVk+aTXKtcrJWrVUUpkmloRkBhMLV6EEgQvtdT9IicKIo+oVQ6X2hFMLdRHxNRiIgrtHNd3jXgtvlMP7VS9yKG0H6IWnie9iedJfvDxDCEycQwd4VogasleS9aTVPWuf9k8yykLHqnGWBcYWVWw+U+V27ZVrs2A+m0y1Bao/E+gsvKgEr3MClL55/znwMpZqNX1z+iBK6Dnp/fB3zCCTraOd41FnxkBN8Lvnp0oiqwfv4QAQzKE1HLnzb+eAHtvngbmq9HNQ2DsqxEwFvXGCVATB6kFmzaGL67Aq8xQfxl8UKrRx69uvAk79UBSfdBIVThRhvA2WHkBVWSwCdwfsdIMhFpvteiuXybXe2GpFRUbWxUorwuf9FpT1Eo10I97rfIYC3JCNENhQwabu53UEclr0ZLXakOdTLgag6USVti5cj1roAm1WNieaUp3cXUaTC3ktbhOF1eOsx20JhtrGc4QerzWMdlryfoetNVfNc/3Q85a+b5k0ZIl66AeC68LhFo7haydWwtm2dcqOQ1WFtCLT2CojOnYFMggGGqkoXO6seo+mBgcHBzvOumllnq3Y3DwCgTaafBWuzL6Nth3Zqjr48HBUXArHHmt6wB0lDfifS3otb4pSqGV6uX2wQ+vgLEvr3SdC1YyLKTW8NlvLpIywghSFZXklDKENdHM+SszagxfLGr5xNNzF4WGRj7fxnQhqYX3tajlou34gGirYzRoX6ufF64ZKI2TjijMbESdUJZPm0AyhNARkX0tLk1v6LWYsNfyczK6fr5TuXxZKUOo5Qdn1LbauVS8r6X3K0X7Wgl2zzeSWSJaufD7WprVL1XI1JI19+dDtX/i/D6lnvB9rdl1dApZi2atxkAV7O20jlCrJxiVt4/Vg4/aaVSNAalltprN1uJzKRK13rw7DkOXMbW+bVfq7oN9A0PADPtYMbVK0u+NA/DgpIF4rY/aIXEemoHVehZT6yJFKugBmLigxpdvHjJj1ZR4awi/HOk6J1Pr+/4lIr/esePvzze1nvpzCKeoZYAkQQWD3XpUQ+i2o6xdhAseue3l0DYdq0vBhowTAlCTAdUQuu2ohrCZ5xwBDttxNa7GENwBkEhw4FVCLVoDOwWIPC7g4BydYhqufMdFIDO+q9/E8VM1i0+dWukVFQkvOrWWrl+/Xk56zKV5vx/yu1JrXYbKi6zZqVUynVrEa/UgrxUvea1bpqQki8VIa7Wk0wi45YQOi3gtGh79GXqtk35JpRYnrsYw6Pz4YjilWkcRajEDQ101puBRyWvRDAWp9ekI+LQxHq2wgXvQzA1+POjJEMpey1feVNIQFvZ8Pz136eLg4FefLrVaHWmQWkeENorZ3SQIQuZ/2TvboKauNI5HbIxJmNvQGBUDNxFRw4sk2ZKwEgIsnSKo7GJcedkwIYmbpRGlIIpJ1ax0sHTH1GF0QZgRfGurpTotzFpGO+sMWnV0tDvWzjrqzk53nF3LjHZXOzs7/bbn5CaYkACS5Ibc5PnzgXtuziUk99z88n/uOc9zhM0WH+/Yf/6t4Q2FbPGZk2jfhmTNyY4vcKeCd7+kHir4ePg3x/d3uNZrLfsS9Tl/seDmyQ0JS4bR9oXKquN/3JD89fAFFboelg3v339hyfChZPZc/OCh/N92/D0h/8zw+SN+uTHOfLVkeD86nJ71WtGhOKwK6SccM4vKk9NDGiy0eK10/TiypvNax/B9rbEbD0aunXowcin7G9d9Le79a2PZmk8Lxb/+04d4lTEmT8rXVIRw5PrYqXsukH2/bazi5xdzEbVyF7+dLXp2+73Pjv/lUCpFrY/vjXybcvge9/H6f3GfHEld9mnu1ZE7yKB97wojFqZi5aYmuGe+L/1i7LvbdN3XIgig1ktTC+pr+efGUKmoX3jgsivllYXu3BjlhaOuZYliuVyFyCS/SHUqHJVXcvBDKhXOm6Fie3Jq4JWMeO6FKw8Gm7OyQcVRjVIsKpdXstkqakteTvXjsEfdzzwhbXw59S8AtWKYWklVK8XRGSZVGiddtOUtfouQLJkRtSQK79aU1MpFMGocqsFzCK9yRx495HLX4jmE94eGGp9YDz/gXlpFGbLGoXsjLmpxR1xzCFOfPeD+NPTo/h08h3DsKuqPiLQQebJ0ilq3HnKfD/1wm/t4DHV8/ugH1Id7HW2PXFoQYJUx+vO0zSFsMhq7gFpAreCp5QuNF3kIJ+zy3sHx22T77GRzJmQZDHjw5P8D1DKOcWqt1mRkLIzOs5NVP+2iLazM6upqa/DPEohahxuffsZO/Xfj9YqCU/+x2Wx4vdat/9lsP3U0frAtWfxjY03N88fbTj28f2096pR785+2mhNfNb6ffaPx/as1thN/LXAtw6qxbf829xna/R3qb1v7YcVV2wfZNx8+wfe1brxjq3l6svFS6oJnqGPjDvR37lTk/mg7MfE2Mif1v+90PESH+yWpCQ+11AIBIxZDALUYQa3YrgoJ1IoWakVbpRIvmQiDmfYnCUCtUVfsoZCDFy4mLKiUU7kxFsgbVAtG0QPJqTjokcBhN7zNxrlDOcnsBnlyAXpoVFWQ0HCxEPulbfkN8kqc3aJcxSkYlcvLUxM44l+o2O6AimvKVALe3lbVIC9P4IxSAZBy/6CHSpU62iAvYMd3VUigFlALqBWt1JJgeabXqiUeCdyPyiQ+HQTutkQ2sYN7sZPI00GiZh612vWEk/Yc+NNmz/WvwuApnPAiO6BXIH18s9AnSOIKehQGquTKZk8b9WAHqt0K1AJqAbWAWrNPLeW6FXuw3MkEFVQLyZ23aZ+nfZZqD3janVTeJskuzw53tsGznvYuinOifQPMoRbfwZvZPAtaqBXbVSGBWkAtoBZQKwRqSe5KpTlYnVR7K9VC2krtWONp97uh5GnPp+7spHV7driXlfR72sXutLyvb9zKGGqxBEcJrZXm5wBqAbWAWkAtoFaw1NqdOKffux5J2njBkjRqx3g9Enemd4WnPeC2UgO+FU744xVO7FSo7c0D0l1qxlCLdbCIbKY5RgjUAmoBtYBaQK1gqVXb2U/3fRyHtFjJHGqxthB0xwiBWkAtoBZQC6gVLLUioFrpgXQGUQsndqI3RgjUYga1pInFQK2QJUhJSUkCagX7iS0WVwmAWkCt6dRSRDbTOlCAWozQJwfKVsw+tQ4kMjyjU/iz58YTtcTLl8d99lyg1svFCHm0xgiBWoyQ6EWluFmk1uWNG88CteKWWlBfC1ErIwOo9RIxQlI75VpjkUKhkAG1gpTDZGoSsUAvNxbz8vIymR0gBGqF4rWAWqxXNJqVkadWTjezqMVX6EnnVFSacfZcoJaXTCUlxlioZdyuCKhJX5rAGviAGCd4GKiVwGagkn+1aDN4rbB88fGrVDKwbx3dV419TeeEOYQazcLovtIGp85HCNQKRUypVDKdViTOD6A5b07WP3PNnEAHzM+LaWiF6rUEi19d8m4DE7Vk0Vuh8wa8VgCpT+fsof273sT6vqFNKoqITESRBagF1AortYrjkVqhei1W/muLXmOkFr1aFfq7B14rkNZJV4gg6OGndCNZl0kntcYKGKjsz89tHwNqAbUi6LXQB/fmnzFSmzVh+G4OXmt6aoUp6PE68y/ErHpi8hQZIVJL8IelT3dsYqLWnnsaeqgeqAVea0ZaveoNBv6sCssEAvBaNFCrOFapxeohJ5/+HiK1WJs++uVHjNS5pZtCf2eBWuC1QOC1gFrhl8RJ6C00UYu1Y/sJRmr75ylALaBWhL1WPAu8FlBrJrLqyToJTdRiHatkosrHwvHGArXAa4HAa0U3tSTtSgEDx4s6q57XJ6CJWvEsplDLvm7dJxKgFngt8FrRRi3fme+0UGuge4+SkSOmdbLs70CteKDW6RxpmXK2qSWy7N6tYDa1Fs8FagXvtSAPYQDV3v0z3dSqzfHN6MQYySa7tQXUigdqTVepJCLUioHsuTt3LlsPoz5Irc/PXxjv1FpVUfGKgP4LcQK1pAylluvWViZQC6g1i9Rifn0tv3w8IKZpdqlVMU323IhQS5ASprUM9CurlwhUtKSlnscDagUrUwlpBGrFD7VAQK2QNF2lkohQK+qz53ppC8Er9d+rMGq1WTCWg5S9tLSaCclTgFogEFCLedSSNJO9/nxSK5VKCYzlGBdQCwQCajGPWqy0KRYbg4BaQC0QUCtWqaXGotr8bzS33mDK+eJb9YTRCuMWqAXUAgG1ooNaefatarqplVPkPOpSs0utV65c+Zujra3NbreYze3pSplMEMVnLKuXOArhQKAWUAsE1IoOap3OoT03RnsTr8RbJI/HI7B4PKFQqNdrdTpnV3NrU1tbtb1FoZRFGyLahIQJKsYDtYBaIKBWVFArEnkIFa194+pC+odWa9RptVq9wVBfzyOxMMxcGOvV6uq6mpvaHHZze2aU8KuVJPrUMHSBWkAtEFArTqjF9z3od67ZGJlKpcJstljsg4NbtmCa6YwIY0XCEowwTDChXre3ubW02qKY7fl6kuaA899BQC2gFohWCZKSkgRArVmg1gT5zCH0IppI2W4+aB/ECNMZEcDIEvSD/Fevtq6rtc1uTp81eKUdJXphfVa86XSO9ABQK2Stzq+qSoHRFKTyd+7UALWijVqTSIQANujoMzkRvoSki15CBK/SQXP6LNxi4iudhH43XELxJXt//+9lU1FLOieAEie/WMoSAx0wZ2pqdUuZnodw8dzlC2E0BSnx8rlxnz2XMdTyxpfd0WTSafUueCF27W3G7IrwmbQaScBWmCTKjO5Joy+rXWXFAVQ26diXdQY8oFgxpc3vvHzZwWxqQaWSEASVSgLlIYx2armsDr56FRS8ivBdL8QuZ2vbwQiii7/b4OW22kubmsxwRQWpUp2uSxYDryMzLaBEMz1AENunG6gF1ApNqyoqJuS9nzDzPTxBj0Qfam3d1e+TOH21JiMjiJABH8Mr/eBgqcmorydJksDoqlZkRghbdsOLJBkt8wgCsucGq1aS1MECuHgR1DIOSVDLOJDObrwrCnvQo8wn6FGb093u3U6qEotDehNECoujrw7ZLoSuIt3RUrs1Euc1q5cwug0WVCoJiVoMqVQCAq8FXisqqaXMa6c76EFHfS0+tl0IXXohvtllcPYMWmmfpVGNsNUC1AJqgcBrgdeKcdFZFdJqLzUZXabLsLe1WkHvhyHCFhUkBGoBtUDgtcBrAbWClQiZLp2BwOHCur5BOqOFHmwBtYBaIPBa4LWAWiGRy5zV49RjchmcfXa6no7voLAF1AJqgcBrgdcCaoUsRVYP8lwlpFDb1Wam5XOR7yjC2AJqAbVA4LXAawG1wuO5qvuM9chy9dbRYbn4fLuB1NutQK04oJZIIICTBV4LvFb0UUtE/1tSm9OdHsmXJLO0dWmFJMnDlivsMwvtRtJgKpoH1Ip5ajk6O/fJ4HTNutdaLV7GSGmOhYNakNEp4KXZT/eUccvd/syIviY1i5Vu79EVYcu1t8cS3ifnW50Eb97/2Tv/oCbONI7TXDe4QQK68TBAECE9TnMiOIFTSJZeXbH0ZLxwEbBBfmkGoSooEEvpOQeSO+rlMIYYkaGKgUEUtR6iDDLa8QbGgSllrDe9UaaON51W7ZztqHP/9K97391s+CkEEkiWvN8ZZ/Z9933fDXE3n/0+++7zImotfmr9Pjr83Vh3f4hff3r48Bluey0n8xCeDQ4K4KSCgl2wYnvUykh/b6fW5L//fPTH85+ONt4dq1OtqNMZ4fwMIjdPVujKgWMNQkCtiwg/i51aM6xUsiCKPRkezfHsuVFRUc7kfK8O2rWXk9oVFOk8bzaFhnpAwnz3UmtbVFTCsvGX5rg8hItNVbJS+JRLoDHq8pe5zG3FNhF8wqmUps/K/s5FHb/m6wpqCYWIWg5Ty9vX1wrcG7CRxDgo8cag4E2L5D/BzTnfZ8ieuyBalpqQsG7hQiza5KxsGCs0JLssVpjPFxBKJ1LA+x66vJqbOlTg/Ld3OjvbgKiFqOWg2QgO2E76clDkdkQtF1FrhpVKFuY8TKyuTl2wo/nFA8rQsUIhkeuieYWFltJsYVLRnL+42svn3uOkTqw+7rxlrcrPr+LCpYqohaiFqIWoZTsPZ7tSiUtihRl5dKxQadTFBLpgPG2WUFg6xx/fTc9X18p5HJT82uVD67zm9xJRC1ELUcsjqXXeS6gFY4WVp+l5hdkuiRVKmwTCOUYJzx5afVXOxQtRhKiFqIWohajlbmpdCN863+GaM5Wx8Z5ALR9mXmG2i2KFq3Q5wqQDc/FtiFqIWohaiFqIWnOkVrx2yVJmrcPCPx+2aZ+NZ2z5ElPewpYP2zB3ni3vZMoVbNn2ehZ81QTqZPQtT6EWVMxorNC5tE9+lVlCgUGLqIWohaiFqIWotXBeK/DTw0yEcF94tE02CN1ny3+1WSa2HG1b2vhttnyLKV9iy39ksBZx0lb+5289IkI4NlZoewfZybRPscacMM3s7RaiFqIWohaiFqLWXKnls8r2s233Wvdt7uHCfVuZ9Vr3WS9le2f3FtvAhrkz98d7rbU2r3V+wlLI7qeWj5/9HWTnLJffEeUc7BaiFqIWohaiFqLWnKk1D4qf3n14ALVssUKZxelMu1Labs3u0SCiFjeoFb70bUQt5xUY6EwaYi+n1rpt2zzgivMGas10HnoKtXzGZtptStZGzNFuhQmVGbO5LhG1OKFLbyxBXssFl3ui/xonEvJ5ObVCUPZcRK0p7ZIt0y6Ra9TVzZ5cftIDDUKBocLxcwtRixOSavftc3sOj0WQh3DlL5zJ+e7l1EIrlSBqvU7wKRcdLATkKqqcOVo4IeihNeaEEY5zy8updVAm0wb6IDl2Zh65cEHL6b/AyZVKELUQtRC1pg8WQnLBaKGscLq77MImg6FiXE1GmlDoMLe8nFpcyZ6L5AoFImo5FSFE1PJZdjY01O3fwcLmIZxlUCjZmJsUBhNoZJXqXmu6DvKFwvHra/nFJisd5pa3U4sjK5Ugcc9rYdPXYJgDPRwdGXktr7r72vzmm6Ge+/HW1uny0uCkeCGhbCrV1UknnzT5ScTkVSGlDLd0M8cXEbUQtZDXmg9qxaXETahJGVsTl5Iyc4+pleJgO+S1kNylFfkyS5MyJ+wdiC4DcF0xa2eklo9PbHIuP0ygPDDFGpQr4hG1ELWQ15pfaokHO1Xj295p7+uw15BtnTvImXpMrfT2vkck8lpIHi+p9sjpLPikK0woSEprsugqpWunpRbwaZVG0F7TpJsIrsqxscPZUWtSVAObMeiBzW1gRC0kTnstcT01AUsJzV0mnp0jLVQZObmH2IGRE3q7OnjIayF5vvz8aHQB15UUBm2XQJnWVFqUcVCqbSCIi6/pVHlaCTCnMWaMBVdg3tg5hrOiVtwUVLozfbx93kL1iFpInuC1MB5G8ng8+vwduyFhqGWvYqlFiukacYu6DGzRo2HMBkMt2EHM9MDEcGiM7cI05JHpzZBaJG8qfmLi0eMhr4XkGewC6KqTJedlsewilEo+n2/R5kunXu8k9gidV15jGH1vOfBPAr7Azq3ZUEv04qPa/eNqUl99+00qW1DUf3T8s0k9nux3YGQwzj0RohYS57wWmbi7uHxPgOoPGLiBi1we8P5NiKry5QEmmlok2EdXsdS64793eZDqJgapFblruQncCJIhwQE9YIOmFrZmQ0DPlZs0gRKDi/039Ny8Ux28vAcegIx6Kyjo/eIESC1s5W4TA01aCoZUZMjeoB4wOvJaSJ4YMQTsOm3I1eSECQG1CEEDsF4llqIM7cHCiAm/woU6g0YgFPBzm0qSddqD0giDAHRhuTULasXJH+PvjWeQvB+/baeWeAD/7wRE7X+MP3WIWv343VRELSTOeS1Anxo1RVHXT2FRzXCjpoMkB/VwQ72DxOr1lBpWsdRShFgptZrqu6mw9dsRRyb2wqqeFAWglqIFdmBii2Sb+rqV6rrxpZ4yq8EByJBe2OMbSC3JoNpsIiHZAj6nZaJ7rOkEDSiVGHktJI/VqhitzJLD52drCGC9gPcC5kuTm9VkNJZaLMk6nU4mq6jLz4+pSDZkEwRAl4AglGkags+3c2sqapESnkIul9CxcxG7AWqeMQyy72OppZDQNSJArSqwhdFD0BuAWp/sZ/fbhhZLwA4RW0U3VPyyvxtQSySZym+Ro729l1orqrbsjEUnvOd5LUAt9efbg/Vmk2iQqlGVN1M1rYBMZSXbSK4AABSfSURBVKAKOKcv9WZVQbu679So19qtKi7vpFSAWuqe7e1q8w1eM3W9ONLaZRIBaomaqZ6CyA2P4DUkbtOra1RXTkXtuVKw0trVIWqnaq6AfZBaLeCAkE2kv7UGSk+TKr2Z6jNt3FCMvBaSZysmiSB0MRXAepVkpSk1cMLGOwBgcN4GgBgQIUhS2lEFfBnBbkFuaaegFtlm7qgfbrzWyvMlU5uHG491SHx9JaDmKk0tSfBwYy2sslPrLetwY9cNBaDW893Dw30k5qsI0R9tLCN5NLUUg1TjMDN9ilyjN7UdG76Rvls9PHwVHEAc1Xm0sUtFU0vUrKYfUJPy39BSMHHHRP3RYXMH6d3U2ve3JeE73f0hKo5wHZzz47VaFQm9XaaEZmCVgJfqMrXBKsCYHcA9XS9YX24138BYapGKlIL1sGULYJkivZdShVjNpvXrmdY7FIA7HXEi5uFYm97coSB9SV5IgX8vZYqCZOORZHqzeZfVzBqqFEa+DMJABx45X8+1UB5CJBcJziG8aL8jB+YrI9mSV2LMyspKy81VajSahoacUYRBivFHJcwuOTGJWooB/IOhbhz/SyuZ/tMQPoQ/uCuSvMjEcfwDQC3J40w8E1ax1JJ/MYJnDuEv/yUfwD8cGsLxp5+J277Du4fw56fkgFrSgR/hfjpSqKh/+I8RvPvrNrrqXCvvi+/BsPjzZ4Ba614Mdd9WwFvM77+ldRUeQtHyHWxRK/duasW+u/SNj6vc+xlitoZvvRXI6YsFUGuly6l1PQ6DQILk4gE0Uao2dV8cPbdCAbyUGshMz/mjI4SJe6ywBlKrLM6XB2CVaKXbUGWQWuLqTorqU6UwXos2aeSaAKuaUkNqAWNGOyrQvO8Uxjz7CgqAoiOE4J6wphWbvzmECeXVId5OrcBNoZsXy5ovbqaWfea7H/hnfxtrVcTaqpiYGK1WK5PJdEVFFgvAWYkh184sQiBs+M+5y5OpNYQfUv38EL/77DGeeS24H3/Z+tUIfgJWPZW2/Nj95Hev8NX0VUN7rYSfazsGR/AnzwYAf1SvhrrvbfsJP2FqH8FvgwE+iejHnxe3H/sBXnCi+of4g9qa1q9eXXs08O/uu5v/hz+4GnTsh2393fcGMrufyGlOjXxI64mEeeL1sqz32Nc8L3+udX7pkqW/2uLOj/p/9s42KKrrjsO4cLu9wYWlXZHL7kYSxBULgnXXImzvhLJJimXVjbCxmNE2xAm0MQSLplXbaRhEYyu+kbTOxEIgNUSrJLhAwQmGGdHREWc0zjjo6HSmI7rjC76M44yfes65i/duXWiF5eWyv+eD7pxz7lnmwPLwO3v2f8tmTf1uwufTVP1iiUlNTR3B75zA1iL2ka3l9reWo6WIUNjBkQDEBtU5Kl0ZUtaSrVVIB+1m1hKM8c35jgKRE9n7WjYtZzlKNBZ3VGktx+bNvqzlt0M42taaGIyvtUwju2tAcEjNi1G7tf76/edeH7Q3MpIemfdj46oBZa34ZH21d22grHXzM2teH9+Z08ff8JqJsTr39PResHr7+RvzHvNVpdmnL7YxjzBrCd7M7Oxufgex1s1qc0Qfv/38xbbO5I6HZDS1Vj/xTlOq9ObYnktt51LMWrvXkr2uj7/+Tyo7s1UT2922/Y4kLTpKQsP+3rxIJGg2c6P1vtbzz/9CFdaas4loa9ks6damsjp+/r4SuR7ljH1+HfInH975Vtn+M/kD5//wu2Cj/MS+mbZ8RL0Z2u+tDWktJ3FRE90hPPhkh3DNHkeLzWA3EGWldYh0EDHPQbNTshYZNLBDaLYb7NIZQq3d0NVIbGV8O1eylqjbXNNqdks7hC67INrcdR7XaV9+09rSGB257Dwjmd0gcLmw1uj9CBh1Oss4LyX5GoxOdX8Ty1auWnXgGcZHHvApa+f6dH3AM4RrTvFVTRwV0jfEXLHa2G7+OmuiJwJffMjzy5cv59vOOQd2CM8+2kAaSAw7xd9q0lof8h+evUjH9PC3ZhJrpTRc5vkNW1k2I1nrhTc5Eqfu/pp0U2u1ndBIiaqHX5zO3CScfXSXQXcI7Q13eldnjt4Zwldee+09dZwhfPmlhPnzp1LmbpKt9fncqTJzv5Bd89MERUfCy086/uZ3wSx5w+dbv44/yHuTH/lmmj8lYVNJaO9rDGktQ0N+TWEiCUZ/sdQ7WjIa6WkMXb3j2JLEtwqITypb6SB3vac9uzGfWSu/JaOOnsZoJPEruzi6lZ7G0BS1Z2Q3Osq76vJdgmQtmsWy6/IdLnoaw5UU7WIn3+scx6UD7pyEVDWDJrkk6TwhrDU6OHVEW+NaQNdkSdYlO/Wq/ibOXr362W4h+asomrIGPnhcGzBr3fKzVh+11uIn1vp0G+WCRtAwa+V1871bj/cxa33apE1h1mrbTseUS6cxsh5v4PkdBlHDkaxV1aQVz1/j72+rvCZZi9iPI2JcfqlNevNKUO4Qjra11ENk+r5lxB9TpkxJmKWwVsIUmQSFtV6aquiYqrCW3wVbFNby61BY609sJqKtZfs+CAttAlrL4bOWhmtkB96vimIDeVDTQvf5GurpUfRyIiAaxug5wXzSdYxay9FMR7lE0chOzNdI1qpzsNPzJFtdEfY7jttoISjSXUlCmV0aWEBrYxiMzfR5/1tOuqP08t0CrDV6m8wkbOmyLJkEt0IdOe5MGbf8i0nv9OuQvwkmv/ZYeabYQWaK8c1kydKNf9wbaxZU//g9Ra2MwFnLZ63Ubv72THra4qS8Q/gvvqok1etN4biKUoEOIuY5OcPUzax1c7XVSWR0njZ5vV6DZK0Ub+wDktWMS2wGZi267feD2d9cG9ghNNM413mvp+1cLC3XZkvroLxNNzo0ZOhJMqIr5K1FXgDvfD1r06uE92VrffGqEtk1s7f4dfxI3h/2a/+j/GLZ59chn1ecI820acvXZWGhTgBrcca4q+TfigySfLiK4vjDS+mnqJKL4w/mZpSSn9+spPhi0meJdy2VBiXGF1/NjSsVjRlpFfFFtKAg10XaDl+1cbrwUjEtnMzRIXKJhXTIVfoMuXFFh0uN4R2c2BUXX5y0lFuXsZQTdeEZAXYCjfTplnKw1ihGHWOyTiLZIr98nAONrCNCITm/DrlSe2qFsl0xk3uQmRZmJcvDQ+5AyBy/bZ4hs5b3VE/bjug+6TRG1bEHPURN+y/ya9ujH+xY03D5/okcZi1+UeHDHmYtfld7f0/biYh+vvdIe/PdEynEWt4HH7YX9vO3zI9+uzXlibW2/7CbJ8Z6SHJay6Pr9AxhTj9//wLbqxfZnod0gJeexjjSfLfcDGsxc80hKLY0p81RMlsRwf069INcMGOwC57qCAODVXRin9ZgZZREQZSKMYmCIHKCVIRJFGifSH6cRekB6SIPaCUoghTYaKM0CUcf+8ZzmoFu6RL2SDMwj0YTsKITeWoO72uNqracPn8oXRM7StbKk2d6Yq2szFA/xTiktWINj+mB9/sFBsO9Ozzf9hW/aI3h3mV2WL1kzyUWxjpzHvewrhvz7vH/pqO224Uz3aSN76XWuuHtpuN7T5JsdXvmnh5iLa2zn7Z8xV9POdNHB2719vEnrWeu8buanipCup+dfO+EtcCEtFYI3RUS1vL96WhyWixGQqbsmgijEvmUod7t1yF/E2qzlO2KmTIHmSmGPaXRYnGaQv6FGOhTxsmVBaJW01jZquEMp2scNaUGrdbc4HBcya13CVpz8maP53ipaMz3fMYGaeo8ngJLvcteUdl62uEpIKMFZ53DU+OyiQ2VpLnZ46lstWvqtrnsWfVX6B+VmUe3eXZnVR7UCJlHyWQdbB57Q6XvUyh+DrWQy48/vekBawFYC9YaL2IIeoXJYpTIHZGDdQzW/r868CoMbC2taGWf77VqpEJO7H+bQEs0We2sm5VY4sxmzsYGGaxWA+nqEqy0EpRUlYm00UcCaaYlmdgws6ZLtNLQZKNNdpFNTDs5m4E+FqzmQFXj2Qi8rwVgLVgLtTFAyN8VEgBYC9YCsBasBSYk+tra2uDWxgglazmzshSnBmAtAGvBWmC0McWFj9W9jCehtYxJSaieC2AtWAuMpbWCfy/jELIW7q8FgsSM6urqF4d/eYhba/3OnXun4YcoVDYIYa0RZS1YCwSHslXPDVE9F9Yaml/+RCXVcwGyFrIWrDVJ8LtTCaz1jKjmTiUAWQtZC9aCtWAtWAtZC9ZC1gKwFqwFJmfWKopeouFUiICsBWAtWAuEXtbSJ0UXp6mS4unFI/cNshaAtWAtoKqsFWaZPv17qmT69KyRLx+yFpgw1jqSZ1ch1i8PrfXCWmAMsxbRVtFbqqQoOQi6QdYCE8NaMYteWORSJYsO3R75Vj2shaz1bN7LUyMRQbm5BbIWmBjWCitfvPjvquTQoS9HvnqwFrIWQNYC6rLWgvJdVapk15EgVLGGtULLWiOrQxjioA4hmCDWCgszl6oSa9gCWAs8m7V0yRU5WIZhkuN0RsBaYEJYixCpPoKzerAWAKoC1poElK2KinodyzBMUIcQAFgLjC3pf37jjd9hGYbJxvXrD+ixDADAWgCogkgsAQCwFgAAAABrAQAAgLUAAAAAWAsAAACAtQAAAMBaAAAAwOAsNJlMelgLAADG7veuxWKpxTIME0tcYjBueAJrAQDA/4kpLjwpFsswXGuh5jsA48+89PQSPZYhZKyFO5WMANxfCwSJD/bu3VuNZRgmH69c+XvUIYS1ALIWGDvKvoPqucPnN1Go+R466GEtZC0wAQjKnUpC11q4UwmyFkDWArAWrAWQtZC1YC0Aa8FaAFkLWQvAWrAWQNYCyFoA1oK1ALIWshasBWAtWAsgayFrAVgL1gLIWgBZC8BasBZA1poU1koKXwdrAVgL1gJjmLVQh3Ak1kpM1MFaANaCtcDYsdDtdpuwDMNdPZNp4fh/FbAWrBXq1oqKgrUAUA+w1iQAdQhHwscrVnwCawEAa4ExI7LklXfffRPrMExmlpTMxCoAAGsBAAAAsBYAAABYCwAAAIC1AAAAAFgLAADAf9q7g5c2sgCAw4WRHEYaRoISaIhgElpXCnoRoojQgie9eNCDpXWFHupBXEoKsliw5yKelhYE7/tXbvaS9x401My2Npt8363zmDf61p1fZzIdVQsAVAtgPBTd7pxVKOn5wsJL1QJ4OI3lXm/XMpT0xNtzAR62WvWss2EZStr0m0r4Qebb7WdWoaS3h4cXhWWYFkUvy55ahpKL9ynLnvz6L0O1JsC7y62tFctQ0vtm89h7CKfnxPu4f7ngg62SF6qtejYGF6qqNQFO3uTNU8tQ0o3fVDJVDrJ6/c4ylLKR1TNPY/AjLB7Xqu8tQ8nFe5Xnv1uG6fG8XneLsJxuL8t6fr8WP0Jxm9f2fbBVzurrWr5jGabo/5Ze/2LruXUoeal1MAZfh2pNgrNq5cu1ZShlJ6/U/rQMU2Svf+5d9snW6BqtLGuNwaWWak2E6y+V/KtlKGNtq1bbWrIO03SxtdnP1pPCQowarU/ZWDyLoVqTYX4/r2y/tQ5lLrWqleqZZZgms3ct2Rrd3b/RWh6LVVOtifAhr+SXPtka3clRrXZ0ZR2my269fwLedJNwtCvUTj3rNcbia1GtibB428/Wuee3R7Xav0j1LMb0mWll2Z5lGO1aqzUu0VKtyblm6GfL1dZorvvRql6K/TRma7MY/KGbCNuLdCDsPXe/HYYNzP3CmR59f6Zhh95bbozLfz3VmgwX27VK9fw3CzHKTY+bZiU/PrEQU6gRTtPFZi8WTs0vk+1R5p62ou2thXC+T3b4FBIxE29vRQ+PpzPNfH+mvda3ZyqexAO98GR/I/0mwqE3kpnCUxbdx0OWoyjG5u8cqjUh/t7O8w+WYbRrraOmaPnLSy+L1MNpeibeHr81drMTbe+EW43derxD9JD4Qry9E73JL50p9K+RDZnpINkh/Gvp4nE8EP17tLv0m4iCmcx0EAUzWY5xfI2Iak2Mldfn84M/LLVjYftisr29Phh4dhVtvgo3zYr2vWaKLvJ+a397pvmfNNPaoyEzhfulxVoyEGb6cPnOD45qde5Rrc59qpXsEFer81+q1Rm5WtmgWrN3yQ5Dq/U0qlZHtXgoq+E0vXi7FTkOp+aLePvWTUjH12TgcLC9fRxv3w+P260kO/wVvoz3yUB4q++7ZPur9mDgNBkIj6EX58lAeLL/JP0mwqF3koHwlMXS52Q5/giH8EkgxUYi3DpsxJsPQlIeLRzEA+G6Zi6dqRgy0+6wmUIhuskOe2Gml8kO4Z2AxV48sNEdNlM49O7QmYYsh2rxUy0e57WBfHs1tKYWqb4K1TpvRgMvwq3GqzfR9vx1qNZhHs8UvcnvthoNND+GqMaHzo/CJdJZvEP0QsXiczxQCdW6Tg69Hw79NZkplHRtK14OrxGB/zPVmtBqVfOB6puoWnmkGVXr5kU08CK8Qf6qEm2vboertsNqPFNcrWY8U1St+NDVo3CtdZbsEFXrMh6oRdVKDh1XK96hGVcrXo6KaoFqMV7mT3cip+E+2Em8fedw8LnW+mG8/Syc158lO5wuDpkp3Ags0pnC3bildKYQzItk4CJ8Ex+TgZC5drI9egRlZchMi+lyrPkBAdVifK0/7OGKUY83O2SH2dmf8q2u+4kA1QIA1QIA1QJAtQBAtQBAtQBQLQBQLQBQLQBUCwBUCwDVAgDVAgDVAkC1AEC1AEC1AFAtAFAtAFAtAFQLAFQLAFQLANUCANUCANUCQLUAQLUAQLUAUC0AUC0AUC0AVAsAVAsAVAsA1QIA1QIA1QJAtQBAtQBAtQBQLQBQLQBQLQBUCwBUCwBUCwDVAgDVAgDVAkC1AEC1AFAt1QJAtQBAtQBQLQBQLQBQLQBUCwBUCwBUCwDVAgDVAgDVAkC1AEC1AEC1AFAtAFAtAFAtAFQLAFQLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDR/QNxpl3tSyXFKgAAAABJRU5ErkJggg==" alt="placement preferences example"></p> <p>When updating a service with <code class="language-plaintext highlighter-rouge">docker service update</code>, <code class="language-plaintext highlighter-rouge">--placement-pref-add</code> appends a new placement preference after all existing placement preferences. <code class="language-plaintext highlighter-rouge">--placement-pref-rm</code> removes an existing placement preference that matches the argument.</p> <h3 id="configure-a-services-update-behavior">Configure a service’s update behavior</h3> <p>When you create a service, you can specify a rolling update behavior for how the swarm should apply changes to the service when you run <code class="language-plaintext highlighter-rouge">docker service update</code>. You can also specify these flags as part of the update, as arguments to <code class="language-plaintext highlighter-rouge">docker service update</code>.</p> <p>The <code class="language-plaintext highlighter-rouge">--update-delay</code> flag configures the time delay between updates to a service task or sets of tasks. You can describe the time <code class="language-plaintext highlighter-rouge">T</code> as a combination of the number of seconds <code class="language-plaintext highlighter-rouge">Ts</code>, minutes <code class="language-plaintext highlighter-rouge">Tm</code>, or hours <code class="language-plaintext highlighter-rouge">Th</code>. So <code class="language-plaintext highlighter-rouge">10m30s</code> indicates a 10 minute 30 second delay.</p> <p>By default the scheduler updates 1 task at a time. You can pass the <code class="language-plaintext highlighter-rouge">--update-parallelism</code> flag to configure the maximum number of service tasks that the scheduler updates simultaneously.</p> <p>When an update to an individual task returns a state of <code class="language-plaintext highlighter-rouge">RUNNING</code>, the scheduler continues the update by continuing to another task until all tasks are updated. If, at any time during an update a task returns <code class="language-plaintext highlighter-rouge">FAILED</code>, the scheduler pauses the update. You can control the behavior using the <code class="language-plaintext highlighter-rouge">--update-failure-action</code> flag for <code class="language-plaintext highlighter-rouge">docker service create</code> or <code class="language-plaintext highlighter-rouge">docker service update</code>.</p> <p>In the example service below, the scheduler applies updates to a maximum of 2 replicas at a time. When an updated task returns either <code class="language-plaintext highlighter-rouge">RUNNING</code> or <code class="language-plaintext highlighter-rouge">FAILED</code>, the scheduler waits 10 seconds before stopping the next task to update:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --replicas 10 \
+  --name my_web \
+  --update-delay 10s \
+  --update-parallelism 2 \
+  --update-failure-action continue \
+  alpine
+</pre></div> <p>The <code class="language-plaintext highlighter-rouge">--update-max-failure-ratio</code> flag controls what fraction of tasks can fail during an update before the update as a whole is considered to have failed. For example, with <code class="language-plaintext highlighter-rouge">--update-max-failure-ratio 0.1 --update-failure-action pause</code>, after 10% of the tasks being updated fail, the update is paused.</p> <p>An individual task update is considered to have failed if the task doesn’t start up, or if it stops running within the monitoring period specified with the <code class="language-plaintext highlighter-rouge">--update-monitor</code> flag. The default value for <code class="language-plaintext highlighter-rouge">--update-monitor</code> is 30 seconds, which means that a task failing in the first 30 seconds after its started counts towards the service update failure threshold, and a failure after that is not counted.</p> <h3 id="roll-back-to-the-previous-version-of-a-service">Roll back to the previous version of a service</h3> <p>In case the updated version of a service doesn’t function as expected, it’s possible to manually roll back to the previous version of the service using <code class="language-plaintext highlighter-rouge">docker service update</code>’s <code class="language-plaintext highlighter-rouge">--rollback</code> flag. This reverts the service to the configuration that was in place before the most recent <code class="language-plaintext highlighter-rouge">docker service update</code> command.</p> <p>Other options can be combined with <code class="language-plaintext highlighter-rouge">--rollback</code>; for example, <code class="language-plaintext highlighter-rouge">--update-delay 0s</code> to execute the rollback without a delay between tasks:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update \
+  --rollback \
+  --update-delay 0s
+  my_web
+</pre></div> <p>You can configure a service to roll back automatically if a service update fails to deploy. See <a href="#automatically-roll-back-if-an-update-fails">Automatically roll back if an update fails</a>.</p> <p>Manual rollback is handled at the server side, which allows manually-initiated rollbacks to respect the new rollback parameters. Note that <code class="language-plaintext highlighter-rouge">--rollback</code> cannot be used in conjunction with other flags to <code class="language-plaintext highlighter-rouge">docker service update</code>.</p> <h3 id="automatically-roll-back-if-an-update-fails">Automatically roll back if an update fails</h3> <p>You can configure a service in such a way that if an update to the service causes redeployment to fail, the service can automatically roll back to the previous configuration. This helps protect service availability. You can set one or more of the following flags at service creation or update. If you do not set a value, the default is used.</p> <table> <thead> <tr> <th style="text-align: left">Flag</th> <th style="text-align: left">Default</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--rollback-delay</code></td> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">0s</code></td> <td style="text-align: left">Amount of time to wait after rolling back a task before rolling back the next one. A value of <code class="language-plaintext highlighter-rouge">0</code> means to roll back the second task immediately after the first rolled-back task deploys.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--rollback-failure-action</code></td> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">pause</code></td> <td style="text-align: left">When a task fails to roll back, whether to <code class="language-plaintext highlighter-rouge">pause</code> or <code class="language-plaintext highlighter-rouge">continue</code> trying to roll back other tasks.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--rollback-max-failure-ratio</code></td> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">0</code></td> <td style="text-align: left">The failure rate to tolerate during a rollback, specified as a floating-point number between 0 and 1. For instance, given 5 tasks, a failure ratio of <code class="language-plaintext highlighter-rouge">.2</code> would tolerate one task failing to roll back. A value of <code class="language-plaintext highlighter-rouge">0</code> means no failure are tolerated, while a value of <code class="language-plaintext highlighter-rouge">1</code> means any number of failure are tolerated.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--rollback-monitor</code></td> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">5s</code></td> <td style="text-align: left">Duration after each task rollback to monitor for failure. If a task stops before this time period has elapsed, the rollback is considered to have failed.</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">--rollback-parallelism</code></td> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">1</code></td> <td style="text-align: left">The maximum number of tasks to roll back in parallel. By default, one task is rolled back at a time. A value of <code class="language-plaintext highlighter-rouge">0</code> causes all tasks to be rolled back in parallel.</td> </tr> </tbody> </table> <p>The following example configures a <code class="language-plaintext highlighter-rouge">redis</code> service to roll back automatically if a <code class="language-plaintext highlighter-rouge">docker service update</code> fails to deploy. Two tasks can be rolled back in parallel. Tasks are monitored for 20 seconds after rollback to be sure they do not exit, and a maximum failure ratio of 20% is tolerated. Default values are used for <code class="language-plaintext highlighter-rouge">--rollback-delay</code> and <code class="language-plaintext highlighter-rouge">--rollback-failure-action</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name=my_redis \
+                        --replicas=5 \
+                        --rollback-parallelism=2 \
+                        --rollback-monitor=20s \
+                        --rollback-max-failure-ratio=.2 \
+                        redis:latest
+</pre></div> <h3 id="give-a-service-access-to-volumes-or-bind-mounts">Give a service access to volumes or bind mounts</h3> <p>For best performance and portability, you should avoid writing important data directly into a container’s writable layer, instead using data volumes or bind mounts. This principle also applies to services.</p> <p>You can create two types of mounts for services in a swarm, <code class="language-plaintext highlighter-rouge">volume</code> mounts or <code class="language-plaintext highlighter-rouge">bind</code> mounts. Regardless of which type of mount you use, configure it using the <code class="language-plaintext highlighter-rouge">--mount</code> flag when you create a service, or the <code class="language-plaintext highlighter-rouge">--mount-add</code> or <code class="language-plaintext highlighter-rouge">--mount-rm</code> flag when updating an existing service. The default is a data volume if you don’t specify a type.</p> <h4 id="data-volumes">Data volumes</h4> <p>Data volumes are storage that exist independently of a container. The lifecycle of data volumes under swarm services is similar to that under containers. Volumes outlive tasks and services, so their removal must be managed separately. Volumes can be created before deploying a service, or if they don’t exist on a particular host when a task is scheduled there, they are created automatically according to the volume specification on the service.</p> <p>To use existing data volumes with a service use the <code class="language-plaintext highlighter-rouge">--mount</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --mount src=&lt;VOLUME-NAME&gt;,dst=&lt;CONTAINER-PATH&gt; \
+  --name myservice \
+  &lt;IMAGE&gt;
+</pre></div> <p>If a volume with the same <code class="language-plaintext highlighter-rouge">&lt;VOLUME-NAME&gt;</code> does not exist when a task is scheduled to a particular host, then one is created. The default volume driver is <code class="language-plaintext highlighter-rouge">local</code>. To use a different volume driver with this create-on-demand pattern, specify the driver and its options with the <code class="language-plaintext highlighter-rouge">--mount</code> flag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --mount type=volume,src=&lt;VOLUME-NAME&gt;,dst=&lt;CONTAINER-PATH&gt;,volume-driver=&lt;DRIVER&gt;,volume-opt=&lt;KEY0&gt;=&lt;VALUE0&gt;,volume-opt=&lt;KEY1&gt;=&lt;VALUE1&gt;
+  --name myservice \
+  &lt;IMAGE&gt;
+</pre></div> <p>For more information on how to create data volumes and the use of volume drivers, see <a href="https://docs.docker.com/storage/volumes/">Use volumes</a>.</p> <h4 id="bind-mounts">Bind mounts</h4> <p>Bind mounts are file system paths from the host where the scheduler deploys the container for the task. Docker mounts the path into the container. The file system path must exist before the swarm initializes the container for the task.</p> <p>The following examples show bind mount syntax:</p> <ul> <li> <p>To mount a read-write bind:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --mount type=bind,src=&lt;HOST-PATH&gt;,dst=&lt;CONTAINER-PATH&gt; \
+  --name myservice \
+  &lt;IMAGE&gt;
+</pre></div>  </li> <li> <p>To mount a read-only bind:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --mount type=bind,src=&lt;HOST-PATH&gt;,dst=&lt;CONTAINER-PATH&gt;,readonly \
+  --name myservice \
+  &lt;IMAGE&gt;
+</pre></div>  </li> </ul> <blockquote> <p><strong>Important</strong>: Bind mounts can be useful but they can also cause problems. In most cases, it is recommended that you architect your application such that mounting paths from the host is unnecessary. The main risks include the following:</p> <ul> <li> <p>If you bind mount a host path into your service’s containers, the path must exist on every swarm node. The Docker swarm mode scheduler can schedule containers on any machine that meets resource availability requirements and satisfies all constraints and placement preferences you specify.</p> </li> <li> <p>The Docker swarm mode scheduler may reschedule your running service containers at any time if they become unhealthy or unreachable.</p> </li> <li> <p>Host bind mounts are non-portable. When you use bind mounts, there is no guarantee that your application runs the same way in development as it does in production.</p> </li> </ul> </blockquote> <h3 id="create-services-using-templates">Create services using templates</h3> <p>You can use templates for some flags of <code class="language-plaintext highlighter-rouge">service create</code>, using the syntax provided by the Go’s <a href="https://golang.org/pkg/text/template/">text/template</a> package.</p> <p>The following flags are supported:</p> <ul> <li><code class="language-plaintext highlighter-rouge">--hostname</code></li> <li><code class="language-plaintext highlighter-rouge">--mount</code></li> <li><code class="language-plaintext highlighter-rouge">--env</code></li> </ul> <p>Valid placeholders for the Go template are:</p> <table> <thead> <tr> <th style="text-align: left">Placeholder</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Service.ID</code></td> <td style="text-align: left">Service ID</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Service.Name</code></td> <td style="text-align: left">Service name</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Service.Labels</code></td> <td style="text-align: left">Service labels</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Node.ID</code></td> <td style="text-align: left">Node ID</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Node.Hostname</code></td> <td style="text-align: left">Node hostname</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Task.Name</code></td> <td style="text-align: left">Task name</td> </tr> <tr> <td style="text-align: left"><code class="language-plaintext highlighter-rouge">.Task.Slot</code></td> <td style="text-align: left">Task slot</td> </tr> </tbody> </table> <h4 id="template-example">Template example</h4> <p>This example sets the template of the created containers based on the service’s name and the ID of the node where the container is running:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name hosttempl \
+                        --hostname="{{.Node.ID}}-{{.Service.Name}}"\
+                         busybox top
+</pre></div> <p>To see the result of using the template, use the <code class="language-plaintext highlighter-rouge">docker service ps</code> and <code class="language-plaintext highlighter-rouge">docker inspect</code> commands.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps va8ew30grofhjoychbr6iot8c
+
+ID            NAME         IMAGE                                                                                   NODE          DESIRED STATE  CURRENT STATE               ERROR  PORTS
+wo41w8hg8qan  hosttempl.1  busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912  2e7a8a9c4da2  Running        Running about a minute ago
+</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker inspect --format="{{.Config.Hostname}}" hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj
+</pre></div> <h2 id="learn-more">Learn More</h2> <ul> <li><a href="../admin_guide/index">Swarm administration guide</a></li> <li><a href="../../reference/commandline/docker/index">Docker Engine command line reference</a></li> <li><a href="../swarm-tutorial/index">Swarm mode tutorial</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=guide">guide</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=service">service</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/services/" class="_attribution-link">https://docs.docker.com/engine/swarm/services/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fstack-deploy%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fstack-deploy%2Findex.html
new file mode 100644
index 00000000..ee0e74c9
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fstack-deploy%2Findex.html
@@ -0,0 +1,127 @@
+<h1>Deploy a stack to a swarm</h1>
+
+<p>When running Docker Engine in swarm mode, you can use <code class="language-plaintext highlighter-rouge">docker stack deploy</code> to deploy a complete application stack to the swarm. The <code class="language-plaintext highlighter-rouge">deploy</code> command accepts a stack description in the form of a <a href="../../../compose/compose-file/compose-file-v3/index">Compose file</a>.</p> <p>The <code class="language-plaintext highlighter-rouge">docker stack deploy</code> command supports any Compose file of version “3.0” or above. If you have an older version, see the <a href="../../../compose/compose-file/compose-versioning/index#upgrading">upgrade guide</a>.</p> <p>To run through this tutorial, you need:</p> <ol> <li> <p>A Docker Engine running in <a href="../swarm-mode/index">swarm mode</a>. If you’re not familiar with swarm mode, you might want to read <a href="../key-concepts/index">Swarm mode key concepts</a> and <a href="../how-swarm-mode-works/services/index">How services work</a>.</p> <blockquote> <p><strong>Note</strong></p> <p>If you’re trying things out on a local development environment, you can put your engine into swarm mode with <code class="language-plaintext highlighter-rouge">docker swarm init</code>.</p> <p>If you’ve already got a multi-node swarm running, keep in mind that all <code class="language-plaintext highlighter-rouge">docker stack</code> and <code class="language-plaintext highlighter-rouge">docker service</code> commands must be run from a manager node.</p> </blockquote> </li> <li> <p>A current version of <a href="../../../compose/install/index">Docker Compose</a>.</p> </li> </ol> <h2 id="set-up-a-docker-registry">Set up a Docker registry</h2> <p>Because a swarm consists of multiple Docker Engines, a registry is required to distribute images to all of them. You can use the <a href="https://hub.docker.com">Docker Hub</a> or maintain your own. Here’s how to create a throwaway registry, which you can discard afterward.</p> <ol> <li> <p>Start the registry as a service on your swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name registry --publish published=5000,target=5000 registry:2
+</pre></div>  </li> <li> <p>Check its status with <code class="language-plaintext highlighter-rouge">docker service ls</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME      REPLICAS  IMAGE                                                                               COMMAND
+l7791tpuwkco  registry  1/1       registry:2@sha256:1152291c7f93a4ea2ddc95e46d142c31e743b6dd70e194af9e6ebe530f782c17
+</pre></div>  <p>Once it reads <code class="language-plaintext highlighter-rouge">1/1</code> under <code class="language-plaintext highlighter-rouge">REPLICAS</code>, it’s running. If it reads <code class="language-plaintext highlighter-rouge">0/1</code>, it’s probably still pulling the image.</p> </li> <li> <p>Check that it’s working with <code class="language-plaintext highlighter-rouge">curl</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl http://localhost:5000/v2/
+
+{}
+</pre></div>  </li> </ol> <h2 id="create-the-example-application">Create the example application</h2> <p>The app used in this guide is based on the hit counter app in the <a href="../../../compose/gettingstarted/index">Get started with Docker Compose</a> guide. It consists of a Python app which maintains a counter in a Redis instance and increments the counter whenever you visit it.</p> <ol> <li> <p>Create a directory for the project:</p> <div class="highlight"><pre class="highlight" data-language="">$ mkdir stackdemo
+$ cd stackdemo
+</pre></div>  </li> <li> <p>Create a file called <code class="language-plaintext highlighter-rouge">app.py</code> in the project directory and paste this in:</p> <div class="highlight"><pre class="highlight" data-language="">from flask import Flask
+from redis import Redis
+
+app = Flask(__name__)
+redis = Redis(host='redis', port=6379)
+
+@app.route('/')
+def hello():
+    count = redis.incr('hits')
+    return 'Hello World! I have been seen {} times.\n'.format(count)
+
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", port=8000, debug=True)
+</pre></div>  </li> <li> <p>Create a file called <code class="language-plaintext highlighter-rouge">requirements.txt</code> and paste these two lines in:</p> <pre>flask
+redis
+</pre> </li> <li> <p>Create a file called <code class="language-plaintext highlighter-rouge">Dockerfile</code> and paste this in:</p> <div class="highlight"><pre class="highlight" data-language=""># syntax=docker/dockerfile:1
+FROM python:3.4-alpine
+ADD . /code
+WORKDIR /code
+RUN pip install -r requirements.txt
+CMD ["python", "app.py"]
+</pre></div>  </li> <li> <p>Create a file called <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> and paste this in:</p> <pre>version: "3.9"
+
+services:
+  web:
+    image: 127.0.0.1:5000/stackdemo
+    build: .
+    ports:
+      - "8000:8000"
+  redis:
+    image: redis:alpine
+</pre> <p>The image for the web app is built using the Dockerfile defined above. It’s also tagged with <code class="language-plaintext highlighter-rouge">127.0.0.1:5000</code> - the address of the registry created earlier. This is important when distributing the app to the swarm.</p> </li> </ol> <h2 id="test-the-app-with-compose">Test the app with Compose</h2> <ol> <li> <p>Start the app with <code class="language-plaintext highlighter-rouge">docker-compose up</code>. This builds the web app image, pulls the Redis image if you don’t already have it, and creates two containers.</p> <p>You see a warning about the Engine being in swarm mode. This is because Compose doesn’t take advantage of swarm mode, and deploys everything to a single node. You can safely ignore this.</p> <pre>$ docker-compose up -d
+
+WARNING: The Docker Engine you're using is running in swarm mode.
+
+Compose does not use swarm mode to deploy services to multiple nodes in
+a swarm. All containers are scheduled on the current node.
+
+To deploy your application across the swarm, use `docker stack deploy`.
+
+Creating network "stackdemo_default" with the default driver
+Building web
+...(build output)...
+Creating stackdemo_redis_1
+Creating stackdemo_web_1
+</pre> </li> <li> <p>Check that the app is running with <code class="language-plaintext highlighter-rouge">docker-compose ps</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose ps
+
+      Name                     Command               State           Ports
+-----------------------------------------------------------------------------------
+stackdemo_redis_1   docker-entrypoint.sh redis ...   Up      6379/tcp
+stackdemo_web_1     python app.py                    Up      0.0.0.0:8000-&gt;8000/tcp
+</pre></div>  <p>You can test the app with <code class="language-plaintext highlighter-rouge">curl</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl http://localhost:8000
+Hello World! I have been seen 1 times.
+
+$ curl http://localhost:8000
+Hello World! I have been seen 2 times.
+
+$ curl http://localhost:8000
+Hello World! I have been seen 3 times.
+</pre></div>  </li> <li> <p>Bring the app down:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose down --volumes
+
+Stopping stackdemo_web_1 ... done
+Stopping stackdemo_redis_1 ... done
+Removing stackdemo_web_1 ... done
+Removing stackdemo_redis_1 ... done
+Removing network stackdemo_default
+</pre></div>  </li> </ol> <h2 id="push-the-generated-image-to-the-registry">Push the generated image to the registry</h2> <p>To distribute the web app’s image across the swarm, it needs to be pushed to the registry you set up earlier. With Compose, this is very simple:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-compose push
+
+Pushing web (127.0.0.1:5000/stackdemo:latest)...
+The push refers to a repository [127.0.0.1:5000/stackdemo]
+5b5a49501a76: Pushed
+be44185ce609: Pushed
+bd7330a79bcf: Pushed
+c9fc143a069a: Pushed
+011b303988d2: Pushed
+latest: digest: sha256:a81840ebf5ac24b42c1c676cbda3b2cb144580ee347c07e1bc80e35e5ca76507 size: 1372
+</pre></div> <p>The stack is now ready to be deployed.</p> <h2 id="deploy-the-stack-to-the-swarm">Deploy the stack to the swarm</h2> <ol> <li> <p>Create the stack with <code class="language-plaintext highlighter-rouge">docker stack deploy</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack deploy --compose-file docker-compose.yml stackdemo
+
+Ignoring unsupported options: build
+
+Creating network stackdemo_default
+Creating service stackdemo_web
+Creating service stackdemo_redis
+</pre></div>  <p>The last argument is a name for the stack. Each network, volume and service name is prefixed with the stack name.</p> </li> <li> <p>Check that it’s running with <code class="language-plaintext highlighter-rouge">docker stack services stackdemo</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack services stackdemo
+
+ID            NAME             MODE        REPLICAS  IMAGE
+orvjk2263y1p  stackdemo_redis  replicated  1/1       redis:3.2-alpine@sha256:f1ed3708f538b537eb9c2a7dd50dc90a706f7debd7e1196c9264edeea521a86d
+s1nf0xy8t1un  stackdemo_web    replicated  1/1       127.0.0.1:5000/stackdemo@sha256:adb070e0805d04ba2f92c724298370b7a4eb19860222120d43e0f6351ddbc26f
+</pre></div>  <p>Once it’s running, you should see <code class="language-plaintext highlighter-rouge">1/1</code> under <code class="language-plaintext highlighter-rouge">REPLICAS</code> for both services. This might take some time if you have a multi-node swarm, as images need to be pulled.</p> <p>As before, you can test the app with <code class="language-plaintext highlighter-rouge">curl</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl http://localhost:8000
+Hello World! I have been seen 1 times.
+
+$ curl http://localhost:8000
+Hello World! I have been seen 2 times.
+
+$ curl http://localhost:8000
+Hello World! I have been seen 3 times.
+</pre></div>  <p>Thanks to Docker’s built-in routing mesh, you can access any node in the swarm on port 8000 and get routed to the app:</p> <div class="highlight"><pre class="highlight" data-language="">$ curl http://address-of-other-node:8000
+Hello World! I have been seen 4 times.
+</pre></div>  </li> <li> <p>Bring the stack down with <code class="language-plaintext highlighter-rouge">docker stack rm</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack rm stackdemo
+
+Removing service stackdemo_web
+Removing service stackdemo_redis
+Removing network stackdemo_default
+</pre></div>  </li> <li> <p>Bring the registry down with <code class="language-plaintext highlighter-rouge">docker service rm</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm registry
+</pre></div>  </li> <li> <p>If you’re just testing things out on a local machine and want to bring your Docker Engine out of swarm mode, use <code class="language-plaintext highlighter-rouge">docker swarm leave</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm leave --force
+
+Node left the swarm.
+</pre></div>  </li> </ol> 
+<p><a href="https://docs.docker.com/search/?q=guide">guide</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a>, <a href="https://docs.docker.com/search/?q=composefile">composefile</a>, <a href="https://docs.docker.com/search/?q=stack">stack</a>, <a href="https://docs.docker.com/search/?q=compose">compose</a>, <a href="https://docs.docker.com/search/?q=deploy">deploy</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/stack-deploy/" class="_attribution-link">https://docs.docker.com/engine/swarm/stack-deploy/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-mode%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-mode%2Findex.html
new file mode 100644
index 00000000..c84079cb
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-mode%2Findex.html
@@ -0,0 +1,55 @@
+<h1>Run Docker Engine in swarm mode</h1>
+
+<p>When you first install and start working with Docker Engine, swarm mode is disabled by default. When you enable swarm mode, you work with the concept of services managed through the <code class="language-plaintext highlighter-rouge">docker service</code> command.</p> <p>There are two ways to run the Engine in swarm mode:</p> <ul> <li>Create a new swarm, covered in this article.</li> <li>
+<a href="../join-nodes/index">Join an existing swarm</a>.</li> </ul> <p>When you run the Engine in swarm mode on your local machine, you can create and test services based upon images you’ve created or other available images. In your production environment, swarm mode provides a fault-tolerant platform with cluster management features to keep your services running and available.</p> <p>These instructions assume you have installed the Docker Engine 1.12 or later on a machine to serve as a manager node in your swarm.</p> <p>If you haven’t already, read through the <a href="../key-concepts/index">swarm mode key concepts</a> and try the <a href="../swarm-tutorial/index">swarm mode tutorial</a>.</p> <h2 id="create-a-swarm">Create a swarm</h2> <p>When you run the command to create a swarm, the Docker Engine starts running in swarm mode.</p> <p>Run <a href="../../reference/commandline/swarm_init/index"><code class="language-plaintext highlighter-rouge">docker swarm init</code></a> to create a single-node swarm on the current node. The Engine sets up the swarm as follows:</p> <ul> <li>switches the current node into swarm mode.</li> <li>creates a swarm named <code class="language-plaintext highlighter-rouge">default</code>.</li> <li>designates the current node as a leader manager node for the swarm.</li> <li>names the node with the machine hostname.</li> <li>configures the manager to listen on an active network interface on port 2377.</li> <li>sets the current node to <code class="language-plaintext highlighter-rouge">Active</code> availability, meaning it can receive tasks from the scheduler.</li> <li>starts an internal distributed data store for Engines participating in the swarm to maintain a consistent view of the swarm and all services running on it.</li> <li>by default, generates a self-signed root CA for the swarm.</li> <li>by default, generates tokens for worker and manager nodes to join the swarm.</li> <li>creates an overlay network named <code class="language-plaintext highlighter-rouge">ingress</code> for publishing service ports external to the swarm.</li> <li>creates an overlay default IP addresses and subnet mask for your networks</li> </ul> <p>The output for <code class="language-plaintext highlighter-rouge">docker swarm init</code> provides the connection command to use when you join new worker nodes to the swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init
+Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
+    192.168.99.100:2377
+
+To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
+</pre></div> <h3 id="configuring-default-address-pools">Configuring default address pools</h3> <p>By default Docker Swarm uses a default address pool <code class="language-plaintext highlighter-rouge">10.0.0.0/8</code> for global scope (overlay) networks. Every network that does not have a subnet specified will have a subnet sequentially allocated from this pool. In some circumstances it may be desirable to use a different default IP address pool for networks.</p> <p>For example, if the default <code class="language-plaintext highlighter-rouge">10.0.0.0/8</code> range conflicts with already allocated address space in your network, then it is desirable to ensure that networks use a different range without requiring Swarm users to specify each subnet with the <code class="language-plaintext highlighter-rouge">--subnet</code> command.</p> <p>To configure custom default address pools, you must define pools at Swarm initialization using the <code class="language-plaintext highlighter-rouge">--default-addr-pool</code> command line option. This command line option uses CIDR notation for defining the subnet mask. To create the custom address pool for Swarm, you must define at least one default address pool, and an optional default address pool subnet mask. For example, for the <code class="language-plaintext highlighter-rouge">10.0.0.0/27</code>, use the value <code class="language-plaintext highlighter-rouge">27</code>.</p> <p>Docker allocates subnet addresses from the address ranges specified by the <code class="language-plaintext highlighter-rouge">--default-addr-pool</code> option. For example, a command line option <code class="language-plaintext highlighter-rouge">--default-addr-pool 10.10.0.0/16</code> indicates that Docker will allocate subnets from that <code class="language-plaintext highlighter-rouge">/16</code> address range. If <code class="language-plaintext highlighter-rouge">--default-addr-pool-mask-len</code> were unspecified or set explicitly to 24, this would result in 256 <code class="language-plaintext highlighter-rouge">/24</code> networks of the form <code class="language-plaintext highlighter-rouge">10.10.X.0/24</code>.</p> <p>The subnet range comes from the <code class="language-plaintext highlighter-rouge">--default-addr-pool</code>, (such as <code class="language-plaintext highlighter-rouge">10.10.0.0/16</code>). The size of 16 there represents the number of networks one can create within that <code class="language-plaintext highlighter-rouge">default-addr-pool</code> range. The <code class="language-plaintext highlighter-rouge">--default-addr-pool</code> option may occur multiple times with each option providing additional addresses for docker to use for overlay subnets.</p> <p>The format of the command is:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --default-addr-pool &lt;IP range in CIDR&gt; [--default-addr-pool &lt;IP range in CIDR&gt; --default-addr-pool-mask-length &lt;CIDR value&gt;]
+</pre></div> <p>To create a default IP address pool with a /16 (class B) for the 10.20.0.0 network looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --default-addr-pool 10.20.0.0/16
+</pre></div> <p>To create a default IP address pool with a <code class="language-plaintext highlighter-rouge">/16</code> (class B) for the <code class="language-plaintext highlighter-rouge">10.20.0.0</code> and <code class="language-plaintext highlighter-rouge">10.30.0.0</code> networks, and to create a subnet mask of <code class="language-plaintext highlighter-rouge">/26</code> for each network looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --default-addr-pool 10.20.0.0/16 --default-addr-pool 10.30.0.0/16 --default-addr-pool-mask-length 26
+</pre></div> <p>In this example, <code class="language-plaintext highlighter-rouge">docker network create -d overlay net1</code> will result in <code class="language-plaintext highlighter-rouge">10.20.0.0/26</code> as the allocated subnet for <code class="language-plaintext highlighter-rouge">net1</code>, and <code class="language-plaintext highlighter-rouge">docker network create -d overlay net2</code> will result in <code class="language-plaintext highlighter-rouge">10.20.0.64/26</code> as the allocated subnet for <code class="language-plaintext highlighter-rouge">net2</code>. This continues until all the subnets are exhausted.</p> <p>Refer to the following pages for more information:</p> <ul> <li>
+<a href="https://docs.docker.com/network/overlay">Swarm networking</a> for more information about the default address pool usage</li> <li>
+<code class="language-plaintext highlighter-rouge">docker swarm init</code> <a href="../../reference/commandline/swarm_init/index">CLI reference</a> for more detail on the <code class="language-plaintext highlighter-rouge">--default-addr-pool</code> flag.</li> </ul> <h3 id="configure-the-advertise-address">Configure the advertise address</h3> <p>Manager nodes use an advertise address to allow other nodes in the swarm access to the Swarmkit API and overlay networking. The other nodes on the swarm must be able to access the manager node on its advertise address.</p> <p>If you don’t specify an advertise address, Docker checks if the system has a single IP address. If so, Docker uses the IP address with the listening port <code class="language-plaintext highlighter-rouge">2377</code> by default. If the system has multiple IP addresses, you must specify the correct <code class="language-plaintext highlighter-rouge">--advertise-addr</code> to enable inter-manager communication and overlay networking:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --advertise-addr &lt;MANAGER-IP&gt;
+</pre></div> <p>You must also specify the <code class="language-plaintext highlighter-rouge">--advertise-addr</code> if the address where other nodes reach the first manager node is not the same address the manager sees as its own. For instance, in a cloud setup that spans different regions, hosts have both internal addresses for access within the region and external addresses that you use for access from outside that region. In this case, specify the external address with <code class="language-plaintext highlighter-rouge">--advertise-addr</code> so that the node can propagate that information to other nodes that subsequently connect to it.</p> <p>Refer to the <code class="language-plaintext highlighter-rouge">docker swarm init</code> <a href="../../reference/commandline/swarm_init/index">CLI reference</a> for more detail on the advertise address.</p> <h3 id="view-the-join-command-or-update-a-swarm-join-token">View the join command or update a swarm join token</h3> <p>Nodes require a secret token to join the swarm. The token for worker nodes is different from the token for manager nodes. Nodes only use the join-token at the moment they join the swarm. Rotating the join token after a node has already joined a swarm does not affect the node’s swarm membership. Token rotation ensures an old token cannot be used by any new nodes attempting to join the swarm.</p> <p>To retrieve the join command including the join token for worker nodes, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token worker
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
+    192.168.99.100:2377
+
+This node joined a swarm as a worker.
+</pre></div> <p>To view the join command and token for manager nodes, run:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token manager
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-59egwe8qangbzbqb3ryawxzk3jn97ifahlsrw01yar60pmkr90-bdjfnkcflhooyafetgjod97sz \
+    192.168.99.100:2377
+</pre></div> <p>Pass the <code class="language-plaintext highlighter-rouge">--quiet</code> flag to print only the token:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token --quiet worker
+
+SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c
+</pre></div> <p>Be careful with the join tokens because they are the secrets necessary to join the swarm. In particular, checking a secret into version control is a bad practice because it would allow anyone with access to the application source code to add new nodes to the swarm. Manager tokens are especially sensitive because they allow a new manager node to join and gain control over the whole swarm.</p> <p>We recommend that you rotate the join tokens in the following circumstances:</p> <ul> <li>If a token was checked-in by accident into a version control system, group chat or accidentally printed to your logs.</li> <li>If you suspect a node has been compromised.</li> <li>If you wish to guarantee that no new nodes can join the swarm.</li> </ul> <p>Additionally, it is a best practice to implement a regular rotation schedule for any secret including swarm join tokens. We recommend that you rotate your tokens at least every 6 months.</p> <p>Run <code class="language-plaintext highlighter-rouge">swarm join-token --rotate</code> to invalidate the old token and generate a new token. Specify whether you want to rotate the token for <code class="language-plaintext highlighter-rouge">worker</code> or <code class="language-plaintext highlighter-rouge">manager</code> nodes:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token  --rotate worker
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-2kscvs0zuymrsc9t0ocyy1rdns9dhaodvpl639j2bqx55uptag-ebmn5u927reawo27s3azntd44 \
+    192.168.99.100:2377
+</pre></div> <h2 id="learn-more">Learn more</h2> <ul> <li><a href="../join-nodes/index">Join nodes to a swarm</a></li> <li>
+<code class="language-plaintext highlighter-rouge">swarm init</code> <a href="../../reference/commandline/swarm_init/index">command line reference</a>
+</li> <li><a href="../swarm-tutorial/index">Swarm mode tutorial</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=guide">guide</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a>, <a href="https://docs.docker.com/search/?q=node">node</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-mode/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-mode/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fadd-nodes%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fadd-nodes%2Findex.html
new file mode 100644
index 00000000..1d53eff2
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fadd-nodes%2Findex.html
@@ -0,0 +1,32 @@
+<h1>Add nodes to the swarm</h1>
+
+<p>Once you’ve <a href="../create-swarm/index">created a swarm</a> with a manager node, you’re ready to add worker nodes.</p> <ol> <li> <p>Open a terminal and ssh into the machine where you want to run a worker node. This tutorial uses the name <code class="language-plaintext highlighter-rouge">worker1</code>.</p> </li> <li> <p>Run the command produced by the <code class="language-plaintext highlighter-rouge">docker swarm init</code> output from the <a href="../create-swarm/index">Create a swarm</a> tutorial step to create a worker node joined to the existing swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join \
+  --token  SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
+  192.168.99.100:2377
+
+This node joined a swarm as a worker.
+</pre></div>  <p>If you don’t have the command available, you can run the following command on a manager node to retrieve the join command for a worker:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join-token worker
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
+    192.168.99.100:2377
+</pre></div>  </li> <li> <p>Open a terminal and ssh into the machine where you want to run a second worker node. This tutorial uses the name <code class="language-plaintext highlighter-rouge">worker2</code>.</p> </li> <li> <p>Run the command produced by the <code class="language-plaintext highlighter-rouge">docker swarm init</code> output from the <a href="../create-swarm/index">Create a swarm</a> tutorial step to create a second worker node joined to the existing swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm join \
+  --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
+  192.168.99.100:2377
+
+This node joined a swarm as a worker.
+</pre></div>  </li> <li> <p>Open a terminal and ssh into the machine where the manager node runs and run the <code class="language-plaintext highlighter-rouge">docker node ls</code> command to see the worker nodes:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+03g1y59jwfg7cf99w4lt0f662    worker2   Ready   Active
+9j68exjopxe7wfl6yuxml7a7j    worker1   Ready   Active
+dxn1zf6l61qsb1josjja83ngz *  manager1  Ready   Active        Leader
+</pre></div>  <p>The <code class="language-plaintext highlighter-rouge">MANAGER</code> column identifies the manager nodes in the swarm. The empty status in this column for <code class="language-plaintext highlighter-rouge">worker1</code> and <code class="language-plaintext highlighter-rouge">worker2</code> identifies them as worker nodes.</p> <p>Swarm management commands like <code class="language-plaintext highlighter-rouge">docker node ls</code> only work on manager nodes.</p> </li> </ol> <h2 id="whats-next">What’s next?</h2> <p>Now your swarm consists of a manager and two worker nodes. In the next step of the tutorial, you <a href="../deploy-service/index">deploy a service</a> to the swarm.</p> 
+<p><a href="https://docs.docker.com/search/?q=tutorial">tutorial</a>, <a href="https://docs.docker.com/search/?q=cluster%20management">cluster management</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-tutorial/add-nodes/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-tutorial/add-nodes/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fcreate-swarm%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fcreate-swarm%2Findex.html
new file mode 100644
index 00000000..fb108639
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fcreate-swarm%2Findex.html
@@ -0,0 +1,40 @@
+<h1>Create a swarm</h1>
+
+<p>After you complete the <a href="../index">tutorial setup</a> steps, you’re ready to create a swarm. Make sure the Docker Engine daemon is started on the host machines.</p> <ol> <li> <p>Open a terminal and ssh into the machine where you want to run your manager node. This tutorial uses a machine named <code class="language-plaintext highlighter-rouge">manager1</code>. If you use Docker Machine, you can connect to it via SSH using the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker-machine ssh manager1
+</pre></div>  </li> <li> <p>Run the following command to create a new swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --advertise-addr &lt;MANAGER-IP&gt;
+</pre></div>  <blockquote> <p><strong>Note</strong>: If you are using Docker Desktop for Mac or Docker Desktop for Windows to test single-node swarm, simply run <code class="language-plaintext highlighter-rouge">docker swarm init</code> with no arguments. There is no need to specify <code class="language-plaintext highlighter-rouge">--advertise-addr</code> in this case. To learn more, see the topic on how to <a href="../index#use-docker-desktop-for-mac-or-docker-desktop-for-windows">Use Docker Desktop for Mac or Docker Desktop for Windows</a> with Swarm.</p> </blockquote> <p>In the tutorial, the following command creates a swarm on the <code class="language-plaintext highlighter-rouge">manager1</code> machine:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --advertise-addr 192.168.99.100
+Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
+    192.168.99.100:2377
+
+To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
+</pre></div>  <p>The <code class="language-plaintext highlighter-rouge">--advertise-addr</code> flag configures the manager node to publish its address as <code class="language-plaintext highlighter-rouge">192.168.99.100</code>. The other nodes in the swarm must be able to access the manager at the IP address.</p> <p>The output includes the commands to join new nodes to the swarm. Nodes will join as managers or workers depending on the value for the <code class="language-plaintext highlighter-rouge">--token</code> flag.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker info</code> to view the current state of the swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker info
+
+Containers: 2
+Running: 0
+Paused: 0
+Stopped: 2
+  ...snip...
+Swarm: active
+  NodeID: dxn1zf6l61qsb1josjja83ngz
+  Is Manager: true
+  Managers: 1
+  Nodes: 1
+  ...snip...
+</pre></div>  </li> <li> <p>Run the <code class="language-plaintext highlighter-rouge">docker node ls</code> command to view information about nodes:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls
+
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+dxn1zf6l61qsb1josjja83ngz *  manager1  Ready   Active        Leader
+
+</pre></div>  <p>The <code class="language-plaintext highlighter-rouge">*</code> next to the node ID indicates that you’re currently connected on this node.</p> <p>Docker Engine swarm mode automatically names the node for the machine host name. The tutorial covers other columns in later steps.</p> </li> </ol> <h2 id="whats-next">What’s next?</h2> <p>In the next section of the tutorial, we <a href="../add-nodes/index">add two more nodes</a> to the cluster.</p> 
+<p><a href="https://docs.docker.com/search/?q=tutorial">tutorial</a>, <a href="https://docs.docker.com/search/?q=cluster%20management">cluster management</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-tutorial/create-swarm/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-tutorial/create-swarm/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fdelete-service%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fdelete-service%2Findex.html
new file mode 100644
index 00000000..3587719b
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fdelete-service%2Findex.html
@@ -0,0 +1,27 @@
+<h1>Delete the service running on the swarm</h1>
+<p>The remaining steps in the tutorial don’t use the <code class="language-plaintext highlighter-rouge">helloworld</code> service, so now you can delete the service from the swarm.</p> <ol> <li> <p>If you haven’t already, open a terminal and ssh into the machine where you run your manager node. For example, the tutorial uses a machine named <code class="language-plaintext highlighter-rouge">manager1</code>.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service rm helloworld</code> to remove the <code class="language-plaintext highlighter-rouge">helloworld</code> service.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm helloworld
+
+helloworld
+</pre></div>  </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service inspect &lt;SERVICE-ID&gt;</code> to verify that the swarm manager removed the service. The CLI returns a message that the service is not found:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect helloworld
+[]
+Error: no such service: helloworld
+</pre></div>  </li> <li> <p>Even though the service no longer exists, the task containers take a few seconds to clean up. You can use <code class="language-plaintext highlighter-rouge">docker ps</code> on the nodes to verify when the tasks have been removed.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps
+
+CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS     NAMES
+db1651f50347        alpine:latest       "ping docker.com"        44 minutes ago      Up 46 seconds                 helloworld.5.9lkmos2beppihw95vdwxy1j3w
+43bf6e532a92        alpine:latest       "ping docker.com"        44 minutes ago      Up 46 seconds                 helloworld.3.a71i8rp6fua79ad43ycocl4t2
+5a0fb65d8fa7        alpine:latest       "ping docker.com"        44 minutes ago      Up 45 seconds                 helloworld.2.2jpgensh7d935qdc857pxulfr
+afb0ba67076f        alpine:latest       "ping docker.com"        44 minutes ago      Up 46 seconds                 helloworld.4.1c47o7tluz7drve4vkm2m5olx
+688172d3bfaa        alpine:latest       "ping docker.com"        45 minutes ago      Up About a minute             helloworld.1.74nbhb3fhud8jfrhigd7s29we
+
+$ docker ps
+CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS     NAMES
+
+</pre></div>  </li> </ol> <h2 id="whats-next">What’s next?</h2> <p>In the next step of the tutorial, you set up a new service and apply a <a href="../rolling-update/index">rolling update</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=tutorial">tutorial</a>, <a href="https://docs.docker.com/search/?q=cluster%20management">cluster management</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=service">service</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-tutorial/delete-service/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-tutorial/delete-service/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fdeploy-service%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fdeploy-service%2Findex.html
new file mode 100644
index 00000000..38aad034
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fdeploy-service%2Findex.html
@@ -0,0 +1,16 @@
+<h1>Deploy a service to the swarm</h1>
+<p>After you <a href="../create-swarm/index">create a swarm</a>, you can deploy a service to the swarm. For this tutorial, you also <a href="../add-nodes/index">added worker nodes</a>, but that is not a requirement to deploy a service.</p> <ol> <li> <p>Open a terminal and ssh into the machine where you run your manager node. For example, the tutorial uses a machine named <code class="language-plaintext highlighter-rouge">manager1</code>.</p> </li> <li> <p>Run the following command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --replicas 1 --name helloworld alpine ping docker.com
+
+9uk4639qpg7npwf3fn2aasksr
+</pre></div>  <ul> <li>The <code class="language-plaintext highlighter-rouge">docker service create</code> command creates the service.</li> <li>The <code class="language-plaintext highlighter-rouge">--name</code> flag names the service <code class="language-plaintext highlighter-rouge">helloworld</code>.</li> <li>The <code class="language-plaintext highlighter-rouge">--replicas</code> flag specifies the desired state of 1 running instance.</li> <li>The arguments <code class="language-plaintext highlighter-rouge">alpine ping docker.com</code> define the service as an Alpine Linux container that executes the command <code class="language-plaintext highlighter-rouge">ping docker.com</code>.</li> </ul> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service ls</code> to see the list of running services:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+
+ID            NAME        SCALE  IMAGE   COMMAND
+9uk4639qpg7n  helloworld  1/1    alpine  ping docker.com
+</pre></div>  </li> </ol> <h2 id="whats-next">What’s next?</h2> <p>Now you’ve deployed a service to the swarm, you’re ready to <a href="../inspect-service/index">inspect the service</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=tutorial">tutorial</a>, <a href="https://docs.docker.com/search/?q=cluster%20management">cluster management</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-tutorial/deploy-service/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-tutorial/deploy-service/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fdrain-node%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fdrain-node%2Findex.html
new file mode 100644
index 00000000..965efcb0
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fdrain-node%2Findex.html
@@ -0,0 +1,54 @@
+<h1>Drain a node on the swarm</h1>
+
+<p>In earlier steps of the tutorial, all the nodes have been running with <code class="language-plaintext highlighter-rouge">ACTIVE</code> availability. The swarm manager can assign tasks to any <code class="language-plaintext highlighter-rouge">ACTIVE</code> node, so up to now all nodes have been available to receive tasks.</p> <p>Sometimes, such as planned maintenance times, you need to set a node to <code class="language-plaintext highlighter-rouge">DRAIN</code> availability. <code class="language-plaintext highlighter-rouge">DRAIN</code> availability prevents a node from receiving new tasks from the swarm manager. It also means the manager stops tasks running on the node and launches replica tasks on a node with <code class="language-plaintext highlighter-rouge">ACTIVE</code> availability.</p> <blockquote class="important"> <p><strong>Important</strong>: Setting a node to <code class="language-plaintext highlighter-rouge">DRAIN</code> does not remove standalone containers from that node, such as those created with <code class="language-plaintext highlighter-rouge">docker run</code>, <code class="language-plaintext highlighter-rouge">docker-compose up</code>, or the Docker Engine API. A node’s status, including <code class="language-plaintext highlighter-rouge">DRAIN</code>, only affects the node’s ability to schedule swarm service workloads.</p> </blockquote> <ol> <li> <p>If you haven’t already, open a terminal and ssh into the machine where you run your manager node. For example, the tutorial uses a machine named <code class="language-plaintext highlighter-rouge">manager1</code>.</p> </li> <li> <p>Verify that all your nodes are actively available.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node ls
+
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+1bcef6utixb0l0ca7gxuivsj0    worker2   Ready   Active
+38ciaotwjuritcdtn9npbnkuz    worker1   Ready   Active
+e216jshn25ckzbvmwlnh5jr3g *  manager1  Ready   Active        Leader
+</pre></div>  </li> <li> <p>If you aren’t still running the <code class="language-plaintext highlighter-rouge">redis</code> service from the <a href="../rolling-update/index">rolling update</a> tutorial, start it now:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --replicas 3 --name redis --update-delay 10s redis:3.0.6
+
+c5uo6kdmzpon37mgj9mwglcfw
+</pre></div>  </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service ps redis</code> to see how the swarm manager assigned the tasks to different nodes:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps redis
+
+NAME                               IMAGE        NODE     DESIRED STATE  CURRENT STATE
+redis.1.7q92v0nr1hcgts2amcjyqg3pq  redis:3.0.6  manager1 Running        Running 26 seconds
+redis.2.7h2l8h3q3wqy5f66hlv9ddmi6  redis:3.0.6  worker1  Running        Running 26 seconds
+redis.3.9bg7cezvedmkgg6c8yzvbhwsd  redis:3.0.6  worker2  Running        Running 26 seconds
+</pre></div>  <p>In this case the swarm manager distributed one task to each node. You may see the tasks distributed differently among the nodes in your environment.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker node update --availability drain &lt;NODE-ID&gt;</code> to drain a node that had a task assigned to it:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --availability drain worker1
+
+worker1
+</pre></div>  </li> <li> <p>Inspect the node to check its availability:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node inspect --pretty worker1
+
+ID:			38ciaotwjuritcdtn9npbnkuz
+Hostname:		worker1
+Status:
+ State:			Ready
+ Availability:		Drain
+...snip...
+</pre></div>  <p>The drained node shows <code class="language-plaintext highlighter-rouge">Drain</code> for <code class="language-plaintext highlighter-rouge">AVAILABILITY</code>.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service ps redis</code> to see how the swarm manager updated the task assignments for the <code class="language-plaintext highlighter-rouge">redis</code> service:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps redis
+
+NAME                                    IMAGE        NODE      DESIRED STATE  CURRENT STATE           ERROR
+redis.1.7q92v0nr1hcgts2amcjyqg3pq       redis:3.0.6  manager1  Running        Running 4 minutes
+redis.2.b4hovzed7id8irg1to42egue8       redis:3.0.6  worker2   Running        Running About a minute
+ \_ redis.2.7h2l8h3q3wqy5f66hlv9ddmi6   redis:3.0.6  worker1   Shutdown       Shutdown 2 minutes ago
+redis.3.9bg7cezvedmkgg6c8yzvbhwsd       redis:3.0.6  worker2   Running        Running 4 minutes
+</pre></div>  <p>The swarm manager maintains the desired state by ending the task on a node with <code class="language-plaintext highlighter-rouge">Drain</code> availability and creating a new task on a node with <code class="language-plaintext highlighter-rouge">Active</code> availability.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker node update --availability active &lt;NODE-ID&gt;</code> to return the drained node to an active state:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node update --availability active worker1
+
+worker1
+</pre></div>  </li> <li> <p>Inspect the node to see the updated state:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker node inspect --pretty worker1
+
+ID:			38ciaotwjuritcdtn9npbnkuz
+Hostname:		worker1
+Status:
+ State:			Ready
+ Availability:		Active
+...snip...
+</pre></div>  <p>When you set the node back to <code class="language-plaintext highlighter-rouge">Active</code> availability, it can receive new tasks:</p> <ul> <li>during a service update to scale up</li> <li>during a rolling update</li> <li>when you set another node to <code class="language-plaintext highlighter-rouge">Drain</code> availability</li> <li>when a task fails on another active node</li> </ul> </li> </ol> <h2 id="whats-next">What’s next?</h2> <p>Learn how to <a href="../../ingress/index">use a swarm mode routing mesh</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=tutorial">tutorial</a>, <a href="https://docs.docker.com/search/?q=cluster%20management">cluster management</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=service">service</a>, <a href="https://docs.docker.com/search/?q=drain">drain</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-tutorial/drain-node/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-tutorial/drain-node/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Findex.html
new file mode 100644
index 00000000..5bde29d4
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Findex.html
@@ -0,0 +1,13 @@
+<h1>Getting started with swarm mode</h1>
+
+<p>This tutorial introduces you to the features of Docker Engine Swarm mode. You may want to familiarize yourself with the <a href="../key-concepts/index">key concepts</a> before you begin.</p> <p>The tutorial guides you through the following activities:</p> <ul> <li>initializing a cluster of Docker Engines in swarm mode</li> <li>adding nodes to the swarm</li> <li>deploying application services to the swarm</li> <li>managing the swarm once you have everything running</li> </ul> <p>This tutorial uses Docker Engine CLI commands entered on the command line of a terminal window.</p> <p>If you are brand new to Docker, see <a href="../../index">About Docker Engine</a>.</p> <h2 id="set-up">Set up</h2> <p>To run this tutorial, you need the following:</p> <ul> <li><a href="#three-networked-host-machines">three Linux hosts which can communicate over a network, with Docker installed</a></li> <li><a href="#the-ip-address-of-the-manager-machine">the IP address of the manager machine</a></li> <li><a href="#open-protocols-and-ports-between-the-hosts">open ports between the hosts</a></li> </ul> <h3 id="three-networked-host-machines">Three networked host machines</h3> <p>This tutorial requires three Linux hosts which have Docker installed and can communicate over a network. These can be physical machines, virtual machines, Amazon EC2 instances, or hosted in some other way. Check out <a href="../../../get-started/swarm-deploy/index#prerequisites">Getting started - Swarms</a> for one possible set-up for the hosts.</p> <p>One of these machines is a manager (called <code class="language-plaintext highlighter-rouge">manager1</code>) and two of them are workers (<code class="language-plaintext highlighter-rouge">worker1</code> and <code class="language-plaintext highlighter-rouge">worker2</code>).</p> <blockquote> <p><strong>Note</strong>: You can follow many of the tutorial steps to test single-node swarm as well, in which case you need only one host. Multi-node commands do not work, but you can initialize a swarm, create services, and scale them.</p> </blockquote> <h4 id="install-docker-engine-on-linux-machines">Install Docker Engine on Linux machines</h4> <p>If you are using Linux based physical computers or cloud-provided computers as hosts, simply follow the <a href="../../install/index">Linux install instructions</a> for your platform. Spin up the three machines, and you are ready. You can test both single-node and multi-node swarm scenarios on Linux machines.</p> <h4 id="use-docker-desktop-for-mac-or-docker-desktop-for-windows">Use Docker Desktop for Mac or Docker Desktop for Windows</h4> <p>Alternatively, install the latest <a href="https://docs.docker.com/desktop/mac/">Docker Desktop for Mac</a> or <a href="https://docs.docker.com/desktop/windows/">Docker Desktop for Windows</a> application on one computer. You can test both single-node and multi-node swarm from this computer.</p> <ul> <li>You can use Docker Desktop for Mac or Windows to test <em>single-node</em> features of swarm mode, including initializing a swarm with a single node, creating services, and scaling services.</li> <li>Currently, you cannot use Docker Desktop for Mac or Docker Desktop for Windows alone to test a <em>multi-node</em> swarm, but many examples are applicable to a single-node Swarm setup.</li> </ul> <h3 id="the-ip-address-of-the-manager-machine">The IP address of the manager machine</h3> <p>The IP address must be assigned to a network interface available to the host operating system. All nodes in the swarm need to connect to the manager at the IP address.</p> <p>Because other nodes contact the manager node on its IP address, you should use a fixed IP address.</p> <p>You can run <code class="language-plaintext highlighter-rouge">ifconfig</code> on Linux or macOS to see a list of the available network interfaces.</p> <p>The tutorial uses <code class="language-plaintext highlighter-rouge">manager1</code> : <code class="language-plaintext highlighter-rouge">192.168.99.100</code>.</p> <h3 id="open-protocols-and-ports-between-the-hosts">Open protocols and ports between the hosts</h3> <p>The following ports must be available. On some systems, these ports are open by default.</p> <ul> <li>
+<strong>TCP port 2377</strong> for cluster management communications</li> <li>
+<strong>TCP</strong> and <strong>UDP port 7946</strong> for communication among nodes</li> <li>
+<strong>UDP port 4789</strong> for overlay network traffic</li> </ul> <p>If you plan on creating an overlay network with encryption (<code class="language-plaintext highlighter-rouge">--opt encrypted</code>), you also need to ensure <strong>ip protocol 50</strong> (<strong>ESP</strong>) traffic is allowed.</p> <h2 id="whats-next">What’s next?</h2> <p>After you have set up your environment, you are ready to <a href="create-swarm/index">create a swarm</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=tutorial">tutorial</a>, <a href="https://docs.docker.com/search/?q=cluster%20management">cluster management</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-tutorial/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-tutorial/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Finspect-service%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Finspect-service%2Findex.html
new file mode 100644
index 00000000..47a91000
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Finspect-service%2Findex.html
@@ -0,0 +1,78 @@
+<h1>Inspect a service on the swarm</h1>
+
+<p>When you have <a href="../deploy-service/index">deployed a service</a> to your swarm, you can use the Docker CLI to see details about the service running in the swarm.</p> <ol> <li> <p>If you haven’t already, open a terminal and ssh into the machine where you run your manager node. For example, the tutorial uses a machine named <code class="language-plaintext highlighter-rouge">manager1</code>.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service inspect --pretty &lt;SERVICE-ID&gt;</code> to display the details about a service in an easily readable format.</p> <p>To see the details on the <code class="language-plaintext highlighter-rouge">helloworld</code> service:</p> <div class="highlight"><pre class="highlight" data-language="">[manager1]$ docker service inspect --pretty helloworld
+
+ID:		9uk4639qpg7npwf3fn2aasksr
+Name:		helloworld
+Service Mode:	REPLICATED
+ Replicas:		1
+Placement:
+UpdateConfig:
+ Parallelism:	1
+ContainerSpec:
+ Image:		alpine
+ Args:	ping docker.com
+Resources:
+Endpoint Mode:  vip
+</pre></div>  <blockquote> <p><strong>Tip</strong>: To return the service details in json format, run the same command without the <code class="language-plaintext highlighter-rouge">--pretty</code> flag.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">[manager1]$ docker service inspect helloworld
+[
+{
+    "ID": "9uk4639qpg7npwf3fn2aasksr",
+    "Version": {
+        "Index": 418
+    },
+    "CreatedAt": "2016-06-16T21:57:11.622222327Z",
+    "UpdatedAt": "2016-06-16T21:57:11.622222327Z",
+    "Spec": {
+        "Name": "helloworld",
+        "TaskTemplate": {
+            "ContainerSpec": {
+                "Image": "alpine",
+                "Args": [
+                    "ping",
+                    "docker.com"
+                ]
+            },
+            "Resources": {
+                "Limits": {},
+                "Reservations": {}
+            },
+            "RestartPolicy": {
+                "Condition": "any",
+                "MaxAttempts": 0
+            },
+            "Placement": {}
+        },
+        "Mode": {
+            "Replicated": {
+                "Replicas": 1
+            }
+        },
+        "UpdateConfig": {
+            "Parallelism": 1
+        },
+        "EndpointSpec": {
+            "Mode": "vip"
+        }
+    },
+    "Endpoint": {
+        "Spec": {}
+    }
+}
+]
+</pre></div>  </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service ps &lt;SERVICE-ID&gt;</code> to see which nodes are running the service:</p> <div class="highlight"><pre class="highlight" data-language="">[manager1]$ docker service ps helloworld
+
+NAME                                    IMAGE   NODE     DESIRED STATE  CURRENT STATE           ERROR               PORTS
+helloworld.1.8p1vev3fq5zm0mi8g0as41w35  alpine  worker2  Running        Running 3 minutes
+</pre></div>  <p>In this case, the one instance of the <code class="language-plaintext highlighter-rouge">helloworld</code> service is running on the <code class="language-plaintext highlighter-rouge">worker2</code> node. You may see the service running on your manager node. By default, manager nodes in a swarm can execute tasks just like worker nodes.</p> <p>Swarm also shows you the <code class="language-plaintext highlighter-rouge">DESIRED STATE</code> and <code class="language-plaintext highlighter-rouge">CURRENT STATE</code> of the service task so you can see if tasks are running according to the service definition.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker ps</code> on the node where the task is running to see details about the container for the task.</p> <blockquote> <p><strong>Tip</strong>: If <code class="language-plaintext highlighter-rouge">helloworld</code> is running on a node other than your manager node, you must ssh to that node.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">[worker2]$ docker ps
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+e609dde94e47        alpine:latest       "ping docker.com"   3 minutes ago       Up 3 minutes                            helloworld.1.8p1vev3fq5zm0mi8g0as41w35
+</pre></div>  </li> </ol> <h2 id="whats-next">What’s next?</h2> <p>Next, you can <a href="../scale-service/index">change the scale</a> for the service running in the swarm.</p> 
+<p><a href="https://docs.docker.com/search/?q=tutorial">tutorial</a>, <a href="https://docs.docker.com/search/?q=cluster%20management">cluster management</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-tutorial/inspect-service/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-tutorial/inspect-service/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Frolling-update%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Frolling-update%2Findex.html
new file mode 100644
index 00000000..3091ea58
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Frolling-update%2Findex.html
@@ -0,0 +1,69 @@
+<h1>Apply rolling updates to a service</h1>
+
+<p>In a previous step of the tutorial, you <a href="../scale-service/index">scaled</a> the number of instances of a service. In this part of the tutorial, you deploy a service based on the Redis 3.0.6 container tag. Then you upgrade the service to use the Redis 3.0.7 container image using rolling updates.</p> <ol> <li> <p>If you haven’t already, open a terminal and ssh into the machine where you run your manager node. For example, the tutorial uses a machine named <code class="language-plaintext highlighter-rouge">manager1</code>.</p> </li> <li> <p>Deploy your Redis tag to the swarm and configure the swarm with a 10 second update delay. Note that the following example shows an older Redis tag:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service create \
+  --replicas 3 \
+  --name redis \
+  --update-delay 10s \
+  redis:3.0.6
+
+0u6a4s31ybk7yw2wyvtikmu50
+</pre></div>  <p>You configure the rolling update policy at service deployment time.</p> <p>The <code class="language-plaintext highlighter-rouge">--update-delay</code> flag configures the time delay between updates to a service task or sets of tasks. You can describe the time <code class="language-plaintext highlighter-rouge">T</code> as a combination of the number of seconds <code class="language-plaintext highlighter-rouge">Ts</code>, minutes <code class="language-plaintext highlighter-rouge">Tm</code>, or hours <code class="language-plaintext highlighter-rouge">Th</code>. So <code class="language-plaintext highlighter-rouge">10m30s</code> indicates a 10 minute 30 second delay.</p> <p>By default the scheduler updates 1 task at a time. You can pass the <code class="language-plaintext highlighter-rouge">--update-parallelism</code> flag to configure the maximum number of service tasks that the scheduler updates simultaneously.</p> <p>By default, when an update to an individual task returns a state of <code class="language-plaintext highlighter-rouge">RUNNING</code>, the scheduler schedules another task to update until all tasks are updated. If, at any time during an update a task returns <code class="language-plaintext highlighter-rouge">FAILED</code>, the scheduler pauses the update. You can control the behavior using the <code class="language-plaintext highlighter-rouge">--update-failure-action</code> flag for <code class="language-plaintext highlighter-rouge">docker service create</code> or <code class="language-plaintext highlighter-rouge">docker service update</code>.</p> </li> <li> <p>Inspect the <code class="language-plaintext highlighter-rouge">redis</code> service:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect --pretty redis
+
+ID:             0u6a4s31ybk7yw2wyvtikmu50
+Name:           redis
+Service Mode:   Replicated
+ Replicas:      3
+Placement:
+ Strategy:	    Spread
+UpdateConfig:
+ Parallelism:   1
+ Delay:         10s
+ContainerSpec:
+ Image:         redis:3.0.6
+Resources:
+Endpoint Mode:  vip
+</pre></div>  </li> <li> <p>Now you can update the container image for <code class="language-plaintext highlighter-rouge">redis</code>. The swarm manager applies the update to nodes according to the <code class="language-plaintext highlighter-rouge">UpdateConfig</code> policy:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update --image redis:3.0.7 redis
+redis
+</pre></div>  <p>The scheduler applies rolling updates as follows by default:</p> <ul> <li>Stop the first task.</li> <li>Schedule update for the stopped task.</li> <li>Start the container for the updated task.</li> <li>If the update to a task returns <code class="language-plaintext highlighter-rouge">RUNNING</code>, wait for the specified delay period then start the next task.</li> <li>If, at any time during the update, a task returns <code class="language-plaintext highlighter-rouge">FAILED</code>, pause the update.</li> </ul> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service inspect --pretty redis</code> to see the new image in the desired state:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect --pretty redis
+
+ID:             0u6a4s31ybk7yw2wyvtikmu50
+Name:           redis
+Service Mode:   Replicated
+ Replicas:      3
+Placement:
+ Strategy:	    Spread
+UpdateConfig:
+ Parallelism:   1
+ Delay:         10s
+ContainerSpec:
+ Image:         redis:3.0.7
+Resources:
+Endpoint Mode:  vip
+</pre></div>  <p>The output of <code class="language-plaintext highlighter-rouge">service inspect</code> shows if your update paused due to failure:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service inspect --pretty redis
+
+ID:             0u6a4s31ybk7yw2wyvtikmu50
+Name:           redis
+...snip...
+Update status:
+ State:      paused
+ Started:    11 seconds ago
+ Message:    update paused due to failure or early termination of task 9p7ith557h8ndf0ui9s0q951b
+...snip...
+</pre></div>  <p>To restart a paused update run <code class="language-plaintext highlighter-rouge">docker service update &lt;SERVICE-ID&gt;</code>. For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service update redis
+</pre></div>  <p>To avoid repeating certain update failures, you may need to reconfigure the service by passing flags to <code class="language-plaintext highlighter-rouge">docker service update</code>.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service ps &lt;SERVICE-ID&gt;</code> to watch the rolling update:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps redis
+
+NAME                                   IMAGE        NODE       DESIRED STATE  CURRENT STATE            ERROR
+redis.1.dos1zffgeofhagnve8w864fco      redis:3.0.7  worker1    Running        Running 37 seconds
+ \_ redis.1.88rdo6pa52ki8oqx6dogf04fh  redis:3.0.6  worker2    Shutdown       Shutdown 56 seconds ago
+redis.2.9l3i4j85517skba5o7tn5m8g0      redis:3.0.7  worker2    Running        Running About a minute
+ \_ redis.2.66k185wilg8ele7ntu8f6nj6i  redis:3.0.6  worker1    Shutdown       Shutdown 2 minutes ago
+redis.3.egiuiqpzrdbxks3wxgn8qib1g      redis:3.0.7  worker1    Running        Running 48 seconds
+ \_ redis.3.ctzktfddb2tepkr45qcmqln04  redis:3.0.6  mmanager1  Shutdown       Shutdown 2 minutes ago
+</pre></div>  <p>Before Swarm updates all of the tasks, you can see that some are running <code class="language-plaintext highlighter-rouge">redis:3.0.6</code> while others are running <code class="language-plaintext highlighter-rouge">redis:3.0.7</code>. The output above shows the state once the rolling updates are done.</p> </li> </ol> <h2 id="whats-next">What’s next?</h2> <p>Next, learn about how to <a href="../drain-node/index">drain a node</a> in the swarm.</p> 
+<p><a href="https://docs.docker.com/search/?q=tutorial">tutorial</a>, <a href="https://docs.docker.com/search/?q=cluster%20management">cluster management</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=service">service</a>, <a href="https://docs.docker.com/search/?q=rolling-update">rolling-update</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-tutorial/rolling-update/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-tutorial/rolling-update/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fscale-service%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fscale-service%2Findex.html
new file mode 100644
index 00000000..5270a03c
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm-tutorial%2Fscale-service%2Findex.html
@@ -0,0 +1,25 @@
+<h1>Scale the service in the swarm</h1>
+<p>Once you have <a href="../deploy-service/index">deployed a service</a> to a swarm, you are ready to use the Docker CLI to scale the number of containers in the service. Containers running in a service are called “tasks.”</p> <ol> <li> <p>If you haven’t already, open a terminal and ssh into the machine where you run your manager node. For example, the tutorial uses a machine named <code class="language-plaintext highlighter-rouge">manager1</code>.</p> </li> <li> <p>Run the following command to change the desired state of the service running in the swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service scale &lt;SERVICE-ID&gt;=&lt;NUMBER-OF-TASKS&gt;
+</pre></div>  <p>For example:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service scale helloworld=5
+
+helloworld scaled to 5
+</pre></div>  </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker service ps &lt;SERVICE-ID&gt;</code> to see the updated task list:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps helloworld
+
+NAME                                    IMAGE   NODE      DESIRED STATE  CURRENT STATE
+helloworld.1.8p1vev3fq5zm0mi8g0as41w35  alpine  worker2   Running        Running 7 minutes
+helloworld.2.c7a7tcdq5s0uk3qr88mf8xco6  alpine  worker1   Running        Running 24 seconds
+helloworld.3.6crl09vdcalvtfehfh69ogfb1  alpine  worker1   Running        Running 24 seconds
+helloworld.4.auky6trawmdlcne8ad8phb0f1  alpine  manager1  Running        Running 24 seconds
+helloworld.5.ba19kca06l18zujfwxyc5lkyn  alpine  worker2   Running        Running 24 seconds
+</pre></div>  <p>You can see that swarm has created 4 new tasks to scale to a total of 5 running instances of Alpine Linux. The tasks are distributed between the three nodes of the swarm. One is running on <code class="language-plaintext highlighter-rouge">manager1</code>.</p> </li> <li> <p>Run <code class="language-plaintext highlighter-rouge">docker ps</code> to see the containers running on the node where you’re connected. The following example shows the tasks running on <code class="language-plaintext highlighter-rouge">manager1</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker ps
+
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+528d68040f95        alpine:latest       "ping docker.com"   About a minute ago   Up About a minute                       helloworld.4.auky6trawmdlcne8ad8phb0f1
+</pre></div>  <p>If you want to see the containers running on other nodes, ssh into those nodes and run the <code class="language-plaintext highlighter-rouge">docker ps</code> command.</p> </li> </ol> <h2 id="whats-next">What’s next?</h2> <p>At this point in the tutorial, you’re finished with the <code class="language-plaintext highlighter-rouge">helloworld</code> service. The next step shows how to <a href="../delete-service/index">delete the service</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=tutorial">tutorial</a>, <a href="https://docs.docker.com/search/?q=cluster%20management">cluster management</a>, <a href="https://docs.docker.com/search/?q=swarm%20mode">swarm mode</a>, <a href="https://docs.docker.com/search/?q=scale">scale</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm-tutorial/scale-service/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm-tutorial/scale-service/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/engine%2Fswarm%2Fswarm_manager_locking%2Findex.html b/devdocs/docker/engine%2Fswarm%2Fswarm_manager_locking%2Findex.html
new file mode 100644
index 00000000..112f57ad
--- /dev/null
+++ b/devdocs/docker/engine%2Fswarm%2Fswarm_manager_locking%2Findex.html
@@ -0,0 +1,65 @@
+<h1>Lock your swarm to protect its encryption key</h1>
+
+<p>The Raft logs used by swarm managers are encrypted on disk by default. This at-rest encryption protects your service’s configuration and data from attackers who gain access to the encrypted Raft logs. One of the reasons this feature was introduced was in support of the <a href="../secrets/index">Docker secrets</a> feature.</p> <p>When Docker restarts, both the TLS key used to encrypt communication among swarm nodes, and the key used to encrypt and decrypt Raft logs on disk, are loaded into each manager node’s memory. Docker has the ability to protect the mutual TLS encryption key and the key used to encrypt and decrypt Raft logs at rest, by allowing you to take ownership of these keys and to require manual unlocking of your managers. This feature is called <em>autolock</em>.</p> <p>When Docker restarts, you must <a href="#unlock-a-swarm">unlock the swarm</a> first, using a <em>key encryption key</em> generated by Docker when the swarm was locked. You can rotate this key encryption key at any time.</p> <blockquote> <p><strong>Note</strong>: You don’t need to unlock the swarm when a new node joins the swarm, because the key is propagated to it over mutual TLS.</p> </blockquote> <h2 id="initialize-a-swarm-with-autolocking-enabled">Initialize a swarm with autolocking enabled</h2> <p>When you initialize a new swarm, you can use the <code class="language-plaintext highlighter-rouge">--autolock</code> flag to enable autolocking of swarm manager nodes when Docker restarts.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init --autolock
+
+Swarm initialized: current node (k1q27tfyx9rncpixhk69sa61v) is now a manager.
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join \
+    --token SWMTKN-1-0j52ln6hxjpxk2wgk917abcnxywj3xed0y8vi1e5m9t3uttrtu-7bnxvvlz2mrcpfonjuztmtts9 \
+    172.31.46.109:2377
+
+To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
+
+To unlock a swarm manager after it restarts, run the `docker swarm unlock`
+command and provide the following key:
+
+    SWMKEY-1-WuYH/IX284+lRcXuoVf38viIDK3HJEKY13MIHX+tTt8
+</pre></div> <p>Store the key in a safe place, such as in a password manager.</p> <p>When Docker restarts, you need to <a href="#unlock-a-swarm">unlock the swarm</a>. A locked swarm causes an error like the following when you try to start or restart a service:</p> <div class="highlight"><pre class="highlight" data-language="">$ sudo service docker restart
+
+$ docker service ls
+
+Error response from daemon: Swarm is encrypted and needs to be unlocked before it can be used. Use "docker swarm unlock" to unlock it.
+</pre></div> <h2 id="enable-or-disable-autolock-on-an-existing-swarm">Enable or disable autolock on an existing swarm</h2> <p>To enable autolock on an existing swarm, set the <code class="language-plaintext highlighter-rouge">autolock</code> flag to <code class="language-plaintext highlighter-rouge">true</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm update --autolock=true
+
+Swarm updated.
+To unlock a swarm manager after it restarts, run the `docker swarm unlock`
+command and provide the following key:
+
+    SWMKEY-1-+MrE8NgAyKj5r3NcR4FiQMdgu+7W72urH0EZeSmP/0Y
+
+Please remember to store this key in a password manager, since without it you
+will not be able to restart the manager.
+</pre></div> <p>To disable autolock, set <code class="language-plaintext highlighter-rouge">--autolock</code> to <code class="language-plaintext highlighter-rouge">false</code>. The mutual TLS key and the encryption key used to read and write Raft logs are stored unencrypted on disk. There is a trade-off between the risk of storing the encryption key unencrypted at rest and the convenience of restarting a swarm without needing to unlock each manager.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm update --autolock=false
+</pre></div> <p>Keep the unlock key around for a short time after disabling autolocking, in case a manager goes down while it is still configured to lock using the old key.</p> <h2 id="unlock-a-swarm">Unlock a swarm</h2> <p>To unlock a locked swarm, use <code class="language-plaintext highlighter-rouge">docker swarm unlock</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm unlock
+
+Please enter unlock key:
+</pre></div> <p>Enter the encryption key that was generated and shown in the command output when you locked the swarm or rotated the key, and the swarm unlocks.</p> <h2 id="view-the-current-unlock-key-for-a-running-swarm">View the current unlock key for a running swarm</h2> <p>Consider a situation where your swarm is running as expected, then a manager node becomes unavailable. You troubleshoot the problem and bring the physical node back online, but you need to unlock the manager by providing the unlock key to read the encrypted credentials and Raft logs.</p> <p>If the key has not been rotated since the node left the swarm, and you have a quorum of functional manager nodes in the swarm, you can view the current unlock key using <code class="language-plaintext highlighter-rouge">docker swarm unlock-key</code> without any arguments.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm unlock-key
+
+To unlock a swarm manager after it restarts, run the `docker swarm unlock`
+command and provide the following key:
+
+    SWMKEY-1-8jDgbUNlJtUe5P/lcr9IXGVxqZpZUXPzd+qzcGp4ZYA
+
+Please remember to store this key in a password manager, since without it you
+will not be able to restart the manager.
+</pre></div> <p>If the key was rotated after the swarm node became unavailable and you do not have a record of the previous key, you may need to force the manager to leave the swarm and join it back to the swarm as a new manager.</p> <h2 id="rotate-the-unlock-key">Rotate the unlock key</h2> <p>You should rotate the locked swarm’s unlock key on a regular schedule.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm unlock-key --rotate
+
+Successfully rotated manager unlock key.
+
+To unlock a swarm manager after it restarts, run the `docker swarm unlock`
+command and provide the following key:
+
+    SWMKEY-1-8jDgbUNlJtUe5P/lcr9IXGVxqZpZUXPzd+qzcGp4ZYA
+
+Please remember to store this key in a password manager, since without it you
+will not be able to restart the manager.
+</pre></div> <blockquote class="warning"> <p><strong>Warning</strong>: When you rotate the unlock key, keep a record of the old key around for a few minutes, so that if a manager goes down before it gets the new key, it may still be unlocked with the old one.</p> </blockquote> 
+<p><a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=manager">manager</a>, <a href="https://docs.docker.com/search/?q=lock">lock</a>, <a href="https://docs.docker.com/search/?q=unlock">unlock</a>, <a href="https://docs.docker.com/search/?q=autolock">autolock</a>, <a href="https://docs.docker.com/search/?q=encryption">encryption</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/engine/swarm/swarm_manager_locking/" class="_attribution-link">https://docs.docker.com/engine/swarm/swarm_manager_locking/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/get-started%2F02_our_app%2Findex.html b/devdocs/docker/get-started%2F02_our_app%2Findex.html
new file mode 100644
index 00000000..f2d9b67f
--- /dev/null
+++ b/devdocs/docker/get-started%2F02_our_app%2Findex.html
@@ -0,0 +1,20 @@
+<h1>Sample application</h1>
+
+<p>For the rest of this tutorial, we will be working with a simple todo list manager that is running in Node.js. If you’re not familiar with Node.js, don’t worry. No real JavaScript experience is needed.</p> <p>At this point, your development team is quite small and you’re simply building an app to prove out your MVP (minimum viable product). You want to show how it works and what it’s capable of doing without needing to think about how it will work for a large team, multiple developers, etc.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABJ4AAAJkCAMAAABnFBudAAAB12lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xMTgyPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6VXNlckNvbW1lbnQ+U2NyZWVuc2hvdDwvZXhpZjpVc2VyQ29tbWVudD4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjYxMjwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgr9cjzvAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAxlBMVEXr6+vZ2dn+/v7p6enf399quXrc3Nz////e3t7q6uro6Ojd3d3b29va2trn5+fm5ubY2Njl5eWwzPCvy+8eISXk5OTg4ODh4eHj4+N1tf/i4uL9/f3T3u3XLzz4+PhhaXFquHlPp5tGSU1aXF+vsLKDhoksLzOgoqSRk5UAAAA8PkB6fH9scHP09PTOz9C6vL7Fxsfu8O/rl53hYmweHh6IxpSq1bLa691fsofj7+bI4s353uDyub1PppuQwfrngYnto6jf5exg36IGAAAgAElEQVR42uzda2/a2BpAYZc0Q9Npm6RRp80hsj0jkJGMCf5gMyBNpP7/P3W8b/b2jWDul/WMRkoJkCixlt69bYjjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnK3fLwCOiw41efkO4NjIU93db44LgDwxOgEgT2v7/sRhAZCnk6wTAPJ0im5Y2QHk6VT3nfTS7unt7RnAcfwt/Xt7FpJ0edilHW0CyNPa0kOetMvq9Pbi9gEcwfnl6TbZf53iok4vHCMAeTql+UnvO1EngDx187D319npXfHnN44QgDx14KcH2np6Y3gCyNOJ7T7pPD0/sysOkKduDpYnDhCAPJEnAOSJPAHkiTwBIE/kCSBP5AkAeSJPAHkiT+QJIE/kCQB5Ik8AeSJPAMgTeQLIE3lanad//uHQAcjTKeapR54A8sT0BJAn8sT0BJAnpicA5InpCSBPTE8ADp+nJE3TpPEPOrluXL5l7rrzyiOZngDsLU8L13WXLXmKanlalP/pXur0NJ1G9g330+njJj//wXQ6dTgMgc3ylGSNqWaoc56SKEoua3ryvND6My6DoecFm/z8I8/zXjkMgc3ytBR5ctOt8uSnzc9wxtOTV+5RsH2ehmHA8Qh0ypOsU6k6G0xPy8vKk5ye7LGnt4PpaeSFHI9AlzylYucp+z/ZanqaX+L05Hm/djk9eeQJ6JanhWhQ8+Z4h+lpcZHTkzeJdjc9ueQJ6JQnP5FlKp+C89NlHC2WiZWndC5uacmTnyRR9ixpfplBslzE8dz0aj5PxC3RIhV3zZ46nidnMj15491NT4/kCeg2PS1lYZLS5vhcbUe5sclTEutbosY8Zc8x0J/2S49P9JnBKBGPFB1M9aeWZzA9jUdZWob16cmZBaNR8CrP6wVBcK87FARmq2oWBJ+qeRrcZM8wecioywzc2XAUjod35hHDQf/DMBwFcXbXh3EYjl8HHLy49jzp4NjdkS2KIje/4CAxaaruoRd5MsR8JO4YxfLuiZ7PTN3S4qPTn57G0SRry9fq9PSq5qqsNX2x3W0GLHGzY1Zx3kM1T15ORuzrxPyrp599Gqhndd2x+kzI5VK48jylemyyNseXeu5JFiZP4oO5vLipOU+3iVwiJhl9Y6pHroWJ2yJRTyM/Jb5ofAbTU/9P0Yu4PD3JeIzEYCUaJKIkx5zeKF/FTbMHDVbnSSYuHE30eNYLik8H4mMZrxFHL647T3Jj/NbXW1BmnoqzW3xfhCbSfVmWZq361nixODTrRPWciZqe5uZOampavne1+WlMTyojo4E9Pc1EUbJb3EBMOv3YTEpxEZTSNpXJU/wjC1z4IxNly0OxqxXrTN2rh2TzkyvKJgrl9qNxMbgB15knUx7fX5h9JjNP3frmzJ21bz5/P09zMxn5+mqDJB/M5F6Wf2vfdNrTk5qVhtb05E5Me8S49CpXd0Gx5BMn+gbZXab1rfHea7E1nj1rqOarofwyYnqaPOp/q8iJLzTk8MU15ylf0/l5lZbW6Tr1YVy8DniNPIklXarIFxD7RYuKR7+3+XQq01PfDT0VGz0STc1iTn4YyCxN+moTKlAh+qO4i52nfpEncduXvtmnCu2B66/sUzOTsDGHL645T9ZizXyYjVFOOU9RcaJtjTypfXVBb6Q358lNz2J6EpcDyC1vPT2JFdoHZSbnHEctz7LijD7JG3rDUlea8iQC9qCfRbZMTE/qMWKN+NPMVWw+4ZrzlLplSXlW0nmyWrJmngrLM5+e1GZT6Jo8jT2bmJtCuQh7FRHK1mOuvGG6Ok+vpSfx7qzpSdz9G3kCeTLn0uyYqMVZLU8dpqeoOhid9/Sktq0Dkydxfm6SG+cZyW6PxT1ncpxyV+dpaD+JaF8xPZEnkKfiivEoNtx8IzzeZnHnlK+59M99euoPxPbTTOepfvH4ndgRj2RLvojHvJb3jJryNCtfP95jegJ5at8Yt0/ZWSf9i63xRaczd1Etguc8PfXUNQMyIIPXejSyes1mskE9sbobmb3t9jx9LG2e9/tMTyBPTRvjcfmdVRbWhQX6QgAVoUS/6dy7efLTcnrOf3rq66uR8jN3UfmuYit8LNZ2cgialdd2jXkqXVZuFpBMTyBP1bdSqcQmkdGSOUnMci8xF3knLS9qyc/7JXp1p/u0jOIL2HvSm0UqIJFXW909you8ZUoe5Iel6wGa8iQGrrDH9ATy1J6nReXabX2NpnwF3WIeF6+5kzvoi0XktucplvfIa+bG8+VcvYTlAqan/mBk8iTPug1lWr6O9KviwvyVdAP5YpRZc55m8gqFwb1e3Y3lEOaMJ1OmJ5CnpivG59XFXmSdz4sS85Jg/Wpgd5G25clcoiCik0b5qcD5ZUxPffniYBGQgdwoD4NhEJpgDeRsFZspqLL4K/IkX8CXPWyq7zcZD4cjdXUC0xPIU2nH2q+/RabeNvKXkZx/xEwUyVe3qLdIcZYiVJU86W1w+WxqJBIv1tODVrJiazw5o+lJnpRTMerFo/yCpZEK0ScvX7ZNa6/kLfLUC/Wj+uoVe+baqV9MTyBPtT75je9P58se1WYb+WYEzQ9Rj8vukfj2/RPr66x44FlMT3JRZ/acZqozo/ziy+JFdmK2Kv9dFrdY7Tlqiaia9kW+XYEXyreN6pXy5JAnsPfU1pmN+Vs89oz+SnAvK81Hp/xucb3eql+C+WT081sv/0c//vTZrdwBIE/8EfPj/JVgKgSQp71OTwDI08VNTwDIE9MTQJ6YngCQp4NOT+xiA+TpVPMEgDyRJ4A8kSfyBJAn8gSAPJEngDyRJwDkiTwB5Ik8cYAA5Ik8ASBPXfLkcoQA5OkE8/T09vzCEQKQpy6Sfefpt5qe3p7fOEIA8tRFuu88OWp6enpmfALIUyfLw+RJrO7oE0CeTmp4Mqs70ae3l4jDBDhOnv6T/vVP0JF2njJ334s+ATiWE85TY6kOMDsVlxZ8f3p6o1AAeVojUEm6dJwD9wnAcb3cnQPHuXEOhToB5KljoWSlDtQnjguAPG0wRx1gfcdhAZCnUwuUGtNuXhifgFPI082JOWagii/xmwUeQJ42StW+6yS+wu8XAMf1+ebEHSxQDV9FfP3P/Md//HeM/zI3Z+AQgWpMU9lnAGjI5p77tCpO/DIAvBOp/eWpvU38CgCsVaj99Kk1TpXv5BsAfGtL1D4GqJY40SUA60WquVA7z1OtTfXv6h7ANVrVqKY+7bhO1TgRJQCrQ1UJ1C771LSuq7Sp/r09Arg2KyK1p0C1j07VNvHbAVBL1XuB2lGeGuJUK9MPAFeuFik7ULU+7b5OdpzauvQLwLVorVRboHbRp8Y6WXEqpYnfEQA7VkWhVvTpbjd1skanSpus7+x/AK5WLVJ5oYpA7ahPlbcmyOtk4mS3yf4WfwK4PvVMmULlE5Q1QG2Zp4Y62aNT0SaiBKDaqVqgdtqn+tLO1EnHKW+T+a7+AnDl7EaZQj1WArV9nprrVIxOpTaZb+0jgOtVjpQpVH2A2rpPtaVdUaciTkWa8m/wE4BrVK2ULpRe4qlA2X3aIk+Nw5M9Oqk4FWnKv8k/AVyfSqdqgcr79Hn7Pr1fJx2nPE2lb/UPANeioVNWoWSgqn0qL+92sLQzdbLipNvUmKQvAC5fY6usQslAyQFqZ31aq05Wm5qD9BXAJWuplUmUCVRbnzbLU3Vpp7bF7TrJ0UnFySpT+Vv/AOCyNfbKJEoGqtanrXfH24Ynq05ydFJxKsLEbwugVjpRMlBygLL6tP34VN15aqqTEw36ALDSIHLW6dO2w5M+Z6fq5NAmAOvoDRzTpx+qT1uNT6uGJ1WnmJ85gHXFRZ+2Hp9ahyfqBGD7Pu0wT3p4Eks7vbLjpw2gC7W+axifNs1T0/Akd8XZdwLQyeBjqU9bjE8tw5Nc2olzdvysAXQcnz4Wy7t8fNpRnuzhKeJHDaCbqGl82iBP1taTWtuVhyfWdsD/2TvX5rR1LQwTJwMkXEJmSNKJp3jGF1nxFZr9rZ1p//+vOrpZlm05AUNSynmfD3uwsWXBRk/XWpIdcHh2x/0kwidVfRpWfHo3eLq5meKbBgAcCr+/5b3wafi8ndCTDJ6m0BMA4HA9TVX4dFo96dxOBk8zfNEAgEOZmeFTld0doydLbjeFngAAQ/Q0PUF216cnldvNoCcAwOF6mp0iu7OVnszcbowvGgBwKGMjuxu+tODd0tMUegIADNKTCp/q7G7A0oKunhq53Rh6AgAcrqdxX3Y3TE9G6cnI7eb4ogEAhzL/MLs7Vk/TGfQEABiop6m5tOBUepKlJ5XbQU8AgCF6MotPw1Y+9Uzc6dLTHHoCAAzQU7f4dLSejMq4LD0t8EUDAA5lURWfjtDTbZ+enqEnAMAZ6smsjENPAIBhepp2pu6G6unOoqcx9AQAGKin2dS6smCgnsx1BVVlHHoCAAzR07g5dXf4ukzoCQDwKXqaf76eFlf4ogEAh3K1aOvp/iR6Uqsyb6AnAMBxetJTd0foybYqE3oCAHyCnq6hJwDAGenp4QR6Uk97MlZlQk8AgIF6UisLPkFPU+gJAHCEnmafqKcZ9AQAOCM9PUBPAADoCQAAPQ3U0xh6AgBATwCAC9PTGHoCAPxf6mkOPQEAoCcAwEXpaf7perqCngAAx+np24n1pJ+nAj0BAA7X0xX0BAA4Uz0toCcAAPQEAADQEwAAeoKeAAA2fv4Q/HKgp3fZlTGlcbhwzuN/23OaFUc1UMQpDb+suxkhMcYaONhO3xVvl6UnJwySLun9wA+59dcKEo3O4H+bk7Cu3A0//zoQH+bL+ssuBz2B/X/fP94E3zVy++3nZeiJvlr5bzMocsrWJn1BR+Z/WTiy4/3YDj7dFbYlAW/J9xfQEzgzvvfw4zL0tGYq6vL6OmSQlERYyU+j1H/HT5v1mn5p9LQcfHrMzqb5hCeq22M0Bz0B6GmAnl5fA0tXX1/Tw7+pexFplK7Miih7vbOXg75QT0fWnlg0WH0RIfQEzg+V3HX4ecF6ehqiJ8djdspqI93TnmRo+5V64h0bfiqLvUrVCIWewPnVnpxT/egvXU8ls1Owz4HhF+vpCNhHWtWBFPQEzg61oqDJr8PbuXA9ubzwNLO+lZfUC9L4UW7M2EDPCkZeH7GL0yDI6K06PorKiRt6fkBFhX7Dz8/irdNo0c/iKm1bhlEQRKFqkEZshBeZ76fsitsoCq1HsQtEgZ/Gs3ZXM3ZZ4aTHouD1M97VyW7lM3GIl4IV7zAtHWt/J3dRRNVl5lGqrObGUSRiy1vejzRW3nNKfuyS9cXbmnoKWRsYfOBDPdkqT2/QUws+lCP7O4mayYtdeZiizv1CUq1GYBST0XrtT+QkYG6eH9y1W0xzFY4JEikCJpJc7mLbLCfLdNBmHnVVLYGgG0tXuRmo7mkS65dE+DKqevTCN1v9Ze8TbRm2O6m/oNz8sJG8MGtru6ouqvVE35n5BOB9Pf2Gnlq5btwzg+8KLQReIsfflUVPW26ALEuq3SMthERrRbxJROziyD0+H+aeNMCaBAGpOsC8U8qm7g09tY7KeYNBwP9b6r5GUpFruTPUPfWbetpxsyUeXxIlqv/N/qqLeTKwqj9oJHripKIV8XF8frLD9sdJNdFZ6Yk3hywPfMwGetqHtGf945IXzEcTR4z2p8nkeeyxqGfM0FELG5wp23C5HcpnMdy5O+KQL9e+5qO+cCcbfr7PpwVv+fje8kgsWBey5sUjIB7SJBupJ+6LMKZOraf2UWz8E66NIkvrnJGnnSzZe2EtJKz9/IlLgvV05M7GTFohe3kjRUPKiePcBXJir9FfXYfLqxeq0pYI/4gKHfuMO1pFm9KJNIx56qf0FK7/nfoc+Ks4J1lWcPF64tGJY98fuFW+kqk9jaHHRjcRY9llI3hUDfeoPj/Z6ewoliIkQoSOwxreJLq5QOZDXE9+5T510c5RmS06GalqFg/xblRpvIoIiX650Ht3RBi30V8dNJXVt8IyP8aNMBbvh+fqcHMho6c1eWyUxsveRBmAFjY9/YGeWgR1asPStVCwkgO10GPWt+mp0DN+anaMD/dkUw/0uDaVL/cY57OhTDY6SYyUnnTBW+mpc5Sna1KNf4ocHc+VvXqK6hlKKo4z+1t3lX+DG9Zj9sW8yHTNk3msqonzAlWkoqdwYuqJH5Q6GHhgH94sesLMnS16cqsNTxZqMhnyFAp1REtPzo6pw6mK2i9KT0oFDi8a74yUyZ3wPdf16WzY+6r9UHrDN9tXeuocxXMrr2/BpqPiMLueeHKq2orEpUbdslsoPxPrMY2lX2WTsVK00pwno6fAlDzldspcjDuwT27nQk/7EMnSUltPYeMuvPWjJXriPomrQEhle7qMFap9nDHb/yAk1ap51SSyubCtp85Rt6IAnkTdpaO7qy0vVce9ekoabaXN/hrZ3UpcdvYg9LOTmk2NoC2W3Y3qlelCT6KOBTuBPf0EPe1DaM6BPZdlyevMssJCNH5u0xM/NQvDtMpyzOFOjXBjJ2wRm1mkHND1BbIePXWPGquFBd6D0Zi7TYl5P7NVT42m+PNPLHriS+gpz9980Z/biYrsAqOoJINBq57ICOMODE/ufkJPLZbrRjXHcWgVPfndNJB21bb+T9eUzOFuyuhBhCRmPCXjolYVuSd6ateaHaWipL4PZyftQHzyQfRUNlqy6El+bnn7Tsz7k8lOGTfxVR+krac0RPgE9uc39LQPQasCI8WwMktSPXraeHwVEwnSp+5w3xrny4WNhV79WPmr+Qkcm55i2w03jlsG5voivp6J0MLVc4B2PXX6b9MTj/RGTIpjcQt0sFnLSUlq9EO+dtp6ijFxB47UUw49tblpzV9JMeTdsnFneNNWOGIO92U988ePS+S7xuHbzpMRbHra9jw/wTVn8FjYkjzUlujTE22rzqYnYTgiI0e5TjSoIqbciJQs0VOMJePgAH5Y9ORATx34oPJvLFUf323rKWqP5GjXM9z5A5s8FWQROZCTRr64I+3mbHrqHqWajw05aG/2zNyVdUBXfqQnvrS9WmtFxUvhu286WhNzkqE1ehLS1PciA/Aefyx6mkBPHTai2BzLh7+9UCLFwEdhJgKG+5RsVbWIBUH5nVk+4gWfIIvkyY3hzmUQcb/lntrNcx++ynyyoaRU938IARaBf9ejp85RRSSGv2s+IiBVohC31LWjp0S8ea1q+/KTuGHC11hao6fb+sadmXgpvxe9ymmcKG9b9CRuuUl2GHrgY35BT/txLdcTkCDzkmrSXconSWPqVfekcVMEEalnp66IMU/fHu7iMVJ+RNNEl84DsSeOElFbFg/c5Zu+uqJVT62j+PjPyoLXnnQ/xL18tFjJO+Da0ZN4mlUqataPYu6fig5UyzLvrLW4RMdzVcCXE3EuFcvJedZqi56Y0QjK42AfnF8neWDBv6SnxTA9GXfjG88C2Bh3/s9FcETqpwIIc/C1ioGf6L3N4Z7Xa5Zk+DPZedWO4BtvT2+ug7xPT62j8nqrztPy6iEGCe1GT1v1Ht8u9B98EIGdXU9x/RGpUYB/DPTdxdsqnurqSd4jiMEHhkRPl6OnUz5rnHFH1cglnn6wklN4RN4zu1Hb3EQkdmuDiOxtsit9UUEeGSvFhRnEcwaSbFwXdnwRpVFXbYoDiKcfqFJ29dQ+qhRb6+ybcaHHTMppsyTScKSuy09ifrwvT97Ij0nSeZWMdjOxJXv/Rb58Zqc+62p8LK7sq3Ibj56irp6E3QoMPvARPy9ZTyf9Sy0yBnkqitmo9TjR3erFmOx0l6vbOjpN6oUC2+aSS6P6vGrMlToTd/5oXsB5WC3d/kebNo+qtpbFXfuEfFXcy33dttybq7ze7c4Wg9dOOo/zDcYV+Cw9/b4YPZ3479z1XqZfHPyBBW5d/UnxgwNgfyw33f26GD2dAbxKLaa1xCOdtvjBAXDAv/ydlQVvQ+ZUoKcexC0tfpaJkkyM3xsAh6V3f5p/B2HQs3igp14/6WcAJFgrDcDfAHrqT5/LyPP9jJZY6QPAX9LT/NP1xPz0T6fR+JUA8Hf0tICeAADQEwAAnImenqEnAAD0BAC4aD09Qk8AgHPS0/iT9TSGngAA0BMAAHqCngAAX6Cn2afqaQY9AQD+x965NiWOdWEUkeIWBKlCpEwNVoFc5KLS3d96qub9/7/qzcm5h6Cdk+gwstaHmW4ggHGy5tk7OyfoCQDQ0wd6GqAnAKhET22hp4eyeupk9fQg9NRGTwBQQk8No6dBxXpqoCcAOB899dETAHyGnvpV6WmCngCgvJ7Gn6SnMXoCgPJ6mmT01Cmjp6Grp94NOxoAiqKvCEZPAHB2emo666nc6bmCivRkrmphRwNAOT0NK9BTN6unCD0BQJieopKr0bl6Or6qRfbG2dEAEKKndrlrWk7r6QE9AUAwPX/sKUhPpy66c3rj7GgAKKynpjf2VI2esoNPTfQEAAF6ik7MFRTQU+39U3cRegKAYD3df4Ke3N44OxoAAvSUtp6cE3el9HTUG5fVHTsaAIpiajvbeqpET17zKUJPABCgp7bTegqayjzRGzfNJxGf2NEAEKCnhtt6OjpxV0JPdvIpYkcDQFE+rO2K6KmTp6d0QV92NAAU1pMbnkJbT3lz47r5JOMTOxoASulpELKcSq6eTPNJxSd2NAAUpe3XdoOg8HRKTzY+saMBoLCeqqjtsr1xt7pL41MjZk8DQCHqcUOFJ/e8XeHaLmfJJy8+jRt79jUAFGMv7PROePpTPeWNFpj4lJR3NXY1ABSjlpZ2levpOD7Z6q4OAHAKa6c4LzyV0dNRfLqT8WlcQ04AUERQNWWn0uEpqyfVHLfl3fiAmgDgzxV1GOeUdlXp6chP7HIA+FM/Zezk6KmwnYye8rpPsv00rk3Z5wDwJ0xr1k6lw5Mfn64z8Un4SfTHO3vfUDEAQBz7wWm67zS0nY7DUxk9nSzvxLq+bbH2U7PZ6/VuEq5SbgHggkk1IIRwk4ihKW5+kCAGMj+wUxE9Hfmpr8o7nZ/E8LhYvEALKjWUkZSFXxfAd7eRg/JAT7qpmQhCyMmfKRB20qftqtFT1+pJTxeIq++0oFJDGUe5XAHAdyXniJcqUG6K2tZO4lrgoWo8HYenQnrK9dNwmC5ckOhJ+0kIShtKO0pzAwCXgH/gSxkoN0k5KTul6Wk4dOwUFp4yepJ+MulJ+kkJShtKOyrPVADwrXEP/lRN2k1STrovLuPToFsyPOXEp8HA+skKyhhKOSrrKQC4CCIHx01STp6d0sUKyoQnR0/ST/LUnfWTFtSxnLATwIX7qW38JOWUtVO/f10qPGXjU9/6SQcoJz4pRXmWAoBLw4ig4YSneyMnY6duSTu58alrRguMn4QRhaCsoVxJAcCFom2g3STTU8ZO3vUsAXZyR8e7rp8Gtv0kBaUMdeLL8j8UgO+elY4E5blJl3ZaTumJu263lJ2yqz6lflKX3pn+k5KTk6CIUQAXHJpMcsp0xc3FdtpORdcYz/fTteentLhTgtLpSRtqjJoALt1QVk3392beSdZ2w4Frp5J6qhk7ST11TfMpnc409d04L0ABwGXiRqc0PE0myk76BgjuXEEtGCUnKSjdexrY6m6i4pMxFJoCuGQp+dnpXsnpTree3KuBpaBqlejpuq96TwO3uHt4cPtPmAkAR2k/KUGY4k53xvuOVkrpqeOnJ917UsWdTU/5HXIAuEQ93fvpaTKR2hj2VWvc6qmUnTrWTl1/cvxOtZ4esqUdjgKgvDO9Jy89ZYu7Mukp2xrvytbT0A4WPNjmE78dAGjoq4Dv7fUsEz1XoC8HNn4qO1jgnrjTrSdd22Wzk/xynGAFuNjBgqP85FR3Nj15CxbUSs5l2rFMM/bkTI0fRyd+UwCXO5XZkCvQ2alxPfiUO5ZZamo8wR0at7Wdc0mLXZsOAC5eVN75O6+6c/1UyTV3HbPaeH9g79cysSOZRCYAyCapsV4m80EPZvoX3ZVZsCC7Hl3fPW9nu+IyOenvxUWSAFwmLB3ljj9lVnvq+ysWdGrVrfd0arknVqMDYD26KNMnV/WdXfCpivWesouNe9lJhid3KV+WygSA4+Uy3WULtJ9KLzVey7sVgmsnfS+EduZGCKwKD3DpN0RQimrYOyE4y/mWv1FL/o3urJ3MjVpUcsp6iZvrAFzwvaSy95G6d9akq/BGUpm7mLt2apjo5KYmbsAJcKE34/RSlH8XTuWnSu5hflTa2ZuYT07dJBgvAWApbSllKH0OL/XTnblNcLnu04nwJGcKjJ1sVed7iVvPA1wYGU0pQ6kWVOon1R0vH5+ynSfXTkl6Sgu7zj5uAQC8S7zvCEHdm7N3+X4qG57MHcxFeqrhJgD4E+pxTVV3E3tHhPD49F54knY6sM8B4E85WD+Vjk8nwxN2AoDyfqpQT2ao4E5XduxtACiCrO9y4lOonvLCUzrwRN8JAAoRNzw/lYhPJ8JTWtoldiI8AUDR+NSw5Z2JTxXpyQ1Pe3Y1ABRjnxefAvTU8VfxzYYnajsAKF7dCT+l8cm5X3CwnvLDU6PRZk8DQFHS4cx34lP4ebtUTzI8tdETABTXU1vFp2r1ZGo7GZ4idjQAFCVy45Ou7sroKae2a6MnAAjRU7uC6u6UnlRtF6EnACiup6iK6i6v9eTWdk12NAAUpelUd+GjBe+2ntroCQCC9KTik63uAkYLjvXk1XZN9AQAxfXUPFXdhenJaT05tV2PHQ0ARel9WN2V1VM7Qk8AEKintjtaUJWeZOtJ1XboCQBC9OQ2n8Imn06cuDOtpx56AoAAPR03n0rryemMy9bTDTsaAIpyo5tPJfTUOaWne/QEAGeoJ7czjp4AIExP7aNTd6F66uboqYmeACBQT1E7d7IgUE/uXIHujKMnAAjRU9M/dVd8LriAbZ4AACAASURBVBM9AcCn6Kn3+Xq6uWJHA0BRrm6yehpUoic1ldlATwBQTk/m1F0JPeVNZaInAPgEPV2jJwA4Iz0NK9CTWu3JmcpETwAQqCc1WfAJemqjJwAooafoE/UUoScAOCM9DdETAKAnAEBPgXpqoicAQE8A8M301ERPAHCReuqhJwBATwDwrfTU+3Q9XaEnACinp0nFejLrqaAnACiupyv0BABnqqcb9AQA6AkAAD0BAHpCTwCQx+8fKX/X0VM++zfN7TD+yg+ur3brfejGs+Xy1X/kbbcdhL1X8qPHHCjwb9jpL8XP76Wn+tN8c0zIAfo0six3L1/3qxEfvAjW02j05D1wl7zbLOit4mTLPUcKfOX/mn/8TPnLIP/+8/f30NP6OZdf01J6EsL4siN1kXzavNAWh9ns5pSeXsWXn6In+E/w1wl+fA89jRIVHfP8vCrscaGn7SJhO0v9tHk72/T0Nhq9ndLTA+kJ0NOZ6On5OSd4XD0/b4MscVAH6ktqqPG59p6e3tGT6D0N0RP8N1DF3RG/v7GexgF6qjt6arWmacVVP89faX39np6CQU/w5f8pnzrE6ujpZHrSHaGnM/2l7tATfBPURIHP38Xf56LSU6t1WI5GS3W0Nlfb+Xzx1M9ssn9d72bz9a3c/nWxilsv6+SFteRvb8kW2ydznv7qaTufbVdTWcwtLEIzyb+uxdstFrdJXbl6dDaMk+2Sd/T2yuE2cdLqJUHr6Wq1m+1WB/VzLBbpacf14rXVipxnROG3eEy+lh0fSP4+263f0BP8a3rK6zz9RE8fpKfWaqQyynStz+b5OeVlox5e67j1upVN9f10J5+Zd6XHFuqVs4ZKPPYEYfL+yb/Eibha8vxhPhr9Ehte+x+xTFjb76UeVHpS776RwxDJO6zUp+z9Z2rzkX27x+RrPaq/7rroCc5IT/+gpw/SU6upTqjtZ/KATo/jll/9qYfFYGRdqUA8sBZ/Fmb59She2Uslk/5jFmf0tPL0lL4ofct0w47446M6kyilk6Mn/aky7NUdPW28Z2Jhp/lWOWqX1oijzeNMnzhET/D1TNFTUHqaKh0J1SySJwZzJSLbANpFrdaD0ECsXrd83bfelmpsai8Of5FbbpNXPE1b8UoFsHgqSd5wNvX1NNq8HloHvWESxmYiRolZptWtKsniqJl8wlOz2WxoPa0GrXitY5yjJ/+Z5AdcineNks23L3vxtdKfZ7J4TH/uOnqCL6deyVjB5aWn1iadloxMbokTa2zswGNtJUumq+QFDZmellHa9NFjltOl2vR1tTdGsx8obBW1fD3ND3rDtfwG6WfUt54YW0uvNb650W8+z6Yn75mt/kGSn3QrY9ij/CbqNEnoPCdAOHl6+h96+ig9ieN7loaipTpob/34pI/qjXx0IQ9692Vb/ZD9CDsx+aKbWa6eVPddbhgbX6x0gytPT0/mzTeZ9OQ/M9dbvUhdrUSXrOW/bZ3DBb6Wnzl64szdx+lpmR7Fj85I98w0gNwN56kH6kZPh+SN5I+xzlyt8ib7RfJVG/16V0+yla43nKnRUDHo9PSRnoTu6n568p9Z6Afe5CeLh2evUzcuLjla4Gtruxg9BaWnvew9bRwl7TJpKJHM1dtKvcLoSWx4r0OP+Xbx/9k7155Uki6MIhLkjiQqRBJNQFsiF2Xej3OSmf//q17qXt10g13VnMPAWl9mRj3IaeOaZ+/aVTXaiCU2I4D6q2o85etJ/8Hd169Ex2m081HvmJ5EaJvmpif9mS+dll70V8hW+UPi5gzmgbthAML9hJ6C0tNGdpSnfkH3nkpD0+9l4iYO6vt6mlo9rd/m3mqbaTw17o7o6X73+rOPt0WS0WKenupaQvvpyXxGLEEmizeh05ks6rZ6/GGmmmj1VcmdyQCnKe7+Rk/H0tNSLZ8lXl219FvbW2WcZJYcTU/qMITkc2b1tPGmqIr1JHOP5PXlmJ6Op6e7rZlomJndhL13NVi14bcE/hD/oKeA9HSvppREGLFdaf/ftzKLbKbyowfTk3zl+VtNSinJNJ4O62mxew+fyWyVOTwhLD2JntPn58Pn6s0/dG6zMlNWAGeipzV6OpyeZGNGzx6Z77D2k5RYDhsZaR1MT/XEWM3oyWs8HdTTpuCklbD0tHv7cio0uw9z8UBLHP4Yf+XoqY6eDqanvp2lfnO1z4f1zp1skyvn1I+lp4adD9Ard37j6aCexALeJF9PX+XTk/jum5wffF9PJNxNB5zlC7+bf3P0dIeeitPT4Huhts7J31kx3ih3/X6ljo0zM03y6JWD6el299/PMjwlSk+b9Pa9Yj29qebW/HX5ce+/VVUa3q7LpaeOaoDN58uFXKyrvX+Z9CQ7as3k4XPMrwv8Xn6hp5+mp0QcVK6X45Zb98v9sFosxP7ZZJv68sXm/uPz+MqdWH/7vv9e6pW7tfgj5sSCp0N6Wnu78+ZeX0y8ldXyYT4t13taeoep36th8reNfFvfWrjhZ54DBFH/VcmBBf8lPfVD05PDHeVb//60ivDOz7Tq+FwcW7mzr7xIhJ6+/e+zOaSnr93Xz2fal97f07zCd6n01Nt9xr7arty0BzHoKlXoacnvC/zx9HQ5eqr2rHEdLWbLN3/tYP0uVTT/SLVmHldKTi+DxKSnd6ungUlPr/Kl1SEE9zuFFehprPW09fUkNp/U5CtuXtP74T7EC86+lYS+XEaq21bY/mfWicxMu7fVXyi1NVfyfc11a23zoL8A4Pfx9yXrqbqbWg4ybT5P76aZvvL6fjNUHyo4k9R+dDraNNelDyhduoGkF5es1As2btYF37VenA79CQmVrLab8e7vpT+63XBgAZyBnv65GD1Vd8/d+fGpij5Bw6yuhbN0u3NePu3mY4A/S86mu18Xo6dLZmnWDKei/bWIfDVRvH7JoNScP7B9Bc6E+t5kwf9C5lvQ0++mn8jjLFdz0Zt/jZ1Jkr38ZL6Sx2N+bnm8cC7l3b/pexCCTvVBT7+deztYkCzim2lmB7BYoOvwcOGiQE9/gM1iNZu9vr9V07N+/ljOZ/P3j2ceLFycnnon19POTzzodGWe+kdFrwZwcXrqoycAQE8AAGeipzF6AgD0BAAXradH9AQA56Sn5on11ERPAICeAAA9oScA+A166p5UT130BADoCQDQ0xE9DdETAFSip5bQ03OsntpZPT0LPbXQEwBE6Klh9TSsWE8N9AQA56OnAXoCgFPoaVCVniboCQDi9fR0Ij09oScAiNfTJKOndoyeRr6een0eNACUxewIRk8AcHZ6anrnqTyauYKK9GR3tfCgASBOT6MK9NTJ6qmLngAgTE/dyNPofD3t72pRvXEeNACE6KkVt6elWE/P6AkAgumlx56C9FS06c7rjfOgAaC0npqpsadq9JQdfGqiJwAI0FO3YK6ghJ5qh5fuuugJAIL1ND6BnvzeOA8aAAL0JFtP3sJdlJ72euOquuNBA0BZbG3nWk+V6CnVfOqiJwAI0FPLaz0FTWUW9MZt80nEJx40AAToqeG3nvYW7iL05CafujxoACjL0dqujJ7aeXqSB/ryoAGgtJ788BTaesqbGzfNJxWfeNAAEKWnYchxKrl6ss0nHZ940ABQlla6thsGhaciPbn4xIMGgNJ6qqK2y/bG/epOxqfGlCcNAKWoTxs6PPnrdqVru5wjn1Lx6amx5lkDQDnWwk4HwtNP9ZQ3WmDj0668q/GoAaAcNVnaVa6n/fjkqrs6AEARzk7TvPAUo6e9+PSo4tNTDTkBQBlB1bSdosNTVk+6Oe7Ku6ctagKAnytq+5RT2lWlpz0/8cgB4Kd+ytjJ01NpO1k95XWfVPvpqfbCMweAn/BSc3aKDk/p+HSbiU/CT6I/3l6nDTUFAJhO08HpZd1uGDvth6cYPRWWd+Jc35Y4+6nZ7PV6/R03knsAuGKkBoQQ+jsxNMXlBzvEQOYRO5XR056fBrq8M/lJDI+LwwuMoKShrKQc/LgALt1GHtoDPeWm5k4QQk7pmQJhJ7NsV42eOk5PZrpA7L4zgpKGso7yuQGASyXnN16pQLup23J2EnuBR7rxtB+eSukp10+jkTy4YKcn4ychKGMo4yhDHwCugfQvvpKBdpOSk7aTTE+jkWensPCU0ZPyk01Pyk9aUMZQxlF5pgKAi8b/5ZdqMm5ScjJ9cRWfhp3I8JQTn4ZD5ycnKGso7aispwDgKuh6eG5SckrZSR5WEBOePD0pP6mlO+cnI6h9OWEngCv3U8v6Sckpa6fB4DYqPGXj08D5yQQoLz5pRaUsBQDXhhVBwwtPYysna6dOpJ38+NSxowXWT8KIQlDOUL6kAOBKMTYwblLpKWOn1H6WADv5o+Md309D135SgtKGKniz/A8F4NKz0p6gUm4ypZ2Rk1y463Si7JQ99Un6SW+9s/0nLScvQRGjAK44NNnklOmK2812xk5lzxjP99Ntyk+yuNOCMunJGOoJNQFcu6GcmsZjO++karvR0LdTpJ5q1k5KTx3bfJLTmba+e8oLUABwnfjRSYanyUTbyVyA4M8V1ILRclKCMr2noavuJjo+WUOhKYBrllI6O421nB5N68nfDawEVatET7cD3Xsa+sXd87Pff8JMADjK+EkLwhZ3pjM+8LQSpad2Oj2Z3pMu7lx6yu+QA8A16mmcTk+TidLGaKBb405PUXZqOzt10pPjj7r19Jwt7XAUAOWd7T2l0lO2uItJT9nWeEe1nkZusODZNZ/46QBAw+wCHrv9LBMzV2C2A1s/xQ4W+At3pvVkartsdlJvjgVWgKsdLNjLT15159JT6sCCWuRcphvLtGNP3tT4fnTiJwVwvVOZDXUCnZsaN4NPuWOZUVPjO/yhcVfbeVta3Nl0AHD1okqt36WqO99Pley5a9vTxgdDd1/LxI1kEpkAIJuknswxmc9mMDO96S7mwILseXQDf93OdcVVcjLvi02SAGwTVo7yx58ypz0N0icWtGvVnfdUdNwTp9EBcB5dN9Mn1/WdO/CpivOesoeNp7KTCk/+Ub4clQkA+8dl+scWGD9FHzVey7sKwbeTuQuhlbkIgVPhAa79QgStqIa7CcE7zjf+opb8i+6cnexFLTo5Zb3E5ToAV3yXVPYeqbF3Jl2FF0llbjH37dSw0clPTVzACXCll3GmUlT6Fk7tp0ruMN8r7dwl5pOiS4LxEgCWMpbShjJreNJPj/aa4LjuU0F4UjMF1k6uqkt7iavnAa6MjKa0oXQLSvpJd8fj41O28+TbaZeeZGHXXk/vAAAOMl23haDGdvUu30+x4cneYC7SUw03AcBPqE9rurqbuBsRwuPTofCk7LTlmQPAT9k6P0XHp8LwhJ0AIN5PFerJDhU8msqOpw0AZVD1XU58CtVTXniSA0/0nQCgFNNGyk8R8akgPMnSbmcnwhMAlI1PDVfe2fhUkZ788LTmUQNAOdZ58SlAT+30Kb7Z8ERtBwDlqzvhJxmfvPuCg/WUH54ajRZPGgDKIoczD8Sn8HU7qScVnlroCQDK66ml41O1erK1nQpPXR40AJSl68cnU93F6CmntmuhJwAI0VOrguquSE+6tuuiJwAor6duFdVdXuvJr+2aPGgAKEvTq+7CRwsOtp5a6AkAgvSk45Or7gJGC/b1lKrtmugJAMrrqVlU3YXpyWs9ebVdjwcNAGXpHa3uYvXU6qInAAjUU8sfLahKT6r1pGs79AQAIXrym09hk08FC3e29dRDTwAQoKf95lO0nrzOuGo99XnQAFCWvmk+ReipXaSnMXoCgDPUk98ZR08AEKan1t7SXaieOjl6aqInAAjUU7eVO1kQqCd/rsB0xtETAIToqZleuis/l4meAOAkeuqdXk/9Gx40AJTlpp/V07ASPempzAZ6AoA4Pdmluwg95U1loicAOIGebtETAJyRnkYV6Emf9uRNZaInAAjUk54sOIGeWugJACL01D2hnrroCQDOSE8j9AQA6AkA0FOgnproCQDQEwBcmJ6a6AkArlJPPfQEAOgJAC5KT72T6+kGPQFAnJ4mFevJnqeCngCgvJ5u0BMAnKme+ugJANATAAB6AgD0hJ4AII+//5L8qqOnfLbfKV7u7sbL1Sb/a/M/854k78e+yyxJvn70dob2nfyfvXNtbpPXonCqZEwTx4k7Qy4TpmaGe7i7eb+1M+3//1WHLQkQIJwY457YXetDExtZErvV06UtCa8v9rqPIAjW0yKwKYpSfZ2VYVhm/VJlUVhzxDsMgnSOQEHnQKfvUm/nhSfmufFQyf3et8c8s6MLg8XVjxttWf0V3zSTd/Fkmt6HupMofYn9Pe6nKp9P47Nrmk73Jcm9VAtZ1U2a2Rz/IqOq6hkCBZ2y2I83ru+NxOu3n+eBp+hVq/82e0dqgKct/Si1A1l/ZRxPqePtO+rSbndC69h4eiLmtsBYx3XTgVJdZpvAEzSfvo/ox3ngyaxQNNTrazjJPSV+o0x4pLtR9zS4wkbxtDHNaN9RV7mngHckFZxwX46LpzygVhr3tKRXiedxE9dMFq8d8y/hiQFPwNPp4+n1VfNv/Mvra7J3oAhPW4PVMibknsbw9DQBT2nLiswjdDibY+KpkDM51bzx3E9Z/VLniFbSUcE9QTNJTu4G+nnGeHqcgCcm8NR/d7y88XH3VE5zT20i6JLmVNHx8GSFNIlTmnwx634yApf4avmSKOnDPUHz5Z7Yh4fXv40nQ4unvTSKJ+8w90T8oFnV8mh4isidffPaJmlqKd2aFUv7RD4qKK/gnqAZJXcUdPVr/3r+PfdU+r7H/YMfWsa1lzh2dNu5wn+znTQqW/d0o5YTc7NlhZo0r5TJUfclTJ00bBqzyjB10ygfd0+CDfWdLsLEdX2vTX5RBVUvxIJ/g6dNKHuZFZHtJuGDdEN+lBl3vuvYpVq7mxFFZRMsUMwasYtqvgzMeGH08MQ835f1sDCJJNLWvi92BdCd2VGRNW8vjSx0Y9dT8ZT7vk/BsLyqV0m4bPHUC9SgumhrbMqoCkbBMNBPFE+6zNMb8PS+e4qkbaiwU8rcjPwfvb4iFrIoO3Mj3ZPXKccHX7v8thKjzpfbBSSPbuQKvplko+7JMOwaC5vI7LVxWVfgPil42lTvBjQry+PO6h/dzZq/VmaLBV1r3dOzasGWdXJ8TaDou6dqWhiIVcVV2yVXVH5dh0feahXEKHNkCr7BE5E3qfDyxZGlOeQ0gdJVd08f+q/6C8gw0s8HT7+Bp/fdk4QQuSIa4QFf28rVK5RAjm0aIb4oZ3bL8bj18cTL8D/4kOJLZg6vxGWj7okwwHPVYniLNkTKWqy5xbyLmwZPVip+Efu5XDuWPKJehnEPocKDtXgqFAYxqy7KEwV993TV3GvU9Ggr7nUtOibQKNNYidgwkbR4InynFeAyvrHBjeV9DgLFdNXFQR1bFyP9JLUBng53TxV/1hYrAjkM5JW1HErPvr3VluN6WlT/6yeLShs56sJ7w4okLiir5KylyfHG3VMpByU1QlOhe1c2ztNSYUbLibyApFIit2bd0ei/MBi/v8e6l0HkhX4/0xY2va7KBu37sWhZaJB7cmob5jSLetXHY9kxLzOsvN6HISxo4nn+usHTqoqVbUkbxs1eSlZKHyhNdXa+MZbO5L2o0P87OT7LtoJ/wz25tbyeexKL7NzCWO2V6qXdLkBoyrWoUVLj8ap+05Wjku/LZnmHCX33dCdG6dKsWUH2KN4IrIrcF1NyT01fqBlLoS3vZfAwAminAVXcRsZR54EDPEXyU1ecPUV7v17DjK3IrvNFwKoEU1LjT0TyjfxQ2KVeN1D66lJ+b1lQ/01ApyYdnv4ATzr31CjquSdZ3WV16aWDp1gZqsNyWjx5TXuxeKMelS7tVR9zTxvRK79dUpPeze1NbPgojuoJWdb6ikzU6Jtja2IjeCL3tANPK3nAp2oyEQGwAp6sclpkhMKZFsoeKoGnm6puJ6uTa2kXT4NADauLrTZ9j5F+knrT4Akrd1r3pMWTsp/JkoNdXqG0iVPU2yU15XbhiT7MeMkwF3LVD/Xd05Xolc3TXE1dFdmCHm3ITIWNx6JWZPW5sHT+WJ7GalburH0md4aclFa9qUwMpcmreWjMDNZ4yRqSZHeCrYqnBc1sty1h7FyDJxEofXWxsv6wxVA/wbmdBTx92D3lz1KZ3j0ZXTxZfMksSErL0Jfbhac1p8VD92idN+qeCkEcFRUptXehHjqRTSvLcr2ThA+7TgaGTZNex4wEu/EUcVvzQiFJ+DzT5wil2egXpQpP2B31Yzx69Ynja5H59lf6QO2u7qEfBehU+AQ8fdg9ja7c6fFkbOXBXSfXl9uBJyZGXc6X4WrF4+4p5FVaiocQPogquNTgSSScWNipn+ZR43hqJ3elqcwzM7XNIZ4supEN9a+gz/kcoTlPpbXx5OkrpsNTe7R6IRfr7G9jgRqvLhs7vQ2d4uTuJ/Ckc0+jK3cjeDKMW1+sdOcT3dP12Kyk5574upXVncol1IvH/nZycllRY5+8HuXewZMM5lYd7QSG5x3uiQ5Il3xuZ2xodrcSO6FW6seE6evjySmq94NmeykrE+GgtppA7a7uHu7pVPUbeDqWexLDlyyUPdE9EW+0S+I99xTKvVWukqbmv1t938Cbbhbu1t01xF0nA5V9T0as3CAdcGE78MSBdyc+UN1pHor02EaJgejkwD3ZxnPQOevMrMKVabN+oHZXl8911Ab6DHjKgKd53FNdMJjongxn5Kxv1z1dBnJzYtImtjPhpBwlWd40zbNiS+2s5yO5p3ptrJ43RcYuPFVsiEOBQ9rI7coWlQW/XKS9+nhy5ZbxDiTlCt4gUDurizq5fOiE9EODJwY8zeae+Dwmfsc9+WPuKernjnTuifZ5CjfU7v7hCHniBTv9FgVobxDf9ECPwLQ+5J7UM3eEPtFlFnXr1+CJNhLE4t0N/02ccknqffEGs/kWAKbBE0+OqSuP9EaiC5S+OqshdYKRfpL6o8GTATzN4J4u5MFX+XIUTwkfltmNzhTQyHIe+RiLgkjjnqxlkbYnWCgHFfMsSyGme8YN5cF5HtuLo7Zpqt5m4qc4kHafBKXxsdS4oGZiyYf3qvZO98QCv+1fajZ26IJ2XPKjvpHZeKs+nsQnqMO5z2+LfF+oC5S2OtOmvvCjjw8Y6SepX8DTkdwT7Wf28lKeHxl3T+QQXD8ILjSmQCz9p1HEn0t5oyLN5M9N7z3Ndy2L04gUm4givrkhpEkVnVqpm/YkV3hF1WX6QDzmntZRJTpDTD+vDXm0L0hTfiCwnubRRarOr36qCbOy2S8uNoaX7W0HSeQ78kgc0+JpU12uIkNH7tIip9wTxUkTKF11tBMh4qsTPgb6SYr9muWBBaeEp9Vfck9RdxvnKJ4ugqbUwBRUDTfHWpX1eyPp7FdyH+sHdLEyVt40ajch9hCVatO+AEX7hAMzvh1zTwU/9q/2Imsedt48DGCrFvJ7sztpqTKz3dbOJ27qwxi0eDIeyBZZzcMfZPvDQOmqM+vY+RZG+tm4p/PB07zPGh91T74+97Tg7sJ0c0Nfrq6bn2INQpEJL1pTIJBzl3DiONG2mxqvoeL4pTr4Mu4fTLf5dgSWu9zkJFvZtFhip0N5PFuT26KX4abXyw6ezD4kQ6o1cMMmT7lVC/m9RJnfTvTatNwjf1B64IoarULNpzX5O5aLp0sVrngMw3OdpBsEalhdfG8H7TvQCernOeNpvm9q+TDHui+3+ZNlWO+Vs+7W17sqzdbLfc5kWIuXqlGlBfa82GkftuuXCYu11tXyYFOSKV/Tx96JKLvLb9jHqxNmjD1QJ/E4ujPC0++zwdNs33N35jP8Mxy+VmeuCJ3qX+PbHGda8CXm0CcT8HQW/3MOdha8TbHswBME9wQdYXr3p/s9CJOcPvAEwT1Bn1TAE/S5tApDfNcUVOPp9uh4qviEQEMfTltYWLCDJJ5WwBMEQcATBEHQJ8HTE/AEQRDwBEHQWePpAXiCIOgz4WlxZDwtgCcIgoAnCIKAJ+AJgqC/gKflUfG0BJ4gCAKeIAgCnt7B0z3wBEHQLHj6Snh6ORRP1308vRCevgJPEAQdgKerBk/3M+PpCniCIOjz4OkOeIIg6Bh4upsLT8/AEwRBh+Pp8Uh4egSeIAg6HE/PPTxdH4KnbyqeblcINARB+6o+EQw8QRD06fC0UJ6n8lDvK5gJT82pFgQagqDD8PRtBjzd9PG0BJ4gCJqGp+WBT6NT8TQ81SJy4wg0BEFT8PT1sDMt43h6AZ4gCJqs2+62p0l4Gjt0p+TGEWgIgvbG06Kz7WkePPU3Pi2AJwiCJuBpObKvYA88XexeulsCTxAETcbT0xHwpObGEWgIgibgiaeelIW7g/A0yI2L2R0CDUHQvmrmdm3qaRY8dZJPS+AJgqAJePqqpJ4m7cocyY03ySeyTwg0BEET8HSlpp4GC3cH4Knd+bREoCEI2lfvzu32wdO1Dk/8gb4I9P/aubfcxGEwDMOZghAzpa16ASMNa+Ci+9/c4PPvQ9I4MVWE33cJQTz6bA5EVM2THE9Lr55K3xt3l09mPvGgiWgVTx9L/k6lyJO/fLLziQdNRLUd47Pdx6LxNMZTmE88aCKq5qnF2S69G5enOz2f9leeNBFV9XLd2/EkP7erPtsV/vIpmk+X/Y1nTUR13ZROE+NpLk+lrxb4+XQ/3g08aiKqa9BHu+Y85fOJ0x0RVXUtjac1PGXz6Wzm04X5RER148nqtHo8pTzZy/FwvLt88bSJaH5fl8LRrhVPiU9/8YmIluokeKrWyfNUun0y10+XgfsnIprVdQg6rR5P8XzaJfNJ+aTux4cbQhHRdC/X27B3OuXjaQ1Po8c7/fVM9fPg19fD4XC696b7RUQdpxlQIJzuMNx5OB73+zk61fCU+fRuj3d2P5kDnvLJAqWF8kiFeLmInl0jkXXgYGy6CUCfagAAAj1JREFU46R+yVLQyX1s14YnMZ+cT25AKaC0UN4o2RsRPWuFd7yhwNpkppPU6dPrFI+nKp5m+qSAckI5o1wnIuqh+I1vMLA2GZwineTRbtl4SniKfHLnOwuUE8oZVZKKiJ46+ebXNDmbDE7uMzuh05rxVJ5P3qcAlBfKGpU6RURd5N//R+OBtcngFOm0ejwJnso+JUA5oiKmiKifAgGaJm2Txek7nap5Kh/vlE9hQCmgtFCWqEgpIuotD4GzKcapmU7JfCr4lAglkSKiTnMaOJsUTkWddit0GvUpA0oLFYxK4uUienKJkgwIwaYUpxY6CZ6CT35AKaCEUM6of5NUEdGTFgFgUThLnNrqNOFTApQTKmeKiDpKQHD2NgWcijot5Sk93qU+aaCsUKlSRNRpXoTPGKe2Oo3sJwOUFEoaRUTdZ10wNuU4NdEp96kAlBMKpohgSfSR4ZRNp3U8jflkgXJCJUgRUc8FF94lTq11kjxZnxKghFBQRQRKmU0xTpFOK3mKfEqA8kKNKEVEXSZl+DOB01qdYp5Sn2KhcIoIlEo2OZyaTqfR/SSFKhlFRH0nhdg9ZDrNBgqliChlKbIp1akVT+UTXtkoIqKMptSmdjqlPkVAYRQRTcn0WJxynzKhQIqIcpd+AKeSTyWhiIimaWqP0whQGEVEFTI9CKdxoECKiGbA9EicpoHCKiJE+qbhwf0mIlrS8APxlIlokzgBFBFtFieQIqIt2wRQRLRVmoCKiLZrEkAR0fZxIiJq2H+Hbklp0GU6XAAAAABJRU5ErkJggg==" alt="Todo List Manager Screenshot" style="width:50%;"></p> <h2 id="get-the-app">Get the app</h2> <p>Before we can run the application, we need to get the application source code onto our machine. For real projects, you will typically clone the repo. But, for this tutorial, we have created a ZIP file containing the application.</p> <ol> <li> <p><a href="https://github.com/docker/getting-started/tree/master/app" target="_blank" rel="noopener" class="_">Download the App contents</a>. You can either pull the entire project or download it as a zip and extract the app folder out to get started with.</p> </li> <li> <p>Once extracted, use your favorite code editor to open the project. If you’re in need of an editor, you can use <a href="https://code.visualstudio.com/" target="_blank" rel="noopener" class="_">Visual Studio Code</a>. You should see the <code class="language-plaintext highlighter-rouge">package.json</code> and two subdirectories (<code class="language-plaintext highlighter-rouge">src</code> and <code class="language-plaintext highlighter-rouge">spec</code>).</p> <p class="text-center"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABjQAAAL4CAMAAADrpu58AAAB12lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xNTg4PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6VXNlckNvbW1lbnQ+U2NyZWVuc2hvdDwvZXhpZjpVc2VyQ29tbWVudD4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjc2MDwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgrMJ9MVAAAACXBIWXMAABYlAAAWJQFJUiTwAAACH1BMVEX///9hYWGAgIDd3d0AdOgEUaWjFRUsLCzz8/Pc3NwjeJOBgYEzMzPT09Nvb2/Y2NgAAAC3tzvl7+VIjKe5ubn5+/2HrNX8/f757u7+/v79+vr/AADExMT69/c7eLnAwMBGRkY+Pj5kZGTq8vi60OeDqdOsrKzv9fqnp6d9fX3x2dnKd3ft7e1VVVWzs7Pe6fRxcXEcYa7B1uaJiYmEhISenp7P3u6oISHnwMC5TU2yOjpPT0/Si4tZjMOjo6PW4/ERWqq+WVny8vLMfX13d3fb29tikselwd84ODj25eXNzc3EaGiuMTExcLbszc1oaGhDmfnu0tKtx+Lp6enpxcXboqL039/eq6uMjIxOhcAxgZtnlsmSkpL1+fx5o8/KysonarK0y+TK2uzjt7dsbGyevNzx8fGrKSnO4ed6enqUlJTdqKjQ0NCQsthcXFzk7/rHx8cjh+x0ns5yqbrPg4PCYmLUkZHc6PC2RkYvLy9um8vj4+PgsLDWlZVGf72Xt9pusPTlvLzTjo6bm5vGbW3S0tK92/rk7fWXl5fYm5vTj4/g4OAQfOilzvfm5uaDs8Jem7CixtGwz9iSvMp0dHSKv/XIcnK8vLxzc3OMr9ZXpPK1QUGQkJCVmJrKym7AwFT/Y2P/Hh7/fn7c3J3U1IqksE6ZmZn/MjIhgMnz89zt7c7o6L51pNf39+n/mpri4rD/UlKAo28SEhJfl47/uLgA+MkKAAAgAElEQVR42uydy2siTRfGu3XxdkjbEhBEUbwsRKEVwWQluAgKH25m4caFkE0QHCTM9sVlCAQEV4JZhGSRQZgMQ/7Fr05VX6ovXpJ08hrmeRaJVndV9ziV8+tzTtVRiUMQBEHQnlLwEUAQBEF7Q+Of/1ga9JdIgf5TYQZCEf0lAxoQoAFoQBCgAQEaEKABARoQoAEBGhCgAQEaEKABARqABgRoABoQoAFoQIAGoAEBGoAGBGgAGhAEaECABqABQYAGBGhAgAYEaECABgRoQIAGoAFoQIAGBGgAGhCgAWhAgAagAQEagAYEARoQoAFoQBCgAQEaEKABARoQoAEBGhCgAWgAGhCgAQEagAYEaAAaEKABaECABqABQYAGBGgAGhAEaECABgRoQIAGBGhAgAYEaECABgRoQIAGoAEBGoAGBGgAGhCgAWhAgAagAQEagAYEARoQoAEBGhCgAQEaEKABARoQoAEBGhCgAWhAgAagAQEagAYEaAAaEKABaECABqABQYAGBGgAGhD02dAoFTfpX0ADigwaf36/PP123j0/vfz+A8MPaEBfEBqtzbOy8C+gAUUDjfzPE6YH5/0Tvf355bCR7g8ADegvh0Zr27R8CzXwXwBohOjhJAQaJ4/ZDzKoFV3Xk9EPa7Z1fQ1oQH81NFrb5+UbqIH/AkAjoMwzZ8TJk9Py8uhriFY1Bo189MN22LC6BmhAfzE0Wrsm5uupcUCfxXh2NDvHlDgET4M7Fi9ZJeO0ZF94gOqDDGpR168+YNg1QcOMdMh86HALQAM6TGgUae516yGavJka77n5zr2sntbgPx3l2NuFlrCPjzqpgTiwur9f+cdaVCYGadKwTtIGzsjrys2501NSQZNGP2vEMZ2iggZFpx4z3jbyNR4/hhkms+2tDxh3wcaNRcuM1jIkS5Iq5wAN6HChUQ87cvVmX+M9N18zZBW0I/YzNnYw0DSMIUOHfE6DHzkzjI53pPNK4CRtIXesLeyekq59o9+OMaGigcZPT0LDbfsgaOSYcW98xMDjVD8T6YCJstoMuBUNVa2lAQ3oC0Kj8xZqRAkNreGafE0bGkZz4TPr4mgAGuZ3frB72hUwGAegYXTnu6FhDE3MqEhyGpug8fAx0Lhm0Ih/jfVYOVU1Zr4svqpOxvA0oK8IjVLrDdR4JzQqPUcD5jCcMst9ZEWSBEfIrHfjTL0fFeZ6GKkwaHTYgWaF4lIDflLVhkaCeiYKLfbybiB63rtXnLmjx6cpCm+1MKMi8zQePw8aBoNG+mtAQymo6uVcbqiq6nKfvAlmIHSA0PjnDdR4JzR+eFvmzHAfcz9hxoz/d01AI2YHrFiHphmERoJyGXPrzdGSvetZ0LDzG7YLE8CNNPp4RJTBlIoCGk8h0HjYkQg3Fwt2jUwi1Wn0PQQw+5XKjffy45tUp+AkBzIlXf9mvcwvFovBhm7pKY1Ny37z9klM8VWlupqHJiDYWPYF+9VG0rM+KztNVSs5N0GhLRYmbexodBqJrZ9NSlW/9VynrKOqzb02g2AGQocIjTdQI1poaCnLup8z52A58Jl1LcmO5oKmn/yTmfMubnkMMjS0lmjbBg1twDhVwZSKAhp8qZQSTIRvg8Y3svyrIi1Y0ospx9BXRItedJMW8ZhoKg2FGZ+x17fiUI/Obo/DuqXPrLGrab6vQzzdN9riPHUavKMVa59KPfUrZy+I1iqJpkubEEN2P/bt1+fbPpwGo4Y9UOZMVY2FAmhAXxYar6dGxNAgWBhxAY9+wKxrE27WfaZ/JmdCmKqCFh5oVJgvsgsaRJZrTKkochq/CRrZIDS27NNI0wqoW92WRY1Z2WnRWwIRmbXbJKxzir0qOGZevxyHdRtfOi3d/DFZePIljt3zqoFbGgm0jJvuSRWLTe1AvytdLzfstuJWDlRUtXwj/tG3qno5wz4N6CtD49XUiBgaPCx1ej5nP89CzPqQN/tMP8We5Aw20WLlgwaD0HInNL4bxi2mVFQ5jZOQ8NSWnEbcMbjiF1+Emree3IWNPuZhIcvOW2bbFA/5+oCbYGoZpsO69URTif+6ZgeWhKS6uGLJvaIsRh72J5Pno7SXZX7WivsKnlvgTXnv7be3bjWsMmr06d8yYk7HHJv7oC8LDbVNqryOGlFDgyfAG+yZf2KGmPVTnuT2mf4RX5rrDVetfdDoMBTthEYM4alooPHnccPqqZNfm4M2wtiuBko6wW352NqSXb/IKIo5tAnBwVCb5pVso2iFpVRu3BWNewSN0G5pbuAr7KHebAnj3mGNV4SRBrtikjyTos81ytKFRImSOoWT8uTiqOzFlPobrClfIJCU6E4TfNDTRFbR+DWn27eaM2r8UPJDxowj7AiHvi40PPrf50AjN3Zkt96L5a+JDVmHVMD0n/ptfZVTRIbGwvJcqKfnivLofZExgd4JjWdReOrZTxJRjur3hl7cln8TS0/5wz17ehkzm1yyssRd1sSezpN02pnYPBGnwxp/yO8qypw6lchYh3Qjy9+27HOV2/cLwamiyEmP206Iy1FSxJ5ohIV7j0nBGiuHsihZMasK92BE44RucXv87lpV1VVLSm4AGhCgsR80XB1rkoG3Vs36obFmB+YBaEx4NMobr4p5oJGMiUyJb5+G6Rk9d2cYXWzvezc0ROGph+fAgV8P28pPkSU27Gf9gs7jR/lEImFnB6zEhSqcBKFbHlRK8qYcme86PzvYTSu6ll8YfV0TQay5dMVW0Pe54Ql6u67VuFAo5PmQzj7xM/amzH7HpP50Q80d5XNvVVI5gdpTEKDxbmjwRLYxDkDjvDdk7aNgkKnpj3KteAKDoHE/YmrxAiO8Rxg0mnTO6PTOgKMRkaexoQx6/mlLLpznBJzwvqYHikk1uMswJ+fAyRcMcrlclj/k9zsiwx0a9erzeNXQU4ewLn4dO0MFDf2poEVTxpSdZxnIFUzo76ot3f5YIG87Ne5VK7EBaECAxmug0a3ZurVbzYkcneJ7tmNMgjAtMwiNpdgF6CplGDX/jvCzcwsaTeeKNdO3I/yugAkVATT+iIq2/vRFnhef+rkhq3EjW3BFYW5D200uaINZr8uTE2fuCiZHlBnnS6PW3g1+Uremp/AgeRWnggYXpq1SAFN10ULbzfWyu3UkKXpLd6qnOScuZQANdxahIk8jB2hABweNVlzSbCM09LakySdCI5gI59u73Ty416xzZvihEfOuuOXra1teaHST4khYItzRPYqIRAKNDYlwXvn2j5IJL+ZU9VQCydg2OF6Nuatb2yI65S+50Q6umfV3a3uIYJWqkpbNWns1vEbaCjidW9s7hlNPnExCi55RLmSY/dhdCis7FOGpC0ADOjBohJT+rO/kgPqfQmNKMSjDWXErmfW71soMM/1DvlhK0j1fOsvLiBwxUWGqxWZoTOicI+bexFBXPSJobNwRvnnJbc1TCcQUz+rziceo13gN9JK/qKB92HFUAt3yorMMqJ67SNbRpWfcvm364zZdrnJ2vXTTgyxVpDaScp6jtz04NSJgjF4VoMIMhD4DGmHlog8cGmaXCol0nL19ZNZrPH7g5qh9pr/KeCLbe1Ns9nMS4bT5b70ZGjGHTYhORQWNXxs2923eEd7maQY5WFVRkiV770P7qsRdibSVdpZ14Rh9K6sc7EaZkLV3oVaaN5ZkD7s98i6LdXyffMXGxtpaj5X27Ek8FqGu/N6lsCgN/u2G/9o/FY4ZCH0CNEK/YuDAobHm65woryGqiHh3UoSafio9dSG9L4ilUu7qKUJQcgc0zo/ZFRGfigYamV+vLSNiimWzsi9wkSeLX+wkNduE3/DT/OuS6EjxhnpcpXn1qWC3pCeXnalz8uyqp+7CIaNkEreCG1Mej5KcnakYuiQFt6gUVnnXglu+1paKiOy96BYzEPp4aJC3rclfOnR2+NC4sEqCTB3vYDc0zpeGMXH9EHPJ8+ASNGh7R2sHNPgVsbUvIk/j+bXhKUoDGG7Eny9QooVPZfvxXTzKa9ZaJVlLnubItm0GhHS78eSuqdbId3HJbenqolMFUVj6Pl1hIlIh7ocx5Kt+6dua7u0mKoU12rG1zypZSOUK993ehxkIfTw06M9ksN/qqUOBxuCOiojY3sGP/aDBC1U5X6Bk3luBJmmfRsP2RbbtCLe+vwOKABovQWhktpZGv5ZpkGnwmI+0q47HkiiVrcuJcHFXRfGQf2HvzQ7pRja9bQeM0tY+vp6+9TtiB+4OPmmwuqJcuoEw4WgU85xDTo3FlF1aZHMREbc4enXvQiKYgRCgEQKN72L3niYW3vKvwNgDGvxrOIbieziS/LXmhQZ3PsY7oNGTsu/Q+6Dx9Npv7jOsTdpim/X/2Tub18S1N44nuqiSqhSEkJJg7SJYyATBuCq4KBV+ZNOFGxcFN0VokcHtD5cyUBBcFbyL0i56KXSG0n/x5rzmRONLZ+rQl+9n03p6coz3Os8nz3mSc9ijeIdKaUA8O6crdynZ9IYneZF/wzOHlMPMg3gqyiEld/KcRU7dADxfq9WSsbvCngq8rNdbyrTTMcstxFMYHh+YLG0o1x28VayVvlyhug2Tu+mShfgGAkiDSOOfU0nIqtHlXDxddL5UGvX4uEEul72h9+O2/FZAb9cdzUmDLmhVXjjSTY5+zTfiAH9c03itNCxauz7ux8ub37J6NXuQYf9WrCrlxus6ZdmqsxVxXU9mhchNS2mHjcUv2oQ+Dn4gLPPNi2vnPc1qHRy7ytPmHbr+lLgVOGQFlYIcSzMveCUlElVV3kqsL97hlVwYPbnhq7/h4uj4BgJIY2G7V7KASONEUQOZZkqXhgJ5inuaUR/mYKpQpdEnfvLSt3uVo4+K8ysfgj/INO6tzWsaJOBHcftg1nHCR1rI9lgmUS2bWn/IFjrP8mWldqvNH06HbphxkNOu5EU+CfOHVuphjk5XvT065UvongoJ7B77U8+mb1nkLVm5vccBX0eKjKY5rlixnY4VtJ2+TRdWDNnShkX12fabVVsw3cztuTTbbBsmfAMBpJHLzAX/xygPiDdTIjff1vukNB7MHddKHEdnuLyZMJBR4dWNjrpiOi+wJ49s0vZMYlx8pd4i06D7abzsLzQtu3uK1gSUh+3oGlK5qrpUOp9zqqgPVlQL6kU+XWCqnH5Y/5s86FzeSnWVGGvCF01syltpT8WKhLvV7+zk6qZsEoeRpKYdL1bInhhfulzhQNdPvZQdYC9NSANAGn+b9tB3y70svhPvINOgt9zu3cfrTL2wpUWWLXFLywA/ZJyvszebyIbmd3krkx8H7LrHgntdqUBHuUfqYd53HuRDX05wmbfxWMWOMFI8+UXV4sWbN+22WGgvxXr7PhXnJFcEcZXqTMpTfUf9xVb7LESmASAN8IWlwTbPUGaj6Boiyx/TYDtieOxJ7uOauOzunNKL+mLBVG5lyrJdmKoXvsVvchLX9ZbOFhNJPUwLHzMZt+DQparEHblhXR1LMzNyqVq20CFtrOnstC7lHhknY77VUtNRt/iLBdhfmoOZqf8d+6hpAEgDfGlp7D8sSuP+l2Yt6S7KDGa2MkgUha1Jr7Twzk62V1pdBEg9jB9cTTx73i+FoadGZuWpcTmCOSr8SA5njsK5M906+AYCSAN8Xmlo2vOvl4eX+NXTs7Wi89zq4+tKJq88Fb/VchNrpTfXHkJu0v2mvSvwDQSQBvjM0pgP7isjvZwL2grHbDclViepqrthLH+Y4nUagzQApAFpgD+WxuYkVuZ4c0jJoTojhRKT7it+uaZ/7ZxWukeQBoA0IA3wTqWxzbkgei/u7kHx6JAWyPU1H4WvmT7WIA0AaUAa4J1Ko7HN4fs36lZL625VGtBuXRPSAJAGpAHepzRubwdbDbiWG2+ktLaM3ru4CJrvbG4K0gCQBoA0/ir9sNbye6OP+wHwDQSQBoA0AKQBIA0AaQBIA0AakAakASANAGlAGgDSgDQApAFpAEgD0gAA0gCQBqQBAKQBIA0AaQBIA0AaANIAkAakAWkASANAGpAGgDQgDQBpSP5H9hEou+uoRL2mu5AGgDQgDfC1pfH/g86mX9DjHUgDQBqQBvja0tjZ2dAa5tkOpAEgDUgDfHlpbJhrGDuQBoA0IA0AaUS5RsWeg6wWnUu0nO9AGgDSgDQApBGlGovdmlG3Hzu/C/4XQBoA0gCfONOANACkAWkASAPSAJAGpAEApAEgDQBpAEgDQBoA0gCQBoA0AKQBIA1IA0AakAaANCANAGlAGgDSgDQApAFpAABpAEgD0gAA0gCQBoA0AKQBIA0AaYCPJI3L6Jt2UlzLLOo2hDQApAFpgC8ujZ3apt/HSfW3pZEHXwSEbQA+BTtvYI3R7zsD0oA0AACfRhqbWeMP8gxIA9IAAHwiaWxijT/JMyANSAMA8JmksXUQTCENAACkAWkASAMASAPSAJAGAJAGpAEgDQAApAEgDQAApAEgDQAApAEgDQAApAFpAEgDAEgD0gCQBgCQBqQBIA0AAKQBPrg0fv56eHiWrx4eXn7u498vAJAGgDRSlXG/F/EkX5NX9y8f6Z9argTJAUgD0gB/RxpPe3uL0tjb+7WNfxMVwzDeftTQMIIRAg6ANCAN8BekYd1RR9w/zTdYW/g34W9FGo1o1BoCDoA0tiMNGzEW0lDZJ4a4e1I18nSXTD3euzSCaNTm2w3XsRC8AKQhaekugiykMT87NVfB+LWl+SlrO9KYRaOW3my0bODCGgDSEPi6/hprtMNKZdB+v9FyUKn0Sht9kIE9sweQxjJp/Ey2OdsqamxHGtqo573ZWP0ob4E1AKQhKAWbW6NUq+uUeo0H5qyfEQRXboF7KJOgmc8Pyc94GuyKvIxD+2L/UL5oXLfi4wx23HVmnibzgH/ETu9sLGwwlF2M7uMsll2lcch6dnuQxjzPy6Tx88NkGm8LKdbDGgDSkCYwNrWGywIt5dBnbU1dpZnSphtRjCY/L6Qm/iEvC3LcJf0lxRrvqLPjTvV5DFqbOVNarrkcEt3O+EmXuosfBNJYmVU8b0ka2keQBp3tgjUApCGtcbSRNdrnyUD9mBbwx6sk0PhNaeh6prBeGm6y6ai0KA1dv6KfJEj5IJBGTEpN4ydpe16WLjiel4t+7o96lcFEDa7mtGDbWSfRO9fuzYaFk5RMI+d5Huvbz4eVQbL8fFIaVgqkKXozT/zFHA0qdqGz6D3P68vf87ZdmKpjORNy1FS83Ged+4VhWFhS8i4bBuoaANJ4pTWa85G6ltb6uEoC/u9KQy+W1kljNt8WpEmDfsyaSDyUNkhDgTza95BsooXwpc/LRTG1oZk2uWcp+m0ooqszYy1Gw5XeGLVYk3Hdmc808qR5GP2SbYo+spjdqbGW27Y2iH6w4ZxKg7WeF+ZOyI4aWVHD5l26oSlKFD4/qy4/0SzpvM/Pq5FdmhDBGgDSEBQu14dOmwXYG39ou6yycdgTAf+yVqtdX7IONm87uxb4cewOl0tjsf9h9HuXj6rfKtKo0W4s8RGHlJgBzlr2sJyJFcUG8n3fHRdp40XUeEEby+18u3wm2iCN1dJ4IdKwVkgjcG4NQYvFZ68hW4wGr0v34qaglMw0SOw2ZjxAC8rsb5NAtviRNDJUGifxOxq+lSoNpxV3abKzysZDGWNHvPE07jiDNQCksfbhvsLpWmtcqjNMGXktTwP+ubwPi0Z3pS2fLC3ctJdKY7F/kd0O1ZAyEtLg50xfiSPGulI2aTGpteVA5G3bDT4OO7BCe4Z68lQgDVHTSJueelolDRJ1gy6LyC062cSc0eiyFMESwTzuNlQzDemMCs8pWB+aQ3S4eeiIjzzTcNj4Aevnp0nDolppjNkpuFQ/6lDGrcnf+ZE2sr91UqfgXFgDQBrqnao3a6wxUGaJooDNrutLyYBPy8s3q6TB69OvkUa+zQx1vloaLHsYitus6N/KyYFKPP+w1QPP6/X6PwNIQ+UhpehNC+H/7i+XBpnuIanD6Nrgz0iQwN34caJp5jDgTR0+wxR1I1E6cGJpTIQzHNLZHUXRvDMmM0/kj1fkj3bUO8feiWYaLvWOp5kTOnU1SpHGQCQ0OZrh5DRtn4ghGESjn/gik8myrKO9r5mD5U8FEmugrgEgjVgK9dXWYBfvveRklZsM+DTVOFspDX32amnkSzd83BXSsJPFCSa17txAdIKqle8Jo+DhvjT+pYsV3i0004VE7qzl0gjYDJRDLutvo1+uZV2BLAVFr/NJrSJgJXCrxVINLg3pDK0kcoIowndZpCdNRsjaWB4SSWNKfrbjscYp0nBlFzovFvLDR/GMk3HCpfHIJq9G5AzT/8OYNeQaANJQCIsrrWHwLEIgorIa8Mv0an+1NM4Kr5YGvy+qt0Ia2ZbIfPJK0nMxN9AZyzTa7Ey6lTakkXJBfZeeU1gP98vLGuU4gEcJQsAidn86FRM9Frt+d0i3iZgEC6hbmDRozYIVE6zpdCrK5jMW4WuxR9gLkmmUY5EwuziL0iAy4fVvczKZRB+KzFf1hAWumbeyPOmhNP9j73xe20bTOG7ZF6teRXTXi3GIUPEOxgGvCSv5NKBDiWDwxQO5mJLBFxMSYxbDnkovhRAwmGbpNMWlmPTQwdAZyv6LK70/pPeVZNlK7Cbjfr8tbfJGfmWX8nz0/HwppxKp4YAaEKCxNjVuGCQkiBzKBp98fcT+Pm5z6cx2211eHZsEjfj1ATTGPAmx3NOYRBLaDuOXuFGLb3PIWzQOF2Ud0IjIh8Ztwhj0P27ToeFI35nyBZ5RH4YOB0tua5rLoCEwQ5JGWWSLSDCYp2GJiy2e/ZCh0Ypu2/SjaMF3vluxoNAI/JSZwLWo9kENCNAQ1R+kUKNLQzuBFiIgKDRGNZYdj5TQjpjttkxeqZtecjuKQsPlxVDLoWEFRbZUM+Z50I1c19XH9C5dz73oCzerWSagEc9oPP0tcfn28/KcRoiJK4kN/iN6kUKjxZLfogPjrxFmmHGnx+gQaPiYsMJli3ga+35FbrA2imzAoNEhdbud0HPQpem3+zQWVRDRMkqZWlXdbyOvAQEagsYp1IjmAepi/sLStJHp1Pg1y6DBfjDOCg2ajGikQeNQ6AIP8/adeJ8G4V6rJi5NXEBDep7+nFApZSSSRISGG3x3EiSTpwf1IauU8qHRSHiK96ERzT4XR63F3GKvc8l+oR9DAkgG8RlKNle0fopXTw1ZJVb9ygiSKzOJP6UqgYYmYmX5qEOjDV8DAjREanSJ95CkWqQLzmFmPdrcd6imQMO9oCVYWaFRW+lp2FLHOU+Ma/GOcAKIwqhXi7axAxohNT4tKbn9PQ0az0PHghU9FSZCw4UPjctI5oF7GiWp+skoiy/zoDGVidAinsarUlT1ODRyxcvgx40mS6NrMn+KWaCRMxbSR4Wg7xwaen4pNPaCIRxCPOgi3s2tcwh8WHDpATRYBGueBI349QE0Orzuajk0Tlm0TM6dRzvChTlT7mxxEYCjD2jE0hpJHeFGGjSaEjSGNCHB+/joSjvB4AbQsFgQaX8ovcyDxrV8olKDoCcOjUYCNHI5NezaG20AGiTnAWhAgAZjRsrA20PuRjAdMQzI0LDclGooK0hG17JVT7VWVk+xtxHGmU5Z9IxCYzAYkFt+iEzTMie1HZ0jsh1ofE2DRmhpr0k4qUhIMNOuzwxStDSkFbB6gqdhu36caFgJKeL0p81ihVhwl+w0D18yJ57GmX+VIWo/ERp+3ZTZ5l17nbDJnIencpmgYca7zyHou4VG6pB0Up5UC2qNNJ4gCKFRO+rNUiFgBbWwSjZo9Hh/93JolIOucaHY61DYqCENvwpLxroRDwrQYNDI2hEupApokdQ4bH4g1nmYWFZFGHFCmy5IfKlqC/mRPvnaL9jllbM0e+15GhWWHa+yXznJkh9Iro/fFGiTGJcrpUdYhj0DNMAMCNBYkxksSRBkDfJ8lFTc4KdDQx9khgbtweilNve5NbFhnb2kLmzkdmkdlR+6GnrqizDsARqSPsVHo39ZmdO4lDjQJ1GkayE1PqQGOUx4u52OGzT3+UVLpIGiKV7jUIC0heYKwgO/T8NvzThb9oai0KAlXRPitFiB0VfpvdaHBpgBARrrMoPV3PILqH9xo2aHBh98uD40aHCKVG6ljBHpiVAzgzuEG9WD92+J+LsIjwEBNLgyn9xXLglmfUobrR3Bbs8oNCq20JBnlITmPhaVmlK+8OyEwbyOvpAoL/CO8LKY+56Wy+WTGDTOTNNUBQdlTtvUeXyK9K53MkADzIAAjfWZwY+r8FvvtEU4RnYpNGyTqyNBgzVvx6ARv77rfd1yLsKqrDRojFmbt/dilx0WNZToQ10Nv02DvoGJ75W4i+So1XdePbUMGv9LhQYz689t2kEhNNaNWfUUHRdF3Q/SXt0PoVEhw6jOCEtsmhMvzlmjORlNaBEo0HG3vqdB5liZAafy5EVjy5pVQ2iEexFPw2H80UI/xu8EXxcaYAYEaGRgBo9IKcqAH0NhqWnQiJ+PYYk59YznadRGK6ChchZ1efyLTLwVXJY6T8NoNdYPPi/RjzJwAQ0pOf30LiW3ngE+eJ4zRj0GBjIwqlzMGXqdl9xS18E+8Ba108jAQjoUd1ghgz7mbjV30rdKfDoJLcSaOPVTNovW4L5JXTeMgskbyk/EYYlNOjTE0v2Dm2YMFqRzw541q/vTdnB8x3rQADMgQCMTM9TRnmzHb7Q7QuOqlhkaXVNdBY3IcXxK7SAS53IHPJffiOy+g7ML75/TuJWy3l9vV1ZPTaKnYJwKJbe0eipX1aUi2U5OPISJJcPFSyY8KW4KlbVlNuXW6Il7WQYLg5GYFYNGgZ22ZIUD209s8VXt3NrQSGVG0ym1qaN14Pk6NI/jWM4JbB60o9BYhxnsMPGwulZX7wgNVuqUARr5kboSGvxIDaaj0ZLkyKXglSg7Gpy6LzTIRLE1b2QAACAASURBVNunn0Js3NKFXBo0mvPIyUlGO2zQcyg0pCOQ7GlOggZNho8FalyeBJVUGjvrwjYrZd4iSBrtOEqKQTplJCTCXwnnQLFQVlNgTb2yNjTS/QyHD3En7SPkn39BB1tB0C5CYz1m+Gb3Imj8LosGf5IKDZvZ7nlwwVAeSbvkeuowDC4uO9IsE30ZNFTTCpDR0IWU+JHYoOiX7qrjUjh7aqQCGpHwFDk8Q6ywjX6fBA2DHpvhWUp+92q5x3uxA2iw4lfP+jdI6ZN0RjgJODVz15fkEqtTDaGRq2rlhtPqF8nN6Ml9ucqINgLaE27z6+zYwKB6ymjR92A5Ycf5mGHDUcPMvbsCGunMqJD9znigrs7y/LH+dwjaDWiszQy/r6HlDCdO67EaWs+wTE6d1nj1lXrLmcwXjdmOjke/53/U329j0Pj029dcOjS8v8/U6StprrhR0K6jU9arzcKVe11JfQNNTT1Le6oPjHHxVaEgNmgb9CdSc9/JdBox3s9fufpJFoO+Kp+x4DMV3SDRPpdbEiFod6CRhRlUBRXabWh42Pjj8+eQEl++pFvY8OF/K6p4nyhgSNVaekxSqNZmn/JX5sCn85KlcV+nQYDo9ko9FzYP2kFoZGcG9B1AIxdpsc6tgsY2IzF69MCLVbmCam8NsGyQGb7zUpV9HX8JFg/aSWi0wAxA477asqdB8gMO8TXoyd566uWaOZcO27ivzmzU2kKAhiAHzAA07g+NreZ8D+ipGE57HhbKLhetmJpu7vZTG8yAAA1BY9hYQONxQ4P2lAfNFfuroWEfbPL2J2AGBGhAgMYGkw6tVnm7drUZ9GTMR6uuddp1swhrAwEagAb0WKGRq27/UXz/ejQrm50mzAgEaAAa0J8dGhAEARoQoAFBEKABARoQBAEagAYEaEAQoAFoQIAGBAEagAYEaEAQBGhAgAYEQYAGBGhAEARoQIAGBEGABqABaEAQBGgAGhCgAUGABqABARoQBAEaEKBxN5UTBOsBARqABgRoABoQBGhAgMZ9ofHXiAANCNAANCBAA9CAIEADAjQADQgCNCBAA9CAIEADAjQADQgCNHYVGtrV1Ub3c6+uNEDjUUPjzfvXrz++BzQgQAPQuIuOFMXd5H4jRTkENB4xNN78TPQa0IAADUAD0AA0VkHj/GdAAwI0AI37QsM9kOUCGg8Ejeq/3r1798MWofHaJ8abH87PAQ0I0AA07gwNz9JLGswAjYeARuXXvz3x9J8tQuOjx4xzJMIhQAPQ2Cg0lJoJaHxzaPzy9sWTJ9uGhseMj6ieggANQON+0NCsUN5C1/t98Cig0W9xlTf+yTutBOkPBo3qOUMGoAFBgMafKRE+VJT6jUeN8WOARjt0fubCcnkDufv+npIgW38wT+Otz4sX/90+NF4DGhCgAWhsFBrlkbc66D88NAoCNJTQnPeVPUfbCjNSqPEtoPHi7S//ADQgCNB4hDIbTANFcdiX5QAaasczqXudLBu22CaemT/ie4/DZUFZAl/lCdVAgkbDz7o07vX59T1lMInL+/DWQ0Hj1xdv/57LARoQBGg8RrUTHrJ7ITTUvmemj0YZNswnbFhXVTu+mj1douUlT6NQ75K3q2++nURTlOOHgkal4v8JaEDQo4fGy7+8BDSi0FDHnmG+GW0DGoqT1cAfR8JTqjapeQvHnZ2CBhWgAUGPGBo/Pfv33kXe0+Hx4J/PXj4MNGz/DeQD+9fJc5XmTmf52nbDU/4VHjWO188cJIenCrHwlJUZGh0/wSJDw1vseSsX+oahUdh5aJwDGhCgcWcH41k3L6v77AGgMYs8fZsJaVlzzQKfjSXC6TvznuYvtA09wov5iGzQcC8UZa//IQINVT2NVFTB01gHGu89aLwHNCBA4w768SIf14cfvzk05pQER8nQUA71JWvbh4Za9qixeGhouI73j9NR49BwLRoAg6eRARpkWuE5oAEBGpn17CafrMFP94HG8t4wvbXEJtYYCfr/Z+/cn5Lc9jDOS4McSuDMyVQcTSBCsdHwkpdIq8lrWYxOlrkzd0mjnNyMc9KKPbaz0uOumc5ud+y2Oz/3d5611nvhBd+7ELfn+YXF4gVesNaH53tZrzI0GCGU5goJjYjQ5+chVsPES93t7ZWtxt6RXiWNmoTGepCLr7kUoOHyRjguYf6bWGKn0cdxcdlZtVe+01jd3v6LbVX4EdfTgAAN8zZDZMR+PNXpD/hjqWBUmIl0WofGiGroyNunslTWiSD4LodGvL29/XWfFLhSmiskNGQaNftSIjTokq4iU2dP/MQ5lyI0XG6PBauh0p8xUvFOI8TvbvtxFRdhggAN00oJfOAC8qx4SghYcWmL0FhXTTh4j5GHmlXWRI6ZjYQcGh7xRzY/VporcWhoMMMUNHaJ0XCrQMMV5rj9PPX0CSdV+dAQjQagAQEaxjPgfAI8GsuFQzrGB63iaYtOI6xMjTG2gir+JvZSBsxTpIhMkQHC1SWUmirNFQwaVzM7pH+2DI06sjYHw80K+m4OGu280XCtNysxd5/jTO7HS6xal8JZkT/QeoU7jac9Pe9oGlzYegrQgAANw3W2fCAqpUSGdJBPbKQt5jSUqeFWZQaPgDr6NO73g9BwC9kOpbmCQcNYLZEONMjnCnblIxGe5IIagBwxHak7pvzd9fHQqPjqqQeUGv8GNCBAw4zPYMxI+jWzHZzV6iklariT6mU+NEcR9DIQxA9Cw8sAsa449wOgceQw0Ih35aN6aiyoGYBaEjsSDwmNI32V7zRQcgtB1qDRyUJT6jVSAZbZ6LRacnuQGqyfWYUZjAB99Pc0UesBaLQqhKda8xyecu/uuvLpNMZ2d93kg+1681Jyu6S+FxSTx2xSo8qdBpr7IMh0cCpCfYZWXW2AeY1Jq30audRY29doJ2BxqS4WZhE71WSAGBsVHIjS3A+QJadhIElhAhp1QkpDTRGOg9MwAw1sIwIBGibFglN+fS+SsNzcl00NugeGel1oRHANV9nV8sYkaCTcbvd6F1/o87vyXL7k9Xrz6jTyC40wY6pWQW4QTgPQgKDCQYOlLFI6B7FseMwqNLKoQbcYV2cGy2VE+DALJ275lLsn7JryXKnmNPIKjbEunU6MXrOmC04D0IAADbPBqahebVSaVt7uW99GJEONJU1msOtCcL11RCzo1KsAjcRVlblSrZ7Kr9P4rOOqIlJ/SwU4jcVVoh4Cjfd0sApoQFDxoZEy5iFi+jEszb2nRGqsJ7S3RxrNhkHw4D5TnjWXylxVOA3aL9mnnQj/YgUaS1lyS9AortP4cFSuhYJBA9cIhwANw+W2tDIqkjZ2XPwQGxby1NBjxlpuV3JXFiCCnmPCXlZKc9XhNLza3e9XLZbcBrO+9vYScRo/BBp0/ylAAwI0jG5TaCSjIeXCJ61Dg1HDHtfZhnXkwPWpc0puXQe3Fsm7SttpqIWTMl9zOJ/QqAKnsU2g8Q7QgAANY2IZ7oCR3IfhVLhLq5hWZ0mLMlDMM9nF9osSgkYJOA36Pc5r9Ytza1ag0ZelOgaNMM0tdalv7F7e/08kaLDN0f/a3n4HaECAhr5GDSe4g0bbwl2a1AjrNK5xUsWoW2QMnEaWdjXa34+Y3BtLu3pKzBgtVTY0/iHsW7gNaECAhq5qqX8IGu4bHz3cRZjC0ah26OR15rrcLqEpPAKnkav/qfeEe0d1ujhMVU/pMKNioPH0I6ABARr5Tmk40+zQ2sJeuS8h9WbQ37p8gsMNp5FrNeKqZPiuc5FAc06j9y6VegKlUqBB1B8KvVsFNCBAwxg0jDXtBYxmwq2v1s2ZLnChEIjlZOE0FOJ8XWoPNLvy5jT09oCsIGigegoCNEy0g/uNR7ICBYXGObFeSp4Wt/OA+KIAjS/V6TT4fENYmRmvXflzGoAGBAEaSoW0AWPHRgzyxVXuKnmnwV/2cCSnO8V7l0z+0+WC0wA0IKgUnEa68E6j9KFRGk5DoIYnLH9ttu/KvMsFpwFoQFC15DTgNIxTg9oKLtre6mZ318K01Cx4bswFpwFoQFABoREwXD3F8yVdJdCYV1OvaWjM6yppARou12ePsFejvdfOkj9c0trFC79zXK/CWXk4zy6gAUGAxqH6NJLOaoBGhNOUmZrWJGdMYQun6T3nkb9EMjxm8fPeVT4nj+5V1wENCKo6aDg9BAUeQ0dyRvFS9tBY+6K1vgfN/J5fixpiht3aej/2ef4L2zMqnny9dIgPfNcaMwANCKpCaHQabdlj29zGqgIart1WDa3n76UkuQ+DuOalQ2/yq3ROBnawAjQgqPqgwfYh7DRaZ1VbHdCAjAnQgKDqg4bT6CX5ooavEo7FFNAoD2gcFFYPCNAwdOW+YwFjtVN+QAMCNCCouqERMFY/lTjcNcIhQKPU5HZ7sVhAkHlopONG+vs6jTcBAhqABqABQZULDeck3VMqMqlvR6JOQAMCNCCo2qHB10VFtXq9a5Mm9jUENAANQAOCKhkarMFP60quaY/xzUYADUAD0ICgyoZGmgWo7Am1CFWAVuXa42lAAwI0IAjQEK2GPalcURuL6IavAA1AA9CAoOqBRsouKHWw43uSY4/s1zoBDQjQgCBAQ0iEC4pnuw1/nJ9OmGAGoAFoABoQVMHQYL3e9mBEwMZoKuafTDvTk/5YalR0IKZeEIspoJFXnfAVHRo99fX197MGhdHh3sf3hKiRDJrooKVUF6jb5ORmsgZQeUGDz4KnnJMemeGwR2Tjfb8T0ICKAo3FD4/fLxw9evzxh4aiQuO0w+EYFwc/Fe7zHu59mmqIbskHkqaev337tjHr6Jufvg0MPNvoyAHPMjlwuaB/1CFyco/EwW0s2GUHjVrmJuKs6ztpV1CkM+0ENKBiQKPtDwIMQcd7AA3L0Lh1hk7UyPjga9mpEfRWZuSabp+nU9cADUBDpwXDw3MhHdvPRUY0Vms6r/43qEpU6H/JT4/K1QNoWINGxzUBD3JoXK6RdEGcbJmb5mcADUBDXfHs0qh0oDMhRaaS8c6A04KwmAIa+YPGwuM/ez78l0JjYQ/QsAKNTYkOGWj45uj9M1tb7MEbQrxqRTwQ0AA0tIttk/KuPpoCD/hjfn9g0mlRWEwBjXxB4zjNZfhstr3jhBqPAQ0r0Bigdy5/y3YaNAr1hg4+kcEnfo6BZOAKoAFo6BXbRgLO/AqLKaCRF/kaeqRwew9NawAaFqGxOWO7kgWNGXJvUxrVtIjQWHnT0ghoABp6xbZ+J6ABlaTTkIumxBdLCxr9odBFm+3BveE792Zlp9Y2W//rneHTsxfFgq+9UKin7eHw+ESb7dTE+PCLU9KhDRcn7t0Zf9GzqAuNsc9ErZagsXKNwiIbGvTeSwZmunDzS7jt0fQcoYcxaDQuvz1zefPCVkeTNDM4ONhou/VoZ/PJoFTte4tM+ppm3mzuzN1oAjTKHxqBiImLZAAaUFGhQeNTp0oLGuMOx/WGYQfT9bPCZOg3h6iTQhJm1uHoZrO/tV1nx4qf4+xJ4cjrF/WgEfs7lSVotEiYyEBjQLQXLCRVc5l/Ol3WfUag8TKTRn82JczdIHdubvCT0+I7PSd3Gof4ycuNgEa5Q2Ny1HzfHqABFQcaJ2gm3FZ60PhVJET3CX7yniOjSyERGtm6xx86cSkzNVE4aNgOQqOF3BmigymW8Kg5L/cQBqCxkSm9qhkYzEDjWe4khcaQOHl+CtAob2iko8au8wpoQCUAjdXiJ8J/UoAGtQ/1L9hgVoJG93j9xOwvzFTsidDonnjBjv468TNBDZ+mYR6jfvaXO3RwVv19zEFjygA0psTs9zWy0J8na7wskWQQGis7r7a2nn8T35GHBs2j335FJwdaJGgQWly4vbEiGZoMK+hgCwt2+UCDFdsm0oAGVA7QeEyg8WfxoLHX39/fljUQofGV5uonaDCKn6w/Oct7Dl89mTwtQuM+70GIxwiRG/oKDZQqX1negz59WP19DEPDNzMz0yEOZprUoUGz3xs0zEQn6dLdZM5pvBra4p/heyX1eTBorNC3aKHBq7kMNIYoQG5NSyfQIZ5cx4GzhEoZGimT+50DGlARoUGLpxYWiwcNRVFo3OGHJx2OS8LCnclyEyr8LELjlMSONnJDUxgPM3Eq27/IuF/zvQxBQ0tZ0KCweEJW92m64m9KZsGw08h8yKbzYnCLQWNQin5NN0nQ4HMZN8loB6tzGUODFduOTjoBDagMoHFqocgd4arQEE6KuooDTKP5DhEa5OaBQAZy84DcEKRcEp9CQfLiB0LjEW8FNsiC38I6NWbMOQ2Z6AYlEjRWBJpIL/k882K+afFIqCyh4S9IgwagAWgURIvvCTP+sJUiNIRl/6GUlWAeY+/BfSL6+AkeGt3kpp/cfUpuLzkcIbKG0kRHSFS3XlfGf9ao8gWNOZaKpkGqm/wjN1ScxuCZXD2RPMbUjZfLy8s7YnCLQuOK+DQyXhahsSzLnjdieS5XaPDFtn4noAGVATQaaELjfUMpQkOISdnuCzEnuurePykrlGrLQOOpkBjvZlGqvdySqv+zd649TTVbHG8hLRWPcBIuUmIhKVCgIle5Hq4VQRAwgIiIRRRBVDghiMgDFEPEgJLgIxoJwdfnAzyf8Mya2bMvQNsNtrTV//8Ns2fP7m5Lsn5dsy67P7pfogEa6+wg4Fyx26+zgy1jrbgBGgH7ca2ID7nZqJtzSWh8Ui7zyqBGQOfFjBjvAyUUNO68jE6BBqABaERDX6ga3G+JR2hMnoDGdr8BBQo0aF2FCG0QNIaU3KlYQYPiC81UAE6//DsMHoDTDDR6jgxzORIaMhWqRwm08+t7dKTahHlOTGiIZNsbKYAGlAjQoG6FGQWWuIRG/3Fo+Dkz8romDg8PN06HxiSHBgU6xrJ1en+B0CBPoEPuHJHP4AziaTT8OC5yIFycGStbS8vLy416aEgmuGRKb0AHpClUZSQsNP7iybbWFEADSgRofI1Cg9voQYOCG/0iEcpZFAoaFBbPvkCrYIBGjvAQRPepJru9zxLE0zhdFEc/UnadmvXQUJjg7JGJuAFdvci6ml0FJRo0rOpTl+IQGsNrMMWAhl77xIx3lkSBBvMu2iXhWkJBgxKmVmMFDacoxOuRAFmxBPE0TleHvNbCywM1aASUyUF9TEMG2T8hppGo0Lihe+pS3EHDV9MJagAax5iROmtJGGhUqaUbPKk2ODQoiWrD/L1aS5l2IgUNviWl1N+t67KeTHoaL9TibtFjXYXG1nGnIqB2QxTJuaGfWz5XQyqDCY8zaPBk285/pcQnNDKtVlAD0NBUHT1mRAca7UrvKIso/Q4BjY2wBX16RbZOg2cyHYlAxpaxTMOMp1Gv4aHBEAiXUOiQNwvIJlcWi6ve0K7kND3kHzIdJjy+oMGTbV/eSYlTaMz8BDUADU2z0XjMa1ShkccAIdqIiJB4cGgQU8bUPGJ/4YVCI0dtTnX/WL9CM55Goyz4VkLiGjREzu0DdceLZ18NqoGQJUAj8aDBk22jVdQXiZjGzGNQA9CQekeF4F9mVRXHPzSoCnyV0oMr+m2hocFDHnkiT7dtsd0WPWh4B5ioWcgoDXJU/+KIUcP7Qlde4aLz1GKkgwYDQV+QNpqu84ZSR8aUWxEK522mpjRo1BOsNu2GbiWARsJA4y9rFIv6IpI9NbMDagAa+oCGTtXxD4023iZ9vCUveJ2GhEYFXzDZ0rJRZVMajkQHGn2GogoRYvCK9rNN/OkXMil21LDwRXAK8at+vG08XqdBL9nBZ5ucGjSY29HBb3TdAmgkYkzjP9Er6otMyq3vA6gBaCQsNCzzWrVeUWhoWCo29MV9FwsNXjWhPPtC3bUyCw2eCKUwwpBye0tOHyk+BUFDffjGVriOtvf4hxyGCY8zaKTcSYlvaDh8tSap4bt9UJLZu6ccJScn+9if3Wue8gXj1en5Hs/B3Ix+qqz3oMRzkA6zn1jQmI1raCi9pwonBQRW/dNKb6ohsU4HjadK/OB9lQRMdlvoe92INDQsg4qf8FbbM1o3Cw1Lg/Ka112v9W1E7k+J+bsyS4qgkdssnvS07AzzPp0p9BkrYcHjDhop8Q4Nh6PVDDV2k9xWrp+XOEHYKNORXirmHt5W1x10iql7HhUbax+US9PyYfjjvU7DYFWccQWNIMqqG5qfLjQZfyl+1t099Gw7Jobiwfrr11PnbCGY650KvN7UZ9AOiPaHD9bXB7RpDg2Lc3B93Rv+f7fLwbgHCw5onEMl4amxoNh9Uq8CjfIDdcrdq6VjSb0cFnNzuktLYPkTCBqRVbSgkVg6J4cFv50noWFUwPiAp9BqJWZ04l8CaJxLnnDUyOcm/3spt//u2wIaD7lHcU/g4Apfd1MgRGCik/saH8X552LuIUw/oAFFQL8ODTciGoDGL6g8DDXSaF+KeQ4zV2hD6oOABo3YRWUeTgiKcHDXozbd57hdQiMPhTPoUnc548fajnRTIEADijk0/mHMSMIXCWhEhxp7tNukxLSZZ/FcQuODmMukcT5DilvbgSKSuGfEX+sT9SbWGth+QAOKA2gkM2b8gx4igMb5FbKjyCVyIGTa1NzcJQUapTLW/VhsPC2QPyKvoejGgsPRqXgcXOSm7MH4AxpQHEDjv1ZrK75HQOMXlO9WuXBCwxS8MCCFQ0PNmSoTbsVjzakQYZAdx66VOyYSOPn5+WUw/oAGFBFoDPzS9hQEaPz6BlVQaDieExVqP/qM0PAZYh5r3Kso029pXebOB3akAA1AI9Jyeb0nG5/neL09+GoAjQuCBmNG6XDwjFsls/ayJ12DRqd2vobnT93jmVNSlG7Fwx3IswU0AI2LkhNfAaBxYYHwEMxwODLVYovKcp8CjceG+kDrgsN6XPeoBMR6DeYe0AA0IOi3gkY4Zjgce540fdWeTx/zFtB4cho0KHnqAOYe0AA0IOh3gkZ4ZpDWDl49F51EBDQqtVNU1JdO21PuYb3KeOVGLcw9oAFoQNBvBI1MU8wQwQ3ebWpPBMJnDIFyEQjfNa5/wsPhEKABaEDQbwONMzCDuRhpfCeKQ+OjPiXX7XPs8C6GJ5J13WpGVXpm5sEMjD+gAUGARgJDwwQzDjwej7T8tTy0zaGRpsz5LrODV8Kt+C7XrdXW1i44HJf1wY9OFPcBGhAEaCQ2NMz4GVS11yqGM5W8qk+0EanRwuDUVGqGcm5vCldiL01UhPN2VOVinQcdCwENCIISGxqm9qaukeV/xXwE35XvFAH3yYaFN+fKZtJf8RGt481wkzLXZq6UEzNKaS6JN6lK9pXNUTGHdQ62H9CAIEAjYaFhMp6RJGr7KtWHZxA0vuuSa90iAP7TkHHL26XvuvVTj2H6AQ0IAjQSFhpmY+BlHzS7/z1ZKe77X6ZWkJGsRDdqdeuU4vG1Sm2uHJYf0IAgQCNhoXHNfN5Ur/IAps5WHrPg0HDcVh661Kq9SG+NUjheoqZJlZUr2EjC3hSgAUFQAkNj+LL5XFuHY+/J3CXZo1BAgwEhvfdJsjGLtix9YS7Zd+zSj/nXrgzD7AMaEAQl9PbU8HkNuYQGBGgAGhD050Dj3AI0AA1AA4IADUAD0AA0IAjQADQADUADggANQAPQiIKynDGHRnV2dvZTwyCqKpyYmD/HZVfZm8sulgP/WS8fXV5eHjQMLlAxvTn0R0LDsbOz0wsz/ptBwz/77e+MR6mpGW+++mMKjSKbzdYlB+NR/9x0l/PQlV1mq9APzqRGu93+Wg5G9WdcI58/fzZhyR8srbyob9pqCLswd72jyd7XGMgxcXMI0IAADZNyZqSqerQPaMQIGjnL9WzCPhL23xWwK3qbEwYuK8rC+k1AA9AANACNyEkHjdTUfUAjFtDIaa4XBj4sNFRm2O2NuaEW5vRpKxsADUAD0AA0IuhpPHrzdX+2+tsjosa7PwYaQ2NjY3ECjU+qeQ8HjUFa1DE6dYv+BkKtfMsWvGjeHCF/o94FaAAagAagESntz161OC1Op8X/N4PGlz8GGudUNKBBBt7e1GECGgSLt5SzMMoGfSGSF3LoJQcoVHKk3QjQADQgQCMSvoYcFDBoZAAaMYHG0ZRzKjw0cusZKngsw0X7WfeD/0/Jefmkbmg1AhqABqABaEQpvJEVT9AoLiws3NbsNTsqkAcVT7NbWrKfFujtOTvvt1jairrGxg9Vc17cXdS10bI4X6f9Lvc/U2S4/9W67sWW8ffVWg5ZNd0va2h1rCW7MCw0XPkHTGvngcZWYwN7cyagQUuW+GiJPImt4Cub2GlOlx4eLXkAaAAaMKaARnSgcTWeoLFt8DmesqNpxeyv2oTadQUdBXTe36KcyRYkOGxXjm1V1Wo4Q07pb1+wIdepLKmy2RYLJsVslz8MNHr/TXp1Hmi4VCKEgcZdGdX2ihBI0P0pr+pe3LVr4Q9AA9CAAI1Iajv+tqeYIW9Xf/kTDoRnUTdpU7VogMb7PDnfwudWtYW2oVDQeFalLZzXoNGlvl5X9KBhMQsNuogI42wU0AiaddvATjbLAdMtQAPQgDEFNCKtAnI0vsUWGuPHoDHNhtKX8LOxyHcqJu+haqJ7etzAAoIGmf7JrtWNdg4N5zNaMN5d2F00pltYN8GUZ4BGVhV/yelsDok6FRpEn/lD7oRsRwoao3KwflZo9NntffR3xG6vp+i5N9jCdeXVXeyKHxQ8D3dzCNCAAA3zKp6drd7/Qhm3Gf7YQWO7rq6u2DBg70z7iW/pVgGxSKa8WPoHVX4dNBgy+O5S8cS4XKmEI94t1p1glHZEdOonLFxdVdnEodFeKCeLRIiZvbk2OajLOis0vIODg7mGwVmgwVasKHGKkc+hIuEU/d4UoY++HHWrKsTNIUADAjRMyzkra/veFFtiB41TRVtSChTG5LCNDfKytDjHvB4ak4aPwFyEqhCOjdHRUELueaqrUaW+eIG63xVU5qARJsodGhpkI7hreQAAIABJREFU/jtEnKLRORLKW1gSCbf/Z+/ef5rI+jCATzE0Y1fdN7HQDhFwAYsCinRXYFGEosIiFlMqsBVBEAUvuDEKgogSXd/w6iaoq8EY/Xn/gP0L3/M958yNXqbIIEN5nmS3c2NaanI+nOskeB9Ii6yfIEADARruJCrNeOu2GZtHY8KoXpiVjjGzAYkX8e1WNAaUdWgUr+SBRodZveCVjs8GGrXGjSq2HY0hdkWforzgDVNLxqDaDHnFL9EW+AgrmhuOIhtooDAFGi7WNK5elWxEvYbGaKeOwi2jpYmqHDV6UmZdgtAYtw8oouap7mpnNMimHsVsElvU0dCl6M5eZZEJzVCSW4iGVseH2VI/xRtx+eNsl87xYbbU9REWw281lNlAAwEa7qlBJe7td1ugxuafpzGi/7VPLU1iPLBl6JRIrZKtDamGn099jtbmRoNEMkbaduq1jibzfkyfzi3+V3CuafTy5qlZv7+tTFHu5bq8np1MUNcHNWBN+/3TKLKBBgpToOF63lNPeMhjaERlHWDFGF1bst4MOQ6XozGWwRye57dCOdAYs46EirMKi47GopfQKKMu7YRcH+S17OvOmJfUmTEnekCo+/wLimyggcIUaLifR65XNTaPRoiV3M/Z67JRFyA+xkutGTXRWF5fibplzL94XpsdjRGTHt5N0qmj8dBLaPAu7QU56+KMxCNjqJecmqh6JTUxFNlAA4Up0HC/larG9YkaLjzudUyU5xX6n/9KqFgwkpZqc8a49be68bldzApfzI4G7XToO+PFxXFvovGFz9S7VK63QA3lupfeUU6NWmsosoEGClOg4X46XF/m1gU0mnn9odFYGMTSfJQXGtyZ6HNL30cGNGgOiFHHMrpGthuNcIJikSHGKRCNUm1ydjiHkV+YKDcu7OcXLmj6fWdRZAMNFKZAw/2aRtSLaNAf/hXKZ1aS68/6sMzdyBMN9ru1W7u616OhRS0tW41G78mG0Fg9RrngJhpr4hF95gFqkqJBt7L+0KYf7xUVC/NhsXxldDlhnKokk7nf+sTPLHdRrAMNBGhsLDQp/L3n0CAvGuOWeRKlGfounNDgg2onstY0CIp42u03hMYWzNNIQ6POXHBq2DpNIw0Nvk6hWHBKu+T3tzhM/z5MH/1fFOtAAwEaedQubhtD+KPuP7rPDTSoQO+2OlHdyUpwo9s6VDOaHY3GkJWerDUNMQ1ctE/VmpPDPYeGuWhUeNqyXqGWjgYtVPiFN1c9NvgAGkADARqbz6PAwffzVOyuiMWnFM+hociFZs2Z3TSSqklUG6rvNxkWZEAj3lS6YlQ0OkPZ0eATOkiN6ri5cu53Q6O3n4UWk5qljaHsaNDkDP8VTQnHbCfS0dAIlbWwwh/tZD0BNIAGAjQ2VdPgVASuHpRTwuc9iMYtMUPP0q8d58+9SLWn+Dy/HGjQ+fHUwxH+A0fkwfsVFKpQ8I2KFUOmuFwJfeU7o7Hmt+ZVdjTK2/jwqS92IzLUNHjzFatsTK+/A9AAGgjQ2GRNw5KrnltGRMfAXOWDNyFZH5PhhIbxgA3N0pFuDZ/VV50y9o2nMHkPDWVo2rjMslphBjTEs/3EIKpyx+KMPvo+FOtAAwEazun48M4g4/2o4kU0+GJT9vGySjSul/APo3qrU206GgPd+oP74hNG301GNBRNf8Zfu/FOdjQc1p7avwk06jOjUZ+OhhbukxJYJ/ZlQkNZusQPtsw6LoL+lH/0CIp1oIEAjXwaqLTajujf7/++vRJy/+buoJExo80DPT3ReaeV+LSOmh52XWMeK/ZpjRM9Ax0lXi97wpODw0t1+fzL9g8PD7aWO194lFc0sKYh0ECARt5uaJqyJWXGFqKxoV8QJVauVBEaJ/A9AA0EaGx7PIIGkjP/MjN+w9cANBCgATSQPLKHKhqf8D0AjexJPkVRDDSABiJzlpnxE74GoJE9XT+fhxpAA2ggIlrwD5/vOr4HoJE9QZ8PagANoIEgQCO/TH2FGkADaCAI0MhbjWtQA2gADQQBGnmr8b+81ei68Olo8OKq3NuzZ0+Xqj6tjBytFGf3V0YiwZkpFO1AA2ggSOGioXb9mZ8afxVV+Xi+7uU/xraCDb/TgTtstyFyU5ytOtqFwh1oAA0EKVg01K5T+ajxQJJBuSjRiBzzSTRWz5tnf2lA6Q40gAaCFCwaqnrWWY1K7sHHY5yOqgsCDZk7avIy37gsXk6uongHGkADQQoXDfWooxoHqF0qqapT+6l28aeORtWpB8nkX+o12j67Sq1UpMpZFO9AA2ggSAGjoUYc1FiVXRfUe8GqEzclGlX7+aH9PlOKGapxoDccaAANBClkNNQTudXYyyg4pQ+bmpnZK9GYEUdOUU9Gl9nW5atE+Q40gAaCFDIaDmokqf5gO01oVEkoqCvDOJmsrKzExA+gATQQpLDRcFhR5CbvwPhvlw2N32WDFZ1DiQ40gAaC7CY01MoqowUqw4hbOQvjh8iPJhr/yBkcbPMYSnSgATQQZFehccKXAw01aMzTOHmiy47GjBhPhQANoIEguwcNZsaxZK4BVJEDxsSMpA0NGjx1DSU60AAaCLKL0HAyg/L0012xWMhXGxpP2eZ5lOhAA2ggyO5BIx8zROcGXzpk1YrGFB3BilNAA2ggyK5BI28zWBWDWqmuW9FQaeGp/UYzVjAYxDoiQANoIEgBoxF0MuNTJBLR1yGkqXyHbGhE2PaBBsvkvkMo34EG0ECQgkXD0Qy+uJRcJ2TqJNu+YEODxtzqkzYuYhkRoLF5NKKlpaUTto1vSGhsbKx5K99He8wSZhtltFFuOzc0OzsbzvtOL169Oqe591UvvXp1xuGSYfaJE7YNBGi4aIZ6iFi4u0qPWvpIo267bGjQgoc+3y8zDVN7qRriO4rifYejMf+WZWUb0ThSXFzcrW+MfOMblrCfvb+V71PmZxmybpi5wo70532n1+zqMve+6lm/v8Xhkl/ZO97TN4ZRigMNl81Q1SIxt++keLmo2tGYuuOz5HwSxfvORiP0LsByG2gADWTb0XjyxHNo5GWG2vCnicLHPeo6NFTxCD+Ra3gI005H430AaAANZPvR2He86mNR0cmq00+8hEYw33FTF+UDmM6f5T0WXT77BPIHRXK+eBBl+w5HQ6u+WhhohNpTqYHtQqMuFovVbRcaw319a0Bj56Nx+k6RzPnD3kEjmP9YW1VdvT6zN/t8jOSPhypnsL5tAdQ0HgUKA40tf59caGwsLqORR4CG59HYd7PIkqonHkHj0EbMQHYFGlo0EDj4FmgADWRb0XhyoMiWyx5BI/kDzAAa9oxeDQSiH7yHRklNTc3oxGL7cqNSMrGYKu3Qr60dKF1MtR8Z6AhZbjB/Q8QcAjbKfr5EqV0eSXUvNzuiceETS+W3oaEl+kXMQbi9ra39ijL0pi9Wf6/Xcofw5JlY/VLvOjSGJl/Ozb15oY/YDbe2tpqDYq+0tl7J8ZnYaZ51o2j7n52LxdbOLIWBxk5B4w9RwTh++PDxy3zzuEeap5IwA2jYwyoZjxQPorFCh9h/xU0rI/TSeYMfrnlerKfCMkh4XB4zO8Ln2d7EDXl42QmN0/+hfBsavX4ZsyP8HtsLD4qjLWaZ/0JeOGxFo7xeHm2ZlGhcYjt1ljvFckzpaNF/2HowEdM/kr8PaOwMNA7zroyf5A7v3DjsnXkaCNAwc5txseJVNGyp4IfHLEc6axzQONKpX3rr+6Px2ii46yyNUiJfTDQSbcZR/zlZTWCbbaLaUsc2p3NNGsyERl2LectLQGNnoEEdGnf26Xu/HWO7N4EG4kE0Sg4GAh8UT6AxkgGN+z1N9DIykGL/r5VoNHWX9gzcj9MJo65ROjY29jANDebK4vIRAmVcy/Y+G0WjNw2N8DmWuTQ0WME/O3iOXuslD7Qdeza4JopzgUaYCvjp2WFxdMnUhQ+HKiddcrVOKcNvWH61o0H1jLZnky9en5u2oTGsbyyhFPcaGk/WVS2O0/4+oIF4Dw2mxcHR7Udjpbm5uda2wdEYU5QJ9hLXlFFqbOI6VAyUiJ6EUqpK2ABMRyPeSJ0gFWwrmu19NoCGlkgk6vSNhL0j+0o6GnPl+l/9otbQx7ZmNaOVSvw8qdLHqxL900wPcaU2J0t2OvvS+euzz9MIk03i7mVLs3rtQ//EdWkfHfEAGtQ6ddJ6gKoap4EG4jk05hkWrDjVthuNTI4IJqrZy0O2G5dNTGbzfogdGndAQ/SDTJjtU9mSFxq5ko5GS7leoIv2qSG2sSBOPzbQoOanBVmGT1Kbltmt0TLEdYlpG0XjChqgdh4aVLPwWQ8ccHUAFQpToOFStHeBwDtZ4fAiGjTqSXZjp9Jney+yU7nReG6eOPLd0ThjnmilDeoXH7T0gpTppBgDnxZY7UQxuzUWhv7P3vn/NJHmcXxg+yXRhoRwpQwJHAW9Hhi26iYiFBYJBktAqQYlnCm3Cobt7WkzKmpddq8aUu8u09usS1mtP5v4K8s/eM/neZ555pnpFGgptEM/72ziM8/MPB0m2+fVz/P58hArZX1WqRQat8wVMZRLoJGJ2cOlWhAaqAaEhvqesAIWcBrV0oAw22vMSpiQ5v3Qu4cPiCC2KrgvNFZ4+9KBSRn/+yeoptC4ypr3jN/9wIcuycPQbbgfeNDsmzdTpt9aOM0XlUqhocLylPHpKBctT/XLHQv2DoQGqgGgAfVDflMa2NKIsgn/Bvlnhq1SkTnxQa8UQBXZFxpGpO1Nr3fimN9lKTSGTA/DXcOlYSw1bRnQmPfZZGBFZVGz40rF0KAWC8HPhc0hFWdrt1gaYbtPI2Vfr6KX9cVifWGEBqpu0Hh25szfkkoDWxrvGDSgoNR9r/c17b5picPdHxp36gmNLhs0Xkl2xHMOjW5fOWgoXevkaLS7GmiIkNv1C0M4X7vD0giA4ztuHocd0vv6eM74h+EAQgNVF2iAF/y3l1RQRuT9y5cDDQ+NJGVG78zKx48ff3YXNMYkaLzl0ADnxthbWSKrfBZm/k891UBDmd0QEMLoWndAgyaEt5kmxTY5HLSUn4pLpamuhxEaqHpA4/szdv3S8NB4BHG0rCqIet5V0ID1pnXj/DSHhgrWhON43aM+36Ed2qWl0bs2pz8xaszijO0KaFBTo4VjItAPaHginw+nLJWphhEaKITGoaBBrItrRkbfhLssjR2pdMiG0SYz+1g5DpRaCvcgP+R21yGgQT/5BRgrz3HGdgU0WO2p7b4AsSli16E9KC9Cxa3MqDSHAydThEbTQoMcLSsmCmoGjW8Hif59rNB4K2WRjxnQmBOpf1ZBhsbo7LpUg8R0m//nkNBQaQ761AEP/vU3RP/Aab3u0MiwMoWtKY6HwbC9ykhr69pwXzjWMlh6GqGBOqE8DSHXOMKv8dpRROdq6Qg/hjwNOzSWzGCo2yJP460jBKhDY2RWuWpza1QGDWbIfDrgwfvgD/8Dp/W6Q8OfseynYYUCLWeY4tZFnDrE1xAaqDpCwz3RU71e73csN4O5xF0EjR4CgnlGgC0BDSg9NSLWm9Sr7Hw3BM2u8kWqnUqh0S3cGPCRUwgNl0BD2BoOrm56RnRlPlgOERootDTKQwOywF9DmHD0ptdl0FDGYcmJ9KrPpdpTkCe+zmqid/00z4eYNlhB6bFUITRWfRtvaIZG14aZhI7QaHxomEG1F+2bhA9a/eLhEj85QgOFloYzNCbpDhv3J3oteRoDvSDAyCXaOn+S0Fh8BQIvxRhtvSkDDZap7ZsaXZer3HbTIKf5qY2peVFdfdUsjQ6VREy3xuGgsQmFr0Z3aOFdyYxBaDQ+NPz+mONGGnF7zduFCtenPKgmEVoaJdBQHou8vptmyO2kbeuN+ycJjbu29LylcpaGcnvdSLqTIqnEHkxiSw4LKDZNgFQCDV/pHh/lpjP4wwM4rTcINMKOJdHBpZGyh1ptIzRQCA07NCIWaLBKUuf4fkuvk5CzkTwsNA6oPTV8rNAwFphmWfLFpyFp5z5VWfxksGR6ETqnLItKO1IxkbFDQWN2/JXY1enALI0f6R/+F5zWGx4aa3aDJIXQQNURGsehI0KjrIJX7jx+dC7izpfStbi5Wrpg1DO0ubS0eK/qUlFzUt4g+5hbq3eXVm93HXzrX6mhgUWqGh8a2/ZK6m0IDRRCA1WdpsrllR+sfoDG1/gKGxsatFf2jfc7lTNEaKAQGqjDmS8+n2+rynv/IMyI4ytscGjY9/ELpCrMCcfJFKGB0ECZzAAnyA/V3fsVGBq/4ztsdGhAtFQqYDE05Jq4CA0UQgN1KP00NjZGQ6rmq9z2+1vCjDC+x4aHBs0Ib4vLZaoqSdNAaCA0EBooKqOs4chidferf3rS0vJ3fI8NDw26+2vr4HA44w+wDMDrGYQGCqGBqg4aIxtY//y0QyNwndcXMard9vkRGiiEBqpSzQ4RITGaABr++EVLOcPKmIHQQGggNFBihQlfQVNAw5/pl8oZxv0IDRRCA4VCaJSHht8fGGZrU22xivcIx8kUoYHQQKGaDRps+761Sq0MhAZCA6GBQjUlNBYqTc84IjR6O/b2xMGXvb2OLzgpIzQQGiiUS6DBnBr9/pOCRsfn9vb2zyY0yFH7rquwkcgiNBAaKFSzQiNMw6cG4ycFjY52Kis02tuPhRppRRmo/aiTihrUERoIDRSqWaCRCQvFhj9UFWpbPTR0xohdExqfbR01VFJRIrUeU9fIe1fzCA2EBgrVDNCIP1nYNgJsz549W2V6xhGg0UsJYfmh3mtdr2pwaHgS8OIRGggNFKoJoJF5MtjqoOth/4lBo8NhLWoP+nS3QMMzQCwNDaGB0EChTj00hlOOyIhl/CcMDac+90DDky00nUsDoYFCNSM0SpVaazkCMmoFjV6HvkaGBobcIjRQqOaBxsVYOB7gOgovjuLT0A8GCUIDoYHQQKHqD42qXd61gsaXMj6N8o5wLZEAyGjZfL6QsJwoFvKFom5LoSBXZXUHaJBh+N1atmAbyRxcF1eRNrkun9WcHkiTb8xan8p6F784USg4DYXQQGigUA0NjVTY7zpoRBQ16tEmFVUl/0VEXl1ikr+DpBnJVIjwvqhuh0ae3KwWwSGRpleoijRUlPaoyaynQP5hc7t2hdfsTBdLsj/UEB80yAp7BgvGuWKaP8EAHz0HFyeSrDOiITQQGiiUm6BRWzujamj0Wvt2983TICBIJ8yiyxwRBektRHQj604omLBCIw+dWTqJm8rxid4cPAfDatZOVS2UpAxSaOhRc6i09DGW0XMQahUUnVmEBkIDhXIBNOJ0J9cqa4XU3qdRoaWhRGDWVYMSNYr8J35Imp+5CcEuo1aFgIZgBp/VkwwJBZF3QThAhxrg0ChyYDhN9QY0qPkQGmCfN2kyQw2qZhdACuwflT2pa1PJERooVBNBo2/BiK6tv6WxWy7ktmMfaBiLRIWQwpePoDMCvguNmg6aYXukwcIowDwekaAhmKHBdD4JfpAETP1JMX5eDEUH04N00Unz6FlAQ0h3gAZ8nkoHLfC7KH7oqhdbpTItmxx5ej0nGUoIjYaFxuXOzs4HlgZo4memGyXXh1ZWVq6c+F8UIg/XGTEayUpvX3rx4sVtS+PIWiQjrRqNNzg3uxsaMSnG9mJdHeH6Lq0Zsmfvp72f9/aBRlI3s7GJXaFDl8dclAKTAXjAK03R9aCEgIZghidrGACcCxrrUgry6pLGGiHNHCvvAI1J0wTJsyHS5l06fI2DBjRy5mVphIazvv9F0vs6QuO81+udMRr3jd5LXqanJdcHSe/jE//mw6d6o3KjIo36fL4fjMYSner/S3SLnx6CA0oA5e60LOhbnS7Rc9I9TkbaUnhjB+dmV0Mj1nqUDV1ra2lQOHSUsT92y0NDZGDDj3qYsRPFotFVZJN61pyx2UHOgEZeWmEqFkW4FXQTAyBqcoQdADTIjWpCKhuSdIAGXMvH0umwmrEq5jFsmgSDhlE0UVcZSBAaDvr1jKRnCI2ThsY0afg2+OkdOJijzVc+WdOkZ8tXKoTGqYIGZ8ZgG98MfDBcZ2g4lUGn5dL3gUbecmQNZ9IYICZNg4EmbReKHBr5Uq+E4E+WGSi6PBaBhqbICR5Jvv5lg0bONCHMAa+Iozw7nZOfHjwmCA1XQiMCunbaoeHromd7RhAazQyNDC0dsham1W0pN1Lx+kGDWhSl7gtmaHSUhYZqYsLKBppZIawKNeGQ3FeOGTqDhqZYfv2HKCCIoaLmLB9ZLOPTiBRMnBA+hEy6gbETZdDIyiPpCI2y0Hhm6NeGgwaVIzRCE8vLd04LNGhTWfWZ0BifIxojh2PQgPN355jWwTRhzS2ExmmCxjAtOmUQhAZRPamjI1zfdYiU6j3QEa5bfsDnWepdLp2EOCVVpdAIOfyKBxtBtbkktEIukgyJsKiE1c+QptCgPBCyU8cSPaUoyUleiipqgQu3VnKymZJDaOwLDeHPVV0EjfromKAxRc/OSdBQDA5ctY8xJSwTcQ1C4zRAIwCGxoJ53AamRsZlyX2yKcC9FZ6CZV7J0Vkt6QQN+g0T07aes7y/LPWISItMbI7Pl7zoggM0tLQ4HU1w4EhIYA4MhEY10FAQGnWAxsg8o0APaa4jNJoWGn3gxZB27IuDqRGrIzRopJRDct++0AiVQEOa+1XW4+RkFpOQcEUnLbdxaETNO6IVQIM8jPFlpQmAaavvQ0FonHpovHzI9M42RuTyo6fLM+fvSH9QaPLGyvLMvy6Lrnfnzj0k/+91ziy/fmS5/+Hjp8vL98/ficid0QedExOdDwYOhEbPn38n+rEqaIyzzk2f78I8QqNpoQGrU2tyx3ZNc/yqmH2qsTRKlqeydF0on01oOg2/JdAIOkzI8AVNZhXTmKCsSeeLCR5ry3waSY/N6Q3LU3ndIkdoQDhWnucUJsBjoZrLWAnGKoTGaYbGdzym6v/s3f1PG/cdB/Bz8JmOrUklx75epjgrNjOJkjh2Jktr5BhlKU7QaIzTpTPoHEClJVWoA7RigwWsTTM/1ISnulnYL12lbfwUbW3+wH0f7nsPNtiG+YHD73cfcr6cL67VfF/5Pn3OPhGuzuin5aGcKAYQCeinRkXdAnpRcE2/Lma8Ob4q3sw/BR8CXRY3nKqHxsg7NJ8fC40rfHzqK4/nI6DRvWj0V85h9DsSjcqJ8LxlUCnNj6uXVTECfCXebygbTV/Bwk+BnzKnXCRJnwhn3Y8S+9vtPriMiDF7UaS9lrh9oZR1IhxoNIyGpjofjfWsbEbvGqSGzFMpE40146SgJGm5cNKAZNI8udBCNKT3KQPvejyfqUCje9E4e+bMT69VovGg03MaRyqNbl9yyxdJ0Z3htda2usvmklsODVuARX3JW+e8C/yHsvVe+pLbwzdUVKLBF1KF2b8jttmRDaBxJDS2yD/exR2l42hMNIiGP5fLLVSgobI+RdafWZuICjRirI/hz8xlzSaed0cmc2s5+uOy/m7azxidm5paW4gaaNClvnI0l5qZoFdmmoXGx+LgTwYaf/Z4fid9TFfWHg+Nb4HGKUDjQaUR35wENA4qI1KqWUYkbWnVfWwCQ7H+fFGvFpU+aHMfn8lQ9DofEctOO4oGc2LPfBtr48NWScrFYrF6eGp+Y2OjYOmgaLybUrBsOaR3AhpHQEOPd6mTaKzH4/Gw7aD2RHjlPo0UHUUK8VGlHEdDGSXnXiniZxMmGglN9C740FyQHK3yIS1fKqffkbKUYJ9kmjAUZVeq5MMlxUHcd1Q0royNjV2wHTA0rng8v6YYfHgMNO6TO71rO0CcO6dx17pto7lrbo/e+AQOe3Lffk009PVPtFVXuQaioY+IKQtWLqpklP5QzTIifHt2mDfuovK5pjfxJfp7mRfF1SvbijIilhohGlt4pWplCxrmvVgfI2/uJxfFR8JuoHEcNPr6Yh1Eo0YaQSMctQw2SXFN+GAVIC5ODnEqcsZbYubwlZEkORfQWZiqu5OwMTSqw9CQ/u7xjNHRqWOggZwWNH5RsVqKbdR47wQuua09PEWa7XKJ/OGetuq0eiBtfVV6Rn+CRlH82V4r0MsUPgltVrndk4yuB7mEPhOJD4EU3KLIejifZP0RvY1nx8U993yhKHoiG4IEfXhKE7DwZbxl3SalPE8+lib6PUCjYTS8uzux2DYdouobDzsWjYxtBptn1OCB/I9GpzIEGgOSQQXvm0xbRqpEcoIZmoDoqLQGjecez/sez5cS0OhiNH52ma65vWd7rMY3HX+exn9tLef+P+tNhKuW7rdZrVaPpuqT4rYtGPbS6GIyvGC5IiwGkywLbCOijU/bJmTzBl5lEw39Xj6Frd7Nu932h3zoMyxAo8EszdKvUVWlnXGixqZj0fBbOxr6/4t0SiIkEtVnSmYMKaQl0b9Q6fCUOCtC50GMd5MX0ZqfUXlK8/CYaDxi2/o+BBrdjAbfEf5E72tcu2zdH965fRrWOlP7/MSPtdDQLG04HzRKG4wo8wINa+uvzbttaPAHNO1Z1MinjZuV9ZupGyWjjU9bZmOL5nJdS0/DveerAIJAYrGm7AYax8oO7WsoTkVjmLz0VcySyBUZFWjoulAqZoyehCxPLqeS5hcwWfn2cCu+dY4GKzX1WxVodDUavZ+wMoVnv7h1y/U3dujq6PM0+Ky3ZTSKdT1qdDQYGsazLpJiqns+wn5XqcWS20DDeASsUqx63KuoVb4XZO26UnabaJDGvhjJF8u2eWs+yEWuzItHiwf1glTG6qlSUZ+yNJ8Iy5ff0sHstNnFKQGNo0ShI1QRp6IRqO4KxA5FI1iFhrHkNrqcNO9vT7CFaDz3sNEpoNHVaNx7YiuN3tyn9x2n+fHaR6P2azxKw0SDilDYS9ta3PlCIV1V2ypdKFeftSddLhz6rO6ItVmf3zMLsLPXpaolt6W0WWvd/FiFtFMf0HcS0JA2mz79IxmdAAAgAElEQVQV3kY0oroJkn2aI+u3ZO1wNKRIwsAhY/RTJq3v9mstROM+kWAMaHQ5Gr33zlrNcP2x02i43QHvj6YSpf392leHDygq1cyQNt6UwWfZAOI+pOXXnPtUDGegQcentp2KxqosD1VcQWe3/VXvOwQN8iq1MMrVYN0tha7Cbf2XrqMhXbx4UQIa3Y6GPq/B8uBeb2/n0ThaWoxGQVKN0lS2RyYdFrrWNg80WphdJ6OxXD3pED5gSVQNNNiZV0PGMt1Ry97w1qOhB2h0ORq99265bly+0X/tvd5eoFE5oMXmLVhfY54tbCzUvLpMJy3UItBoYRYJGrMnEY3J6tW0VWjMVS9/otisHg0NVYrTMS12nDC2/jWSF5dpPjhBaDy9SXMVrbWz0GhZTgEa+porLZ/nvzHzdbsZlqfPAo0WJNjX9NqFTUJjVZYD9dAIydUXrVp3WjSEBu9g8MkRv9jZ0VD+v30arUDj9+wTnUNrDTRODRr2Quj5mlPYJYaGUnADjSZnySgdwhZPeaWTiMZy9R6MKjRYyRCxqVtJaQKSrLGGVgsdjobPKJKuDYmeRpAcDRkrppSQBjQQoFG7TY/Hy639FdLGGLRW71cq5fPFcskNNJo/j7G1s07aVS3m7Wv66FSz0KCN/2RMUxTlcDTYtLfMS6InAzoLdIQpwLlJLgzJh6ORkRMhdvNwwuxf0Fq4UV4TPTgXlafbisajj0ioD8/pwSOgATQcgEY7UtorF4sb5Xk30jE0WKnCcV57alc6kWhIq7ZK5sEADe1ZRNmRXhSE1aKVA9ls1GAhwivaJhKr9FxNNEivIjCRY+tuRfeCdV7kaDaRZfv82ovGHzzW/AZoAA2gYbMDOHQWDT27vhOKxpK+FpY33MmKTXd6HXXlVfVGvMiq9cLaaBgxdAgvH3jaIWg8YJ/oIVproHEa0UA6hYY6uzguyNhqemX0pqEhaf7sUD00yE8IIrIhUVdGXYuK7eD+5EFo8GmQ9QHxhD85Z30GbExoFV2I1a6w8vYx0fjS4/nMjsa3ddD4qjE01F76gW6gsQYaQANoNFUNVUnGdra3Y0u+Fty9aWg0GmVpai4Vs9f7CE+nUpmqx4lXJTydWUtNxSsLTGnxTCoVW1Id10Z9zRR7gcYaaAANoNF8OEhacue2o4EYuU3NuIvvAWgADaDhoACNzqUfMxpAA2gADaCBNJofiBln8DUADaABNIAG0kB6iBk/oIYI0AAaQANoIA2h8YXLdRtfA9AAGkADaCAI0AAaCNBAEKABNBCggcYCQYAGAjSABoI4Co23kC4J0EAQoAE0EKCBIEADaCBAA2ggCNBAgAbQQBCggQANoIEgQAMBGkADQYAG0AAaQANBgAbQQIAGggANoIEADaCBIEADARpAA0GABgI0gAaCAA0EaAANBAEaQANoAA0EARpAAwEaXZKx199/95/v8T0ADaCBAA2gUTdX/v1zmn/gmwAazkDjzqdX0RgDjYooSofRiPn9/inbQbOylMvlws36msiH84fFgXa8m1zgZgANoOEUNK5ubba/8XvY73INNn75U5fLNQIy2oRGcHtrvK9v3Ls7q3YOjQFZlofFwUQzP0WM3HC6SffykXvJEevBMfKGgvH6zaP7aEmBhiPQuLPt9c62Hw2iwO3GL78ENNqGhrpDxNCz3sVorA0PD7QHjdcEjTdoRYGGY9C46vV6F2dngQbQ4NntM7PUxWgkZDnQHjS+I2hcQCsKNByBxp3ZzS0vyxbQABqsnxGjWIxv7sR2NsdPJxrJbDabPGlooBEFGo5A49Ndr5E7QANo0GwRM7Y0SSV/+XbCpxGNBtNWNDAHDjScgMad2JZphncJaAANkllixqLSopsDjQM7d0ADaDgEjR2vNTGgATRIFgkaEekkozE9t5DNTgxk7L2gcGxmITs8kDFXvfpCoRB5lRwYzk680v+T1Pg0j3lZhFymKvG1xPDatMAyTs6FArI8GWKJGRcrU/6JbGLZH/LVQ+PipZckK+hpIKcJjS0bGnVmwh/29PQ8NF8ar1Yenx98+YEY27ra07NCfjh3fnDwr/QtL+iLl+evP16picaLx9cHrz/72j4/P/Jy8Jcvzx2ABv0oL4BGaxKmg1PSCUYjviqLDFv+sD4jTg7lRHseJK9mtIR+3s/OrYvLzInwV+RVWL/pqg5RVrZlUlybmTTOrdVBY+Qdms/R00BOExo2M7wrtS8+T1rtfxmvzpFXN8mPI79y8Tx5xs6PkMOet++6mAi3Xa4Hb/3kLr/g8teHovH0pn6TM8+Mn175Sz8/d/ZSJRorn+i/ONBoQZIEDfoHa8V3MtFIDh3Qlkvr1lY+aEHjf+yd3VMTWRrGk1ihMihwwZcRBzREIlYMJEqWLQcCKSAzskgJ8yFqAmGBjVNgWeLIGnahplwLLaoCBGtZquZCuRjuKC/8A7fPOf1xutMhnZiQjnmeC+k+6e4kFvX+eD/PZru0OnAaNGQQTfScBo0pbi1ZPGhYPgEagEZFQCO8o4LGUu5wkktOlvcJZweOcJ9V0aAEDZ90LkDDlVqQL5jNAo0u7iF94jssu5S162poUGbYvIBGSURrp9Y8+421tY2re83lhsajDGgQ8z6xEo9vPvcr0HBSNMy0TG0+8quh4Scmfyy5MSRCwxMTNJABDeGia5EYuXiGrrlJe7eAJ38LlehVRKkzsuieOhwrLjQ+trUdw4gCGhXgaQR4ZuRsCn/AZxUEw+3yOq4zq97LLHyHCA0XBw0r8TNck3RhwasLDcYMVz277S198Q17xAJbe8BDgzLjfPXOPSn1b/Ie6ehrFLs0GtfKCI2tYDDoUR2IINhgLGuOxKRLIyQs5WaGPaaChkCDeQYLLisSyIRGO3mDHkKNUPZEeFx4WWz386xEpCRJMBiSDoLNBUHjXltb2wcYUUCjEkpu+aRGOtfFz7j4FIlO/UEngVjfvhFclFEb4YMIDcHYdy1711MUGlbr67olh5cedulBgzzKOkJ4UGeT/BFvPcGIT3jw+lsro4UEjfX66mZGyaFBOvt2TdHcpyti7yMZeRiVsQ9GeWjMefQfooGGR35hLDs0WvKpjzIOjfvHaAgHNCoEGgkOGrs57fCSS4lPDVITTjDyq5i1JrY8JUJjJKVcJeUtiD9xWw8a54Wfkyyn7iVuSb3kfIjRLB9LYIjQqHpmlBwaq8zFCGz10GEiuyaDxrySTVA0pU6KW3hoTFmMQEO820ny3NmhcZjleV8AjaMPn+iwwiOLE1YU0DA9NFTRqb3c1/cp8akFwdCHHeGGujrJfpNIVZ0YnpLWCDRsUi2Ui/FACw3ywyqVSK272MkI75Z0UxwxaKQIM24voeS2xNDYpX+sdzaKSXHzQMNJQeDWrLaookoqaMw5DUFDGqIbk50OPWgQOE2EDH7U1mWi6RxXseG2RzdgQgGNCoBGgmfGrgFD3CDHpxoyeyw6mG9wly9sGuRtP4k9hTOh0STnMSR/ZNCxTSJcSnFvR0eHl0EDzDgjaISU/MaOuTwNC015zyUjIa7/cExYataHxoDFEDSC4vEmd5wJjU5audUeixdvjCMbid52dBE2FNAwPTTUtVNpI7f0SvEpQoNvVA+bblKg4eOhIafOHwsn3kxo9PE30IDXA/rvLZ3mvgMwo/TVUztcTCpa9PjUF0PDKZfc+pMhDiR+iz40YsagscX5Eu6s0KAJd7HWqkjzVW7c+HzykTgbmFcIaJgeGipHw0BKQ/QDKATqWdabdOUd/NndO+mSa2rvilVUMjRSfHBLBxp/CD+Wle4M0tBBvY/rOtCgVVZVzoySexo7vHfxsLa20WSehqVnQG6VkPILfrt9Igs0No1Bw8NBI5IdGpaA3PbhDxbtP+VbktU4gREFNEwOjfC+urVv1cC8wpQYn2qQvINpvk9DHxrTOaBh469xOGjmg+RHLmeBhroEC9AoukhIal86IUkNp8mgIcAg8nyCWW6xlGnDbh/KAo1FY9Do4VyJUzwNQWuLpBWEJDeKN5/rhgCNTzCigIbZPY1VNTSMZMIdt1l8SoKBd0TmhatQaJznvRFHmJZPddHOwSzQ0PQIAhpFVkADjYcW00GDAuFwSAk+Jfn0dUHQkM5W+JR61oGFoUd2LnleBB2juQ/QqABo7GqgYWQ/DbHutV5MObwmNvyW7+651JLjcoHQeKwaRLhNw1MHpDVcDxpNZGiJaxvQKKG2yJBb6cR8OQ05t2EJyu3b1NS7vwgaUkiK4CfKQWMiy9uThPnK6Z8w1U00aujbYIwIoFEB0Fhq1CqR+yZSN/uWRqcui40b8t/9vgKhMahKhF+mifBZ0ouhAw2fY5qkwnu9gEYJRbwL0W4meICYCxqCJmSb7rbr+gR5QGODHUaH+EBXUj/qReTJlmNXlM8YEQwsBDQqABrpDGjsG7jrVxKfGhTT0dt8v96tAqHRQXvL1UW603yzh6OhqelgSXJyRl3iWBFAo0Ry7ivxKVJ+u2cuaDTL1a7EwIueRusE5yy0RqL5Q0Oss42oWLDC19/SB8pOyLxeY3rB0MCUW0CjAqCRaMwGjenAKRtrLBPTXS+2a4xy9tvrKhAaXhJ2esZ1gli3WaJDJskI19wnhqm6AI3SqZM0auw5BetLCqkeRs0FjSn7gJtmoD0DXG0UseF2NhI91K6aPWUUGkOEDmS2lF3pwSCnE0GuEOC5Pckgsjan304ITwP6aqGhrZ2SoBFOrJ6eExeA8YT1fjN772JJ7NR7w4nw2SfWxykFGnQOopimmCazCJ8IBySpIQWtuhia5IGFg1WeDC/97/Ie3SN8dZdMEalNW8wGDcHAtz+ig2rtQxIeLDQzbW+fmfFrRqNroBFoJyImf44exSVokJsn7OoZJc1s8wz/3NyGkvHwbySf00HqA86iQgN7hAMaJvc0dnWhkVjNtYcfm2srzgMhpOidDYcbfJOGS25pIqSPgwYdHTLpSzmmO3rlkSJ0dOHrc2Ev22pjmYNGuMqT4Wfwy5xW5hXuO00IDXvmnhith1n209BAY1G9TwYNMZFbY/K+Ts0aj4TfTyPJ3TmRq7svH2gcCdBATzigYW5PYzUTGjsBuriaPi3PvK3scMHS1pKeGIQGnWi4wEGDuRVWdRvGtotfe+zg99Oo8mT4Wfw2B8TR6I2JYj/5i6GxdU1ur4uphnmEpH2UZtwS6DwZ0HBmg0bzNdZo3qKGZM+1dtqUISbc55PSxn3+zZxhu7o8oHFCJolgYiGgYWpPQyc8xQpvBS/j1DY/Mj7Quu7QUsPWYBAaNPnxmIeG4xlHiCapNbxXWfM5VNBgyXDs3FdSNSfS6URn8Z9bjOopz/zUZiQezPhLv3UtvhIJ5P+hKTQsrcHIVCh3v95WILK46A4VeXeqH8j8qeMPR2gLBzRMC40llgjf1Uap9nIO6fDRTgpJdTZq8CebwqMMGst8wuE6n/uWcho+l3XkGxU0HOt9DBuut6NKda9PxIZt2aGBBkuGHwAaFahiltwWS4f64w7PVEdsbiGy4YCGeT2NMJ2Lvq+OUu2s5b7xOucOUJ3rmF3PD1gpnbXtu89mz2mIlXrTcblu2gEBGl89NC6dHAMagEYl9Gns8cOn0kbSBOEFvoUCAjQAjSLp4v3Pn7GtBqBh5jEi6f29REoKT+3uJBxhI3f5uD1fIUAD0ICgqoGGIxwOO5YSgURibTosnOS+wetd/lPsvoMADUADgqoMGhI7lozuUMF6NDJGCUKARsVDoxUmDAI0ii8GjddhGG5A42uCRmco1AMLBgEapYGGq9sHsw1ofF3QgCBAo0RaWkf9K6ABaEAQoAEBGoAGBAEaEKABaEAQoAFoABqABgQBGoAGBGhAEKABaECABqABQYAGBGgAGhAEaECAhimgAbxAgAagAQEagAYEARoQoAFoQBCgAQEagAYEARoQoAFoQBCgAQEagAYEVQM0LrwCNCBAA9CAAA0DvLgzOWKz2br/9/QqoAEBGoAGBGicigyrTdb591cADQjQADQgQCOr7nTbeJ1fuABoQIBGAdBobRHkkQ6iZflirbFYLJixGo2vJMfGxq5lvy8ifOKg6iAf/fzy5ct3qoOzV/+LF/8u7Tv8Pkz01+Hhb8v2e1uSL5m3lX9q02rkKqABlR0agR210uaHRrNdUA9/cPYib72S8X85Z6fyZ7+vXXg5ojrIRz/W1NT8Qzr4W3ns6XfCW5f2HX6pEXWxbNAo4pc8OfpwdKkgaLgYKHqtN69cuWOtpyfdVwENqNzQ2KlVa7V6obGp5yNs6jsOetDYstvPCBrOIkPjv+Pj/9Ku/TA+Pn4f0JD0bnz8u8Kg0dbWdlIINJif0StT4up7cv7ke0ADMhk09qsXGgN2e7uxRX1oPBLWNhbj8bi70jyNv9TUvNCu3RDe4veyQOPSRUHvTAaN32pq/lnYt/nY1vbRmT80rlDH4ia38opipBfQgMoLDWd6VRGBxhqgYQQarQMzM1OatTn9SyvA09CBhjMbNP4+PDx8Bmb7p7JCI/NLFgwNJ3E1PucNjVek0NamqZe6SdbuABqQaRLhUYEZjRZAwwg09DgifJjDs4FGOT2NM1J5oZGpgqFhuShA4zhvaFA+PNWSpJcEqF4BGpBJoOFMC9BIAxqFQqPTCAYq39MANPLVkehq5KqvVbkVxNGoz8DDVa2r8cp6AdCAyudpNArQ8FQsNNxu95qlc+r5TCy+xZtytzsgmEB3bGAmuSl/u+j8YnImuRh0iudB4W63YMfn3FSB7IuC1uaZlLeJktcjwoeJ0StDZC3gds8rHyMk3p8VGqMHgjoK8TR+7u/vd166/+63//x07xJ38b3+/v+zd34/bWNZHHcrxUgzqFppBY0jBZEWhCBCFB7ygx+bRFSUKAGUFQlqKxA0VCxi24du0gIiVCAkFh52Z3cq1BUvs0/zNpqH/QP3nms7vvfaTpzExiSc7wvOjeNfrc7H554fN0vec69uMrn5VeO9N3F1kamclPTPCRA5WpVuJCbUfYjAap+rg1lt3/CqJv6qwqvFaCZ6UFCantwXaGTJHYS4kUIiUdIeRmKd/OdIVKqZaDFod5MFeAZJ8sDVp7FuHKhUPq9Wr8+CzV2N35tCY5KjQcRicgq0RobXmOK/J4+/9SM0UD5BQ/nieu7UnUKDbI7uaOlLRrRBgaHU1Io6ntZC1DPT2o4LGkZeBzht2w+qsQsqIxD+hd9zWqeCgWByAenNRtCY+wOoHU+jBuY1qeYbZRj7NSvLOemzloikzdArRT0zaV4z8TKvKLX4wqCeWXWiD/AXtaeNVpuc3CdowFVPcCN5Wb6gT6MMX5Vu1auMJ2xuMsM/jdk6LKPaSLzc+Ap+IdQoNIHGMO9D0NmpfutZq3GDGd/BH0FooPzyNCCPaqarobFSN9tGbAGgsaMzIvCV/n6Lse8xr6ABjsd7fYcY+XAsuQYNSYRGsm7RspzdrujjcfWdl7F/yaAr0AhVjP3yhUYn983TIEc64N78yUBRjXeTrbLOPG3MMTQKs8bYYuMrUF2N5lUZP06y+bYvLcLjwyxMlmlXqmGEBsonaGy++eGHN0+7GhpES++/Ulv/jvU0gBlDb98OadAYpD7G1z8PAmRW6C2PQG15muw5SPVVsh2E329tbX1ioaGMwfeAogVjz800Ew2B72LuQCNv5WkQUza/Udnj3uqJTYOBvcxiNa/ZbcqWaHGjEtf5IBWviYAh11QQxVDCn8lWjgzm1EH9Pb2wSHTIQ+Oc+hhXJ9fwvn4banBy32IaxLG4YT+f1V0PgAZc5uHNTVKHhvkmE/AMyBPbU59GUUMPPMO9ykbxhuWqvatRkpzU8n1kpqGeWey0DDtppRuRfZs5LIQGQuNu9G/XizS8goYSi8VS+kZsgIUGnZcaBevNehqBwCmNP0wtgJmGGrz0DqXPse58tBwIt6jTuBQwAAdPaXsTgKyosQ39imHjaavQCBcKBepKBPUNHRpJaLlRyrMzMeqL8AZ1Bw5udRt5S7/PAj4KbWVPnXPQgNf4ON0tBJM1V/Yn9w8aF8yUEmieXLJShwbhLH2SpeoGt0uzOo1FgCq9wlXCnb2GLU8mCDR+kRxVgD9Tg9+7FrlT1NUAfyTCMGMOs6dQvkHjJwKNy66AhrWADVvq5inZ/MJ4GoElNka7BBNW6uZTCDUMeASNmHFBOxycLOUIGorVYM0ongYH5IKz2+xkfpgwJZ41jH2mrewp3p6CP6LN6IeIrxEP2Z3cR2iIh8rUb51CI6c0u0kraMDjOQwZh2ncCex3Qo3mKbeUGmtHzaChehrDtJnhJKbconyDBoTBf5K6HBoaKV4xNnpHTMsdI59fs35IyiNoQPB7ekA/SGDMBWhIdtDIaZY+zxi72foUFDMtU7dtlfrrttRBRXiQZc8ZwwnTyX2EBtwJpDxtJJNwSQq52xoDjazUDjQqrKt2KMvVhpfwP0fQUKmxe+TE06DBDctdEBoIjTvKnfrZ/SKNO4fGCsOFLcbTeMvu9w4mr0Y0vWINvdvQeK+7NFDBsdTk8v/xV1C70CgzpizI2O2suGNNTRs9O6uw37btaawaybpnZyf6hJTVya10FRVVbgEaJdOvo2EpYRr7XKcEBLTDBkM0aNxIbUEDDpbQ7zzTtGrmV0fQUKmx//3793Htryjaf+ol2aDMeITFfSj/oDHwhkBjs8uhUXcg0kZQwzQz9CogaMsraIzpsZWvZGPEs3+6GvPOW+Rf9vkI9I2QFGUwoW1P40Q8ZMXu5FbKyHY/dwKNVdOvCRJqprFDeh7iCIThU0Lthxg2oFFsDxp58TzBZq6Go4rwZ49b0DOsCEf5CI0Rwox/Sl0OjbpHYXSBop7GDrvfqAiNT15Bg3YwfK7NUymeQiPLGPEzw27zEeikaOfKHXsa8+IhF+1O7ic0ajRROaFdX1SWk5IBjbO2oBGSW4NG6Fdn0Oh74pwZL44QGigfoQFh8L90OzS22GgC42lwix1BUtPxIKMRz6DxTvVyUuTPoOQpNIKMFWRmiPiJdpgyOmc10bGnARlTUfaQZ3Ynt5yeuhG13sr0lOnXlZCUMA0WVbxkYepuD9Kobo2bLXM5ZK1AAxIJZrmH2WTFqN+cQSPSgqPxEntPoXyExiX0KlS6HRpLNp5Git3vP2TAuobRdWgo2zTOAkUal95Co8R4GgnDbudML/Yhy0O07WnUjPiAJAIq52rKUycKU69qVj68Jk8qzNxX2S7Fqyk0FNnwVxwp9F9H0KCV4JMOBPstIzRQ/kHjZy+KNPyLaTAAMUFjh2sz4ik0aDAj9nSauTKPoKE3SrriYxq83V60DU637WmU7era7hU0YGKuQnyD84IsF1cFx6w9aIC/MtvSNfwmOZ2d+uZkxxetN0lHY4rQcFFPIQz+vOuhoQcOLoXsKQ4aKdsO5gtG/lWTQafQgLSpTyO2lGL1p3Giv7cLjQNmuihsZ7eLDF1M0Fi08jTKzewp7FTzBBonjP/Uscg1Jw9kuaDsydUrxtq3Bg0uSJNjnrQTKWEn0Oh3nEf7EQPhKF+hMeNJkcadQ0OfdvrAtH0yQWMT6GKZJ3YcCKSdDTqFBiAn/ZotILRVZ3Ua2kxJOM4kLZnsNpT+WQcarCIQQZvMIs6ewlyPZTF0x9BYZSbaOhZUkFShLuUG/hoFJC1AIyqkg503LegzyYFdnzMKvh3s+RKhgfILGsrfPCnSuHtoLFBXY3Nby1qy9DRo+pQRl740+pd/EGPmtoOOoTEiZPV6BQ0tnHvAJiCZ7LaS5CIQhSwb7RBNv6LYIIa3p/Dp2ggPr7oGjazc6REEANKKjLLR3aRFaNSEXaH1VLw+f6Ykwq5AAzJu9x0RYLn1oAYaU4SGe3pOmPFmoAegETgm1Ng8ZfNozdDYhP6FSxQqyswCE26AXVdiQjqA5aBjaChqf92U59CIT2gv1EbUwmy3C/D9ZxoLD58kmXkl2kdJDHdAB8JauIk9hdYk8gU1nsp61agO7xgaCvQMnC+FQiE38jNmtaaCKj1KbUCD9u1ilwyByb49df4uWMvLq65AY9/5pNN+y0ENNKYIDfccjX95U6ThAzQC069P0wEmW8nC09B6GA4tLECnWQYaA2rP8+nt7VPJfvD5EAga5E7TrdFG0KC5Wo6W/usQGrJ8mJmVud4dFnZ7kfIlWa3SXQ1olLTW5vn8PB9VIHuTQS0eXjsE0a6wVFndmJKBXPWQWzmjY2jQyTQqN/yNqF5JkdSby9tBw/ImiUKz+iPSpgJDdBmOfKaaoXV+rkCjn29B+MjUwXaZX47pI0ID5RM0YMm+VA9AY0lfNyM9I9l7GswaTDw0pBnT0hkWgymhNvBtQ2hcBpr3KnQBGvWlKy5CjaBhrMHEQ8OoiWP6RSkZYT2NnFDOptrTdbY22kVodLSEk1VYnRr7K45CFtCwvkkWYnoYvb4Gk+waNNjG5zBXJa6VEdlfO2o/Eo7GFKHhGjOgV+EfpR6AxugXdRmmoSk+qmAC4thxWjP5p+/ZCoqp0SHKEy5fShhsCA1zltRK816FVJMdQSM0H6em6zMzf3JoZbdLdRLkyuzU02p0Ns6XZJP/GCe5fJxpN2JtT5VwNK6b92K24clbjYVf3LoFjZLOyAkufp1oARpKdp46IPUkKkVa19b8k/cW10NuQCPCBiqemVZYgmbo35aZio5dhAbKJ0/Du0PfMTQIDnZejTha5/xy5v2rndiY1892il3bwxtRaEhK4eRkwsm/pFI62ygmJkKu/buTw2TXDzbKhaD04BSeONnYWC85e5LNzTptXav5Ev1QicFRg19AA9KnXiA0UH6l3PYONO6bRj3tVchA4/68KKDahsYcmzwlUkNYdGnOcaIVQgOhgdDoHmhcpgOBbeUeQgN1H6ExyXkPPDXEhfqoV4LQQCE0egoaysypwzA4QgOhoQW31/osqWFa3JXGP/oRGiiERu9A44MaP9SD5LcAACAASURBVJ/eRGignHsabHDboIZ5QfBIy9V9aEwRGgiN+w2NT2qBx5SE0EA5gwZMOT3ps6CGmRnq9BRCA4XQ6Agag/cOGtNLnjMDodHt0Djq17Vs6nGrUWPcxAwaCH8cqf8UoYFCaLSqVCq1ea/u/TKVuryL8wQnJrJokbsYGpPc0kpCRpRKDTMzVGgYQmigEBoo58IE2t6Bhmj++1+qw5Mt/QqhgdBAaKBQDwMa/dYexZMjc6YVQgOF0EChHjg0hOU0jFmoXZ4auwgNFEIDzQrqIUJjOVLXvjgPRZkxrmKFb08IsfGPxi8RGiiEBgr1MKAhLMK0ZmLGsJpf+/hRR2UaCA2EBkIDheoxaAgNpdS5qWG9KoNdPwOXe0X1KDRQKJRzaPCLuM4xqbbDQgrVI8HzQGigEBoo1IODRt83hgxzXHnGMPfpqPXVXhEaCA2cnkKheg0aj4yacMqMHyf5viE6KIZbbleI0EBoIDRQqJ6DxrAexOjrHxeiGBo1husJt9/7EBoohAYK9aChQaed1PypyLiYZQvU2I/UYx+TCA0UQgOFetjQUCv9ljVqrB2JfsiT5Xo5+P4RQgOF0EChHjg0GFejL2LCgjayPN6Go4HQQGggNFConoOGGv/+P3t325PGlsABnHozswkh3Zu4CGOCawuGFLZR2Q1Si1cIXigBbfQirjawtFyDja0vqmDb+BAMidFN1ofeeHvjt7ifcM+ZmTMPSFFwRIb+/68Oh5lhwOT8POfMmRm+fg1gyx0NoAE0gAaC9B4an+hdbd82vTDqUV/r19sCDaABNBCkF9GQuhpN1+19pavBPwENBGigWUGARt2avgYRb4r+1QY0kHtGw24eNBwDJF5WuMPH9SXI4YO6QivJVCqVIitU9e+Fa7Udo86y2ecgpkNjWL7X+fA1d1IfswEN5P7Q2D45XbFa+zcD5kDDzpGMagt3lCFy+ISu0ErCPM/XWOFC/94lz6eMOstmn4OYDY3hJ33N1WCotK4GGlOgYVS8J1aW021zo/EqHk+0f7L78fhI96ORTKVS80CjR9GgK/r6nmzId0T/Fipv21IDjSnQMCjCqVXNitfUaEQ4Lt/+yU5x3FD3o+EjR6sCjd5E4wXl4MkjeV5j48pkt+2x+ORX23A7aqAxBRoG5YxicbKdOzxfoX0NoNEJNLZSqaM2jQcavYsGM4PNho/VPZBveEYygw1StaYGGlOgYVBoR+NMmtqgfHiBRgfQuEWARs+iYZthZijPBn/4XOltvNiY6WNmtKUGGlOgYczgVI4OSjmkF3RyYw1odDUa6Gn0LBq2r6oZRAVp4qLvycPHG8+fPnj5mzz//dimnRBvRQ00pkDDmBxqxqTOlE6H+dDw0JCXU2LBM61s7ZhO5Jfj+wHdpbmj+/mp5Xh+lYkTpPsQGgrS3oFr0PjP7yTv2kLDFZKT1G+dLR6Uy8dVpw6IYuUiWvYfhwal10663yI52oH2EECjN9D49FBrBpu/qMvb4brLqFpQA40p0DAmuTo0zk2KBqfPZ4WHIblmVnXE/UrZblYajlvW7124Bo0faZ62hQbtKIjRTYS7/HLtRFGtLE6ybXlpAmSO12cHaPQOGp9+1ZuhTGFo89h25eLbm6uBxhRoGJQV/fDUdm+hkYiodazZzw1pNjzsBjTmVR74GKvc0fDgBxq9joZtrN4M6oK2tzHz1NZgycbMC6CBdBYNQRmTEuhE+KlgUjRW6epw8nJoQMxrqTYg9iYGFt4vazalm0XyC57V/CxDw0P3Ib6MS3vvG4XGxdXhqd1jkpIODecE2aK0tbR4oVJgcdFydL1a3K3JaAiuCtk1RcE5FuNr8jmI2YanbGNXzKC1z58++HVm7OXG00cNF/rd3AygATQMG5/qJ1Zsrrm3z1YMnwe/GzSEYDA4zQpBe5OJcAdRgftD7Ecl6HyHVEsqxw9lVF7lmkyET7PD04KjVTSS8/PzTl1BjX6dRow6IG4xRzQpuaTBKVIZllHZXVc3vjIR3uxzEDNNhD9q+XZSw7+9wEQ40nE0LF51dV+/wWZ0+oaF9WiscmrFB1IW7x/lIIVXjfa+gsY3cyM0mkWHBmXgozzXXVQmMI5JKdtAzCtoID2CRjv5hEtukXtAw+LdZGYYfReR+0aD9CkirCvhJVbsMzQKQhehsUUYUG4M8pHny2Khoo5U6QI0gEZ7QWMKNIxKYEW9jciJo5fQEAgP4x6WcdbBoGNW7+23QePndyQ/GIVGlDAgX4dbrZIXaaXPcelDTwNoAA2ky9DwiFisHUpzGpu9hMZh3SVV3KxYPUKLkan9YK5dNG4dHRrpuouieHFiQpwd5z9uVZPoaQANoIF0Dxp2dfrb3W+OFeE3RiPQEA0hN8teT3m6AI1BviEawhJ7ORl2oqcBNIAG0iVonNN+BmtkDe9q3C8aC8SF5QFN5Etpc3ll9Ub+/tFIUhcOtJEun7JkPjI20j70NIAG0EC6A40vBAr28CUHnQzvITTeEBUGGm6Yez2yJ6mxcO9oCESBZ403yy5eSGNXl4PoaQANoIF0BRqb2lXgdHzK0TtoeLX3E7kKR6KgTHPc65wGeTH57U194oq/KnoaQANoIN2AhrCpnceg8xt2c6Pxoe71XpPNvVQNhxaN2Zt9zr+ekPzNKDToGm9Xk42PyPu7up5G8UYf8u6fNP9Aaw00gAbQMHh4it3Z1k1vk27m4amCsupbyh5b0PeN5Mn76gNEPnNc5GafY+w6jQNlQV/jOMn7W7pXizf6kH+Lp/lXtNZAA2gADQN7GnTye0W69lQ40UyKmxKNZY4b115HS++Vvqx0JXLytVKjOlTUnsb7a4i5KzToxbUTygVSQkjsdQhOpfNB71O4pLxNp0DKQANoAA3knnoabvEhr7QdzdFOh9VjZjTorULihxbdNAU3JN0TffpDhJO+MTe0KspiH+B0PZPXdIojKHQcDQt9REZJGnJy7qb5ObEU4/3SMvEsnQv36fbld11AA2gADeRe0BC7GoSNzVNxYbi5F/eNync2LxRGtBWFqam9cVoQ68Qlf7NT+bhYFVD3thfErccLhb3OojF4KV5XGy1HxWulJDToEzZKUX+MrhfnyxrKpFumT6TT6SrQABpAA+k0Ghbhi3oXEetpztRoWP6of57G6J52cZ+KBsu+du9A3fM0OoWG+gwmXo+GsrxP27EQovrnaXwzL8XT/AWtNdAAGkDD2Gyz29z2B4w+dKfRsLz5PBvRLdoT9sfZcvABaZzK/l555NJU3RTG6MjQOMddfxHVnwajIVgylzIEpVhGWpMx52e3Fykd6QejhJ1UeoK/9spb4S/0LMfQWAMNoAE0DI93+vz8fM0tWASzo9Hw271JJBbeaKc67MHXq4mErqqzmZAftqftbfh2lpYyWe1fIJnZWV+v+gbb+4z/ih2N/6GxBhpAA2jc1UCV8YfsCjS6L4L6gKW7y0/UjBm01UADaAANEwVoNExVexHtXeUxZjSABtAAGkCjFzKfbvxUPmNDJ1760FQDDaABNICGiZOanJws0Unsi7v+pB+IGX/iHiJAA2gADaBh5rC7nU8m7xyNjQcPfkJLDTSABtAAGuZHIx1zoQ0FGkADARpA47pkfSRONKBAA2ggQANoIAjQQIAG0EAQoIEADaCBIEADARpAA0GABtAAGkADQYAG0ECABtBAgAbQQIAG0EAQoIEADaCBIEADARpAA0GABgI0gAaCAA2gATSABoIADaCBAA00KwjQABoI0AAaCAI0EKABNBAEaCBAA2ggCNBAgMZ1EezmQcMxQOJlhdzVDd7H46stnmiCHCmoK7SSbKVSOdIV2k21VosJPdJILm5tFW++9UWtljHus121Wm2+U380oIF8d2gETk6t1v6Tc7c50LBzJKPaQl2WOW6oxRMdIkdK6AqtJMPzfIkV0rf5wY7IAQZNikQlFgtrXz/j+ejN9yZfPGzcuTjJ4RY79UcDGsh3hoZ30ypnZRto3AoN4XtGY56cesyEaAhAAwEaLSXXb1WysgY00NNoMyly6kn0NIAG0vNofKFanG27A6e04AYa6Gm0lSw58wtdTTgaDd8XGq5UKhVCTwNoAI07iJtSsWYRBIvjhJS+AA30NNqKn5y57xb7G4tGR/9oQAP5rtA4J1JsiiXBu2K1rghAAz2NNpIkJ162mBEN9DQQoNHy6BSbyaBdjWkTo7Gd+LA84vHq0XBMJ/LL8f2AfGmu4PF4NJfUBjye6aZo/Pw7yd/b+ac1GQrNWSzZ41TUv64d6xfml2Lli6OMSzcGXwxH/TvJOjSyxYNy+bjqlF/6QiFfcjcaqw5askfRiyXthuFUqlJVP4ZuarHMbZWjWzuu635QoVi5iJb9xyENV85QKEPeCZEj+Bed6qa+4kEqGju60qcIkxOfU/eek6LZLBMKOS2DRX+0fBzS/RqLtfLu3KAeDcG3sxWtqb/RXCgUUr4G+WFDySZ8heTov7drKVyLpmK78wJ6GgjQuE02NRMZtNdxZlo0hBFOTCSoRWN0SKrlZmUOCxxXULpTbvJGvCkaz3+kaeef1nVSdi7yYiaUJQiCMypV8Wm1jbVU5bolLRouv1w7UVRGgKIlWhH2ifUp+XsMbskbqnO/NZ6fFFJS5WWy+dkXJ9nu/JHqCB1tyl7KJ8Ca+SQ7ef6ZflGFc4JU6ceqaDQT4eTEY075k2qsPRdc8gEvnVo0ks/k/Sd9agcsxX4WepAmSzoWr/wY9CeqTLDqUgY9DQRo3CJ0+tvB/u0m5ROzomGPyzpwkXEVjUSEUyJZMEBK/2fv/F7TWNM4PmdBL0LZm9BmZg4WlvQQVlnOiRfRSLKpCJsjsR5SjBJLlrY5xSxub3o0sUVTDIGsudgmKQiLN6V/QDkX5w/c9/e8jjP+SKzR5vu96TiO86vt9zPP+zzPOy/lrl6RDy/GBw3DDY2WsmP5zJ0tBXst2tms40Bj2/FyUcoaCboU77ZY6qwhBxpq80zfAa+6tsOIQxLyab/k8t9y0H1KUg2ypjkIGqc1+eNTSYeOgpAGjXrMOUydw6VKFsv82zZZPDFGhIZ+6+qINCBA44bQ2NMijYtZhcZ7+uEfr97vMkAIaERZjPHg6etdtekRWfin3NUxQcz98UAj4xVpEOuu7KQ0O7YzdIvKzjkzetGzvM38tbHT5qZmq2f3YKlS4Gvr0vlW68z/SuUdZdwsoGi3WlUNRKfciU9aW5pNetcZsYOXm/uNUzc0KDNq7faq9N84I1Bkp1BJ6pvSnZBNO1o6rJ4iKrmhQaHWaLArF8EPPeVYqrDG2bHm3M1g57zeSjpbmhkJXsq4ZL/MW/qcaK0LGlaW3aJ6vH6S7IJGBpEGBGiMKprHkD19l2R5fvqhYa2srGzIhRUx/8l9El4EntKlHxxoLDwhi/9jgdQmWVqXOe9lEVudkZXv2NKG3BNdWBgVGqHt7W1mbqZckNCo0if/MPX/kFrJhousiPMgTo29YqlRKg4NipotUwYnpZCABllT40/1xBc7LH1BjZcNdRWCYkMBjUNLmOxqv8Epx63NRrlrNTlBdjH5aoEBL+GEMrlExP1030Om1R5osGEuduX8iPTUSxQFfJSKr7QoQQ5tebdEdp3afoccO0/uZckc+G/E1aeRUmGZkU9t9/lLAzQgQGOQKCiuhBlfzAY0PLXpBBDHChqvtKjiDVlekSFJlK97rQ9VeWsoaHg++FLHi3GLrcjHZBZoCIOqyVCDdjjU+LpDBQ3qpzXbMfAWh0ZHOKDJ1sYkcoRhV1SoceogqSa289E52TLvzRKVNHGGoLbktYb0mZ3oZfWOgfVCo6EMfUudJffyUExBY0cb+0o54ViLhWt2rX9CwwcaSY9YYuJTfAEa0LcBjQMKigWV0pgrzig01on/i1T3UwUNEmg8lmNvS2Tte5n85uEF/X7ZGgM0DD9oaAMucYmCpPb9oXRJYXBpBY2KY5fM96scGlVu3jExqEW/JHYbE4adV7s/dbz1RIU5njr0Hr7aD7obvI2EN17Exr39173QMNUXPPahUYPtJB343eoo1nZ5P0tr7FeGrMzthUYwbdyyAA3o24AGCy8u6Jyx0eIsQ+NhIPBELO5JaFhkYfmR1HIg8Ix9vysTGTS98cOA/f7331TXhUbcMfOCrJKqa74WkXwwHaPl0KA2J0pHm03xoBzhT+gtnsANcxiYev66Jp+oTx1SlH29Xhl+J+y5urvB2/bvxNB9vg80ak5pV0begZSWFmI0sGiGQV54s+ScBUtr0LE2a3Ro0Ijl1AQ0IEBjXKHGXPHiNzEF1cWMQuNxILArl2X11FnApSdqJOuRLKTa+Go3tuzUTCkL29G7GWLCVOn4kuX4KYdGxl0pZTJotPmOM4JEJmfHodxlVe7q1BmT2u/fqs0S7sFapZkeEDzkfR/yaYL83BgMjapj4TEZdzXce0+7L7wj95DlFbNDRQwuaMR5huYwZwIaEKAxlqwG1+W87A6fOWjQ6OKZ/PBEQCPqDY0l2Zzx3IlOvhI0TJeFVfSn/kQwmOgKD8QGtnis94JGhOe7E8JdTe6HZf2JOi2gkRgOGlZBHiGxZnZDo9m1YVOGSz1KaqFSP2hEXNCIa3tUfRo594UnukbSgnHjGtAw2qq0d8cCNCBA44Y6EkHGR6M4E30aXjrToXEsoEGTG7sPNL3n39OOjj3DWCF/vJ4sNNq6va4K70xo0DgR0KBESJzoCvlAg1ZHqXcdrUlADA8NYtOqfSIT7oJG91uMCvqBdGV7ujZ8oJFyQaOuQcOW0GAltfqFO95fGVQ+7A8Na0eFbkkT0IAAjZtq6eDyMrpk7M1GR7iXFmT0oEcaL8nKBx4bv+DVubQ292yy0FjTDTzDh16spGgyk6GCLUb2ewplPaGR0+0xIo85CjQMI7/T5p7asQ3fX+X8Zhuv+mSZB0Ijq+1RRRpZ39490Tafvw40aK9GoxpzdTACGhCgcZOMOG/uu5rRnMZyIHCs5TceynGodx7b3n9MezYs/ScTgkZZLxiVieW2NnVIVS539HGZftDoSjUkRUXViNBgCQY2gtP0hwY9XsWLOD0p82GhkdZyIWF5GaafradFn3hHT7nTZguiIaDBwpncatB7KA3QgACN6+hi7C/UmBw0jlX1rLWoSm4f+2DhHdliicYhg18l/ve/Ev1nXNDQntattBzVOdEenxMSGlsehbKe0AhpRU1WRuaNR4cG74Ro+EPD8ukSbPvtfyA0bG1GKafHMOb97iab+n3zxEUokZAZEhqicDcLaECAxli0MTfuPPgEofGsu2XvoSRJYMVjY8qLTdrttzRwvzfr03BDI69VA53ITryCEytsqz6NE31uqn7Q0Bsgcgog14GGqYcSHr+qeaah/edEHwgNViIWcmKkNfmzYG/owBIaKY6OwvWhwca4moAGBGjccFyK/XFU1GYUmTloUA6ss0vZe66g8YhmwtWkIHuP1CUvk/XLcl6RCUKDOSIfnzJLMhVAu6Ez2uwfDBq0EjamxlGseMgXGmvOBBxVlaseGhqWGdIT2oU+0GAdHfKU8nHNzLPXhMahImPYmUaE1lQlVW4lFNcObotBqvCI0LDSan+HiDQgQOOmmv9wRHz17Gr8XRqThAabafANocbesTZhIe0Tf8hbMTbePA6ojcUs6k8nDg3WMECpYXacmiNq+6tkU6uizT1FWzpKnABmI8OMzhsadOdsWMmmyBHTBg4faaSCEf5cn8/oG3r9ikYDGbax3ZB5B9N/aqvB0DBlOVS4pE1YSNFX48cOp2IcCHTKKT6GR08sERox0khkztMq0IjZgAYEaNxEFBbzrBt8rng0u9CgUUVgefc4oM9y+yP78Hx9/ZjOZ+hAY4PPob43cWiwUCOYOOWzmafFwz4vBV0t6bPc2mzm10yymmSFTf7QYMwJlraSLFEsimKHhwYtuColIyk2ZWDV6gMNK8/rcqvJmpOsPvQa7tmqUVF/ZgtJP2jwItpEUsztvuYMeJG11Sq/Iexm1JwoKKWnNYaFBjtMqs3u6QmqpyBA48bQ4CoeGLMLDdbozYFx7LxP48djvbnP2ZhOf+s0dkwQGuodTPpbmLbliytKWiVVqOv1GX2g4byDyWnzGw0aqo8uZPSLNIxwzf3qDTq01ulpl4t1t+dlfKFhq6Prk0rlV/VfS1ColzB1tGG0EaChXjliARoQoHEjfSgKZHxYMmYZGkaURROB3SX9zX3W+2XZDv5AmzKEJstl4ryv/jYuaEibs+Q75Kpa5ad4j1InrL25zzJy8hVFpVTO5v5e8YCGYTRF55ozh5QLGn16G7IR2fZWamnlWnFP1NgNgbfSoakG0Xrb7QZDQ3Uztti2sYqlVw5bLUnRznlYZFsy6naFtbLZ+nDQqG/JU+rsoyMcAjRuqoWN6OXl1cHCV9j1RKFhGGcvNqO9Q05LLzc3n748M6ZFVrpZqIddA+tmrr7f2z8QCtcLhVx+sM+ZuUI9G7rmCaVz9XK5GR5uqN/Mllv7clvvOdFHuxv5Qn3b9joMuaJrz0ybd895YoXjhUJ5mFsJaECAxuD/t1/tf9KEoQFN4l+Ltlz3q2y9bWWHe+0GoAEBGlMmQOPbVs1zTvQpUGXY+UYADQjQADSgiSm/vZ2fwtOyaASUsQENQAPQADQgqK9CCSKW8i4YgAagAWgAGhDUN8YIyZKtqg1oABqABqABQQMiDdFxsmMZgAagAWgAGhDUX3aYaiqT84AGBGgAGhAEaECABqABQYAGBGgAGhAEaECABqABQYAGoAEBGhAEaAAaEKABaECABqABARqABgQBGhCgAWhAEKABARrTBw0IAjQADQjQADQgaGzQePuzl94CGhCgAUGARo/u/fQnL/10D9CAAA0IAjSGY8aw1ICZAhqABgTdIWj4MmNIasBMAQ1AA4LuDjT6MGM4asBMAQ1AA4LuDjS+I2z49S9e+pV88x2gAd09aFiffv/0+UsY5gIBGj7Q+MXzm18ADeiOQuN7pt/TsBcI0AA0IEBjSGh8/wn2AgEagAY0PdDY+Pjx42XXmvtXF/NzxYvLxdvNaZj5Pz5TauThLxCgAWhAUwKNg4s5oqL+hH82P8dVjN4qNKi+EGj8AX+BAA1AA5oGaFjRC4EHbeVicU4petvQyBNofIG/QIAGoAFNATQWZUjRBY3f6OeP0Uv6ZXHvlqFhEmh8hr9AgAagAU0BNI4YMD50Q2ORrjswLGOPUuPqlqFhAxrQHYSG90yE9wAN6HahYVFofFg05rugcUlWsry4RZcuAA0ImjQ03v7Zs8/7Xz//n737e00sveM4fqZFFtJhuxDUMWFsOxqkYYujBW+KqxdbT1PILONC6TEoGkZIy7oXzkUYC8mlF4WdSbJQcpfJTe5CWPIH9jzPc37naDyOiY6+PzdzPP54ssJ+Xz7Pc57ngAaZc0+jcSYukPKjIfoXOXduIw8ahDwuGiPM8KsBGmQeE+FNm4mGb8jqgzO3YXU6QIOQR0NjpBk+NUCDzG2dhh+NognFmX0ghq/mj8YF9YWsEBpjzPCqARpkQdA4tWa/4421NdHXeDtfNLSPm5s31BeyQmj8yaz5P4dOhL/wOgEaZEHQOLFWZ5ytra03Zz4THh2NK7Orwe5TZMXQeBn6zI9iY1vQIIuFRupMXnArpzaKmtnbWJ8zGmJJ+BVqENAADbKYPQ0xJHWoJT/IgSlxJdWc0di4EdtPXV1cMB1OQAM0yGKikReDVI2cQiM1XzQ07bXctXDziipDQAM0yMKhIdaHH4glGmI2vOHfYGQuaOxcbIIGAQ3QIAuKhpjTKL61JsDX5j+nsSPBuH61zQbpBDRAgyzm1VNiiGpoHscX4Oop0c+42KDCENAADbKQaFhr+sRC8FRmAdZpiEtun1FgCGiEoPHmD2F5AxrkMdE4kGZ8SIrjrL06fH5oiHu+3lBfCGgE0Xj6cszC8ZdPQYM8Fho5icahLNhiUjw7XzTC9p764c8iX1N1yCqjMU6NScwADdCYERrymlu14VRKXDwVXzw0/vmVyG+pOmSl0RitxkRmgAZozAoNMamxLre/PZv5foWgQcjM0BilxmRmgAZoTJPkgYjoUMgDSUVS3EbjbU5LihmNtQpoELKgaIy4wd+7L0CDPBQawzVf1A2XTuXxurwF01ttzmjsgAYBjVFofFIopqAxKzTkonAVNUw1TzRemWhcB859J9H4nqpDQAM0yCKgoZ2uy4eNs7g2ZzQ2xNq+W/+51BfCjJcUHQIaoEHmMhF+N6mD09PTYlNLzRWNy8uLj2ITkef+0/+VHY2fKDoENECDLAgaEo6H+NAoaKTURoV3Rqe+EWZ8S80hoAEaZJHQ0BYDjZvboF4vmNEgoAEaBDTu5Pb29U7IVoW/mGb8ipJDQAM0CGhMkF+bZvzCHiJkqdH4OXQnwhfmM1+GPvMUNAhojETjxydPvqHikKVGIzy/GfnMv/4GGgQ0CAGNSTOFGhRT0AANQlYVjSnUoJiCBmgQsrJoRFeDYgoaoEHIkqDx8mlY5M36Qp8RU+QvQIOABiErikbES25Bg4AGIaABGgQ0QIMQ0CCgARqEgAYBDdAgBDQIaIAGIaBBQAM0CAEN0CCgQQhogAYBDUJAAzQIaIAGIaBBQAM0CAENAhqgQQhoENAADUJAAzQIaJBPy+vry4ubS74H0AAN0AANcm+2rzZFPvJNgAZogMbSoVFMJBId34E/2Vqtn3qEv3nG7WRbrd4Ub0uaX0IiZx80p2t7Q5kBGqABGqDxCamcnZ2dBM6liubJ7HzR2IrFYjX7YO/u8z3zdPwR/t+ecTviv2aKt8XNt8Xy3oMpcivAuL79xw4VGzRAAzSmzMGHNTMN/6/a03Vx8i1oLBka1yYat1Rr0AAN0Jg2qaIkw49G86ShToLGsqFxYaKxQbUGDdAAjSmTWV9bC6KROmjYJ0HjIdqpG4YxTzQo1qABGqAxVB+5sgAADspJREFUbQ6lDe/9PY0Tich70Hjsdh4HDebAFx6Nv5gAfPv7sHwnOAl95o35zBPQIA+NRkqg8T6jrQfRaJw0M6CxfGikQONzQOOd6DZEz5fvQIM8fE+jcZYx//Gjcdo4MUvkAqOR6WwZg/owUMzznUS5nOhknBPZbPZQy9T7Rqsz9H5ssqK3jNpx0blqdZjN7pvvT9SMQdf7ygnbKWazGS1eHxjlROBys2G2t2fsnWed63Wb+1YCo4TZXs1o1f0Q7Pf6hrG3Vc/dh8bz3/3PzH/oaSwNGmqw6cHNAA3QmCaqcPrRSCZlIVtYNDoxFd1bzJsD62zVWdBhPtiyX1t3PzWfts7tVqwzXfNB5th6ezFyO4VYrJ9pq7M1z/qJZt96aazdtacz7DO+n//H9tmtpHOydGSfVF/BGDT+/pXIv+lpLBEaU6gR3QzQAI3psx685HaR0XBKbGzXLealtnM21nfR2HVOnttv16vuK3UXDfdTK1HbMdGopQMVXvQUPC9tj0EjY7ivO7K7FZXqnTfPAg3tBjQ+DzQiqzGFGaABGkuJxl4QjZIsrr3unqqoqpjnRI0ttHR1tu6gIap491hWZWtEqCgVSNR7hlt6u6o2t45b4t9B1HYK8gXl3rnsHFjjW6mMLPu1Xj1RdtEotcyk/WjIdw26eqvqNi5P7vY6neN+YaZofNzcvKJYfw5oPEYopqCxbGgMS6VSzndgpmZWzFbKGT1SxVwMBJXlK/bNEl5oumjUbXTKauhN9BrO5SiQ7pyUaJSb9g/8ZsR2BBpVMZuRFENXW9bfKVjZPVQDYkY7aKH7qO4MlA2FJiX15QuwVJNxvWUxZH4JFfugFJ8KjVebm5sXFGvQAA3QWE40QqfuzXKaVocJp5hXxMm4OxPRc9BouT/cD20frHNSgJJ9sqoAaNnjUxHaKThHGcchbT/moCIejUSjab67anUbhuYThtMf0if9SiZH4/UVC8JBAzRAY7XQEDMNXbfGqmLecn6im0nbhTtmS6F6FcfiYNfhQdNy9smu20EQ1TobsR2BRs7ByZJmMLrs+9Do2H+E9fnVlE3OYLZoXF7cyM0KL7UU1Ro0QAM0VgYNUbczbtlWxVzMT2TtmA8KzkS4xwfRwUiJ3//OKwvWTEnXlkJ1MPSI7RQcKcSYVsHho5qcAA1xZVbP/siWNVmREl2W2KTbRSZ/EPn+nlepzW0vtynVoAEaoLFKaJTNapryTG/IYu65TkklZ6HhbNdRVd2CYfCFuzYa1jVTGbuDEaGdgjMmJUa8qs7s+JE2ARp7wY/sOE7F2gO9kpzVF6+2RN+8fEatBg3QAI0VQiPt/JZXvQFRzOPBwqv6CN7rdNuqN1AciUYmgEaEdgruUJKDRs539e0YNI6CH6kuyXIuuS0MKrP54re3b68/is4G+xWCBmiAxgqh0fYU8y2rmIv+QzvhTdNCw57zFnMZ4m3iUiXD+8LjUWhEaKfgLtlw0Mh7Gx+Hhui8+D7SMiJfDjAyizwXsxrXFGvQAA3QWB00jjzFvG8V82QsdCzI+2Pf6mmICebEnReGoRGhnTA04u51VOPRENMk4UNQGb1vrU3Mz+zb3zbRuKFYgwZogMbqoLHnKbJle65h110+50fDCACSC70qKQyNCO2EoWErdS8afXc9YBgc59UxXZYpcsXiPtAADdBYKTS23OtoNWd7j7KzJC+ARsGayx7apbca1lcIQyNCO6FoGO51uGPR6LqL1UOSkgvT77n7xk9/FPnrRF8f24iABmiAxmqhobtrKkrO+omEd7GDF42Ytf1gzzPq5K60GIdGhHZC0Wh5FoePQ6M4ZhzLFmt3/FcSZRsRNiwEDdAAjdVCo1l1VlrXnGIu9nmqOnuVJ7PuNiJl2dVotm0WsuKHuzOH0MyORCNCO6FoDL17H+b0kWjIi2vdnXVLav4iPvT+9xozQ4NdbkEDNEDj05I8EGmYaMgDVQWb4rBoovFBnlwoNGTJTefM+tfy7Akl1m8X1AqHTK9gjffI5wemGs0jd09aMcKUVsW80q/GRqIRoZ1QNLRzdxvdTqE9Gg3ZjzmXH9/U09ZuvPVYOStpy5VDOzf0NEADNMh80Biu+aJ+5576zjUWCw25WDpmHBW8u8/KfQhjBaNstN0dba2FDsZR1bP7bF7taFsuqw8Yjcbk7YSjEZevqBpl0byFRi8tIj5RHqSH9lR4rHpULu+6W7iLS4Or6b2WvO7W7dvMBA3uEQ4aoAEaq4SGVirY69723Ptc5AbeBXIOGjX7te69lfK+5XSj0Zi8nXA0tFztzi0xyoGFfPLrdu/B5Ecj0Mps0Lg00WBNOGiABmisEhpqC3Gxn7jvNqxF+4ZLhX4xaaOxdajOpj1LHVLHtga71kq6ABp6xHb8aBTcljr2tiP2qu5QNMTW6c4tnOpqgHC45dzVqTW89yuNgMa12EmEHQtBAzRA47PJDNAwf8QX9c7dMZtmqa7rxUOnJKrrl3IdPRu89jW3r+v1/eGM2hk3bV/Se/X93P1TS/mO3s1W4r6/sX6sd0q52X79O2L/qauLS5aFgwZogMYKoTFZRl/0usK5VPsWMhsOGqABGqABGvdn4/oKNEADNEADNEBj4jx7fXvLbTVAAzRAAzRAg4AGaBDQAA0CGqBBQOMx0EhQmAhogAZogMZEqVQqTQoTAQ3QAA3QIAQ0QIOABiGgARoENECDENAgoAEahIAGAQ3QIAQ0CGiABiGgARqg8f/2zu81jSWK4764lDxdCFZXSF5UBPMg9UGTEFEpKBIt6G0M6lU0RVJo82J+FWkiuRRCfUnbQC8h/+ydM7vzY9OsmpRSt/l+H5LZs/NrGzifOXNmt4AGBAEagAYEaEAQoAFoQIDG/NAAXiBAA9CAAA1AA4IADQjQADQgCNCAAA1AA4IADQjQADQgCNCAAA1AA4IADUADAjQgCNAANCBAA9CAAA1AAwI0AA0IAjSgpwaNgOkdaASfM8VFQfx3faNisf/Q6SWLxeKlh9xOkj3v2FF4kHZPTk5qjsKvlBl+XLvXbHJvROEC0AA0oN8Ojdz19fVX7brz7fBLa2lp+fBb0BvQCPiZknqBlPf7uw+dXpq1T3nI7aTYfF84Cg/ShmEY70RhV7/zajKZNO5WL58xa2iejmsnk8mZw3Kxxsa4XXtXntm2cfRhP7P5aV0attjkPonCd0AD0IB+MzTeflliasnr+FVrSWg5BWg8SWgkMsyw6eRDY80gJeYIDQpUMaNZQtuGrf0Z7c0zUfM4BGgAGtDCQcNMfbHwoKBxuqQrBWg8QWiEKtxtF7T9pIRw+7OgYV5sWBU1aKxUDKnMq6nNz1TNjTCgAWhACwaNyLKAgxMarcOvqW/X3H4JaDw5aIQLttt+KU3H0pXPgEb5VtJBGSd0fVYrr/OOp21w1Tisdt+85C0ADUADWjBoWFHF1R1oLFMuw/T5Lgkph4DGk4MG34fizl/aMtyZ386GRoIDY80BjTKZeIAR/s5KR1OaEyyO6QzGLitUTEAD0IAWChomQeMq4lvWoGEGU/LcVIrSGoDGU4PGDl/lm9vS1VvQOK5xlz4dGiZB42XZt6lDY1c5+xDraN/9YF6Y3a7wSGSFMPUa0AA0oAWLNFrXEfZLh4ZDlBLveBoakX632a079tgi0ZtiNlbP6bZO6iZbHORMAY14NBo9Vbf3otG06+i8aqQ+bHb7+jjJQazdLN70k3rdHO+oUxo2s926PJu2dzBsNtuxetw5zYMim7rePMCGYn+OXKzYbN8kp0Lj7/9Izx4DjdcEiy17k2rfPu20v52w44AZkUYjs0VO3wGNLY0+1IX74d43MhA5MgQqAA1AA1qgRLhFBFdo0P5UxMvQiPotDVTlkm3yjxQOT3uWqb0noMF+ryr/za6arqOzm7G+3WddGMdVMYy/rWF36PfnfdEX1o2exZj0uaxaVCv2sbDFgo55DDpZ+8bzadD45y/S+0dAo0FL/DW+2Cfr7YqVypYef9bpJ6umAxoUs4ijtu9Yece1NdVcV7tchgloABrQAr6n4QqNwJIbTTwCDeW5u/aWSKAtTf6qqJnKC9Oq2J6iajIWGes4uA8aapwb26gs2jgWNPryBh8gl1c1exIPTWU8j+vQGK8Ke/aXQGOFuXtj2/rXCt2KDIMWJiTm+pM4oLEh3D/TuiO/ft+EiDqmfQIrBGgAGpCXoPHW64lwWrwPxnxpHrWMA+5ux+ORX0UPHVr5V2OloRUBEDRMCjlkRoQRIN+ZBg1rHO7o92ST6uigXorxvk0NGn5myZ+PilUbGhRnVA/6/TEbXkKDBx+jQalLDzHSoUH99Yqj8/yP0Og9Chq7ovCRBwoF/ahtiAjy709Do2CjgPSR+ndtVjGMip1WyRyLwSQrAA1AA1pwaBwyaHz1ADTMdDqdE4V0QIdGiUo3tF638EI+l39uI0230xIkfDmffCGg4TN7zBsHVXZ86JsODR6IxOz1P3n9rE2PTlMRy4IG64xPMbV6aoPg3JpyoCQwVSeQ8Ce6XJXTtOoyNvCe4902/WTPyyEpCw+CRqJWq4UdhY+ZTKawos49bbLrxs9CQ29G72F8cG1m3yxnDGNnIjLhZTa5kKMAaAAa0EJCgw5PtToegMb9yitf3xQhwEAt3Psi1AhSQsPaAtqT0OBbUvanq7qa33aBRlcFCFb+XO3pXOqxwvBOgsUKEUp3M00UjCRV86YOjV58noefDxoP1SOh8VnLY3ygV83dWoXsMGTbMDbMHRH9/LECNKA/DBqRllfeCHeHRloBIkaFrLIFKaygWCKnMtAUX9jQiMioIZDXk+L3Q+NUJdl/+GxgT8uiEzSqji967elM8anpym4YsvKmBo26z3PQoPNYlbBMaVg7UPepQfkUn++CD0MbWZ8BDUAD8gw0OvSBkSufp6HR05IenAur2s4/BRCXtosWnjim3tMgvkSEC+fBQXL0gzp2ItxuHtczIb5OMtVnqmrMGd6NK8yIX9++snTATAdRW12VpqG6vfm+PvzsPWllMaDBUyYF2li6yEyDBn/J4xP/6MjEOn578icz4383B7DxGWJgCgAAAABJRU5ErkJggg==" alt="Screenshot of Visual Studio Code opened with the app loaded" style="width:650px;margin-top:20px;"></p> </li> </ol> <h2 id="build-the-apps-container-image">Build the app’s container image</h2> <p>In order to build the application, we need to use a <code class="language-plaintext highlighter-rouge">Dockerfile</code>. A Dockerfile is simply a text-based script of instructions that is used to create a container image. If you’ve created Dockerfiles before, you might see a few flaws in the Dockerfile below. But, don’t worry. We’ll go over them.</p> <ol> <li> <p>Create a file named <code class="language-plaintext highlighter-rouge">Dockerfile</code> in the same folder as the file <code class="language-plaintext highlighter-rouge">package.json</code> with the following contents.</p> <div class="highlight"><pre class="highlight" data-language=""># syntax=docker/dockerfile:1
+FROM node:12-alpine
+RUN apk add --no-cache python2 g++ make
+WORKDIR /app
+COPY . .
+RUN yarn install --production
+CMD ["node", "src/index.js"]
+EXPOSE 3000
+</pre></div>  <p>Please check that the file <code class="language-plaintext highlighter-rouge">Dockerfile</code> has no file extension like <code class="language-plaintext highlighter-rouge">.txt</code>. Some editors may append this file extension automatically and this would result in an error in the next step.</p> </li> <li> <p>If you haven’t already done so, open a terminal and go to the <code class="language-plaintext highlighter-rouge">app</code> directory with the <code class="language-plaintext highlighter-rouge">Dockerfile</code>. Now build the container image using the <code class="language-plaintext highlighter-rouge">docker build</code> command.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker build -t getting-started .
+</pre></div>  <p>This command used the Dockerfile to build a new container image. You might have noticed that a lot of “layers” were downloaded. This is because we instructed the builder that we wanted to start from the <code class="language-plaintext highlighter-rouge">node:12-alpine</code> image. But, since we didn’t have that on our machine, that image needed to be downloaded.</p> <p>After the image was downloaded, we copied in our application and used <code class="language-plaintext highlighter-rouge">yarn</code> to install our application’s dependencies. The <code class="language-plaintext highlighter-rouge">CMD</code> directive specifies the default command to run when starting a container from this image.</p> <p>Finally, the <code class="language-plaintext highlighter-rouge">-t</code> flag tags our image. Think of this simply as a human-readable name for the final image. Since we named the image <code class="language-plaintext highlighter-rouge">getting-started</code>, we can refer to that image when we run a container.</p> <p>The <code class="language-plaintext highlighter-rouge">.</code> at the end of the <code class="language-plaintext highlighter-rouge">docker build</code> command tells Docker that it should look for the <code class="language-plaintext highlighter-rouge">Dockerfile</code> in the current directory.</p> </li> </ol> <h2 id="start-an-app-container">Start an app container</h2> <p>Now that we have an image, let’s run the application. To do so, we will use the <code class="language-plaintext highlighter-rouge">docker run</code> command (remember that from earlier?).</p> <ol> <li> <p>Start your container using the <code class="language-plaintext highlighter-rouge">docker run</code> command and specify the name of the image we just created:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -dp 3000:3000 getting-started
+</pre></div>  <p>Remember the <code class="language-plaintext highlighter-rouge">-d</code> and <code class="language-plaintext highlighter-rouge">-p</code> flags? We’re running the new container in “detached” mode (in the background) and creating a mapping between the host’s port 3000 to the container’s port 3000. Without the port mapping, we wouldn’t be able to access the application.</p> </li> <li> <p>After a few seconds, open your web browser to <a href="http://localhost:3000">http://localhost:3000</a>. You should see our app.</p> <p class="text-center"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABIgAAADiCAMAAAAS0gzeAAAB12lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xMTYwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6VXNlckNvbW1lbnQ+U2NyZWVuc2hvdDwvZXhpZjpVc2VyQ29tbWVudD4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjIyNjwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgozUJJqAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAh1BMVEXy8vJernK6vb9scHQeISX6+vphanL///9tu3zHztWZnZ/DxMWytLb4+fgxNDjv7/B+gYSOkZSpq61bXWA9QEPR0tOFiY3q6+ugo6fg4eLc3d1RU1Z0eX0pLC/e7uHl5ufX2drKy83m8uhHSk2FxpJjZWey2rrv9vCm1a+VzaDS6NZ4wIbE4soi/wS0AAASxUlEQVR42uzd63aaSgBAYQ4IRnQqmgpqjLcYEfX9n+/Mhau3xCTG0OzvR5dStbbFvWYGMJYFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4EOi0bwF4D7++++hNnbJZnurDo3YFQBC9F7r23RIjoZGXdEEcBd1C9FDcpvx0KDLvgAQonuOiaJWiw4BhOga2xsMiEbsCQAhusbmBitEDIgAQnTnVaJWi3VqgBBddxT/BiFiRwAI0XUIEUCICBEAQkSIAEJEiAAQIkIEECJCBIAQESKAEBEiAISIEAGEiBABIESECCBEhAgAISJEACEiRAAIESECCBEhAkCICBFAiAgRgO8O0Wq9Xu9O/lwf142rW6auu60+c0OIAHxBiJauqOSlHCJxFKJl9a5b+xBZg0Hlm/Vng8HsI//Q7mAwiNjfgI+FaCVrchicq0O0EiKpaYhsz5uUS9T3vOFH/qEtz/Ns9jfgYyHaqhC5m8+FaOO66/qGyPO/NkSdic+OB1wVIqFDFH8uRPt6h8hrf2mIAm/CjgdcEyI5lnFlRtzVp0K0dUWtQ+SNvjJEDiECrgvRUo6Gdq57arn6ihAtaz4iKi0TfT5EwiNEwFUhUkvVe1WUcnI221gst0kRot1abdnvzoRolQhXbDeS2Z7sl3E8Tcu0m06Th9V+KZZqw0q+ULxNflyIvN7XhWhGiIDrQqSWqncPSWW5eqpXjVyxzEK0itMt8ckQmeVuzZQnvRMnaeqsxNUrUXs9ETS3flKIeqGMSOc4RFF7GAa+rQdLw+EwPaovhn52dGwxHI4PQ+RGHRmiuRSZhy/6YdDrRNkz5J8z7wfBsCvvDfwg8DnUBkIkTFpEqTC6OsKsYQtzbF7fTOt0HKJ9JUQ7oZNlqV9X2ekBqU1+K/lRIbIcWZH5YYjSsZLnDOSdMB80qc1RNgfLnlWEyMvpwsyd8r2m73kL37yqED3zO0HEborfHaJNOhQqLVerm7G8vVtmIVI3tjs541KJORGiXaJGVPtESjeu02HUMgvRMjGv54qNXns6eZTufiFqjlUZutUQ6UwEgfp1YPLj6u1BXpWFfFLzfIg6WcyCUNWon4Yo01e3daZCdlP87hBls69iuVoNaOK8M+o3ZWVE+nvxucVqN1+sTvKbOzPwUSGaZvfNBHD/xhnZ3x8iHYywEqKFaoVMj5C9mLjNrulRU9/wgmx44x+FqDuTrzCZSZac3KnVp24apFkWooVoDnSLfNG0euVhFfAbQ7TK+5OvB62LeVO6WD3Vy0iXj5oVIZoWo52p3rjKB1txvuZ0+nSBe4ZIj3/6pRAJJ5+ihbowQXrfTNgsddNJ23SwWG0Xi9W9rFnqZXsmRI5ea+pk5VN/UIf9FL85RNu8CNkcTW0S1cP3cTqiuRyi7DwiNWjaGOYS2aI6xbPPnMp9zxCJiSxDqwjRIp+KqdGLX+RFZsk3yRkXDzkTotIiUnpMPx9EjfPTKP3qmd3ArwtRaY06u7ksRjRpiERxkOsdI6JsYdusbS9rEyJ10F0vQqchyg59SW09rInM5Er2JhybwUy/dND/dIhUbdIXmZtq5dWx8rMo+ywS4XeHaGOOj2lu2ovS+CcNURGZ94yI3Ir9uRCJHxeiZtvTi0FpiEqryp5Zkw70FMpWuZGzKdFsyjHU4nKI2pUXUZmrhMicD9AhRPjdIVpWq6GXi0rr0UWIrhsRrY/WoeowImo2h/ry1zRE6tQiJ+U5PROMQG/vqke29RBJXA5Rp/QijqPO3iZEIEQnlqpFnBH50vTR1Exsr1oj2r4jRD9wRNR01YH5djEiOjjBWoXHsnSNxuo5dmVmdm5EdHCONSECITqxVJ2UryxTw5STi9XLh48cNavbiEinxgvzNaLDPMipWLttaiPnZm5YmZmdDNFIbiNEwMUQiUozdmZteV2cBxQXh+9NSRLxdog27sHcrD4jomZ6do8O0SA7Rl+QxfB7amamZ3Ht6szs7FGzASECLoRoc3DNVxocNUVL0g5lJzS68U7fOBsioZe4V7v0ChFTor2I6zUi0kew0hBZ3tHcbKZPhNbnBc31zfLM7PR5RMHh3IwQgRAdL1WXvzQ/McvV+sqx5TQurjXT13osl/kB+RMhivVzXCu7pCPebqfCPTih8eePiMwatQlQJ78Qdh5MomxulsXGOfg6tXKI2uYAmcqMOn7f0wOrqKcvWSNEIERHazfT6ue/mIrpCCXZRa9WumW5PheidXZVqxppifww3LRuI6KmvvxVh8hV2ZkMO8NJ/l2yerzUzUY2B1O3IkRj/cSJl4bHc/xOXwVuQohAiA7tj66BX2dXwAo9ptnJcY5Iv1JIb9mr6/APQiRKr5YdOdtt08FTcmGxOvmZIdIVMVOybpifABRa+dpzUKwmVfNR+apYL7sgzR0W5yKNCBEI0TV2yeEPOlslbz6l8pwkWdXnGxoraz3tYm3INkUJ82c7xYGyyeHP7BDFXC3SCfNNveb60nsvsN10JDXMQxQRIhAiftLrO0SjyP3A06xR+WejWeOZYE8EISJE7AgAISJEACEiROwIACEiRAAhIkTsCAAhIkQAISJE7AgAISJEACEiROwIACEiRAAhIkTsCAAhIkQAISJE7AgAISJEACEiROwIACG6e4j4PiCAEF33/ZBfHqJ5q8ueABCiayRfHqJRa8SeABCia2y+PERRiyERQIiusrVuMCQaUCKAEL3f2rqBeas16rJiDRCie60QpWMiAHdTtxCtrRuJRnP2BoAQvX3cPtlsLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAMD2+6W77dte3Tp8bYzmd/1Dc9su328NbJt+/T7enp+7lc2jJ6f/8xu8c56z8+vn3+Vt/4DgH+R02gElc9to9G58PB5o9F4uesbbp98A758X48nH/+30TgIkXzo+CYhOvcWrvJ4+T8A+FdDVPmgvhGijnx4I9Kf56e/g2+Lz8tT93KIXtT7mhMioL4hagyuGhH9NXO0RsP+rjcZpvE7G6K2+ls0QkIE1DhEf2fvDVGxRjT8xhA5b4VookP0p0uIgPqGqOG8O0TlUcq3hejpjRDN5F9BrRJ1CBFQ4xA1/KtD5HxjiP68ESI5OmvMXk93gBABtQhRKD/njfZxiNo95+k17ETVz3wQqIfOFvID3mtLZvPCnzw9hukzZ0GwsEZ95+VVbRj1Xl9ew2wZqtsPHp8cv1iVCoMgD1q3FwSjw5frjtUKkC3/qMG5EL2oMV2nulw96gcvT0G/FKKB7/x9DNtHIYo64euT08vexSIIR1Zkh0+PxRuzxvJtPwbD6r+FfGbvVb7kohSiWSeQ7/zgiRN/YV456BWL7v+3d249ruJKGEUkT4CAcA03AUL8/794cJUvZaDTMy+nR8q3tDXTScA27PZKuWyz85zaNSeNuiELRAS+XESR6uhpdxJRv3Os9Kzi0ygpoj6nmahD5vpVueiYY1hTHWmFk4y51k0f2bSuAZP5uTh+ns/Flbau/QcRxSTSbJLpal3/c5+MiApdyngSkVIq18bvHkJrzHtj60IuuhdeEBibM19WRKbaRgun0Ff/zI+SejlDWfFptowog4jAd4uIV+FknohW6kGVP26zIoo8Ec3KLlU5qJedHvxM9Oc5KUlMVJYKCmZV4FBWIp+zit450KKmU3H7ryIaeSYvF+nqkE7YWAOFzmkd5WkP9v6wTl/oFGthkU1Sd+lq/DqVpSpNmIh0OdFhiRaRI3cDXz5ETQgclzKIBna69qFM3ZwfRAS+VkTUYV5SRJnSQNEGGX1j92cRZXV99Mp3fcA9clIn9QOnvTvKf9fBTP0wPfquCotU/uQQWKrOiPdRlqjNUvPg6lTcXKtB13pU1d+LaNaNr53eMlJdFmQUjxX6w+pwYRv5IlJRShpnQasCpi0L9FKpMm6DeuMAjd55tRypVW50ttNFBstxWJUZEY1HWXGqq0h0VDc3rKbQLZV40LWp2h+d1mENEYEvFxFFKqEQ0dumjeZUTqppEQWUQA6dP/jHeaLu1JmIQL3mYlT3z0xtPomtaqSg51IcvSOT1YNfwNuYZbDZ4reOwA5N6KHZUbPe2JF4InrYUakKzd76cx5ZrdyytpLhyttloV6xPbHWIuLjFr4B6sSdY7SIjlF+5FCp46KP2vVSzZe5y+X/cRIAgP+WiKivT70T0aYHQroPzZ9ElLvZoobOdung3Sx/7Pmt3ZOai14eJrIJb4rzRVRf5qZsW982XS2az8nqzo0wvWT1LEaeO8dahWmzOTdxWazwtCEmMLciYZcM7q5uHADpRHab0pkvU1RElcxulqA1te5u4gCAbxMRpXKH1opIJHFEb7kXUakGJExOgyTX1XMjhIwLUUHDfu5nEadLlEequ+J8EfVnl622rbMJSTLRfJZJ7GzqiWgVlk04akuciEqq/2j0phtU3M7QDxwnien7gpJnkRhFsl47k7Gq6DZSyKXhyiksrPFrCb5VRJR6zY2IevddHgSTXIlzI6JUJmmVJTwRaWuwiHpOA+f1XY5n4/58Kc4XUXsOSkaXozY/yuaziAo9v3cWkXjfpKiEiHZq2Og1KD0lqNbwXV1EFJLfRheXUXaMb3cZWC8WXskczTVsZQC+U0Qtpae1iOKn6A6bnBa/ERFNDFmiTyIK6kFPgC2iDTzdFethy6U4X0SHF19njT31wWYCSzafRfRydvFEJN6nD8IbEZWuggMZjiWjmZ0/iYjTRoNwpg63YvbNcddHnVVyJVdm0IbfSvC9IqK07rNmEdVycWAqM8w3IqrO8zwfRBRk4WM6bW+j2gr7QJJLcScRnXj7UQW5YBWuYRFFP4goEiHOwnFUcRMR5Xc1zyzVVC0SuI2IZEbMhF6U+O50xFb89TNVAPjPiYh6T7WRBlqRF8q81TM3ItqffozyUUSqwGQ4LU5S62s6475LcZ9FdDQ4Lffy+HP8Z+NCusvQTAUkdyIKTWpGx1HtTUQU3W/dUMudpibO7FzaJUfUiBNNJluZLzPJo1XUDgBExDQcUySBXfdr+ufySUTNeUL9FxEdKir9jLPSwcMkVC7FfRTR6j1PqdPp6qebZmcRrW4FjyeiXrTrxdHRJSIK9XKiayhW8X25iuhB11CIE0sxNZjopBL5HnP1APgiykorotFNWe96vd5VRInTSPKvRKTigvEU1tg+eSmOROQSuK23UWz0JbVzunqzY56QRTXbxc6kW1dEZe3RTtzYS0SkljPlt3eusffkHcjp+4XT74tdJip8eTR4sDd30IsoJX2L30rw1SIKOpvu7dRSaPVtnjW+F6yIKnJJP+veTxLJikot4PtZRGu+GuN5Cxtp+mgTMpHFmT1adaYPLV1XVYKRSku4tYVZlFiYLR6jvows91dWK1Hl6si5dMuhfRHR+gLerRqXVS8USNdGO+O0iJ4jtdcsyc6NfurKGmcVO0DoxYOCpuXB19wOWFkNvl1E/KTDRMcsz3R85dvpYdBWRGoL2GOkhcELJYmbKE+fdvXgrYjUsr5HEqsc0eTNUasP7GDqXBxPpI07ByCVJ8a3H2kFWUrNVf97buMjtXvNaio036fzXjN1HVv+GlMTvlyGZkG20TER3YxRVv1a16gSs2Z0GE2l0U1Sq9KPK2loq0sso79aBHTpGDWlefJl8UQCG3y9iAL7eLHM7Wsd5zsRhfpT1b/sBnaOLn4U0ew2sJ6+9RuxB/9cnE1e0Ris8pJCm5h+twOvJeDtXmSIXB9uZtemePNE1LplQrwB/hoRBZ1rd2lvRmtaWTUuR2SqNTORg11+FEqB2SRY29iS+RHgxfN8RQB8h4jep5yLdkT9UD0tLX1lDPb49+Sei9E29D2fjrXJEXVGRKMVkRqVJQOFJI/lx4TLtTjzXJCy1qrcZpk98tvX68UGvYp90keohMlHxEoKVb4oYXhpppD0UT24sizxBok6x1NQu6ddppYX0lP6avvJiCheVLWTWzyeRXTiljuZt94C0SDeSV6DftbRXJ3+QgD4etr10yLfrF5n+ar+ZyuC+/j6fMT+8m9wnIpr69oETP36D2e8l+XS4J9a2K2//0tny9qfK57Xdfm92qX+Jf3crUsr7nmPXzwA/oRcbIYAAIC/YH5iyzkA4I95YaYIAPDHqMn7ArcBAPCX9K/XG1uuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgz/gfbuESUjHNjIIAAAAASUVORK5CYII=" alt="Empty Todo List" style="width:450px;margin-top:20px;"></p> </li> <li> <p>Go ahead and add an item or two and see that it works as you expect. You can mark items as complete and remove items. Your frontend is successfully storing items in the backend. Pretty quick and easy, huh?</p> </li> </ol> <p>At this point, you should have a running todo list manager with a few items, all built by you. Now, let’s make a few changes and learn about managing our containers.</p> <p>If you take a quick look at the Docker Dashboard, you should see your two containers running now (this tutorial and your freshly launched app container).</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACBoAAATKCAMAAADCJmWFAAAB2GlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4yMDc0PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6VXNlckNvbW1lbnQ+U2NyZWVuc2hvdDwvZXhpZjpVc2VyQ29tbWVudD4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjEyMjY8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KJ8dVcwAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAAMlQTFRF8vL1WKjvEpxWHx8gEnfU////Zm1y+fn6IYvq1dXXpKWlptL5/Pz9jIyMpND3mpyfg4SJhoiMfYGGcHV57O3wjJGUd3x/r7K1qKutAStYk5ib3+Hj0NLVvb/CGX7b2dve5ufpAjRqxMbJtri7LS0tyszPYGNmGBsePUJFRZfjVldYzuX6HIXlu9n1S0xMAAEE8ff9cLDrNjc44+/7h7zsk8XzLYXWAzVsndK5Mahsp83vTmqIdsOdv9/RO3iwUrWDXKLiAjBiqcLZt6zVewAAIABJREFUeNrsnWtr4zgUQBuoZwrJhj6gH73LwgaEYrDw44MDxfT//6i1ZcfxQ3IdR8046Tm7TKe2U7WZNPf46urq4e9/Pz+zbFux1v/XfzSsm085z3nOc57znOf8nZ7Pss/Pf//+5+Hh8zNRagUAAAA/HKXiz8///nmIV08AAAAABav4878HngYAAAA4oj5RAwAAAGi5AWoAAAAALVADAAAAQA0AAAAANQAAAADUAAAAAC5Vg/TjcNjtDoePdPyxrq8DAACABapBeti9vb8+P7++v+0OI8Hc9XUAAACwRDX42L2/NLzvPmwPdH0dAAAALFENPn69vrR4/WWJ5a6vAwAAgCWqwcev5yKAP788F+hY/myO5a6vAwAAgCWqQbrT9/jPR8r7/J2hPsD1dQAAALBINTi8tQN5cbNffPp2GD7K9XUAAACwRDVId2XyvxXL9STA8Dbf9XUAAACwSDX46N7k17H8bVAd4Po6AAAAWKQaHN6bUP5a/FfH8vfBDIDr6wAAAGCZavBaR/LX51Mkf3kehnzH1wEAALTZ733ff9QUf9nv72WsG1SD3akwoBXMn3f9B7m+DgAA4BSr60Ddxt/f/li3rQavndt8e8h3dR0AAIA9Vn9XxL7mWIMMxfU4OxdinlBo3eW/vLzaJwocXQcAADAerN0H7GuONWHAbxeE6T+QuQyxUxswUl7o6DoAAIApsdNdwL7mWH/eC877iWyLF19Pqw1HFyU6uQ4AAOBpUvD0b2+shYjBdDkYtDx66bchsLQycnkdAACQMvCdJ8YXMdaCxGDqj2RolPzSjeTvtgbIDq8DAICfbgbTo9v+lsaamqG4ohycqQa97ZDKLsdTtk26+DoAAPjZ+G6D22LGWlbKYGLiwLQpc73kUG+GNLbZssPrAAAAM7hOvL7mWGdlKK7H/iw1KGJ5eZ+vM//PfxX3+LZI7vo6AADADK4Rr6851uImE6b9TA+DWL57f/nrpeL5fWeN5K6vAwAAzOD74/U1x1qsGXzxMw3U4Ck97N7ey0YE72+7w0hdgOvrAADgZ7L/hpz4rLFEnLqtRVysGYy7wYMpmH8cDrvd4fDxRSB3fR0AAGAG3+oG42bgeZFTD1mwGYy6wQMvSoB7YqsRPBFwQ/jfMV0+Z6zY8zyXUwr7x0WzRw0AfgTFXU/JimcC7t4MZsXr8bFS6WUOPWThZjDiBqgBAGoA8AcZC6BZ+XLO3E0pfBWslRc7nL4weYifx4EsfyoZxMJf6pQCagCAGgAsM2mgqtezcpY2+CoWC7sa+C5+MJF5HTKxTDdADQBQA4BlJg3i6vUcu0obWMbyW2oQOEtRDAfLI29AlC9xSgE1AEANABaZNPhaDXwXY6lQnNIUibPKhv5gaeAZCdLlpQ1QA4D7cgMNzwPcdNIgD9RQDeIgv/BW3jiWKG7lm1RB4LXjtFD+/LRBf7A89CyE+eLSBqgBwE2zCjRPif6wfao+JWsAt5w0UHXtoaijqb6rz4xFB/6FY4nqVl5U/Y5iLxKdLgdyftrAN5ZNmFFLSxugBgC3rQbVW0v9BieZUIAbw1p8KONWyV4WS0sMvWys8hcmUpEXHB2h9pAyZqqo3+XggqTBqBn8UTfYowYAd64GgUkNVKh4nmChGHL8uT2Cbrz8ghmFvUkNwljHbdmMIauyRBUWltBbN3nOjIJ/jhl4G7WstAFqAHDvWYPi3mfNEwXLxJDjD8ZiaHDBjIJp7iLVB9tlAOLxMcuKWB7G6WM6f/ZikJwYJ/xzqxhRA4D7VoONSQ30/UrCMwWLxL4sYWrm/aKxWo2VTu5R/BYF5lg9N0MhuxqgCuVIVbcsUS5qRgE1ALjzrIGk+gAWy/6rSN0ju2CNgmEsXwzGS+u0RX5ZawPfLjuyPud3hSFe0owCagBw51RTmdJ+gZKT5xu2krIF+HY1aE0pREkcJ5F9OuEyNVBh5PfqAOL68+jCrked2NvJD4TNLEXaPe4vaEYBNQC4TQJZkqyKPyIZia3+GIioPBqtEn1WntIKnr3XQfH+NDHgl1+LZx4c4o91OvKkOLUesN5Z+3PH0i2Igm6ALlTBj+xrBiaPtbfXILZ6KiUTVyn4Is9FZRT5xHpFEfuXzCigBgC3SZWMXFsmFKr3nKilBslKqZWwpBUmliKgBnAVNagz/EFz9ph7zxyqQa6XIHhZ0AvPlZdsAndq0G2PLGzViZG1J2QlL7Kc49h403onBl6OGgCgBt3Fi0M1qN99YtQAlq4GormDP93hR4O4eqkaZGUSIhisf0iPf390pSG95QliypnuN7qRcZxIfT6YWK4YR+klxQaoAcB9Zw2eenVcCWoAy2E4/R/H9U1yN1JWr+xNWJxWM5cN9ANiLAalgKJV5yCmLvT7Sg16PQ1yawcHZdkMsq5OSK9Yh4gaANy5GvTui1aoASxXDTJrfj2yLlOYrSE63vbWP4jxQD1HDQLrIovsi54Nozs++aOfTjyFGgDcmRqEJdvVRn8Ua/0hEPrDZpXoj/IYz1vvPk+oASxXDczlev2SPYdqIHprB05ZhFjvVOYgQyE9y7xBvxGStNRktlVIVsak5G8vjAri4pmRjyKLvOK3v/106c0gjKemCA9qAHDXrFTnjam7hnFlUANTA4SVUQ2+2N9R0EoBLlGD2N4IyaEaKMPCxZFmA3PGsjU+FIOtGC3y0i4bCL3Kk8Ks/M0OYj0FosIoyKS3SdupCl2ZYDqFGgDcZ7iX3kxaOQOl05zRWrTUoD62bQf9Si3K67pqIGTxFqf/Vm1803Q8CEr/qI5FNGGEhatB3JnB8MMrqMHGS4qwLZLh76c5cMv2dpBaDUTVBKHOJwT1t5m1ZySOamA4hRoA3CXhPC8I16f7eHGyi+SoBi3j2DYWcprhjTtqoEvFShs4tXuNmiTENmw9CGCWGnz/hIKfpe3p/rw7iBLFb8l3qIEdc+BOZWnebTVQlROkXlhZgDymF4ZqYDiFGgDcJXO8QK3a+f1VOFy20Dm2NlyXnNSgsogya9BJwKrBd7flXwvG8C8vQ5zf8qjMyEfGhYvlq1tH1njm4kWXalBWFnh6h8ijGsT19/V7U1mAak829CYUhqdQAwDUoBPqjzmDUGf7Vyu1btSgOhYfj60bM2iOyUYNkuZrajOQxRVxdFz+UBc1FC6igoB/LDgrXH+xeNEzLF6crQaBZ124WC8XcKMGhvm/MAgMub+RlgUiq/deqCcUomrto+x0N4o8f6AGhlOoAQBqYFqyGPTzAsnwWPkI2ToWRataDapJhmr6oGwoVxcZxPVqyVP+AOBsNbC0PKq7F4duWx5lKjIvXPS8jdKRNXAwVn+T6SDXZ/088KYsXnxsmkUnze2/9DKRKlkF/uAoUSY1EBPUgMWLAPfA+VWIvYUJ7YJE7QHJ8FhQXbfuP/Bp25opSNoWEFe1BZQYwHT2Y42S5aRGyTO3V4qrr6ZamxtF/a7Fg6zB5LHsLY9C1d7eaeImClWOIGrUIK0KhvNH1AAAZqtBN2mQdHZbqsoQu8e2Oj1Q/BkOnEK/mcn6C0Yd64i0UAxMBOBMNTguG4imbK80Uw2y2jzCJiyrQZj2xaMDNRD2bshiSqPkYwD3Nic1kDLPRccCUAOAH05yWdKgVAvZjfdJ75jQOiH7NQqrvmqU796yIdJCMb2DEsCTZbneGZsyzxzLF34rQzFYuCjSS5oh2rdXGlmSGX2xl6KuLKjUINv4/YrDC9SA7ZUA7gF1phlsVgM1aIf8oxpsu8dUeSwxq0G4On2+af7zjmpAsyOYc3tt6R9s6TJ87vS/pbChMgJhGHXYQnD6WLZNmSPfNProfEItKWm1krJSg8DLU99HDQCgG7jPoX8TL7v9ko8a0Du2MqtBGJerFcImudAlQg3gLPajXYgMq3BnzyfYZi9UlY3ovJgDc4L/jLE6qyRDu9qchCT0bR2PZJYkwe8qZVKpQa6/4iZKUhdq8IQaANwD5xUbRP2HB51jSsdy0zFpql8sPqybL1pOViRtBGoA5zGMVMFoQ8/58wmW2YtyvLQzapgX4VwZ2gzMzYbEdrNR1saL7aYG5W+cOjUoSJNNFASBDPUcw6Vq4KMGAHdBfFYTxEGgVp3VhVLnAFQnolfH4n6UP/Y1kMf6BWkQD9QAzsE3lOKPkM+fT7DMKBR37nFn0Kr40aAG54y1NxdPCOv2TiNNDfxUpJ1vPaoXcfrRF6WLk9ijBgB3gTirD+Lw8WFr6YGqVyi2j8XVMdGuYCx3S2q6IcpWx6OmbCFWqAH8z9699aaqxHEYtkn3ZEt3OlaOETkEwoVRk2Vae9Gr9f0/1YbhIFKxotZCfZ+btaSsjpCVzI//HOhs1fbKo+VbbfT/I38rx0XjCW0jCuqtxbupglu/fNK/qK39APDl5uZ/OvTxf6txie2nqHSGf4kGwO/wdHoyOLRV8fafaqei52LD4/zYw+5YeV7xZoSnLGPs3qHwWmSCpZqtpaLDstjOgGiAC8sGKht81HpU1W9+HEoG/sVtNZZHppHkvfgOrxe15be+4PG0ORRHvFVnr/95vzgZ+EQD4Jd4OHsKYq546+J2WasrHDq2rB9b16JBsVFSsZnicpufsSUa4Bplg8e/6019kD4fht+s/z5e9CDfXjbIwsFis1m8++t8qsHj4/vb4qK2Vo8dssF/XZJBtk+y+m7vX7xQ8fzxBKIBMEjP548m7HJAuTvbkWPLvTkLtTcvlpsp11/A9LrYRYMF8QCXPso3osGpT7xntrXrw7dXacvvkA023Xrz9Lb8p/YRWfvfUzQgGgDD9HrSDMT2Vxlsyy59+XDisYUqVpTzEVYPZfB4agxd5NFg88RrFHDxo/xX0WB1xbZ2kyAXV2mr2dTf1vkGfzpPGHh/+1ivP94uH01ouyyiATBID39O2ARxcew3bJ6Wy+X2odOx5+Wuw98siyzw8JaesH5bVMfVK57fKBvg4kf5zeFlCWcXDU4oG3y07EroX9zUe8uqzPU1evjrFg2IBsBAn7S+zga84wiDzwYfbS9VOjMZfJ0N/hweTzijrdWxyY61AP/4k1ZEA+BXWRzf+OhpwS3CUILuVbu1i9patIwnnNPWgRSyaGzH/PGzwaA18RANgMHatE44eN0SDPDbs8HqO9p6X2+v19ahCoW/eFurVJ8NwvmP/UwGRANg0OFgfWBYYfnMMD8Gxr9it9aftlaPPbciGgC/08Pb87KsHrwun7csDMBdZAN/CG2tBpoMiAYAgMFlA38Ybfl9TgZHrotoAAAYWDbwh9KWP8hkQDQAAPTB6hqV8N615Q8xGRANAAD9yAYndqP+akht+QNMBkQDAEBP+DcYTLh5W72ci/hF4iEaAAAGUzi4Rsngxm2telc4+PLCiAYAgIGEg+sFg5u25Q9pMIFoAAAYTDi4bjC4ZVt9KhyccmVEAwBA/9PB9XPBTdvqSzg47dKIBgCA/qWDle8XvWn6l9Vq+G31IRycmnmIBgAA/FQ1pH+5gGgAAMCPVENuGAq61kKIBgAAgGgAAACIBgAAgGgAAACIBgAAgGgAAACIBgAAgGgAAACIBgAAgGgAAACIBgAAgGgAAACIBgAAgGgAAACIBgAAgGgAAACIBgAAgGgAAACIBgAAgGgAAACIBgAAgGgAAADuMBqMAQAAKkQDAABQjwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4RCRNSwhzFrvcCwAA7p1h66JizrkhAADcNU8FAzM1UeFgZnBPAAC4X06WC7w8DrielX6yAu4KAAD3SgqhR7XPWQ1BJxsAAHCnNCEm+wMIwSTNBowpAABwl7xPyWA0CtNsYHJrAAC4Q4Z+qEAQ6EJE3BwAAO6PczgDxEJY3BwAAO6P3jJyYAnxE9sbRA7FCgDAcITnbBToaXGPLykSwjv4g1gIrevtiWLHsb3xJRMYY+nx/wwAMAzxLH2Q1s3O/bzs9YQ+KcThnjzoPKIQydIF2YBoAAAYSsFgVm0jHH7VuznJcKKB2frt0kvt9JsSKZ0oCOae5lA1AAD8esZUCBm5bpI+ZVtfZIOJcM6IBkFw/PM3sVq/ndlWT2ghq06dAQUAwO9nC1GMJHhCON8QDbzG/oOBLm7SR4pj0aDLPERXyvAK34doAAAYBlPo5V+nYnr9aDAXQui1TlG97+gWKwTEtaoGwecpBkmsaXF1EWESO5rtFTM5vTRpuZGj5T+ee47mqFOzaBBEdnpiyP86AECPTXY9qDvPuzMjfrH0qcw/jE1zFDgvInZNUxeWacq9aODapm7JcfopMqu5CtK06wFC1NYKeNkneZvMM2kNDZ3mGoRSXV/tgJ3PSbTzxDAv5yjmN0yTxrj8VJ6pqWgQJcWJY/7bAQD6ayb0xlOsMSmmJaqBhkToifoQFEen9WjgWvnBJA0WVQBw9/caqmeD2yWDrDZweEWm23WFgiO1vd+kSccdGYEm8wAUapFrqBRg5D+dS2ccpodGhia1uWu4SV410KSXHnXTX8dbHAAA/RWnnf1efd8whS6jsf2Sd/BpLrB06UWBMR5PhRyPg1qfP7UsZz53LKG7tSUBdmOD4l02uGEyyC6sdV+Dbl/BTR/0a6MAidTKakJ9EoVRVAM0KctloJHUdv8sljLaOxEAgH56ySoBzrzqzLXymT/9QaCigV72ZJ/mGhQzDAM9qyWk/X5YnNbYUsgrsoG3N7bwzVqLA1bn7xA62fBBcRcMrezZY7m3FYQtkyIalPdSytpiz7g6bkv2RQQA9JihqSEBXUaq5zKqvQJDPUsCSbWC4VA0iKq+381eZ+QVfXLzqTivFshbJgM1ouAdLhp0f4fCOAsHWlAUC4yyKLB3O+K8x9eqlQjh3tKGuDqbtQoAgJ5z7Xx2wTTr0RM1caDoW6fqc9AeDYpOMlQhoVixYB9Y6OCV2yrdsFOci8ayyVFR4RDn7O/sejIvAgRS2jmtGFkYuYkXZx+LaFDev7GUe8mhbNYjGgAAei+MZLaocKweqstHXSdb15jsPn+OBlUGsISt+uJQnWWP2rLBTfvEmRCT5oQ/Qz9w8MR75Ejpqr0Rd6qKgtQcWUaDsmZSTkpo1gqIBgCAQcgGFqZqDmHVmWVVgaPRYDaqCgwzFRA8NZ5waGWAd/NkMDKsNAYEn2oGIjj7DmWd/1xqRmWk1i7GgTGqDSiU0WBONAAADNssSwHxbj8gJ1v/fzQaTHZVA0f9AzPLFoe3Ggp0PbjxBWVBoL7dkmFn+WRy9vsi7WxMwG3sgFTNLbCb0WD/TKIBAGAYtQJ394gfZdsURru9CmfZfL2j0aDcOsjICwJBdu6krTYQBDe/OlUksOL8EgNbV8ng/OWTqndvrD0M1ShDngka0cDYW91INAAADEJSq/Lb2VBAWM3SM6ysD92PBlojGhS94Lyo0r8Iz21savCz3GL7JtM0879YQXz21gqGJou9i/ajQX4T5p/mGoxsaR+LBsV9Lf9gHyQAQB+EupiWywymalWfWc7r19RahXo0aOw9nEaD/N+mISKfoBAL077VlkYn8iyxo2d7G8uO2SCJiqpDsY2hIaWtbkk4z35QbJg81j5HA1fKOPtZOD4UDZz8Dy9PGuPrvMQJAIBL2emTdLajgZEUWwGFlphG4Wjs5C9irEeDtFP1jHo0sISZGEZilgsejfSXiaRfF2h4M/1/9u6sxVEljsOwTEFBhMFEywU1KGYh5KIvctUDM8z3/1anVqPZepkzPdv7HDjpdilNpuH/s6o0LhfU/uTfmA3MXYtxWenS75+XbFJAbG5WtCHA3LGw2VRJOVxFA7uuKsN3KMyjQe9vcIjdiMRm9nwkAAB+aTbQBT0930BgB+izUD6n0aC1Y/WTaBAPftPQcV6/53lCP1/Ttm0z6+54QzboNv47koYQi9Qmtgvc05N3sVvZXEeDqLHfr1Stb/Ua+O9g8OMTu3HOAgAAv1jrx+NXoaR1tU0L7osFp9EgGtL51yvFkekxkMU4538n5zMVf1NvHVPom65RF0uafvKLerTvve6Mzr+4nbueP0UAwO9CLdZDN69ai3sF7Wq2nJpuunv/UwN+62wAAADeJb/zUAOyAQAA/6L1+aEIZAMAAP5xKi/k+dHJZAMAAP5xvam1f9Bze8gGAAD8VGrX/lkP9CMbAAAAsgEAAHiQDfimIwAAcM4GJAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAHWQAAAIyIBgAAYBoNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJ+g3ezMS7NZv25DAADwV1DJ7dqfib15qcT2hQb8hgAA4K8Qi60iGgAAAK/6O6JB3zYP16u2+2v+ybpW8XcLAPhpVLWL/oJosJPJ43Iq89c11DRv+/jKj59psZINf7cAgA/3j0aDRqZvOm77xu3/D0uiAQDgg/RD995o0O/mndzN0Lx8tLBLO9tZdbuLfbuXG/u/okEpN49PeulPpazc72n1ng96+fgNlRW9BgCAX2Ws/Wp1EkJs9911NFiKU9h8I8TiMhrIaHXQux6q86W3aepU+IJ/FOHK+rN4co0WUfykN3mKo2ix3+qfjr7VpjbLxTZ3+x5EozJ7XsnHRINU9g/Xr0NZLpIf+NDXLxT3x43TawAA+Iho0OmSfDrqEr+trqLBQohwLS1dcZ9Hg73YHo+6wBc+Puhafjia/+3uRYOnRGyfzC5le9Lb6mNvG9+aPou93jfz0aB60gvMltndt6AeRgN1JxqoW7+142bq9sa1L8vdreOp++3Pl9XT4n59pO5+zlH0GgAAPigaHMXJPOCg3/tugdmAwjHMJ+i3IrmKBsItWwlR+W2eTNdDexAHdScaCLFyB9tubX5Yb32u2BU2TiyF2LloIE4mlajML7iulXEqi3oRooGqllIuq1Bud3khZboZo0Gfpzu3PJNpbLfq0nU05NKV20QO5mWhV2epVtst6kIfwqxvV1IWaZqryq0f9N7uvSe6jUwWsetzUGVqN0zTyUmvV5k+l7gbWzGdJNVSt5QvpifSjY1rpd52FXKZOcSyIhoAAF7l29ev334gGpRCtJHPCPuraKBruatGsdj219Hgc/jpYF4KcVIhR9T3ooGLGp0IFT+d90aok4h9NFiHBfWt0290MEiSNKtcNOhMTtCVPHWnW+laXK+yKkQDtXJTCSqZ1Ukq095eoleDrs4re5QsM6c+SFlvah0eKlOeh0zmcS4z/fmYhXldx329Msep2xA5sqKUq8RECPvWl3rXSqeDpDwX8VgfJNG5pR1bsR0AaZ3oxNBNTuTceKRy8+4K6d56Kc2J6C2IBgCAFz1//6R9eX77De8+Goz9AmE2wSwajIX5KGR0HQ18pdoJoUupEmPHQurmKNyKBv4RjCdxnHdeBEfbraCjQUgM+zBcMZfIWrkM4K7eZeVKvy3YO1mYt6J6Hw10pS3dchsKYrtPJ9OsDJfl0gaSTJqYtJD2iH2WLeyqdNqZH3opQjSQmYk4KrXRY+MW5nLyoMleZuaYqo0mrUQLe37JxYmMoyM68CgbaNZ2vUknUVdIogEA4LHm65dPwZu7DnxNPp0HCoQoL6NBtHQluhlr+jQajHMUt2ZEYXGeqLgWor8TDXxxewpTCPSms1jjk8BhnGJw+x7JRmZut9RW00Gu3PKVHRhI5difb0q4TgZuHsXS1WyVSRsa5Dh/MpcL26hLIYW9mPf9EXrd8CgaVKGW27xi21/LSUfHbLLDxXX/zp72+URC433mtlvYOyQTv3pNNAAAPPTt+6eZ78/viAbqPNEwcj0E82iwsB0CUX2OAZNoMA4FHMzQwuZc5Ds3XHArGkQhGny+iAZNLo+nbZjTeAjr70SD9eT6+lyTzfLYXKgXs8pcuz4BcwGvfLXf2Yqsxiv71FXifBIUUulGWkpbme9GAxeHFrbI526Xdjb1MZvcFnkRDZQ90fOJhMbXoQG7pvA7KaIBAOA+9fzl05Uvz28oHa72+9Lvy3VxFQ10ec/sqtWNaLCf7ZmchwaU64C4EQ224x75LBooae56fNrvTyEa1A+jQSXLaUbwNdlX5Wlp7mRdhl9bM4BvFNJOUBwfWlT61mxvgg4KtlRL6TZe2T6Au9Gg970Y5gPauAwSmzDRD0anj5rJouwvo0E/lHFS+2iQRvNoUMqlO3YmO5MI/OqCaAAAuNdh8PVGMHjjuIIr080LvQZRab5qob16qMGNXoPqQa9B8VI02IutvRVA7+OjQfIwGozdBIOtpmkomvahhuvJPYCdLKT0l/ZrKTNvM+vpDw81iGU+9IMbfujPGz+MBtEkGjRZVnZNmWWNySGGiRxNnOmY0U+jgUp062me+2iQX0SDZDx0thiHOXiuAQDgnufvnx74/sopib5Mi8dzDcxExDJahUmD82gwn2swjPc6XM812L8QDVp37LHr4sVoUIVe+sH3GvjoYjv2d7NeA1mt/f0Du1lH/7kiL8afYlPOs8r1Y8weqPCqaGCnCkq5shMXNqX+z30iapNKExfGVlay7qLzgMJlNKimj2Y8n0hKNAAAXGvudhicxxVe1XXgy/R+eodCex0NoqX+/eDuKLyMBmFO4eDuUNiOgwD+KYr78baGwwvRIA49Dmr7umjwH3v32tK404dxPFgYSGBJm5kcyIGExMiyD/aBjywovv939Z9TTrZqdL1Z7vX7gdV2m0yqFn5XJjMT33Vv+t5j+7VfJYX1/RBs3Y3duMDtfRLaVSDwe6s46/vQR6uRsF0+AAAgAElEQVRssz7ivmhQy6gfr9VvVdr9fCut7wioXokGzWbpIzkNRZBEAwDAhcebXZ7fvxOxL9PFal2DX8GVaNAebsfLRQ1cNPADEPxKiXK1rkHqEsJPX78P70cD9y7Kw75oEE697KmtonN/gJ03qKbBgVPd9XMLdbWvr0QDv6iBLcmrlYpKUWyigdt1GsdwPRpkp1cjnd3At9L7RpoX0WBpXK5+4dNcyJBhiACAzyYDnQ32RgOzGqI5ZzarIdbXooGJDJeLGgTb1RDt1YDq9vDb1K7wp88Iw+FwtN/v34sG4+Fgy3N8uzMaBPNKBTYa+BUAdK1NXJ/CyZZWNdXd1oWFXiQuM7XritzP5+i5KCql5mIuXVCo7DvzQaHy0wmuRgMls1Cp7QWdrlodxLeii7x5f5V8EQ2mxoNIlO4HsEsxisx8UynRAABw4Wa33dHA3EPh593v28NtFFyNBvqU/3JRA7vhj1/+Ngf+DL7RD3/fmTWOfQe9jhv3d7/uzZ0T3hmGKMwNnvSWd+nOaBBKkeZ5KdzyRUGXmKdu6UK/mGBRZuVcd/X5eWdLsyiLIs7kuiLP0xvMEotGZgcC6IAhUr3x0a5yoDNI2eT2xD8xQwiu9xrkdn+ZDOv+jbQYCv3OwlUrZtXEIRZRto0GU+NBd9Q/QB6VdgRkUAoZDVGWpEQDAMCnosH58SPRIOjcnRenWyBeRAN1f2VRA7thHSRm15/RUq/NzRTv595w9cM9V+O7kxeP5r6L9yfV7IwGQXXSRTjplT/lr0pTk8vpyLkZD3hczUOI3ffeFv8kX1XkbhmBMEiZapkbMxi0J1vo3eQCU/XldNzhejRoS5Ho/Y+rxZSCrrRxwd0uYWqlSk0CGYL4RTTwjZubMbgBjS5j5dL8bKogGgAAPhwNzOSFKnj+SDQwJb15a2zCsvzQtQrdd+unqm625att2n0/mqq3Le3Yo93e8bDdHLlr1St7ta8dJxaN26ecVk0IqmVjvaMfShG+UqFbcap8T8H6Coyqwkq9bEW98i6WxrvVXvqn4cMPAPhMNHgIHkwq+Gg0eJM+r/8edUnN3Qe9iD7TQDHNdAiOouPDCgD429HgfL65eQqebm7UrmgQXb9McGm+AdPwY+UfLH3hfOuDXDSfaSAVPkMpmfFZBQD87WhwNqnARoNuVzQQ27shvxEhpqWUs8PKP9iRoKToTRd+l7sxix+WC7eiY32aL0gAAPDXosGzefVhdzQ43rqJhW+q+0HezjMX63xF/YO/3VoKkZwSMU1x/LBSCJkepZAFH1UAwF+NBk/V8yoa7BqGeDj8fP/MODH9A7/Ut/n1qiFO07gIP91AWJRpGTWKTyoA4O9GA7MW0tlFg9ZEg8f3o4Eod9SvQd5ldI0DAPB/Fw2UiwZnFw3aPdEAAAD8y9HgYYoGFdEAAIBvHw26TTR4IhoAAEA08NGgIxoAAPDto0G1RANFNAAAgGhANAAAgGiwaN2tE843j3YGY/dMNAAA4Ft4fGXJo+muSo9mySO3bDIAAPi22WCOBjdnv2oy9/AFAOB7qB7O16KBXR/Zv3J+fOL3BADA9/HwfDUaTB0GDx2/IgAAvpenx/PlBQWLDgMAAL6lbtN18PzoryS0we6b/uVlWcbFYLevy+lmg1Gkv7Rl7J/WZWs3HaeXc/tyr7/25eD/cyinraM0SdKifuOovTtqN/0YeXxM4ukOz6V90TQelrPt7Z1UnianqJofxz2fBQAApq6D7VWF54cP3Qs4FcdjIoU0tbURU4VNElPihfAFuRG13TTzTWepfdm8mgvh80QsXJlPhUjKNBHyjfeRi+RkjuraHzORpaX+4tKEkMdjJkTWBmOiSWG+RptkkIhjkQppAotKRRonYuCTAACAK5NBu7qu8OErCakt6KOU1ZVoIEW1jgZSxFeigUzUKhp0mYjt82p8q6/C5ok6EWajUEi7bZ25lCFM62oQie9EEOpy98Hul9rHjd2IyRgAACzcdYXzQ/XhPV000MW/uRINBlt852iQlmK8jAaDKFbRoNx1/u6igS7uJmucprJeucP5g8Y+l8zRoJ0jgv+vU2bey9EmEhHxKQAAYOXp8fHhM/v5aFCb+n4RDerCFfopGnTSXVLYRAPlS3skbHU/7jmqjwaBOAXBKKZBCjoN1Es0yEW9iQaj2Xi9u5J6x9YHExsTAADAn5p7Deor0WBUibnQMEWDk34QXUaD1sUB22vguvf3RoPO9BoM81F19R/WvQZqEw36JXVUMu2CoDB9GKPfOxaKPyYAAF8VDbrEDBq8iAa9/pcu0SAxm9cvo0Gn/+VTNIhF/YFoUJggEU3jGE0XQDRHg9AnhDkaqH65XBJmsjj6oZPuGkchKv6YAAB8RTSIoiiVpza4Gg104W7W0aCygw5fRAOVmEsKNhqk+qlpycw37N+KBk09Dqmt/n4X14tg/kNkURSnIu620eBFA8JtMPhgkS8BAwAA/Ek0yLLMTwa4Fg1UJrtVNAjsoMMX0UCf4Z/mXgM77mBIkkzkb0UDI7PLKcTL5ILKDkvUL2RyGVZ4JRqoUg5VIbKQXgMAAL48GtjqPL4WDewowX6JBsFJn54nL6JBYIYr+rEGUxP129GgCacJB7mYpzmOdh/TdaAS2b0eDVyaaGWyjDWIGGsAAMCXRYPOrU0wzhMPZTpHA12H+3U0MIMOL6KBGa5oZyj089n+O9Fg6f7v/RyDOVjYqwrjtIbCtWggU99TEAahf89+OCUAAPiCaBAMto53Uzl2wwF9NOikXEcDM+jw9DIamOGKhWlJZVPH/u5ooLJp3UTl5ka68YflNKDxMhpUvulRNHqf1O2a8rcEAODLooFKbEV38w/M2sPhEg30aX2yjgZ62+wiGgSR3siV6yT8WDQIGpHaNlTpDuiiQXWxGuIyQ0Ge/DFb03XQBpsZkAAA4I+jgV93qJIibvo8cVV9iga6OK+jQRAKcRkNVCaEr/qizPsmL3dHA13ds6hpisxfWRDT5YJhEw1W6xrk4pTXQ2o7ObosG8ZCnBhqAADAF0aDwK2B3MVSCHEag0006OQmGuiifRkNdLjwLbVpZqYfyLLeGw2CMdWHlanfwUcDOzciWK+GuFwzaMwhpLtVY5XqhzHJAACA/43uCyYBdm2lvv6w7bpN1XbLY+YtAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MfevbUojsRxGJYuKDDQRHOURDHkICEXucjVDMzQ3/9bbZ2iUZNWe3ZnduB9FrbTWlVRe+D/S1USAQAAAAAAAAAAAAAAAAAAAADAnDUAAMAZ0QAAAEyjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBHravyiVb71GuimYer5lHPvDpMfgAAgP+5jegetjmehNLfPxGK06O+O1FPfvzLdh5/QAAAfn806ESdbDr/fxcN1kIwFwEAwG+PBgchFtYN/s1ocPDutx44ClH+fZ94vi/4ZwcA+KujwfvcWsK/Hg269n7rYWhJf/Xtr9Pod3/iO8lUBwDg744GoZD/fTTIRXu39Rts5W+fdyAaAAD+jLzMbx45Xj8SNcebaJCXxW0P3eQkwhejQW6Gvo4Gg9llsdTOPwcC/yoaFM36+rg+ava/cKCfuSTQxPZnGuS/MMqCYpMTDQAAf0IqhK1BpRCBfaizZTyXgxBiSFwRbUUehfqR+nwu4aHXDcLofYwGUWC6eOceK181OR23uqGiegpRrcbdbJaiQbTrat0+zG+jwc7scjPX7uB2IprLln5YmiZd44ZKVpV5+rR38wuiee0Ty8ey7Ce/kroeFPeDJBoAAP6IQoid2QiEOShX9VYIvfxeqSrfdvp/jSv0qiwPna7F4XhoLupOtejHWYOjqrn9qRVu8aAVTawGHYKq72tR932fXkeDYCka7NTI/UmN1kZX0aB9V4/r19Tl9+2yfjA76deXLXOaoW1Sr22P3tfvS73I+vggGkTzv1VjWQ6TB32iTwatpsU9um+TTaPB3ahEAwDAf6cTiSvkgy2SlRCFigy16HXt3LeuPqtiOuiqHoWumO5VhS70vIMKC50bqteH4rtaeLaHKvtutv+8oPBUNIhk5V6JfxUNVCqJ7B6TuXbZeRnhsrXaePpFrge7GzOGfqCs7QNL0SD3EymTQNF7jLxAhrF+c3lmHy4q9bz6qXKVF+jU4W1WxyxRrdw7PmxCGer+k9Mc93GoevvNZRT1QVex6rW1ywtbb7X2Q3nYb83zZsWiUZ0Cz6WDXO0i8AuiAQDgCT9//Pj5hW7vtoo2og3Fu50+0BcTJGKw1UhlhMxFA1uOosE+IF1mWHkuGhzcgfhqY/u24nKCwWvR4NJLXkcDt3Ch9nicaTcbDVbjFMdwPUZmB12IBnkot5WnirtXqbdyDOTWy0IdRPaZ2s6yrPBUdVc/K32AvzeH+VUYZH4gpXlpnu6qCny8258HLaXc+qrQp5dR9ARAkukYYj7ccHsMw3i7rtTO4izzzARBqEfVKUL9lUK58bMw8YkGAIBHvn28Kd+/vXx6XWlPNngX4c5eYNjrhBC5A3ETFQYbDfpzIdbH7IWwCcFkhc7Welf+1/ZeAa2o81+LBu4khks0SM97jGfafRYNDkJEdgy3/8a+74VokMnUzJDYaf2tmZ042t/GI/ZIJmNbGw1Ml5Uv9cdylHZ+Q05v8hSYhqt1MRllldupGjtYGCaZ/Qtu3YJCY0OBZwaKEvNColgSDQAAn8p/fH8bvTx1UJuTDXqRFuZYvDB1XVX39aWoFqbQj1MAtpg3lxadrcyDcOcfRvb8hXZS9L8WDXwbRy7R4Hg73FW7z6LB3r6LyxguEyxEg8RWZt+U4saFgEp6n0WDrd2RefhgM0Eup68znPxysyQQSakjQegGuUSDjW2nQkqhR7WJKCcaAAA+8/Pj7crHt5e6mzK71pWz1zMFqanDlT3I1o62eLZ2ueFczNNLC2migQoEtSNM21ZsvxoNIi/sWj3OTTSIzi+hm2k3Hw2q5NQP+ioFFw1Wz0SD0Bz0q6P+1Byyp67qbz+LBvaNqSIejR31L5NBY+lHC9HARYFQNtfRoLCzD7pvo5PKYXyWaAAAWBB9+/525/u3F660N6vwmS7QsS64iSnV/uX2Qu6KhXZcP3DFfNLCXqGwvkSDuo5ND/+L0SCr9XUF3am/iQaTPbYz7eaigb7Qom67UzdGg/qpaBDb2xhtTKmOZexrsZkDWIwG5TjhoIr5Wpo3V5owUWqqTRHI0DveRoOoqXZ+FrpoUFxHg71MzK59s5Swlftxl0QDAMD8hMGPmWDw4rrCUc+x93oxwEwdtGZZYDcza+AvzRokJhoUl6pvPYgG/WI08IVIzGJF/PmswW27mWhQ1qIzVbR8LRqUMqiKvWfn91VFd5LPosF+Eg1UH29fHAITLaSmw1KUJmpjfRUNUn0hQxyP0eB6FmF1kOd9V+dlDj2PQTQAAMz49vH2iY9nT0lUYSC35+S1Is3tYryqpOOZ9edzDa6jQTNd+XfnGvjPRIPxYr56MRoM7tpElTkWzjWwZzzetpuJBifR208hfS0a6KsJlKywZXo9eea5aFDEun9imlap+s/NKZTq8XIyyk4GzSUK3EWDRk7Ptzy/EKIBAOBevjhhcFlXeG7qIBGhZ4v7RiQ7W1Sj+rx+sBmvULiOBoUYzzpUT7krFE6Po0E99srFUjS4fE9ydxsN7N2Z9KuLZ9q5CxSnW8N4vkP8YjSowqocv97w+lLBJ6PBJi7L41w4sxcjjKO4ayDchMBdNMhlMOl6XrSIiQYAgFs/3p7ycXw8VKpvaWCqeCnaxB2Jh5P7GsRz0UAfkLta5+4VkN6sKMxGg37cCBajwXG8cLK8Ow2xGyu/nuS4a5eepxXOW+NVEsXwWjTI5e7yy+Hq0H3nTkqMxjMEZ6OBLxfnbEwDN0rhLmHI5V002LvG+8lfyl0LGYVEAwDA15KBygaPx1LH/4P7IoVBbdnyntei14+tW5cR7qJBI4Qpf4dhLNkn9/0KUbVdjAYbt6KgjuIXFxTcrvUZhDfR4PpuiLft9sJ+LcNk62QXRtadeC0a7GV8jKKxugdjGihMUNiOJb5ZjgaxLIvoJh3YtJKHyWQUe02CvlPBdTTwXTYpZXA8dy5Cu5MdFy8CAG69Pe2JwToxTgAk4nyq36F2X4gwlKvZaKCre92pFr0/fodCZy4YUH3axWigD9/bU1eLMFyMBp7+OiQ18JDeRINToL8Q4fwdCrftdBAYpDntcNxSGUHtrhe1ejuvRIOVOVVAhrF5cq1vVZx6sbk+sdA3Skxzc5/CXXVYiAZNaAZIdsVlTDVIlWb2iH8cxZOhX+2SbXYTDRops0NqMoLMdjs/MZ9fJaVqvQ25GyIA4EvR4PuP56LB+/nGhpW4fL/yOqzNFyu62nYfDVZVq7+IURbNP+zda2vjOgIGYDMLghgWN74l2AkxyWY5nI/7qYWW+f//ai1bSdPrNHMG5hzyPDCdXGxLaQp6LUvyeafuj+mOh3/mH0aDbBfiFn80WfHx5MV8usNj6OtX0aDI8ljA/8r63e2y/r/x2IfLR9NdGP/z53HMP9dEg2MZlk3TlGHuGRiKqaXvphP4Yzs+XIyn+kV86f1oMKxDO+6/HAPAc9dBPh2knFv1dJQ6jwmkqLevokG2iq9P/QbltNfqVK8QlruNaADAtdEgTl7os+9figYfqTfbH6yPUO9fj2Woj9vF8IOdFtvhRyXvth8Nkhgui3yz3bDf968e9fvF1Z98G/K5iofzMINh0Z8b+T59xHr3US3bai60fjFWIBt2FyMT01HqXf/B7+C07fhouHi59ucPwPXR4D67j6ngr0WD27U8LT1Uv5gh8GXHcJq9sT5NKgCA3xYNHh6+fXvKnr59q/8p0aD+94XV36BC57sdbEL3M/uvwmmuRhN2/loB+L3R4CGmgikaDP+UaDD860L1N6hQE6bhg/W+enE94MsWoV3Efv++eDHvEQB+RzT4Ht+9/0dFg3p14fh3yCplCG1TVqH9ycsBcRDhctmG0BkZAMDvjAZP/feLaNAba/DT9nnXFOv9Tzfs/apounzV+00C8FujQVwL6WGOBrsYDR5FAwC45WhQz9HgYY4GO9EAAG49GtyfokEvGgDAzUeD4UU0eBINAEA0SNFgEA0A4OajQf8cDWrRAABEA9EAAESDZ7v51gkP3x6nGYyDdQ0A4DY8frDk0emuSo9xyaN52WQA4GazwTkafHtIqya7uQ8A3Ib+/uG9aDCtj5zeeXh88nsCgNtx//3daHDqMLgf/IoA4LY8PT68vaAw0WEAADdpeNF18P0xXUnYZV++Z+Cq67pifZi233SL9Gqejz92XZGebrrdtOnpjsn5ano73rJ43x3Si4futHXelGWz3nxS6n4udTh9jFVxVxarVOluejMefNGdrV7sfxyLaNL29aopi3T35H69vMvTAItFMVZi8DcCwO11Hby8qvD9/qpbCTfh7q6sQhXb1m1ILWxWlrGJDyE1yNuwmTZt06HbZno7vrsKIeWJIszNfBNC2TVlqD6pxyqUy1jqfPxjG9qmG3/MaSJUd3dtCO0uO5ajKsSf+cXedTOWUIzbD/OTpijDFFB2bTW+Xk2H2Ye26KpSNgDg1tTZ7uK6wtVXEpqpQT9WVf9ONKhCfxkNqlC8Ew2qsr6IBkMbiul5f/ysr2LKE5syxI0WoZq23bRzygjx6PUhlKkTIbzJGKv9fJB8+rmdNtpNNRwPMJRt3H9KBYuq8xcCwC2arys83PdX7zlHg7Hx374TDQ5TK32OBk0Xjm+jwSGsL6JBFw5fKHWOBmMoiFljGdIlgH4uLhVapFxyjga7VxFhCMtYl7v5cR73X8/9BfvzZ8mDbgMAbtPT4+P9z+yXosEmtqpvosFmPTf0p2gwVPMlhRfRoE5Nex6m1v3uK6WmaJDFxv0Yzmf2xVROigarsHkRDY5TErjsL4lxYJeCybLNssO8Rx0PmPY6Tn0KAMDVvQabd6LBsS7jhYZTNFiOD/K30WA3x4Gp12D1taY4RYMh9hoczqWODfnhstegfhEN9q9TxzrW6pj2jluvUxdBO2aIZZk6Ita+YwC4OhoMZRw0+CYa7Md/zXM0KOPmm9fRYBj/rU7RoAibK6LBOgaJ/DSOMXYB5OdosEgJ4RwN6v3z5ZL6uC/adjtV7ZhyQn8OE7EHoV2mnoXCdwwAV0WDPM+barnL3o0GY8O9vYwG/TTo8FU0qMt4SWGKBs184r6N8w33n0WD7eZ4aKbWv3keDjBML4Q2z4smFMPLaHBpCKN1rPMhBYsYNrqQPlOVZVUKFqeAAQB8MRq0bZsmA7wXDeq2Gi6iQTYNOnwVDcYz/OW512Aad3AoyzasPosGUTstp1CE850e+ukcf3yjrcJ5tuJ70SDr+82hnFOLXgMA+KXRYGqdjx9Fg2mU4P45GmTL8fS8fBUNsjhcMY01OB1i83k02C5OEw5W4TzN8TjtE0/067IaPosGU7N/N25zGmuQX4w1KO/OYw2GkPuOAeDaaDDMaxMczxMPq+YcDcYmf38ZDeKgwzfRIA5XnGYo7M9N8Q+iwXl8wbjL+vnlfYoGY12KH0WDaQ7DItU5fo5D6n+ItY8XFbLYn7HyHQPAtdFgbFRXWZowMDf/+XM0GKrqMhrEQYfL19EgDldcxyPVbVqN4OvRoG5P6ybW89zIeXhAdxrQ+HE0WI9RoJ4HFUz/7eYip5LTGITLggCAr0aDupxa9CYtDNDMixWmvvp9KC+jwbht+yYaZPm4UTad7ZeL66JBtg3NdIy6mwuco0H/ZjXE8wyF9Hxoq5QPTjMgl1PnRxerNEyrJQxt6SsGgOujQVp3qK9Csd2vytPZ9/7UOF9Gg2wRwttoULchpFY/dKv9dtV9ORqMrXubb7frNl1ZSJMK0nJL76xrcGzX281x1U6DFIa2PRzXYTlfEVlu9918mFXo9tu7sPcVA8BPRINsXgN5KKoQwvKYvYgGQ/UiGoyN9ttoMDbL6Ui7po3TD6pu89VokB2bsdiqSTukaDDNjcguV0M8zUPsu1jLkLbvm3Hf+b4N8a4MoU2R5DBWozz6hgHgrxn6X3CMXV//+mIv76Ew7IbnJ/XFvvXF68Pg6wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJu2AAA4Ew0AgMtoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB/9uBAAAAAAADI/7URVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgwMBAAAAACD/10ZQVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWHv7loaVwIADBcHJrSsqOkn/cBSU5Fe9Pb3jH0AAAt/SURBVKJXFhb8///qZCZpq111Xfec5aw8j7DqJNq4LfR1MqkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADweV0AgCNpAAA8T4MCAOBIGgAA0gAAkAYAgDQAAKQBACANAABpAABIAwBAGgAA0gAAkAYAgDQAAKQBACANAABpAABIAwBAGgAA0gAAkAYAgDQAAKQBACANAABpAABIAwAAaQAASAMAQBoAANIAAJAGAIA0AACkAQAgDQAAaQAASAMAQBoAANLgqLuYu0MAQBocjEJ0hwDAX5cGj0/7i9r+6fHd3TYhqbbx8k4aAMCXTYPH3AWN/eNP0yDb3EoDAPiaafD94oXv76XBqNPpzFa9GEJ1JQ0A4CumwVkZvNcGdRq0H622IaylAQB8vTR4vPjB48/ToOjswva0YbY+u9HZatZ5Kw3m5+ciuvOBew0A/idpsP8xDfYfSINiHEJ7SmG+qUIID6cTDM1Add85pcGqCpf5g/W2SpuW+ZNlnRedcnf8Tr9l0veCDgDw22nwyqTB29MGz9Og2Ib7/P4qXbOQYuC+/d1/WnfBbtvMKrRpMK9Cedh5d1/vXK2aNKiK+7oqqrt/4ce+HrrrAeB30+Db02tp8PSRNOiHhzwfEMIo3eK4Cv08vqgjIU0KdNfHNOju2m31ztOUBJvw0MlpEPphOPjzPzYASIM37F9Lg/1H0mAaQjN50K4mqJNg/nw2IctpMNsd9jl8g2WVzyHUaRAm7x/fcvna4LOa6MzOf97B6UuWM8EAAL/0bHjxqo+kwV0It3keoNsONJGwenHpQkqD5cMhFupt7dN2zEN1GmzePrTedTEexaviLjbrFvvpjEGvHFz1YxyloWVcr8sYYy/vHeteWMVB/SWxv8j/D+N6x2ThMQGANPjv02CSn+d7YXcYGObVBc8GmjTobMOmPaRecw6idpk/qtOg9/ahldPpcLGaFcPmZMQsphUJ5aicrOeTeJNKI95cL7qrMqbZivIm98HNdNVd9GN9g51h/27ZHca7pYcEANLgD6TBZajqf69P1zD2zgdyGozuQ5i1n92EULXy2Yg6DVZvHtkyxnEzWzBtZinS5EE9mKcQ4iiHQN4yTtMCy5jOTJQ5H4phnKX90/demDMAQBr8mTSIuQHiaWXBXQiDFwM5DdJ1jJvjl4Rql9+qatekQffNI1vF5pLGbvN0X0z7ebDNhTRHUPYHTTPM04Z16oPmKoVpmjW4ztdELKI//QiANPgFn1+G+JCXFozOZw3Ks1mDEBchtNcVXp8tLXg3DXpxdpotKA5LDWI+PTBI6wuWbTtM0iqDdqlBM0WQq6BMx9oZjTwgAJAGv+DTFy9OQ0i/wA9PSwsucxRcna012ORdF8/i4YNpUF43718uNWgG12mOIE8UHEOgWWowOIZDMY2T28Wwf+sBAYA0+Lhvn33Jo1nVnDhYt5cs5q1pGmFxGigOr2twH3b5l/3V2R9eeC8NmsUDxXGpwbhZajA5myg4ziBMDn3QhkMxSBcy9KxB5J/27rXHTRwKwHAkS0SDisCwOCmZaCY3QHygEl9mKq1Uzf//U2tj7pBk0nZX2up9Ju0kNhyMufiU0AQA8F98ULJbibO93p+3n1nQjPurfPi1CTY1eK2adxLK8TsKt1KD9prArskGVLReulAwvIIwShxWsctnGgAA8Hhq8PDXK62eTn4pxHljy/bNpyHuz01KsBGi/jaD122XGpi0wWuuMRT1Ff6X5HgnNWiuCeiR37XDfbxeulAwvtVgkDicHL6zCQCAn0gNHvtS5o7qBl7zHQpFWulBv7l4H+jqssjr+wrar1dqbzdwz0JURVnZT0G8lRo01wTWO0cdX45xYG81mF4oWF+91WDvqDiOXW41AADg0evof382M2hSg6qIkuH/CDzWxYNvXjyWpqAMB6mBntW+AfGSnusYanc7NehuNVhvHMdR+5cHbzV4dR0Zx6Hj7NghAACkBg96H9xv8P39J5b41+UyWejT5Xordsfnx24OfH38rYEXZ7OyecWRHQIAQGrwsPcfdXbw/cf7H9IHYfNJCnuuGgAA8BOpwZfZk/+3v5p3HnYqYX8AAJAa0AXr0ElOx1PiJHQGAACMhuYuxECF8Zb/nwAAAKkBAAAgNQAAAKQGAACA1AAAAJAaAAAAUgMAAEBqAAAASA0AAACpAQAAIDUAAACkBgAAgNQAAACQGgAAAFIDAABAagAAAEgNAAAAqQEAACA1AAAApAYAAIDUAAAAkBoAAABSAwAAQGoAAABIDQAAAEgNAAAAqQEAACA1AAAApAYAAIDUAAAAkBoAAABSAwAA8G/4QmoAAAC6xGB9JDUAAACd42aVnugGAABgvOw3x5Wo/MtuZa4gmB/rS/voXlJPPfXUU0899X92/Wr3fNrsj8+r89k7bbeumxRnoeWe62uxGEoTLTY8IUr7xDz0TySyTGTn1Gs5uiCrC6Snqvp5IZ0ss7VFlgXtlFL/ifLMzJ+VYRfAi3RR2tTX85zNNHngTcjB8zTLiuZp0D6VJpJjns3boRcsmrI+iJ6z9Lp2KtlGVu0ENk4m7FTKhqja6rBuqJarLoY3jSHLc9++mTTr5XIaI1puh5fal6N16TfDTNtBsu7qdNhBXt9BaqGDxkq7Xbot1zRDFIG3tH5Fv4n0ulRL6z9c/SyV7dYXeikLrZDtLKKb5er+MRdF4dW6r5+Sffs2Lvg2MCzNlqbKlmNkTWVfkU0DtiXZNH42iDqcYtaEzzR9GmPW9MWCcWumz5Y7aL76k/aOyrrnfdBsHmccZhp13skLPtTN/Set9/5SlmZXrg//yenAk+NDKOzPLmV9KMj2kBHdQSay/M7+O5hCtkeuPv9GOmZ+9aSzTE7XJehjRGXdcufavCq3R1wV9ce3PR3IewWl7JcfjQ7aSVC5dO4fBP3U+cGc0brzw/mB88P1+jSKnNRRoQq1IAyCQDlp6kRBIKVnH3rmoKgqM0FYnxkrswbKGZ1zpBdGTqTaxYR5ldcRB8tfntGzM9oJg3BQJYOw2/mcSNYjdBzbodvQo3jS8hO/YUZ819W/XGO73erE4PL8vHq+XI7Gfr/fxO5J/zrtT7WNfmz0w9i2P+bRcO3fcRjErg2qfzSvKzAvAt8dOIvSHfO9UMWTotAfFySh595RChHfqpfTmDpqEPjug3wZynjUsHEI0xm3g259IZT7q3yphu1wY+VNFxurIH4gopx3hn+vg6bbJfHU4116V6I89/fzZHK17nB40w5vh0P9p//77dA+dLUeXIb1Zoz66Eaer9fnNxN9HGx9HWNcr2sny6+nHy1fh/i42b56nuv1erHD9plhdtj0ZvltjH7+pul9+2zBYv/08d+uLGWxfYd6WB73fz1XF7/rvVvbp2mYrenWpatv4t3avsm9PSie7Zfx9HRw/xBaOnIfPDyCMP7lo2G0Lo4Q+h+IQXi7XV44XdtkeiKfnbdnh/L0VL8UdBYjfuD8EArhJHqklCo9m9X6DdK8qvI8LzwzvvpJEha5lcauHWP1w8lbeo4oz/0krV+VQddsp7QlUf0qbacvBosyM/rNjGG3rdrYqplEtkOLblpe/05sk4pkO2TH74YZ2ztmzNcj/15nAToVuBwvl+enp38ADYuBZ8LURb4AAAAASUVORK5CYII=" alt="Docker Dashboard with tutorial and app containers running"></p> <h2 id="recap">Recap</h2> <p>In this short section, we learned the very basics about building a container image and created a Dockerfile to do so. Once we built an image, we started the container and saw the running app.</p> <p>Next, we’re going to make a modification to our app and learn how to update our running application with a new image. Along the way, we’ll learn a few other useful commands.</p> 
+<p><a href="https://docs.docker.com/search/?q=get%20started">get started</a>, <a href="https://docs.docker.com/search/?q=setup">setup</a>, <a href="https://docs.docker.com/search/?q=orientation">orientation</a>, <a href="https://docs.docker.com/search/?q=quickstart">quickstart</a>, <a href="https://docs.docker.com/search/?q=intro">intro</a>, <a href="https://docs.docker.com/search/?q=concepts">concepts</a>, <a href="https://docs.docker.com/search/?q=containers">containers</a>, <a href="https://docs.docker.com/search/?q=docker%20desktop">docker desktop</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/get-started/02_our_app/" class="_attribution-link">https://docs.docker.com/get-started/02_our_app/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/get-started%2F04_sharing_app%2Findex.html b/devdocs/docker/get-started%2F04_sharing_app%2Findex.html
new file mode 100644
index 00000000..568f66a4
--- /dev/null
+++ b/devdocs/docker/get-started%2F04_sharing_app%2Findex.html
@@ -0,0 +1,16 @@
+<h1>Share the application</h1>
+
+<p>Now that we’ve built an image, let’s share it! To share Docker images, you have to use a Docker registry. The default registry is Docker Hub and is where all of the images we’ve used have come from.</p> <blockquote> <p><strong>Docker ID</strong></p> <p>A Docker ID allows you to access Docker Hub which is the world’s largest library and community for container images. Create a <a href="https://hub.docker.com/signup" target="_blank" rel="noopener" class="_">Docker ID</a> for free if you don’t have one.</p> </blockquote> <h2 id="create-a-repo">Create a repo</h2> <p>To push an image, we first need to create a repository on Docker Hub.</p> <ol> <li> <p><a href="https://www.docker.com/pricing?utm_source=docker&amp;utm_medium=webreferral&amp;utm_campaign=docs_driven_upgrade" target="_blank" rel="noopener" class="_">Sign up</a> or Sign in to <a href="https://hub.docker.com" target="_blank" rel="noopener" class="_">Docker Hub</a>.</p> </li> <li> <p>Click the <strong>Create Repository</strong> button.</p> </li> <li> <p>For the repo name, use <code class="language-plaintext highlighter-rouge">getting-started</code>. Make sure the Visibility is <code class="language-plaintext highlighter-rouge">Public</code>.</p> <blockquote> <p><strong>Private repositories</strong></p> <p>Did you know that Docker offers private repositories which allows you to restrict content to specific users or teams? Check out the details on the <a href="https://www.docker.com/pricing?utm_source=docker&amp;utm_medium=webreferral&amp;utm_campaign=docs_driven_upgrade" target="_blank" rel="noopener" class="_">Docker pricing</a> page.</p> </blockquote> </li> <li> <p>Click the <strong>Create</strong> button!</p> </li> </ol> <p>If you look at the image below an example <strong>Docker command</strong> can be seen. This command will push to this repo.</p> <p class="text-center"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA+QAAAEYCAMAAADiTMxoAAAB1mlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj45OTY8L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpVc2VyQ29tbWVudD5TY3JlZW5zaG90PC9leGlmOlVzZXJDb21tZW50PgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+MjgwPC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CozRiJAAAAAJcEhZcwAAFiUAABYlAUlSJPAAAAEpUExURf///+/x8j9VZSUwNv39/uzt7v7+/zxTYyMuNABw/9nc3uTm6PP09dTY2ufp67fAxvj5+aKnqUVOUyk0OjM9Qvb393Z9gVtue0Zca8LFxsrP032Dh1NcYfv8/OHj5Nzg4qqusUJYaGF0gVRpdoySlUpfbmlxdcTL0J+qsi04PjlDSE1WW5KfqLC5wHOEj4KIi5qfollhZtHU1md4hcjLzLW5u83T1pKYm09kcj5ITYyZo+Lv/2Jqb3mJlJmlrqmzuklSV11launr7M3j/36NmLC0toaNkGt8iTKM/9jp/77Gyw13/4eVn4OSnG+AjByA/4y//3F4fKOutm10eKvQ/7zAwjZARVyk//b6/wVz/3aGkUGV/3Ox/8Te/73a/+31/4K5/7bW/5zI/8gm68YAACAASURBVHja7J3ZbuLKFoaNIBYmEAUckBzGCysSyUUcBBshuMggEIgLiIAAIgnD+z/EqVWzzaDOSfdWx3v9anXssl1Dh6/WUOXGMFAoFAqFQqFQKBQKhUKhUCgUCoVCoVAoFAqFQqFQKBQKhUKhUCgUCoVCoVAoFAqFQqFQKBQKhUKhUCgUCoVCof4GjftL6wdr2R/j7xCFOqFB3/rx6g/w94hCHVXf6k8XP3kAiykZAv4eUaijvrrVX/z0MSz6FnrsKNRxQz79+YOYoilHoY5qaS1+/iAW1hJ/kyjUEVkWjgKFQshxFCgU4oGjQKEQDxwFCoV4/OhR1GazmRmij0aWjCeBhCAeOAqlXDwej4Xoo3FOxnOPhCAeoRvFY4aqkGs2Egg5Qo6Qh3AU0bjSQwIhR0IQj1BDHo/2kgg5CvEIH+SPjuN03cktYH5XRMhRiEfoIH9gR9keWHUPIUchHmGF3DCuyYldlpci9XQvXY/4QXC8+2YlEYS8TpyBM3ZolmZNt5EQ9Gcdp0Z+XKR7bi3QdLbWdd30LCvPU13Xm53L6xeOQzoTS6XdRoku1V3WvF6lLmpO0Cazda85Y00nnabb1dMKSafi9tIzOQL2RLFGhuXocUmp4aavs8aZBvl517t3K04WgUHIwwU5xbYjCMnzQD2vPunlAi/LlHyQu/Acc/TLd+yOQlmax5ZheDYp6voajtEyIttlk0O6ytN/AvNKPH5jXF/RwhYpTLMHCgnZ2bSRZjmFzqVRzLHDHGfanE14A1fNS+2JLmvmtiGngg7rRsOMCshLE56qsG9w4RwhDxfkzwQAm3Fba8l0XCbFL3PKAJGYDrkHaDKQKlVxi92QPnA2TUvqersXD7L+NG36SZ5XuxLy25losnXRFNffkgLZiSvKOhxVbZa6UwnFvIR8ImuJc8rPM6LAe+OQP6uxR58RGYQ8VJAbQF6Jus7wOc/kvTwg0GIA1yjxOTf3GHd1d70CCTsGXoJUV206TpOweXUmIIdg3868lfV2b2AeeOr1OlWbmt4JmNxXrwe+QjQhIIcG7z1qo8nsUeh5r3DYlG4H6bzrUbzJ5U6z+aBNJt14NefNZq4ti9gTd3nvHpKMrazqyIQ1zCGH+568WcW9i0+QGIQ8ZJDDx3sGB2DwXoHty1dJFRDUo055+VmDvEGqyHAfmfBWpSynSGFOQE7AqgUydHWgLMUic3H+SP10cMCfFOS0E3VaiQuBeQNqU8imRbQQt2m/8yquLnYZxfCEq55woSeRjCA/ARMEPUpLyDNyXiuXkBiEPGSQezy/HiGG8ZYF2UVi9apglJ2471YBuUNqaD0rdD12mOeOP4X8YW9hrhBw3+GcRwUTMdEA5NWknF8ybJ88IfBKNs/6k7SlS/4ch0DeJ7MqinJygjCh7ooo8+QMxSAnI75KIiqIRzghh89+j9PqauA73LjPApDbRo0AdivsHdySEM4yc/wBcrscbLUYFbip8wI//ke0DZ3JySlDoAhzQFLgyaN3sMs8d3/lr5hfVba/YsjQo8cjd5u7ITMBOaQHOmjD/5t4tLfbF1/BervdhgryJveAKxrQDi8Dv/0sAPntGVi9hFYS9ZhyfGoAyAt7rZZUNkyei9WrS2GMK4rspkqU5UU3copsMPQRSXRGTh2leqXp9q50yK8NmQ+855PCY7ATNDqI3tSRlv8g5GPLWvkKXizLok7kvL/5Sj39+eLvhDzHveieAohGrXnmUdtGAPIW4FWI6U63pgqnKbfXqhPYduM7f+PcVZThbSo873XIzyXkomuPEvJSj66+0cUwBTk30Bcc6KSWjs/KmabCcvqZSgyBCRXkbfb1JKPVfGp+FfJP8uD68DPv+jPmyLI2xmJpffe/jP1TkAOlzxwH4WMDD5BkbhHDHYScSTj2Rusw5L29VjV+98+JMX4z/O5EU4XsPsiTEvKrIOQzSnf09rFg65An/ZBD915Fw7Z0J8qvbKH8EVfQQgg5+4KSly9CPrCs4RHb/EFuaesnAyNGUP/4KyG/IB/zqsEtufBWaxxjQlI0tgf5XYv75Ry2akopchTyukzZq3BYnle5g/8LkGePQp6CBft8qhiMybN+yCE2eNLiBLmt9bxHV/zvMAEXNsj7q9UIvidttP6iu759P0YtGO+xZtbhP0x/eZ+afyXkEx4Om2ltg9qMW9kct/I+yG+ykHl7e1bxcsD2HYY8GJOntPOkMK7fgtxVAcDbCcghk/54IDEA/YDFfp+/gQoD5PAVY2tCojX/IuQnxMHeA/4vhBwi4+q5gE54sXlu1ZvBjzwwU+T73ZiJT6v82GnIY7Dupq2rFa/UeUNY9W9B/iTThJH4KchJgBK9ULPZfTBzkENkQgi5YcyJKSc/Fu0297PFEYN88TEdmH7I1a3k8zqYTj/W/omg7Xfdyd3CuTcH0y2/KkvXsjbtxj8PefI+KnaXUBc3yrJaZ7BknuUuduYyADmB2+zIsLxsy20kpyGnDOozRl66DjHALvVtyAsiyWZ6JyF3VU7hYe8ttKoWsKPCBLk5tazlAr6LiLLO4WSQL1eLOfjzw6kPcmnRzTW9TO5TmPeF+TZFEm5oWZ9s9ngfwt2jT999K9GTtZx3/ijkhVIpMfPy9H1ykSkHwFqQX09kJH4AcwHASVY6GuQGLKNFWVgOyDywjF25WTkBOQT6dprYbjOV7/LpwYYDugc9Z3wb8pxot2ufhPyMXI5CT7N5uePtphKRljyNyITSkhO6rSOQW6sV/5Lw8UHIt0ORu1MVb8QZeOs7HfK2/BbljaHy8JB8Z7irHvxRyONypSl6L1/LpBvCb59ovrzAHJcEvee28Maz3/IFlXpUhOV0y3v0bjJ5aHEDeQRyGv7H7buMzTny6PtiD490m/rZ9yFv0Lda8jk4PwU5rS/+1ilU41dRuXZuFya9+yfYiI97YsIJ+YaxdRByAuJuOya0Ltv7kJsLcmH4vhvPR1roPRD+ulxo45CbEBdM24MNofqFtkJT9KTdIcOdXH//tyAHPWnvVWZfZfGrIN+5lS+C+SBnBpweXnRUdSchT+b8b6EZnuzJXcL4PuT0xRP2cplzEnI50Fb5SW2QEVPfDIkJJeSDIUu8HYZ8DlC3Rwy/oCUnxnjIlt/0tSbhh8slcw45UN3mswq5EBuylbW5NZoz3Ekr238HcjvT6aWv/Vca9JWuakHLpEVybCW8UPFDXiyoyLZRYG+bPjbPT0FuGLM7emM1z3e01F7BsY5mmiIh9z3IL2ly3C7MjGL1FORkeoFBXd2cgTdByypP7F+lmi8jMKGDfPqx3UFQPRwchZyF7dzYByEfHjS9Y+avw/L4VIPclIaaxN7LGD3fULTnO3pDm+UG/izkpxRJOaXgnq9kzUmdnX7MPHfq5cgv1G+WnOuSlqfLJpzU5e/rfrHslH9ty1qkHvDKs6V/nNoz7ncLI+Rcy6lxDPKhKlnsQX4kUcZ9hE+5Y4ZbcrDwA6ohvWFHDfoLlFL8d8EVu38bchQqrJDPZf5tH/K+j9sA5PDj0DaaFfXX53L5nUM+tDRJyz2GAH0EDc2Pr6oj5CjU/wf5/H2zk2vcCvLPPcjBZn/sQQ5rb4eq3sFzpoqwGeRrnXF6qQ/lK2sYA77bEJIPEHIU6rdCzgLuPcinCnJewjPmAcg/jljyNQnz25BmK+qQm+THbiC0YOvo48US7D1pcdc+uoCGkKNQ34LcUJDzCHysxeSmsO3L2MGY/OC7LcRf323UZlktJodJxRR/bcktn3QtndQ0nx7bXYuQo1C/B3Jll1dadp1tVZt/JbtO54v5Sr16xiGfBxNrxIqPNmxRvW/130+8kIqQo1C/AfI234lGvXUJ+QoS5C9DdunQOjmdBWKffnqH1oj8Mf2QvyxlZm0xELPJioX979ZydfQddYQchfotkIM7vZzvxnNLh9wave9gx/lwfQDy9RAe2Wzmo0A0TeuQRl5sa4X33VbjLWli+S7iguX/2Du33sSRLI4bFVinuQlsgwSYywNCMn7gImhkNQ+QKFFG+zCLaJi0NL2r/f5fYutiG5exSaJJZ5XZ/78fAqZcrlOcX51T5TKtiv2Um+sMQA5BvxLyn/Ft899jyP8Mt5urJ1Su967/Hp6Tgvw/X5LT9Qjy5z/ixXUFuVjPU0l9/x9RHgHIIeiXQW7cP8kHyn6KQBxC/k0+OPYj/O2YrKfQJObJvethvp54ZiV+Cs3415N6DO2PcAAQe9+L8TrAPSCHoHeEPFPP9/fpvY2m8e0+/2cYTdP498/7b5m/JJF98Fte8fezAoIA+dtkvmuDzP+RFRAEyGEFBAEPWAFBwANWQBDwAOQQBDwAOQQBcgiCADkEAXJYAUHAA1ZAEPCAFRAEPGAFBAEPQA5BgByCIEAOQYAcVkAQIIcVEAQ8YAUEAQ9YAUEfox9fnj+/Ec/Z/+caBEGG+DH175/fiO+Jn36FIEjXP788ffpQ/vyU+38aQxAk/pex758a8+fvTwjkEHRDvz19+fR6+g3fIwTdytiffnxmwn88IVeHIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCPrPuOqu/hyGNTqeKrxOCrrUm5+9hSImorB9ZNj+C+vp8AC+C3kMLpqkLyF+GPKDNB1y3TXu4J/QukJOmzwp5fz582wkPndeWuIbcovmvt8js0Va+GMxbcFPor6haEJrTWf4t9D8p5Ctav6l8y+69tsQ15MOHj8CuMLqTf8dUgptCfy1iiH9NmsqXn3ZO/vhGyE/Ue22Ja8g/Vj4gh95DCvJE9lsuFzMLFsuDm0NBqbasFxOQF8uVrIoKtUFmzmAOa1W9HcPiq/KRQIP8rlZPnNYffK2naikeNcgzzL2UCCEfDBvXvVH/Witl9Uc5NmNQS51WqWmWm5Va62aNZdIgLy0Ladu7WKCD3gz5emcT2a5+C6zEfGO48Ii8iXI6k7FoXrtnY/GnMQ/EvN47diTkU+MkyttH3QnN1cHhpdi+ple/MwZb8cEuni0vXVtcTmStBZud5LGGw9shteFnKDVm/DJi2XAi3qz3/CyyeyEagyMj9Sk7xuYG6pCTa26iBId8OJyc+duoyI415VAiLks07ZX1XmrN+Mly1n434QYxfxmdVqgK0213GRWviQ5iVjManJI19kR7KxOmGi+LlA68GRTMwmGhx9ZGh1vrjVkQDVIdxobwZ+gFyFttImfhesTGyZBSInvlMGvLHXgqndQkiiEnAXlxwk/cbi2ipoTcGjF7t90x8urJa9X5AX/C+bUHWvVsdebV8+tGQblp03TLKXDEaqBLM+XE3Msr8tUiPMJjmesyslzXfeRvHngj3InPBwsZMYce7cbNHrdm24uD/cF16MzL73PNTZTgkJ/OLJAtUwONJQ0scUODyWKqZfMlcng3MMsRJVdT8hbbKSlC+WnrHQV73iH2SJWe807w95z7iQzPeo094mPWyt0R+bwha1Wf+gIsdcUeNbs2OYE7uHwVB3LhztBLkG+UDxY3RA8ahcQWgtbumXZmFuQdciT99WZLQs6oLZLW5ZmO2sXGI/H5MNAOi+pdEYPqLk1lhtslNufxqbAlqy9atQsdeyoRM1osRE7KidP1RrsjotqJqWIuTQTsA4+05fRJnK7nmHspkWxZ0LhAPiZXrozVRroZbbZRuXrVoQN/1R+TCq4WsUCMV3cu2RW1Wkg9UeHJo7ZxVaOEPJmuFxz1edmSPSJLOLuaKb+AsC9bHo3gztALkN/FbjKmaUtzX0e9XapYewX5RnllvPBGi6hyL/uagU6Hp9ioEdVUpFaUFTzBVFf5evFMTXX/uEN2KwvySEcJTjWKszN9pIkRzjNXgzzVMgX5npoZaxJ0GSvG5Ksk2lUdw+O0ytNbZ1m36dNBlVwRq13VeAX5IwX9RI+IErRrhZ1tq6n6Q9RWCMqHfBMGUulLI819x+HLhbyDewX5A01LGuRhpK1R5vowj9R9rfrH8KUngf0an3UQl+uroyuyeGJfkC6f3CtyDflGjjHxRZq0y4Q8z1wNcr1lIeQ92vazIF9Eq3le1KaRGuWsOJPm2YMpA3mU6LsSd71GBbkZQ9634zFgrL4uDnm4StAP0xtjG40bEJQP+eHiJvvYu5X7RhzNycqCvHSmYN1PQH4XBsvse1Dce6ta9VEEVAyN5EWUS1sxdDM+EfdlSV/bkXINeZPEAl2FqBC2eZ8JeZ65GuR6y8I/K0aLbgbkEYl8olyPArXsCiueInyVB0bJkdW/qjEdyYdE0ZLaSnVdj87GJWtQ6360gjdDL0HuxgHbaId7riL3jRzwQQaiK8iN8pRoOq5HkLNifKYGudmZTfypZ6chX2ko8Zmso+QRk00UqAf8mmPh/QVGtWzIGw+9rXX2mHJ7S4VnM2GWhnCeuRrkqyzIzTW3YJfaxp4o3OHzm8gA2XVWvBu2Lg88XtbIVKzXa0xHcl5fNJ2oqHlDL84axIiyVFMgE94MvQT59BIhH8nX3Ld2cd9CFuRGS9xDY4c7BbljZEK+4mU8az/ZpyEvaygdyHYinZUbV3jm7/SNJXkN40RTMxPyucPh8rcTXzV+Tl6z0iofKChkQp5nrgZ5OQtyzuojv5Y3bhiZZoxiyLm6idP4OCSnMofLoHIK+yJZYzqSjy5LGy01FeolFkG2srn+h+yqhz475LtL0pqO5J28SO7H4dDsbLlv125AvvRo2zXV+t0tyB/T94ICnjWP5WpawF18pk8+Y8ibRLOholshO2JyU76rzxhihPPMfQ3knLaRuMPVyjTjRKyhXdOKe6kiI3kvHcn1GtORfJ0RyWPIzRM5DZHRY2MM9DLk+/w5+UM8gwzn5NE9rHMyF+6eZRaZB/mR/L4WvXJQGqW3xfY44Dt5STExt/QbXjHk5+jueRSXl85u/NhMz1RjhPevmZPnQs57YURJ4xOFh+mlCEvdKJPLgWJOPk/PyfUa05G8mzEnv0Ty/pR3zeaSv0NQPuTz/NX1WTxt3yqeRvHK2lirTKxo50EeP6c5vw35KrrhdFnJs+oiUTfMFe1KqRV7J2R+EM+Jt4qbuhdk3VOaRMDN81fX26+BXIxai0wz+nbqYTUrXuAfk2fKVKYW9+jhqsYL5GrzT9+5Xl1P3LMc0zFagICg25BXWORLGzrrFIa3YLvhOrsbYfCoQ76ULpwHuRXesK5Ob0NedGmhLSIVeMPUucLdtfmzyLrb0ZKWav0yXHgbpXbihJpFN+nzzL2UeAnyeWpSU77M8Z2SDnk4AFUdNV5GXZEe0FSNIcKFOIPqhXtxxPnzK8grzKuRpxL66mqFh1qgfMijLWDGnGlxQWzzcCsy/yXfVLFD7icvzm0F+XokIalupY/mp+u2fN5jYd+G3OSBbi9nmIN5Nwx30WMoB/5KWyzntZ4rYUj3C3J1z1aQr4j1mqPRw6qeMjiaa+SYeymRB/nmJKcdgyAZsJO28mEskFQXHkYh5FPxvuSTfReyLXe8dRwVyPUaI4TPtFf9VAp3vA12Ie0a5Dx12Uej7pre+FAe9H8Gef/AnXErdlTPijrkI8/2Jzv+qcoyWzwW7yaLM7V7Erkx2btJe++RM7gBeVncJjq6tr3ybkLOg7DHL7Xwz1Eo2xDZ1ciJU/eD+YjAtse2XNNmi4lFwUlBbs6i38OYVBLlRR7hHxatXHMvJfIgX5DnHg8uI7eRDbnRDcQ+ejdganpv0SZglty1H8bmJiNvMeGl9jLw6jX+l52zbVIaWcNwExOgyBtnXSTihkg4CGoy68KIHGog6xQuVRRQtVj6Yf7/Dzndne6El8BkdEZR7+uDzkBId55+rn4LGanwG/bIzwum/eXvZdYAj8r/65NDyT+lQXknAwVApuRUlL/ZY1yvd/92Ck1fy4wfC5NTwesnbOf6tzf040zy/gv2+Ff58bMmOSE5abxmT6r9ZZL3t0gunkorv3qmy2WCSOra4/LLvW+bvWXPZ7Gl7HMqZ/n3fzX3MZPc/c/n8uuPHz9esT3rLRmJyWoRfzE283LTI45J/uEP3nd8fmeQI5IT489X8WN5l/HHPmgv2FNnfyR3+C+vyvwptHhdsntGqbD7joWVT1yaTx7zeOzcSd/aepM3ya927hMAkMX1sLL/lc04fV3T214ou83GdopX9X5Dv/2Py2iNfE+Js4pcmtf5jlWbl/FD4areuJYvFv8qix6CDXS7g/91I3mSO+Ny947IxPAafe2WL58UGn29utVFFL3dB8wLZr9GisWTZ6xWLuUspFZpFI4VlX7Z5vPurQcA8pHrD6Sc29etnpY/yy5C/S3rgZJvyQNXoFF+JLoCr/y5ioQFDyT5+S1D0m/UvCo//aklv0om78/3diUB+Iklvyy/LCS+PzJ+Zsmfp7fh3j7Rka/gV5G8+nf57w96Tau8vSo/+t7r1IeT3Gs8ffYy+T4dAL+S5OyvuQhef/c7xw8n+X/ZBV5hHQ6+ksL79z/kJLD/7tnVv/+86X//mjx5/+mBzvz0yYs/PyFFAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBdMMd1pQQAOBuU+ti8T8fHCCkA58f4/hy/QDQBOEcuMI4DgLE813ockQTgXDExkAOAofx26ggkAOdK/V4kx70zAM4W5V4kRxwBOF8gOQCQHJIDAMkBAJAcAADJAQCQHAAAyQEAkBwASA7JAYDkkBwASA4AgOQAAEgOAIDkAABIDgAkh+QAQHJIDgAkBwBAcgAAJAcAQHIAACQHAEByACA5JAcAkkNyACA5AACSAwAg+a+FM20jCACS/8xEZHqfp+vYC3QakPxhJfebmqbnSrORp2nNzreOw8zSLD/XkaGmaZtcR17omtb9wvqMquq9SjkhZPyDpGT+AIPzknzt0uMGeWpUr9Ij6986DmNav0muI4e0eo1cR65UQgpfWJ8NWeQ+th3s9Ynz5TeQPKOQu9bz7gF2gjqcPd/putLR80lOjyx8e8lLiplT8pKzzCl5qTX4Uskdg/i5D472/fUO40en6/ccU+/OjRTl7GdOBHhyh74PfIc1eV7JS6XvITkdQHJKXprllbxUJ9qXVSbIXQTF3l++W7kj/RXcvRA77zbD8QAv7xIXAMnPWPKWRtaQHJL/QJLPg7B346SSd3qLptWI0vmoHw0LemPs9Hpbkq9tSk8u6W3TsLrTlkgC+k5Ez7OyrUovy63Qtuul+jLcrNri43bosJU3/aBcSrYjUyuY4dQcJ5J3Nmahf2JKOZptwrG/lYM34VCr2ONWcsSNXSl4i4ljz7YkZ6XaKzEV7XV1o2LLSET0nXmpNJj2tYW/ncuVrVJXUbQclQLbDuKFxXLh1ZqLWX7J56wCoayls7Hti9K4oXmRkzbBONzMWkrE3speDPd1w1sEXftYIe3e0DKsoQxvRhsd1HM3GFkBZjFUTkk+sz3N8OytTcr1NJyuS+3QDmkS8aCtF5aeLlZ26kmbJpibxnCgbJqF7uhItSD5bZK3h/yY64GUfGzQX11CVJFjrZ4bn6ZWdJVU8pC9VOVbNaMF/dGgR1nx+Gayt5y1xj+VMf5O6cvLjcpPECg8veJdvwL9X4ytNy5RPYsdM5SSR/EJ7aObczX+frQSmdbuxhdCdDHs8nryKxEnjSVvspfMOCdpES69fjVW7oKfr2XzD3lpSU0y2yu1NrVoCNi1+BVCioUirTfPbFu3asSwGF32dsfULZdo7He9l/QCZGsz02cbW3GjWMLyVlTkv47pP93MRqT1tprsWtUjhfhsv5SdRSya99tov56HwTgMMOufmqQgu4Zx0yqQKj+FKS6GB5yWWh3sZlt/Q/8JSgo9u8YTKTlit56sBiwHLNaUpJldLUh+m+T1GqmFwbRL3GoseUCbYO4oPs2ruClpI1TG85uIGeikks9U1Z50xJ6YEXRKyrxCqrxxRxcTlUxcdTgOTMPP2vCqUM8K9jTUY2edeYHMWWUmS2LEh9RISE/eCYtCP7apWxjXB1SIefaV0HqavTHtCYy44o5Fu5C6MproROUfaXk0dVaDla1KY7nkSkSMaM0T5obqNVDoVMaNuxJlcGOTsEG0aBYa9tb2kq5sdVjmJghZ+o/ZSDMySHPSKjkrjTRbfBGUoDlxvBOkr87FZGIkkit1eiVuNKgHVRLJay8uptMFs2WeuQPeICbtUpSAnlzJLmSuetNBazQtil53v43263kYjIMAy632aidpAElVtNGwas9GrLlFD9kpsGzrsR6mMqDhGfFua12fXcu50W49Ryta5nxFU88cBHGCHlQLkt8mORW0yUeci2o8mNarJJSpTII4qBue0r6xLXmvqK2TPBcmOx7xRPa7xI3vayuZxdKOudHhQ5QY6i2hbltIPiBGXNbSXch0KvCKXsvM34OOunxIcRbiDo9NarE3LTMeEjdEjRN8WdyS3OlyQUQKiryhuTWTF+fG1791IWa6De27PEilNu1A/LiaXkf2njyQDq1Qz2GIiDvONVlvvXC4zxGI0kOix0MkqfHozGmHnN2MNRE+v2AcK8SRs4ZQvrLbRvv1PAjGQYDFUEuSGw2OMyZDfgoZLCUebNtFMhIju9cWV9iV05YwXuaTUVY927wLiXgZXbLMbiNIflryGVH9JLMGPLGsVjI0ajyjTdFkA9dtiYT0F6JvYBjJWm6STDpdoo9OFNuVwwUdg/QsyevEFWfy21LynqhV5oSVTqHF6zS9WQ6O0jvPdZf92FLJJrHIlJJTOxet5OWak9yAWiQjdbC/h0G0Vjp9EMf5Ks91P51oRPL+XK6Nt13JPdFvxeujpqzC+JjkGhFr7dHgeCEdfz0YLeXy57CNdut5EIz9ACcrr8qpjTelPZ/XFS2OyijJtkUieZH3iY6bTtC269nmQZzxlVDI6pfVRpD8G6WdZwAACVFJREFUtOQbORtmDrCsqKQD5Zr1rkotHbbWE5mQFlHTnRLaGfdiaI+7lAl08gth3cS3C1J0MiSnLah6XXsTXCjJxHAmuqV+5s5TkVwk19SIZyCddOgN2eQg9WjpC8mr9FqUNMt1cSG9CrFkFtuHlZ9uDeqrpJPx+fDiylPQAa/9pZLHZbbiqRNtGSFjJ5a8Fdopftyh0GWrHQUz51ghrUAX2xGVVPL2id31/WAcBFj0eJtZ67jk/oLv57guuYkzSk8GFym52IOpiGXEXj2l5ENebC+7jSD5ackbZG87tpo6TcfCNVN4fpiQ1PKKzKebnbImMoGc05Kv0i5ikCX5yJQrxMnuLbRJtuQDkqRsvC803fqiS8i6sqUYF3duoRFXS+evle0L8aTk+6uDerGWrouvk+g0uOTR9inUztdJrvy/vbNpUVyJwnAlRIV8tG5CghBDEkKyMC6uEILQLTSCIJqFS///D7n1lRjz0dqXnovtvM9qxtHUqVP1Vp06dXSEyCORTeNutaXZV/gmr041mVJM+xtR6eHZz9LzQWmK3P1C5G1ndBz8wBXayiP2YZtmuiZEfg0j1rXI36rV8r3Pzkrk80rkfWMEkX8t8uQa8thSbfU0CdnW52rdk49CPlyL5EEtr9OqIlQfFPny2kjYJ3L6L8vz9JDPZDLvnsjD6z4tKlVODU3zXq4aW3stcm/vKHVUMSfzuiP7Ykjk0+Yreb0mfvJ+fJBR/YjSGQzX998RuepV/xaJnTyeNRYSOTrFJs2mCV1+T72NfBCzlO57UORtZ3Qc3C/yvBk92GTqyrjsIg869Rv7Rd62syPyvjGCyO+F61W0Goot9XAdwA2ZqSztuu2bkPGCHMQnXSJG8Ia7Ik/qCcO1aEgJ76vsenW5HY6ljO6InMa0x/rh82t/uFhGbPoW3es8nl1f29WKs20eLycDIi88rzG3tsQPZPzJRX4hmttN+7ceYfQ47AuRU4lk1ZPkmVytkXur3GSDUb1o3zaSV308Dov81s62MzoOFoaU2bGxdJ5uPrQXl4p8BeTGxJpcg1R/QORtOzsi7xsjiPxrkVcpU5Zm56I41pItFD4Q5zoFVmRW4568+Kymnk/yas9014/u5FJwkS1Gey7NyKTIy3qy6jK0uCNyOktGcdUlNiVUeqKQxqQi32MRo1o58m3jnrz0xif5aK0uZHOiAZFvbw7pzH6m+Z0pRF7MrpFQEVafkH0J3KpLcvt31YdE/k5IGrCChfFA4i3Qqhv1c72V3jZiSP/G/rDIb+3sOKPtYOnam6D5Up+RYpEvk1ck1aTaEpO5ukjIgMjbdnZE3jdGEPmde/KEjLcsGLOqb6HNiclX7NAnCpu+wYIo7zwjYla7vpiQdZwbemTKN7d1Zj98Jifa2QmijUnsSKaiQzaNiRQ5ndcHPqXCmZwf90QeasRYqRN3OZNzcK0J/QWpJoTnzIjOhbjVpIpkWetO8y7SLN7VSXzUh87ksT12bgLUMZnp809i2uImaUm0JVtK1EuiicQx3d7YiSN+n9qKKuNin3onOs215CGRs2oZ85+c+n9A5DFVGm+dxlfnOvhuNnIgCh3d4GSQYZG37Gw7o+PgzhUavyujIg725xFbVh1CtjErcCSVyN0FIZ9zfUZ70i/ytp0dkfeNEUR+R+QFS2YqNh0OOpHYjlzoPFPra0QRS6ZD32FaPh1ag41mrCtjPiFLegA0DfanpUdsa5q8sVImOqjlm0n3NZMyOg1n132ZVxMpW7oDaoZuE5+MlVSInJqz3epUqWzG7Qzahu5OAssm3mfvtyg/xjyNxqqjvDd2Ut3Q87w1nVMz5cFiR7s5yumTxCV9uTCFyKn9nsmWjoIaZSRTi75jxkw/KCZ9ButJFRRQ0bdu8Pas20SPDDnXD9Sd+TRnZYMy0gks4ul+o9rMGVGHfrKsM4tNXZ81MBYO2zEjaBdZkR6r8FOE3EWt2dS5ZizaIieelaU5VU91lrhthC7EZLSYETsj2oh6tG+MWna2ndF1MN8SrsUwMs2/YJ8g/CcHqC80n37CsohtcGm62ZibdBJuTBRqzpL9XAAb3rhj51Qh41FKZ4O3cGjUMLOCrlkQ+f2yVjdjY0IHjQ76gld9bPjybGdy7NTgzKfYYskX/oINsyo0RCch33+cnCd3lYzHApe63srbDGfXg4+5YlvbaoLsWXHp6BSbRNvyFd60eHrJTHmrR/YXGi4Gb9W07VKy9Wp2iJf0HXwZiBLWtfGiPpwW/AWSixnK7OQa4qlpLmN1afJCTGsTi+ihoioeCJROZlx1TjuH7WlyQ3sXd0BGWgeTwZTX62Z1JiziffNT7rz4s1EpdhQlqkShNk+psZ5cUoL1cVU005K3JpiepXCHN6rEbxqZrLhzkoiehlnFUu8YtexsOaPHwTRc0snoZjRYeS+xDztRYJPxmtTj5OTViozL496tEm8sfpylYhEbG3HHTraGaNkkUli9VWnyYeiYBZE/8AUVNVy13BXvV7fHneiy//r8E4Tv62/kOq9XaI2Y4uYBYUzVU5bOt+qTizq7XwvwErqtF9Zfz42iXH3RaDmUWFa1a7ztri9hq5Go9YLqhO73Z8N+6PvvER2daL9qPfOmEdpzR73bQsvOtjM6DqYvdcKKdaQ2ZlLZ6+50sJDlETu/HiOI/DnoE/mvIFhGQ/ojf35jSV/lFDr5Z6A4+a8EIv8dRH5dOvjnoPFq+hLeUpfkO1/Ih8h/ociLjUGSNP1wXmKItos88T2eFf5juHN/PmcZ519/DA11PclH5GW+QQaRD0adguwlhogXWo6TP1p9VfBck3dWf723RBG0eYK0X34nX3Jeo5Yh3i1P/yWL9q34Njou3x31Fdy13mxW+In5v+FMzr7CrGJ0AZjgf1ABACKHyAGAyCFyACByAABEDgCAyAEAEDkAACIHACKHyAGAyCFyACByAABEDgCAyAEAEDkAACIHACKHyAGAyCFyACByAABEDgCAyAEAEDkA4P8VOX4XFYCnRf0RkTtwJADPivMjIt/AkQA8K5sfEbkFRwLwrFgEWzkA2MgfYAVfAvCMrMiPgb0cgFfex/m5fOPgJg2AJ0J1NhYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICn5191ItpWG1kqmAAAAABJRU5ErkJggg==" alt="Docker command with push example"></p> <h2 id="push-the-image">Push the image</h2> <ol> <li> <p>In the command line, try running the push command you see on Docker Hub. Note that your command will be using your namespace, not “docker”.</p> <div class="highlight"><pre class="highlight" data-language=""> $ docker push docker/getting-started
+ The push refers to repository [docker.io/docker/getting-started]
+ An image does not exist locally with the tag: docker/getting-started
+</pre></div>  <p>Why did it fail? The push command was looking for an image named docker/getting-started, but didn’t find one. If you run <code class="language-plaintext highlighter-rouge">docker image ls</code>, you won’t see one either.</p> <p>To fix this, we need to “tag” our existing image we’ve built to give it another name.</p> </li> <li> <p>Login to the Docker Hub using the command <code class="language-plaintext highlighter-rouge">docker login -u YOUR-USER-NAME</code>.</p> </li> <li> <p>Use the <code class="language-plaintext highlighter-rouge">docker tag</code> command to give the <code class="language-plaintext highlighter-rouge">getting-started</code> image a new name. Be sure to swap out <code class="language-plaintext highlighter-rouge">YOUR-USER-NAME</code> with your Docker ID.</p> <div class="highlight"><pre class="highlight" data-language=""> $ docker tag getting-started YOUR-USER-NAME/getting-started
+</pre></div>  </li> <li> <p>Now try your push command again. If you’re copying the value from Docker Hub, you can drop the <code class="language-plaintext highlighter-rouge">tagname</code> portion, as we didn’t add a tag to the image name. If you don’t specify a tag, Docker will use a tag called <code class="language-plaintext highlighter-rouge">latest</code>.</p> <div class="highlight"><pre class="highlight" data-language=""> $ docker push YOUR-USER-NAME/getting-started
+</pre></div>  </li> </ol> <h2 id="run-the-image-on-a-new-instance">Run the image on a new instance</h2> <p>Now that our image has been built and pushed into a registry, let’s try running our app on a brand new instance that has never seen this container image! To do this, we will use Play with Docker.</p> <ol> <li> <p>Open your browser to <a href="https://labs.play-with-docker.com/" target="_blank" rel="noopener" class="_">Play with Docker</a>.</p> </li> <li> <p>Click <strong>Login</strong> and then select <strong>docker</strong> from the drop-down list.</p> </li> <li> <p>Connect with your Docker Hub account.</p> </li> <li> <p>Once you’re logged in, click on the <strong>ADD NEW INSTANCE</strong> option on the left side bar. If you don’t see it, make your browser a little wider. After a few seconds, a terminal window opens in your browser.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACAQAAARoCAMAAACvlWQ7AAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAIMaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJYTVAgQ29yZSA1LjQuMCI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4yMDUyPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjExMjg8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAgICAgICA8dGlmZjpSZXNvbHV0aW9uVW5pdD4yPC90aWZmOlJlc29sdXRpb25Vbml0PgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4K8HmXigAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAAadQTFRFAAAA//7+HqXrPlCz+vr6/1chISEhP1G1////7Ozs+fn54eHh8fHx+Pj49fX19/f38vLy6enp8/Pz7+/v6+vrPU6w5en23t7e09PTPEyrpqamt7e39vb2/f39M0KVcp/P4+Pj3NzcOjo62traOUmm/Pv7N0ae0NDQJicn2NjY5+fndXV1ycnJrq6uVlZW1tbWvLy8DAsLm5ubv7+/zc3NaWlpTU1NlZWVoKCg7ykpBwYGR0dHYWFhubm5i+I0UmK9enp6FBUVW1tbf39/z8/PMDAwPz8/qqqqNjY2Kissb29vGhsaERERkZGRMzMzQli5g4ODREREw8PDPDw8yMjIQkJCJZzmcXFxHyAfdYLJXl5eZHPDh4eHlqDUNX7SjY2NK5LfxsbGPGPBioqKuLvL/9bKusHjhZHP/4JeqLDbMIvb//LtOXHKztPr/62W/3BG/+jh/8Oz/2Ey2t7yXhAQJDNC293nOE9nb5rJNAkJW3+l/5l8SmSFx8fHxcrkUm+UL0JWQVt2gxYWqh0dY6MlZIu2L00RTHwcaZO/zioqhdoxeMUtrH6mUGJXZQAAIABJREFUeNrsne1P2mofgA9gGAytCiYa1ITNkIM4cMGJJnN5luPZi0uwzp3TPVlM19VvTf+F/e9PWxBaSt+g5eXpdeEHtS93byz9XffvfvGP/zwDWByVyvpWuXxwsLm5sbHx3GINAADmwx9IACySomUBgiEBQwvgUwkAgARAGmiaFlC2LIBUAAAAEgCpkoDtotUhICABAABIAKSLmmUBZcGeCuBjCQCABEAKKNWaO0+jApAAAAAkAFLEbqmfCrD3B/CxBABAAiAFvCjVBhJgpQKQAAAAJADSwvFurVkc6w/gYwkAgARAKiSg1NypVOwS8DRJAAAA4gYJgGXitN8fYK4aaEmAxfMNAACIHbcHIAGwUPaOniTAHBlofZlrCAMAQBJYJoAEwBJJQNOUAEEwb8+DzQNBKAtlAACIHUEwWlmmBiABsFwSYA4K6BvA1npl3fjixYsXL15xv/qjsG0WgATAYiXAnB7QXy5IsBRg6/lhpgAAAEmQWTM7X0cWgATA0kiAUC6vVw4zGSQAACAxDVi3LAAJgKWRgO3+/xASyuvFzQwSAACQIBuV8sEwFYAEwLJIQLm8VWkeIgEAAImmArYro1QAEgAL5c+hBAjlcqVYyiABAACJUrNSAUgALJUEGFS2d5EAAIBkKRW3DjYH/QFIACyNBGxVtl8gAQAAybK7sy4gAbCEEtA8QgIAAJLlxfZqSIAqa4qUdSJJiqyLk/fXNSXr2l2T1cgFy+OljjH5jKIuK9KEIxVNn650dzVFbbBNC30BkjLNOzBHCTgdScB6sXmMBAAAJMvRdqX8NDJweSVAVbyjsDxBA0TP/aVoQTinZ7PRJUDUfA7QxAj1Hh7lOig3LGOCBIiyd/mKigQAAMDqSIB/JJbcUc03CEdrik8hAap/8kCbpuJuc1C8zxdwAToSAAAAqyIBakAcVqIdICcsAaKUnaYHwb90twRI3hIQ3wUsSgK2kAAAACTA2eYNG9YDDhDjlAAx+iFawhIQeAEKEgAAAKshAUGJgGxWGjsiojPMIgGSq68+MBGQzYYekTCdBARfgIoEAADASkjAeByWrC+foKYPdrF/+QbucIW7TypJih7sLK7jJDXRTID9AiRNHuCYLSEjAQAAsBISYIteujoMhqIqew11y03IJtj3jtIfIEeOm3ZtsF3vNEyXCdDHgn3OxPy9NOXgSCQAAAAJWBTD2CWJXtEuMELnHA1kNUkJGM1MUMRZqz6VBGheb4s+VS4ECQAAQAIWh2eoz0mRWrbKfCRAiW8q3lSZgNECAq56SpFHJSABAABIwCIRvWO3HEkC5Gmi8ywSMHMiYLpMgOIZ6hUkAAAAVlQCXIFQjzTnTZ+PBEjx5dxz8UqALUcgIgEAALBSEvBsNglQ55wJiKHjfTYJkKKcDgkAAEACllgCJO+wvkwSIMW3JM+MmQAFCQAAACRgRSXgGRKABAAAIAExSEBu3t0BZAKQAAAAJIBMAJkAJAAAAAn4/88E5BgTgAQAACABKc0EKGQCkAAAACQgnWMCyAQgAQAASABjAsgEIAEAAEgAswPIBCABAABIAJkAMgFIAAAAErBSmYCwxzA7AAkAAEACmB1AJgAJAABAAtKUCWB2ABIAAIAEMCaATAASAACABKQqE8DsACQAAAAJIBNAJgAJAABAApgdQCYACQAAQAKWMhPwFDclTVxId4BX+aOorSIBAACABMQgAapn4HZl/eczO8CjfDIBSAAAABIQiwTo3hIwDKiuiDqfMQFe5ZMJQAIAAJCAOCTAJwQqwRIwl+6A8fJ1JAAJAABAAmKQAJ8mepwSICUiAdoUEiAhAQAAgAQ4I6CcpATk4uwOGEmAO2wHS0AWCQAAACRAVHUt65NaX9bugNFYRkNdVFWMKAEiEgAAACmVAFXJTmJCONeCJWAcSdF0Mbg7IKdJ9oM0WZ10jFf5YjYEmufJdCQAAABSKgHSxOAt+04cCC0B/b3FIAlQ3RegRyhfmkICRpesiEgAAACkUgLEkGkA60yygWZ86ZEkICupAWMC9AkHyeHL16eQAN0uHCoSAAAAKZQAdVLEVPRopQdIgN9MA08JiLBssShFl4CxeksWGhIAAABpzwQYpxHjlAB3sz44EzChJp6o0SVgYh8CEgAAAKnPBEzoKZ8tCEv+EiBnZ0sFeI1u9JMAGQkAAIC0ZwKkIQFR0zcVoEjjOM+m+o8JmPUKcjlVlxX3RUhh1hFCAgAAIJ0S4FwoQM76LRTgE4QnrjogebfqPdYJEFVtqv6A4AWG3BKgSkgAAAAgAbbzKNnI/wwozIA92bc7wGPYvpioBDwTtYlDF5AAAABIpwTYuvdjaIh7ryzgLQHi3CTAKEvXFGl8QQMkAAAAUioBtqX0Zr8q1UsCfP53QE6bqkNiKgkImOqABAAAQLokQI4zBnuuFODzvwNkJAAJAABAAhYiAfpcJMAnE4AEIAEAAEjAYiRAnWaefmAMDi8B8VoIEgAAAEjAcklADglAAgAAkICUZgIUJGCOEnCVz+dPZv4U7Bhnyb9K/MN2YZTycfbTfDVO00vy7Vg95lnvhlFWi8gBSEDKJSBHd8CKSsBxtXf9ePn6IAEJ2Om0NuOVgGbr4u7holWMUQIy972j+T9nNmoGQujd678vf17/vHxzGHKTZ73XahNpunf8teY++vnR/sVD9VUxmgRMusMAkADGBCABi5eA+uXHfJ/GeSluCTg1wsPLeowScNYdXGy+/Ss2CTg3dqnO/TnzPR+h2Mr1h0G9bx/KoTZ51nsvP5Hxv8Le9W2+6L6MxmD3t79DS4DHHQaABDAmAAlYuATUurZA0KjGLAEP5lnOYpOAtS/2sHVSj0cCKmYM6877MXOWjyABv25t9f78JsymmSSg2Hlr/m5MAjJVe1lfmuEkwOsOA0ACGBOABCxaAor/OkNBdVYJuOj1en86Ynz+77gk4PDcebHfM7FIwOaNscvVnJ8ywrcIEvDmxlHvm70Qm6JKQHukWvtXg/b+mAR0nEf8K4SRAM87DAAJYEwAErBoCTB3zn/tvNkstaz0dOPFjBJw63jO1z7m8z8KcUmAFYRufp5Viq8frdj3KZ7ugJ+N/IezOT9lriOEROGzueuP6vHzvWrbarWvBW/yrHfx0oX5R9u3dQM84ZSAY0sNvv/a2djrWD0Q78NIgOcdBoAEMCYACViwBLwyH8vdii3GXsUqAYXMK/9e4CgSsG5GnttBU/cf0wI+C7FIQKFyvzbnh8ybKO3intX50R/2V7eyIZ3gTRFuA/NivvX7Vg7f2lvtDglYMzc1BrLUtHL8r4MlwPsOA0ACGBOABCxYAsx9P245kvelWCUgsPcgggRYIeTUEUar8UjA3Fn7GkEC6qb8nD/91etmhV5mAjdFqPf5yB3qg7EFdx2XBFjhfPgml+x9KD4S4H2HASABjAlAAhYrAWXz6X0xamrbflxCCTDT3ba+ha7tx1WTgJ/mwLqGvUPDh3vzTzEa8Xdm+9FnU/h67xp7fiiPJODmy1m9f2aHBFyaclB3VOFboAT43GEASABjApCAhUpAZt980tccTcL/tpdVArbzzlBjBqWGsJISYPauf9gOKwHXzveobr7Fj4Gbwtf7vbHn3dMZ8u1P5aFeFMd3szmYJRzlAAnwu8MAkADGBCAByUlA/ffdVbd93rE9gQu/Wq3WaaFQ6111z83O3QfHqPBCwXxk3xx6SMCr3slf7ZPOmeB1vj3jp5aZJT4xv7HiQ838LowEHPfO293zxz3759A49L5Q2Kqed390BlGnYSt8xzbzYFwCKtUv7fZ1dW/NFgz3+xc74p3xC6vA18Y3x472a/XuvNv+cnHqzuO/uzhpt08u9m1LIB0bh5vN76MLow5X1/eDNXs2W++Nt+Xhkzv7Xe9apuSWgI137390//reqhj7GCfdH6U8Hsek4Cpwk89tMCZXxnU0njZnavb0Q3E8EXM9+rFmyzo8ScDfD8bf6q5qW3nJ5w4DQAIYE4AEJCYB98OZWScVx6bHTM8a5f0wobV4POqyHZOAzKfhbO+X+x7ne3BMBdsdNgSDJaB0NZyoduTY1C68tsahm7P4O+NJgw+jIOqUgHpvuKTNi/+xd749iexcAA9q2FlRV2QTDUriaibOgoBRARM0MbAgQyLoesUbs0HEd4SvsN/90namPW2nnQHh2Xt9erIvVupMO2PD+Z2/Zc+IIt81cHmWprYJCLFfp2V31VfesM03aUV+mnrGUXJe2/pGn6GJyeTCb+HjVMRuSehJajEZAvJ+Xr5bWUGr65CPXcHORi6Qg9AhzTbg5Q0vPzAGwUHAM79ZDkGGBoGAI3+LOC+2yg/z3SQFGDEQYHICDAQsHgJgSffBPhz65RWnIQh4FAzJJOvtw0PAOlehX9sPvJ8MAVY+EgQcg1p35wwOlXfJp2XPHc15kh+9pxDV+FYB1M3nqRo6QXf/zCvMji1DwHFH0ZHIWoNtb+L3+wACSicOeIYTK3YHfrPKNwdGOXXOtiVCQCwHq/bPKQRkxYZL+KXuhQzptgEftUewchQBAoT3j/8yGwACLsBc5Q3wN1LsMCNGDASYnAADAQuCgBaxVj3F1EyBId+W/eXZ0hfQT83C7hwErHlq9aFM1HV5Neh+bzIERPIEuPimHY8E3HMw5H9Y9sLJJdE/fS1DgO0t1jnAj+/4EGAL6Qo16t7mICBPXppb9ljgklKA/Uya85ar3ltYZxCAX7Vz4C23k22TFXjv4o175pqXHCdAgI8NLXyTAwoB37miCBSEQR9kQ4Z020BySwRE6WUIQIDhMJB4Am0W0QQ18M7Z69TsMCNGDASYnAADAQuCAGSbHtvW6o8K/lJ+4YfcXOXm9KcVkNDVoHqSg4BrrEPOJkokQ3y+9eD7WWJiYCQIwBb/hhU7vDmAresqfr/52/RF2nNHX8NrS8yPDdV4mjDJ8YaV2fGM6xwNmLN4AG4WfC5dTTriXO9MVH8i7XI1+djTUULJA7ET7GV/YhAwWWe9mLFi2Qq+Btn69W3bsr/hV+dAB/gN8g3YEgR8J8hx8nUy8QuBCQIBuBYyCW5QRB98CxnSbQMuP+EANArSQoD9AIv8MW7sAghAf4zJW7MT+IndFJ8tELDDjBgxEGByAgwELAoCHF+7/NUABWBEMdQ3oFnG+WabtIILQgD+wq95X+uZOrtKuJ8MAfloEHDtWdvZKpiVDBWy0PDnTOocU0pAja8greb66unKZRBwhN5LCuripnQ1ztlzfNu1iO7V+AwezQ+efykz/YshwPXf4yHRiM45mAeuOzn5gzg7lgQBOOBS93LmDpsMArA6XheTGX6EDOm2gWjfNzNRIIAQXZu8wDy6Xy3DQUAaxFk8dNLtMCNGDASYnAADAYuCAGq+EmuxAoZ+sXCw9BX9SNUhhACk8JrUK75SpmpVuN+sngDWQ26rw37EQ4VVOiZmwmP/RE1S42n+ofIMAvDTpeFrepGuvuC6EVtZl7kfvnE5bQn00xWDAObzfuG7AMXQuku8/+LOkiDgO9eHl6AEgYCTQE1/HDKk2wZQqoK/XgMB5C/SeTpN3+GIS3XNghBAKwfsJn0U3Q4zYsRAgMkJMBCwIAio2nzovLNKhx6+hECA5AnYFlrboVq9x6D7SRCQiZYTADLWsAbdoUMOqNyLBgHYvV1lvxQrMAi4BZXum46ft8BBAM87ZD1OkcXEM9yremM5AewanDbf4m9R5bDoYUOGgJKQNv/GQ8AqeO4kLc7TDOm2gcX/LRsbESHAumnAUwRZioHD5U6AP4xuhxkxYiDA5AQYCFhYiSCTK/RF/D1oKCIEIG3cAvYm7gL3OWiq2cIBsO7vq0MtU3EoGgQcxoXCO7DGBIgH5EFeG7s6IbbyTbl07Iy9RzySTCY3KQTcs0u+gHQBPx7g+Boy1WKvnIOAFu8vILUL74UAxTYAUpNcOToIIH9PL9kAAIYQ+T+lzQQNBBgxELBYCFiSrPHxdBAwnicELIXmBEjQstw3ELBoCMg49KiX2SCgIBaSoy470SBgd1oIwFrp7h0QgAsB1xWvo8DUbgm4wdnVp+LVeBLy8FkHHIUDRYAA/ApOeWM77nfPzwFAgBDwhUUXiANj7hAAtgETnCaRjQoBX9uw/KN6rIIA7DMxEGDEQMD/AgK6Sq3+L4IAlhPQ0yjhPwMBo/+DtsFNqu9mg4CmVOSmnOr9EJCjFvFsEADa5chrTNOMgz0XNA1gV1/TSAe0aj2PAT4J162f2yEQ0OIh4CeAAJRi2UkFQMChWOw3dwgA24BJKbBRkAICUvjUo9rL7tlpDldEXhkIMGIg4E9DwFCpVEdTGsLvhwAWWhipIEDWtKM/DAEDpVPl40BAgbp8Z4MAV1nVNf9wAI6gl6NDwLOoxu+Am19aIyoLJPGAXZiPyK6+FLoKen1uvdfl9QpyLy+2Z4OAvSbUlhACsLsgtUhPANgGVBIsAyMcAvbQ43cmq0f7bxvdzXk1EGDEQMCfEaq5+u/Ugz2lDu73R/hfP7Jy7keAgLHySUQ+mH7+WSCA4dQHhoA2Na6FoRXBBw2tRQYBm/EAP/LCPAFpqvzEoQI454ZCQClIjZeUayz5ercN1Ra7uiw90A4oxV9jPf2at9kZIOCOK4WAEIBPQ4oFegLw9WtgKEu9Bpoh3Tbg3qDiOB8ZAk5ZjqTlJVw+2iEQoNthRowYCJiDydvrKlICZDwIyudnvy5BwGBaE73bU829zMz9QVcFDiIEDGZwEUwPAWxlvY8LATlq3opDjmjjs3b8DAJS6vMEwyAgMz0E3FAFIg5diq7rEouvMzVeEFsKcWu88rTwijsx6DdkCLiXIh+HnLF89EQ7HDt3e9NCwJHDlUJACDgVohjAE/AjzuoYsBRpIYFmSLcNfPnsiCpaAwGrLf7dbINzC5QQoNthRowYCJhdmIZcGg+p9uwOgU4Nd+9zv76kniKKRu0Oxz313GCeHljvcDhaUirh6eafCQKGY/AeRx8XAp6pshSHWoJvdj2wbbAb3FNuMeGACtWG4lCbP8qWmO1S2+AnrSdgBXXqWSPed5bAz/sROIQgfnpQw7h5Vb/3MOAxOR0E2Kgmv1A5rXiCFGQJ/WeLizqInoBv4Lg+tqRkyJBuG8DQy2MmIgSciR+0GVSoIUCzw4wYMRAwu0DtjTUo/sfJUM4A7PH/OBmoAwUjyeLv6e8l2e7DpfD1jqLOPxsEhC66/3EhoErb4ohDVcHDvs80P4CAqtKDu4BwQJ16qMWhOt8AwLIeWHk/U+O3upwA4gDPE6v4LAAC7iRrOS2G3ZHT/Ya0SvTK8KNCwEVcIfte1CE4JyAlutRZzaFmSLcNPNloaFzzEgSwBUm4poEAzQ4zYsRAwDxy8FTSUwe/A6Uf3RMwmHZuGClQynixnoBR2PzDjwsBzAMrDrUFD/s5++YHEFASg/GLhADm4xeH0nwPHqJ6dkU1nhd/i1/jOY4HoLOEQHsfdnVaXA62lhvyuotlZtJGhYAXDQSkxBQ9oHNbgku9wmhIM6TZBmCKwEZBgRBQF/MHQLtCNQRodpgRIwYC5hMPmFqpB0o3OgSMp9XnsuciAjjMGQLCFj349GEhACeL/Q4cwsZcjNeznsYDEPAmZ5QtLhzA2sqKQ+dCT71t0P2GqfFjwaQW1hhrTvTT5iuPNezq39zxAkhqkm/Ai6e3aJLfPCDAcnk9CjwBkh8fZPhphjTbgAg+EOjNigoBt2L1JN4ssRAI0OwwI0YMBCzQFTCYUgv2P0UOB4Ta9QNt0mBUcJhzOCBsBcOPBQFPgi3rRbVFxfAqOGcLLHsdQMCN0FHGbvjadz6egANxRflACNhw+Lbz2Ea3RTWejAvN6YU1oqvydd7svudPTICKcYe2EDwsTwQwSI4a3VEhYC/FC26OiP6DwvJlIYwBIAAt2d2jI1suu79mSLMNgKrORoYA3IVpBXxwx1wDagjQ7DAjRgwEvEf0Or0n67RlnStgpPv10ZRzB3XdGfamdFwsz9kTsDye0nnx34YAkIO+2mFf1qLSRm5xkAiXAC13AQSkGnyFOfpid20NBNA4c7TqABjVxotfU0cKmC0aewBaDnT/R7/VYecZpDr8GpH/4LLFG7Xg6hw4Bte/G3ENpISOwm/0tU7RLMgSwxk30ESG2vKZQUCRT6a7AR4RzZBmG7Bw/ZMVGQL2hUpR+54dGqSGAM0OM2LEQMD7fAEapd4P0sNd5QW98VRV/3rvfj+4815XF5QfDKebPxQCxhGSKUPm/29DQLy2ylmAPxXue5Qn5xbhT34bPXiKIKpfc6kRvFWlcd4ACOBVS7SjhFtZTvW8KSIFu5wGyUN8AGoc68U7/x1lSnFhjV7Hn9tgCPiKbOknm4t7gzMIq3ucTftrfhCAT0AubEJHAM3Du4dH9m1wPgP1kGYbsGUVo0MAxruDLS48EF4iqNlhRowYCHindPujgWhg93qD/ljVAHc8kjig1xspuvF0Rz21Eh7KM4fM/Wm5O+4Per3IC9DOr4eAXnCm/7AftOjBqP/vRYDZISBeIIViNvra5RQDp7QT+MRa4hmP1eGBsBACVlCHl4anQZLIRnW2VRCAPmrFpgoHTC448ixZBxjiEgTgEjtfbeZxJ/+MrMbJeXxtov22yMvICX52PrmAuxov6HkN/G4rBczs0iZwBHhpiXOBADzX31ViuttYw1IIwLzjnVqQKnC+E/WQZhtgUSU7KCEAT/Xs+Rbsi8nq/y7YoRCg3mFGjBgIeLcsf4SZl//gY5AFLH9ECIg7uZvXfB3rTVoNJyttrMsa1/nE8WkN//dzAAQQXe7k0kf7Zy8uOJg+AALwDS93z9KJKSBgolzSZydveAU08CBBAClVj7cvisU07uPPLFuoxoukiP/65ne+7rX2gWvEoXjeMQ6vxsATb/7aTfxVeY5DrWpjH0Lj5Ww7e57G77WwOkcIWG9hvd++eN29fYhzEIC788Uf/2HvbHubttoArIgWnTakbRom2jSR2MBbaSiglrFIgITKSgCpE2NMSAgJIWQpUiS/fY0e7fP+9eNjH9vHb0k6khEv1zVptIl959RxfF8+L3e+PPAP/5/p1pc/NeE0kOyV14EskYBgqOTqq48H92++7QcBz+tiqgSUn2EASADAolYH/KbPPn8jSiXAeJKap34Yj0qnJCDs+80HLJCA4Lv24gQ903DAvUd67HudUgmIlUFxUpjGw+H1iJdn2TYGf3G/TAJE/UX6iCTJrfV7+uVfbIg5SoD46VXqO/r0ZflH6Ta9aGrHu+ypCaeBRK4j+L12KQnYyvz9SQWpSRJQeoYBIAEAC5KAwd4fyXX3oyiXANF4r12hf0gGjdMSIAbnyVbnxxPixQvh3s7cE9BrnSXBP+yIcgkQJ4daOjkpSeOinaTTs+Yv2TYe5JYBpvfe0LPWS70e34Z+rK6e3RBzlQBx94fkZT+na/PUdU/S1yiUPzXhNIh66dviUhIgti90Tzm7L2aRgNIzDAAJAFiQBDwQnU8qpZw9FJMkQIjPT1RmffElmfaVlQDReqPi/fGpOTne4FUsAbOtDvDvUAcqkz0epJ/KSoCov1c2cv6+XprGxY2fgz/p8PGFEfQLpNrYOM+uUsvsLd5GR+TR8Vr65e++jmToQ3Js5iUBYud5GP3l61b2ywS67SjXP2pnCv2WPDXhNBBh6R9tDcVsEiDE0XvVt3D46GnmLymVgLIzDAAJAFiABMTDxXsH/faD5gxb7n4+7ref3pm22Z2n7f7T+9Nffethe/DuKNgu2vj7wiI5eh6p+8EPbs3QWOPhQb9/8NCYvNW103b71+1/fA3Y8o/I8d2iRfTGr35DT79vLObaY7w77r/diLJ0et7e0engZHBauLB/wlOXOA1m49pPx/3TevdyO814hgEgAQDzkoBlYroEQJoPzKMHQAIACUACVpK1l1PG7AEACQAkoCJsfCziFhcbjbZervgi+yXBAIAEABJQUQmAqbw9vPomnuiwJ2fSfeCgACABgAQgASvAllwY8Pg00IDGl8N04X8AQAIACUAC/sMMwtWBT569fhyusexzTACQAEACkIAVsYBzfdLkq194mwGQAEACkIBV4XovqYf4hLEAACQAAAlYJVqDnx/9dn6vd/KOYwGABAAgAQAASAAgAUgAAAASAEgAn1EAACQAkAAAAEACAAkAAAAkAJAAAABAAgAJAAAAJACQAAAAQAIACQAAACQAkAAAAEACAAkAAAAkAJAAAAAkAAkAJAAAAAkAQAIAAJAAACQAAAAJAEACAACQAAAkAAAACQBAAgAAkAAAJAAAAAkAQAIAAJAAACQAAAAJAEACAAAqJwFXAOYDEgAAUBkJIGnBvyYDSAAAwBJJAJkK/k0PQAIAAJZGAtSV+juAuVOoAUgAAMCySAACAIsXASQAAGAJJUBXgH2AuaJpABIAALB0EqAc4K+/1wEWwt9/5SwACQAAWBYJkA6w7pGsYCF43nrOApAAAIBlkAA1FkA/ACyyLyA7IoAEAAAshwQEQ7bkKVhkZ8B+aAFIAADAMklA2BGwv0+egkUSzBDUugKQAACApZCAcE0AaQoWKwH7qa4AJAAA4NtLQNQRcJs0BYvkNhIAALCcErCPBMDiJWBfHw9AAgAAlkECwo4AJAAWKwG3kQAAACQAVlgCvkMCAACQAEACkAAAgGWQAOkASAAsWALUeAASAACwLBJwJZKAH0lTsEh+RAIAAJAAQAKQgKpQqwa8UQBIACABsHr5HxMAQAKgShJwBQlAAbAAACQAkAAkYLkVoFsV8AAAJACQAJibA4TJ1agGiQfw5gEgAYAEwNf1AlQn/2sewCkEgAQAEgBzcACZV/3LxGYlWFtTHsA5BIAEABIAc3AAXwAa29vbnaXHb2TDFwEsAAAJACQAvlYClAI0/Py/tVsJtrY68romNYCzCAAJACQAvkICpAM0/NvrtQoRtBcLAECV5v1HAAAgAElEQVQCAAmAr3WAzUans1YxOh1pAcGIAO8jABIASAD8w8GAtUZnt1E1CWjshhbAaQSABEhse8oGnu3l9vFmi+3ZU1/dmzm0N+urIgFCGJ1t+U84I8zgI72QjgDpADtrlWMHCwBAAhRj008QhmOpX53RaJzJye7IPyAjK8nmnuUYoua4asPxSCO189D0dzXMaFdH285RsZ2a6DrusCT00N/SLmmH6weJnEA2wUMCUjzsvfH/3+2FvDm5z6d6vhIgOwI2t7d2WtWTgNbu1vamJgF1Dd5agFWSAM9UVzThhInYNwIrtYUV31lG+X04ih5yvdQWMpC+sytUqtqMY8eMgj0N9eLRbtnQQ/8nu6QdsuVuJAH+z0hAiQR8ubi4+PSs1+tz17eIjoBrGxWUgGtBV0A8K6BevxH/x3sLsEIS4DkyH5tu8I9dJAFB7h3JO3pRC7OvLX/eDPcxPbWJEzHWHUA+4cqehu5YxR7FG6rULUZuENwtDJ1IQL4dUgJqQyRgqgQEl/Xu/571Tvlcz1kCgo6A69WTgOutnXRXAACspgTIPG1Ft+BmmKhTN/MyCzu22sCwVfI1hlHmtcL83C2ILXd15R623MMrEIyRiu3JZgyLQscSUNwO/zEkYDYJEOK095zP9XxHA9Y2O7utjWb1JKC5cW23gwQArLwE2LU4LY9Vus0kav+eXA2824a6XR/FW7hhr36JBPgRu2pXP/Y4H9tWqT98GbcodCwBBe0IBzIsJGBGCWj1ei0+2HMeDZAdAUfVk4Cj6614PIA3E2B1JcBSt+jybtyIErXeExClb5WX5cZeLX5ITccrkQBLDfyHMwKtfC/DOO7rl5P8zKLQkQQUtENKQC3qFUACpkvAdq93xAd7vhIgRwOaVZSAphwPCNcH8GYCrK4EOMnUunXLdfN365olxDfujho40Dcq6QkQw9QjmZ4Ar5adhJgLHUlAUTt8CTCjHZCA6RJwq9djoeB8JWBz238/mjerJwE35XiAmhTAmwmwuhIwymbh7N26K2pO/EstngIgzOF0CZB9C4bllcZW8/vtzCzEVOhIAoraISVgqHoIkICpEtD60jvhcz13CWhtHFVRAo4SCcACAFZWAjxRJAH6Q6Z+az4K+w3CVYVOUjfAT901V6Gn9KG88TTcsR7bUdsFD9pyFUDNHHvpBYta6EgCitoRPCbnDnhIwEQJaB/49J/1njMlYN4SIOcFHtUrKQEtZgYCrLwE2PFyu7K7dcdP7/nBAzc8RuY4s4JfxGP8qVX/cX0fQ8RXnDBQYAF+okqKBWVCRxJQ1I5AArzQCJCACRKgGOAAc5aAYHHA9SpKQD2YGYgEANATIMYTewL0SQPaL0MzuHLUTG+iBKx7VqgBRq5YUFzlJ9SARDzSoRMJEMUSoGYeIAETJODB3t7enSbzAZAAJAAACZguAbXUcEBN74ZPbsc9y4xTtZwTYCvy1QKCYr9xsSBLbZdkbNsKPMBaLwqdDAfk26GGCEy5eBAJmCAB1IBblAQ0kAAAJKDKGNPmBLhxOZ5kQl6cvU0xsVhQnNTHI1UxoODlQlFwRHohQRw6koCidigJkHUDLCQACfgmErCDBAAgAf+NJYJjy8rXCdDW+hfMIDDD1DxFAsJUPpwgAcHIvlUUOpKAonZEkwXlvEQLCUACkAAkAAAJuBRWOLdeHwdIJ+qhNmCg1uprN+X+/XettFiQXt9H5fiMBIwSBQmD5kNHElDQjmTFgK8yBhKABHwbCWgiAQBIQFXRcutYfRtPZi1/Uq7Xv1sPxuWtqEpf+GN5T0BXdKMcvxlJQCq2mSz+D8f886EjCShoRyIBw/AyhgQgAUgAEgCABFwCM5qzJ7+/zymYJjCMpujJ1XzdoIJv10++drSPWS4BbhQ7WD5QMBwgvUN9Y3A3eCYfOpaAfDu02gEuEoAEIAFIAAAScOlKAX6yrTmua8ZV+GVBH1MxVgnWMF3Tz88qg8uUbriW5RpqcF4Oypv6PutxEQA/thV+MXA2djixv9Yd+ZHkNMCRXRQ6loCCdiQS4I2QAEACkAAAJODSFuAEFzT/QjDKreUPk21cBSDuyre66Yf0OgH6rX4U24/u2NnYMmfLrxBWlyBVSSAbOpGAfDu0KoJjJACQACQAAAm4fK2AsJ7PKCryn5MAVb7HSKr6rdv/Z+9cf9pG1jgsVJ+XkJRwCVXTpKySQKgJxKDciJQgRUkDdiQiLos4QkgIRSvtp7O7/XraP2D/6zPjGdtj50JLbU5gf0+EcMYzE0uleZ+5/+c3sSPwH/+aJQEsOP/15wLvDvjveN0iZv/+15+b6qcHq1YkYOw51K2Ef4MEAEgAJAAASMBTegN+/+PLoznGk74v6H55tPKxDNOrnvAcrxFIACQAEgAAJAD8Q4EEQAIgAQBAAgAkABIACYAEAAAJAJAASAAkABIAACQAQAIgAZAASAAAkAAACQDzKQGrWxuRh/LS+4+QAAAgAQASAOZKAkr3BSKyBjX5vmIKrtu9S5FSMxVuWELBNNtO8Z5pdpXa6jJbq3635SbGD28tIv2ikpIJBfkRt51jO8ybfjqQAAAgAQASAKKXgEMWngXny3bCGXm08zxln9QklqCz36ey/B5RS6nu1sup92TMX207SYW0SNG9XI3PmpYnP3VIAACQAAAJAJFLQJbH475xxWPvwJWAAqPPk65SUgLMgmRPxvDh2jQJ0Hk2ywvmyQa/vjB4kvXJkYC+8xFmSUuIqkmkFgroCQAAEgAgASByCVgbssB8zL46EixS/zsrJUAXwbcjxYBLwK9qKbshvzdNAuzRgeVPBsuT4Zf3vP9gSdNWmqxca0VWcMZ/5zpqu5+lVjAnAABIAIAEgOeRgB6L+GIywNsWUWFZlQBNG7AQvTpNAuhylgRo2uoJUYMHepa7LkYayqxUU5UATWuz1j8kAABIAIAEgGeXgOWh1xDnEfrBLwHfWNL+VAm4Xp8pAbwii7X7myzrgZwgeEFk+CXglN3NQQIAgAQASAB4bgl4cBv0mrbChKDnl4AEu12eLAED9nM/WwJkfDdk4LdXHrC613wScOwpAiQAAEgAgASA55MA3kpfc96waH3rl4BLdvvzZAk4u2fZdmdKAMthsS8l5hbuRL+q6FpQJOBejDhAAgCABABIAHheCeBx2lviL8K5JwFxPtV/XUhA+0Zw6UhA8pq18OMzJGDNtLsAVljhI+fuLnuTVSWgZolFh5AAACABABIAnlcCOkQn6iRBU0rAAWP/lC/t6wX2CfDm9T2I2f/jEtDgpS8rpgj4JWVPAW1J1sAquK1UKiO+gcAwDQkAABIAIAFgXiRA2conOVUCePjvl2ZsFiSGAXJTJMD9hIQGCQAAEgAgAeDZJWCkDgcM3OEAB+s+5ewYmE0I3noSsDHk2whMl4CrU74wMKkOB2x5wwGOA3zUIAEAQAIAJAA8vwTwiYFLysTArpSAPcZ581AeKzRxYqBcVFgdlwCTlx5lLmV474sxBXem4a+igno2m60T6QlIAACQAAAJAP8HCXBm69vTAAui/15ZHaDNlgCtS3RSn7o6wL/owCbDaio5FcS1kkV0AwkAABIAXoEELEICXpwEJPteFOZCUP0xCcjzswEfk4AjVjovrxtiE0G3gjt2Lw0JACACCViEBABIAJgtAXxEXxdH/i6zZn3/449JgB3gH5OA9945A3xBQUWtYKOvrBCEBAAQhQRsI0yBKNmOXAK0sZTiz1VYfMKdCXmLL+X7YYYEJFhb3qw5x/1mtB+UgI+txyWArzqgDj83qMo+7GTdV8GZ3KsYEgBAFBJgW8DfiFMgMr78LRwgPAkoHrez3rvNcrdPV/XmppdUrl/oeqv+aXLxWufOn7BZO9u7Lbtv13oNi07axxOKlgctfdg9X5vyYLuGYaScN+l6iz3E4OClS4A9Sk+tG/uc3258ugS0DEnHt+Hf/ndIwNsLfkbw7eCa/dIv/RaRGsoBAkgAAFFJwFdEKhAdX8OVgHSPRYWM+zbVlSvJ2usyJW84i8v2xnsISkcs0Ax8CpDhe9bQmfM+Y8nSt0uBsvE9ecesTXyyTb51jhSEYkfm1c9fQlSaJQFa2V2uV1/XpkuAt6bPJwF8p4HHJEDbcP/N+peBrgR7QCELCQAgMgngFoC+ABBVP8DX7cDigJ+RgKWK3bvsScAmix7DXqZX4OfQ2ymr7PJqdNrkh9wGmvzxslijrkrAqh1++obTt8DD2W2zfM43qw18eJuF/97pEbMOPT3p4fhqOkcCeJzcy2T4Q1ReugRoWx1bjIxsXHuCBCyZj0uA9tHefJD6d7ngeIK2yspfxyEBAEQgAW+kBGzv7PwCQATs7NgOEJIEVO02qdoTwAJvK8ftgMlB005hzfVBkl8csqy+EYFU327G+yRghcUe/SznDTVcyaidYPnK/i4IohM74yjQlyBJWJ4EbOmk1+RD6ImXLgGatpL4drCqRUsqvZ+LP60oJACAp0iANx7AJGAHHgAiUAApAepowNMlYCHLQv5R6Z7o1Em6cAJ9SSczzn+zMC8HBjpER2rxDXbr/OCB6MbXejfUIL3FGrLiWcq+fMIuDsVVi/TS+NPdklVwJKDp9kJ0lId9uRIw50ACAPgZCXAtYOcXiAAIJ/rz147rACFJQKx6zvvhFQnIE3W9GM1b7lWinkw5DLTYU4NqMRbzScCySX3fNL+yG71TTDjUO5pFQznb/2hSH/8pUaZBtOGE/qpIZt5yDgmABAAwnxLgWYDUAABCRXGAECRAoEjAoRdiWfQf8Ta4ZTljBZ+J6uOlfRLQDPb5N93eg6JOBfVOzqut5omG183QJ2PBlYA6UW3Cx0ECIAEAzJEEiK4A1wLgASBsAXAdQOkICFMCMl6bfGtspL4itGCGBGwW/IHeVokbt76uekeJ/IkJdlEnfSvmSsDIfcSmsvAAEgAJAGDOJMCxgA/bAETAB9cBIpEAFrPv5WWSyPDnaxMdzJaAEhOHzdO9xnW9IucRaCbp7+2rQWAwP+tF83WiRqDWY/uuKwG7RBd8hkJs5eRVTAyEBADwKiVAtQDuAVABEGL83xZ/V0EHCFMCNrzmf5HoxJctrQetYEwC9olGcp+B612pFRYVDuOx3B5r7RcDAwVN55qCHQhvTWppigTwJYLGwWYxbbyGJYKQAABeqwQ4FiA1AICweTfmAGFKQKxAVsoNuz4JSLZIP3hEAsr2dj710WBIZMl1gmmTJfHVfqOF4OCCKwE6mf5KO2IOgCcBsVOdVcl/si/h+wESAMA/VwKEBbz7ABEAYQuAUADuAFFJwICosyD743199Av1iTMC/BLAN6OztxlIGV6XwrnoGrgKbA48SwIe5HwBRQKScg+8tgYJgAQAMLcSoGoAAFHwJuAAoUrARoGoXkvmR7ztrvb+j4i6xcckgDXg+2LEPsXK2wMCSSYPrc5dWw9uDjxDAlZOqLDul4BEi33+eY+ZgFGCBEACAJhfCbAtgHmAeAEQTuR3XmMKEK4ExA7kVv/6mW/KfpPo+m3sMQmoeysE70SlfBDBXmKYb5CenS4BvjkBd842Qq4EHPTJ3OcXVXbxHhIACQBgfiXA0QAAwuSdexX4cwtXAmKX9mkCjU+Hylo8vrWgOWVSvioBA3c5P5/8PxKhXm4WlLCooHbll7364/6Rh7TuDCW4EtB2NwsqT9ysABIACQBgfiQAHgAiY/xvLWQJYM3u4+q6Pb5/6AZ6nfrTzvBVJWBE5LT2P4lJASyMlzxDuFTK7Xv7BOR8gb3ILOR2YNNnNwaDLb6G0J2kaJIehwRAAgCYbwlYfAMPAGHH/4kKEL4ECLpkJb0hAqsW+w4JOPUW8F2KvQdZSefmkXpisW+HoM9EHeX/FgX4xs8aanvPRVuQAEgAAHMuAYuTv68BeDJvbLd8JglQzvvJscZ3NfY9ErDvBfaMCPkF0p0xgDv/lsJFosKmm1c5mSjXdrGIuu32LhcGd5Jiwz1eGBIACQBgfiXA7gtYxAuv8F6Lz9cTkBuSLrf7SV0HDwSYKgHFE6K8G6t550HbmyVgBJrw7NaDeyc/sW53TkCf+rJbYtWi4fx/P0ACAIAEAPA8hC8B8SPLnbaXbCjT+AVLpSkSwPsPjFXZuLfb7k2iRty5ZdprDJfzbkHDXgh47J4qkEhOkYC6O4Fgb+xIA0gAJAAASACABIQjAWuVjtEncs4OLLIGe6PswocFyrpqBT4J4Of+tcqJhx4Rpe3irJV/Xc6v/Y+9c+tNI0kDqJCtpMHYXNqyLYwlPAg5puy1ha2Yl4jW4qyTlbyw0Ugrpo0QQmrEA088h9++XdVXMDgTLuGScyJNgG66eoD0d+qrr6qvjHdux//4szdkYO/78TR38fzBK0Gsvvt6MVkCivYZ/XWXy93Zh/tyiAQgAQBIAMAyJOBeFeN99CbjF0eL9ORUvn+P3A9w9N6++l/ujl/dQ+b+6731g1MzmHnnlQkUP3pbXOH4Mn6HwGCxoLvP3mH+096A6wMSAIAEAGykBHz4+L/SN39xwAkS8Onr16dpEqCdtf4lFeCf/oo+hfIfzh0F3HUGcn/4UwH2q3LT1394Yb3z4cvNFAnQ9KpaxejzS3ITrg9IAAASALAZEjAewH64R+Lgzc16+/xs5IX0STsXvBLRw/t+z4cWI9YLbx338OoquiHXByQAAAkA2EgJgMVJQFo/RAIAkAAAJAAJQAIAkAAAJAAJQAIAkAAAJGCbJSC2uRIQRQIAkABAAmBOCYhuogTkkAAAJACQAJhHAgqOBORim+YAMVsC4ukEEgCABAASADNLQML+PlK55KZJQDKXQgIAkABAAmAeCdhNHMiFAooblgqIFe1fU/IgsaskgC8TAAkAJAB+0gKkBOwfyMrAXE7fIA2I6bmcmhywv0siAAAJACQAZkwFOJWBqdzecf7y5uTi4vHxfo15fLy4OLm5yR/vqdGAbAwJAEACAAmAmccDYnI84LDoWMDNydpzc3MpHaB4KEcDKAkAQAIACYDZJUAuFxR3LOA8n7+0RWCdubzM588dB4ir0QAkAAAJACQAZpMAJxWQ1qOyLGBv7/j4fM05Pt7by9k/paiedhIB1AUCIAGABMA8qYCkrh+mirYH2CKw3tinWCymDqN6kkQAABIASADMmwqQFpCO69HDlO0B609KKkDccwAkAAAJgO2UgD1YCmEJkKmAQmw/eyCTAXo0Gj2UpNYTeWr2KdonmkwfZPdjOAAAEgDbKwHHe/xZxh/tlQXs7idsDUgn4/oGEE9KBUjIPACDAQBIADAcAHMOCBR2Y1IDbA9wSa4j3skdSAWI4QAASAAgAbAQC7A1wPaARCK7/iTsi5pSAAYDAJAAQAJgTgvwNGDXFgGb/fVFnZ+8ovkKwI8IAAkAJADmtAClAQXXBdYZ7zTPcAAAJACQAFiEBSgPCERgzZHn6igAPyEAJACQAJjfAhwP2BAwAAAkAJAAWKgFbBh8cQBIACAB8DuaAF8YABIASAD8hhrAVwWABAASAAAASAAgAQAAgAQAEgAAAEgAIAEAAEgAEgBIAAAAEgCABAAAIAEASAAAABIAgAQAACABAEgAAAASAOuA2bQsq9c0kQAAAEACfi8FGBy59JuV31ECCtlsYdozgFVxFj0v7rqPswrvhxnJZiP+hjM+KUACYC6aRz6DX5INsLzmrLWQgFMhnoJnZSHu+GcNq6ZwVxc2paLyAeFQL93Ip7oQuisKQhzzWQESAAuzgKPm8purBa3V1kQCjIT3JC6QAFg92QchWk8ZWwROnFjfeX5+bhlClCNIACABsNEWYAaNmWsiAaLtPblFAmANyIjqucwHXIuqrmL9nor53w3560QCYJslwOx2u7jEKi2gsezGGktra1YJqIuW+zjyIl6QAFg1527U185a4jSQAE27E1UkALZbArq/IgzBW3UBlV/XVnM9JOC66l1jL8VLxpWA1FOrk3mUj9LljHZf7jycZrXsXfnl4c4t0Losd1qZe+eiXT5NX7cy5+WMqtM6KJejXBtgZp5ESfOi/nNYAlT8RwIACRhnx7QhlP9s1mVyZO4tudne0pqaWQKuvdLAsrh1JWDPEEZVCBnUdWFkVF3WQ7QlDFmt5V6ehSEHaWU9wb3otOztaSHyctOVqDM1EWan7g9Q6e12WAISQhSRAEACJhac94nqPzs235hsAbWltNbvKemoNQehrEPX2dbrm6uUgKeUWxoYF0ayrCQgWjXaBe24Lq5U76t6ktDv7Ihfv0oU/hTi0t7jURgXhch5XfnDvb3L7XnRlognxyVOuTTAzESEuAk/DyQgL0QBCQAkAAlYUFq+O9ECustorS8XIuhWGiEFUGsTmJWu2rRKCchoD07P61aUNUcCSvaLqrf/EpHXXNW/Lwmhkv8d8UnTdg1Vt62lhMhJCTDUxfhRVM/UthyXBpiZtOzvT5IAvSPTUEgAIAFIwILCcneSBFhLaKx79AO6K5SAsh28ZWlg5MWO9iUpARHDubh6Q7Ax+eS7ivCadi0F4Vh0nENnZK//Xo7cair8275wIzpcGWB24kKkxiQgc2pTNtRkASQAkAAkYAGMxt7QcMDiP8mdyuBHErCIesTZJaCgSgNvZGB/kBJQFMYnRdW+yHoScOLG9k9SAu6cVIF8UA4kQHuS4wFPMlUAMCvZ15kAlyddQwLgd5GAWqWijldrNLvm6DB1zZSvea3JHS0ZRdw3KCqNbmgX+YK71ex2G+PnOXK4kRfHhsdrE/fcZAnwLCA8SXCw1GLAafRWJwElVRigOSMBz/I/9/5VV1xMloCMN+x/IZMIvgTkRfUsUh3txwH8JNVXNQG3JycnlylnXgoSAL+HBJhqMZlGP1xB9n6ktMwyxwOM14c1vZVpe5VQrsB6X+s5b7VCZ1rrOk0cDcPFaY3h0es9xxreCglwLKA5Eo+XUIP4NzBXKQFRYSTiwki7EnAhXi5d4pMl4FpcO29vy7f7EhCpi/yxv+wAwEw8h2YH/BkuDFSkhXBnoO6ObgDYKgmQa8qYzdcdRXMwNs/8dSK7N2Htm6EM6P3Xi+RXhpM6o8ERBo2pDW84g+D/ZdQBFi8B1t+RAGuVEqCVRPtWZfif3eGA4I0TJaDtzeS+lrl/XwLkhMNTlhuC+XgSD+6j29F1ArxEQd55UBTigE8LtjkTYAftgdWzBqGOogrk/V6zN/S6sd1eT3Xw7b+aQQTvNbu9fmisWQ4Y2HsNez0rFHF21OEGVrNphWO75bzotNGY1vCG49tPs7noaDxWEdAYH/9vmrWa2RyvE2isUgJORKuuUqtKAgpVZyKAljibIgH25fdQPolV5YTBIBNQFNUXL1kLMBtRL+oXWtIxxyXgwVvX4pOo82HBVmcC7ABVe7+zU5NRahj00e0IvOPuUAkXBtb8Nw4r/ki3FQp5znR0sx9EHHk4q+a/avon4YwDyBlt/bca3mCmFuwvPM0xNhrgDbFUrAWPB8wjAWd14WTxlQRo30RVGkG0UypMlgAtIx7S9kU6I54L4UyAJhcN4roA83Ht/P5iT6Kefi0Bl0K05Q/7wnBdFWBbMwFePKoN/TVsBkFPtRv0yEOzA3asUIge+mVuVigr0PCPbIY6vhXv0JUg8qtObPeNhjeYyjQJWPyyzeGRlFCiYSdsAYOV1gTI0C6+BRJwVhKidP1gyLHZyRKQbIlqJvMiOvZFOiwBd6HbEQHMxm5ZiE6mVBWGvI/QuATIm169lMudkZtgA2xjJsAKv1zxIpfXU60Fw/jhKYI9y+q9ep/KBJih4fCe3703w7PkvL/N8cmHUxreZKaN1A8Xn+UIVV6E5wKGZg4OVzhFUEmALoxsIAFapF0Xwni40KZJgLZ7XRVCODcJCEmAvXea6wLMS7tl/7qMjBpZeiUBWv5Zbn0+4XOCLc8E+H3Shv8k1CGXkwNrE9cJ2Hn9vpE9+u7oQi18NHc+QrDVP6Ha9IY3mak1+0uwgKDUMjzYsNNc6F0EZpOAqRwUCz/YQy/uv3ptz7/3C8A8FHLJt7amcrt8RrD1mYBGOF41/GDSrI1H+2mLBQUHGYb38HY3R/P6FRXbKyORyjODKQ1vZ1VAfwkWMJg08m8udGmCBUvAbJQZpgUAJGCxmYCaOVoqcNTrVsYz2yOZgEq32bOGw2F/cibAe9KYNAKu6gT+z9619rSxa1EhkAmPQkt6W8RDgqCoUyDTKs1LSlBQ0kAmUh6Fi3pDQKhCIsoHPuXz4bdf2zP2eGY8k/Q26QWy1jkVxJOxPcbyXnt5e8+thPiKvuHXuSEwDS1A+3qi9kRPJT4DErCbObpPYlkAAAAkYEpKwKJ4BY3zVjodCSgPgnFuWiWgr4tJ74bktdc2/LLR/ossQNRc1gYnzr8OEnBeRfYWAABAAqaoBFAvXx4wf+rpSIBzLH34+PTw8BStBPR1Z/36IWfmtA2/2h2BibOAmdgOyB/xUEIAAACQgCkpAfzj7ZP33XOqiWfn0Ya35XFiArphSsDgtq/81wtv+OVHBz78nbgAbWDg4rMODPwfsLuDJQEAAJCAaSoBosjO7t8LkoAn98z5fDdaCeiFxQREHJX3NvwKUO4/PQ4/DB/63eHUtIDnfEQQAAAAeFlKgOtGBvMEtFVvc4QS0Nblx2uPTJp3+zryBARVgWmxgJBkQYvPIlkQAAAA8FKUgP7trVTi54fyQL9CAtT7RikBnsP/i+XBYBDIEyA7pm/4VeFf02EB/ncHhKUN7oIEAAAAgAREKQEPahDZg0oChorz31d99gglwJsxUIQJDjx7/uXyYkTDrwvz5eE04gKe9wuEAAAAgJeiBNwqBlrJ3juQYf7zZfdlQ3bse4QSwI3eQ9vdoH4ShXLnuvxo69QhDWNH4I/yETyHVwkDAAAAL0UJYIl+ncR9Zff8HzfRYh//USjOvYESyK9XAviNtqVz3yI435e3tVmw3LAd3vCr0wKmwo0ZlSkAACAASURBVAJ645AAxAQAAACABIw4HcCl5eHDYPCknizr2aVPrsV5fGLWbCjJgT4mYL5tv2LYrm4oUhE8OI08KdZJ3zDiAn7vgGA4JjCiIAEAAACvWwlwE/dxBbntFZyHvgQ4D+6rgkOUAOWouhqf3ncbeRSl+oYRFzDWEcHhKA4wxBFBAAAAkIDReQLKt4/CxCvn+gZK4jkn7Pyxb+8NtMOVADtdDrdQw4Ha/bJd+OHRfWeQvmHEBYz9d41EfxEkAAAAYNZJwJhmqtvt+l/mW+52e7Ko3WMfnIT0o/PSe+51bppndZSDX+yW24uvG9OIC2g/clZW7j368hJ2y31+aREkAAAAACRgPDOls+sTf7tve/G1m/u/GBfQE+9dUnZaPgxtnaU3eOyBBAAAAIAEAM8xLmAwIVLlDxKccHglSAAAAABIADDpuICJZka69b+eESQAAAAAJAB4tnEBE02K0J1SvSABAAAAIAHAxOMCJuuw9yaZHwgkAAAAACQAmGJcwIRF+7ZLAtogAQAAACABwDOOC+hPut6Hyb0tACQAAAAAJACYXlzA7eTrlZgpErD6FcvFeNhewxgAAEgA8H8nASxvYv8FdfhZk4DNsyssF2MhWSseYBQAACQAeB5MYHZIQHI39NKCv2Au6f38ZkTdH2vETIbWpikJv5JMjvk8u39mi3+nS2M1tZscq3sL16R+iKX1d0ZWjzcYPgAkAJgl/BEJOD7NWZZ5+j14ZTlv1km9knZNWKaRs4yzUkp8fnuaIPXGu4ja41ekGOe/rTXNFqmbzR157bDKS/LrQauZqtTIZbagGILNbNEwio0vzscL0zSb3puqtOgT+6VpVZbZz7TJUcl2CmEedsNMez7vndoPODdOl7Qjt/P1plH5rBikrVOTVZmXzy2613C617jfskcotm6S3A7W1og5uWe62FLK10um+WvcOQkAIAEASIBAwSAcxpb/SubMvkKuPonl1Skg5h4vWL0kpEX/j3BfG6Rlr8dfE869iQvHqqYtX4nLHCrOldKG8AtF00bHfrAU/d1667EP7PI3plVY9s+Y7C5FdkW7VUGIp+286JK5MrJL2pHbuOE1HMuC/aLoQf3ckVJE987c3lk3dq0rFqlibY2Yk/8of9J7pfyGfk6NOycBACQAAAkQZo8utT8LhQZddgs+s1cn5Ec+1aSLamKVl5SotaoWzqvUitkK/ym5uohlciTLL3/XeF/HotpN2kAlncqbhNTs9TnNTHM6dXcpS6TTTb/Uqm5VKW0oOipBk3bzaGurQe9JSxLg7fGdIAGxLGnFHRJQLJVK1zn6JOTsrebpq+RSVZ0LfDB4l3LJUV3SjdznOjf3FSk8pOhYtUp3+VNaJXFYgOgeJQEm616R8YasqNT4MvNra/icZH92q+VAEYLY7CLbsfHmJACABAAgAULxbxGLG84TgySSPh+eZJlsvUZ94FNWcE4NIFcAVuqOKW7xRXqbGOzOjUQt4G3vFkmCS99vrsSCfk+dae4iG8T6N3eeK06Jaot5Q0tFcdOBQYwM1xOofViRJKCo7iHXJQmIfUw69kDY3QtqcH9q9o5rRN1SoK1YXPRYrwiuEd4l3cjtUxe0noq7tx1S45Rds7dWaM83Y2r3aJ/sAVs4N0RP4wYxZ31pjZiTjDn+Ct6R5HKLrQSMnJMAABIAgAQonlVHOMUk5blEl+IlW2ena7FjtD7Ju5jZjhPCDOOOQfbpj47PlDN8I2RLKALO1YW6vT6fSjtL67c8UWA/REPUhtaXHRt8E/MYdtoFajmVTeMTXvBNrcclAbEvhNS0T7+nfGwSknc8ekKuY9Fd0o1clpCjDfW2I8qf5qTq4BsgSQL485VkFZkZX1oj5iSdZHyuBaWDovPV0XMSAEACAJAAAeryOvJzxmej3hGSc36lC+xqLLbmet4b1OFlBpEQbvIsssm2162g05UlRlxYOaHslgj5SH/kCBEuc84uEdgnpOIa0ZRjzh3zvu1YCGopmMl176LVNsJJQCzhtffi6Sve3orBoI9Uj0V3STNylGmYHjazbxBjSXx4S7nOTggJWCHkUtKm0xlfWsPnJP8TBXMp0GHOdpztgNFzEgBAAgCQAIFL6SDPGR51PXbgOsMmt1abliUU9V2L37Zr8LC6TUKWYsmc8KIVuOL2XiYTd7cZ/qHNtaxLxX4r4fRM8u+4SsK91z/+5ej6lAQUEkpo4B7lLE2HBFTq9bifBOQ0HvaKz9H8nMkkXc6QjO6SZuSyfptz77HojVbrQu2eQgIoqzLkroa1PttLa/icZFMxKOjM0cL3HfIfTgJGzkkAAAkAQAIkDPLD9ZU96+sOsTcBmL22BXwXdIk17SW5EWOR2Qnm6heD5+u3iWYVLhLiiwOsEUM92b3lbshTJtJwrOm5FM6bggQ0lcCxO/qNe4cECJFBIQHLBrMKPtyRWsiJ8lVCzmLRXQqO3H4g7iDrkyYkH/GTgGNXZelo75klhM9JNmbFwPcL7M8slICRcxIAQAIAkADpqrsyN7NNOz4Ldi4soM+4pR3ry2xX02T+9KGl28qmK/Omv+wkIPFuyth46WvfOb+uOWzjMyE/+E78+pkbGJg/dB1F6kDX1jvhJKDqa4OTj0ToebyOj70Eu6QZOdqlrdV840fuSKQZoBcOxiEByzmXzpwT0pzplTVqTsYsUsqcVorZvDuuexb7vlACRs5JAAAJAEACFM0/q2zFesTslTNiFd7GVtPU1Hpd9w2pw6dq7DR3mjEG3U626e77O3hTsMjVx4C/7In4fu/42sy2C4+cOv3ml93kpqkcEWwquwQnTK+vBklAYY1i79s1vT1wcPxCQ1E4llgM3050lzQjR/u4dekkE7Afu+ZsUIeSgC+0dxsHqStCThfcXs12MFvUnIzz6E+eQqAwJzeT2CaMVAJGzUkAAAkAQAJ0TnjFH3gdpxaXsBW14jtif+T6rfGT9PYhs8H1VU31ltjptl22XO6MLuElX23nASedcgyHOzSlLM9O0Vnsn1jq2db8hQwNLDGf+yhIAiQ6QWE4KyMfVaEix7MK3O2O6JJm5HhzrZ/3JYvYOvQG7W4skgTIZEEp1QZezvTKGjUnD3huKfNMyRWUskUbqQSMmpMAABIAgASMRQLYlj53uo4De7BqEPwclwZSmtqT3p31fdveffX27JNBar6MLg1xsI7698JQr5mOj70g1/5ObO7MkST2uEbfiCABpU8B2dkIpKKx9z5YAgJ/xp5AlzQjd00v/WSx65sJ+2Tke8oJHPd+28ZKGAmoSp1iTc8cQAL4FMoZOab9vCuJfBFLLTuvk6sERM9JAAAJAEACxiMBeep0Ne6zLV/21m9G4DU3HX6QIP7dV7xEPJlv3lerjRx15q/VQ157dWL4swa/p0Y0m1nbv2ep9OwaVoqEVDpVU8r6lARUeRe5Ib/jcf7ZIAk4SlGc31H7bJzE/FzGiAdH5LhazRZ9OWl1XdKM3BWlBzxwgR1hqO/y569J55/IFIcKCUiz7m3d0AYTco+k5j2YABLgweqylH4aNjuzUzApSkDknPwve+fak7gSBuCQmEmBXW9sIgFJUNOIjIgBuSRiQpZFwQTiuseYbEzMxt9x/vuZ6Y22tJUcd8/R8jx+AS21zs72ffrOzDsASAAgAXE33Hwo6T/UA+Ofbhfr4xQXUzEths5Sm+aNvC6ufx2I53vhkjs6mg8CY96FB7eckJ+mU8K/NnOurzkWEysf0VYv9hwJkCrM2lMDzYmYb1iBIW5ioDKXaSjfcLk8VdDlr4dwxcClS4poubGoVRcZ/7yVCXFWtcdJgNPgppKYbsa7LlFAAqL7ZKBv6VETb+1mMBMQ3ycBkABAAjzqvmd19ZTtX6B+7CX9Ny59k9wP5qJ2Hsr66+XYX9T3v06Dy9uqIqIG7v6Dr9DfZtcrBRjg3qoD2z0+d6bKD7wTN5wQ0bCXLNxaUwOv7LMkSIAOEk/hWBO/FO+oJuabiZcU0XKTxQwIZ4rixC2AkK0rhrESYFS6i6tZdwlI6JN+DoXI6Zz/9b4RkQmI7ZMASAAgAYt7pa8ay3VwTfbdopJOabFArv5jqZKrvRxb6tr6u4/ih+/3bodW23ujDO7yO3MQKPoXePK+au9ax2rj2PWdSIXa3EICTq0T/LTDaZIEtEWwOqCK04cJO9YPImoLBS4pouV8ayF6dn6jax/r8BQvAfpnM+8PFJV1vrMm9Ek/1kiBkq3urcV3pQ63t+VX+yQAEgBIgP95au6+9NVoccKgm/W/8BK025dLeXJnOfa19f1moDhvRgRWBzicL8roSXXixPHvr2K6aT+1D3w3/6OFBBjfxfRT1Rl2SJKAZnC7Ib130HPCL74TcdPKnEuKaLnHRYu92NF/FqiwkCQBfeHWLMjU4gPfehDfJ/10dfWnuQgye7VPAiABgAQsOPPK9h+EHpXlYvW+V88+d7Y0Y85Zjm06IwYT4R+BnVibDtgHeWMADe9erULl11zS1bmRPu/LEKub/47vR3pTghdnPDhJAsqhhYiNiNHm8WIjI/XXnyZeUkTL+QoYduwfHrhz2F+VgJH32YKID3zrQXyfNMc1rx/MtSt1Bi4/rG2jG6/3SQAkAJAAj5aX6X8JzdBrLbL2z86PKp2I3W3s5dimc+OeBAZgB95kAl+AHLk5chW/u7tJF1edi9qJE57HzhD99tR+TnSDcWEqLidiYr4mAZ1QIb7Q3kFuksFZGpi5FGI7+ZKWW27P2/k2OxVT0zljp7KCBOz+sDZUsG4skZserxPxfVL9C7sbMt2LYJWHwMTApD4JgAQAEuChY6oVp/fmbpzN2ouqisLdDudgKmpHTvjuhIerN53l2NdWgDsK7gc48yZlnQoxts97VHO2KFbP5g/BGXCZE//Zc72pF7g7XrZcOkvDvCdyqdPAz0ayBGwoj6n5K/hWo9L9uiyhHcVLbuoh/pIiWk79vpFudvPRvaKqOn7giM7x91gJyKorf3BmwN2IqPIF60R8n9TeaOdztruhf0C/BCT2SQAkAJCAwM1zXjo6uJm7a60abg0d9eA6bhWzRS/w9dShNw0PO1zmu/YqwEfRLRjmyFof73HvxW4tEON+0z6bdYf+uyZEb3E2dZevXIpDJxLutIZnY2Uh7nNgXb352a5W22dCTL4EJOCbloBqnAR0WoqevBah0PosxsvTznUJ/+/lvZ1T9cGptT494ZKWW06PRIvOef78pxCHTuJCtaa4fio326VHvVqtHpKAF315z7fqc/Zqd8Na71Bc83trfJ80daGIdjXfUG13lgl+ZrE6ILFPAiABgAT4Ap90J1VJ0w1CdqLc7HjzrezZe9fBSVhOmDMLbpiudQ5Di7X1+n1n4l9u4H3wyX1s9tO2Kwr+ZR99YX2vu3iCa4/dA+f2TAVPAnRMHRhxEuAxDsxnrBxG1pXPP3gl/MruoHTsJS21nGGcuE107S2CPPXNXTurGiEJ8HhwM9aZuXhY93trfJ806l6jdfNG7HBAUp8EQAIACfDTv1RPq7VL90H5ajr1KuxYNW5qXWeCYLQEuJzog+eh++2Tb2+gtrXQvvbVec5dloDMmVtxz7iodR9b9/6FA4WRVa1n/OQM1XsSkCl56/DiJGB6OXgODjzcC3Ec1RZm/9D6gPzihOSkSwq3nL7KWx3zx9I31aHQsttt2nHbJiwB426n5J23GLX78toR3yc3WpZVTWamES8BiX0SAAkAJCDA1rdvvtz4li+6547ujzZWPU21fRJe73cUmEn4+eR+L3FF4CJSR139l9PT7G/633sbsS29OyJ9/Ku+8iUFW85uhV9LhWoLxfbF3oqlgKWoUeg2sU8a2dOLyJ2Borp8RJ8EQAIACfivkGL8Drdy255P++/ztpKv+Us0AwASAPCBJWBn6k0NhJWkac7+twBIAEA6JEAv6vrG3WJV7mvsfwuABACkRgLUs+2EZdorcjxlMAAACQBIkQRsnIkfzM1aic25GNBUAEgAQHokwMgNz7hdrMblHQ4AgAQApEkCDGOH2wUNBYAEAKynBAAAIAEASAAAABIAgAQAACABAEgAAAASAIAEAAAgAQBIAAAAEgCABAAAIAEASAAAwLuTAG648H/ybyQgD/BOoE/Ce+2TK0sAYQg+mgTs5fni63180Sf5eq99EgmA1EoAAAD8puEAmgOQAAAAJAAACQAAQAIAkAAAACQAAAkAAEinBHDDBSQAAIBMAAASAABAJgAACQAAIBMAgAQAACABAEgAAECKJKBCewASAABAJgAACQAAQAIAkAAAACQAAAkAAEACAJAAAAAkAAAJAAD44BLADReQAAAAMgEASAAAABIAgAQAACABAO9RAjKFg6zv7W6+6ta92t93X2X29xEKAAAkANIlARvtkZRy1K/bwb74ot4Ne0X9piJl3jmqLuUuTQwAEC8BPCnBx5MAs6cMoFR6kqMD7QBlZQD9m5mU90gAAACZAEi3BJTlXV4dVTmXw4JhNKW8MNV3m0N5jAQAAJAJgFRLwIv8Zb/oyb8NoyH7rhuUkAAAADIBkGoJGMqi/aL91DCMlmzY7w6eZhkkAACATACkWQJm7rO/JlOWT1uLt0gAAMDvywSY21n412yb9Lc/IAFFKVt17112JF+aGSQAAOC3ZwJMAvnbwAL+gAQY7aGUz+c7bo++k/KusZdxJWDWsukhAQAAb5IA8gBvzQXQ4f6ABBg7JaUBsuc88++XddmAlwtHAnwgAQAACRLw2sFE8bdCh/sTEmAYW6ctKYdF512lqa2gbEtAsWBzhAQAALwpE0AQRwLepwQoCv3F+L9h5K6kbDMnAACATAASsA4SoOsElH3vruQMCQAAQAKQgDRLQHvYc16dy56RH45y9rs9KU0kAAAACUACUiwBTatasOZGloxNq1qw5kLekQkAAEACkIA0S0BmJp+tMgFFKS902eBR04r5d/IGCQAAQAKQgDRLgLHVl3JW6r9IHfWNzLmUL/1ST8rnz0gAAAASgASkWgKMzH1PVwZ4PraPPenfqXd3bT03AAkAAFhZAlgiiAR8QAnQHrCz46/G+Km+RWsCAJAJQALWQgIAAIBMABKABAAAAJkAJAAJAAAAJAAJQAIAAOA1CaggAUgAEgAAQCYACUACkAAAACQACUACkAAAACQAkAAkAAAACQAkAAkAAEACAAlAAgAAPrgEUCwICUACAADIBCABSAASAACABCABSAASAACABAASgAQAACABgAQgAQAAKZIAJgYiAUgAAACZACQACUACAADIBCABSAASAABAJgCQACQAAIBMACABSABAuvgcTY6WIROABCABSABAmql3xiKaGo1DJgAJQAKQAIAUk50IgQQgAUgAEoAEAKwh8h92zvQnkaWLwyGYA4jLMJBIYEgQQm7ZSktAlgQMBAS6SVgcxxhcYiYmGj/41W/j335Pbb3RbM68vndmum5yb1NddWrptn7POVV9wYOAvx4ClpKilzwI8CDAS176I9OFBwEeBHiRAA8C/kAIqABE59xK/bRxX26Nwrn5hReYmb214VJqApBc1nxqreLvmqlUbq3py70rZ6UJWTvl1q4RBmj/ovdo4Yu64A3+qdffkYgn9h4EeJEADwL+JghINfTJwponrVtxlVBt6VDcH1R00mvk54jKacOqs/FynZD64NilZH5QJ6P2JDJ7J93iLZjTsFlVNdDaxdyaEHCElnS1dfY+CBjq7RUOiIcnPaKrk+xqNner5Qu4KFc31sqZTclGD/TK5Kf+uNK37RE+nNkn6VOOkidKajEEFLTzAw8CvORBgJc8CPi9ICCOi96XudWU6iXAQPy4tUdH6zTvU0v+VNMuxjsjgIRJBLIwmTiHtCn3YrUTp5GqLlsISy7piZzLf9aCgBoRzSfeAwE+7Edpaam8aEM/XcWmUpFjU9bImUmRtijSzb//FTkaCSMtG+r4Std8SOS65FsAAQ2ABw8CvORBgJc8CPi9IGA7I6K5s2kzf81WfwEBvuShmVB1JmLp1zu1fgcFUnX45aFinVU3IWCIC+xhIjHAzKKjLbSjdfpVNEviDuXGrKta/v4CoMJbiGoA59X8EHMyW2tAQJVZqg1wna+tDgEPAEJZyzBaqiQlHFu7WsThQH/5U9nCkdQf8rfnOJIvK+fM4gk+p+5DvqjiAP95NwPgtFxX+y1EgbIlu0Afol5vs0Pzva/zIaAG5OvajWKPFQ8CvORBgAcBXvq/QUAwtz+nSpR9L62ZkQBrN66AUM+/jwLFIgBhzSnsJeY/WiMBWQKE+fkFXGjDznhELy0kd2D/4ySgM2HbbcsWECLK1FndwZzW6hCwOQKdefKnBDK5d0BAcG/pjvmXjOhkAmdue6ntIkBjW4wksXLOTMLGenQbxYd9vXzvy4LcMmSDxCFkrT3Uhkynoz9qF0D6cyEgqGyt3+h/GAKirR5xTb1W1FumPAj4c1LsNf1rDCkvigcBvyUEzE0xXP8nx98BrmbvpQnX6h6AcD3zqFU27zSJfFBV7i0eMfr04nhBy+knHwIU+FUdiE0WhgBVfnWAniq7QDEPyV5kVoeAvAheBIMdoevrQsDSRAfdMNqoLS3eA8KfSoTAuW/FnNlUlvsUuXOA8PtekDRAhV8lTbTy4YO6NzcHtsougzIg4B3J99+FgFBm/mcCGW8N8yBg9fTSbDYfjV9NnqZPLzLnmefcTJ8jjpr0zpu4fhVWRGmenkN3+G+j8JRfPRlXNE2bzSfRsJGLJW6EcN81x4FAc/oco79umrZ0Y3YjbR2Ai53Q61MzQA2J/r5Z7Tx5EPBREBA5+Gz7vZtNpxyrYGSZMxsxNSQ6KGFhdwiYcPHfEScDMH1GZLBHAiZx/LcVAlrGnnrS0GOeNnQYiY5VHREF1B15jFDnLUQMuUJigC0XCAiFHTO2m0Vfum1YOhFSbYOA6LHjzcxltxZBwG5WHtTz7RmnGQcAR4Y29paVPjIj79cA8RVzRHcPdozrS4AdAz3MswjbBw7h23IMMRfe37DAltD3bR10A9scrn+NEMvRj+heah4EhBWjDcfDyIWzG6tGAqyD5Dd84djil97yUmV35lhdBQKuYEG68tapPxoCfukngrG7gD9givIYf/kDNN28mvd5zvjZWRNlNSLc9YDfTyEAS/sD8p+70CMWYXZiT1ifl0U1tsjuTYC3ThuW9rEsF+/HZkCkqcJqMrt+3oS/aVgIPNsGMGMn9DyWhp5YJ96YAWFu6kHAh0BAtkzPz2kPUhRzNXp6jqjfzVUwMkDvhrTt4f/PmqbS/95rWkQpawDdhu1guysERHVgleK6Lm+mdOi6dMsKAajnJ+5G06bSoUB3rLcOTk4kt2Dv6WVWRgSYhoSdEBClo+xeC73HYR3FVQKH9Atw2UEf4exiQkB0SPe8RwOucCVNq0ZxPnvBiabhtHbxN2a3NY3qR0HT+rn7OsHJpbLZb3QB9KuQnOZPpu5sLindNx3rKu/KKjmYvg3ow9XuhcqNgPic051uVVDPuleGZkcn9OCfXt4zKI0WgMtETsZijk3Y4Dq5p88cbOgYD2q3g33Q1RMJATjTBf4+lVOTjBD37BWhhUzUKjWoytb7tL+qpuGPET4hVwhwDJLeiLdx9jJX0XkvvfFKT4IJHB2pD1NuVleBAPo+uG8HgBN3veRFAhZBANXZcdrU0MC42WSSKbx8JvVNrsZPMWtVegeFnnvaePlolpaRAMUQaGqAGVREyRkIwIqvdvF+oZnj6bQpmIRHAngXjUjACyMWCwTM2gk9s/FMb8ayw2/WbnqRgA+BgASR58O5s7hVl17LoVwFC+J/iKqfWSt+AkMQi+J4uF5YBgFVq8PJUxw4FyyAgAfjuib2n4Ozyh+2n0uz+rHCt/4CchPAh+qXc0DAbcZ2Oh9zhvRsQ4su7+dBAye6Ngg4lrFfnXXwFGeNzl8vaHz7cG8qSRI7q4rsmm8irkYKlw7dgjx7S0qbqi61fpWcoK8qH3ZGkQ83bDT6jYut/B/gExF8iRsZ4mCB4erWPwnll3+ZV4IHfKr08XPfEskDuQPDQU5+s0A6AgLEZOL7VGGmadfkpxLQ4XsKqYnxLckW20vi6bsLBLgNsiiyevvuL735Sl/L0TV2XKyuAgG0susHoZuwxIKX/s5IQOz57u7FJZ/66gH/s0VDUSUjL3eGltIrqvKPN6bkWyBg/CIiAQH/o1naaPWG16H3xdWbDA7MQoCfy3HsKeCn4h2bovnHCBdx/52zhiUeEfC/WCHAaeeVbinQEsqUEwjthP/NOxPwkRBwRNDH68fzuNhdRMWaXn/48f2WiOh6hfo1arFUzDjE2gIBQMq1wpAuzfuLIWB7BD3nV+NF9z1wKwQcAJyzdXW35zgYmDSh4LMZ7J/dgqhKpeM2E86+MY1Rh6UiVahjI4eorUQwaglb4+0vFghQUCDVxD+lQ/FtwikXx8NJMJ5MYmudZDJrgwB6jr7Up9/lqdAdFk6HuugJFtkw+/J1SemOsXlAz0rerphDyUTrlLJJ5JR2SjAVR70DAj1GRXnq8+f3Sw3kDRY/p1vc7eJZAUfDD2ciXGit05MakmHDx3ZWSMrseYnvVoin9P2czWucEwL7EDCFjY8eThMD6oqrdgigwj2g7jr2gjx8PamN5OO9xW49FM4SF4z0SsnkJUAimQy5QMDMICssjlE7vceRaJuuL735SgNcTk7ZZygDF6seBHjpfxAJaFqD5pY9edRHiyc9FlIdehsLrTVknSnoixMCRFVrJMBqXjrjz0ZRLNEMuUOADBGISrGxQR1TS6WpHQKabAB3Vghw2KE1xpw7Ik1e+U3GJTwI+CgIGAg5y7W5Fu+jlDI1+kqg6xNLKPONQ7r18LcdApiJqGqTVjcISMwK/ucM6J+WQADdd1aPU7m46vySoGYxCI7DfvLvDtWwwT+RC/dAr30KbqFjWFdmIICBwuZALP80TDTCUwAAIABJREFUZ8KO6WctIYY2d50lBKAytqR2ngsIUKNm/CJv06ekCAywWYcM2+HPEr4t3zIB6p7XW1Tact7hiE/zKjk4kAv2R7RzIQ4JbKPWt5Tg9mkGuj+YRGtC6ml1+bVCR3arLGIWbKdA0XgDI3M3Zyie2aGYsAKB0YBuYyiM5CpipnqMEM70WQgY8ahBaATkTLSh05mLoyHW4Z2KmPm5ZwJmB0kxlg1OqYvPJJwvvRUCVBYByBMge25WPQjw0q+GAOqTu0BAGkWT6v2LHQKQAp6EcpqyTh3qpxkIYFbnRAJiURT/cYzpsL/JDwVMpaPuBgHsiIH04BUzREEP/ymukYBHrPSIxmM2CLDbsfRbIIgXCfhwCOjx7XIUfS5+eak8dJndE8FUntEyDuI7IUCcwk8TsJz+coGA1CV0dxx5h3MOw9sgIPgve9f7k0ivhWN2M4Kw6yJsJLIkKCGLIGj4pYkYjSzCmICuu8aLXGKMCYYPfOWb/u23Pee003ZmEN/XcL9MNxtlZjjTduo8T5+ec9rhK8T8f8pfRsi7V1xPGg2+lPEgpqqcp1hc3j7/5hILKMBwoy1x/j4n1itUErDt4FZETC0BMwtAAnYSoTkk4ByfyLYltfomQlVHBkDEupIE+F7ddAC+hjVf5Ei10TiSqzKo7edafJrM/v/JklbfKGrf4c8HRfd17N+CFIQe0Iji0kFm122sbiRv3a9BBoR1fD5xGALCyfPERQIQq8HyoWSND9og2Uftwj86wN3IhoyQZGQI9A5z0CtDuhuXg73oaTUgAUHxJwFvZcB+jxIw4ZPlgQOSV9oq/0SH9WfpCChJwDOtGvgpATNSD05XT59x8m3UQyEBz+LmYgbPzg2d+yU8lQBed64GjJ0GmHbGioLxOhgMZoES8H8gAQwqcKU/HY1yfP4lQ9V+RKO5kOoZVXFNmwwnOT7DKs0jASl3bjg2lS+n3yYBX2l1vPn5XSRgC+X5fbUGIPPvuVcMUs6vHe2IPwmoSLAKdcC77UR1TvQiARTakMtLP0AyxYDeBhxe49LLwRtX/zMSoD0Ish2hFf9Ds+sStLpyKM9tRLkbXc62+uhW/zka/eJJAk4sex3H1vE68Bu8YIc7BUSchAQRl0+ACBi5lWMuDsMx17baIt3RMbqjLhAiKBqpnCAfCHPQm0OalU3yI3l/iGBAAgIl4H0kIO5NAmDNfuyAu0MCwqScK7A+URff8czsFCf2Pj4BAvOnzNYYTGd0GyoJGI0QreVaPv88fPWo8kBXMjjaDxQWY9jhH/UUAYFPwPJJAAPhfkV5nab77LX7mPN6t27pUOFBArQrPEhAwwjlh8RAXTi0eYul40kCInyB95r7yUEG3BJdnHWTgBaeIe+AvVarzh31nhyU2rl8qvfJya2MF59pjSAtZBEScGmmA16UBITaMrucaCerWrtTiB+A29zLG1f/CxKwEvv58tITtqtty64/FRnqnin0Kr7/9+WASMAud+FTt2yos+deUoQUNwk4xBl+QrbsFuGbd9aj8EKYQwKUUM5Qlx/cdLl7vJEnQGukcuIMZQ1z0HuQAHbj/IrLakACgvLxJCDsuRwwBS+92JWcSSskYIDzaAXWX3XHfjgzQfRXlYBnKjMxUwf6MClccXtjWh/wIgF8xX6YcJQA8EJYPR3NTC+GgapknELFaNHfyw6r05XRbt6SAVVzHJCAZZCAHDjA/W5VBe4nub+73TyK/AMSUFUT8blJwF9zQhqq2ZadxD8lcsqueJGA/baF0WAMs7qb8BKHkjRIwA5AFDjrq7e9FWaLrH58Rhm9RHygoIam1ghaQPclAYpPAPu0+1EkAFb+wY2uib4Xi5OAuwWPsMl7pyH84sF2h3ZuyLF+LBMLeGza6h4P6KjfvSuJaLr4OXhM9n56koAOdPMdsqn2Gg6QMvVdSur7c0lAUgutt7WUB6LMIQFmIxUcJ6cF16D3IAHsBjGX1YAEBOVDSUDmihfuyc/LsxHqP8Qg/oFJAvjBU40EJGZaRD6dGYKMoCoBn6hMISgB7jDgXGPInQJGmpivkwDA5omcwYcTMWAB7NM44aMEYPRB4lR6D7jtiIYYSoCo5vdJQAKWQQLYuxpjArsCTMNFBIFm4d0kIKkm/3OTgKaas4aXbTYlJzeD8AOWmhcJaMoZdwng4BddXOCfe847lk0XS3hGiyPM5q0+V31/yqWHz8cAtId4cUlrRBaxyTlSUMIiyri+TScbTnTcvycBX844dPWvcw0MX5x3dRHFAl5u0JlgkSOhDBC8P43GBdr+0bfaMTlHBnHkM9/1Ib9z3Dh2MBk3grBblM0418OQ0WOMKWS20k6Lq9BJPTR5TuzmkiSEDsDw1lskoKon2PnKoxtaCysBZiNVEnAkhrA56N0kgAarbjUgAUH5WBKwqpZnI0nAhFbNZ6YS4CIBYU8SMIWvqEqAKFOaczPoP+WmRly5HxhxhhoJIG9EJ8lPeEw0YFDwVAKmdJuR/IaHHTcJAJYgSkAClkQC2DA+gslfUby6vh5c83dkf+8fKAFFfxKwayYEKPyZk1hXIQEbSg69rpVX37B7DjxkfPME8Bd6DWtachYuHtQrlEa8oF7hHMnlHWi40PIENNF38mNIAE+yX8qu8NuB9j3v6p62enG04JFv7KmeJRXbB87z2qSHc8mQGSbIcUWCj5WKHPcbMplfrVfmmHdE4oj4y6S8QTvYoguq/zn9vOTdoQwiXxJQY3XpOCXHyeXlokqAq5GGErDlM+hNEsC+lfGyGpCAoCyBBCQE+Mekw4CiBCy2HIA/pqoSMKMCbgY8zu91Crd95bZPDY88nQTMwBFBKAHIPEZDCC8seCkBgi68Sk8DDzvPruUA8AkYUzULAQlYFgngr/VOV99lZpOhQXcl9G6fgJ4/CSjq0QXwYq2EFiABqsBwrscpKhmCfpmbAmkQX9KViJrBGHSfgCf9yI7Vd970v5XLKaL/o0iAXDR5eIsEaNkA/5Na8MiWtEi2K84DSOehkdtyWSBurMO/NPQui/fy+CjunCfCOjgB6L+FBnBAHdOwaXCGcKNld/ImAVHTBWDDlU/KXwlwNdLwCbiZM+gNn4Ccl9WABATFnwS8O1kQYB3HeRPzePj9hJehmEm/5Ri4OnWRAFiB16MDErwovggTOBm7wusK/iQAbjF+VlMAhuPh6UAlL4oSAGH/0AAZBehhh9cp5lYCXrGaiURAApZAAgrJZFxiNkfaZHLfec0m30kCzuZFBxTy1q0aB7BWnruPvAKOEQUDGrhUK9/jlrWT9qweQ0477dCPPYSrR0ezOPMhAdcIDMqRspzwb+u4pWQpKKRSkQ8hAbljyuI37+pHZ2p8iSrHIkeKkgSR7Y6jh3y1wH2vI2kBkYCNZJK8Q+Jtq81gcTuZXJN1qYRkpGAIkwykobm8V8KiYX38udLmGo7yLP2jA7oUXiBLX+4QEaqmqnOVAFcjjeiATY9B70ECCnp0QNFcyQpIQFA+QAnwjQ6YQXq97+zfJxEy55CADKX4U3wCRjL/v0oCYBo+8osO4LsJPDPczgB8X401fHeTAK4/nA4oOiAWA4BmMD1UvuYoAVzJ4Kv67B/7BQMc3HYSaojgdDQazYI8AcsnAc4MZw1RoCt31iEMW4QEEIrFbTUjv0kCrvUIw3Tdf+ZugmNbphf4ZjuzcjH5fJRQrW1u4Gz7s3KMIXZKRN+DsbvutazMjzbObBUSUJFY+URfo5NZijsPQUq7m48gAStyS+R5V3/pWzb2yDfa3XiRI+cSyVpoO+lspvCI8/yeIAF8W8MG0p6GpsBfSj3nBvvMSfssou7L0M1R6qsqdUMVhgvPE0B+Hwe+JKDukJMfYTpAXcnaUp6rBLgayU+UpP7DO8I16JUh/cd5nneeVgMSEJQPJgFe0QET9zqBQwJGtFQwP1mQEOVXffIEgL/B8FQmCxzqJlwkAFwMrhDyBw7yTxQBQVECBloDxj52Zkq+4xEGJwR5ApZNAhiM9TPilXyJk0ZMWpMjUF2EBNjwgszdaUu3BgmI2k6sN72i6+kFSUBdYmvRXB1mdylvkBKv70nHswzmRMXLtKxgI0nZtq181iABSFHSZ6R6KySAMw+4erNPbEScLIr1j33b6q4bJKAisWZxEsBzIvbDb5IA/rMlKn4YWvCIZDpPuCdC6HNfNPIHJdNjo+AY/P+qecTH3I4A/RjuxbglFwxIMuHkAIzwXA41JGbceM6GjvxxQZfdIxSXGKuABu66MwYKEhBhjwdl+3ijy01G8tYFDtM7ek5NyUVWdtNqJ7saCRkDf6Ex/LJr0AsbPGPgHfzN/BLpMU2rAQkIyoeTALcSwJMIDidYBpQqQJIAd9pgPrnWkFOeycD2Qt89SUCiALN1uW0PCgb+JABdC2V8/8zB7phLCQBWQg0Yrn7ysxMeOLsdDmXa4EAJWCoJ4DDWPcoWUi0b36pZ9rP+t5CssDd6Y1GfAKvf2yuc8NCxXV8ScKiL/+xjv1OSJTeXBPAU/ffVTKbKKtVNuCaAjVTmJ1+hPtDfuezM79RmbI/Bur0tpnftSjKcPLSNfYhwp4D6VrJ0b9GcT90tmP3e38pud/oCl+XeAczQZbWwywzmUyGDBDCE6W7B6spiJODkCXIalDOht0lAIg83vmGYmMcOWeBIjTv3HVafIBVBnWbp+dZeIlu6oET70S6bLF9XK/cQqUCgbf83mXh8IGf7tWPe4ZFIh9HFdoboV75XK6QaQjSgxABsaG2t1e6tPmQ+vLZ+A9Dmbi3r4qh20upbviSAjw6r9Vh45PtRVOQT2I/dnAsKcs1rUSvAXgQ76wpcuxvJf2ufpX4esTt3170GvbABewc0S5FkxRYOELrVgAQEZSkkYKr4+YnfCUNnoysRek+wnngdGqEFCuBP5igBsNUv3Qdy+s7mk4DEUGwzMJMbGs/U7Q0cJYDfNqNoBTNvO0A+hvzC2DNFAwRKwNJJwMqDDMVCWMzKLdpwE7ZFSMA9xWXnUyE/ErDWtfLqYv6FGQY2jwQ4W9tZ/UfjOrEpndzkTpbIrQw1F37+dXnDes4kAYd0j/+xd649bSNrAFa0xsdJNuQqNeomEgVFhFuoeqFIsGoF2z0JEr3Qop6WVlW0SmFV0QIf9stR+9vXM/bEtwRCKSbjPA8fWsdm4tcxfp95Y880V6ywBGSW+jMrNoIrH6g4nnatsAQ05LonI0vAlnz3R6o8cv7Wy+4YB2ZbPVQ5wiu76ni8UAm3P+Oemkyh23/EvuN+8L+rYQPcYZQLm2q56X4W6+p31pxPeNUp1c+LtGgf12rTbD3ZN2fdL2eyaprKF8MloLHb3y/HHDPbannHeVDxltxgxRlT+bX/RI0EuWZ2HjX/55zSqwNPetWGGDZYnU5bZSvaKhIA50rAj80iGP064ND/Ff9jpyct5ts7OJA9++ef+qn+4EDOwvuft8XBEiDr8v1KwIHi7/6XBe77iM0epy+QgO/9HvwHOZPwhw9vn/sLCP1KQMX3nEBF1fwHtePswttDOSfxoXo6oL+bTCUchwTYyWZLZr8tNZJu+cmGuMA+3S1Yo0rAb1UxPEtz7YE1VALC8/ZdTgKs8rZMRU/fR+caym3LR7hb3ciaxrqc6Lez5BUP7strfHMtvLEdRDa71fEF4ZcAO89tyNns163wypJ8eG52xyk1BCTAWt2/nAS0N9+vePdUXLD1jJiYx3y26U3WMMIrd8UeNd9lxUDEzp/TnU2ZTV/dVlK0IF1kY084iRPjwkN5GPdVuab+qCU+jOZSf1+/rcnpB9RAAqm2033fs9+9bf9PTDjY3OwrYGFH7NX+XaszVAIsq7olP/CtPe+TE59A6546pVc6jgSkWuZaJnCihoNcM2etPfH5dbx9CJ70qg2xC42/5DHbblhWtFUkAK6hEhC5CV7cWn8YHANYzb8j+9DHgWmCRBr9UEkPkQB5i2F4nAA3G4s+uq/rfniBBDgp+8BX0v/FaSsyd8Bx4CF/997Bge34dssZcMA/TkDoTkUk4LokQHTO9ub8X9dbtQfLiyM/XehcwzPV5dr1xldZXh52BpS/zTUGrynMd0P3j2Xm9uaMIe00FoYHkf/jj/yQP+zuzLD25vbuGCMHWL/sEZmJvPHFr1ReV0OHqj6zVy35XyjNL4edrNytBkbQb6x2s41gpN98G7w3n8ql1ELVOY3m5gOHITW3XLq4RpW9H3rTheWc/yStdmfkIYuO7R8NUpzTq43hJ33Z77WL3ezAE/B1FQmAn18JiErBJ/9T/6on7U7Cd3D4PThX4PPHB3//k04Pk4C0/+mA0JAE3n15lWNvXsBzJGDGK/4fH8oSxPO3xwNGDBSVjMXAXY7fh7RTqTiDDj0/+ORVCZCA+CXgSgS7zABWqR0e4U8PgsWIS4IEIAE/WAm4oDQQWhr4+PxFDVYu/7YjcPz9n8pPaG3x3HaQACQA9GMlNCAjEoAEUAkYXQImjUtoDSccEgBaIB6p88r0DSQACaASgAT8BDjhkADQg3XT7DxZLqasTHZla2cSJCBjgwRQCUACkAAkAMCyus4Tj/IpxZcpPfb5ShKgQAKQACQACZgoCbi/uzvH0Yfo1XF768+m+Wxt574uXwdkdndvIwHw4xJw0cYkcSQgiRIAMJR6beJCRgKoBCABSAASADChIAFUApAAJAAJAEACkAAkAAlAApAAACQACUACkAAkAAkAQAIACQAkAAkASCZt8xzaHB8kAJAAJAAgsbw5TwLecHyQAEACkACAxJI+pxTQ5hqWbAngEUEkAAkAmHAqO88GK8CznQpHh0oAIAHjIgFZALg0o/wt5gaR4RpFJQCQgDGSgFtZfvjh57I/XGmASgASwNcBAACABCABSAAAABJgS0AdCUACkAAAACoBSAASgAQAACABSAASgAQAACABgAQgAQAASAAgAUgAAAASAEgAEgAAoLkEMFgQEoAEAABQCUACkAAkAAAACUACkAAkAAAACQAkAAkAAEACAAlAAgAAEiQB3BiIBCABAABUApAAJAAJAACgEoAEIAFIAAAAlQBAApAAAAAqAYAEIAEAAFQCAAlAAgAAqAQAEoAEAAAgAYAEIAEAAPpIwEUbk8SRACQAAIBKACABSAAAwCRVAgpk8atR4IRDAgAANJWABmn8ajQ44ZAAAABNJcBqUAu4Sh0AB0ACAAD0lQAAJAAAAAkAQAIAAJAAACQAAEB3CeCCC0gAAACVAAAkAACASgAAEgAAQCUAAAkAAEACAJAAAIAESUCd4wFIAAAAlQAAJAAAAAkAQAIAAJAAACQAAAAJAEACAACQAAAkAABAcwngggtIAAAAlQAAJAAAAAkAQAIAAJAAgBuXgJQOjBBtUuIAACQAIA4JSOmF3vkfEwCYOAngrx3GWAJS2pEIBcACAKgEANy0BKiEVNeDofkzKXEAAJUAgLgkwMubDR3w8ucAB0hCHABAJQAgHglQXeeGTqj0Ga4CJCAOAKASABCXBLi5U2Qk+zTNaIBhuPkzkD2TEgcAUAkAiEsCvNxpJ85cPp+vjTn2LubsBBrOnkmJAwCoBADEKQFu6szZeXO6pAHT0zXxVyXSp5c9kxIHACABALFKgMiduXzv6GxKE86OevlcMHt6cdhrtEHuLRYAMBESwOGA8ZMAN3dmcrWeNgogNaBXE9lTVtJ9DmDHUTO0ohaMAwAmthKQBrgCPyQBbhHdyNVKR1NacVRysmf/7kYVR04vCcgF4gCAya0EkMbgRiTAyZ2FM70k4Kzgz56+OAzNKGABAEgAEgA3JAGiA53JTxfKU5pRLk3nM54E9OPQTQICcQAAEgAQlwTU+x3oX9PaScCvsgutxtzrx6GdBPji4JIJgAQAxCwBsgNd0U0CKuVCvwud8sWhmwT44+CSCYAEAMQoAfV6w8jUSuV0UTcJKKbtLnRfArw4dJMAfxxcMgGQAIC4JKBed6roogO9qJsELFbKqo6uvtWQcegmAb44kACAJEsAjwjCeEqAqKIX9ZOAoqijy/vqXQlw4tBOArw4kAAAKgEAMUtAJm8vF2d0k4AZUUd3vkxXtzbIOHSTAF8cSAAAlQCA+CWgnF7UTwIWPQnwx6GdBHhxYAEAVAIA4pYAcT/dYlZDCSi7d9QF4tBQAsrcGQiABCABcCMSIG+qr+gnAVl5R50nASoO3STAFwcSAJBkCagjAYAEIAFIAACVACQAxkYCcgmRgBwSAABIACABl5WAQkIkoIAEAAASAEgAEoAEAAASAEjASBJQTIgEFIdIQHHpVTPERyQAAJAAQAKSLwGVWTPKRyQAAGKUAAYLAiTgZiTgiWmOrQUgAQBUApAAQAKuUQL2w/m/uT02FoAEACABSAAgAdcoAZ2IBBgvxsUCkAAAJAAJACQgXgkYGwtAAgCQACQAkICYJcB4Px4WgAQATIgEcGMgIAFjJAHXawGLt2pIAAASQCUAEiYBJ58FJ70vX9UrR599nDrLR77fOPWv/+o20Ock2kBMEmD8NdQCHrZ9rKrlP1tL9zNqk812e8kwtttB5sSqzN139js2X94rB5t71XqzXkICAKgEIAGgrQQ0ZGvibO65GnDke5dUz1n2S0DPv/5o6iSwW6nP0QbikgDj4zALeOffeN6/vL/sbtIyzYeGsRNqeMFeU9hUS7PVSHOzK0gAAJUAJAA0loDPJydSBdz+vsjh9ksOpwMloKFWn3yd6sl/G+rFXrSB2CRgqAXYWbs5q1hVy7KZ5m2/BGzLLZ6K7C65YxjTa2Kzly2xdWfe39wz+ftdJACASgASAPpKwBf7n69fUnYv/kxJgD/pD5CAaPe+5+vzh38hPgkwdgdbgJ21twYs3/qvne6br2XJ35GAfiud/rZCLDbThpFfb5rmRt7fXPmevSftPBIAQCUACQCtJcBO3fb/Tq8gAdY4SIBjAaURJcBO2S9N81XJqwREJWDGTv0Pc/K/K3bT68Hm7tkvrSIBAFQCkADQVQJSjgRMfbGs1NmPS0A9PgloDpcAaQGjS4Dxu735b+dVAta9NJ+xjaEV/PWsvXYFCQBAApAA0LwSMHVWt6z/a1EJaJrncwkJMDZMc/O8SkDLTfxuv79ZDPx6WRUHkAAAvg5AAkDnSoC4z//0X/bO/jVtLYzjFLyymK5tqqDoLqRPGb1GjUWNFWKh1DZ2gsPqxEspSJFCYbCt/fXS//2ek+TkxRq3tW7T+v380OblnKP5xedznvOS1cwEvEACCvH4xbxMwMd4/EQcV1nbxVD1PrtShQQAgEwAJACseiZARHcew2/vHe5mS8Bn9/aXyExAsIGlkICLkUNrSgL48MF2dCZgm90+Etfz7tiBV10z4/GPO5AAAJAJgASAlc8E3L95882J4V74+m+2BIjbn6MyAaEGlkICBBdTEtBm19ToTIDGbrfFdclN/rPqw0ql0h3xPYTaWCIIACQAEgBWPxPgS4BHhAS8mSEB4UzAm18qAf8uVgLk6EyAGiEBXnM32CwIAEjACyQg3ch4x5lGoddOe6fH3UKhW51RJ9MNncr9Rlkc58ajk6PMVHm1NB5NAg37KJWjknuoZa87vYaK6Lu+mQB/OGDjv68ODxFzAtzbXyMzAcEGliIToMsO6pQEHLHyW9GZgK3gcMC+Pxzg8kHFtsEAQAKeLQFKbmSRCPOpgr1HWb3oRnrD2bOsMxW85WyTKOWfl3RWyG0j79SxjsLOoIcaDtJg7TtHfbdQDuF3bTMBL5sY+DtXB/y70ImBH+etDjiPx1vimE8D/ORUN3O5XPfJ+kBIAACQgB+XgNrEJD+ASxOyxscNnYY1u2Ouk1k5PO4RjQJVUocnQ17HkwCNFTCNiZMJSBk0PKrmmAmUgnkAk+qNapY1vD/9DcpDIQF7rFC232aFMoi/a5oJ4EsEv6zE6oD4AlcH1J3DxJwlglfiOMva1kT1RILXtd5BAgCABDxPAljfW7/2JOCY6JgPD+h0wk/HNLQje4Xoxq+yxwSgeRKQABb2K4o3FkB0yP93qB7q7Zt5p+Hu9DcwyHIlYELmHk8z1J1PB2uYCeCbBX1diUzAAiXgUIz5R0kAHy7Y84WhHqx++GSXAEgAAGsjAS9fItjs9aW8JwFjNxyXaMA746c0dkYMLGoEJEDvZlgJTwKqNAgoQpd09yoFOv2ndG3/PyIzFf4CbdJH7qca1As1AdYuE8C3Db79a80yAfYav+S8TECatVdwDm/YYSVUnVW6SEICAEAm4FkSwHvwvgQYVHGumjyZr5jDksgXBEb4U44meBJguKrgcE2GMwmAqOZ/ipsekGohNXCGAKoFVwJO3U/Jkon4u46ZgIcv/HWCX/9aq0zATu6ClT6OzcsExFqsyAnfSaD6IR63dkPN3Tx9XREkAABkAn5QAqSQBJjUlkLx2F09EB7gD0vADZHMirhnqRzVFfd/KvgJNTGU8CnUToFaUsEbDii4HoHhgLWTgG+3t5/50v/33quEN9glh/up8ztns6DbwPnM1QHBBpZCAs51QVGcD+3C3dj8twhuXrJC51cdXvqf/pRTsKMPGiQAAGQCXi4BV24mQOq4mXmRsje1SAnI0ulZxyTTOHOmAA7tYf+0HmyBiUJapARCU/+ZKsieBFRpwL9HcfhEOcCrlwCXb1/9jrwXvm6nzu9C+wT4Pf7pTECwgUVLwNv4CzYLiscPg+cfj/0JgLMlIJbSReHz/nRioRYPLB6ABAAACXi+BLTcZQCaHuyMy3U6kiIloEv6kCyTaHhsnz+a1Bz3TCoEvOHYzhZwLJFrEC2XJE8CpKw1KHRPLGEiYL0k4POtv8HvXfBjbqfOoyVg4zaqgUVLwPaCJOCD2SxtuSWiMwGx2Lt23VaAa/Xp6IIRj/+ThgQAsIYS8PeCJSDrLgNoEU38AX2DTpVoCTghqrdlqaZTXRPrAxihKlES4EiHJwHSxK7aQ/RdMwlYFn5CAhI/LQE4Xx8HAAAgAElEQVSRvP/BcslMUU38UElIAADIBDxLAli8v2wUswYNAssBemQ+XbfvS4BBVt+eCejWyQ2p0+3pZKS/KwFVuswHJCDVpeFJt3VJEwXxFxKw3BLwdnESsHggAQBAAp4lAXwon9PV/aH7I7JmbBvsS8Cp6Ll37CGEHFl8IYBWIN0fDzgMSIA/3q/pjjYICbimOt+WIK9jYiAkYNklYBsSAAB4fRIgqbmeMe5rFon9fbM0c5peMBNwLXL5TXtuoeME8iVlvdI1IieZoBL1vasT0m8eGQY1Hx9lKS0EoSpKA0gAJAASAAD4fRIgZvOb7lt8csGBgZkSICYTSmMuAcpAOINBLa+0F/szgfguDyjAob+9kGJheQAkABIACQAA/BkJSDXFcoD+8Ok+v1MSUHE2BnCW/PMA7g76N4MT/ExXJXI08N4RqHZc6mR2OkWpT5R3hgkGkABIwJJLwDtIAADgj0vAojcLcqcHdsl0hvAPTJHrj5aAvBv294Z2oL9yEwDpYWA4QGrZQwXBhQAB3Isyuf5wjOEASMCyS8AWJAAA8BozAVqxrZPlxO/9Op0EtvrfH7dnSIA0oSGrnjacJYINoiy7s2eQyZP7j5O+OymA7y2cHdgvKBJXwxLA/pv8crFOzRQCMCQAEgAJAAD8Zglo8/F5vSiiM5mCtr2KvzxDAmSD1WgOxWZBI6J6h51a9vqCK/dlgmP+tmGdXKm4Cr1iUEiAXCc67ZwOyCwj/kICllsCYufzHeA8BgkAAKygBJjNXlas7esEJu5lWeC3/FV/AQmQlLFJZBluCl9ps1hOVqfmLvtzl/u1+eLDursXYPjtAN4YgTq+ZIWG12mEX0jAskuAMV8CDEgAAGBFJCA0J3DeTTXybrkWfLmAXMx42/2o/tVPfnBXoxrav8ljKAASsAISoF7Mc4ALFRIAAPjlErCYiYEAQAJ+VgJiWmHwTwSDghaDBAAAVjATAAAk4IckYImBBACATAAkAEACIAGQAACQCQAAEgAJAAAgEwAAJAASAABAJgAASAAkAACATAAAi5aA3WTqVUiA/RyQAAAAJABAAiABkAAAAIYDACQAEgAJAAAgEwAgAU8lILGqEiCFJSCxqhIgQQIAQCYAEgD+oARIqycB6iwJkFZPAlRIAACQgIVJgE652Tfwnh9IwGwJeO8ET/VhtRzggQXPzd1tXwLEcyRWywESgeeABAAACfglEiA3mleIkpCACAnYZueKerdaEnCnKtMS4DzHzmpJwE7gOSABAEACFi8BynHBIoIEQAIiJCC2vcUX2N+vVCrg4Z49y87WdsyWgI3Ac2grlQpIaIHngAMAAAlYvAR0iMwrSAAk4KkEbDgS8HaLz6hT7+9WRgMe7u5Ve1L925jdgd4IPoeaXBkNSCTV0HPgJxMASMDCJcAYlbQsJAASMFMCvBl1iiqn9/PlzMHB2VltaTk7OzjIlMv7adnOor9LCAl4Hc+Bn0wAXrEEvHiJYHV0lGqM9OaR4pzXeqf6qKK5d0sF3eiqQgIOR/pV68Y+5AUgAZCASAl4n+B5dNaFtqNnObPklMt5HjtZB3pnSwylb7yS58BPJgDIBERTouaIBkTUsU/7Fg1MotMzfpKasOsW6aYjAQ2iS4ushqgKCYAEREsA32Zn04mee/v7eRZAl5d8fn9/z4mdm3YWPSABq/8c+MkEAJmAeRJAZkkud4mq7OzApK4sZQzSFfveoJLWDutkS0BuUK+mlKw1yEACIAHfkQCnC72blPhwuiyn03tLTTotyyp7ECm563Sg+Xy6jVfyHAAAZALmSYDV553+OlX4UD9d28l+nVh/P3VKY36WGXIJ0IaUdaYEnkACIAFzJCDQhd5JJlOKxuInC6DLDPuCmqakpOROsAP9Wp4DAAAJmCMBTiRvUU+SFGuQt8cBstSUpDLRvj8x8JEuVX7SJh0SAAn4ngS40XN3k3WiFRY/lx2Fh85NETt9CXgNzwEAeL0S8PeiJGBCLUn6RHXnapFMSaryP54ENEjvciZkKZAASMB8CeBd6PeJt++2eCc6yb2Soywj/7N3/z1pZG0Yx88kxtwjyI+ZJhiRRMYQdYqABa1RSWq71Va3m9ZibJr9p9nX0ff+nDMwA6hbG5+Z5zmM3w+bLF5Ou5Ad5lzcDGBumL6B+mZWvNLG6sp07czL/QDAJOD3SkA0ADCaQVDTz/nfzpSAd0GiSQmgBPyiBCSr59JqWS+fXqXoW69YMUtn2Tx/ng7R83I/AFACfqsE1ONR/yC4qbrD+KeoBHwObocTISWAEvCrEhAP0ltLK2b51OvnRMU+8U0rmaVz5c7amZf7AYAS8Dsl4A+z9puZZz04cN21ePA/eTng4M4fpQRQAv6lBCSrp14+9fpZLm/YrqwfUtHSOT9Ez8v9AEAJ+I0SUD0cvwPAvTTvCwhPgovovQLR5wT8CM7H7w2sUQIoAY+VAHGmy+eSXkC1VVtFt848npKlc2bxzMv9AEAJeLwEuBfBSds1z/pPzIL/Kjgc6GZwO/6cgNvgu3nrwPDmEyWAEvBYCZisntHy2ZqsofaKb2Tj/tqZl/sBIJclIIUPC5otAS9eBueXn78HN9GHA2/qKweXX87Hnxi42wm+3L7rBCfXlABKwL0S4HkVP9xqTZee+L2CMwuo1cwtnXxQ4NxdzMv9AJAPjWa1WCqvZDMJcN2jwyAIvvfHv9x8cx4EnR+X448N3vx8EgQnlwNeDqAEPFwCqk3fmTurLlk/F8K/rJx5uR8AcsGvvUizBNxXazenP1QHhdnf7W6/YGGkBDxcAjy/Wuu25s+qWzwP3Mm83A8AeRgEdAtuZSPLEgA8sQS4he32ZstZ3BX0F/eUBgDg/68VDtY2fW9jckoAJQAWlYCKHzbb9b11AEAWLvbq7WbVL5WTEuBQAmBHCSiVvKK7udvuD+sAgNQN671+eyuMBgFMAmBfCTDvEizsrnXXAACp63a3CqH5pvB4EMAkAPaUAPO5uhXfXYCv2gOAhVR94Y87QFICmATAkhJgPrTW1ICiX/EBAKl/QVixOP6GsKQDMAmAPSWgHF10DzD/cOHChQuXtC+lDV0BZjoAkwBYVAK06Et2ygCALIy/JmT6WeFMAmBRCYi/yWYVAJDd14RRAmBnCYi+ZW8FAJCJO98axssBsK0E3NtJAQDZYBIASgAAPNcSwCQAlAAAoARQAkAJAABKACUAlAAAoAQAlAAAoAQAlAAAoAQAlAAAWPQSwFsEQQkAACYBlABQAgCASQAlAJQAAGASAFACAIASAFACACBHJaBBCQAlAACYBFACQAkAAEoAJQCUAACgBACUAACgBACUAACgBAAZlYBJEwAApO5uCeDDgmBTCYisrAIAUne/BzAJgEUlQNeAcnkjugIASF/UBCgBsLEERJdSySt5AIDUlUr6WZapAZQA2FcCNN0AKkW/6AMAUlfUx9qSrgHTFkAJgC0loGQqgAIAZKo00wI4MRDWlICS5xV5eAJAtjzTAn53EgBkab4EFF0engCQLd/bSEYBj04CgP9RCfC8ih/y8ASAbFX96SiASQDsKQG+W+DhCQDZ2oxGAUwCYF0JqNZ4eAJAtgpuZaM8eT2ASQCsKQEVv9pM9tJmuK9U3/1LkZCQkGSaPDu1F8VSUgKYBMCeEhBuxTtpR+RcLYu8UyQkJCRZJs9Ps0oJgHUloOIV3XA33klHsqLUkciZIiEhIckyeX62qr4XnxnIywGwsQQcN6SuVEWSyQAJCQlJJslzLwFMAmBhCbg1E7uvIi+TvZaEhIQki4RJAGBdCdgVT6mhNI6TvZaEhIQki4QSANhWAs5E1pVaknay05KQkJBkkVACAJtKwOnP0ahdEKm1uyJuu72uTkftNgkJCUnaCSWAEgDrSkDoOPPnqXwL7/4ZEhISkhQSSgAlANaVgE59OByINHt9kbDX631SnWGvR0JCQpJ2QgmgBMDKcwJeiVypS5EvyT5LQkJCkkVCCeAtgrCuBPhSmJzEGyMhISHJIqEEsAzBphJwFgTBW5GL4EZkEAQflCIhISHJIqEEMAmAdSWg4cyfGLh1bw8lISEhSSOhBDAJgHUlwG21Wo44jYb+XUOrK79hfiAhISFJN6EEUAJg4zkBh44cqG8ir5M99lBISEhI0k8oAUuqwToEu0rAtdOanMQbuxYSEhKS9BNKAJMAWFcCWk5fKVdq0z22ISQkJCTpJ5QASgBsKwEHjnOi3ou8SXbYAxESEhKS1BNKACUA1pWAruMpdSHOfrLDdoWEhIQk/YQSQAmAbSVgv+GsK+XJH8n+uu8ICQkJSeoJJYASAOtKwJ8NZ8c8UDvJ/vqnIyQkJCSpJ5QAPiwI9r0ccPbRdPa/ZnZYEhISkiwSSgCTANj37gAAACUAlAAAACUAlAAAACUAlAAAQEolgBMDQQkAACYBACUAAJgEAJQAAGASAFACAIBJAEAJAAAmAQAlAACYBACUAACgBABplYBmuK9U3+VzvgGkimMLLwfA/hLQETlXyyLvOGQBSBHHFiYBWIASMJIVpY5EzjhmIRVXhx/ngw+j0Yc0EiwYji1MAmB/CThuSF2pimxxyMqj7dC41tf2B9HVvr7a3jTXCp/jRXs3HCt06zfjZ3BrYbj52lw7KphfDPS1nXgrbXfn4W20y9qS2dtqW9JLbkRN/zx/s56WYLFwbKEEYAFKwK2Z2H0VeckxK48m//PfR6PZyL66iXeJ5fE2B7O7SfNYJ7vR1dPpnw+U+nt2q88Pb6OO+9NtSsmN0LVgaf5mPS3BYuHYQgnAApSAXfGUGkrjmGNWHq039P/57SOzPu9tbzvSMs/d+2E12iUuxtvs7w2irdYKqzo0z+g7256+pncM9cps2vqhry0Pwmq1LFKuVsPBt4e3OfZ1NPrndM/8aiW5EeZPzd+spyVYLBxbKAGwvwSciaybJ11tDln5VBCZ/uBJ3P1WpDK7TIfSiP79Uu8o0Qvxb80uEw37VUv6yXZvRN4kP9zf5kI/ee9EvcKf/duLIsX5W/W0BAuFYwslAHaXgNOfo1FbrxG1dlfEbbfXOWzlUD96LeD99fWO/sExr9EapyJ/74oc3C0BZvNPyQLfuHq8BMxu89ERORn/brklqzMVQ8L5W/W0BIvidNRuc2yhBMDyEhA6zvw7Vr5x8MqfT9Hr9npt16v0lcg/47Qrzp/fRZr3SsBrkevJAq+f1v94rATMbzMS6ca/fLdUn51G1O7NJ56QYFGEd48+z/fYwlsEYW8J6NSHw4FeCHp6hQh7vd4njl059D16al+OpvMnIp14ULumVCk5NXBaAvQTt6PJAn+oV+GbR0rA/DZ+/Pff0Y3+c/99gkXRGfZ6HFuYBGABzgl4JXKlLkW+cNzKqWWRnnpvdoAT84r/t5nxwFFyamBcAnbMyf1f4wU+GM/jf1kC5rZxzN70gJHIzzQSLBKOLUwCsAAlwJfC5CRe5JQjW/p47Lakrld9Z5y50ZvvrqYn74UipVK5YfaTvWSBNy8ivHykBMxusyPx339HT2SYRoJFwrGFSQDsLgFnQRCYV3WD/7B3tT2JK1G4TcjmCCKKJhpIExfTrK+8KWgKJKLrelU0rmjWGBOz2d9x//udaaelL1NaQC6FfZ4v1O7M9MyZ6TnPnDmdfSE6KZVwONvC2uJVJUPXz5RTntglR4msk3y2nNRAZw83/eFy8F2NsrUIEuAq07dJQL9h4s0ueD0IOUx0B5gTwLaABABzQAI01ZsYiCMDFxMVUmvMWzeIfmyKQe4wb51lICc1kJGAoyJnAmduB8+3Da4jSICrjEEiycCeVo1BYLgeCBWPcQeYm+iTF3+zbfGQAA1+CEgQCVjSdV0lVePzUmMownYtJI6ILklTDJWOVkV8PeWaFl8ECeA5Acyf25l9loNXVkndjSABrjI5InP1n7eaVsXngvywQl/C4Hh3gHmJPmncrMC2IBIAJD0noKmyxdqrfeALsJBgfnuJf7lXobxGZrC/QVQpmNixI+4iMXCLaMVwO3j2sxVFAgZl3Kf9V4l6TsmHK79U490B5gZNgm0BCQASTwKeVF0k8QILixYf/HfTfxNd8Dt7zoh/sVMDBQno6iSOExIOnn+nRxEkYFCGnzf4JiEBb79/v3mFGu8OMD94ItgWkAAg8SRAV495pjiOZFlk1ETQv2cH/7vE07aFhRIb9/Y5Ab9InPlnO3h+CGAUCRiU2STS3wIk4JQ/2bMiHO8OMEfQCLYFJABIOgloqGqLf0J+DpO1yEhb/80PP4GPJ+83ThgJOG2bIdt7RgKWDpSDepaoflCzVvX5jyulyY8YrJ/XzJQCy8Ebj/V6/RvRFvt55HsGkjIWHWi89podbUAClvn083wpNt4dYH7Q4GQStgUkAEg2Caioef4hllqDzVpk7IsPAj8snyqmQ0vECBja4pcnDNzpxI//EVnMbCFeSwsHf+6eTOfmWi9QRnlZdhWy//O4DP8j4xZpvDvA/KBCsC0SEoDDgoBEkYCaphZ4Jvd3mKyFxpGI2t9p5n8TnDNnQ47v1W6Yl/qD5c51M2GgqXPOsG3eSbWtHQIzTaDl+rxJ40cFS8rw/7BYFFP32rYAZdak7kn0H+8OMDeoqQTbgkgAkHQS0NPUXf6iwtACw/BS7o1UZrdxdnrb8iwBLy78Fca7A8wJeirBtoAEAInfDujecM7+gPcUAIBPBWwLSAAwD18HAAAAACABAEgAAAAAMFUSgMRAACQAAAAAkQAAAAkAAABAJAAAQAIAAAAQCQAAkAAAAABEAgAAJAAAAACRAAAACQAAAEAkAABAAgAAAEACAAAkAAAAYH5IANwQABIAAACASAAAJIcEfN2vKcrx0oTnfNceC//8X7X+HiyqfjDuf4eeP8e2IBIAANMkAWWiH8oXost4c7pUrFZlRev8v6EfGePVmiranWq1eMUu/rDfmxkLk0D9oF8mWuw9mOoEcebhNPU85V6MaFtAAgBgFiTgmdKKckbUjTmnWVMpyf0iUX70N2S8WlOFzpVVV5QH/ns6Y2FmqR+jtpj9+hysWW/V6dTn4UTjFaXnKfdiRNsCEgAAMyABhkZFRVmlHekMfsvsu5B5Y+vjrJwEsFd9ffQ3ZLxaU8WzZhlfY1+dPQmYoX66mtoarUZvy5wkbbaK3eFX34x5GvcRUdBVdaokwJ6HE41XlJ6n24vhtgUkAAASQQJ+8Yhdn+hAOoP3vG1U+L2MlAQ8PFduR39Dxqs1ZfSF8W3NngTMUD8XRO8jBrCdSbJjXZXna9xHxst0J0h/JBIgHa84ep5eL4bbFpAAAEgECdjj8cIOafJVW4ZobW0tR5RjP0SZcBKwQEgQCZghmFO5H61G7SRFlK8w139RYZNFPzQWXEVJIwH3CevFcNsCEgAASSABXaKCoqToUD6D980txXOic/aTt5KMLBLw0op4tXv9C57WNGJycpxatYdmeXfkdqS1+q3ayCTA6PfHsGq15sVrrKfHwU35y3B5vC0bzSb/aTZrI8gzjlPpDFb/RMcjzoSxtRGpZ5/GJPJE61A2f+K4z275pRY1giEye0jAJ41XnF6M9+ZKuj7ctvyNJACfCAKJIgHtf5+fD9lSf/OwQrR0eFiQzOAlc0tRkIB12hAk4LXCZ/PenRMw0BlSrmikcb9iPnRZp+vQ12O8Wh9LZhm1EO6JJe34ap3ndD3T/c57selYY6Neyae2i303CeiebeVXdq6dMt2nHG8n92TlOv1aTul6+klR7ld4X4phlKSa5rW0wzv50xs5rorVlqIcp/nVyoVMP8fsWamqYlynuARtmTyBlteYeL/Zn1rrnt+8jycPcxZ3t0RndxzGRCRAMha+fknHQjn4vqyvHd/cMn1kZM6Md6zdO9vLpjePdkP0LNOYRJ4oHYbOukgS0H025cmfnVAhbAT9Mgfn4bjjFXi/4vQi1jsYvTP0fHgYZVsQCQCAGZOAfVX1ElPJamTZXPwLErBPy2KLQLcqrAhb8sX683hQ7/ug1dCsoPFqXXsTFKQItuOvdcIvU9adtFhONfPW3+rRgAT8zlr3NPGR06Vmt6NfOu2QynVjKkQuTyNl19IOpE/vWNfMRaetq2uZfsx/W7tate5vhMrjbtnptxjqfix5lIp7XpxPQgKCY+Hvl2wsXkVWgZoLmZh9fv/EHp1HuZ5lGgvKE6nD0FkXRQJu9cHD9kPkCcgcnIdjjlfw/YrTizjvYDT2/dbnFSQAkQAgcSSgXOx0mDn5Wj1mJqparcqCiXkzDUCQgE0r0zjDDdRx/Zn9nIlij09Pz25z88aM0+lVt7zJynwNfT3GqlVlS6jny9snVuYipIikHX+tq4LpP/6t8ztHinD5bM2WsdZBdecOpbfXnQTqN258C41GgVvgNx4yPeJ2nS3pXphWUkV5Jtw/rH66Xm794R7th+zpu2fMES3X2Uq0fLTOlk5nrzL9tDtPKuXYA1dOWKETmTyBlh+/sYvtKvdz+hHrWzWWPErePXOuJyABsjH19UsyFsoGu8xuWGNxKCUhj1uWp1w2HeupVM9yjfnkidZh6KyLIAE/eTOZzrGpzHW5PEGZg/Nw3PHyz584vYj35kai3KlWo2wLIgEAkICcgDrRnXJL9DOU0XcGJKBD24IE5Hatu9ueDcBj95LDinW+E21FbBuOWKv7YbmZM8dAy4IF/naCtdjaKcV3PhvM55phUGZH10vcfmXdJMBcZN6xwior3GV+Ys+MGXfZSjVlXt2w4nuG0lRJD9tEXWKuwIyZGNv2Z9v+p3OZxaku22K5HtSPMPbqH3bxcF6Ty+Nv+aeZznnA6jWVGtFmPHmuHt+ZQ9965/hVm4AEhIypt18BbbBpmWrwEeD9DTkwh4+Oysfpat8aHVm//BoLyhNHh2GzbjgJ4DNq1fxq75wGX+r55AnILJmHE4yXV88xehH7zY1GlG0BCQCABJCAde4h9sIPFOmWjQEJMMo9QQLKItiaDXfngvu3lxqjkIB4tW7Kzau78P2AkHa8tZgZbQirrPGfe2ZWe1Y51UUC2mJ71TSJzKxlhYXtZe1Y7S5bn+0wDqD9CBHngrUsanVV4eH9T1fuVOHtXsQ3GKEkQGu5zWxAHn/LP01lsHb4XyvcZcSS57MSA0PGIkACvE/PcspiKlcdSgJunbjBN3m//BoLyhNHh2GzbjgJYG+NKo7ie/eQAJc8QZmD83CS8fLPn8hexH4HoxFlW/5GEqDBDwEJIgHdUqnEDMd1iRmBk1JpWC7wuWdfOMP3wK0wgRZibvgX4/mtp6P7xm5kAvGItYw/q/YedyYsKynYTrAWM6OWZWXrP7HPaqdQuXIC7EfcmPv9rMyHk2NlhXP53qsZiw0/WYe5mfypAFt2/pE9XVF+kxl04Xuyb8NIgPs5Mnn8LVskQLG6ss5Ncjx5PokEhIxpgAR4nt4bhKKLw0hAZpAgENIvv8aC8sTRYdisG04Ciq6NlKJ6LR3BoMzBeTjJeHn1HKMXsd/c4a91fNuCSAAAzIoEaKo3MXAnPgkQ5wRshpIAZctpdvMqNgmIU6u2PpA4jAQE25HUqthU5ptlRlkJ21Y1BiTAseI6kaEsE7VcPshe3L3yvdrwg3FOvONQkD3dPKVYN8xsrmVlGAlY86RtBuXxt+yQgBNzyZyPK89nfSIoH1M/CfA+vUlkf2dxOYwEOKOj8dGR9cuvsaA8cXQYNuuGk4CMvVpXwkcwKHNwHk4yXh49x+pF3Dd3KPz5bzsgASABQPJIwJKu6yqpGo9QaQzFzyQBxqmTqrTSjU0CYtRiSyCtU969+3E/hAQE2pHU8pvRNN/BdMypTQLszEceoO7yUK4T8+8PvHWJq/Br6Jd0/NTFlI30ej/EiP/H3rX/pLID4d2EkAoCgifRYEj0GnIVeS1PwyMRVw4Cajw8IjEkJzf+Hed/v233wbJtd8tDUc98v7AstJ2ZTme+dru759TIJ8tvW/EmATx5/EmApDxrkgDz+knQXNgQ9Kk3CbhH9r3lJS8SYPdOgHQeTy+WBLjlkbGhyOu8SUDGNoa4B1mZWT/cpL+W7CylhezI9b4SkCJhRSq2AAkAAHa4J6Cm4rnKzP+JJ6uTgF+a8nB/W9XLuOEXaRIgUUpFqX+sIyEJYOrhlHKH0cxiGb60IAHW3qgH+sKEY0eG1u3rqk9phCLW3i0Oco5sJUp7Cn3jWkbRUuSVK7IkgCePPwmQlOeW8zdFabV89oI9G0c1y6v4fepNAnAvhYzr4uQNN2ISYPXOkO54yHEFdpMAtzwyNhR5nTcJKHMf+LcsDysz64eb9NeSnaW0kB25fqghudgCJAAA2CEJGKlpcxPvlknAtR1kjsWb+Ncp9dNOvbfilQCmHl4pdxgt2/c6aCHHxsCxPcUNL7+OZd+KuV08Da12DnFxwS76K/OOcJ8gTjaBPz26Irk3CeDJ408CJOVpWnN5JwXAfCftsV+sahu6ZK6FC/rUhwTgTGi8fajnfXfA1F5Uz/D1YkgAI4+MDUVe500CnpFNZZRu8ZUrDysz64cb9NeSnaW0kB65fhghudgCJAAA2CEJSKtlknuOlG2TgIl9STbnPRdYtVQfoQTNtVWPjYFMPbxS7jCKAyNqk8TTOUMOEpCga8WPxk50sl+7aCyalq2t3/0QNU4Hp/AMnwUMU/bVa20ejzZFJAAH+2IUqQ/yJIAnjz8JkJSna13vmBbD1oV++ubZH+LuDFo79rUIQn2PPvUhAVNi+etBnbbnQQJi5B6CBq6ZzOZ5ejEkgPUNCRuKvM6bBJCbDwu0NzXc1gG3B1mZWT/coL+W7CylhfTI9UMKycWWv4sEwMOCAJ+LBFRVtUlix42nE1+VSjjSHJdKxt+CzzGkPuIJcnAexWGC3ATcfyyVSkmcHfBHSW8YoQRlXvqNPInPgvuE1yuFp6Kxtp7cJxrFHvMiEuCqhyk10xM4OeLfhs/4ZL1m7lSEsPUAACAASURBVL+KFksj+pS3oxtNuT2hdrtsl8mGqoo5uUP7+nSqk13WZOH7/jfOdj9wmmrMSXpsiTgUit/8Gg8q5Brpb27r5r4DKyHx7DN8K5XSKES+1vv2ZHNZHqZmosQ5VgbPd68amASk9aGsPDiHHQ/mFbLr8Y+9249A81wCR73mrJWw7p1g+4LRi9f6tcNxPUgArrtSIE8LOuPamWMxVh5/G/K8TtNxpUXcMKlccImEPIYolBxc5YhLkcviHHkYmVk/XLO/2PElo4XMGJRBley37K7ytElYCQAAPpwEFNQEWXBVPR8G01rU0DKnHojekTWiBym6IuDEQLF+MyDaFLReKd36wwF9bOoFfyXSXQ9TyvhLwHpgr9ow5vIGaJScX1D1rHPG82TI9MhCzgy8JKIaawXInP0yOHEIROaGnNYJ6ksaMfZx1nK5uKa8JA9Ts/HbnE5BBvRprjlZeQb2fwJNp0xek7uHmFUm1Rf0BaMXt/W8UVEu6UUCCtZjec23WLj14liM42O+NuR53eOSFoIRVF9M/MoNhd+DbpkZP1TW7C92fMloITMGZVBAErEFSAAAsFMSoKXUJFmevPP04Sc7D6aezIu9iF5cpCmLZoSes5nU1JjImXuMI8Id5uuVUuY08AeuqSDRBn9PAFOPu9QbDc94/jinB8biaI8eR1uE96h5jaShkzy9szpqT2jG5lPRM2NHRvsXJy0aVxOCmNc0A3skR23Ibd1YQy+L7aM71hJ7AnmYmmkuVW/JvQfqlPaZLi3Pq/EAhPNnW6saLrdX83KXh/+MmsMXor5g9BK03n/5XdNI/usLSUB9VsykUOToRWBnjsV4PuZnQ57X5Z2PfRE+D6cbNv5wbCxZcXvQJTPjh8qa/cWOLxktpMagPzQVScQWIAEAwE5JwENKvSADNb99x28MnpTGtKq3utsvpdX06mzlevxL0XSgtzpse7Wl1N74eXOz+ruEtaZ+U/PbJPVPr776zOkd5VEazdfuctV932fIBKvX19XuZp6wwDFCQTEJoC2spBdfHn8byvkPp71f+lXzYdW+YP1w3f7axthZAw8qeq/YAiQAANja5YAOmWNpTzBOAZ8VHfoYIE8SAPiUHQexhUcCYGMg4HORAADgc6N7ily3+QMJAMBKAAAAJADw3XGKUtG0vR2VRf0cocO7u8ocTAWAlQAAAEgA4FthZnptVPBepp+2X4OtALASAAAACQB8L9xkEtGj9ly0UbIRjlDEKmAqAKwEAABAAgAAAABWAgAAIAEAAAAAKwEAAJAAAAAAABIAAAAJAAAAgJ2SAEhDACABAAAAACsBAACQAAAAAICVAAAASAAAAAAACQAAdkECzjKaopT3PJ7zrT0n77/j+PyuegHAxz4H/GMLkAAAYNckII/QTyVovGJWgBJCmW8xIFvtYvGk+7X0cskM+CjU5slyuz7csHe+zdhZBxKxBUgAALBrEjBBIfoa8Y7Yj088Xpm+IYa1/jaquZ9MZOZb9GH0pY/Qa3twyQz4GNweGsMms2HvfAkfey9IxBYgAQDAjklAI4VOFOUAnXv4MR7Gh6v4/ctpBqOiKFlycDrApy4uMzYurXfSD44CRLKjc1TklRoWrBIjO6SSb+E3Reme4YMjO/oe4VpkglJqKWSvqtduAmlqJRJAjZcJP0Ma3wj9lDlsUo3NeudL+Ng7QSa2AAkAAHZMAl7Iit0YoSsPP36aFAar+P2p0WKzaXyG8am5UxQjQzXKizNRXqmrxe8mbdCMbzFFeaQHqtUiJhMBKdHGzpC9ql47wngFEjC1LBaERL4J/iAUr3Uu8np3w975Ij72LpCJLX8XCYBbBAGfkARcktXKtt+EZzVU8cRcPcWz+3IGe324ik8FK5l4PIbzdzyeqcwoByDrrZO3Vi6BP0O8Uh1cBv8Wj5+2rZpzpBCZ5vYL+GDv2jofo8xgywn1K5IAbLw47e4eJPJN8AOhmfJtPeqD8B6xBVYCAIDtkoAOQkkykc6u5NgP41syQxJfhrdX54+c73q9QejG/tLDk/c8nd4fGiSAW+oQpZdXGKMI0VfIX6hof3F6Hzm/rR2yOXp18lPXm+wa47FcVOvnF9Nx7amWv/AroNVuZ1tIMyF0YFnUUUlTWzl+yenuqpljQ4Fea1jDrQUrIVPK11e5eqXp4tTKHiXnG2v0BUcLibZEXuf0zDV7R8Z91ootsBIAAHwUCWj9mUyyYZx4s3hWvZfNJvlOHE5jBOaO4PMYpRXup8XTTX8S0MfjwXxXfDCNIrIkQKli7kBCKJY5vzib8dvB1SgVEoHTk/EiZMvo1ZmEyJnEdQWZ1umMYvSCxMjY6xQOpENktTcZwnWdGFPxAD4sKo0e2e8Qa9Fzv/eMqxfJRdS+uttPx8v9AS4YNsJ8kbaVyg7FMkuhhWnSJUJV0+Yx3EDnjkSfIxr5+/tE8aiO7b6HRU3vCXZt+erO1My3IavXsHceC531Os1IOn3Y4dmQKcVriyMh05aMr7r1UjrXxSKupEjwvIJHuethfIyrBesJbFMcz2TaYuH2Op5nsr2zFbQm2axEbIGVAABglyQgo6rLxJQ7Hwgav5UXZ+4WJc7XJwEThArWsW7GfhkSQH7r0ZuPjp1MxWdjYC1hCKzmrJAto9cgvThlcAzd2i+G0uS2pxk5alMxkbULnAbVePfA+NsPc9HDhKXy7NyUJ2YZvhqw/pO6EskshwJSH14ROjO+VUgVZt0hwp4GxnFFUW7NTRjcWnx1Z2vm2pDV68qsOTCirfNsyJTitcVKyLYl46tuvZQ356DoSnsUUw/jYzwtWE9gwWrBtsWC8TqOZ7IW2w4y7ugzAxIAJADw6UhA/qTdxmHprFjGQRRPeh75Tvw8Gk2cyRLnl1C928njZGwlmnVIwOHSTF6RJwFPOGAG8Xn1YinxLXECN+hew0TYmE+VZPX6Rfcntss03B+a/0GBZLWaJLHzlSS0/xC9s+G1PEqbuxJa7ZGKYjjgRiuHNNcqCp5Xxib6gCS9W/uSM4r8MOTJEpvcYz4WKuWbbyQX/BTJLLkIi00RtbYGdpMRUsGfEmk9R6aV9X0c8pMkuT1eYsF+c2uR0J2pmWdDVi+dpsB9g3+evXFtyJTitMVKyLYl46uMXso0shg1ew1Zj2LrYXyMowXrCVwJXVrw2mLAeB3rmazFtoR8u1iUiC1/HQlIQR4CfLY9ASWEhmRu+Msvr5SdEwxjJXHukXhxbGlThEQkQCUt+5diSQC58zr75tr5hkPtn//Zu/qfRHonvpsQU0Dh5J5EA9nkDkPOV5TFBbJgInLc+QJGRXPGmFyMf8f3f/+2+7477bb6ICt55vMLHreddtph+ul02k3ZC6ATxdc6801rsQk1XS9W6kvfa7czzQypz91x4q9Dun7LDd3F3pG/+AlSE9m8pL8ywnLqrPeGf12+0/NdP+32HAvX9yv+WjNPJzRnvrG/ucthUZulmDp69MIOogQpN3Y3UvL+BKY/+kvMP8Iek+oOJUPbAHqtUD+YZ3o9Mxpgadw+BKVgXbCFnFIKtsrTy5FlpO4ugdERyInbGOwxaAncJX1cC1FdCc2SVgctk9PP84Oab8FIAAKRKQn4ys7v7ch+/8nJ0uP1g7wlJgEhuCRgO3K+L60UhwRMnBDmmp1Y9Zykzou5SZCJYCrqRVurezcZPbvTDHVra14Ud7LmChKRAKMPcrE64ys/MksLd9xu0F3Xf+ZlOrBG0a9m4jZLkXcOS16FqYGHfn5AxZ/YtrxGXwvTKZV0h5JBH0K96MK04g5dU0gCYClYF2whp5SCrfL0kpMAODoCOZAExHsMWAKfBMS1ENXFywCMWB2wTF4/zw9qvgVJAAKRFQkY1ut16gV+1x8IOa7Xz1VJwIDFQTfvDqZWSrY7m6UdiEjAzCcBM8vBk6AUhwS4AeU/ST+Zcibu2DtRQHEgJAFAr1pEZk3/7coJgud/3YCqgAToMQ5gv7r7sLp7Z4I2CYPTNdf1U7de6XqgHOdV3GYZ6l6DNoPUQDrxtPy53/2Gjrh+5QYCBGfYlXSHkkEfQr3yYfz6h4gEwFKwLthCTikFW+XpJScBcHQEciAJiGkBLYGf6RnXQlRXIlqRsDpombx+ngve4FuQBCAQWZEAQ48nBm4pkgA2vXjYGL87J8Am3qa13wRLlhPwVz/y5fxDyDewnjPT1iTE90OWkAQAvYrBNOpjNZJF13eXnwISsB4t1voa9rLjjjuE1EJCM/ZTxkJUxW2W4YR6fY9HfQ8SBYNJN5yLak4gQHSZnZLuHMnJPoR66f406Cyn+SQAloJ1wRbySsltlaeXnATA0RHIASQgrgW0BB6SWojq0lKtDlomr8fmguRJuC0kAUgCEJ+PBOQbjYZOdIPlqhgUNVUSYHcrvszS8N2JgWVvRegnWfdlJGAzDCyaYAXb5KQZhiiE+QdnYhKQ1GvX34rVIsHUIHtq5obSVUgAnXKNk+b21a+p547PSXB22nRd/w7L9PJR+DoTt1mGXGTIV0QkoO6EAn6AeTSAku4cyck+BHrZkdDQs4gEwN6AdcEW8krJbZWnl5wEwNERyJGQAGgJ3DV9QgtRXVqq1UHL5PXYfHYCDOZWlHwLkgAEIsOcgI5OvfAjIV1ZdC/myG5b2uT8zBq1iSitTIUERG/7PyJkoslIwFaMBCQmAO067XrX3TAEbYpJQFKvNph7NyPvQxu5O610Anvxl5QiEqATo+7/VfQ+C+6Osrbuuv4DQnpqbdYGg7ShouvSw6qDLT9eziEBTJPatZ+cxoGS7hzJyT6EelHyVw8r8UlAvA9hKVgXbCGvlNxWeXrJSQAcHYEcCQmAlsBDUgtRXVq61QHL5PXYvNAhar7lv0UC8LIgxCcjAXd6w0vifQMJ6AUuZTOSdvxmEsBeDPA0NxLw9PLyJG5/O9g+aBWEJADodUMCB62Nj560+MtgVl0HOvGXWUMiIgG/Ajd95j9M55AftpfL4Lj+Pe/ctrTNgwYhDUus6k4wmit+aiCPBLBzlluQSgVQ0h1KBn0I9doKgsNj3SMBoA9hKVgXbCGnlIKt8vSSkwA4OgI5MhIALIHbxIQWorq0dKsDlsnr53nhjqj5FowEIBAZkoCG3mbuTvr+vZgjuw82Dw/EPF/h2mD6P42nOZGALlNQvOZgt+KcMFc7/E6EJADoxQ5iHTrtatFvvmhuJrgbuGYvP3KT0w1C2Ke9JSQBF4RUnG1wK0jRYq/5qfQuu841/8z1XxlBnlvreb3UF7bZKfFP2kgVI9OtJSIB7nZwihwl3YFk0IdQL4vW22bdcVvxTweAPoSlYF2whZxSCrbK00tOAuDoCOTISACwBA6AFqK6tHSrA5bJ6+d5wSBqvgVJAAKRHQmwdL2vjaMTM8eXTE3TrNL5gn6YI9t1SWT3z4XdpB5JcAb44pWQUpfO8GfsvtNnx8Hf0PLU823Sjxvb976kbT1OOieGQwJAKfuya1JXb7qoeCTA6pqUI+ybphXL7ko958ymvNKReefcMbfBjkir6MWuZClUL/cOWLGat/wkq6OHhxHLu77xU+hy5qWzaWtM69SxvppmgxSY2K7nnWnx8smo6jSyPG16688AY48fkfXT29nlMdtH/ctts8uTGERXz1u0ULHrEKTOlE6p+T37cUSbNqX6XN3QBnQ7/uKZEPE1M2q6cyTDPuTrldt52Q3SQWEfwlKcumALYV0KtsoZ09Zrld3Cw/ZUerfKFgXlABvjjQWwBC4JSGjBsUMAYHUcy4Q9Ni9YLHdR4luQBCAQGZOAQ73CwpB62ttMNmIyLp04X4haaqH6eZgbfBoV43qGh9XIVzanlJXQoOKvwTyEx76K7J/FlFBG3i/j1PmsqFc33MJr2/5SzIcXXe5H5XxxTnoF2Am2bb3/zgXNbpZdIVXf9UfLOStc2Oaga4XLK69AP3jpMrFctXLOsQGWgGmHs1jq2xbkunMkc/oQ6DXxc9KNY58EJPsQluJpAVsI6lKwVc6YRl97XVa2KCgH2Bh3LIAlcCLrQAtohwDA6jiWCXtsXjgkct+CJACByJYEtAy9ygKEP9NM+HdUhPHgLl28XOW1aapbLQ+Hbqo6izj2jYQYFh048L7Udwa8UrPEJZvOdUDjQsAJwuuCmmynvJmqhzNjlAbszLXeVNVrXHS/2Qxkz7xb0XeDVOqBcxXst3M2t71Q3xvJ/fEPsj8768Vcj+1jkJLX7Is/fzst5oW9VVnfm1bWDq4FbXYW+PSpfEekpTuflNk+7D/On43zV0fId++GvpApbQRXGAsg1Z0jmdeHUK/BVpno6+3tveB0QqIPYSmuFrCFyboUbJUzpp2I3f1QtigoB9iYYCySlsBJWwBaQDsESFodzzI5ozMXtHQi9y2YGIhAZEsCJga7fr9Cmm8zavvyWrMfrNFgPIdfyLbV617257BcODuTPTEbDYZv18u+He31Y0sk+9fpafwdrheDpmQR1eqMLP4rVDb9g3zsqf7otHMla/PF9jxcU0f22kVF3VX6EOql2V5emiXuQ04phRbGS6naqkwvVYt6nxxoCUqWKa1LbHVv7ec3Y6KT9/gWjAQgEAvdDhiylUfrGn+n2WFoODshi0eRZO+g98T3FKAlLLs66FswEoD4/CQAkTXG30j8SoFFoQPuXEQS8N+0BARGAhBIAhAZ4BsxSs6m7WDRNY+Of/4sEbJ6sJ2h+qe0EeuUifTQErKzBARGAhBIAhDZ4NEblfkezlaCLssrXwSC3LsmWkJmloDASAACSQAiq6XwbqW0cfKcwRGqu7L7qsbVLOfftteI3SFaQmaWgMBIAAJJAAKBQCCQBCCQBCAQCATi40gATkMIJAEIBAKBkQAEAkkAAoFAYCQAgUASgEAgEEgCEAgkAQgEAoEkAIFAEoBAIBBIAhCIjyUB33dbmtbO4z3fC8a1aS5dn7duqueLegax/EDfgiQA8flJQJOQX9oKIaOP/S30a0cUtYvPIadOpYwy9g5tQu6WzaOZkZcPvgqGwYy9oJA/XqbCSwwRS48F+RYkAQjEvyEB96TgvLL8g69uW3db0U1/ym7NR45M8hYVkcvYO9QIqS2bR6NtrviBDNEwRJ4Rjlf8GZVxRywhFuRblocE4BFBxCckAbbBpqIvZOuDfwvVhq5LJ++hoffnIUcq+XUtexJAV8NL9/oc6tC/+oazq/OHIfKMcLziz6iMO2L5sCjfgpEABOJfkIA/LGI3I2RvAb+HB9nkfUbI8zzkKEguZk4Cbgi5WTaPdn1/eBlG+vnDEHtGMF6JZxTHHbFcWKRvwUgAAvFOErDD4rInxLA/CQmYfhgJmH4yEjBY9pfH9lWHYV7jjlguLNK3YCQAgXgfCRgSUtW0HNlPjaU3HxJ7tvZsFvtl250O++h0Wm+bDFqds0fZZJB4Zq4k4KFvS+pSwGR2NqYf53I5F82V8B+3hNzK5AgQkwPqUpKTHEGGWb/1FjkfTALepxfi00DJtyAJQCAyIwGD/93f7xcJ2dg/JCS/v18V/JTvC6x4pXdMvCeGd2X2TfnOyfdZbzQKLzohRn/Kgl3UmbfYV4NJb2etsHGwLZ4MJkeOZGP/yvP6V5eE9K4YbNEzSTkXqw2K0kjTVvI5+leem4PEkUxJwOMha/DOVWpdMeKQaxRYFLtaaDRyXlKfPS053bvaIL8Fctq0Ybkjzf6dY702iPjISGM5cpLgyQFtTsjhj0V8BLXTcqNRHP5kvbGxIm5PkXV17v/snftPGk8XxncS0xzFS8VvooFs0kJIFeV+sVkhAZFa8RJFTU1D0jT+Hf3f35nZi8vOLLttt2V9+3x+aAGHs8MeOOeZM7OzszkRMPy4l90snnuaJNhG5/dgm1h+j3F+QGroPRwdxYgt/5wIMJGHQJpEQJmx+Skq7Rh4UnppYF/VNfK+ySVx6Y/3V8fYvZgFJGpv2E/N27Bk0Flx32nKScOavy8DfRvFzsT+a1uOJgW6BWY6yzxCOZ9s01p0LB9P4m99/mBHqiL7xbMXy8UQOzKdbY/f2i/+59nb9wsk1Y6Cxo7a54AdrS8CHjTa4qFjaa0R1p839rOWXwR8dy2PQtpo/B5sE8/vMc4PSA3lYPR5gghAJQCkTgRU8/0+D//v6y2e3uv1unZW9k68NdNvZcX/ckH3V5Ewcp1OTsTpr4Zx+4H//64u8kqpwkdrdf7Snq0K1mXaOtYng89cNKw1qyfPYlD6ib+Q9ff2XN9GsWMdr/NEkRNl4usDPrb9pvsQGstCBBBrNR/IXaMfciw/h9/lxzO+tqYl2jKcs7F2PB5Wd/mb3ofY6fWnjLb4udhs70i9okG1oxleKXbUYyl2NL4IetAY52Qu/9Gc8n8rof25nU4fAiJAqIZ3O77l/8E2ukpAoE0sv8c5PyA1VPv1emRsgQgAYPlrAppEl2I0fRc2c8wj9Fs5uB44ImDIM8eBrCIPizyXDKVOyPAEyf/eNRpEu056YE2RXviQgI21yWCVv02Owa139rB6fDvrE+3NBF8a+jYaO/xY7MkdLH7RfgqNZSECtvbtz/Vu0bHmeGOLADnUsUXAubu6b8YPEG5HJDr2zB/cDPSrJlQ7Rpic8dlRj6XaUXyhelCOxleEmzpEq4v6MwyKAFlcuKz5vTyMEgGBNrH8HvP8gPQQFVsgAgBIgQjYEfn7ICznyRTJnM3eZrYI4D/tDSePXfHxY1OKgGsZ1k3+2qZMIiI9OJeA/cePrEsGpzztOHaGTEwiOC/6xwzaNkpSKTqZ+YZoPfSnqFkYSFWnyL6x6FjRIsCx21vthNvJijUTi0KFYidUBPjsaI6l2lF8oXpQioCOcwBzUX8UEdDzzuber4qAWH6PeX5AeoiKLRABACxXBAwLhQKPtucFHqLbhYJ+zXWeXpZh5dm5PX/sldy/yaK0LQIMWQ/gv/ysnR4yTpt737Danwx4KsoeO/Ch6bMuGWjbKEmFP2OXdiFg8jMigLnp3Fx0rAgR0BOrA/amlevO/qI+ZyliNxzFTpgI8NvRHEu1o/hC9aAUAQ1XUS3qT1AEuJYviDaTEwGxPhdIL7FiC0QAAMsVASabXxioXW6VcUeIHuu+tXcnsjjgiYC2HGw6IsDTDiaRpUkG7fne5XTJQNtGTSo1uf/uzfwmdNEiwNknYNcWAWHHihABxp73lt1xuJ0sbUfEiqCdMBGwHXF+FDuKL1QPilPoSKIPjggI6U9QBHiWSy9e/n0REOtzgfQS3BOnCBGAzYJA+kTAaqlUYsRMsaLP5Gj3sS8rG9pkfavm7mUBXi8CvB1xV8TUoJoMDsTqNJe1He10gLaNmlQKshTwQdErPyUCwo4VJQKsY29h2+Yw1E60CAjaiSMCdMdS7Ci+UD2oEwH6/gRFgGd54+V6x98XAbE+F0jxTIApwkpEbEElAIClrwnoMp43nxbt5NJy5oznRqzePcFGRLUwEeBOEV+SM8scSAYV3c75p/MvVkJ21w8mFd6n/I27pC1UBHxcKAIqcXby5yLgu1sQcUTAXcO4+nzaGfEzJZcl6u1Ei4CgnTgiQHcsxY7iC9WDOhGg709QBLiWr3y3Yvg1EfDxZz+XM43SQ8pNJV2Kii0QAQAsXQRMWclZxBvGLdHalfN4XBeXk330Vd3XZbDWiwB69Eq7ZV0yOPRfMe9LK33fU20bTVLhAoAVF2/CG7CsioCwY81x5c6C8yRmi4CP3rT4nn11nd5OpAhQ7MQRAZpjqXYUX6ge1IiAkP4oCwOdSkf/ZXnAr4iAaL/r+9MrEZWwTjCNTCkqtkAEALB0EVBiLXE51m74N1hcTlaTKqDBh2dv+f8XzC2JWy370oEQEbAlNhK2+Ltexp3+ZHBpejPKjdn2pj1LPXYX+D/WM9WQNrqkIieRF+bwgGVVBIQdax7eSFwsYRVdEfDgTftX7E7p7USKAMVOHBGgOZZqR/GF6kGNCAjpjyICsnJm4Zp8izJ/QQRE+13fn+1Iv4MlYVJUbIEIAGDZIqDD2ImIv4MFX2GxscxabnJYEdvr5Z3iAK2PHh9HYue6W8M4zRMVBw3+/d45tLgIKI0unW1kyu2a2KFG7u3SGDWbzTp/wv9ryiG72Hhge3B3P2mLmcNv3qT13mTWFnvE/NC2Ue04ScTe9iacectvbreIXfNh7JvZJk8qd2H9CZIhWmlO5PS0eV2wkxOVv1xYVZFh77Sf6/K52SzRmujw8cUCERCwo6Cxo/ZZtaP6IuhB42nEP9A1b315u87PRldr5+KaHzjHc67owMiyHc856LfEDoptbRuNv9Q2cfyuPz/2N7uBlJs6OmL1aURs+QdFABYGgnSJgBrLiguw2cIgevzyvW1Z7lDMpeIF4pn8fk/kfqEVkXhq7nbD9t7813N9kUfM+16oOXMOE++VlRNtG42d4KSDnnnLH+SjrKhaCsyw/mhmFV54a7jvt3GWPwXt+J8fhFdPFTtBdHaUPqt2VF8EPei8aUVW9TnM0tnZnTvzE2NfnjivQ0NdG52/1DZx/K4/P9IWBpsppEYxYgsqAQAsVQQ0TJYTBeazxV/iccZ+/17VfeXe2Rm8LCeE5a1o2Km4wpw9Gsey5CxuLfNUL5u0sess4qr6b53hbBxwsmo/3ajcvFQe5BpwVrxt6Nvo7NjZ4DTixzhnuWmnF0P2180juv4E6ckNdt99FhMQ3+0lEs6q9Q1vfXvAzsgn/8/D1wSodgJo7QT7rNpRfRH0oPEsLb83jJl8kNHaOfd/mcxHoyEcn6/KOxlsDvRtdP5S28Txu/78dHmr1S5SbupoMIoTW1AJAGCZIuDKZPvih1qN+hpbd6PDk7mhsfVpMLhfcJdw9yazUTcSb5yMBt3A0iHr5OvYimgTpBtZCNBZjtefIBe9qu9cWJMbw3rsjHrjn7UT6JvWTqx4O3cs1Y7eF1EejN+fRsT9o2OfgYV+D+vPBfYOSiNXjOLFFlQCAFjis/PEJgAAHfJJREFUdMBQzCw3bv7AF//kL18a5O0BDJbuCwD+ZGxBJQCAxETA/03i6bo3AQIQAQCgEgDAckXAcZFo5+ysPfsLv7FR++xsk2i9grrw0n0BAEAlAEAEfPKO+Rd+Y2xunTtYpi8AABABACLAymxIttp/4Tc23bIPto5FAUv3BQAA0wEAIgAAAAAqAQAiAAAAIAJQCQAQAQAAABEAAEQAAABABAAAEQAAABABAEAEAAAARAAAEAEAAAARAMDfEAHvyw3DaK1in28AQKIgtuASQZB+EVAl+mS8ETcABgCA5EBsQSUAvAIR8EBr8nbtQ8QsAECCILagEgDSLwIsk/KG8ZaKCFkAgARBbEElALwCEfBFVOzuiQ4RswAACYLYAhEAXoEIOKCsYfTJtBCzAAAJgtgSFAEm8hBInQgYEuUMY4WOELIAAAmC2IJKAEi3COj9eHg4yhDtHtWIVo+OcghbAIAE6D0cHSG2QASAlIuAMmPzi1WfELwAAL9PORh9/t3YAhEA0isCqvl+v030vt4iKtfr9WvELgBAAlT79TpiC0QAeAVrAppEl8aE6A5xCwCQIIgtEAHgFYiAHco4i3gBACA5EFtUEYDNgkCaRMCwUCicEp0XHonahcJnRC0AQBIgtqASAF6BCDDZ/MJAbBkIAEiC4ID3X44tEAEgtSJgtVQqMWKm2L/C5OQRuwAAScwEmCKsILZABIC0rwnoMuoYT0THCFsAgATpEmILRABIvQiYspKziBcAAJJjSogtqgjAwkCQMhFQYi3DWKVdhCwAQJKYhNiCSgBIuwjoMHZijIkGCFkAgATpECG2oBIA0i4CaixrGOfEGohZAIAEqRFiCyoBIO0ioGGynGFk6QwhCwCQIA1GiC2oBIC0i4Ark+2LH2oVP1QAQIJcMUJsQSUApH46YHghNPsNfqcAgERBbEElALyGqwMAAABABACIAAAAAH9UBCANAYgAAABAJQAAiAAAwP/YO/efNJo9Ds8kxnyBesMmNpBNLIaoyG0R0IAkoq+1ihovmBpj0pz4N7w5OT/0fz87u8ut5WbPcti+Ps8Phf0UdjAZZp797uwCVAIAkAAAACQAAAkAAEACAJAAAAAkAAAJAABAAgCQAAAAJAAACQAA+HMkgEsEAQkAAKASABAeCficsZXaj3CfbwAIFMYWKgEQfgnIi3xRiyKn0/XpVLJYPGV0A4BJvHFsoRIAMA8JaEtUqUOR5pR92tnVwly/VTWb0RXgD+CNYwsSADAHCahZklRqVbaG9uDnWKaP2LNSr0u/IwHXnT2Uc8c1E2y7m/fOM7vsPt1X3za913w6rFyN2VXT0nWGV4DQM35seY8SYDEPQfgk4Jup2D2I7A3twbuD+yiYLPYbErDUt5PotRP4z8/ckqGLvdn3kpPRuzoReWF8BQg948cWKgEAoZCAXYkr1RCrNrQHx0TW1tZWRFacB5HY70rAQcZ5t15b+5A2H+W7UgnHibe3D83hQm57W0v6QFU2RKxYxvOF3DgJuGZ8BQg948cWJAAgDBLQFEkotSDZ4T04Y77G6ljk2HmIS6YnAY/1wa+2XT15Gvtl0N67U6a4sOjqRe//4uJ+HJEN85CPOC95fpME/NK6fVPN7wyUJqtV81CtsqIA4P/BhLEFCQCYswQc/Wi3s85cvJEtiESy2cSQHhyR9Z4ErMtHXwKeCuZal91W52VXxahpwsq2JkqA2adcKrXvngs4u7/fcf8v2ScBSp2LKx9DsFuXIoctQ210698j7p+sE+5r1tLp6L+cD2zVr83Hpo4AMFuO2tnspLEFCQCYswRktB68bHXIkfwHd+b2JSAjH/xTBGnvDcv+PFxZ6OzC2pssAQm32H8tcuSqwL5SLZHXAQmoxUdcVlTo/7zHo1o/H1zE0N3y/9wHBmmAWZL5efR5QgKQAAidBOSTjUZZ5HPRmYkzxWJx2BFy3F0G4EvAhlsWMBIger/Udh4O3Rd9dSbXaClff10RsxJokgScu+97dg/JnXdElaqL5AckwLTYUEM/Tx/no1oviqy0Ty/vncCsMLzddp5sFs3K3HRuWaTIIA0wS/KNYnHS2PIeJYCbBUHo1gSURFrqUuRupNE3ehLQkE1fAlZ2vHSzU9+PuTWB2ubIMn5PAmqrbg1g0UzGZ+aD1dWef6TQk4CH3tMBzm5fGiKfXgzf7FGtN7+7TmGuUHYXGN65SxqdVqSq7BF7BoAgmTS2UAkACIEErJvZcXf0zN3M13oSUMtf+RLgzbFRWTIPJyIL/mq7ph5dbPclIJ9xjseb7vaWM05E0pJ0JmutBiWgNtomfloYOKr1i3z1rOWfD7hz39IUsZyNZYkwQAPMmkljCxIAMF8JaKZSKWcGPU89ipRTqa9j+vFx9/y7JwG6UyawfOOPH/gs+Gf3h0qAxOPuCj7PIdZl1dnVeVtW1L3zdFACnKdL00nAsNZrr6udNQCxngQob2v93Q9LALPlDWMLEgAwLwmw9ODCwK3pJcC/T8CGJwHlwXYSoyXAY9e9Vk8VRNsi1YrIlw2/8Z4EXPjT92QJGNK6vd7bHpSAsvPvRyQAYKb8fOr7Pd8yEAmA0EpAJJ1Oa9GWWS9nOSR/VwLMhf8LHaLro08HRM/PE7cni/52TuTU2UFNS27VXwXYk4CjEQsDf5WAIa0XnD+okd9pfblGAgDmcCbAMsPKVGPL+5IAFgZCyNYEVLVU1JPIwYR+PF4Ccp2rBCYdHWR+3mnEnLIvSNwy9xAckABnHr8dLQH9zQ1pXYuV6jwbLwFHRwzYADOgKtONLVQCAOYoAfc67S/i/V8kYE+8mwi9UQLq5kO9uDv3ruTrk4Bn5+h+1C+P1QeLBL+2/sVfDuj6wjgJOEqLpCuM1wCBcy/TjS1UAgDmKAFpvW8usZt4ydx4CWhZnUv2lf2ytlyfUgJs86EWlbryH3sSUCtZAw0OcibePYvUYzGWH9b6hUjcvV6gosdLwJpp+SPjNUDgWDLd2EIlAGB+ElDRum7m1OOxnXivVNoW+VQqeS9bvF0Rff3gPHlZFjm48xxB1o7vHi7L5hzg96GH7yXnoGCpVCr1/Txg1L8MMCbe5QYXr07wep0sRGX0skBlbkYuny5fyubeQD+Gtu4c4K80ThMfzF+9cp1XJ0mRrWPb+Qau79UcCUiftnznMPBbAgBBUzH3/5g4tlAJAJirBBR03Ny/T4+dBo96e3BPoG+7T+Om3mdwawHJvmYKV8P2stz9/979QzP+vfu++zKw0beX3JgfHrvsvmqhPrT1087WqntD4R1v48X9Bl66dzTNqW6DHKoABE5BphhbqAQAzFUCbEsnzI14/xrbh2+szg6sG7Nd8iZbpQ6kN4fWvR/skaXczfC9fOrOy73ZPWdu4OedTij72x7L5fEXFj+7Nw/WW7f+CPNL6y/ubxssHLofdrm24r78RG05/z66n9v7XYKq875IlQEbIGBsLVOMLVQCAOYqAVeW3jFf1Hwg3/r66XE1gEVAdnOaHx+v1Z/PamNat6unlWl+suRih0EKIHCutAQ3tiABADM6HdC8MPPlDd9TAAgUxhZOB8CfcHUAAABQCQAkAAAAqAQAEgAAAEgAIAEAAIAEABIAAABIACABAACABAASAAAASAAgAQAAMEYCuEQQkAAAACoBAEgAAACVAAAkAACASgDAPCTgc8ZWaj/Sd59vEhISklkkSABA2CQgL/JFLXZ+XpeEhIRkVsk7lwCLeQhCKAFtiSp1KNJUJCQkJLNMqAQAhE0CapYklVqVrW6vJSEhIZlFggQAhE4CvpmK3YPIXrfXkpCQkMwiQQIAQicBuxJXqiFWrdtrSUhISGaRIAEAYZOApkhCqQXJdjstCQkJySwSJAAgTBJw9KPdzsZENrIFkUg2m1BH7WyWhISEJOgECeBmQRA6CchoPdgnnzI/v4eEhIQkgAQJoBIAoZOAfLLRKIt8Lu6LZIrF4rXKN4pFEhISkqATJAAJgFCuCSiJtNSlyF23z5KQkJDMIkECmIYgdBKwLjF/EW8HEhISklkkSADTEIRJApqpVOpE5Dz1KFJOpb4qRUJCQjKLBAlgYSCETgIsPbgwcOuXHkpCQkISRIIEUAmA0ElAJJ1Oa9GW+U0LyyGp1i2zQUJCQhJsggRQCYAwrgmoaqmoJ5GDbo+tCgkJCUnwCRJAJQBCJwH3Ou0v4u1wLyQkJCTBJ0gAlQAInQSk9b5SEdno9VhLSEhISIJPkAAqARA2CahoXVdnIsfdDlsRISEhIQk8QQKoBEDoJKCg40qdi7a7HbYgJCQkJMEnSAASAGGTANvSCaXi8le3v9paSEhISAJPkABOB0DoJODK0jvmi5rv9tcrLSQkJCSBJ0gAlQAI3+mA5oVx9pu+DktCQkIyiwQJoBIA4bs6AAAAkABAAgAAAAkAJAAAAJAAQAIAAAAJACQAAACQAEACAADgzRLAJYKABAAAUAkAQAIAAKgEACABAABUAgCQAAAAJAAACQAA+AdJgMU8BEjAe6X297//5ndVAagEAPwTJOA//2XvbH4cRc4wzlyslqIcoqyUw2rEKFKU3ox2JaLd+agdWctho/RAohwSxYf9M0CAhWSwsY3t/aNDfUF9AKa7Zzru8fO7jF3AC/a293nqrbeqonVDNCprJMseLZ27fdWwv5Q4D+Vu61KW2vflxbF+VhjfGtcFceyfDW7FocwK9Up/QhwSx2SClwn0himRAYAJgAkAX5QJIO850YhL2DTHH+gCAimWu/l8fjwe54/9JfbE8Raf7Xc/M9U0dgV115RTX6Cot5ezM7adD4i5c0iTsXtZcej9lzW78k7o9IrffBWOxEnYJXVx5qPRUNvOAUyJDABMAEwAuFQTEG0o0b0TAWdMgLexjmfsTusJwf3TvBIv93POY3+JPXGq+Sn4PD/7Rs1T2wOkTNKFyIZcpd1O32epNApSh5eywV0O3sqO01DK62LdgZhewRR3Rj760W7ZOaHpbcYiAwATABMALtUEiB794d5/2ptxExDZJkFccT43EB7nc5m394+fxgT0xGl8wfHzJLKp2vtmQ8I1U/SiC9cQb1J3gspzAUnX4A7mAgr7BI/nD+plzoXZT7s4qX/OA5xxAbVqAiZFBgAmACYAXLYJOBzWD/jjJtFYJoBG1Y9HrOG8CfAavT4qb8NPYQL64tD7fJY0NlXKmfJ+QRPmwgyIFEHQvEpV8S55DiDYth1/OjqQlslWH0Uwx03MOELP81DPCyRhyExFOeCRmI6vVkzVh+WcCM8RTo8MAEwAFgsCl20CNvb/7DOj4M/zBnr7ish7mTYQThzbJKynmICq0eqd2tBjAgIzkU8WO/qIi/Y5w8VuF+gj82YcWidwmvhLvlVEndh311tME0BleSF1XV4SsneteC+F+IeuvLiR2DQUaQR3WJeNODxhXyhnLGXvfjs8sLASFQR346kArzEJdWcCpkQGACYAmQDwXExAtDkcDlFGe+yHVqy9NevBH9atwHrR+rBZZ4rIE1YFqJ4jJP/+JoCV8I2Jt1+x1P6xaju7RLac5nMmtkElsv+n3ZiZOJl2w8y112mD7xRU7VKujT7vLdfLtr9stXhUJ2PPa51TzbryBU+ld9+QJt6plO6lbPW39V07LDCWbNdNQC3TDupYRCmVftsfwpUXrUYdR3OnuuxMwJTIAMAEwASA52ICuNq/1wbv5eh+p+hKi2jKDuY5PZmCiSaAyvd+xATIEr/utN1RNohigqA7Zb4YMQG239DhQ97xShmqL7tR8FLJiSstyui6mwYyzqptD4dNQKJ1r9XTXGeqCWC1eqFfFL56uG6sh+ea9kAfDYjby4ccBx3WiBUTMCEyADABMAHgeZkAycZSfC7pdkumtmSPywRQYZ57wyZA8QDCBezmZtNeOgI932+ZAHIcTwXwrnuqFMArii8032pxrVNoU07VNa2HTcBWdKZDczYAScdqAqw4STsPoQ4UhXeXfK5Bv77Hnc8Yq/Tf0idTTMCEyI4z+/D69Ye/s/+iP7/BTEIAEwDA5ZqAjFfwryPmBrxW39dRtJYK73GHsDm0JoDQl5vI4ysDvPcelQmgFQGVM2gCuOJX+33FXuyEks9P+x0fAqDXBsfmfeCQvS77dm1BNV4VcLcSBqBm4wFiyNxdJslSugK7pVZNQCy1slw1Gk+SYRPA+vu5f1ebJmA1OjugP45ALBMQtI9UD8yJLNy2YjE1KgqMswLVBEyITD7+yvnlA331AZoArtkEoDAQXHphIFN4OlVA9uk38gXJRHZgI7SfrKUJYKkB0l4ePSoTMLdGAzTxPgnpdwjL5Z9Et79qD/JruUp59FA4YgJ25yYelHLiPikKImbuF1IQqVbbLX6SUyFd5Xle8i41LdWjRf6JM2ICfNU7rIwnGB9vtwoMzZWJbvW5h/0fUzEB/YX+NCWRO5oJOB/5za8a30ETADIBAFy4CQiF+GdigGDdKfiBt7AriJwCyA6sGcrpD8sE+HM7Q68q9bFLFFR8RJ/9w6cBkJO4luxPRzkgEIyYgMCoGug3AV12PO166SI3YLc41uwAqu/5kkr7iAnQxhWM1jSYbgJ4kWJRKCsTJVYdg0mim4Bk6LtIPf5Egag4OB/5Byr9P0kP8As2TwDIBABw4SbgoMg1MesBidIievpk8/69XUvwwEwA65v7gybAUxIFe97PPyopfW/HPEBXKXjGBJD5mfkBpValFyoCzfQvtFt6TIDDEgOyuiAZMAFCUWvNduQTPIAeh15PtZq0GQWWotgmydYdzPRPqglgfme55CMk6cTIs48/0q/k9k1jBH76GxQBIBMAwCWbgMwwAZ5pArywK/6TIn/QTUD0mExAX4JeaQoV1d7ZJkCcJEoCT2czAc79TICviB0TQN9u6TMBjW4ufXv3AMMEOGGRl/FCLbJjHqA+txafNRywki/YMMJWnf7XP7AQtBl9lt/vNx1axWM6MTIAMAHIBIDnlwkg68HhgE7nN8pwwNqT6JL/IBNApgwHEHU4QDt/30r76dOaANYZFuP1q244QG8RJkDtTbOFAmO60M5WDZf3Zd5VPWU1gdvmG50p3+ptnt8OmwCSyyfOZaBUPA2JXXVPAy2Oq17lDp+j72YwEBkAgEwA+DKGA7rCQEcWBrKVhIhskIWBByFT2XrzqNkBgd55t8S7LQzkdkEWBsoRguMxUG3BORPg39MEbPX59Nu+FqfdKsAhxSonQsybc+gXEwbOqAlgURaKB1jxTn2o9vSN1fmsKYJ6AqAd5U9UqdbjLMXq/35qtnbv4oRBG8skHI4MAEAmADxPE5Dxin/isDmCm0xOEYyyLJJTBNmLg2zYyDGDQ+QRPkeQ6b4XRezNJoqy+5gAT5flxb6q2GTA5p99IKV/vt/t9nKKoC+WBgx2e7HOEDMBe8/bMcdQBX1xtBGFIYqc9unr1WqV+F3G3y3v7tpZA3aL9ApLtsUvE8mFnS0PkrJkSwOUpbrtcKks25uLWfhsHn6sjkgok/KtOGxZgVw8WNFKeUFIoQq8EWfGtyxOUsWDWPdibQF9rDh0BiMDAGACwDM1AXJrQLn6j9DtFjowQIwSAGIsFsRV/tBXJDBliqC+YKBa4cdH/iu1pWqVvGVnrCfEkwJ2nHbgYHjJwNhMf+vLASrr7BpT+0pzuaClJZKpNRfAT0o+va/mqZSFay044Mh1CbrBBjsOqy9M0678IJ4SZ+na+xbfWZsEB6n2sXojAwAwHACeqQkQ0r2WiwJ6cjmAzgM0nfWDpfmRYRTkDsXqZdNMAFvg59RvAuZtKYD0AKSrAVDXENSvmvfGaYcLqsFnUffy3faIJe95Wy18nx15ndeqZbpc1TJt75nWgcTmTr6FZgLu5PfD38rkgWdbEOWBZpYnaSfyGXHk/sP0Q3hD56jfyHYwMgAAmQDwTE0AXynwkHkbRb3FMoIs88+v4b5g43VVg560Cs1JxNETCJvsPpkAvShgr6j3UW4VcDI3BwqlMah26vvj3juJy/riiJGE4WUCOmF006JND4hF8up4uMUJhRAvCzOpILvZSgKBbxMk9HTbBiFbVeBbZY636kl2nC7UMhx5QjNOG0ndtsA6x5crBKbJcGQAADIB4JkWBg6QNZgNxJTMLLIbDaZsIFTZSwZaLHY7TbuJ4++apu7uYfP2/Dr11T32ElaYFcWMnGlxgjhWnqddYHdYLIuyLBZTbu/7Z0+5TZJY+/gLGn12Js5dktze+159kQEAMAHgSzIBjkPONkxhigkI7B2Eeh6HnGua8nxHeybC54PEiVYDCACACQDgEkzA2R78pyHLNhNMABvir57iefYTcg4AAAATAL5oEzAxGfBY1uZWw2NZ+ifYczZ82GAAAADABIAvxAQ4XJkPT/Bj2Ew1AXQCwBOkAqp2egEAAMAEgKs0AVlEyZ7gx+BNv9P++ARpenoTmAAAwJOZAEwRBJdnAgAAACATAGACerCj4EcNAADIBACYAAAAAMgEAJgAAAAAMAEAJgAAAECfCXgJHQIwAQAAgEwAADABAAAAEwDA/9UELP4bwgQAAABMALhGE/C7m69hAgAAACYAXKMJeHnzb5gAAACACQBXZwJe/+ZPNzcv/vztNz/DBAAAwOc0AVgsCFyaCfimPfoWJgAAAJAJAFdkAt42xvTVu3983xx9BxMAAAAwAeCKTMCrFzcf6d/pv25u/goTAAAAMAHgikzAb1/c+OwP9etX/4QJAAAAmABwRSbgqxc3347+AcMEAADAJzIBKAwEF2YC3jV/k1/9QGACAAAAmQBwbSbA+wM98PL772ACAAAAmQBwXSbAcd7yY7//I0wAAAAgEwCuywQ4i7d/oQdf/AcmAPyvnTtWaSCIwjCa6cYgWlgoyIAKIsQmFltJSkEEIaDv/yzuotjFRgTvvee0aRfm48/uAJYAakXA7Gk7/3olAgAsARSKgGn/+Zze995EAIAlgDoR8Nba123B87P5IAIARABlImBq7fZxeU6n3teWAAB/B1AqAno/et8dz79eigAASwB1IuCmfT+T1ysRAGAJoNCLga/babkuaH3+shIBACKAShGw2PTN4QdYBACIAPJGwNmhvwJEAIAIIHcEnPYLEQAgAqgYASd9JwIARAAVI2B/9ywCAP48AnwiyD+MgB+JAABLACJABABYAhABAFgCSB8BAIgARAAAv4mA4RxCBABYAkAEAIgAEAEAIgBEAIAIABEAIAJABAAEjwCXBSECACwBIAIARACIAAARACIAQASACABIFAFeDEQEAFgCQAQAWAJABABYAkAEAFgCQAQAWAJABABYAkAEAIgAEAEAcSLAMYQIALAEgAgAsASACAAQASACAEQAiAAAEQAiAEAEgAgAEAEgAgDiRIBPBBEBAJYAEAEAlgAQAQCWABABACIARABAoggYziFEAIAlAEQAgAgAEQAgAkAEAIgAEAEAIgBEAEDwCHBZECIAwBIAIgBABIAIABABIAIARACIAIBEEeDFQEQAgCUARACAJQBEAIAlAEQAgCUARACAJQBEAIAlAEQAgAgAEQAQJwIcQ4gAAEsAiAAASwCIAAARACIAQASACAAQASACAEQAiAAAEQAiACBOBPhEEBEAYAkAEQBgCQARAGAJABEAIAJABAAkioDhHEIEAFgCQAQAiAAQAQAiAEQAgAgAEQAgAkAEAASPAJcFIQIALAEgAgBEAIgAABEAIgBABIAIAEgUAV4MRAQAWAJABABYAkAEAFgCQAQAWAJABABYAkAEAFgCQAQAiAAQAQBxIsAxhAgAsASACACwBIAIABABIAIARACIAAARACIAQASACAAQASACAOJEgE8EEQEAlgAQAQCWABABAJYAEAEAIgBEAECiCBjOIUQAgCUARACACAARACACQAQAiAAQAQAiAEQAQPAIcFkQIgDAEgAiAEAEgAgAEAEgAgBEAIgAgEQR4MVARACAJQBEAIAlAEQAgCUARACAJQBEAIAlAEQAgCUARACACAARABAnAhxDiAAASwCIAABLAIgAABEAIgBABIAIABABIAIARACIAAARACIAIE4E+EQQEQBgCQARAGAJABEAYAkAEQAgAkAEACSKgOEcQgQAWAJABACIABABACIARACACAARACACQAQABI8AlwUhAgAsASACAEQAiAAAEQAiAEAEgAgASBQBXgxEBABYAkAEAFgCQAQAWAJABABYAkAEAFgCQAQAWAJABACIABABAHEiwDGECACoGQEfN1haAvvW2REAAAAASUVORK5CYII=" alt="Play with Docker add new instance"></p> </li> <li> <p>In the terminal, start your freshly pushed app.</p> <div class="highlight"><pre class="highlight" data-language=""> $ docker run -dp 3000:3000 YOUR-USER-NAME/getting-started
+</pre></div>  <p>You should see the image get pulled down and eventually start up!</p> </li> <li> <p>Click on the 3000 badge when it comes up and you should see the app with your modifications! Hooray! If the 3000 badge doesn’t show up, you can click on the “Open Port” button and type in 3000.</p> </li> </ol> <h2 id="recap">Recap</h2> <p>In this section, we learned how to share our images by pushing them to a registry. We then went to a brand new instance and were able to run the freshly pushed image. This is quite common in CI pipelines, where the pipeline will create the image and push it to a registry and then the production environment can use the latest version of the image.</p> <p>Now that we have that figured out, let’s circle back around to what we noticed at the end of the last section. As a reminder, we noticed that when we restarted the app, we lost all of our todo list items. That’s obviously not a great user experience, so let’s learn how we can persist the data across restarts!</p> 
+<p><a href="https://docs.docker.com/search/?q=get%20started">get started</a>, <a href="https://docs.docker.com/search/?q=setup">setup</a>, <a href="https://docs.docker.com/search/?q=orientation">orientation</a>, <a href="https://docs.docker.com/search/?q=quickstart">quickstart</a>, <a href="https://docs.docker.com/search/?q=intro">intro</a>, <a href="https://docs.docker.com/search/?q=concepts">concepts</a>, <a href="https://docs.docker.com/search/?q=containers">containers</a>, <a href="https://docs.docker.com/search/?q=docker%20desktop">docker desktop</a>, <a href="https://docs.docker.com/search/?q=docker%20hub">docker hub</a>, <a href="https://docs.docker.com/search/?q=sharing">sharing</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/get-started/04_sharing_app/" class="_attribution-link">https://docs.docker.com/get-started/04_sharing_app/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/get-started%2Findex.html b/devdocs/docker/get-started%2Findex.html
new file mode 100644
index 00000000..734657fc
--- /dev/null
+++ b/devdocs/docker/get-started%2Findex.html
@@ -0,0 +1,15 @@
+<h1>Orientation and setup</h1>
+
+<blockquote class="important"> <p><strong>Update to the Docker Desktop terms</strong></p> <p>Commercial use of Docker Desktop in larger enterprises (more than 250 employees OR more than $10 million USD in annual revenue) now requires a paid subscription.</p> </blockquote> <p>Welcome! We are excited that you want to learn Docker.</p> <p>This page contains step-by-step instructions on how to get started with Docker. In this tutorial, you’ll learn how to:</p> <ul> <li>Build and run an image as a container</li> <li>Share images using Docker Hub</li> <li>Deploy Docker applications using multiple containers with a database</li> <li>Running applications using Docker Compose</li> </ul> <p>In addition, you’ll also learn about the best practices for building images, including instructions on how to scan your images for security vulnerabilities.</p> <p>If you are looking for information on how to containerize an application using your favorite language, see <a href="https://docs.docker.com/language/">Language-specific getting started guides</a>.</p> <p>We also recommend the video walkthrough from DockerCon 2020.</p> <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/iqqDU2crIEQ?start=30" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen=""></iframe> <h2 id="download-and-install-docker">Download and install Docker</h2> <p>This tutorial assumes you have a current version of Docker installed on your machine. If you do not have Docker installed, choose your preferred operating system below to download Docker:</p> <p><a href="https://desktop.docker.com/mac/main/amd64/Docker.dmg?utm_source=docker&amp;utm_medium=webreferral&amp;utm_campaign=docs-driven-download-mac-amd64" class="button primary-btn">Mac with Intel chip</a> <a href="https://desktop.docker.com/mac/main/arm64/Docker.dmg?utm_source=docker&amp;utm_medium=webreferral&amp;utm_campaign=docs-driven-download-mac-arm64" class="button primary-btn">Mac with Apple chip</a> <a href="https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe?utm_source=docker&amp;utm_medium=webreferral&amp;utm_campaign=docs-driven-download-win-amd64" class="button primary-btn">Windows</a> <a href="https://docs.docker.com/desktop/linux/install/" class="button primary-btn">Linux</a></p> <p>For Docker Desktop installation instructions, see:</p> <ul> <li><a href="https://docs.docker.com/desktop/mac/install/">Install Docker Desktop on Mac</a></li> <li><a href="https://docs.docker.com/desktop/windows/install/">Install Docker Desktop on Windows</a></li> <li><a href="https://docs.docker.com/desktop/linux/install/">Install Docker Desktop on Linux</a></li> </ul> <h2 id="start-the-tutorial">Start the tutorial</h2> <p>If you’ve already run the command to get started with the tutorial, congratulations! If not, open a command prompt or bash window, and run the command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -d -p 80:80 docker/getting-started
+</pre></div> <p>You’ll notice a few flags being used. Here’s some more info on them:</p> <ul> <li>
+<code class="language-plaintext highlighter-rouge">-d</code> - run the container in detached mode (in the background)</li> <li>
+<code class="language-plaintext highlighter-rouge">-p 80:80</code> - map port 80 of the host to port 80 in the container</li> <li>
+<code class="language-plaintext highlighter-rouge">docker/getting-started</code> - the image to use</li> </ul> <blockquote> <p><strong>Tip</strong></p> <p>You can combine single character flags to shorten the full command. As an example, the command above could be written as:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -dp 80:80 docker/getting-started
+</pre></div>  </blockquote> <h2 id="the-docker-dashboard">The Docker Dashboard</h2> <p>Before going too far, we want to highlight the Docker Dashboard, which gives you a quick view of the containers running on your machine. The Docker Dashboard is available for Mac and Windows. It gives you quick access to container logs, lets you get a shell inside the container, and lets you easily manage container lifecycle (stop, remove, etc.).</p> <p>To access the dashboard, follow the instructions in the <a href="https://docs.docker.com/desktop/dashboard/">Docker Desktop manual</a>. If you open the dashboard now, you will see this tutorial running! The container name (<code class="language-plaintext highlighter-rouge">jolly_bouman</code> below) is a randomly created name. So, you’ll most likely have a different name.</p> <p><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACCAAAATCCAMAAABRpPUZAAAB2GlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4yMDgwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6VXNlckNvbW1lbnQ+U2NyZWVuc2hvdDwvZXhpZjpVc2VyQ29tbWVudD4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjEyMTg8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4Kgq5/BAAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAAIpQTFRF8vL1zc7OhIWKEpxWEnfU////ZW1yIYvq+fn61dXX0NDQpaamw8PEICAgqKmrmJuexsbH9Pb66+zucXV64uPmen+DGoDdi5CUsLK12tzeXKfrubu+N5fs3ez6xN/4gbnsMjIzrtLzXmFmTExNSJfelsfzQnOiLYXWMKhrpda/U7WEccGaOlp5i8qsJzw34QAAIABJREFUeNrsnQ2TorgWQHu7pD+2Xr1aZkZ6J0OSigXy///hAgHlI6ERoo32OfXq2Y1o1O3xHm5ubp5eAQAAAFrEn/cfTyV8EgAAAHAi1f/8eooRBAAAAOgZwp/fP8ggAAAAQB/9/uMpRhAAAACgS/Y3GQQAAAAYCsI/HkEojseXw+HleCymnyD0eQAAAPD1pP9zCkJxPPzcPz8/7/c/D1MhPfR5AAAAsA1B+OUQhDKcP58oQ7rv0aHPAwAAgO1mEI4v5dX+RxPPy9sXT0QPfR4AAABsN4NwfHke8PPojvthzwMAAIDtCkJx6FzvW/aHYvzQ0OcBAADAhgThx4++IBx/Dq73P54/XJf8oc8DAACALQlCP4NQHAaX+zXjS/7Q5wEAAMCGBaFzwb+fqhoIfR4AAABsShD6UwzH/Tmc708xfT8O/IHPAwAAgA0LwsF1wf+xPwwfGfo8AACAHkmS7BrKHx9nrLsXhOaKvwnr/sAf6DwAAIBOwN6NuFbgvuVYDyAI+/Z/z9OBP9h5AAAAbcjeeUjue6xRtuJ2XJwXSf8MBeGlXXTQDekf+5fhI0OfBwAA4Lug73C3Y80Z8OqWsCaDcCoqrGP5jOLDQOcBAABMXdFf4cr+lmPNGu8GjrA8g9AuS9z3ygr9yxdDnQcAADAvhCb3N9aXJw8uzouMMwjFodcUuel96GyAFPQ8AACAsDFuO2NtI3twkfSMMwidzkbTF/yhzwMAANIHwTPlWxhrW3ow8y2lf34PBaHeXKm/eYJ/E6aA5wEAAH5wq6h9y7EuyFZsaJ7BkUGotmf+mLmNc9DzAAAAP7hN1L7lWJtLH8x7T44MQhXR9+eQXv7w4onnoc8DAAD84BZR+5ZjbdQPPn1PTkF4PR46WzT/PHjjeejzAAAAP7h+1L7lWJv1g8/ek1sQXosypNeVA/synBf+h4c+DwAA8INrR+3JsTJdfLmNbMIQPIJQhfTjy+HwcvwsnIc+DwAAviPXXNF/yVhZFMmgqx037AfThlAKwi+nIADA3ZLnJs/zlA8CHt4PlkXtySfUURSFtJFN+8GkIXgzCABwr6RRjeCTgPshuc40+oKxEhmZkBMau40znUH4hSAAIAgAG00gmOrP2QRMIXwSMUWkA6YrnKIhtJLVu5JKZ8lmDQFBAEAQADacQBDN33OwFMJnETnzC0IS4o1lJuphso1OMiAIAAgCwHb9oK4JKNGhJhk8YyUdQVDhJjTGviOjEVJsMoWAIAAgCADfXhBEnJ1TFnkwQRgOVqjIiSo2mEJgFQPAAxpCDZ8D3A3OkG30WBC0EWsrA5yzCuVlvTrXPBS9rgjJ8rGSkYZEHmKxPUMggwDwAEKglFFKpXl9m5e/VpBBgHtOIIimMjFrYmp9hW+cxQjJyrEye1mfWR/Qkcz8XRGSNW9MRBMIBAEAgtN87aS29kk5pxhIKMBdJRDsH7XSnYI+o6Unkq4bK6urAGSkzuWD7XxDUlcMLE9XXOAHX2oICALANxYEEZNQgDtKIFx2rZ2sGiuLYl2PeC4flLZoUcelKwxWWCaL39gnfvCVhpB4BOEdQQB4fEEov/oMHxTcjSCYqUBqwgrCrqgPdssDsvIVmDKix7rYFcvnM0aJimnibFspBDIIAN9BEOo6r5xPCjaJf+mCG71ijmG6HdPZQMpwrtwRe6mM9NcvVOqxK3S/aFFtK4VABgHgOwiCZOEj3JUgTKUQzC6oICTZaLyiCediF04Q+sojk1Nf52n1+VJB+BdBAHh8musT/wlazZ6ByJXmA4WAuBsTnC+4Za51Licvs5PlY4m4CtZiEKZFU4mwqhVC71G9XEF8mrco+seTLc0xIAgAd4ySFbmob2Sa1zcqtb+K5tdziiHyL2Uov6Vmhv3qufjk4eqC0F5xt2sOMzlxlb1YEOrGRaofpkthSKS/anCZIPQTCJ1OTPncFEImRGa9QsxMNAxaOFwuCH/efyMIAPcqCDbj6plisN88siMIuShJPSmGmSUKCALcRBCanL9KOrss+mYYFguCqJcpREYNFhNo/1ALx+pPJWS+2kXp7SdpFUZVj3yL5vVdVBesi0jIIAA8FvJCQWi+gzSCABvCs2NSb66+awhrKgfHFqKH5Q5qtyvan1dt6Zj4lzBkc+4ZvFBVT7TU7aJmFjNqWawTBDIIAI+fQXgdVHnlCAJsWBCE1m15f+aQhri8W4QRhERno0LBrFOxmIUSBO3teCCiGXMMWfRkY31xyyrF9N/3378RBIAHF4TBDjECQYDtCoLxZtyldynDqmxFEY2WOE61LloylvEuxDCfLtGo/SL/girFShDIIADcqyDEFaUg1LepqW9UWt+8iby+lW1U7+RQXxEE2K4guIv5hgV9AQUhG6wvOHuIzioCCMJwj+fM1z5JzhAEJZuNo9+iuCpE1uUnI3eZkVGsui82rws8nXfNFgQyCACPjdC9DILslimmYiwIqaNhwulYXxBS54+nX1JaL8AaQdD+9kkBBUE7ljhOZP2XjOVrmpiNtnf0KEy3nCCOrC3FefUvW+l6UkTH0pQe8FZ0kxN2gyvHXQgCwCMHfRktxJwjuRUHWR45C0JzLO/G+/N5fUFIVRTX56V2G51ThwRVWkhzTNLAEe5HEOSwY8GVBKH891YG7ywfH/ctSOhsMVkLQhbF9rWbU7VlfWvGguC4a6Yg/I0gANwh8TI7iM35mj49O0beCkLHO3KHi+ieINSFZKL9wX6/nhMScedBAIsE4fpTDIkpumUAoj+IyDJ5JUHw4Q7fVb8GJbqCIGy8L6InG/1Vm2oYC4LjLjIIAA/MEjsQopvxF/F4aUPaPdb0Vuwdy8+CYP2iyiD0KrT16NWRQoCLgvYtixSrFQxKOpc4Vn/d9bX7FgShqjiI6l0nW0HQzet6e7Ofme5OPwymGMZ3kUEAQBCiccB/7cR9WbVOMqc4bo/p9pg5eUR1TJu6vrEVhPw0X6Ht7EJ5hmyXSDTfttUxpVL+a8EUyfpljos7KapR7aAaLCkYCcLssaaKFKu3oZQjDzhxlZ+Zpm9UM8Ug7SpJZV1AtAMlI0Fw3IUgACAI/sWN6lyOYHMJ+fiYaM9rcg5SikYQ7LRDPaFQWUXcTCPoZl0lUwuwQhCmGyW5tlhcKghlyDVaupc4Nqsc1XDzh0WCMNx7Son6lSRCRXOWObYfylM96WJTATLKs6L8hyjOLlDy5BAEx10IAsADoy72g/7iRtE9UmcO8vExZc8zwwemNn1gCxnzrntoKwb4AawUhDakymu2Wtb22XRnqyQ5vJo3izMI/kZJseh3e569n6NNG1hBSGzpsNj1BEH6BWEyg5AgCADfWBD6CYS8t3eTLVIcH0ur/4/ToSDEnXrEqt9zxz3sb22DJoALL7WXbda0cCzT+Ed8emY96ndYLG2DMNFqOdvNu2scxqO3kyAUSgmR9VwAQQCA17YEYHECoRIM2Y/6eXVM9Y+J6pgZpR56wlF9h6sTsp6BoDQR1gqCvGS754VjJVnSyVaMljhmxZpGiv7NmiYWb8pP9mes370VBPOWDOsRV0wxuAXhLwQB4A4R6xIIw8DfCkLeP6arjEDuHjgWvhdSP5QWSbAoknom7Sen6ZN1YzVekDlGHbcfvGAsX6+FxDX65AxDoyqFrZi0gqAiUYwFYWkG4ZUMAsDDkF7oB8ML+n624LXNFriOjQUhrlc0ND2SxnXYCAKsFQQ99cesQwtCPZwaZPuVO+W/UBA6FmD8MhQnvj5JyuS5ebPpEysItgnjm8yLEBkEBAHggbisk6JMx4IwmGIQM441h8snM6cnrb5K8y4pggCXcVECwRFh143VjFf0ljhWdYSFdrQlWCo+2r8DlP60RLFZaSE7fRCK/E0aUy2VVAEyCIlbEP56RxAA7hB9UQNF4Xq46OpCPOfY67mTomoNQTkKEhEEWJdCmJxCE8sv6n0phJ3pb8JgSyPFWBCSxUNJbx1iNqMCISkGFRGyWe6ZPH1S2Lh4t2cyCAD3ykVzDOMlh3X3grRjC8ZzrJt+qPZeagWhbqRozic2j9IIAoRIIYjmkrmTSmg7Fog1CQRfCmHX28UxT9pL+1Vj9TXg0/bo8QWRXpzaUOfuTalXb/ZcCwIZBIC7xCwvQKjIT4mFuqtBLQa+Y3ZFY2qqsH/ei6E1hOrWtktM1bnVMoIAq4K2aOYS2rgaNxsPjcNhsnqswULKqN07UY+u6S8bK5mfFXGazwT6NB2houI6CYTX9P9MMQDcJ2KVHzSdFKTJVWeRg+uY7B5THUEQtr1S04hR5faMHEGAMIZgdHeGvvnFiN1KQXidWEWYaZ0ViWlbGRU6CykjIpwfVC2T6tdWGOe6zxAJBDIIAPdL/h9799rcqA2GYTh4dtSCGIQ5E6XOZCaZ/v9/WCQE5mA7ATuJce/ry66JE3lppnp4dVo9vjBICN3u9uevvYxmbg1Pc3xx2zEP94LrJy4+mxEJjmHAmmftU1P4Xpc9/a5r69jkx03aumZmxeef8W+778hb8U0FBDtJ0ScgAFv08qWFDPvzWx73JzIfnr947cUWLvbDIoY9jqEf7mh3X3YB4fmNMgKufqz/LCDcsq1jR/5+m7amP3h/fh7x0l7939e3w9vH6/XjCxcDAhUEYJue91/YQPHSQ/xL87+Yw+HjedG1j0F0eD644QtzauPh8NrPcLTXn18JCLj6sf758gN2ccu2jlsw36itaVP/ntkj/XCLfv7G+YAKAvDYCYETk7D5EsLbxVMOb9vWH7fRwMet2ro0FXKyqPLXnH2AiAgIwHZ9MsrwxhwAPEBCWNO5XdPW+5kRhhtVRt4nC5DefjcenK+LNAGhJiAA2/V6NiL880E8wIYUN+3crmmrOHzcrq2TP+n99dCuDjq8vhd/ftlfVBCAh40Ih/2pdMDwPx4/IRQbaOvPnfuLgAA8sufXj0NXSfjn8PHB8kL8LxJCsYW2ivvOB8XlgMAqBgDA5hJCsY22io3mgyYgxFQQAACbSwjFVtoqtpkPGGIAAGwxIRTbaavYZD5gHwQAwB353vWNv9RWscV8wBADAGBzRYRiY20VG8wHBAQAwMYiQrHBtra0vrEPCAwxAADuKiEUPxQPfrKtYlvlAyoIAIBNVRGK7bZVbCoeEBAAAJspIxTFptsqig3FA4YYAAB3HBKKY39dPEJbxWbiga0gBAQEAAB+rTLyg+lgQfR5iTwCAgAAv1IZ+clssLAuwhwEAABAQAAAAF8KCEFAQAAAAJOAQAUBAADMAgKTFAEAAAEBAAB8HhB85iAAAIBpQGCSIgAAICAAAAACAgAAICAAAIDrA4KMPQICAAAYBwQqCAAAgIAAAAC+FBDYKAkAAMwCAhUEAABAQAAAAJ8EBElAAAAA04AQscwRAABMAwL7IAAAgBMBgVUMAABgGhBC5iAAAIBpQDCTFH0AAICj2k5S5D4AAIBhQJBh4D8BAAAM2Y2SAAAAhmQceNwFAAAwEoVUEAAAwIQkIAAAgFlAYA4CAACYikKPgAAAAMbsWQwAAABDTFIEAAAzzEEAAADzgBB67IMAAADG2EkRAADMMEkRAADMAwLLHAEAwMSesxgAAMAMcxAAAMAMQwwAAGAeEKggAACAiT2rGAAAwAxDDAAAYB4QGGIAAAATe7ZaBgAAMwwxAACAmYhJigAAYEqGq+cgxKrMhSiVzriNAAA8WEBYudVyUqWiV1KEAADgsQLCujkIoY0HZWNnI4JKuJUAADxQQFg1ByEy6SBsQ0EW5s2rvOZeAgDwKParKghKiDQevNZpc4GEAADAw1gTEKQQu/GQQr1rEgKjDAAAPExAiBdvlBTO8sHTU9IkhJK7CQDAg4gWVxCS9FSxoE6FiLmdAAA8huVDDNXpJNBczrmdAAA8hmjxWQzpmbGEXIjf2A4hjGL+KwIANiNZs72glvqnP+fiOQixEOHpDy+EXHqTYh1Flfavmd6oVchvGwBgG7RqHqfTcnFvr35+ol+0dKtlJcTp/txfPMYQqk5yzb0mIAAAtlE8KPstiD/r+PS4Pv4LAWHxcc/l2c/Y/IMX/SRPqSis6yCUERUEAMDj54NcCBVnmdc8a+efJISdiFYEhLq+/HpRQFh6FkN+9jOW52oLZ6i+a2eIAQDw+Coh3NiCFiL6hoAQTnYtrFOxvo9cvIpBXAoIS35Upm5ygAMBAQCwDaVIj/1/fvuAEAgh0kGnaM9NWr1+YPEkRXGrCkI9DwiejiLd/1PMFEZZdYdJa22OfYhk++Wg+VJUBS4g1GElq5CdHAEA92x37EFrNwEw0bs0zZVvX/hl+VRHO6GzskxFXpZqFBCyqnRvjct+DoMqq2GMEIOVBKE9TPGKCsLCSYql2J2NDovmICTK3ZD+QtXOWKzaf3XQzWBsP59UiW9eme/J3DtlGxA890afXz4AwP1SIp0scUx2btKiHXrwROrZF7W7mg8DQpa3F5teMevHKrLx3kSq/1lX5wMTEJZOUhSnV3BmS1cxVEqOfpJUUfO6lqoNQ5mMszYLJO1XAxX5WZbYv8sgSzKvrSBIZaoMWaQkNQQAwP3SQuz8SZ+aqtivdm0336SDPFU6rhPfz4Xy/XrQ8+d5GgVBlNqQ0S8YqI6jFsb+WEO4Nh8sX8WgL+yDsOyDZM1Dvz5GBE9F3eX6RKFBKtVVUeJhFNDdXMeEEgIA4K6ZekEeBX0fJrvn/+bhu7YBIfX7t07mILj5h3VqCvlhN6i/m25BFLqEEI5GG1ZWEJYNMZwtFOSLP0nz0N/0+n5fQPC7yoIeFxpiFxD6ARc1qKfo/no1vAwAwL1JpB0kSF1/lfQ7DGapyQNePzxwKiCE/eN4Zo5F0q5Pnj4bt5UDdXU+WHEWQ3m6Sb3mLAbfRARZu8JB0hUIRjfFLVOQfWwYL3/QfWFBK80vHwDgnmVVO+sgt3MNhfD6vjW3AaE+HxBc15fYqoNb1VCd6Hp1txnTlYv8lgeEQEyWWbZdfTrIPUtulVZtQaBWqmpJ5QJV7YXavHQBobuLzTtH+UETEAAA2ykjxMosP/RdMaAVmbkE3mA14Cwg9EkgFZXtixP7rmreQHiTfLBfvFGSjTG76XTAJD1x8Yt3KlIqs/sqHvXVBSUj1QWEroriKUlAAABsOCNIW3UfzDDUpsO/GBD6FZKlnfGXm6fy7PS6AX2DfNBkljhYuoeC2SpyN64h1CYM1avvk4kAvpJJz+QDpXRt/lJNA4I/CQghAQEAsC3KdO36GAgis1PAxYDQ7zGQ269EJjFUZ7YmqtO0vvojLh9iaIcThls1JZXJKrvV3XNlphFMN1aUXcc/Cwj1ZA4CAQEAsIW6weBkhNiMMYTHKYbKzUE4HxC6rYaStjhQm/fuztUJ/OvzwfJVDH3BIHdLFOsqtflg/XJL27NPVilmdtxhkBSOASEZrYMkIAAANsEb1P0rU0HIRD+FIDV96DggyElAcL1g4Cr2ZsNFkX7fBkD7xVstt9232/qpLN3JlXmtV2/IkEjV7ngUjQOC23hyNgehrTicDwguWLg/EnZPAgDcRQUh7c9wTHI76bDsZv1Lu55hGBAm+xb35z8239lOXNCirK7aCOnzCoK36hwHnYuj1OyOrBYmBC92FQi3BWKiVGWvJIH5w+2L5Mt5QGjCgzbfkfmnAkLU/uHyht9XIgAA+FVV08vHTf+VeHm78i9rckKYPPlRe7jjMCA0napOhgEhF6WXJF7ZLY1Mmh8mvG/8tDIO1h30lIR2mYbZ78Edk7QwIYRmjUIVNQHA7bhssoA0yxptFDCrGiodqSqeBQT7tajqz2IYBYSsvWw2VsrsReXxOwkAuJOE0HTr+XGRgR2yT7vucxgQfDt6PwgIMnZvrQZFhW/8rPvFWy0PZUEQZKMCyIKEUHcnLsXd7Ui0tBfazOSZFzJ8qucBwZ3WFIWnKgj/sXdvvYnrUBiGISNZCjk4OLGSiBsEN50Z9f//vR2fcobSDm13qve52DOFxKRsjdbHsh38dzmcXE7Y00EAAPxfxH6GPho25rlG/G4eEHaFnn5ZU7IrzKx+2S+3K8R0HePTOwgfnGJY9d5ZBlW11XSJgBo/ULV31g9Ut+q+av0f7uSWfAAA+N9Q8Sltp1UrvlWoqsVNh8aHHj5+f4GH5MX+eS34o/zHr44CAAAPqW/cBOF5HYTDM+foSQgAAHyBkxCHT32BD9xqmYQAAMB3UrUWn9xAeO4aBBICAABfEBC+oNYmxZMDAusQAAD4ZEX82bcBPD69g0APAQCA7fuEgEBCAABg8wHhmdscRwkh5a0FAGC78k/oIOyOknwAAMCWfcYUAwAA2Lg83fNlRgAAYOpT1iAAAIBty9MDUwwAAGAqYYoBAAAsAsKTv4sBAAD8hIDALgYAALAICCxSBAAAi4DAIkUAALASEOggAACAeUBgigEAACwCAlMMAABgERDYxQAAAAgIAADgDUdulAQAABbygjUIAABghikGAACwEhDoIAAAgKkjt1oGAAALTDEAAIBlQGCRIgAAmDlyq2UAALBgpxhiAACAQZubRYq8DwAAYIyvewYAAMspBm61DAAAFgGBbY4AAGAREAoCAgAAmDrSQQAAAAsEBAAAsAwIfBcDAACYy+kgAACAOaYYAADAQs53MQAAgDnWIAAAgIU85eueAQDADF/3DAAAlgGB72IAAACLgMAuBgAAsAgILFIEAACLgMAiRQAAsBIQ6CAAAIB5QGCKAQAALAICUwwAAGARENjFAAAACAgAAOANR26UBAAAFvKCNQgAAGCGKQYAALASEOggAACAqSO3WgYAAAtMMQAAgGVAYJEiAACYOXKrZQAAsMAUAwAAWMhZpAgAAOb4umcAALAMCNxqGQAALAICaxAAAMAiIBQEBAAAMHX8aR2Ew8nOmLSn02MHAgCAFVsNCEquJ4Ayu5g/8uz8xgD+QAAAsBYQNrrNMcnOioAAAMAnyTfaQch/RkBQcftPz29JHCv+vQHAdj6Jb3WKId/vfkBAKIS8+3wr6scGqqr3vXDz9X2jSFT8ewOALXUQftRivY0FhP2TAkIlone97kFoAgIA4F4H4QfcalkV7UcCgjCFdT9te1fFm0WsKsIp8fTkeD87t317sGcFhEY09y868pfS5O5nnX/gje5HuXUVOQEBAH5OB+Gw1TUIoe6csyw7X9plQIiGlHDKsngZEKJrd+o1Hz6G26FKX/avWfhUXmdXN2i5y+0pSRcHLubgix+1kubx7Fwrf2qlSjvY/fr/tCkG/UbxTYV/f7T8hze9H+XWVUgCAgD8mA7CRqcYQkCIryYdmP80i4AQZ1nYCylciZ8GhEt2vl67Ml76ENH99WrK/nXvq3xow0chIFylP6U5nP3LVn607olLP9Y564LEZPC1xsfdDoK6ERDU2k9xf5haP1j60t6uvZ66Pf70MXk7IKhbgxMQAGCjAWGj38UQAkJXh1PzCf7iWwSTKYZLWGegskwuAoJ/LOrKvW0CnLOrqX/7qw8TKwEhs00F82JnmyLSzB9T6L0fa+9Ozc4mm6jSP7AsqIkWZR2HgKDySIgoD5V4X2shdNMHBFW78Yu6FDqxR7X61P0oXNGVorA5oXu61B17Uiu10NI8f+iOM4+q3D1fdGe73136IV3pVo22B2o9uuhTVHYPJm0/inkH8u7B7vLHF9L2g3ca8+uEdGZeImq6gNDy7w0AttRB+NYphvj19fc/BIQmy/zlX10YmASErqJX/uisWgaEOvzNln8dNk52SUFOA0I/xeADR5uFuq+nnQl1zhLXQfC9C3XOVj9VV6Z2S13mLiC07kehXQnNu0os6zIPAUFFbolBLkp7VGU/rudpV6PtLIgq7bRIIYQ8ya4Y5yYzFaWok1qU3ftjHqylTCpZm9eRhxA8St2ISHbPauU+4+vGZATZDO9W0r2I7Mr9oR/FHWjOshU/XMgweJdn3PPuV2+EuZDuCAICAGyqg/CdUwy///zqvLy+f4O8DwjXfi+CX2UwCQh9eb7YFYnzgOCr4D7LikmTQYexlx0E/6H4HHLBbDHk0a9buPa54bI+xyCFVC4JuE/yIQDYsr0X2vwqSvmA0NXbxj1uFwkm9pxW6DIsTEyFjSWlMKfFboNCFxpiGxq0ewFXnEPHIgQEUZr/+0rbFzi5B2sxukmlEjZ7qMN4lF1sr0/OLqSfL8ntb9dddmqfNxnFZCACAgBsqoPwbYsUq78vv4K/8ccCwugDupspmO5i8JW9GhYjjALCeTgztwsWwjWkLjusdRCq0K4o+0Mn4Ua4c859LFjfTdkKvxJS25qahk2KkZ0q0G7CoC/ktcj9s6kr/WZeoRWiX11Z22TQ+q2L2hZi35vYuSp9MyDk/kO+tKnl5OLGqOkRjxdBzHoAe3vZw4WEwavSTXy4qCL9BouUgAAAGwsI39NBcM2DwZ/3zTT4FsGo8p/tlME0IMS2ObCTK5sey2Fy4GrObIZS789a6yD0Z0R938LPS9Tiejb7FvTk+RsB4TT6rG1raBoeT8xmCr0bBwTp+gPd4z5V1GJv63K4Xn9CqOUuLmgR+9qf3wsIsY8BkT3RZsXDZGFkOeonzAKCEuVufCFh8DQMYJ8JGywUAQEAthUQvmOKQb2+/Fp4eX3HKneXAHwp90VbLwKC7/AP9XocEC6TM2Vf/U3saNY7COdxpBh1EJTI7DaGyzl0EOTdgNDftsAlhdrXaVfjxwW6FbIJP8ZmBYKhTc1uhxgRRnMf3CtXsIVwB0f2FW4GhMr/GNlxbBJJTKSoCqM76VAKHZYkDAGhSptESh8Q9G4aEOy6BqM0xwvRRw0CAgBsqoPw5VMM8d+VeOBmGh4OK65YV34Hwq0Owq4xKw/jxU0Qph0Ee2Z+p4OgbwYE30G4ZJndLtD9xXcQ7gcEGT6Wu/sg9HcxsMV23OLvHhDCx4dUiNI7TTZAhtMTUReqcBMS1XDw3YAQehB2sqAsm7ZtyrJVB9+JAAAgAElEQVQyKcUwb26VlF3YqMYBQclu9KiufUCoZwFB9i9dxqN+CIsUAWBjHYQvDgjzuYX5TMNjCxZ9sc7ur0Ewxb8JMwTzgHAeAkJuewE31yBc3uggHPqccn2sg5CHDkK60kHYTzoIIj/5PQb7Set/qMvDMoHEFPXSrghw7f/eGwHBdRDsQkIhInMxVWO4y1InLcp2NEotZLsbphjmASEf39ZxuBDNfRAAgIBwS/X68usNLw8tWPTF+jLexXBYCQhR9/PV7T2cB4Ss7Yt8MdmQ6O/AKPqtD9c3OghJ333IHusgnPyyAr86sAlrEGxeaGdrEHZut8BkbcK4Lifh7J3UaRG+MnFajh/qIOziMin2ax/z/YYFP0q4wPZGQJiscuxeQ4W/0EEAgM04fu2Nkv7+esiftyuJL9b53fsg7Nx0wWynQR8Q/MIEf5fFcnQfhHqUE+z6xfsdhP4q6uyxDkIcan1ta2nfG3A7DP9j7852G1XWMAwDkUoCbApToAJxspU+yaDc/+3tGjEGx7FbvWzc/T5aK522zZChVZ//muLQwdj6hlmI5vHiTEAIiyC42DH7UcqT3RlijSJe6XwFoft2x6chjGLMfQDQ4XrLgBBPrpr5pcfwNRMQAOCJVPUdxyBcmQ9MQrg2IMSVFJvX0EavNmt63f9aL4KQXFhJMf8VksIYIoRbgvliBaHY712TKPdXVhCSaWUDFxCaMIFx53PD6Nc7SOI6CMngI8MuLqQ0zNvl43YOvaja5ji1QdX+E3dnYSpiGMF4voJgl05omsVize3sIuEsuT9JqxYBIZ7cDoZophst/MJOjSYgAMAzuWsXw8vVrg4IQ9yLIXQjrAKCefu/350NCPrVHHncPyHZub0Y7PnqmC38C37Jn2Yx2EkM9pWv+roKQpIrofteCr/oka0RmL/6ZQ9dfFCy0kpPrW8YhiBNnqgq2Z20y9MABrs8oxuE4AYImGOErnrpuwVsEhltJrGLJY7FNxWE3h+fjfNah65Ge2f57CzmJNVobv70RqaT28CjZF9KNz7Sjlksx7LLNAEBAJ4qIBQbCwhvn7cEBNMY+d0c8+R8QDCN9f+SswGhSDp3aHlstffz3RzNm96wu2P60yyGJnNHZs3uygpCMpg31KKrk7i2kLQts47DBnol/F4GsfWV/s/aRQC7ScP0zGxkwqiUNswb+3a6hGmpm9j2u+Y8M5+M38xi0CIzx2ezJZj8jZmoERdVcGdp7ZnVmMhFQAgnt5s6KDfcsZ6+GnMbPQEBAJ7H4a5LLf/ctWD+b5OPWwKCbdh3l1qec4sgHNvp3cnI+qY4/bt5/spGbXXkz0cMp7soDu2FZ2ePD99N85BijAspxeEHw+yk8cA2/+ZGh9CzYbsQ5lds89klw1kWd3vME9PJm/lRLdEAAJ6vgrChLob35N1mg1sDwkW7abbCX66ZSgm1KH/nBNU0G4KNmQEAZb2RLoa3NxsQ0peX5qqAUF4bEKaJkKPW2fRf8/f9JPPZYMXxd04wjRFolOIfBgD84w53XWr5Uj5IipsCgji3+NHZIBEXY+72M39jUUGJ2o2H6P20gZv1QrtvS56dzJAEAPybFYSNdDF82Gffk/zKMQjZ/tLIgqDYjWo/zXEs+pm/sIJgd00Qme7Mh9+MP3YBZZ2psBYjAOCfVm1gkOJ7+3FrQNjvf/38LtlNLXht/pmfZTNKrWWV//YJ8kpqWY4N/ywAAHfd7vnbRQ++Xt58QBhsQPj8OSAIeUUrNqpX9c8Vyw/8TgMA/kRAqB8fEBofEN58QBiuCQgAAOC/rSA8fgzCLCC0BAQAADZRQdhaQMgJCAAAPNhhCxWENgaELwICAADbqCBsIiC8x4DQvLykBAQAAB4eEDYwzXFYBIQvAgIAAI9VbaCCMPgtGGxASPyqCAQEAAAeW0G4Z0D4vBgQPkxAyOPCywAA4LEVhPt1MXyTEPJpE8e3sO4yuwMDAPDYCsI9xyAkSfv1tg4IhQ0IQxKeefvM+bEAAPDoCsIdt3t23j+WASG1ASEWD77YCQAAgMdXEO7axeDln6dlhHcbEJzPd34iAABsISDccy+GSfM1LyN8fPm+ha8bhh700qj8xoOFjJ0SZWk+DFKGvxZycC+NX2HZu6dr87GWcRunMb46L3WX6epSQaX2V40bSTa9zDIZ946W7kl78lxOTjeLanpzibKdPne3AgDAJisIxUMu/L4YsPjxflPfghZZ1imhdraJF7Gd7TrbPAsRmuWdyN1LVTh1p93T9tleiJAqpHB/tFqITupuevHZWCI6d1V//tS8WJsjOv8dFMrckjnJYJ4wlLAfy5N80ImsMrdjY0ujhZadGPkVBABss4KQpg+69DAbsPh5601o16ynSrVnAoISwzwgKCHPBATV+SRQujO1XdhBur10J707YdGJ1F/HvbZQPmsIe/ZmFF0MHs368NEdp6fPpWDCBgBgmxWEonjYxRs/YPHtq735UB8QTDYYbQ5YBITRNcFTQNBapOuA0ItqVkGQV72X9wHBnMImjiw27q2/XLhobPOngDBMQSE8lCl7L5k/tOR3EACwzYCQPvL66efvDUwMAcG19qsKQlH55j4GhDZUC04CQmzgXQWhFdk1Vw0BIbGvTmNdwjb8xTEg9KI4CQh1eHw6vFHmwCF0g7iwAADA9gJCmj7jfYeAsLOt8aqCkDad7XqIASEzEaJcBYRm8KHAVRD66wYDhIDQ2mzQT1c1WaGfVxCaRUCYskertHmssvWMVOxO6wwAAGysglA8433rMHLAvgFfVRDqpHCtdQgInX15vgwIre1miBUEKa5anSkEBFegKI+HDC5/+ICQx4LB1PTXxw6UXKkqcwMrd6HXoxItv4QAgE1WEJ40IJRlqVU2JGcqCDvbfO/mAcF3MiwCgu9kcBUE7dvpndRS15cCwpjXo3YZQB+b9sY9ILqylDqMdfymNtAL4V8QOyt6wbqRAAACwh8MCEqpMGFgPBMQXCfDMSAkbkjiMiC4d/vSVxDceISx6zrRXwoIVueWX5hNQBjccAThbmkadHgmIDRSjUMlVG7vOVYQmMYAANiew2MWSvoTAcGmG9/KnqsgJLVptGcBIcnM58uA4PoKwhiEeIrickAY8zgpoRfTN242BsEPfvgmIJQuDQyqs4fU4SHGIAAANqiqn3gMQpidkE4jDJWeAoJpoOt6FhDskMRsGRBsncGNQaind/4/BIRjh0B9fKGPFy4gHOc2rANCo3SoGuR2Lubx6wAAYGuet4vBt8y2kW5jo+wHC4aA0Cg1ryDY164Cgh3MWAmXFGKpP782IJhw0cSG3+UUPzpRh1mOZwJCG07tZjD4sBAzAwAAWwsIzzyLIelcO+/nKNjVi/NjQDBv8bt5QGgysepisCX+ToQX57dVEJJRaBcBGukv6ANCu1pJ8TiLQWXhmkMcfDCGewUAYFMOD1xq+U8EhNS1yq0Scqz7ML4wBgTzmnlAsHs0rANC0wkR2n4h+93Y66sDgmnju3Icqy4syShiB0J/EhBm6yD0IuvzUbuCR9upvq5ExhAEAMA2KwjP3MVg/6zdm3glhMjS5CQgtOokIJimex0QTMQIZxq0PYdQMr82ICSpPUTp8A0MAaFRfpxiDAjpcSXFZOzsFfz2j3Z3KCXJBwCAbQaEJx2kuNL+gemCzdDe2mC3P69zNDSnlzh+zhpJAICNOjzrUssAAOA/9KxdDAAA4D9U1VQQAADAwqO3ewYAAFsMCDUBAQAALAMCYxAAAMAqINQEBAAAcOpABQEAAKwQEAAAwDogMM0RAAAsVVQQAADAEl0MAABgpWIvBgAAsMQYBAAAsFLtCroYAADAKbZ7BgAA64DAXgwAAGAVEJjFAAAAVgGBQYoAAGAVEBikCAAAzgQEKggAAGAZEOhiAAAAq4BAFwMAAFgFBGYxAAAAAgIAAPjBgYWSAADASlUzBgEAACzQxQAAAM4EBCoIAADg1IGllgEAwApdDAAAYB0QGKQIAAAWDiy1DAAAVuhiAAAAKxWDFAEAwJLb7jkHAACYcUst820AAAAzA2MQAADAuouhJiAAAIBTByoIAABghYAAAADWAYFpjgAAYKn6P3t3dGIxDANAsIGHiPtv9rjPaA1pYKaKxZJtJwgAwGbEAADE+IsBANjsIAAAMT/fPQMAi++eAYAGwv9fDAAAr0BwiwEASCBYUgQAEgiWFAGASyA4QQAAdiAYMQAACQQjBgAggeAWAwAgEACAD8dDSQBAzGMHAQBYjBgAgEsgOEEAAN6Op5YBgDBiAAAaCJYUAYDleGoZAAgjBgAgxpIiALD57hkAaCB4ahkASCDYQQAAEgiPQAAA3o4TBAAgBAIA0EBwzREA2MYJAgCwGTEAADH+YgAANjsIAEDMz3fPAMDiu2cAoIHgLwYAIIHgFgMAkECwpAgAJBAsKQIAl0BwggAA7EAwYgAAEghGDABAAsEtBgBAIAAAH46HkgCAmMcOAgCwGDEAAJdAcIIAALwdTy0DAGHEAAA0ECwpAgDL8dQyABBGDABAjCVFAGDz3TMA0EDw1DIAkECwgwAAJBAegQAAvB0nCABACAQAoIHgmiMAsI0TBABgM2IAAGL8xQAAbHYQAICYn++eAYDFd88AQAPBXwwAQALBLQYAIIFgSREASCBYUgQALoHgBAEA2IFgxAAAJBCMGACABIJbDACAQAAAPhwPJQEAMY8dBABgMWIAAC6B4AQBAHg7nloGAMKIAQBoIFhSBACW46llACCMGACAGEuKAMDmu2cAoIHgqWUAIIFgBwEASCA8AgEAeDtOEACAEAgAQAPBNUcAYBsnCADAZsQAAMT4iwEA2OwgAAAxP989AwCL754BgAaCvxgAgASCWwwAQALBkiIAkECwpAgAXALBCQIAsAPBiAEASCAYMQAACQS3GAAAgQAAfDgeSgIAYh47CADAYsQAAFwCwQkCAPB2PLUMAIQRAwDQQLCkCAAsx1PLAEAYMQAAMZYUAYDNd88AQAPBU8sAQALBDgIAkEB4BAIA8HacIAAAIRAAgAaCa44AwDZOEACAzYgBAIjxFwMAsNlBAABifr57BgAW3z0DAA0EfzEAAAkEtxgAgASCJUUAIIFgSREAuASCEwQAYAeCEQMAkEAwYgAAEghuMQAAAgEA+HA8lAQAxDx2EACAxYgBALgEghMEAODteGoZAAgjBgCggWBJEQBYjqeWAYAwYgAAYiwpAgCb754BgAaCp5YBgASCHQQAIIHwCAQA4O04QQAAQiAAAA0E1xwBgG2cIAAAmxEDABDjLwYAYLODAADE/Hz3DAAsvnsGABoI/mIAABIIbjEAAAkES4oAQALBkiIAcAkEJwgAwA4EIwYAIIFgxAAAJBDcYgAABAIA8OF4KAkAiHnsIAAAixEDAHAJBCcIAMDb8dQyABBGDABAA8GSIgCwHE8tAwBhxAAAxFhSBAA23z0DAA0ETy0DAAkEOwgAQALhEQgAwNtxggAAhEAAABoIrjkCANs4QQAANiMGACDGXwwAwGYHAQCI+fnuGQBYfPcMADQQ/MUAACQQ3GIAABIIlhQBgASCJUUA4BIIThAAgB0IRgwAQALBiAEASCC4xQAACAQA4MPxUBIAEPPYQQAAFiMGAOASCE4QAIC346llACCMGACABoIlRQBgOZ5aBgDCiAEAiLGkCABsvnsGABoInloGABIIdhD+2LuDG4hBGACCDZys0H+z944XKQ3MVLHCBgCABMIjEACAt+MEAQAIgQAANBBccwQAtnGCAABsRgwAQIy/GACAzQ4CABDz890zALD47hkAaCD4iwEASCC4xQAAJBAsKQIACQRLigDAJRCcIAAAOxCMGACABIIRAwCQQHCLAQAQCADAh+OhJAAg5rGDAAAsRgwAwCUQnCAAAG/HU8sAQBgxAAANBEuKAMByPLUMAIQRAwAQY0kRANh89wwANBA8tQwAJBDsIAAACYRHIAAAb8cJAgAQAgEAaCC45ggAbOMEAQDYjBgAgBh/MQAAmx0EACDm57tnAGDx3TMA0EDwFwMAkEBwiwEASCBYUgQAEgiWFAGASyA4QQAAdiAYMQAACQQjBgAggeAWAwAgEACAD8dDSQBAzGMHAQBYjBgAgEsgOEEAAN6Op5YBgDBiAAAaCJYUAYDleGoZAAgjBgAgxpIiALD57hkAaCB4ahkASCDYQQAAEgiPQAAA3o4TBAAgBAIA0EBwzREA2MYJAgCwGTEAADH+YgAANjsIAEDMz3fPAMDiu2cAoIHgLwYAIIHgFgMAkECwpAgAJBAsKQIAl0BwggAA7EAwYgAAEghGDABAAsEtBgBAIAAAH46HkgCAmMcOAgCwGDEAAJdAcIIAALwdTy0DAGHEAAA0ECwpAgDL8dQyABBGDABAjCVFAGDz3TMA0EDw1DIAkECwgwAAJBAegQAAvB0nCABACAQAoIHgmiMAsI0TBABgM2IAAGL8xQAAbHYQAICYn++eAYDFd88AQAPBXwwAQALBLQYAIIFgSREASCBYUgQALoHgBAEA2IFgxAAAJBCMGACABIJbDACAQAAAPhwPJQEAMY8dBABgMWIAAC6B4AQBAHg7nloGAMKIAQBoIFhSBACW46llACCMGACAGEuKAMDmu2cAoIHgqWUAIIFgBwEASCA8AgEAeDtOEACAEAgAQAPBNUcAYBsnCADAZsQAAMT4iwEA2OwgAAAxP989AwCL754BgAaCvxgAgASCWwwAQALBkiIAkECwpAgAXALBCQIAsAPBiAEASCAYMQAACQS3GAAAgQAAfDgeSgIAYh47CADAYsQAAFwCwQkCAPB2PLUMAIQRAwDQQLCkCAAsx1PLAEAYMQAAMZYUAYDNd88AQAPBU8sAQALBDgIAkEB4BAIA8HacIAAAIRAAgAaCa44AwDZOEACAzYgBAIjxFwMAsNlBAABifr57BgAW3z0DAA0EfzEAAAkEtxgAgASCJUUAIIFgSREAuASCEwQAYAeCEQMAkEAwYgAAEghuMQAAAgEA+HA8lAQAxDx2EACAxYgBALgEghMEAODteGoZAAgjBgCggWBJEQBYjqeWAYAwYgAAYiwpAgCb754BgAaCp5YBgASCHQQAIIHwCAQA4O04QQAAQiAAAA0E1xwBgG2cIAAAmxEDABDjLwYAYLODAADE/Hz3DAAsvnsGABoI/mIAABIIbjEAAAkES4oAQALBkiIAcAkEJwgAwA4EIwYAIIFgxAAAJBDcYgAABAIA8OF4KAkAiHnsIAAAixEDAHAJBCcIAMDb8dQyABBGDABAA8GSIgCwHE8t/9m7gxuIQRgAgg2cLOi/2XvHGykNzFSxwgYAgDBiAABiLCkCAJvvngGABoKnlgGABIIdBAAggXAEAgDwdJ0gAAAhEACABoJrjgDANk4QAIDNiAEAiPEXAwCw2UEAAGJ+vnsGABbfPQMADQR/MQAACQS3GACABIIlRQAggWBJEQB4CQQnCADADgQjBgAggWDEAAAkENxiAAAEAgDw4XooCQCIOXYQAIDFiAEAeAkEJwgAwNP11DIAEEYMAEADwZIiALBcTy0DAGHEAADEWFIEADbfPQMADQRPLQMACQQ7CABAAuEIBADg6TpBAABCIAAADQTXHAGAbZwgAACbEQMAEOMvBgBgs4MAAMT8fPcMACy+ewYAGgj+YgAAEghuMQAACQRLigBAAsGSIgDwEghOEACAHQhGDABAAsGIAQBIILjFAAAIBADgw/VQEgAQc+wgAACLEQMA8BIIThAAgKfrqWUAIIwYAIAGgiVFAGC5nloGAMKIAQCIsaQIAGy+ewYAGgieWgYAEgh2EACABMIRCADA03WCAACEQAAAGgiuOQIA2zhBAAA2IwYAIMZfDADAZgcBAIj5+e4ZAFh89wwANBD8xQAAJBDcYgAAEgiWFAGABIIlRQDgJRCcIAAAOxCMGACABIIRAwCQQHCLAQAQCADAh+uhJAAg5thBAAAWIwYA4CUQnCAAAE/XU8sAQBgxAAANBEuKAMByPbUMAIQRAwAQY0kRANh89wwANBA8tQwAJBDsIAAACYQjEACAp+sEAQAIgQAANBBccwQAtnGCAABsRgwAQIy/GACAzQ4CABDz890zALD47hkAaCD4iwEASCC4xQAAJBAsKQIACQRLigDASyA4QQAAdiAYMQAACQQjBgAggeAWAwAgEACAD9dDSQBAzLGDAAAsRgwAwEsgOEEAAJ6up5YBgDBiAAAaCJYUAYDlemoZAAgjBgAgxpIiALD57hkAaCB4ahkASCDYQQAAEghHIAAAT9cJAgAQAgEAaCC45ggAbOMEAQDYjBgAgBh/MQAAmx0EACDm57tnAGDx3TMA0EDwFwMAkEBwiwEASCBYUgQAEgiWFAGAl0BwggAA7EAwYgAAEghGDABAAsEtBgBAIAAAH66HkgCAmGMHAQBYjBgAgJdAcIIAADxdTy0DAGHEAAA0ECwpAgDL9dQyABBGDABAjCVFAGDz3TMA0EDw1DIAkECwgwAAJBCOQAAAnq4TBAAgBAIA0EBwzREA2MYJAgCwGTEAADH+YgAANjsIAEDMz3fPAMDiu2cAoIHgLwYAIIHgFgMAkECwpAgAJBAsKQIAL4HgBAEA2IFgxAAAJBCMGACABIJbDACAQAAAPlwPJQEAMccOAgCwGDEAAC+B4AQBAHi6nloGAMKIAQBoIFhSBACW66llACCMGACAGEuKAMDmu2cAoIHgqWUAIIFgBwEASCAcgQAAPF0nCABACAQAoIHgmiMAsI0TBABgM2IAAGL8xQAAbHYQAICYn++eAYDFd88AQAPBXwwAQALBLQYAIIFgSREASCBYUgQAXgLBCQIAsAPBiAEASCAYMQAACQS3GAAAgQAAfLgeSgIAYo4dBABgMWLgz97d7aatRGEATYhqQYIHmx8Byo0FN0n6/u9XY0iCZzshVJHanrPWTakBNUAlvuy9ZwYABgKCCgIA0FfbahkACLQYAIAYEAwpAgCZ2lbLAECgxQAABMmQIgCQc9wzABADgq2WAYAQEMwgAAAhIFQCAgDQV6sgAACBgAAAxIBgmSMAkEsqCABATosBAAiSsxgAgJwZBAAgSFPHPQMAGcc9AwAxIDiLAQAIAcEqBgAgBARDigBACAiGFAGAgYCgggAA5AFBiwEACAFBiwEACAHBKgYAQEAAAC6obZQEAASpMoMAAGS0GACAgYCgggAA9NW2WgYAAi0GACAGBEOKAECmttUyABBoMQAAQTKkCADkHPcMAMSAYKtlACAEBDMIAEAICJWAAAD01SoIAEAgIAAAMSBY5ggA5JIKAgCQ02IAAILkLAYAIGcGAQAI0tRxzwBAxnHPAEAMCM5iAABCQLCKAQAIAcGQIgAQAoIhRQBgICCoIAAAeUDQYgAAQkDQYgAAQkCwigEAEBAAgAtqGyUBAEGqzCAAABktBgBgICCoIAAAfbWtlgGAQIsBAIgBwZAiAJCpbbUMAARaDABAkAwpAgA5xz0DADEg2GoZAAgBwQwCABACQiUgAAB9tQoCABAICABADAiWOQIAuaSCAADktBgAgCA5iwEAyJlBAACCNHXcMwCQcdwzABADgrMYAIAQEKxiAABCQDCkCACEgGBIEQAYCAgqCABAHhC0GACAEBC0GACAEBCsYgAABAQA4ILaRkkAQJAqMwgAQEaLAQAYCAgqCABAX22rZQAg0GIAAGJAMKQIAGRqWy0DAIEWAwAQJEOKAEDOcc8AQAwItloGAEJAMIMAAISAUAkIAEBfrYIAAAQCAgAQA4JljgBALqkgAAA5LQYAIEjOYgAAcmYQAIAgTR33DABkHPcMAMSA4CwGACAEBKsYAIAQEAwpAgAhIBhSBAAGAoIKAgCQBwQtBgAgBAQtBgAgBASrGAAAAQEAuKC2URIAEKTKDAIAkNFiAAAGAoIKAgDQV3dbLU8AAM50LQZvAwBwZvtwGFIcAwC8+9Fttex9AADOdS0GbwMAcC5VKggAQKY77tnbAAD0AkIlIAAAeUAwgwAAhIBQCQgAQB4QVBAAAAEBALgcECxzBABySQUBAMhpMQAAQXIWAwCQM4MAAARp6rhnACDjuGcAIAYEZzEAACEgWMUAAISAYEgRAAgBwZAiADAQEFQQAIA8IGgxAAAhIGgxAAAhIFjFAAAICADABT9slAQABG1AUEEAALKAoMUAAMSAoIIAAOQBoVJBAADygKDFAACEgGBIEQDI/LDVMgAQaDEAAEEypAgA5P62ZY6Tx4kPBQD+eED4y7ZaXpSFDwUA/nhA+L0ZhOeXp7vW08vzpw/bl519sX4UEADgHwoIvzOD8Nylg6OnzyLCrnyz2woIAPBfDgg/73p+flZBWNV1vZw+FG1EmAkIAPCvBITrWwxZPvgsIbQB4XSr2pflrYAAAP9MBeHKIcXnu+DDLsPuLSCMb5pyX7/dsc3/0W21vfkgINSTvDsxuZ9/x2uvffwAMOz6fRCeYkB4ulxBGI83b02Gyb45TC6+txzuuwvl7uY9IFRNue5u3B4GHZvdsvvLstyPb1bNF9sVl176wgYQAPBBBeHaFsNAAeHjEsJZBeGQFnbdn7NDOti13/K7Ux3gcKFpM8L+vYJw35yeOTukg/a+pjoGhKbetc9uHr/hpY/WPn4A+KYKwstQQHj5QgWh/e4/JIDxtCy7X903TbkYny50BYLJ7VtAmLzeV5VdIWG+O/Ynlu1zy/X8e166+gEAfFhBuHYG4WkoIDx9pYIwK8u6Cw2nKYM2GNyfVxZOKaK9d9u8PuY1YcybrqvQBoQyff7zLecXLt4s89c7X57dFBsAYDxO1261fDfoKxWETVluu1gwebu3OBYJbvsBYdmUu/q1gHD68i66FNEGhP0nYWc03qyK2XhTHKcaF+vu4ny2KIrV4dK8qG5HRVE8dI8u2tddFfP2KcVi2kWHTfvAgxtUF4YAAARZSURBVKn/FwD83ysI184gXBUQehWE1H3bP5TN64V1921/duEYEG723bjiuHffqHtsGxAePv7RVrPZ+rFajtfH9sS22BwurlbpdpKK0SFvFKPRdFKtikPlYjXqUsJoVk0eF7/au5fdxJEwDKCAFMtczMUGGcsbBJtOv/8DDlVlbs6kidFML5Jzlm6SjhCSP776XRXCwqiu2u20ztqtjwUAPz4grP9ag1DHu/3k1gHM+xdiQKiy2DR0saA4JEVRpIDw+bf7MouJIN9UafqwDUXC+WL8ZVkV40B8+mEfKoIyC2sVuyyOO9bZNrw+DEIu9AcAkC//XoOQxSSQ3SYO2qIoHy7EgBCywPH6I5eAcJYCwueHPa7T7T9v0k0/X1WbcHGffm/oC3ZVmZLDLPzDOKSElCVWoUGYxL91EesFAPjpDcLAgDBoSPGhQUiTh7t+g7DrNQhFtii6PRB67cKTgDDP0trA4whCuliGuYOySxDLrLyOIKS6IC437MLfOtrtfCgAYPCQ4qDHHO8bhFVRhC/zdX8GYdWbQTjGly7uIsQXA0K8y4df+zCCkC6Ow/JBLA1C7Jjk1xGE0TU+5HW2bBZ11fhQAMDgGYRBGyXdNQjNIS0cjLuHG/PLUwzt7UJ+2QfhWBziF/917wCHPwWENFRwG0HYpxGEZa80uLYJy158yMvwsMPchCIAxKcYxv/fVsu3BmF+KA7NXSzI4wOP4e6/Od0fv5ACQtmlifOLT18NCJd+oEmZYLNLIwj90uC+TXiID6N6bg8EAEiWQxuEQYc1xQZhNG1Xp6I47K+5IO6k2F52Q9p3F8r9NSCE6mDS9Q3HmCua1fpJQOj6gXyWtjlYZnX+b6XB4whCig8xObRZ6eMAAN1tdXBAGHbc81V1vf2G4xXSWQxdnT8JhzOE8xZuASGvi6Ltmofzq8NhTssnAeEygtBk1bpZ15OhIwhtVtV1PTeCAAAvbJT0MSF8ng/yY8wGh1O1un92cBEvH24nMi5ikDhN7gLCdQyhOcaTHg9xK8Q/BIRLPxCGD7Js1zYDRxC28+ycDybdtgkA8KO9vdAg5Pn73RzCr/cX/tty1ht82EzHm09fvV3PBo0ObrbDFwuabD9K6cI+SQDwwgxCigi/Y0b49fv9e7wNm8vZz60GAQBeW2L4hi5rEU218mYAwKsNwnez2WWrdtHW2cqbAQAhIGgQgnI+qXb10voCAARzAQEA6LPEAAD0vQkIAEDf5hwQpgICAPBAgwAACAgAwHPz9VRAAAAemUEAAAQEAEBAAAAEBADgPwoIhhQBgA8BQYMAAAgIAMDzgGCJAQAQEACApwFhaokBAOgHBDMIAEA/IIw1CABAPyBoEACADwFhLCAAAP2AYEgRABAQAIAvBARLDADAh4CgQQAAevYCAgDQMxIQAIC+7d5GSQBAz6ydCQgAwKO21SAAAI+aMIIgIAAA9xZhhUFAAADurPfrGBDevBUAwGM+mP4DhWkMIRGwNrgAAAAASUVORK5CYII=" alt="Tutorial container running in Docker Dashboard"></p> <h2 id="what-is-a-container">What is a container?</h2> <p>Now that you’ve run a container, what <em>is</em> a container? Simply put, a container is a sandboxed process on your machine that is isolated from all other processes on the host machine. That isolation leverages <a href="https://medium.com/@saschagrunert/demystifying-containers-part-i-kernel-space-2c53d6979504">kernel namespaces and cgroups</a>, features that have been in Linux for a long time. Docker has worked to make these capabilities approachable and easy to use. To summarize, a container:</p> <ul> <li>is a runnable instance of an image. You can create, start, stop, move, or delete a container using the DockerAPI or CLI.</li> <li>can be run on local machines, virtual machines or deployed to the cloud.</li> <li>is portable (can be run on any OS)</li> <li>Containers are isolated from each other and run their own software, binaries, and configurations.</li> </ul> <blockquote> <p><strong>Creating containers from scratch</strong></p> <p>If you’d like to see how containers are built from scratch, Liz Rice from Aqua Security has a fantastic talk in which she creates a container from scratch in Go. While the talk does not go into networking, using images for the filesystem, and other advanced topics, it gives a <em>fantastic</em> deep dive into how things are working.</p> <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/8fi7uSYlOdc" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen=""></iframe> </blockquote> <h2 id="what-is-a-container-image">What is a container image?</h2> <p>When running a container, it uses an isolated filesystem. This custom filesystem is provided by a <strong>container image</strong>. Since the image contains the container’s filesystem, it must contain everything needed to run an application - all dependencies, configuration, scripts, binaries, etc. The image also contains other configuration for the container, such as environment variables, a default command to run, and other metadata.</p> <p>We’ll dive deeper into images later on, covering topics such as layering, best practices, and more.</p> <blockquote> <p><strong>Info</strong></p> <p>If you’re familiar with <code class="language-plaintext highlighter-rouge">chroot</code>, think of a container as an extended version of <code class="language-plaintext highlighter-rouge">chroot</code>. The filesystem is simply coming from the image. But, a container adds additional isolation not available when simply using chroot.</p> </blockquote> <h2 id="cli-references">CLI references</h2> <p>Refer to the following topics for further documentation on all CLI commands used in this article:</p> <ul> <li><a href="../engine/reference/commandline/version/index">docker version</a></li> <li><a href="../engine/reference/commandline/run/index">docker run</a></li> <li><a href="../engine/reference/commandline/image/index">docker image</a></li> <li><a href="../engine/reference/commandline/container/index">docker container</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=get%20started">get started</a>, <a href="https://docs.docker.com/search/?q=setup">setup</a>, <a href="https://docs.docker.com/search/?q=orientation">orientation</a>, <a href="https://docs.docker.com/search/?q=quickstart">quickstart</a>, <a href="https://docs.docker.com/search/?q=intro">intro</a>, <a href="https://docs.docker.com/search/?q=concepts">concepts</a>, <a href="https://docs.docker.com/search/?q=containers">containers</a>, <a href="https://docs.docker.com/search/?q=docker%20desktop">docker desktop</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/get-started/" class="_attribution-link">https://docs.docker.com/get-started/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/get-started%2Fkube-deploy%2Findex.html b/devdocs/docker/get-started%2Fkube-deploy%2Findex.html
new file mode 100644
index 00000000..baa480ba
--- /dev/null
+++ b/devdocs/docker/get-started%2Fkube-deploy%2Findex.html
@@ -0,0 +1,56 @@
+<h1>Deploy to Kubernetes</h1>
+
+<h2 id="prerequisites">Prerequisites</h2> <ul> <li>Download and install Docker Desktop as described in <a href="../index">Orientation and setup</a>.</li> <li>Work through containerizing an application in <a href="../02_our_app/index">Part 2</a>.</li> <li>Make sure that Kubernetes is enabled on your Docker Desktop: <ul> <li>
+<strong>Mac</strong>: Click the Docker icon in your menu bar, navigate to <strong>Preferences</strong> and make sure there’s a green light beside ‘Kubernetes’.</li> <li>
+<strong>Windows</strong>: Click the Docker icon in the system tray and navigate to <strong>Settings</strong> and make sure there’s a green light beside ‘Kubernetes’.</li> </ul> <p>If Kubernetes isn’t running, follow the instructions in <a href="../orchestration/index">Orchestration</a> of this tutorial to finish setting it up.</p> </li> </ul> <h2 id="introduction">Introduction</h2> <p>Now that we’ve demonstrated that the individual components of our application run as stand-alone containers, it’s time to arrange for them to be managed by an orchestrator like Kubernetes. Kubernetes provides many tools for scaling, networking, securing and maintaining your containerized applications, above and beyond the abilities of containers themselves.</p> <p>In order to validate that our containerized application works well on Kubernetes, we’ll use Docker Desktop’s built in Kubernetes environment right on our development machine to deploy our application, before handing it off to run on a full Kubernetes cluster in production. The Kubernetes environment created by Docker Desktop is <em>fully featured</em>, meaning it has all the Kubernetes features your app will enjoy on a real cluster, accessible from the convenience of your development machine.</p> <h2 id="describing-apps-using-kubernetes-yaml">Describing apps using Kubernetes YAML</h2> <p>All containers in Kubernetes are scheduled as <em>pods</em>, which are groups of co-located containers that share some resources. Furthermore, in a realistic application we almost never create individual pods; instead, most of our workloads are scheduled as <em>deployments</em>, which are scalable groups of pods maintained automatically by Kubernetes. Lastly, all Kubernetes objects can and should be described in manifests called <em>Kubernetes YAML</em> files. These YAML files describe all the components and configurations of your Kubernetes app, and can be used to easily create and destroy your app in any Kubernetes environment.</p> <ol> <li> <p>You already wrote a very basic Kubernetes YAML file in the Orchestration overview part of this tutorial. Now, let’s write a slightly more sophisticated YAML file to run and manage our bulletin board. Place the following in a file called <code class="language-plaintext highlighter-rouge">bb.yaml</code>:</p> <div class="highlight"><pre class="highlight" data-language="">apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bb-demo
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      bb: web
+  template:
+    metadata:
+      labels:
+        bb: web
+    spec:
+      containers:
+      - name: bb-site
+        image: getting-started
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bb-entrypoint
+  namespace: default
+spec:
+  type: NodePort
+  selector:
+    bb: web
+  ports:
+  - port: 3000
+    targetPort: 3000
+    nodePort: 30001
+</pre></div>  <p>In this Kubernetes YAML file, we have two objects, separated by the <code class="language-plaintext highlighter-rouge">---</code>:</p> <ul> <li>A <code class="language-plaintext highlighter-rouge">Deployment</code>, describing a scalable group of identical pods. In this case, you’ll get just one <code class="language-plaintext highlighter-rouge">replica</code>, or copy of your pod, and that pod (which is described under the <code class="language-plaintext highlighter-rouge">template:</code> key) has just one container in it, based off of your <code class="language-plaintext highlighter-rouge">bulletinboard:1.0</code> image from the previous step in this tutorial.</li> <li>A <code class="language-plaintext highlighter-rouge">NodePort</code> service, which will route traffic from port 30001 on your host to port 3000 inside the pods it routes to, allowing you to reach your bulletin board from the network.</li> </ul> <p>Also, notice that while Kubernetes YAML can appear long and complicated at first, it almost always follows the same pattern:</p> <ul> <li>The <code class="language-plaintext highlighter-rouge">apiVersion</code>, which indicates the Kubernetes API that parses this object</li> <li>The <code class="language-plaintext highlighter-rouge">kind</code> indicating what sort of object this is</li> <li>Some <code class="language-plaintext highlighter-rouge">metadata</code> applying things like names to your objects</li> <li>The <code class="language-plaintext highlighter-rouge">spec</code> specifying all the parameters and configurations of your object.</li> </ul> </li> </ol> <h2 id="deploy-and-check-your-application">Deploy and check your application</h2> <ol> <li> <p>In a terminal, navigate to where you created <code class="language-plaintext highlighter-rouge">bb.yaml</code> and deploy your application to Kubernetes:</p> <div class="highlight"><pre class="highlight" data-language="">$ kubectl apply -f bb.yaml
+</pre></div>  <p>you should see output that looks like the following, indicating your Kubernetes objects were created successfully:</p> <div class="highlight"><pre class="highlight" data-language="">deployment.apps/bb-demo created
+service/bb-entrypoint created
+</pre></div>  </li> <li> <p>Make sure everything worked by listing your deployments:</p> <div class="highlight"><pre class="highlight" data-language="">$ kubectl get deployments
+</pre></div>  <p>if all is well, your deployment should be listed as follows:</p> <div class="highlight"><pre class="highlight" data-language="">NAME      READY   UP-TO-DATE   AVAILABLE   AGE
+bb-demo   1/1     1            1           40s
+</pre></div>  <p>This indicates all one of the pods you asked for in your YAML are up and running. Do the same check for your services:</p> <div class="highlight"><pre class="highlight" data-language="">$ kubectl get services
+
+NAME            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
+bb-entrypoint   NodePort    10.106.145.116   &lt;none&gt;        3000:30001/TCP   53s
+kubernetes      ClusterIP   10.96.0.1        &lt;none&gt;        443/TCP          138d
+</pre></div>  <p>In addition to the default <code class="language-plaintext highlighter-rouge">kubernetes</code> service, we see our <code class="language-plaintext highlighter-rouge">bb-entrypoint</code> service, accepting traffic on port 30001/TCP.</p> </li> <li> <p>Open a browser and visit your bulletin board at <code class="language-plaintext highlighter-rouge">localhost:30001</code>; you should see your bulletin board, the same as when we ran it as a stand-alone container in <a href="../02_our_app/index">Part 2</a> of the Quickstart tutorial.</p> </li> <li> <p>Once satisfied, tear down your application:</p> <div class="highlight"><pre class="highlight" data-language="">$ kubectl delete -f bb.yaml
+</pre></div>  </li> </ol> <h2 id="conclusion">Conclusion</h2> <p>At this point, we have successfully used Docker Desktop to deploy our application to a fully-featured Kubernetes environment on our development machine. We haven’t done much with Kubernetes yet, but the door is now open; you can begin adding other components to your app and taking advantage of all the features and power of Kubernetes, right on your own machine.</p> <p>In addition to deploying to Kubernetes, we have also described our application as a Kubernetes YAML file. This simple text file contains everything we need to create our application in a running state. We can check it into version control and share it with our colleagues, allowing us to distribute our applications to other clusters (like the testing and production clusters that probably come after our development environments) easily.</p> <h2 id="kubernetes-references">Kubernetes references</h2> <p>Further documentation for all new Kubernetes objects used in this article are available here:</p> <ul> <li><a href="https://kubernetes.io/docs/concepts/workloads/pods/pod/">Kubernetes Pods</a></li> <li><a href="https://kubernetes.io/docs/concepts/workloads/controllers/deployment/">Kubernetes Deployments</a></li> <li><a href="https://kubernetes.io/docs/concepts/services-networking/service/">Kubernetes Services</a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=kubernetes">kubernetes</a>, <a href="https://docs.docker.com/search/?q=pods">pods</a>, <a href="https://docs.docker.com/search/?q=deployments">deployments</a>, <a href="https://docs.docker.com/search/?q=kubernetes%20services">kubernetes services</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/get-started/kube-deploy/" class="_attribution-link">https://docs.docker.com/get-started/kube-deploy/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/get-started%2Forchestration%2Findex.html b/devdocs/docker/get-started%2Forchestration%2Findex.html
new file mode 100644
index 00000000..4fbed048
--- /dev/null
+++ b/devdocs/docker/get-started%2Forchestration%2Findex.html
@@ -0,0 +1,88 @@
+<h1>Orchestration</h1>
+
+<p>The portability and reproducibility of a containerized process provides an opportunity to move and scale our containerized applications across clouds and datacenters. Containers effectively guarantee that those applications run the same way anywhere, allowing us to quickly and easily take advantage of all these environments. Additionally, as we scale our applications up, we need some tooling to help automate the maintenance of those applications, enable the replacement of failed containers automatically, and manage the rollout of updates and reconfigurations of those containers during their lifecycle.</p> <p>Tools to manage, scale, and maintain containerized applications are called <em>orchestrators</em>, and the most common examples of these are <em>Kubernetes</em> and <em>Docker Swarm</em>. Development environment deployments of both of these orchestrators are provided by Docker Desktop, which we’ll use throughout this guide to create our first orchestrated, containerized application.</p> <p>The advanced modules teach you how to:</p> <ol> <li><a href="../kube-deploy/index">Set up and use a Kubernetes environment on your development machine</a></li> <li><a href="../swarm-deploy/index">Set up and use a Swarm environment on your development machine</a></li> </ol> <h2 id="enable-kubernetes">Enable Kubernetes</h2> <p>Docker Desktop will set up Kubernetes for you quickly and easily. Follow the setup and validation instructions appropriate for your operating system:</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" href="#kubeosx">Mac</a></li> <li><a data-toggle="tab" href="#kubewin">Windows</a></li> </ul> <div class="tab-content"> <div id="kubeosx" class="tab-pane fade in active"> <h3 id="mac">Mac</h3> <ol> <li> <p>After installing Docker Desktop, you should see a Docker icon in your menu bar. Click on it, and navigate to <strong>Preferences</strong> &gt; <strong>Kubernetes</strong>.</p> </li> <li> <p>Check the checkbox labeled <strong>Enable Kubernetes</strong>, and click <strong>Apply &amp; Restart</strong>. Docker Desktop will automatically set up Kubernetes for you. You’ll know that Kubernetes has been successfully enabled when you see a green light beside ‘Kubernetes <em>running</em>’ in the Preferences menu.</p> </li> <li> <p>In order to confirm that Kubernetes is up and running, create a text file called <code class="language-plaintext highlighter-rouge">pod.yaml</code> with the following content:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">apiVersion: v1
+kind: Pod
+metadata:
+  name: demo
+spec:
+  containers:
+  - name: testpod
+    image: alpine:latest
+    command: ["ping", "8.8.8.8"]
+</pre></div>  </div>  <p>This describes a pod with a single container, isolating a simple ping to 8.8.8.8.</p> </li> <li> <p>In a terminal, navigate to where you created <code class="language-plaintext highlighter-rouge">pod.yaml</code> and create your pod:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ kubectl apply -f pod.yaml
+</pre></div>  </div>  </li> <li> <p>Check that your pod is up and running:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ kubectl get pods
+</pre></div>  </div>  <p>You should see something like:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">NAME      READY     STATUS    RESTARTS   AGE
+demo      1/1       Running   0          4s
+</pre></div>  </div>  </li> <li> <p>Check that you get the logs you’d expect for a ping process:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ kubectl logs demo
+</pre></div>  </div>  <p>You should see the output of a healthy ping process:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">PING 8.8.8.8 (8.8.8.8): 56 data bytes
+64 bytes from 8.8.8.8: seq=0 ttl=37 time=21.393 ms
+64 bytes from 8.8.8.8: seq=1 ttl=37 time=15.320 ms
+64 bytes from 8.8.8.8: seq=2 ttl=37 time=11.111 ms
+...
+</pre></div>  </div>  </li> <li> <p>Finally, tear down your test pod:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ kubectl delete -f pod.yaml
+</pre></div>  </div>  </li> </ol> </div> <div id="kubewin" class="tab-pane fade"> <h3 id="windows">Windows</h3> <ol> <li> <p>After installing Docker Desktop, you should see a Docker icon in your system tray. Right-click on it, and navigate <strong>Settings</strong> &gt; <strong>Kubernetes</strong>.</p> </li> <li> <p>Check the checkbox labeled <strong>Enable Kubernetes</strong>, and click <strong>Apply &amp; Restart</strong>. Docker Desktop will automatically set up Kubernetes for you. You’ll know that Kubernetes has been successfully enabled when you see a green light beside ‘Kubernetes <em>running</em>’ in the <strong>Settings</strong> menu.</p> </li> <li> <p>In order to confirm that Kubernetes is up and running, create a text file called <code class="language-plaintext highlighter-rouge">pod.yaml</code> with the following content:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">apiVersion: v1
+kind: Pod
+metadata:
+  name: demo
+spec:
+  containers:
+  - name: testpod
+    image: alpine:latest
+    command: ["ping", "8.8.8.8"]
+</pre></div>  </div>  <p>This describes a pod with a single container, isolating a simple ping to 8.8.8.8.</p> </li> <li> <p>In PowerShell, navigate to where you created <code class="language-plaintext highlighter-rouge">pod.yaml</code> and create your pod:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ kubectl apply -f pod.yaml
+</pre></div>  </div>  </li> <li> <p>Check that your pod is up and running:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ kubectl get pods
+</pre></div>  </div>  <p>You should see something like:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">NAME      READY     STATUS    RESTARTS   AGE
+demo      1/1       Running   0          4s
+</pre></div>  </div>  </li> <li> <p>Check that you get the logs you’d expect for a ping process:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ kubectl logs demo
+</pre></div>  </div>  <p>You should see the output of a healthy ping process:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">PING 8.8.8.8 (8.8.8.8): 56 data bytes
+64 bytes from 8.8.8.8: seq=0 ttl=37 time=21.393 ms
+64 bytes from 8.8.8.8: seq=1 ttl=37 time=15.320 ms
+64 bytes from 8.8.8.8: seq=2 ttl=37 time=11.111 ms
+...
+</pre></div>  </div>  </li> <li> <p>Finally, tear down your test pod:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ kubectl delete -f pod.yaml
+</pre></div>  </div>  </li> </ol> </div>  </div> <h2 id="enable-docker-swarm">Enable Docker Swarm</h2> <p>Docker Desktop runs primarily on Docker Engine, which has everything you need to run a Swarm built in. Follow the setup and validation instructions appropriate for your operating system:</p> <ul class="nav nav-tabs"> <li class="active"><a data-toggle="tab" href="#swarmosx">Mac</a></li> <li><a data-toggle="tab" href="#swarmwin">Windows</a></li> </ul> <div class="tab-content"> <div id="swarmosx" class="tab-pane fade in active"> <h3 id="mac">Mac</h3> <ol> <li> <p>Open a terminal, and initialize Docker Swarm mode:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init
+</pre></div>  </div>  <p>If all goes well, you should see a message similar to the following:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">Swarm initialized: current node (tjjggogqpnpj2phbfbz8jd5oq) is now a manager.
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join --token SWMTKN-1-3e0hh0jd5t4yjg209f4g5qpowbsczfahv2dea9a1ay2l8787cf-2h4ly330d0j917ocvzw30j5x9 192.168.65.3:2377
+
+To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
+</pre></div>  </div>  </li> <li> <p>Run a simple Docker service that uses an alpine-based filesystem, and isolates a ping to 8.8.8.8:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name demo alpine:latest ping 8.8.8.8
+</pre></div>  </div>  </li> <li> <p>Check that your service created one running container:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps demo
+</pre></div>  </div>  <p>You should see something like:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE           ERROR               PORTS
+463j2s3y4b5o        demo.1              alpine:latest       docker-desktop      Running             Running 8 seconds ago
+</pre></div>  </div>  </li> <li> <p>Check that you get the logs you’d expect for a ping process:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker service logs demo
+</pre></div>  </div>  <p>You should see the output of a healthy ping process:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">demo.1.463j2s3y4b5o@docker-desktop    | PING 8.8.8.8 (8.8.8.8): 56 data bytes
+demo.1.463j2s3y4b5o@docker-desktop    | 64 bytes from 8.8.8.8: seq=0 ttl=37 time=13.005 ms
+demo.1.463j2s3y4b5o@docker-desktop    | 64 bytes from 8.8.8.8: seq=1 ttl=37 time=13.847 ms
+demo.1.463j2s3y4b5o@docker-desktop    | 64 bytes from 8.8.8.8: seq=2 ttl=37 time=41.296 ms
+...
+</pre></div>  </div>  </li> <li> <p>Finally, tear down your test service:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm demo
+</pre></div>  </div>  </li> </ol> </div> <div id="swarmwin" class="tab-pane fade"> <h3 id="windows">Windows</h3> <ol> <li> <p>Open a powershell, and initialize Docker Swarm mode:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker swarm init
+</pre></div>  </div>  <p>If all goes well, you should see a message similar to the following:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">Swarm initialized: current node (tjjggogqpnpj2phbfbz8jd5oq) is now a manager.
+
+To add a worker to this swarm, run the following command:
+
+    docker swarm join --token SWMTKN-1-3e0hh0jd5t4yjg209f4g5qpowbsczfahv2dea9a1ay2l8787cf-2h4ly330d0j917ocvzw30j5x9 192.168.65.3:2377
+
+To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
+</pre></div>  </div>  </li> <li> <p>Run a simple Docker service that uses an alpine-based filesystem, and isolates a ping to 8.8.8.8:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker service create --name demo alpine:latest ping 8.8.8.8
+</pre></div>  </div>  </li> <li> <p>Check that your service created one running container:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker service ps demo
+</pre></div>  </div>  <p>You should see something like:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE           ERROR               PORTS
+463j2s3y4b5o        demo.1              alpine:latest       docker-desktop      Running             Running 8 seconds ago
+</pre></div>  </div>  </li> <li> <p>Check that you get the logs you’d expect for a ping process:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker service logs demo
+</pre></div>  </div>  <p>You should see the output of a healthy ping process:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">demo.1.463j2s3y4b5o@docker-desktop    | PING 8.8.8.8 (8.8.8.8): 56 data bytes
+demo.1.463j2s3y4b5o@docker-desktop    | 64 bytes from 8.8.8.8: seq=0 ttl=37 time=13.005 ms
+demo.1.463j2s3y4b5o@docker-desktop    | 64 bytes from 8.8.8.8: seq=1 ttl=37 time=13.847 ms
+demo.1.463j2s3y4b5o@docker-desktop    | 64 bytes from 8.8.8.8: seq=2 ttl=37 time=41.296 ms
+...
+</pre></div>  </div>  </li> <li> <p>Finally, tear down your test service:</p>  <div class="highlight"> <div class="highlight"><pre class="highlight" data-language="">$ docker service rm demo
+</pre></div>  </div>  </li> </ol> </div>  </div> <h2 id="conclusion">Conclusion</h2> <p>At this point, you’ve confirmed that you can run simple containerized workloads in Kubernetes and Swarm. The next step will be to write the Kubernetes yaml that describes how to run and manage these containers on Kubernetes.</p> <p><a href="../kube-deploy/index" class="button primary-btn" style="margin-bottom: 30px; margin-right: 200%">On to deploying to Kubernetes &gt;&gt;</a></p> <p>To learn how to write the stack file to help you run and manage containers on Swarm, see <a href="../swarm-deploy/index">Deploying to Swarm</a>.</p> <h2 id="cli-references">CLI references</h2> <p>Further documentation for all CLI commands used in this article are available here:</p> <ul> <li><a href="https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply"><code class="language-plaintext highlighter-rouge">kubectl apply</code></a></li> <li><a href="https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get"><code class="language-plaintext highlighter-rouge">kubectl get</code></a></li> <li><a href="https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#logs"><code class="language-plaintext highlighter-rouge">kubectl logs</code></a></li> <li><a href="https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#delete"><code class="language-plaintext highlighter-rouge">kubectl delete</code></a></li> <li><a href="../../engine/reference/commandline/swarm_init/index"><code class="language-plaintext highlighter-rouge">docker swarm init</code></a></li> <li><a href="../../engine/reference/commandline/service/index"><code class="language-plaintext highlighter-rouge">docker service *</code></a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=orchestration">orchestration</a>, <a href="https://docs.docker.com/search/?q=deploy">deploy</a>, <a href="https://docs.docker.com/search/?q=kubernetes">kubernetes</a>, <a href="https://docs.docker.com/search/?q=swarm">swarm</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/get-started/orchestration/" class="_attribution-link">https://docs.docker.com/get-started/orchestration/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/get-started%2Foverview%2Findex.html b/devdocs/docker/get-started%2Foverview%2Findex.html
new file mode 100644
index 00000000..cdfd744a
--- /dev/null
+++ b/devdocs/docker/get-started%2Foverview%2Findex.html
@@ -0,0 +1,11 @@
+<h1>Docker overview</h1>
+
+<p>Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker’s methodologies for shipping, testing, and deploying code quickly, you can significantly reduce the delay between writing code and running it in production.</p> <h2 id="the-docker-platform">The Docker platform</h2> <p>Docker provides the ability to package and run an application in a loosely isolated environment called a container. The isolation and security allows you to run many containers simultaneously on a given host. Containers are lightweight and contain everything needed to run the application, so you do not need to rely on what is currently installed on the host. You can easily share containers while you work, and be sure that everyone you share with gets the same container that works in the same way.</p> <p>Docker provides tooling and a platform to manage the lifecycle of your containers:</p> <ul> <li>Develop your application and its supporting components using containers.</li> <li>The container becomes the unit for distributing and testing your application.</li> <li>When you’re ready, deploy your application into your production environment, as a container or an orchestrated service. This works the same whether your production environment is a local data center, a cloud provider, or a hybrid of the two.</li> </ul> <h2 id="what-can-i-use-docker-for">What can I use Docker for?</h2> <p><strong>Fast, consistent delivery of your applications</strong></p> <p>Docker streamlines the development lifecycle by allowing developers to work in standardized environments using local containers which provide your applications and services. Containers are great for continuous integration and continuous delivery (CI/CD) workflows.</p> <p>Consider the following example scenario:</p> <ul> <li>Your developers write code locally and share their work with their colleagues using Docker containers.</li> <li>They use Docker to push their applications into a test environment and execute automated and manual tests.</li> <li>When developers find bugs, they can fix them in the development environment and redeploy them to the test environment for testing and validation.</li> <li>When testing is complete, getting the fix to the customer is as simple as pushing the updated image to the production environment.</li> </ul> <p><strong>Responsive deployment and scaling</strong></p> <p>Docker’s container-based platform allows for highly portable workloads. Docker containers can run on a developer’s local laptop, on physical or virtual machines in a data center, on cloud providers, or in a mixture of environments.</p> <p>Docker’s portability and lightweight nature also make it easy to dynamically manage workloads, scaling up or tearing down applications and services as business needs dictate, in near real time.</p> <p><strong>Running more workloads on the same hardware</strong></p> <p>Docker is lightweight and fast. It provides a viable, cost-effective alternative to hypervisor-based virtual machines, so you can use more of your compute capacity to achieve your business goals. Docker is perfect for high density environments and for small and medium deployments where you need to do more with fewer resources.</p> <h2 id="docker-architecture">Docker architecture</h2> <p>Docker uses a client-server architecture. The Docker <em>client</em> talks to the Docker <em>daemon</em>, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon <em>can</em> run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface. Another Docker client is Docker Compose, that lets you work with applications consisting of a set of containers.</p> <p><img src="https://docs.docker.com/engine/images/architecture.svg" alt="Docker Architecture Diagram"></p> <h3 id="the-docker-daemon">The Docker daemon</h3> <p>The Docker daemon (<code class="language-plaintext highlighter-rouge">dockerd</code>) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.</p> <h3 id="the-docker-client">The Docker client</h3> <p>The Docker client (<code class="language-plaintext highlighter-rouge">docker</code>) is the primary way that many Docker users interact with Docker. When you use commands such as <code class="language-plaintext highlighter-rouge">docker run</code>, the client sends these commands to <code class="language-plaintext highlighter-rouge">dockerd</code>, which carries them out. The <code class="language-plaintext highlighter-rouge">docker</code> command uses the Docker API. The Docker client can communicate with more than one daemon.</p> <h3 id="docker-desktop">Docker Desktop</h3> <p>Docker Desktop is an easy-to-install application for your Mac or Windows environment that enables you to build and share containerized applications and microservices. Docker Desktop includes the Docker daemon (<code class="language-plaintext highlighter-rouge">dockerd</code>), the Docker client (<code class="language-plaintext highlighter-rouge">docker</code>), Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper. For more information, see <a href="https://docs.docker.com/desktop/">Docker Desktop</a>.</p> <h3 id="docker-registries">Docker registries</h3> <p>A Docker <em>registry</em> stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry.</p> <p>When you use the <code class="language-plaintext highlighter-rouge">docker pull</code> or <code class="language-plaintext highlighter-rouge">docker run</code> commands, the required images are pulled from your configured registry. When you use the <code class="language-plaintext highlighter-rouge">docker push</code> command, your image is pushed to your configured registry.</p> <h3 id="docker-objects">Docker objects</h3> <p>When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects. This section is a brief overview of some of those objects.</p> <h4 id="images">Images</h4> <p>An <em>image</em> is a read-only template with instructions for creating a Docker container. Often, an image is <em>based on</em> another image, with some additional customization. For example, you may build an image which is based on the <code class="language-plaintext highlighter-rouge">ubuntu</code> image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run.</p> <p>You might create your own images or you might only use those created by others and published in a registry. To build your own image, you create a <em>Dockerfile</em> with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so lightweight, small, and fast, when compared to other virtualization technologies.</p> <h4 id="containers">Containers</h4> <p>A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state.</p> <p>By default, a container is relatively well isolated from other containers and its host machine. You can control how isolated a container’s network, storage, or other underlying subsystems are from other containers or from the host machine.</p> <p>A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear.</p> <h5 id="example-docker-run-command">Example <code class="language-plaintext highlighter-rouge">docker run</code> command</h5> <p>The following command runs an <code class="language-plaintext highlighter-rouge">ubuntu</code> container, attaches interactively to your local command-line session, and runs <code class="language-plaintext highlighter-rouge">/bin/bash</code>.</p> <div class="highlight"><pre class="highlight" data-language="">$ docker run -i -t ubuntu /bin/bash
+</pre></div> <p>When you run this command, the following happens (assuming you are using the default registry configuration):</p> <ol> <li> <p>If you do not have the <code class="language-plaintext highlighter-rouge">ubuntu</code> image locally, Docker pulls it from your configured registry, as though you had run <code class="language-plaintext highlighter-rouge">docker pull ubuntu</code> manually.</p> </li> <li> <p>Docker creates a new container, as though you had run a <code class="language-plaintext highlighter-rouge">docker container create</code> command manually.</p> </li> <li> <p>Docker allocates a read-write filesystem to the container, as its final layer. This allows a running container to create or modify files and directories in its local filesystem.</p> </li> <li> <p>Docker creates a network interface to connect the container to the default network, since you did not specify any networking options. This includes assigning an IP address to the container. By default, containers can connect to external networks using the host machine’s network connection.</p> </li> <li> <p>Docker starts the container and executes <code class="language-plaintext highlighter-rouge">/bin/bash</code>. Because the container is running interactively and attached to your terminal (due to the <code class="language-plaintext highlighter-rouge">-i</code> and <code class="language-plaintext highlighter-rouge">-t</code> flags), you can provide input using your keyboard while the output is logged to your terminal.</p> </li> <li> <p>When you type <code class="language-plaintext highlighter-rouge">exit</code> to terminate the <code class="language-plaintext highlighter-rouge">/bin/bash</code> command, the container stops but is not removed. You can start it again or remove it.</p> </li> </ol> <h2 id="the-underlying-technology">The underlying technology</h2> <p>Docker is written in the <a href="https://golang.org/">Go programming language</a> and takes advantage of several features of the Linux kernel to deliver its functionality. Docker uses a technology called <code class="language-plaintext highlighter-rouge">namespaces</code> to provide the isolated workspace called the <em>container</em>. When you run a container, Docker creates a set of <em>namespaces</em> for that container.</p> <p>These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.</p> <h2 id="next-steps">Next steps</h2> <ul> <li>Read about <a href="https://docs.docker.com/get-docker/">installing Docker</a>.</li> <li>Get hands-on experience with the <a href="../index">Getting started with Docker</a> tutorial.</li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=introduction">introduction</a>, <a href="https://docs.docker.com/search/?q=documentation">documentation</a>, <a href="https://docs.docker.com/search/?q=about">about</a>, <a href="https://docs.docker.com/search/?q=technology">technology</a>, <a href="https://docs.docker.com/search/?q=understanding">understanding</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/get-started/overview/" class="_attribution-link">https://docs.docker.com/get-started/overview/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/get-started%2Fresources%2Findex.html b/devdocs/docker/get-started%2Fresources%2Findex.html
new file mode 100644
index 00000000..f0c09797
--- /dev/null
+++ b/devdocs/docker/get-started%2Fresources%2Findex.html
@@ -0,0 +1,24 @@
+<h1>Educational resources</h1>
+
+<p>Docker and the broader community of Docker experts have put together many different ways to get further training and hands-on experience with Docker. Expand your understanding of Docker and Kubernetes with these additional free and paid resources.</p> <h2 id="hosted-labs">Hosted labs</h2> <p>These self-paced and hands-on workshops use a free, hosted environment (<a href="https://labs.play-with-k8s.com/" target="_blank" rel="noopener" class="_">Play with Kubernetes</a>) that does not require any installation. Follow along and learn more about Kubernetes.</p> <ul> <li> <p><a href="https://training.play-with-kubernetes.com/kubernetes-workshop/" target="_blank" rel="noopener" class="_">Kubernetes Workshop</a></p> </li> <li> <p>Labs are free but require registration with a Docker ID.</p> </li> </ul> <h2 id="self-guided-tutorials">Self-guided tutorials</h2> <p>Created by experts in the Docker community, these free tutorials provide guided step-by-step workflows for working with the Docker platform.</p> <ul> <li>
+<strong>Integrating Docker with Your IDE</strong> <ul> <li><a href="https://training.play-with-docker.com/java-debugging-eclipse/" target="_blank" rel="noopener" class="_">Java Development: Eclipse</a></li> <li><a href="https://training.play-with-docker.com/java-debugging-intellij/" target="_blank" rel="noopener" class="_">Java Development: IntelliJ</a></li> <li><a href="https://training.play-with-docker.com/java-debugging-netbeans/" target="_blank" rel="noopener" class="_">Java Development: Netbeans</a></li> <li><a href="https://training.play-with-docker.com/nodejs-live-debugging/" target="_blank" rel="noopener" class="_">Live Debugging Node.js with Docker and Visual Studio Code</a></li> </ul> </li> <li>
+<strong>Windows Containers</strong> <ul> <li><a href="https://training.play-with-docker.com/windows-containers-setup/" target="_blank" rel="noopener" class="_">Windows Container Setup</a></li> <li><a href="https://training.play-with-docker.com/windows-containers-basics/" target="_blank" rel="noopener" class="_">Windows Container Basics</a></li> <li><a href="https://training.play-with-docker.com/windows-containers-multicontainer/" target="_blank" rel="noopener" class="_">Windows Containers Multi-Container Applications</a></li> </ul> </li> </ul> <h2 id="books">Books</h2> <p>If books are your preferred learning style, check out these written by the <a href="https://www.docker.com/community/captains" target="_blank" rel="noopener" class="_">Docker Captains</a>. Docker Captain is a distinction that Docker awards to select members of the community that are both experts in their field and are committed to sharing their Docker knowledge with others.</p> <ul> <li>
+<a href="https://www.manning.com/books/learn-docker-in-a-month-of-lunches" target="_blank" rel="noopener" class="_">Learn Docker in a Month of Lunches</a>, Elton Stoneman. Use the code <code class="language-plaintext highlighter-rouge">stonemanpc</code> for a 40% discount.</li> <li>
+<a href="https://www.amazon.com/Docker-Windows-Elton-Stoneman-ebook/dp/B0711Y4J9K/" target="_blank" rel="noopener" class="_">Docker on Windows: From 101 to Production with Docker on Windows</a>, Elton Stoneman</li> <li>
+<a href="https://www.manning.com/books/learn-kubernetes-in-a-month-of-lunches" target="_blank" rel="noopener" class="_">Learn Kubernetes in a Month of Lunches</a>, Elton Stoneman. Use the code <code class="language-plaintext highlighter-rouge">stonemanpc</code> for a 40% discount.</li> <li>
+<a href="https://www.manning.com/books/docker-in-action-second-edition" target="_blank" rel="noopener" class="_">Docker in Action 2nd Edition</a> Jeff Nickoloff, Oct 2019</li> <li>
+<a href="https://www.amazon.com/Kubernetes-Book-Nigel-Poulton/dp/1521823634/ref=sr_1_3?ie=UTF8&amp;qid=1509660871&amp;sr=8-3&amp;keywords=nigel+poulton" target="_blank" rel="noopener" class="_">The Kubernetes Book</a>, Nigel Poulton, Nov 2018</li> <li>
+<a href="https://www.amazon.com/Docker-Deep-Dive-Nigel-Poulton/dp/1521822808/ref=sr_1_1?ie=UTF8&amp;qid=1509660871&amp;sr=8-1&amp;keywords=nigel+poulton" target="_blank" rel="noopener" class="_">Docker Deep Dive</a>, Nigel Poulton, March 2018</li> <li>[Portuguese] <a href="https://leanpub.com/dockerparadesenvolvedores" target="_blank" rel="noopener" class="_">Docker para desenvolvedores</a> (2017) by Rafael Gomes</li> </ul> <h2 id="self-paced-online-learning">Self-Paced online learning</h2> <p>A number of Docker Captains have also created video courses on Docker and Kubernetes.</p> <ul> <li>
+<a href="https://www.bretfisher.com/courses/" target="_blank" rel="noopener" class="_">Bret Fisher</a>: Docker Mastery, Docker Swarm Mastery, Docker Mastery for Node.js Projects</li> <li>
+<a href="https://docker4.net/udemy" target="_blank" rel="noopener" class="_">Elton Stoneman</a>: Docker for .NET Apps - on Linux and Windows. Includes the discount code <code class="language-plaintext highlighter-rouge">644ABCBC33F474541885</code>.</li> <li>
+<a href="https://nickjanetakis.com/courses/" target="_blank" rel="noopener" class="_">Nick Janetakis</a> Dive into Docker, Docker for DevOps</li> <li>
+<a href="https://nigelpoulton.com/video-courses" target="_blank" rel="noopener" class="_">Nigel Poulton</a>: Kubernetes 101, Getting Started with Kubernetes, Docker and Kubernetes: The Big Picture, Kubernetes Deep Dive, Docker Deep Dive</li> <li>
+<a href="https://www.lynda.com/Docker-tutorials/Docker-Java-developers/576584-2.html" target="_blank" rel="noopener" class="_">Arun Gupta</a>: Docker for Java Developers</li> <li>
+<a href="https://collabnix.com/" target="_blank" rel="noopener" class="_">Ajeet Singh Raina</a>: Docker and Kubernetes Labs</li> <li>[French] <a href="https://www.udemy.com/user/lucjuggery/" target="_blank" rel="noopener" class="_">Luc Juggery</a>: Introduction to Kubernetes, The Docker Platform</li> </ul> <p>* Many of the courses are fee-based</p> 
+<p><a href="https://docs.docker.com/search/?q=get%20started">get started</a>, <a href="https://docs.docker.com/search/?q=setup">setup</a>, <a href="https://docs.docker.com/search/?q=orientation">orientation</a>, <a href="https://docs.docker.com/search/?q=quickstart">quickstart</a>, <a href="https://docs.docker.com/search/?q=intro">intro</a>, <a href="https://docs.docker.com/search/?q=concepts">concepts</a>, <a href="https://docs.docker.com/search/?q=kubernetes">kubernetes</a>, <a href="https://docs.docker.com/search/?q=docker%20desktop">docker desktop</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/get-started/resources/" class="_attribution-link">https://docs.docker.com/get-started/resources/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/get-started%2Fswarm-deploy%2Findex.html b/devdocs/docker/get-started%2Fswarm-deploy%2Findex.html
new file mode 100644
index 00000000..7455015f
--- /dev/null
+++ b/devdocs/docker/get-started%2Fswarm-deploy%2Findex.html
@@ -0,0 +1,24 @@
+<h1>Deploy to Swarm</h1>
+
+<h2 id="prerequisites">Prerequisites</h2> <ul> <li>Download and install Docker Desktop as described in <a href="../index">Orientation and setup</a>.</li> <li>Work through containerizing an application in <a href="../02_our_app/index">Part 2</a>.</li> <li> <p>Make sure that Swarm is enabled on your Docker Desktop by typing <code class="language-plaintext highlighter-rouge">docker system info</code>, and looking for a message <code class="language-plaintext highlighter-rouge">Swarm: active</code> (you might have to scroll up a little).</p> <p>If Swarm isn’t running, simply type <code class="language-plaintext highlighter-rouge">docker swarm init</code> in a shell prompt to set it up.</p> </li> </ul> <h2 id="introduction">Introduction</h2> <p>Now that we’ve demonstrated that the individual components of our application run as stand-alone containers and shown how to deploy it using Kubernetes, let’s look at how to arrange for them to be managed by Docker Swarm. Swarm provides many tools for scaling, networking, securing and maintaining your containerized applications, above and beyond the abilities of containers themselves.</p> <p>In order to validate that our containerized application works well on Swarm, we’ll use Docker Desktop’s built in Swarm environment right on our development machine to deploy our application, before handing it off to run on a full Swarm cluster in production. The Swarm environment created by Docker Desktop is <em>fully featured</em>, meaning it has all the Swarm features your app will enjoy on a real cluster, accessible from the convenience of your development machine.</p> <h2 id="describe-apps-using-stack-files">Describe apps using stack files</h2> <p>Swarm never creates individual containers like we did in the previous step of this tutorial. Instead, all Swarm workloads are scheduled as <em>services</em>, which are scalable groups of containers with added networking features maintained automatically by Swarm. Furthermore, all Swarm objects can and should be described in manifests called <em>stack files</em>. These YAML files describe all the components and configurations of your Swarm app, and can be used to easily create and destroy your app in any Swarm environment.</p> <p>Let’s write a simple stack file to run and manage our bulletin board. Place the following in a file called <code class="language-plaintext highlighter-rouge">bb-stack.yaml</code>:</p> <div class="highlight"><pre class="highlight" data-language="">version: '3.7'
+
+services:
+  bb-app:
+    image: bulletinboard:1.0
+    ports:
+      - "8000:8080"
+</pre></div> <p>In this Swarm YAML file, we have just one object: a <code class="language-plaintext highlighter-rouge">service</code>, describing a scalable group of identical containers. In this case, you’ll get just one container (the default), and that container will be based on your <code class="language-plaintext highlighter-rouge">bulletinboard:1.0</code> image created in <a href="../02_our_app/index">Part 2</a> of the Quickstart tutorial. In addition, We’ve asked Swarm to forward all traffic arriving at port 8000 on our development machine to port 8080 inside our bulletin board container.</p> <blockquote> <p><strong>Kubernetes Services and Swarm Services are very different!</strong> Despite the similar name, the two orchestrators mean very different things by the term ‘service’. In Swarm, a service provides both scheduling <em>and</em> networking facilities, creating containers and providing tools for routing traffic to them. In Kubernetes, scheduling and networking are handled separately: <em>deployments</em> (or other controllers) handle the scheduling of containers as pods, while <em>services</em> are responsible only for adding networking features to those pods.</p> </blockquote> <h2 id="deploy-and-check-your-application">Deploy and check your application</h2> <ol> <li> <p>Deploy your application to Swarm:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack deploy -c bb-stack.yaml demo
+</pre></div>  <p>If all goes well, Swarm will report creating all your stack objects with no complaints:</p> <div class="highlight"><pre class="highlight" data-language="">Creating network demo_default
+Creating service demo_bb-app
+</pre></div>  <p>Notice that in addition to your service, Swarm also creates a Docker network by default to isolate the containers deployed as part of your stack.</p> </li> <li> <p>Make sure everything worked by listing your service:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker service ls
+</pre></div>  <p>If all has gone well, your service will report with 1/1 of its replicas created:</p> <div class="highlight"><pre class="highlight" data-language="">ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
+il7elwunymbs        demo_bb-app         replicated          1/1                 bulletinboard:1.0   *:8000-&gt;8080/tcp
+</pre></div>  <p>This indicates 1/1 containers you asked for as part of your services are up and running. Also, we see that port 8000 on your development machine is getting forwarded to port 8080 in your bulletin board container.</p> </li> <li> <p>Open a browser and visit your bulletin board at <code class="language-plaintext highlighter-rouge">localhost:8000</code>; you should see your bulletin board, the same as when we ran it as a stand-alone container in Part 2 of the Quickstart tutorial.</p> </li> <li> <p>Once satisfied, tear down your application:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker stack rm demo
+</pre></div>  </li> </ol> <h2 id="conclusion">Conclusion</h2> <p>At this point, we have successfully used Docker Desktop to deploy our application to a fully-featured Swarm environment on our development machine. We haven’t done much with Swarm yet, but the door is now open: you can begin adding other components to your app and taking advantage of all the features and power of Swarm, right on your own machine.</p> <p>In addition to deploying to Swarm, we have also described our application as a stack file. This simple text file contains everything we need to create our application in a running state; we can check it into version control and share it with our colleagues, allowing us to distribute our applications to other clusters (like the testing and production clusters that probably come after our development environments) easily.</p> <h2 id="swarm-and-cli-references">Swarm and CLI references</h2> <p>Further documentation for all new Swarm objects and CLI commands used in this article are available here:</p> <ul> <li><a href="../../engine/swarm/index">Swarm Mode</a></li> <li><a href="../../engine/swarm/how-swarm-mode-works/services/index">Swarm Mode Services</a></li> <li><a href="../../engine/swarm/stack-deploy/index">Swarm Stacks</a></li> <li><a href="../../engine/reference/commandline/stack/index"><code class="language-plaintext highlighter-rouge">docker stack *</code></a></li> <li><a href="../../engine/reference/commandline/service/index"><code class="language-plaintext highlighter-rouge">docker service *</code></a></li> </ul> 
+<p><a href="https://docs.docker.com/search/?q=swarm">swarm</a>, <a href="https://docs.docker.com/search/?q=swarm%20services">swarm services</a>, <a href="https://docs.docker.com/search/?q=stacks">stacks</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/get-started/swarm-deploy/" class="_attribution-link">https://docs.docker.com/get-started/swarm-deploy/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/index b/devdocs/docker/index
new file mode 100644
index 00000000..e6d51024
--- /dev/null
+++ b/devdocs/docker/index
@@ -0,0 +1 @@
+((pages . ["index" "get-started/overview/index" "get-started/index" "engine/reference/builder/index" "compose/compose-file/index" "get-started/04_sharing_app/index" "get-started/02_our_app/index" "get-started/swarm-deploy/index" "engine/install/ubuntu/index" "engine/reference/commandline/run/index" "engine/reference/commandline/dockerd/index" "engine/reference/commandline/build/index" "compose/faq/index" "compose/install/index" "compose/gettingstarted/index" "compose/environment-variables/index" "compose/networking/index" "engine/security/index" "get-started/resources/index" "machine/index" "engine/index" "compose/samples-for-compose/index" "engine/reference/commandline/container/index" "compose/compose-file/deploy/index" "compose/index" "compose/gpu-support/index" "compose/reference/index" "engine/swarm/index" "engine/install/centos/index" "engine/reference/run/index" "engine/install/linux-postinstall/index" "engine/security/rootless/index" "engine/reference/commandline/image/index" "engine/scan/index" "compose/compose-file/build/index" "get-started/orchestration/index" "engine/swarm/stack-deploy/index" "engine/reference/commandline/stack/index" "engine/reference/commandline/service/index" "engine/reference/commandline/commit/index" "engine/reference/commandline/version/index" "compose/compose-file/compose-versioning/index" "engine/swarm/how-swarm-mode-works/services/index" "engine/api/index" "engine/security/protect-access/index" "engine/reference/commandline/tag/index" "compose/startup-order/index" "engine/install/binaries/index" "engine/reference/commandline/service_create/index" "engine/extend/plugins_authorization/index" "engine/security/userns-remap/index" "compose/reference/stop/index" "compose/reference/envvars/index" "engine/install/index" "compose/env-file/index" "compose/reference/config/index" "compose/compose-file/compose-file-v2/index" "engine/reference/commandline/network_create/index" "engine/extend/plugins_network/index" "compose/compose-file/compose-file-v3/index" "engine/security/trust/index" "engine/security/seccomp/index" "engine/security/apparmor/index" "engine/reference/commandline/cli/index" "engine/release-notes/index" "engine/deprecated/index" "engine/reference/commandline/container_attach/index" "engine/reference/commandline/container_commit/index" "engine/reference/commandline/container_cp/index" "engine/reference/commandline/container_create/index" "engine/reference/commandline/container_diff/index" "engine/reference/commandline/container_exec/index" "engine/reference/commandline/container_export/index" "engine/reference/commandline/container_inspect/index" "engine/reference/commandline/container_kill/index" "engine/reference/commandline/container_logs/index" "engine/reference/commandline/container_ls/index" "engine/reference/commandline/container_pause/index" "engine/reference/commandline/container_port/index" "engine/reference/commandline/container_rename/index" "engine/reference/commandline/container_restart/index" "engine/reference/commandline/container_rm/index" "engine/reference/commandline/container_start/index" "engine/reference/commandline/container_stats/index" "compose/profiles/index" "compose/production/index" "engine/reference/commandline/container_prune/index" "engine/reference/commandline/container_run/index" "engine/reference/commandline/container_stop/index" "engine/reference/commandline/container_top/index" "compose/extends/index" "compose/reference/pull/index" "engine/reference/commandline/container_unpause/index" "engine/reference/commandline/container_update/index" "engine/reference/commandline/container_wait/index" "engine/reference/commandline/ps/index" "compose/cli-command-compatibility/index" "engine/swarm/key-concepts/index" "engine/swarm/swarm-tutorial/index" "engine/reference/commandline/swarm_init/index" "engine/reference/commandline/service_ls/index" "engine/reference/commandline/service_rm/index" "engine/reference/commandline/swarm_join/index" "engine/reference/commandline/service_inspect/index" "engine/reference/commandline/service_scale/index" "engine/reference/commandline/service_ps/index" "engine/reference/commandline/attach/index" "engine/reference/commandline/inspect/index" "engine/reference/commandline/image_build/index" "engine/reference/commandline/image_history/index" "engine/reference/commandline/image_load/index" "engine/reference/commandline/image_ls/index" "engine/reference/commandline/service_update/index" "engine/reference/commandline/image_push/index" "engine/reference/commandline/image_import/index" "engine/reference/commandline/image_tag/index" "engine/reference/commandline/image_save/index" "engine/context/working-with-contexts/index" "engine/reference/commandline/image_inspect/index" "engine/reference/commandline/image_pull/index" "get-started/kube-deploy/index" "engine/reference/commandline/stack_deploy/index" "engine/reference/commandline/stack_ps/index" "engine/security/certificates/index" "engine/reference/commandline/events/index" "engine/reference/commandline/image_prune/index" "engine/reference/commandline/image_rm/index" "engine/swarm/swarm-mode/index" "engine/reference/commandline/stack_ls/index" "engine/reference/commandline/stack_services/index" "engine/reference/commandline/service_logs/index" "engine/reference/commandline/service_rollback/index" "engine/swarm/how-swarm-mode-works/nodes/index" "engine/reference/commandline/stack_rm/index" "engine/reference/commandline/context/index" "engine/swarm/how-swarm-mode-works/pki/index" "engine/api/sdk/index" "engine/reference/commandline/secret_create/index" "engine/reference/commandline/config_create/index" "engine/swarm/swarm-tutorial/rolling-update/index" "engine/reference/commandline/volume_create/index" "engine/reference/commandline/node_update/index" "engine/swarm/ingress/index" "engine/extend/index" "engine/extend/plugin_api/index" "engine/install/debian/index" "engine/install/fedora/index" "engine/install/rhel/index" "engine/install/sles/index" "compose/reference/up/index" "engine/extend/plugins_volume/index" "engine/reference/commandline/network/index" "engine/reference/commandline/network_connect/index" "engine/reference/commandline/network_disconnect/index" "engine/extend/legacy_plugins/index" "engine/reference/commandline/network_inspect/index" "engine/reference/commandline/network_prune/index" "engine/security/trust/trust_sandbox/index" "engine/reference/commandline/stats/index" "engine/reference/commandline/login/index" "engine/reference/commandline/network_ls/index" "engine/reference/commandline/network_rm/index" "engine/security/trust/trust_key_mng/index" "engine/security/trust/trust_delegation/index" "engine/security/trust/trust_automation/index" "engine/reference/commandline/swarm/index" "engine/swarm/secrets/index" "engine/reference/commandline/secret_ls/index" "engine/swarm/configs/index" "engine/security/trust/deploying_notary/index" "engine/reference/commandline/plugin_ls/index" "engine/reference/commandline/node_ls/index" "engine/swarm/services/index" "engine/reference/commandline/config_ls/index" "engine/reference/commandline/images/index" "engine/swarm/swarm-tutorial/create-swarm/index" "engine/reference/commandline/swarm_join-token/index" "engine/reference/commandline/swarm_ca/index" "engine/reference/commandline/swarm_leave/index" "engine/reference/commandline/swarm_unlock/index" "engine/reference/commandline/swarm_unlock-key/index" "engine/reference/commandline/swarm_update/index" "engine/swarm/join-nodes/index" "engine/reference/commandline/node_promote/index" "engine/reference/commandline/node_demote/index" "engine/reference/commandline/context_create/index" "engine/reference/commandline/context_export/index" "engine/reference/commandline/context_import/index" "engine/reference/commandline/context_inspect/index" "engine/reference/commandline/context_ls/index" "engine/reference/commandline/context_rm/index" "engine/reference/commandline/volume_ls/index" "engine/reference/commandline/context_update/index" "engine/reference/commandline/context_use/index" "engine/reference/commandline/volume_rm/index" "engine/reference/commandline/secret_inspect/index" "engine/reference/commandline/config/index" "engine/reference/commandline/config_inspect/index" "engine/reference/commandline/volume_inspect/index" "engine/reference/commandline/volume_prune/index" "engine/api/sdk/examples/index" "engine/reference/commandline/secret_rm/index" "engine/reference/commandline/volume/index" "engine/reference/commandline/node/index" "engine/reference/commandline/node_rm/index" "engine/reference/commandline/plugin/index" "engine/reference/commandline/secret/index" "engine/reference/commandline/config_rm/index" "engine/swarm/swarm-tutorial/scale-service/index" "engine/swarm/swarm-tutorial/drain-node/index" "engine/reference/commandline/node_inspect/index" "engine/reference/commandline/node_ps/index" "engine/extend/config/index" "engine/reference/commandline/plugin_push/index" "engine/reference/commandline/docker/index" "engine/reference/commandline/plugin_install/index" "engine/reference/commandline/plugin_create/index" "engine/swarm/swarm-tutorial/add-nodes/index" "engine/reference/commandline/plugin_enable/index" "engine/reference/commandline/plugin_inspect/index" "engine/reference/commandline/plugin_rm/index" "engine/reference/commandline/info/index" "engine/reference/commandline/plugin_disable/index" "engine/reference/commandline/plugin_upgrade/index" "engine/reference/commandline/logs/index" "engine/reference/commandline/plugin_set/index" "engine/reference/commandline/exec/index" "engine/swarm/manage-nodes/index" "engine/reference/commandline/checkpoint/index" "engine/reference/commandline/diff/index" "engine/swarm/swarm-tutorial/deploy-service/index" "engine/reference/commandline/create/index" "engine/reference/commandline/export/index" "engine/reference/commandline/kill/index" "engine/reference/commandline/push/index" "engine/swarm/swarm-tutorial/delete-service/index" "engine/reference/commandline/builder/index" "engine/reference/commandline/cp/index" "engine/reference/commandline/history/index" "engine/reference/commandline/load/index" "engine/swarm/admin_guide/index" "engine/reference/commandline/import/index" "engine/reference/commandline/pause/index" "engine/reference/commandline/port/index" "engine/reference/commandline/save/index" "engine/reference/commandline/manifest/index" "engine/reference/commandline/restart/index" "engine/reference/commandline/rm/index" "engine/reference/commandline/logout/index" "engine/reference/commandline/pull/index" "engine/reference/commandline/rename/index" "engine/reference/commandline/start/index" "engine/reference/commandline/stop/index" "engine/reference/commandline/rmi/index" "engine/reference/commandline/system/index" "engine/reference/commandline/search/index" "engine/reference/commandline/unpause/index" "engine/reference/commandline/checkpoint_ls/index" "engine/reference/commandline/trust/index" "engine/reference/commandline/builder_prune/index" "engine/reference/commandline/update/index" "engine/reference/commandline/checkpoint_rm/index" "engine/reference/commandline/wait/index" "engine/reference/commandline/checkpoint_create/index" "engine/swarm/swarm-tutorial/inspect-service/index" "engine/reference/commandline/manifest_push/index" "engine/reference/commandline/manifest_inspect/index" "engine/reference/commandline/system_prune/index" "engine/reference/commandline/top/index" "engine/swarm/raft/index" "engine/reference/commandline/manifest_annotate/index" "engine/reference/commandline/builder_build/index" "engine/reference/commandline/manifest_create/index" "engine/reference/commandline/system_events/index" "engine/reference/commandline/system_info/index" "engine/reference/commandline/system_df/index" "engine/reference/commandline/trust_revoke/index" "engine/swarm/swarm_manager_locking/index" "engine/reference/commandline/trust_sign/index" "engine/reference/commandline/manifest_rm/index" "engine/reference/commandline/trust_inspect/index" "engine/reference/commandline/trust_key/index" "engine/reference/commandline/trust_signer/index" "engine/reference/commandline/trust_key_load/index" "engine/reference/commandline/trust_key_generate/index" "engine/reference/commandline/trust_signer_remove/index" "engine/reference/commandline/trust_signer_add/index"]) (entries . [((name . "Access authorization plugin") (path . "engine/extend/plugins_authorization/index") (type . "Engine: Extend")) ((name . "Add nodes to the swarm") (path . "engine/swarm/swarm-tutorial/add-nodes/index") (type . "Engine")) ((name . "Administer and maintain a swarm of Docker Engines") (path . "engine/swarm/admin_guide/index") (type . "Engine")) ((name . "AppArmor security profiles for Docker") (path . "engine/security/apparmor/index") (type . "Engine: Security")) ((name . "Apply rolling updates to a service") (path . "engine/swarm/swarm-tutorial/rolling-update/index") (type . "Engine")) ((name . "Automation with content trust") (path . "engine/security/trust/trust_automation/index") (type . "Engine: Security")) ((name . "Compose") (path . "compose/index") (type . "Compose")) ((name . "Compose CLI environment variables") (path . "compose/reference/envvars/index") (type . "Compose")) ((name . "Compose command compatibility with docker-compose") (path . "compose/cli-command-compatibility/index") (type . "Compose")) ((name . "Compose file build reference") (path . "compose/compose-file/build/index") (type . "Compose")) ((name . "Compose file deploy reference") (path . "compose/compose-file/deploy/index") (type . "Compose")) ((name . "Compose file version 2 reference") (path . "compose/compose-file/compose-file-v2/index") (type . "Compose")) ((name . "Compose file version 3 reference") (path . "compose/compose-file/compose-file-v3/index") (type . "Compose")) ((name . "Compose file versions and upgrading") (path . "compose/compose-file/compose-versioning/index") (type . "Compose")) ((name . "Compose specification") (path . "compose/compose-file/index") (type . "Compose")) ((name . "Content trust in Docker") (path . "engine/security/trust/index") (type . "Engine: Security")) ((name . "Control startup and shutdown order in Compose") (path . "compose/startup-order/index") (type . "Compose")) ((name . "Create a swarm") (path . "engine/swarm/swarm-tutorial/create-swarm/index") (type . "Engine")) ((name . "Declare default environment variables in file") (path . "compose/env-file/index") (type . "Compose")) ((name . "Delegations for content trust") (path . "engine/security/trust/trust_delegation/index") (type . "Engine: Security")) ((name . "Delete the service running on the swarm") (path . "engine/swarm/swarm-tutorial/delete-service/index") (type . "Engine")) ((name . "Deploy a service to the swarm") (path . "engine/swarm/swarm-tutorial/deploy-service/index") (type . "Engine")) ((name . "Deploy a stack to a swarm") (path . "engine/swarm/stack-deploy/index") (type . "Engine")) ((name . "Deploy Notary Server with Compose") (path . "engine/security/trust/deploying_notary/index") (type . "Engine: Security")) ((name . "Deploy services to a swarm") (path . "engine/swarm/services/index") (type . "Engine")) ((name . "Deploy to Kubernetes") (path . "get-started/kube-deploy/index") (type . "Get Started")) ((name . "Deploy to Swarm") (path . "get-started/swarm-deploy/index") (type . "Get Started")) ((name . "Deprecated Engine Features") (path . "engine/deprecated/index") (type . "Engine")) ((name . "Develop with Docker Engine API") (path . "engine/api/index") (type . "Engine")) ((name . "Develop with Docker Engine SDKs") (path . "engine/api/sdk/index") (type . "Engine")) ((name . "docker") (path . "engine/reference/commandline/docker/index") (type . "Engine: CLI")) ((name . "docker attach") (path . "engine/reference/commandline/attach/index") (type . "Engine: CLI")) ((name . "docker build") (path . "engine/reference/commandline/build/index") (type . "Engine: CLI")) ((name . "docker builder") (path . "engine/reference/commandline/builder/index") (type . "Engine: CLI")) ((name . "docker builder build") (path . "engine/reference/commandline/builder_build/index") (type . "Engine: CLI")) ((name . "docker builder prune") (path . "engine/reference/commandline/builder_prune/index") (type . "Engine: CLI")) ((name . "docker checkpoint") (path . "engine/reference/commandline/checkpoint/index") (type . "Engine: CLI")) ((name . "docker checkpoint create") (path . "engine/reference/commandline/checkpoint_create/index") (type . "Engine: CLI")) ((name . "docker checkpoint ls") (path . "engine/reference/commandline/checkpoint_ls/index") (type . "Engine: CLI")) ((name . "docker checkpoint rm") (path . "engine/reference/commandline/checkpoint_rm/index") (type . "Engine: CLI")) ((name . "docker commit") (path . "engine/reference/commandline/commit/index") (type . "Engine: CLI")) ((name . "docker config") (path . "engine/reference/commandline/config/index") (type . "Engine: CLI")) ((name . "docker config create") (path . "engine/reference/commandline/config_create/index") (type . "Engine: CLI")) ((name . "docker config inspect") (path . "engine/reference/commandline/config_inspect/index") (type . "Engine: CLI")) ((name . "docker config ls") (path . "engine/reference/commandline/config_ls/index") (type . "Engine: CLI")) ((name . "docker config rm") (path . "engine/reference/commandline/config_rm/index") (type . "Engine: CLI")) ((name . "docker container") (path . "engine/reference/commandline/container/index") (type . "Engine: CLI")) ((name . "docker container attach") (path . "engine/reference/commandline/container_attach/index") (type . "Engine: CLI")) ((name . "docker container commit") (path . "engine/reference/commandline/container_commit/index") (type . "Engine: CLI")) ((name . "docker container cp") (path . "engine/reference/commandline/container_cp/index") (type . "Engine: CLI")) ((name . "docker container create") (path . "engine/reference/commandline/container_create/index") (type . "Engine: CLI")) ((name . "docker container diff") (path . "engine/reference/commandline/container_diff/index") (type . "Engine: CLI")) ((name . "docker container exec") (path . "engine/reference/commandline/container_exec/index") (type . "Engine: CLI")) ((name . "docker container export") (path . "engine/reference/commandline/container_export/index") (type . "Engine: CLI")) ((name . "docker container inspect") (path . "engine/reference/commandline/container_inspect/index") (type . "Engine: CLI")) ((name . "docker container kill") (path . "engine/reference/commandline/container_kill/index") (type . "Engine: CLI")) ((name . "docker container logs") (path . "engine/reference/commandline/container_logs/index") (type . "Engine: CLI")) ((name . "docker container ls") (path . "engine/reference/commandline/container_ls/index") (type . "Engine: CLI")) ((name . "docker container pause") (path . "engine/reference/commandline/container_pause/index") (type . "Engine: CLI")) ((name . "docker container port") (path . "engine/reference/commandline/container_port/index") (type . "Engine: CLI")) ((name . "docker container prune") (path . "engine/reference/commandline/container_prune/index") (type . "Engine: CLI")) ((name . "docker container rename") (path . "engine/reference/commandline/container_rename/index") (type . "Engine: CLI")) ((name . "docker container restart") (path . "engine/reference/commandline/container_restart/index") (type . "Engine: CLI")) ((name . "docker container rm") (path . "engine/reference/commandline/container_rm/index") (type . "Engine: CLI")) ((name . "docker container run") (path . "engine/reference/commandline/container_run/index") (type . "Engine: CLI")) ((name . "docker container start") (path . "engine/reference/commandline/container_start/index") (type . "Engine: CLI")) ((name . "docker container stats") (path . "engine/reference/commandline/container_stats/index") (type . "Engine: CLI")) ((name . "docker container stop") (path . "engine/reference/commandline/container_stop/index") (type . "Engine: CLI")) ((name . "docker container top") (path . "engine/reference/commandline/container_top/index") (type . "Engine: CLI")) ((name . "docker container unpause") (path . "engine/reference/commandline/container_unpause/index") (type . "Engine: CLI")) ((name . "docker container update") (path . "engine/reference/commandline/container_update/index") (type . "Engine: CLI")) ((name . "docker container wait") (path . "engine/reference/commandline/container_wait/index") (type . "Engine: CLI")) ((name . "docker context") (path . "engine/reference/commandline/context/index") (type . "Engine: CLI")) ((name . "Docker Context") (path . "engine/context/working-with-contexts/index") (type . "Engine")) ((name . "docker context create") (path . "engine/reference/commandline/context_create/index") (type . "Engine: CLI")) ((name . "docker context export") (path . "engine/reference/commandline/context_export/index") (type . "Engine: CLI")) ((name . "docker context import") (path . "engine/reference/commandline/context_import/index") (type . "Engine: CLI")) ((name . "docker context inspect") (path . "engine/reference/commandline/context_inspect/index") (type . "Engine: CLI")) ((name . "docker context ls") (path . "engine/reference/commandline/context_ls/index") (type . "Engine: CLI")) ((name . "docker context rm") (path . "engine/reference/commandline/context_rm/index") (type . "Engine: CLI")) ((name . "docker context update") (path . "engine/reference/commandline/context_update/index") (type . "Engine: CLI")) ((name . "docker context use") (path . "engine/reference/commandline/context_use/index") (type . "Engine: CLI")) ((name . "docker cp") (path . "engine/reference/commandline/cp/index") (type . "Engine: CLI")) ((name . "docker create") (path . "engine/reference/commandline/create/index") (type . "Engine: CLI")) ((name . "docker diff") (path . "engine/reference/commandline/diff/index") (type . "Engine: CLI")) ((name . "Docker Engine managed plugin system") (path . "engine/extend/index") (type . "Engine: Extend")) ((name . "Docker Engine release notes") (path . "engine/release-notes/index") (type . "Engine")) ((name . "docker events") (path . "engine/reference/commandline/events/index") (type . "Engine: CLI")) ((name . "docker exec") (path . "engine/reference/commandline/exec/index") (type . "Engine: CLI")) ((name . "docker export") (path . "engine/reference/commandline/export/index") (type . "Engine: CLI")) ((name . "docker history") (path . "engine/reference/commandline/history/index") (type . "Engine: CLI")) ((name . "docker image") (path . "engine/reference/commandline/image/index") (type . "Engine: CLI")) ((name . "docker image build") (path . "engine/reference/commandline/image_build/index") (type . "Engine: CLI")) ((name . "docker image history") (path . "engine/reference/commandline/image_history/index") (type . "Engine: CLI")) ((name . "docker image import") (path . "engine/reference/commandline/image_import/index") (type . "Engine: CLI")) ((name . "docker image inspect") (path . "engine/reference/commandline/image_inspect/index") (type . "Engine: CLI")) ((name . "docker image load") (path . "engine/reference/commandline/image_load/index") (type . "Engine: CLI")) ((name . "docker image ls") (path . "engine/reference/commandline/image_ls/index") (type . "Engine: CLI")) ((name . "docker image prune") (path . "engine/reference/commandline/image_prune/index") (type . "Engine: CLI")) ((name . "docker image pull") (path . "engine/reference/commandline/image_pull/index") (type . "Engine: CLI")) ((name . "docker image push") (path . "engine/reference/commandline/image_push/index") (type . "Engine: CLI")) ((name . "docker image rm") (path . "engine/reference/commandline/image_rm/index") (type . "Engine: CLI")) ((name . "docker image save") (path . "engine/reference/commandline/image_save/index") (type . "Engine: CLI")) ((name . "docker image tag") (path . "engine/reference/commandline/image_tag/index") (type . "Engine: CLI")) ((name . "docker images") (path . "engine/reference/commandline/images/index") (type . "Engine: CLI")) ((name . "docker import") (path . "engine/reference/commandline/import/index") (type . "Engine: CLI")) ((name . "docker info") (path . "engine/reference/commandline/info/index") (type . "Engine: CLI")) ((name . "docker inspect") (path . "engine/reference/commandline/inspect/index") (type . "Engine: CLI")) ((name . "docker kill") (path . "engine/reference/commandline/kill/index") (type . "Engine: CLI")) ((name . "docker load") (path . "engine/reference/commandline/load/index") (type . "Engine: CLI")) ((name . "docker login") (path . "engine/reference/commandline/login/index") (type . "Engine: CLI")) ((name . "docker logout") (path . "engine/reference/commandline/logout/index") (type . "Engine: CLI")) ((name . "docker logs") (path . "engine/reference/commandline/logs/index") (type . "Engine: CLI")) ((name . "docker manifest") (path . "engine/reference/commandline/manifest/index") (type . "Engine: CLI")) ((name . "docker manifest annotate") (path . "engine/reference/commandline/manifest_annotate/index") (type . "Engine: CLI")) ((name . "docker manifest create") (path . "engine/reference/commandline/manifest_create/index") (type . "Engine: CLI")) ((name . "docker manifest inspect") (path . "engine/reference/commandline/manifest_inspect/index") (type . "Engine: CLI")) ((name . "docker manifest push") (path . "engine/reference/commandline/manifest_push/index") (type . "Engine: CLI")) ((name . "docker manifest rm") (path . "engine/reference/commandline/manifest_rm/index") (type . "Engine: CLI")) ((name . "docker network") (path . "engine/reference/commandline/network/index") (type . "Engine: CLI")) ((name . "docker network connect") (path . "engine/reference/commandline/network_connect/index") (type . "Engine: CLI")) ((name . "docker network create") (path . "engine/reference/commandline/network_create/index") (type . "Engine: CLI")) ((name . "docker network disconnect") (path . "engine/reference/commandline/network_disconnect/index") (type . "Engine: CLI")) ((name . "Docker network driver plugins") (path . "engine/extend/plugins_network/index") (type . "Engine: Extend")) ((name . "docker network inspect") (path . "engine/reference/commandline/network_inspect/index") (type . "Engine: CLI")) ((name . "docker network ls") (path . "engine/reference/commandline/network_ls/index") (type . "Engine: CLI")) ((name . "docker network prune") (path . "engine/reference/commandline/network_prune/index") (type . "Engine: CLI")) ((name . "docker network rm") (path . "engine/reference/commandline/network_rm/index") (type . "Engine: CLI")) ((name . "docker node") (path . "engine/reference/commandline/node/index") (type . "Engine: CLI")) ((name . "docker node demote") (path . "engine/reference/commandline/node_demote/index") (type . "Engine: CLI")) ((name . "docker node inspect") (path . "engine/reference/commandline/node_inspect/index") (type . "Engine: CLI")) ((name . "docker node ls") (path . "engine/reference/commandline/node_ls/index") (type . "Engine: CLI")) ((name . "docker node promote") (path . "engine/reference/commandline/node_promote/index") (type . "Engine: CLI")) ((name . "docker node ps") (path . "engine/reference/commandline/node_ps/index") (type . "Engine: CLI")) ((name . "docker node rm") (path . "engine/reference/commandline/node_rm/index") (type . "Engine: CLI")) ((name . "docker node update") (path . "engine/reference/commandline/node_update/index") (type . "Engine: CLI")) ((name . "Docker overview") (path . "get-started/overview/index") (type . "Get Started")) ((name . "docker pause") (path . "engine/reference/commandline/pause/index") (type . "Engine: CLI")) ((name . "docker plugin") (path . "engine/reference/commandline/plugin/index") (type . "Engine: CLI")) ((name . "Docker Plugin API") (path . "engine/extend/plugin_api/index") (type . "Engine: Extend")) ((name . "docker plugin create") (path . "engine/reference/commandline/plugin_create/index") (type . "Engine: CLI")) ((name . "docker plugin disable") (path . "engine/reference/commandline/plugin_disable/index") (type . "Engine: CLI")) ((name . "docker plugin enable") (path . "engine/reference/commandline/plugin_enable/index") (type . "Engine: CLI")) ((name . "docker plugin inspect") (path . "engine/reference/commandline/plugin_inspect/index") (type . "Engine: CLI")) ((name . "docker plugin install") (path . "engine/reference/commandline/plugin_install/index") (type . "Engine: CLI")) ((name . "docker plugin ls") (path . "engine/reference/commandline/plugin_ls/index") (type . "Engine: CLI")) ((name . "docker plugin push") (path . "engine/reference/commandline/plugin_push/index") (type . "Engine: CLI")) ((name . "docker plugin rm") (path . "engine/reference/commandline/plugin_rm/index") (type . "Engine: CLI")) ((name . "docker plugin set") (path . "engine/reference/commandline/plugin_set/index") (type . "Engine: CLI")) ((name . "docker plugin upgrade") (path . "engine/reference/commandline/plugin_upgrade/index") (type . "Engine: CLI")) ((name . "docker port") (path . "engine/reference/commandline/port/index") (type . "Engine: CLI")) ((name . "docker ps") (path . "engine/reference/commandline/ps/index") (type . "Engine: CLI")) ((name . "docker pull") (path . "engine/reference/commandline/pull/index") (type . "Engine: CLI")) ((name . "docker push") (path . "engine/reference/commandline/push/index") (type . "Engine: CLI")) ((name . "docker rename") (path . "engine/reference/commandline/rename/index") (type . "Engine: CLI")) ((name . "docker restart") (path . "engine/reference/commandline/restart/index") (type . "Engine: CLI")) ((name . "docker rm") (path . "engine/reference/commandline/rm/index") (type . "Engine: CLI")) ((name . "docker rmi") (path . "engine/reference/commandline/rmi/index") (type . "Engine: CLI")) ((name . "docker run") (path . "engine/reference/commandline/run/index") (type . "Engine: CLI")) ((name . "Docker run reference") (path . "engine/reference/run/index") (type . "Engine")) ((name . "docker save") (path . "engine/reference/commandline/save/index") (type . "Engine: CLI")) ((name . "docker search") (path . "engine/reference/commandline/search/index") (type . "Engine: CLI")) ((name . "docker secret") (path . "engine/reference/commandline/secret/index") (type . "Engine: CLI")) ((name . "docker secret create") (path . "engine/reference/commandline/secret_create/index") (type . "Engine: CLI")) ((name . "docker secret inspect") (path . "engine/reference/commandline/secret_inspect/index") (type . "Engine: CLI")) ((name . "docker secret ls") (path . "engine/reference/commandline/secret_ls/index") (type . "Engine: CLI")) ((name . "docker secret rm") (path . "engine/reference/commandline/secret_rm/index") (type . "Engine: CLI")) ((name . "Docker security") (path . "engine/security/index") (type . "Engine: Security")) ((name . "docker service") (path . "engine/reference/commandline/service/index") (type . "Engine: CLI")) ((name . "docker service create") (path . "engine/reference/commandline/service_create/index") (type . "Engine: CLI")) ((name . "docker service inspect") (path . "engine/reference/commandline/service_inspect/index") (type . "Engine: CLI")) ((name . "docker service logs") (path . "engine/reference/commandline/service_logs/index") (type . "Engine: CLI")) ((name . "docker service ls") (path . "engine/reference/commandline/service_ls/index") (type . "Engine: CLI")) ((name . "docker service ps") (path . "engine/reference/commandline/service_ps/index") (type . "Engine: CLI")) ((name . "docker service rm") (path . "engine/reference/commandline/service_rm/index") (type . "Engine: CLI")) ((name . "docker service rollback") (path . "engine/reference/commandline/service_rollback/index") (type . "Engine: CLI")) ((name . "docker service scale") (path . "engine/reference/commandline/service_scale/index") (type . "Engine: CLI")) ((name . "docker service update") (path . "engine/reference/commandline/service_update/index") (type . "Engine: CLI")) ((name . "docker stack") (path . "engine/reference/commandline/stack/index") (type . "Engine: CLI")) ((name . "docker stack deploy") (path . "engine/reference/commandline/stack_deploy/index") (type . "Engine: CLI")) ((name . "docker stack ls") (path . "engine/reference/commandline/stack_ls/index") (type . "Engine: CLI")) ((name . "docker stack ps") (path . "engine/reference/commandline/stack_ps/index") (type . "Engine: CLI")) ((name . "docker stack rm") (path . "engine/reference/commandline/stack_rm/index") (type . "Engine: CLI")) ((name . "docker stack services") (path . "engine/reference/commandline/stack_services/index") (type . "Engine: CLI")) ((name . "docker start") (path . "engine/reference/commandline/start/index") (type . "Engine: CLI")) ((name . "docker stats") (path . "engine/reference/commandline/stats/index") (type . "Engine: CLI")) ((name . "docker stop") (path . "engine/reference/commandline/stop/index") (type . "Engine: CLI")) ((name . "docker swarm") (path . "engine/reference/commandline/swarm/index") (type . "Engine: CLI")) ((name . "docker swarm ca") (path . "engine/reference/commandline/swarm_ca/index") (type . "Engine: CLI")) ((name . "docker swarm init") (path . "engine/reference/commandline/swarm_init/index") (type . "Engine: CLI")) ((name . "docker swarm join") (path . "engine/reference/commandline/swarm_join/index") (type . "Engine: CLI")) ((name . "docker swarm join-token") (path . "engine/reference/commandline/swarm_join-token/index") (type . "Engine: CLI")) ((name . "docker swarm leave") (path . "engine/reference/commandline/swarm_leave/index") (type . "Engine: CLI")) ((name . "docker swarm unlock") (path . "engine/reference/commandline/swarm_unlock/index") (type . "Engine: CLI")) ((name . "docker swarm unlock-key") (path . "engine/reference/commandline/swarm_unlock-key/index") (type . "Engine: CLI")) ((name . "docker swarm update") (path . "engine/reference/commandline/swarm_update/index") (type . "Engine: CLI")) ((name . "docker system") (path . "engine/reference/commandline/system/index") (type . "Engine: CLI")) ((name . "docker system df") (path . "engine/reference/commandline/system_df/index") (type . "Engine: CLI")) ((name . "docker system events") (path . "engine/reference/commandline/system_events/index") (type . "Engine: CLI")) ((name . "docker system info") (path . "engine/reference/commandline/system_info/index") (type . "Engine: CLI")) ((name . "docker system prune") (path . "engine/reference/commandline/system_prune/index") (type . "Engine: CLI")) ((name . "docker tag") (path . "engine/reference/commandline/tag/index") (type . "Engine: CLI")) ((name . "docker top") (path . "engine/reference/commandline/top/index") (type . "Engine: CLI")) ((name . "docker trust") (path . "engine/reference/commandline/trust/index") (type . "Engine: CLI")) ((name . "docker trust inspect") (path . "engine/reference/commandline/trust_inspect/index") (type . "Engine: CLI")) ((name . "docker trust key") (path . "engine/reference/commandline/trust_key/index") (type . "Engine: CLI")) ((name . "docker trust key generate") (path . "engine/reference/commandline/trust_key_generate/index") (type . "Engine: CLI")) ((name . "docker trust key load") (path . "engine/reference/commandline/trust_key_load/index") (type . "Engine: CLI")) ((name . "docker trust revoke") (path . "engine/reference/commandline/trust_revoke/index") (type . "Engine: CLI")) ((name . "docker trust sign") (path . "engine/reference/commandline/trust_sign/index") (type . "Engine: CLI")) ((name . "docker trust signer") (path . "engine/reference/commandline/trust_signer/index") (type . "Engine: CLI")) ((name . "docker trust signer add") (path . "engine/reference/commandline/trust_signer_add/index") (type . "Engine: CLI")) ((name . "docker trust signer remove") (path . "engine/reference/commandline/trust_signer_remove/index") (type . "Engine: CLI")) ((name . "docker unpause") (path . "engine/reference/commandline/unpause/index") (type . "Engine: CLI")) ((name . "docker update") (path . "engine/reference/commandline/update/index") (type . "Engine: CLI")) ((name . "docker version") (path . "engine/reference/commandline/version/index") (type . "Engine: CLI")) ((name . "docker volume") (path . "engine/reference/commandline/volume/index") (type . "Engine: CLI")) ((name . "docker volume create") (path . "engine/reference/commandline/volume_create/index") (type . "Engine: CLI")) ((name . "docker volume inspect") (path . "engine/reference/commandline/volume_inspect/index") (type . "Engine: CLI")) ((name . "docker volume ls") (path . "engine/reference/commandline/volume_ls/index") (type . "Engine: CLI")) ((name . "Docker volume plugins") (path . "engine/extend/plugins_volume/index") (type . "Engine: Extend")) ((name . "docker volume prune") (path . "engine/reference/commandline/volume_prune/index") (type . "Engine: CLI")) ((name . "docker volume rm") (path . "engine/reference/commandline/volume_rm/index") (type . "Engine: CLI")) ((name . "docker wait") (path . "engine/reference/commandline/wait/index") (type . "Engine: CLI")) ((name . "docker-compose config") (path . "compose/reference/config/index") (type . "Compose")) ((name . "docker-compose pull") (path . "compose/reference/pull/index") (type . "Compose")) ((name . "docker-compose stop") (path . "compose/reference/stop/index") (type . "Compose")) ((name . "docker-compose up") (path . "compose/reference/up/index") (type . "Compose")) ((name . "dockerd") (path . "engine/reference/commandline/dockerd/index") (type . "Engine: CLI")) ((name . "Dockerfile reference") (path . "engine/reference/builder/index") (type . "Engine")) ((name . "Drain a node on the swarm") (path . "engine/swarm/swarm-tutorial/drain-node/index") (type . "Engine")) ((name . "Educational resources") (path . "get-started/resources/index") (type . "Get Started")) ((name . "Enabling GPU access with Compose") (path . "compose/gpu-support/index") (type . "Compose")) ((name . "Engine") (path . "engine/index") (type . "Engine")) ((name . "Environment variables in Compose") (path . "compose/environment-variables/index") (type . "Compose")) ((name . "Examples using the Docker Engine SDKs and Docker API") (path . "engine/api/sdk/examples/index") (type . "Engine")) ((name . "Frequently asked questions") (path . "compose/faq/index") (type . "Compose")) ((name . "Get started with Docker Compose") (path . "compose/gettingstarted/index") (type . "Compose")) ((name . "Getting started with swarm mode") (path . "engine/swarm/swarm-tutorial/index") (type . "Engine")) ((name . "How nodes work") (path . "engine/swarm/how-swarm-mode-works/nodes/index") (type . "Engine")) ((name . "How services work") (path . "engine/swarm/how-swarm-mode-works/services/index") (type . "Engine")) ((name . "Inspect a service on the swarm") (path . "engine/swarm/swarm-tutorial/inspect-service/index") (type . "Engine")) ((name . "Install Docker Compose") (path . "compose/install/index") (type . "Compose")) ((name . "Install Docker Engine") (path . "engine/install/index") (type . "Engine")) ((name . "Install Docker Engine from binaries") (path . "engine/install/binaries/index") (type . "Engine")) ((name . "Install Docker Engine on CentOS") (path . "engine/install/centos/index") (type . "Engine")) ((name . "Install Docker Engine on Debian") (path . "engine/install/debian/index") (type . "Engine")) ((name . "Install Docker Engine on Fedora") (path . "engine/install/fedora/index") (type . "Engine")) ((name . "Install Docker Engine on RHEL") (path . "engine/install/rhel/index") (type . "Engine")) ((name . "Install Docker Engine on SLES") (path . "engine/install/sles/index") (type . "Engine")) ((name . "Install Docker Engine on Ubuntu") (path . "engine/install/ubuntu/index") (type . "Engine")) ((name . "Isolate containers with a user namespace") (path . "engine/security/userns-remap/index") (type . "Engine: Security")) ((name . "Join nodes to a swarm") (path . "engine/swarm/join-nodes/index") (type . "Engine")) ((name . "Lock your swarm to protect its encryption key") (path . "engine/swarm/swarm_manager_locking/index") (type . "Engine")) ((name . "Machine") (path . "machine/index") (type . "Machine")) ((name . "Manage keys for content trust") (path . "engine/security/trust/trust_key_mng/index") (type . "Engine: Security")) ((name . "Manage nodes in a swarm") (path . "engine/swarm/manage-nodes/index") (type . "Engine")) ((name . "Manage sensitive data with Docker secrets") (path . "engine/swarm/secrets/index") (type . "Engine")) ((name . "Manage swarm security with public key infrastructure (PKI)") (path . "engine/swarm/how-swarm-mode-works/pki/index") (type . "Engine")) ((name . "Networking in Compose") (path . "compose/networking/index") (type . "Compose")) ((name . "Orchestration") (path . "get-started/orchestration/index") (type . "Get Started")) ((name . "Orientation and setup") (path . "get-started/index") (type . "Get Started")) ((name . "Overview of docker-compose CLI") (path . "compose/reference/index") (type . "Compose")) ((name . "Play in a content trust sandbox") (path . "engine/security/trust/trust_sandbox/index") (type . "Engine: Security")) ((name . "Plugin Config Version 1 of Plugin V2") (path . "engine/extend/config/index") (type . "Engine: Extend")) ((name . "Post-installation steps for Linux") (path . "engine/install/linux-postinstall/index") (type . "Engine")) ((name . "Protect the Docker daemon socket") (path . "engine/security/protect-access/index") (type . "Engine: Security")) ((name . "Raft consensus in swarm mode") (path . "engine/swarm/raft/index") (type . "Engine")) ((name . "Run Docker Engine in swarm mode") (path . "engine/swarm/swarm-mode/index") (type . "Engine")) ((name . "Run the Docker daemon as a non-root user (Rootless mode)") (path . "engine/security/rootless/index") (type . "Engine: Security")) ((name . "Sample application") (path . "get-started/02_our_app/index") (type . "Get Started")) ((name . "Sample apps with Compose") (path . "compose/samples-for-compose/index") (type . "Compose")) ((name . "Scale the service in the swarm") (path . "engine/swarm/swarm-tutorial/scale-service/index") (type . "Engine")) ((name . "Seccomp security profiles for Docker") (path . "engine/security/seccomp/index") (type . "Engine: Security")) ((name . "Share Compose configurations between files and projects") (path . "compose/extends/index") (type . "Compose")) ((name . "Share the application") (path . "get-started/04_sharing_app/index") (type . "Get Started")) ((name . "Store configuration data using Docker Configs") (path . "engine/swarm/configs/index") (type . "Engine")) ((name . "Swarm mode key concepts") (path . "engine/swarm/key-concepts/index") (type . "Engine")) ((name . "Swarm mode overview") (path . "engine/swarm/index") (type . "Engine")) ((name . "Use Compose in production") (path . "compose/production/index") (type . "Compose")) ((name . "Use Docker Engine plugins") (path . "engine/extend/legacy_plugins/index") (type . "Engine: Extend")) ((name . "Use swarm mode routing mesh") (path . "engine/swarm/ingress/index") (type . "Engine")) ((name . "Use the Docker command line") (path . "engine/reference/commandline/cli/index") (type . "Engine: CLI")) ((name . "Using profiles with Compose") (path . "compose/profiles/index") (type . "Compose")) ((name . "Verify repository client with certificates") (path . "engine/security/certificates/index") (type . "Engine: Security")) ((name . "Vulnerability scanning for Docker local images") (path . "engine/scan/index") (type . "Engine"))]) (types . [((name . "Compose") (count . 26) (slug . "compose")) ((name . "Engine") (count . 44) (slug . "engine")) ((name . "Engine: CLI") (count . 187) (slug . "engine-cli")) ((name . "Engine: Extend") (count . 7) (slug . "engine-extend")) ((name . "Engine: Security") (count . 13) (slug . "engine-security")) ((name . "Get Started") (count . 8) (slug . "get-started")) ((name . "Machine") (count . 1) (slug . "machine"))]))
\ No newline at end of file
diff --git a/devdocs/docker/index.html b/devdocs/docker/index.html
new file mode 100644
index 00000000..f9fbeddd
--- /dev/null
+++ b/devdocs/docker/index.html
@@ -0,0 +1,6 @@
+<h1>Docker Documentation</h1><div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/" class="_attribution-link">https://docs.docker.com/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/machine%2Findex.html b/devdocs/docker/machine%2Findex.html
new file mode 100644
index 00000000..9cfea67f
--- /dev/null
+++ b/devdocs/docker/machine%2Findex.html
@@ -0,0 +1,9 @@
+<h1>Docker Machine</h1>
+<blockquote class="warning"> <p><strong>Deprecated</strong></p> <p>Docker Machine has been deprecated. Please use Docker Desktop instead. See <a href="https://docs.docker.com/desktop/mac/">Docker Desktop for Mac</a> and <a href="https://docs.docker.com/desktop/windows/">Docker Desktop for Windows</a>. You can also use other cloud provisioning tools.</p> </blockquote> <p>The source code for Docker Machine has been archived. You can find the source code on <a href="https://github.com/docker/machine" target="_blank" rel="noopener" class="_">GitHub</a>.</p> 
+<p><a href="https://docs.docker.com/search/?q=docker">docker</a>, <a href="https://docs.docker.com/search/?q=machine">machine</a></p>
+<div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
+    <a href="https://docs.docker.com/machine/" class="_attribution-link">https://docs.docker.com/machine/</a>
+  </p>
+</div>
diff --git a/devdocs/docker/metadata b/devdocs/docker/metadata
new file mode 100644
index 00000000..8e80d2a2
--- /dev/null
+++ b/devdocs/docker/metadata
@@ -0,0 +1,4 @@
+(1 (name . "Docker") (slug . "docker") (type . "simple") (links (home . "https://docker.com/") (code . "https://github.com/docker/docker")) (version . "") (release . "20.10.16") (mtime . 1654206621) (db_size . 4328150) (attribution . "&copy; 2019 Docker, Inc.<br>
+      Licensed under the Apache License, Version 2.0.<br>
+      Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>
+      Docker, Inc. and other parties may also have trademark rights in other terms used herein."))
\ No newline at end of file