kamal 2.7.0 → 2.11.0

data/lib/kamal/cli/build.rb

@@ -1,5 +1,3 @@
-require "uri"
-
 class Kamal::Cli::Build < Kamal::Cli::Base
   class BuildError < StandardError; end
 
@@ -11,15 +9,16 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
   desc "push", "Build and push app image to registry"
   option :output, type: :string, default: "registry", banner: "export_type", desc: "Exported type for the build result, and may be any exported type supported by 'buildx --output'."
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def push
     cli = self
 
-    # Ensure pre-connect hooks run before the build, they may needed for a remote builder
+    # Ensure pre-connect hooks run before the build, they may be needed for a remote builder
     # or the pre-build hooks.
     pre_connect_if_required
 
     ensure_docker_installed
-    login_to_registry_locally
+    login_to_registry_locally if KAMAL.builder.login_to_registry_locally?
 
     run_hook "pre-build"
 
@@ -37,29 +36,31 @@ class Kamal::Cli::Build < Kamal::Cli::Base
       say "Building with uncommitted changes:\n #{uncommitted_changes}", :yellow
     end
 
-    with_env(KAMAL.config.builder.secrets) do
-      run_locally do
-        begin
-          execute *KAMAL.builder.inspect_builder
-        rescue SSHKit::Command::Failed => e
-          if e.message =~ /(context not found|no builder|no compatible builder|does not exist)/
-            warn "Missing compatible builder, so creating a new one first"
-            begin
-              cli.remove
-            rescue SSHKit::Command::Failed
-              raise unless e.message =~ /(context not found|no builder|does not exist)/
+    forward_local_registry_port_for_remote_builder do
+      with_env(KAMAL.config.builder.secrets) do
+        run_locally do
+          begin
+            execute *KAMAL.builder.inspect_builder
+          rescue SSHKit::Command::Failed => e
+            if e.message =~ /(context not found|no builder|no compatible builder|does not exist)/
+              warn "Missing compatible builder, so creating a new one first"
+              begin
+                cli.remove
+              rescue SSHKit::Command::Failed
+                raise unless e.message =~ /(context not found|no builder|does not exist)/
+              end
+              cli.create
+            else
+              raise
             end
-            cli.create
-          else
-            raise
           end
-        end
 
-        # Get the command here to ensure the Dir.chdir doesn't interfere with it
-        push = KAMAL.builder.push(cli.options[:output])
+          # Get the command here to ensure the Dir.chdir doesn't interfere with it
+          push = KAMAL.builder.push(cli.options[:output], no_cache: cli.options[:no_cache])
 
-        KAMAL.with_verbosity(:debug) do
-          Dir.chdir(KAMAL.config.builder.build_directory) { execute *push }
+          KAMAL.with_verbosity(:debug) do
+            Dir.chdir(KAMAL.config.builder.build_directory) { execute *push, env: KAMAL.builder.push_env }
+          end
         end
       end
     end
@@ -67,16 +68,18 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
   desc "pull", "Pull app image from registry onto servers"
   def pull
-    login_to_registry_remotely
-
-    if (first_hosts = mirror_hosts).any?
-      #  Pull on a single host per mirror first to seed them
-      say "Pulling image on #{first_hosts.join(", ")} to seed the #{"mirror".pluralize(first_hosts.count)}...", :magenta
-      pull_on_hosts(first_hosts)
-      say "Pulling image on remaining hosts...", :magenta
-      pull_on_hosts(KAMAL.app_hosts - first_hosts)
-    else
-      pull_on_hosts(KAMAL.app_hosts)
+    login_to_registry_remotely unless KAMAL.registry.local?
+
+    forward_local_registry_port(KAMAL.hosts, **KAMAL.config.ssh.options) do
+      if (first_hosts = mirror_hosts).any?
+        #  Pull on a single host per mirror first to seed them
+        say "Pulling image on #{first_hosts.join(", ")} to seed the #{"mirror".pluralize(first_hosts.count)}...", :magenta
+        pull_on_hosts(first_hosts)
+        say "Pulling image on remaining hosts...", :magenta
+        pull_on_hosts(KAMAL.app_hosts - first_hosts)
+      else
+        pull_on_hosts(KAMAL.app_hosts)
+      end
     end
   end
 
@@ -119,6 +122,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
   desc "dev", "Build using the working directory, tag it as dirty, and push to local image store."
   option :output, type: :string, default: "docker", banner: "export_type", desc: "Exported type for the build result, and may be any exported type supported by 'buildx --output'."
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def dev
     cli = self
 
@@ -144,7 +148,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
     with_env(KAMAL.config.builder.secrets) do
       run_locally do
-        build = KAMAL.builder.push(cli.options[:output], tag_as_dirty: true)
+        build = KAMAL.builder.push(cli.options[:output], tag_as_dirty: true, no_cache: cli.options[:no_cache])
         KAMAL.with_verbosity(:debug) do
           execute(*build)
         end
@@ -192,7 +196,11 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
     def login_to_registry_locally
       run_locally do
-        execute *KAMAL.registry.login
+        if KAMAL.registry.local?
+          execute *KAMAL.registry.setup
+        else
+          execute *KAMAL.registry.login
+        end
       end
     end
 
@@ -201,4 +209,31 @@ class Kamal::Cli::Build < Kamal::Cli::Base
         execute *KAMAL.registry.login
       end
     end
+
+    def forward_local_registry_port_for_remote_builder(&block)
+      if KAMAL.builder.remote?
+        remote_uri = URI(KAMAL.config.builder.remote)
+        forward_local_registry_port([ remote_uri.host ], **remote_builder_ssh_options(remote_uri), &block)
+      else
+        yield
+      end
+    end
+
+    def forward_local_registry_port(hosts, **ssh_options, &block)
+      if KAMAL.config.registry.local?
+        say "Setting up local registry port forwarding to #{hosts.join(', ')}..."
+        PortForwarding.new(hosts, KAMAL.config.registry.local_port, **ssh_options).forward(&block)
+      else
+        yield
+      end
+    end
+
+    def remote_builder_ssh_options(remote_uri)
+      { user: remote_uri.user,
+        port: remote_uri.port,
+        keepalive: KAMAL.config.ssh.options[:keepalive],
+        keepalive_interval: KAMAL.config.ssh.options[:keepalive_interval],
+        logger: KAMAL.config.ssh.options[:logger]
+      }.compact
+    end
 end

data/lib/kamal/cli/healthcheck/poller.rb

@@ -1,7 +1,7 @@
 module Kamal::Cli::Healthcheck::Poller
   extend self
 
-  def wait_for_healthy(role, &block)
+  def wait_for_healthy(&block)
     attempt = 1
     timeout_at = Time.now + KAMAL.config.deploy_timeout
     readiness_delay = KAMAL.config.readiness_delay

data/lib/kamal/cli/main.rb

@@ -1,6 +1,7 @@
 class Kamal::Cli::Main < Kamal::Cli::Base
   desc "setup", "Setup all accessories, push the env, and deploy app to servers"
   option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def setup
     print_runtime do
       with_lock do
@@ -16,6 +17,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
 
   desc "deploy", "Deploy app to servers"
   option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def deploy(boot_accessories: false)
     runtime = print_runtime do
       invoke_options = deploy_options
@@ -51,6 +53,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
 
   desc "redeploy", "Deploy app to servers without bootstrapping servers, starting kamal-proxy and pruning"
   option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def redeploy
     runtime = print_runtime do
       invoke_options = deploy_options
@@ -109,8 +112,9 @@ class Kamal::Cli::Main < Kamal::Cli::Base
 
   desc "audit", "Show audit log from servers"
   def audit
+    quiet = options[:quiet]
     on(KAMAL.hosts) do |host|
-      puts_by_host host, capture_with_info(*KAMAL.auditor.reveal)
+      puts_by_host host, capture_with_info(*KAMAL.auditor.reveal), quiet: quiet
     end
   end
 
@@ -182,7 +186,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
         invoke "kamal:cli:app:remove", [], options.without(:confirmed)
         invoke "kamal:cli:proxy:remove", [], options.without(:confirmed)
         invoke "kamal:cli:accessory:remove", [ "all" ], options
-        invoke "kamal:cli:registry:logout", [], options.without(:confirmed).merge(skip_local: true)
+        invoke "kamal:cli:registry:remove", [], options.without(:confirmed).merge(skip_local: true)
       end
     end
   end
@@ -272,6 +276,8 @@ class Kamal::Cli::Main < Kamal::Cli::Base
     end
 
     def deploy_options
-      { "version" => KAMAL.config.version }.merge(options.without("skip_push"))
+      base_options = options.without("skip_push")
+      base_options = base_options.except("no_cache") unless base_options["no_cache"]
+      { "version" => KAMAL.config.version }.merge(base_options)
     end
 end

data/lib/kamal/cli/proxy.rb

@@ -11,13 +11,13 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
       on(KAMAL.proxy_hosts) do |host|
         execute *KAMAL.registry.login
 
-        version = capture_with_info(*KAMAL.proxy.version).strip.presence
+        version = capture_with_info(*KAMAL.proxy(host).version).strip.presence
 
-        if version && Kamal::Utils.older_version?(version, Kamal::Configuration::Proxy::Boot::MINIMUM_VERSION)
-          raise "kamal-proxy version #{version} is too old, run `kamal proxy reboot` in order to update to at least #{Kamal::Configuration::Proxy::Boot::MINIMUM_VERSION}"
+        if version && Kamal::Utils.older_version?(version, Kamal::Configuration::Proxy::Run::MINIMUM_VERSION)
+          raise "kamal-proxy version #{version} is too old, run `kamal proxy reboot` in order to update to at least #{Kamal::Configuration::Proxy::Run::MINIMUM_VERSION}"
         end
-        execute *KAMAL.proxy.ensure_apps_config_directory
-        execute *KAMAL.proxy.start_or_run
+        execute *KAMAL.proxy(host).ensure_apps_config_directory
+        execute *KAMAL.proxy(host).start_or_run
       end
     end
   end
@@ -25,9 +25,9 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
   desc "boot_config <set|get|reset>", "Manage kamal-proxy boot configuration"
   option :publish, type: :boolean, default: true, desc: "Publish the proxy ports on the host"
   option :publish_host_ip, type: :string, repeatable: true, default: nil, desc: "Host IP address to bind HTTP/HTTPS traffic to. Defaults to all interfaces"
-  option :http_port, type: :numeric, default: Kamal::Configuration::Proxy::Boot::DEFAULT_HTTP_PORT, desc: "HTTP port to publish on the host"
-  option :https_port, type: :numeric, default: Kamal::Configuration::Proxy::Boot::DEFAULT_HTTPS_PORT, desc: "HTTPS port to publish on the host"
-  option :log_max_size, type: :string, default: Kamal::Configuration::Proxy::Boot::DEFAULT_LOG_MAX_SIZE, desc: "Max size of proxy logs"
+  option :http_port, type: :numeric, default: Kamal::Configuration::Proxy::Run::DEFAULT_HTTP_PORT, desc: "HTTP port to publish on the host"
+  option :https_port, type: :numeric, default: Kamal::Configuration::Proxy::Run::DEFAULT_HTTPS_PORT, desc: "HTTPS port to publish on the host"
+  option :log_max_size, type: :string, default: Kamal::Configuration::Proxy::Run::DEFAULT_LOG_MAX_SIZE, desc: "Max size of proxy logs"
   option :registry, type: :string, default: nil, desc: "Registry to use for the proxy image"
   option :repository, type: :string, default: nil, desc: "Repository for the proxy image"
   option :image_version, type: :string, default: nil, desc: "Version of the proxy to run"
@@ -35,6 +35,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
   option :debug, type: :boolean, default: false, desc: "Whether to run the proxy in debug mode"
   option :docker_options, type: :array, default: [], desc: "Docker options to pass to the proxy container", banner: "option=value option2=value2"
   def boot_config(subcommand)
+    say "The proxy boot_config command is deprecated - set the config in the deploy YAML at proxy/run instead", :yellow
     proxy_boot_config = KAMAL.config.proxy_boot
 
     case subcommand
@@ -58,42 +59,44 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
       run_command = "kamal-proxy run #{Kamal::Utils.optionize(run_command_options).join(" ")}" if run_command_options.any?
 
       on(KAMAL.proxy_hosts) do |host|
-        execute(*KAMAL.proxy.ensure_proxy_directory)
+        proxy = KAMAL.proxy(host)
+        execute(*proxy.ensure_proxy_directory)
         if boot_options != proxy_boot_config.default_boot_options
           upload! StringIO.new(boot_options.join(" ")), proxy_boot_config.options_file
         else
-          execute *KAMAL.proxy.reset_boot_options, raise_on_non_zero_exit: false
+          execute *proxy.reset_boot_options, raise_on_non_zero_exit: false
         end
 
         if image != proxy_boot_config.image_default
           upload! StringIO.new(image), proxy_boot_config.image_file
         else
-          execute *KAMAL.proxy.reset_image, raise_on_non_zero_exit: false
+          execute *proxy.reset_image, raise_on_non_zero_exit: false
         end
 
         if image_version
           upload! StringIO.new(image_version), proxy_boot_config.image_version_file
         else
-          execute *KAMAL.proxy.reset_image_version, raise_on_non_zero_exit: false
+          execute *proxy.reset_image_version, raise_on_non_zero_exit: false
         end
 
         if run_command
           upload! StringIO.new(run_command), proxy_boot_config.run_command_file
         else
-          execute *KAMAL.proxy.reset_run_command, raise_on_non_zero_exit: false
+          execute *proxy.reset_run_command, raise_on_non_zero_exit: false
         end
       end
     when "get"
 
       on(KAMAL.proxy_hosts) do |host|
-        puts "Host #{host}: #{capture_with_info(*KAMAL.proxy.boot_config)}"
+        puts "Host #{host}: #{capture_with_info(*KAMAL.proxy(host).boot_config)}"
       end
     when "reset"
       on(KAMAL.proxy_hosts) do |host|
-        execute *KAMAL.proxy.reset_boot_options, raise_on_non_zero_exit: false
-        execute *KAMAL.proxy.reset_image, raise_on_non_zero_exit: false
-        execute *KAMAL.proxy.reset_image_version, raise_on_non_zero_exit: false
-        execute *KAMAL.proxy.reset_run_command, raise_on_non_zero_exit: false
+        proxy = KAMAL.proxy(host)
+        execute *proxy.reset_boot_options, raise_on_non_zero_exit: false
+        execute *proxy.reset_image, raise_on_non_zero_exit: false
+        execute *proxy.reset_image_version, raise_on_non_zero_exit: false
+        execute *proxy.reset_run_command, raise_on_non_zero_exit: false
       end
     else
       raise ArgumentError, "Unknown boot_config subcommand #{subcommand}"
@@ -111,15 +114,16 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
           host_list = Array(hosts).join(",")
           run_hook "pre-proxy-reboot", hosts: host_list
           on(hosts) do |host|
+            proxy = KAMAL.proxy(host)
             execute *KAMAL.auditor.record("Rebooted proxy"), verbosity: :debug
             execute *KAMAL.registry.login
 
             "Stopping and removing kamal-proxy on #{host}, if running..."
-            execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
-            execute *KAMAL.proxy.remove_container
-            execute *KAMAL.proxy.ensure_apps_config_directory
+            execute *proxy.stop, raise_on_non_zero_exit: false
+            execute *proxy.remove_container
+            execute *proxy.ensure_apps_config_directory
 
-            execute *KAMAL.proxy.run
+            execute *proxy.run
           end
           run_hook "post-proxy-reboot", hosts: host_list
         end
@@ -140,16 +144,17 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
         say "Upgrading proxy on #{host_list}...", :magenta
         run_hook "pre-proxy-reboot", hosts: host_list
         on(hosts) do |host|
+          proxy = KAMAL.proxy(host)
           execute *KAMAL.auditor.record("Rebooted proxy"), verbosity: :debug
           execute *KAMAL.registry.login
 
           "Stopping and removing Traefik on #{host}, if running..."
-          execute *KAMAL.proxy.cleanup_traefik
+          execute *proxy.cleanup_traefik
 
           "Stopping and removing kamal-proxy on #{host}, if running..."
-          execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
-          execute *KAMAL.proxy.remove_container
-          execute *KAMAL.proxy.remove_image
+          execute *proxy.stop, raise_on_non_zero_exit: false
+          execute *proxy.remove_container
+          execute *proxy.remove_image
         end
 
         KAMAL.with_specific_hosts(hosts) do
@@ -172,7 +177,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
     with_lock do
       on(KAMAL.proxy_hosts) do |host|
         execute *KAMAL.auditor.record("Started proxy"), verbosity: :debug
-        execute *KAMAL.proxy.start
+        execute *KAMAL.proxy(host).start
       end
     end
   end
@@ -182,7 +187,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
     with_lock do
       on(KAMAL.proxy_hosts) do |host|
         execute *KAMAL.auditor.record("Stopped proxy"), verbosity: :debug
-        execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
+        execute *KAMAL.proxy(host).stop, raise_on_non_zero_exit: false
       end
     end
   end
@@ -197,7 +202,8 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
 
   desc "details", "Show details about proxy container from servers"
   def details
-    on(KAMAL.proxy_hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.proxy.info), type: "Proxy" }
+    quiet = options[:quiet]
+    on(KAMAL.proxy_hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.proxy(host).info), type: "Proxy", quiet: quiet }
   end
 
   desc "logs", "Show log lines from proxy on servers"
@@ -212,16 +218,17 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
 
     if options[:follow]
       run_locally do
+        proxy = KAMAL.proxy(KAMAL.primary_host)
         info "Following logs on #{KAMAL.primary_host}..."
-        info KAMAL.proxy.follow_logs(host: KAMAL.primary_host, timestamps: timestamps, grep: grep)
-        exec KAMAL.proxy.follow_logs(host: KAMAL.primary_host, timestamps: timestamps, grep: grep)
+        info proxy.follow_logs(host: KAMAL.primary_host, timestamps: timestamps, grep: grep)
+        exec proxy.follow_logs(host: KAMAL.primary_host, timestamps: timestamps, grep: grep)
       end
     else
       since = options[:since]
       lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
 
       on(KAMAL.proxy_hosts) do |host|
-        puts_by_host host, capture(*KAMAL.proxy.logs(timestamps: timestamps, since: since, lines: lines, grep: grep)), type: "Proxy"
+        puts_by_host host, capture(*KAMAL.proxy(host).logs(timestamps: timestamps, since: since, lines: lines, grep: grep)), type: "Proxy"
       end
     end
   end
@@ -244,7 +251,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
     with_lock do
       on(KAMAL.proxy_hosts) do
         execute *KAMAL.auditor.record("Removed proxy container"), verbosity: :debug
-        execute *KAMAL.proxy.remove_container
+        execute *KAMAL.proxy(host).remove_container
       end
     end
   end
@@ -254,7 +261,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
     with_lock do
       on(KAMAL.proxy_hosts) do
         execute *KAMAL.auditor.record("Removed proxy image"), verbosity: :debug
-        execute *KAMAL.proxy.remove_image
+        execute *KAMAL.proxy(host).remove_image
       end
     end
   end
@@ -263,7 +270,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
   def remove_proxy_directory
     with_lock do
       on(KAMAL.proxy_hosts) do
-        execute *KAMAL.proxy.remove_proxy_directory, raise_on_non_zero_exit: false
+        execute *KAMAL.proxy(host).remove_proxy_directory, raise_on_non_zero_exit: false
       end
     end
   end

data/lib/kamal/cli/registry.rb

@@ -1,19 +1,49 @@
 class Kamal::Cli::Registry < Kamal::Cli::Base
-  desc "login", "Log in to registry locally and remotely"
+  desc "setup", "Setup local registry or log in to remote registry locally and remotely"
   option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
   option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
-  def login
+  def setup
     ensure_docker_installed unless options[:skip_local]
 
-    run_locally    { execute *KAMAL.registry.login } unless options[:skip_local]
-    on(KAMAL.hosts) { execute *KAMAL.registry.login } unless options[:skip_remote]
+    if KAMAL.registry.local?
+      run_locally    { execute *KAMAL.registry.setup } unless options[:skip_local]
+    else
+      run_locally    { execute *KAMAL.registry.login } unless options[:skip_local]
+      on(KAMAL.hosts) { execute *KAMAL.registry.login } unless options[:skip_remote]
+    end
+  end
+
+  desc "remove", "Remove local registry or log out of remote registry locally and remotely"
+  option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
+  option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
+  def remove
+    if KAMAL.registry.local?
+      run_locally    { execute *KAMAL.registry.remove, raise_on_non_zero_exit: false } unless options[:skip_local]
+    else
+      run_locally    { execute *KAMAL.registry.logout } unless options[:skip_local]
+      on(KAMAL.hosts) { execute *KAMAL.registry.logout } unless options[:skip_remote]
+    end
+  end
+
+  desc "login", "Log in to remote registry locally and remotely"
+  option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
+  option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
+  def login
+    if KAMAL.registry.local?
+      raise "Cannot use login command with a local registry. Use `kamal registry setup` instead."
+    end
+
+    setup
   end
 
-  desc "logout", "Log out of registry locally and remotely"
+  desc "logout", "Log out of remote registry locally and remotely"
   option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
   option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
   def logout
-    run_locally    { execute *KAMAL.registry.logout } unless options[:skip_local]
-    on(KAMAL.hosts) { execute *KAMAL.registry.logout } unless options[:skip_remote]
+    if KAMAL.registry.local?
+      raise "Cannot use logout command with a local registry. Use `kamal registry remove` instead."
+    end
+
+    remove
   end
 end

data/lib/kamal/cli/secrets.rb

@@ -12,8 +12,9 @@ class Kamal::Cli::Secrets < Kamal::Cli::Base
     end
 
     results = adapter.fetch(secrets, **options.slice(:account, :from).symbolize_keys)
+    json = JSON.dump(results)
 
-    return_or_puts JSON.dump(results).shellescape, inline: options[:inline]
+    return_or_puts options[:inline] ? json.shellescape : json, inline: options[:inline]
   end
 
   desc "extract", "Extract a single secret from the results of a fetch call"

data/lib/kamal/cli/server.rb

@@ -6,6 +6,7 @@ class Kamal::Cli::Server < Kamal::Cli::Base
 
     cmd = Kamal::Utils.join_commands(cmd)
     hosts = KAMAL.hosts
+    quiet = options[:quiet]
 
     case
     when options[:interactive]
@@ -19,7 +20,7 @@ class Kamal::Cli::Server < Kamal::Cli::Base
 
       on(hosts) do |host|
         execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on #{host}"), verbosity: :debug
-        puts_by_host host, capture_with_info(cmd)
+        puts_by_host host, capture_with_info(cmd), quiet: quiet
       end
     end
   end
@@ -34,6 +35,16 @@ class Kamal::Cli::Server < Kamal::Cli::Base
           if execute(*KAMAL.docker.superuser?, raise_on_non_zero_exit: false)
             info "Missing Docker on #{host}. Installing…"
             execute *KAMAL.docker.install
+
+            unless execute(*KAMAL.docker.root?, raise_on_non_zero_exit: false) ||
+                   execute(*KAMAL.docker.in_docker_group?, raise_on_non_zero_exit: false)
+              execute *KAMAL.docker.add_to_docker_group
+              begin
+                execute *KAMAL.docker.refresh_session
+              rescue IOError
+                info "Session refreshed due to group change."
+              end
+            end
           else
             missing << host
           end

data/lib/kamal/cli/templates/deploy.yml

@@ -25,13 +25,14 @@ proxy:
 
 # Credentials for your image host.
 registry:
+  server: localhost:5555
   # Specify the registry server, if you're not using Docker Hub
   # server: registry.digitalocean.com / ghcr.io / ...
-  username: my-user
+  # username: my-user
 
   # Always use an access token rather than real password (pulled from .kamal/secrets).
-  password:
-    - KAMAL_REGISTRY_PASSWORD
+  # password:
+  #   - KAMAL_REGISTRY_PASSWORD
 
 # Configure builder setup.
 builder:

data/lib/kamal/cli/templates/secrets

@@ -3,10 +3,11 @@
 # password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git.
 
 # Option 1: Read secrets from the environment
-KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
+# KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
 
 # Option 2: Read secrets via a command
 # RAILS_MASTER_KEY=$(cat config/master.key)
+# KAMAL_REGISTRY_PASSWORD=$(rails credentials:fetch kamal.registry_password)
 
 # Option 3: Read secrets via kamal secrets helpers
 # These will handle logging in and fetching the secrets in as few calls as possible

data/lib/kamal/commander.rb

@@ -21,7 +21,7 @@ class Kamal::Commander
   end
 
   def config
-    @config ||= Kamal::Configuration.create_from(**@config_kwargs).tap do |config|
+    @config ||= Kamal::Configuration.create_from(**@config_kwargs.to_h).tap do |config|
       @config_kwargs = nil
       configure_sshkit_with(config)
     end
@@ -46,27 +46,19 @@ class Kamal::Commander
 
   def specific_roles=(role_names)
     @specifics = nil
-    if role_names.present?
-      @specific_roles = Kamal::Utils.filter_specific_items(role_names, config.roles)
-
-      if @specific_roles.empty?
-        raise ArgumentError, "No --roles match for #{role_names.join(',')}"
-      end
-
-      @specific_roles
+    @specific_roles = if role_names.present?
+      filtered = Kamal::Utils.filter_specific_items(role_names, config.roles)
+      raise ArgumentError, "No --roles match for #{role_names.join(',')}" if filtered.empty?
+      filtered
     end
   end
 
   def specific_hosts=(hosts)
     @specifics = nil
-    if hosts.present?
-      @specific_hosts = Kamal::Utils.filter_specific_items(hosts, config.all_hosts)
-
-      if @specific_hosts.empty?
-        raise ArgumentError, "No --hosts match for #{hosts.join(',')}"
-      end
-
-      @specific_hosts
+    @specific_hosts = if hosts.present?
+      filtered = Kamal::Utils.filter_specific_items(hosts, config.all_hosts)
+      raise ArgumentError, "No --hosts match for #{hosts.join(',')}" if filtered.empty?
+      filtered
     end
   end
 
@@ -109,8 +101,8 @@ class Kamal::Commander
     @commands[:lock] ||= Kamal::Commands::Lock.new(config)
   end
 
-  def proxy
-    @commands[:proxy] ||= Kamal::Commands::Proxy.new(config)
+  def proxy(host)
+    Kamal::Commands::Proxy.new(config, host: host)
   end
 
   def prune
@@ -129,6 +121,15 @@ class Kamal::Commander
     config.aliases[name]
   end
 
+  def resolve_alias(name)
+    if @config
+      @config.aliases[name]&.command
+    else
+      raw_config = Kamal::Configuration.load_raw_config(**@config_kwargs.to_h.slice(:config_file, :destination))
+      raw_config[:aliases]&.dig(name)
+    end
+  end
+
   def with_verbosity(level)
     old_level = self.verbosity
 
@@ -155,6 +156,7 @@ class Kamal::Commander
       SSHKit::Backend::Netssh.pool.idle_timeout = config.sshkit.pool_idle_timeout
       SSHKit::Backend::Netssh.configure do |sshkit|
         sshkit.max_concurrent_starts = config.sshkit.max_concurrent_starts
+        sshkit.dns_retries = config.sshkit.dns_retries
         sshkit.ssh_options = config.ssh.options
       end
       SSHKit.config.command_map[:docker] = "docker" # No need to use /usr/bin/env, just clogs up the logs