search

docker / roadmap

Welcome to the Public Roadmap for All Things Docker! We welcome your ideas.
https://github.com/orgs/docker/projects/51
Creative Commons Zero v1.0 Universal
1.75k stars 261 forks source link

Change the -v flag on docker compose down #665

Open GarretSidzaka opened 6 months ago

GarretSidzaka commented 6 months ago

Change the -v flag on docker compose down. Some customers have accidentally cleared their volumes and lost data using this flag. Suggest to change -v flag to --volumes. This is also more consistent with other tools.

Docker compose plugin

The problem is "docker compose down -v" might be misunderstood to be a "verbosity" flag and cause customers to lose persistent volume data.

Education can help others know not to use this flag. But the similarity with verbosity flags is troubling.

thaJeztah commented 6 months ago

The -v option is a shorthand for --volumes, so --volumes already exists;

docker compose down --help

Usage:  docker compose down [OPTIONS] [SERVICES]

Stop and remove containers, networks

Options:
      --dry-run          Execute command in dry run mode
      --remove-orphans   Remove containers for services not defined in the Compose file
      --rmi string       Remove images used by services. "local" remove only images that don't have a custom tag ("local"|"all")
  -t, --timeout int      Specify a shutdown timeout in seconds
  -v, --volumes          Remove named volumes declared in the "volumes" section of the Compose file and anonymous volumes attached to containers

The problem is "docker compose down -v" might be misunderstood to be a "verbosity" flag and cause customers to lose persistent volume data.

I know we generally try to avoid shorthand flags if there's possible ambiguity. This one already has existed for multiple years, which for sure makes it more complicated to change, as removing it would be a breaking change.

That said; some similar changes were made for docker system prune, where previously named volumes could be removed if they were not in use at the time the prune command was executed; https://github.com/moby/moby/pull/44216, so maybe a similar approach could be taken

GarretSidzaka commented 2 months ago

I was just talking about this ticket in a developer meeting, and the consensus is the -v is so dangerous we try to keep it secret from customers, and when we do use it, we do it with considerable warning not to perform on their own.

We are very afraid that a new user would want to examine some bug or behavior in the "docker compose down" command by simply typing "docker compose down -v". That is because cURL and many other common commands have "-v" as a verbosity flag, its actually quite common in the POSIX world. And if this engineer did this common thing, this person could potentially wipe an entire prod environment, without warning, in an instant. There is no confirmation on this "-v" volume destruction.

This is very apparently a design flaw upon contemplation and should be addressed. Also, this would break all my automation that uses "-v", I agree. I didn't even know about --volumes until later. Adding a confirmation dialog would also break automation. This is a pickle.

GarretSidzaka commented 2 months ago

Ignore closure that was a mis click 🤦