Home Explore Blog CI



docker
2nd chunk of `content/manuals/engine/swarm/manage-nodes.md`
f04062522d18a8879fb36d4a8d6a57eae3ae2c60c959637a0000000100000b1c
Engine Version:         1.12.0-dev
```

## Update a node

You can modify node attributes to:

* [Change node availability](#change-node-availability)
* [Add or remove label metadata](#add-or-remove-label-metadata)
* [Change a node role](#promote-or-demote-a-node)

### Change node availability

Changing node availability lets you:

* Drain a manager node so that it only performs swarm management tasks and is
  unavailable for task assignment.
* Drain a node so you can take it down for maintenance.
* Pause a node so it can't receive new tasks.
* Restore unavailable or paused nodes availability status.

For example, to change a manager node to `Drain` availability:

```console
$ docker node update --availability drain node-1

node-1
```

See [list nodes](#list-nodes) for descriptions of the different availability
options.

### Add or remove label metadata

Node labels provide a flexible method of node organization. You can also use
node labels in service constraints. Apply constraints when you create a service
to limit the nodes where the scheduler assigns tasks for the service.

Run `docker node update --label-add` on a manager node to add label metadata to
a node. The `--label-add` flag supports either a `<key>` or a `<key>=<value>`
pair.

Pass the `--label-add` flag once for each node label you want to add:

```console
$ docker node update --label-add foo --label-add bar=baz node-1

node-1
```

The labels you set for nodes using `docker node update` apply only to the node
entity within the swarm. Do not confuse them with the Docker daemon labels for
[dockerd](/manuals/engine/manage-resources/labels.md).

Therefore, node labels can be used to limit critical tasks to nodes that meet
certain requirements. For example, schedule only on machines where special
workloads should be run, such as machines that meet [PCI-SS
compliance](https://www.pcisecuritystandards.org/).

A compromised worker could not compromise these special workloads because it
cannot change node labels.

Engine labels, however, are still useful because some features that do not
affect secure orchestration of containers might be better off set in a
decentralized manner. For instance, an engine could have a label to indicate
that it has a certain type of disk device, which may not be relevant to security
directly. These labels are more easily "trusted" by the swarm orchestrator.

Refer to the `docker service create` [CLI reference](/reference/cli/docker/service/create.md)
for more information about service constraints.

### Promote or demote a node

You can promote a worker node to the manager role. This is useful when a
manager node becomes unavailable or if you want to take a manager offline for
maintenance. Similarly, you can demote a manager node to the worker role.

> [!NOTE]
>
> Regardless of your reason to promote or demote
Title: Updating Node Attributes: Availability, Labels, and Roles
Summary
This section details how to update nodes in a Docker Swarm. It covers modifying node availability (draining, pausing, restoring), adding or removing label metadata for node organization and service constraints, and promoting or demoting nodes between worker and manager roles.