2014-04-15 20:53:12 -04:00
page_title: Command Line Interface
page_description: Docker's CLI command description and usage
page_keywords: Docker, Docker documentation, CLI, command line
# Command Line
2014-04-23 16:48:28 -04:00
To list available commands, either run `docker` with no parameters
or execute `docker help` :
2014-04-15 20:53:12 -04:00
$ sudo docker
Usage: docker [OPTIONS] COMMAND [arg...]
2014-04-23 21:09:27 -04:00
-H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
2014-04-15 20:53:12 -04:00
A self-sufficient runtime for linux containers.
...
## Option types
Single character commandline options can be combined, so rather than
typing `docker run -t -i --name test busybox sh` ,
2014-04-17 18:55:24 -04:00
you can write `docker run -ti --name test busybox sh` .
2014-04-15 20:53:12 -04:00
### Boolean
Boolean options look like `-d=false` . The value you
see is the default value which gets set if you do **not** use the
boolean flag. If you do call `run -d` , that sets the
opposite boolean value, so in this case, `true` , and
so `docker run -d` **will** run in "detached" mode,
in the background. Other boolean options are similar – specifying them
will set the value to the opposite of the default value.
### Multi
2014-04-23 16:48:28 -04:00
Options like `-a=[]` indicate they can be specified multiple times:
2014-04-15 20:53:12 -04:00
docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash
2014-04-23 16:48:28 -04:00
Sometimes this can use a more complex value string, as for `-v` :
2014-04-15 20:53:12 -04:00
docker run -v /host:/container example/mysql
### Strings and Integers
Options like `--name=""` expect a string, and they
can only be specified once. Options like `-c=0`
expect an integer, and they can only be specified once.
2014-04-23 16:48:28 -04:00
## daemon
2014-04-15 20:53:12 -04:00
Usage of docker:
2014-04-23 16:48:28 -04:00
2014-04-15 20:53:12 -04:00
-D, --debug=false: Enable debug mode
2014-04-23 21:09:27 -04:00
-H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
2014-04-15 20:53:12 -04:00
-G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group
--api-enable-cors=false: Enable CORS headers in the remote API
-b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking
2014-04-18 20:35:45 -04:00
-bip="": Use this CIDR notation address for the network bridge᾿ s IP, not compatible with -b
2014-04-15 20:53:12 -04:00
-d, --daemon=false: Enable daemon mode
--dns=[]: Force docker to use specific DNS servers
--dns-search=[]: Force Docker to use specific DNS search domains
-g, --graph="/var/lib/docker": Path to use as the root of the docker runtime
--icc=true: Enable inter-container communication
--ip="0.0.0.0": Default IP address to use when binding container ports
--ip-forward=true: Enable net.ipv4.ip_forward
2014-04-18 20:35:45 -04:00
--iptables=true: Enable Docker᾿ s addition of iptables rules
2014-04-15 20:53:12 -04:00
-p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file
-r, --restart=true: Restart previously running containers
-s, --storage-driver="": Force the docker runtime to use a specific storage driver
-e, --exec-driver="native": Force the docker runtime to use a specific exec driver
-v, --version=false: Print version information and quit
--tls=false: Use TLS; implied by tls-verify flags
--tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here
--tlscert="~/.docker/cert.pem": Path to TLS certificate file
--tlskey="~/.docker/key.pem": Path to TLS key file
--tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon)
--mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available
2014-04-23 21:09:27 -04:00
Options with [] may be specified multiple times.
2014-04-15 20:53:12 -04:00
The Docker daemon is the persistent process that manages containers.
Docker uses the same binary for both the daemon and client. To run the
daemon you provide the `-d` flag.
To force Docker to use devicemapper as the storage driver, use
`docker -d -s devicemapper` .
To set the DNS server for all Docker containers, use
`docker -d --dns 8.8.8.8` .
To set the DNS search domain for all Docker containers, use
`docker -d --dns-search example.com` .
2014-04-17 18:55:24 -04:00
To run the daemon with debug output, use `docker -d -D` .
2014-04-15 20:53:12 -04:00
2014-04-17 18:55:24 -04:00
To use lxc as the execution driver, use `docker -d -e lxc` .
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
The docker client will also honor the `DOCKER_HOST` environment variable to set
the `-H` flag for the client.
2014-04-15 20:53:12 -04:00
docker -H tcp://0.0.0.0:4243 ps
# or
export DOCKER_HOST="tcp://0.0.0.0:4243"
docker ps
# both are equal
2014-04-23 16:48:28 -04:00
To run the daemon with [systemd socket activation](
http://0pointer.de/blog/projects/socket-activation.html), use
`docker -d -H fd://` . Using `fd://` will work perfectly for most setups but
you can also specify individual sockets too `docker -d -H fd://3` . If the
specified socket activated files aren't found then docker will exit. You
2014-04-15 20:53:12 -04:00
can find examples of using systemd socket activation with docker and
2014-04-23 16:48:28 -04:00
systemd in the [docker source tree](
https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/).
2014-04-15 20:53:12 -04:00
Docker supports softlinks for the Docker data directory
2014-04-23 16:48:28 -04:00
(`/var/lib/docker`) and for `/tmp` . TMPDIR and the data directory can be set
like this:
2014-04-15 20:53:12 -04:00
TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>& 1
# or
export TMPDIR=/mnt/disk2/tmp
/usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>& 1
2014-04-23 16:48:28 -04:00
## attach
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Attach to a running container.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker attach CONTAINER
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
--no-stdin=false: Do not attach stdin
--sig-proxy=true: Proxify all received signal to the process (even in non-tty mode)
2014-04-15 20:53:12 -04:00
The `attach` command will allow you to view or
interact with any running container, detached (`-d`)
or interactive (`-i`). You can attach to the same
container at the same time - screen sharing style, or quickly view the
progress of your daemonized process.
You can detach from the container again (and leave it running) with
`CTRL-C` (for a quiet exit) or `CTRL-\`
to get a stacktrace of the Docker client when it quits. When
2014-04-23 16:48:28 -04:00
you detach from the container's process the exit code will be returned
2014-04-15 20:53:12 -04:00
to the client.
To stop a container, use `docker stop` .
To kill the container, use `docker kill` .
### Examples:
$ ID=$(sudo docker run -d ubuntu /usr/bin/top -b)
$ sudo docker attach $ID
top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05
Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 373572k total, 355560k used, 18012k free, 27872k buffers
Swap: 786428k total, 0k used, 786428k free, 221740k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top
top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05
Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 373572k total, 355244k used, 18328k free, 27872k buffers
Swap: 786428k total, 0k used, 786428k free, 221776k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top
top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05
Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 373572k total, 355780k used, 17792k free, 27880k buffers
Swap: 786428k total, 0k used, 786428k free, 221776k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top
^C$
$ sudo docker stop $ID
2014-04-23 16:48:28 -04:00
## build
Build a new container image from the source code at PATH
2014-04-15 20:53:12 -04:00
Usage: docker build [OPTIONS] PATH | URL | -
2014-04-23 16:48:28 -04:00
-t, --tag="": Repository name (and optionally a tag) to be applied
to the resulting image in case of success.
-q, --quiet=false: Suppress the verbose output generated by the containers.
--no-cache: Do not use the cache when building the image.
--rm=true: Remove intermediate containers after a successful build
Use this command to build Docker images from a Dockerfile
2014-04-15 20:53:12 -04:00
and a "context".
2014-04-23 16:48:28 -04:00
The files at `PATH` or `URL` are called the "context" of the build. The build
process may refer to any of the files in the context, for example when using an
2014-04-24 08:12:21 -04:00
[*ADD* ](/reference/builder/#dockerfile-add ) instruction. When a single Dockerfile is
2014-04-23 16:48:28 -04:00
given as `URL` , then no context is set.
2014-04-15 20:53:12 -04:00
When a Git repository is set as `URL` , then the
repository is used as the context. The Git repository is cloned with its
submodules (git clone – recursive). A fresh git clone occurs in a
temporary directory on your local host, and then this is sent to the
Docker daemon as the context. This way, your local user credentials and
2014-04-23 16:48:28 -04:00
vpn's etc can be used to access private repositories
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
See also:
2014-04-15 20:53:12 -04:00
2014-04-24 08:12:21 -04:00
[*Dockerfile Reference* ](/reference/builder/#dockerbuilder ).
2014-04-15 20:53:12 -04:00
### Examples:
$ sudo docker build .
Uploading context 10240 bytes
Step 1 : FROM busybox
Pulling repository busybox
---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/
Step 2 : RUN ls -lh /
---> Running in 9c9e81692ae9
total 24
drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin
drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev
drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc
drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib
lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib
dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc
lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin
dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys
drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp
drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr
---> b35f4035db3f
Step 3 : CMD echo Hello World
---> Running in 02071fceb21b
---> f52f38b7823e
Successfully built f52f38b7823e
Removing intermediate container 9c9e81692ae9
Removing intermediate container 02071fceb21b
This example specifies that the `PATH` is
`.` , and so all the files in the local directory get
2014-04-23 16:48:28 -04:00
tar`d and sent to the Docker daemon. The `PATH`
2014-04-15 20:53:12 -04:00
specifies where to find the files for the "context" of the build on the
Docker daemon. Remember that the daemon could be running on a remote
2014-04-23 16:48:28 -04:00
machine and that no parsing of the Dockerfile
happens at the client side (where you're running
2014-04-15 20:53:12 -04:00
`docker build` ). That means that *all* the files at
`PATH` get sent, not just the ones listed to
2014-04-24 08:12:21 -04:00
[*ADD* ](/reference/builder/#dockerfile-add ) in the Dockerfile.
2014-04-15 20:53:12 -04:00
The transfer of context from the local machine to the Docker daemon is
what the `docker` client means when you see the
"Uploading context" message.
If you wish to keep the intermediate containers after the build is
complete, you must use `--rm=false` . This does not
affect the build cache.
$ sudo docker build -t vieux/apache:2.0 .
This will build like the previous example, but it will then tag the
resulting image. The repository name will be `vieux/apache`
and the tag will be `2.0`
$ sudo docker build - < Dockerfile
2014-04-23 16:48:28 -04:00
This will read a Dockerfile from *stdin* without
2014-04-15 20:53:12 -04:00
context. Due to the lack of a context, no contents of any local
directory will be sent to the `docker` daemon. Since
2014-04-23 16:48:28 -04:00
there is no context, a Dockerfile `ADD`
2014-04-15 20:53:12 -04:00
only works if it refers to a remote URL.
$ sudo docker build github.com/creack/docker-firefox
This will clone the GitHub repository and use the cloned repository as
2014-04-23 16:48:28 -04:00
context. The Dockerfile at the root of the
repository is used as Dockerfile. Note that you
2014-04-15 20:53:12 -04:00
can specify an arbitrary Git repository by using the `git://`
schema.
2014-04-23 16:48:28 -04:00
## commit
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Create a new image from a container᾿ s changes
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
-m, --message="": Commit message
-a, --author="": Author (eg. "John Hannibal Smith < hannibal @ a-team . com > "
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
It can be useful to commit a container's file changes or settings into a
2014-04-15 20:53:12 -04:00
new image. This allows you debug a container by running an interactive
shell, or to export a working dataset to another server. Generally, it
is better to use Dockerfiles to manage your images in a documented and
maintainable way.
### Commit an existing container
$ sudo docker ps
ID IMAGE COMMAND CREATED STATUS PORTS
c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours
197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours
$ docker commit c3f279d17e0a SvenDowideit/testimage:version3
f5283438590d
$ docker images | head
REPOSITORY TAG ID CREATED VIRTUAL SIZE
SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB
2014-04-23 16:48:28 -04:00
## cp
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Copy files/folders from the containers filesystem to the host
path. Paths are relative to the root of the filesystem.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker cp CONTAINER:PATH HOSTPATH
2014-04-15 20:53:12 -04:00
$ sudo docker cp 7bb0e258aefe:/etc/debian_version .
$ sudo docker cp blue_frog:/etc/hosts .
2014-04-23 16:48:28 -04:00
## diff
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
List the changed files and directories in a container᾿ s filesystem
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker diff CONTAINER
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
There are 3 events that are listed in the `diff` :
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
1. `A` - Add
2. `D` - Delete
3. `C` - Change
2014-04-15 20:53:12 -04:00
For example:
$ sudo docker diff 7bb0e258aefe
C /dev
A /dev/kmsg
C /etc
A /etc/mtab
A /go
A /go/src
A /go/src/github.com
A /go/src/github.com/dotcloud
A /go/src/github.com/dotcloud/docker
A /go/src/github.com/dotcloud/docker/.git
....
2014-04-23 16:48:28 -04:00
## events
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Get real time events from the server
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker events
2014-04-15 20:53:12 -04:00
--since="": Show all events created since timestamp
(either seconds since epoch, or date string as below)
--until="": Show events created before timestamp
(either seconds since epoch, or date string as below)
### Examples
2014-04-23 16:48:28 -04:00
You'll need two shells for this example.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
**Shell 1: Listening for events:**
2014-04-15 20:53:12 -04:00
$ sudo docker events
2014-04-23 16:48:28 -04:00
**Shell 2: Start and Stop a Container:**
2014-04-15 20:53:12 -04:00
$ sudo docker start 4386fb97867d
$ sudo docker stop 4386fb97867d
2014-04-23 16:48:28 -04:00
**Shell 1: (Again .. now showing events):**
2014-04-15 20:53:12 -04:00
[2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start
[2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
[2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
2014-04-23 16:48:28 -04:00
**Show events in the past from a specified time:**
2014-04-15 20:53:12 -04:00
$ sudo docker events --since 1378216169
[2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
[2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
$ sudo docker events --since '2013-09-03'
[2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start
[2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
[2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
$ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST'
[2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
[2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
2014-04-23 16:48:28 -04:00
## export
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Export the contents of a filesystem as a tar archive to STDOUT
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker export CONTAINER
2014-04-15 20:53:12 -04:00
For example:
$ sudo docker export red_panda > latest.tar
2014-04-23 16:48:28 -04:00
## history
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Show the history of an image
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker history [OPTIONS] IMAGE
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
--no-trunc=false: Don᾿ t truncate output
-q, --quiet=false: Only show numeric IDs
2014-04-15 20:53:12 -04:00
To see how the `docker:latest` image was built:
$ docker history docker
IMAGE CREATED CREATED BY SIZE
3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B
8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales & & locale-gen C.UTF-8 & & /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB
be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update & & apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB
4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB
750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi < admwiggin @ gmail . com > - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B
511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B
2014-04-23 16:48:28 -04:00
## images
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
List images
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker images [OPTIONS] [NAME]
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
-a, --all=false: Show all images (by default filter out the intermediate image layers)
--no-trunc=false: Don᾿ t truncate output
-q, --quiet=false: Only show numeric IDs
2014-04-15 20:53:12 -04:00
The default `docker images` will show all top level
images, their repository and tags, and their virtual size.
Docker images have intermediate layers that increase reuseability,
decrease disk usage, and speed up `docker build` by
allowing each step to be cached. These intermediate layers are not shown
by default.
### Listing the most recently created images
$ sudo docker images | head
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
< none > < none > 77af4d6b9913 19 hours ago 1.089 GB
committest latest b6fa739cedf5 19 hours ago 1.089 GB
< none > < none > 78a85c484f71 19 hours ago 1.089 GB
docker latest 30557a29d5ab 20 hours ago 1.089 GB
< none > < none > 0124422dd9f9 20 hours ago 1.089 GB
< none > < none > 18ad6fad3402 22 hours ago 1.082 GB
< none > < none > f9f1e26352f0 23 hours ago 1.089 GB
tryout latest 2629d1fa0b81 23 hours ago 131.5 MB
< none > < none > 5ed6274db6ce 24 hours ago 1.089 GB
### Listing the full length image IDs
$ sudo docker images --no-trunc | head
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
< none > < none > 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB
committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB
< none > < none > 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB
docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB
< none > < none > 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB
< none > < none > 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB
< none > < none > f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB
tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB
< none > < none > 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB
2014-04-23 16:48:28 -04:00
## import
2014-04-15 20:53:12 -04:00
Usage: docker import URL|- [REPOSITORY[:TAG]]
Create an empty filesystem image and import the contents of the tarball
(.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it.
URLs must start with `http` and point to a single
file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a
root filesystem. If you would like to import from a local directory or
archive, you can use the `-` parameter to take the
data from *stdin* .
### Examples
2014-04-23 16:48:28 -04:00
**Import from a remote location:**
2014-04-15 20:53:12 -04:00
This will create a new untagged image.
$ sudo docker import http://example.com/exampleimage.tgz
2014-04-23 16:48:28 -04:00
**Import from a local file:**
2014-04-15 20:53:12 -04:00
Import to docker via pipe and *stdin* .
$ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new
2014-04-23 16:48:28 -04:00
**Import from a local directory:**
2014-04-15 20:53:12 -04:00
$ sudo tar -c . | docker import - exampleimagedir
Note the `sudo` in this example – you must preserve
the ownership of the files (especially root ownership) during the
archiving with tar. If you are not root (or the sudo command) when you
tar, then the ownerships might not get preserved.
2014-04-23 16:48:28 -04:00
## info
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Display system-wide information.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker info
2014-04-15 20:53:12 -04:00
$ sudo docker info
Containers: 292
Images: 194
Debug mode (server): false
Debug mode (client): false
Fds: 22
Goroutines: 67
LXC Version: 0.9.0
EventsListeners: 115
Kernel Version: 3.8.0-33-generic
WARNING: No swap limit support
2014-04-23 16:48:28 -04:00
When sending issue reports, please use `docker version` and `docker info` to
ensure we know how your setup is configured.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
## inspect
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Return low-level information on a container/image
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...]
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
-f, --format="": Format the output using the given go template.
2014-04-15 20:53:12 -04:00
By default, this will render all results in a JSON array. If a format is
specified, the given template will be executed for each result.
2014-04-23 16:48:28 -04:00
Go's[text/template](http://golang.org/pkg/text/template/) package
2014-04-15 20:53:12 -04:00
describes all the details of the format.
### Examples
2014-04-23 16:48:28 -04:00
**Get an instance'sIP Address:**
2014-04-15 20:53:12 -04:00
For the most part, you can pick out any field from the JSON in a fairly
straightforward manner.
$ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID
2014-04-23 16:48:28 -04:00
**List All Port Bindings:**
2014-04-15 20:53:12 -04:00
One can loop over arrays and maps in the results to produce simple text
output:
$ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
2014-04-23 16:48:28 -04:00
**Find a Specific Port Mapping:**
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
The `.Field` syntax doesn't work when the field name
begins with a number, but the template language's `index`
2014-04-15 20:53:12 -04:00
function does. The `.NetworkSettings.Ports`
section contains a map of the internal port mappings to a list
of external address/port objects, so to grab just the numeric public
port, you use `index` to find the specific port map,
and then `index` 0 contains first object inside of
that. Then we ask for the `HostPort` field to get
the public address.
$ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
2014-04-23 16:48:28 -04:00
**Get config:**
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
The `.Field` syntax doesn't work when the field
contains JSON data, but the template language's custom `json`
2014-04-15 20:53:12 -04:00
function does. The `.config` section
contains complex json object, so to grab it as JSON, you use
`json` to convert config object into JSON
$ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID
2014-04-23 16:48:28 -04:00
## kill
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Kill a running container (send SIGKILL, or specified signal)
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...]
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
-s, --signal="KILL": Signal to send to the container
2014-04-15 20:53:12 -04:00
The main process inside the container will be sent SIGKILL, or any
signal specified with option `--signal` .
### Known Issues (kill)
2014-04-23 16:48:28 -04:00
- [Issue 197 ](https://github.com/dotcloud/docker/issues/197 ) indicates
that `docker kill` may leave directories behind
and make it difficult to remove the container.
- [Issue 3844 ](https://github.com/dotcloud/docker/issues/3844 ) lxc
1.0.0 beta3 removed `lcx-kill` which is used by
Docker versions before 0.8.0; see the issue for a workaround.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
## load
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Load an image from a tar archive on STDIN
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker load
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
-i, --input="": Read from a tar archive file, instead of STDIN
2014-04-15 20:53:12 -04:00
Loads a tarred repository from a file or the standard input stream.
Restores both images and tags.
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
$ sudo docker load < busybox.tar
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
busybox latest 769b9341d937 7 weeks ago 2.489 MB
$ sudo docker load --input fedora.tar
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
busybox latest 769b9341d937 7 weeks ago 2.489 MB
fedora rawhide 0d20aec6529d 7 weeks ago 387 MB
fedora 20 58394af37342 7 weeks ago 385.5 MB
fedora heisenbug 58394af37342 7 weeks ago 385.5 MB
fedora latest 58394af37342 7 weeks ago 385.5 MB
2014-04-23 16:48:28 -04:00
## login
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Register or Login to the docker registry server
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker login [OPTIONS] [SERVER]
2014-04-15 20:53:12 -04:00
-e, --email="": Email
-p, --password="": Password
-u, --username="": Username
2014-04-23 16:48:28 -04:00
If you want to login to a private registry you can
specify this by adding the server name.
2014-04-15 20:53:12 -04:00
example:
docker login localhost:8080
2014-04-23 16:48:28 -04:00
## logs
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Fetch the logs of a container
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker logs [OPTIONS] CONTAINER
2014-04-15 20:53:12 -04:00
-f, --follow=false: Follow log output
The `docker logs` command batch-retrieves all logs
present at the time of execution.
2014-04-17 18:55:24 -04:00
The `docker logs --follow` command combines `docker logs` and `docker
attach`: it will first return all logs from the beginning and then
2014-04-23 16:48:28 -04:00
continue streaming new output from the container'sstdout and stderr.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
## port
2014-04-15 20:53:12 -04:00
Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT
2014-04-23 16:48:28 -04:00
Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
## ps
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
List containers
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker ps [OPTIONS]
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
-a, --all=false: Show all containers. Only running containers are shown by default.
--before="": Show only container created before Id or Name, include non-running ones.
-l, --latest=false: Show only the latest created container, include non-running ones.
-n=-1: Show n last created containers, include non-running ones.
--no-trunc=false: Don᾿ t truncate output
-q, --quiet=false: Only display numeric IDs
-s, --size=false: Display sizes, not to be used with -q
--since="": Show only containers created since Id or Name, include non-running ones.
2014-04-15 20:53:12 -04:00
Running `docker ps` showing 2 linked containers.
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp
d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db
2014-04-23 16:48:28 -04:00
`docker ps` will show only running containers by default. To see all containers:
`docker ps -a`
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
## pull
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Pull an image or a repository from the registry
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker pull NAME[:TAG]
2014-04-15 20:53:12 -04:00
Most of your images will be created on top of a base image from the
2014-04-26 08:00:01 -04:00
[Docker.io ](https://index.docker.io ) registry.
2014-04-15 20:53:12 -04:00
2014-04-26 08:00:01 -04:00
[Docker.io ](https://index.docker.io ) contains many pre-built images that you
can `pull` and try without needing to define and configure your own.
2014-04-15 20:53:12 -04:00
To download a particular image, or set of images (i.e., a repository),
use `docker pull` :
$ docker pull debian
# will pull all the images in the debian repository
$ docker pull debian:testing
# will pull only the image named debian:testing and any intermediate layers
# it is based on. (typically the empty `scratch` image, a MAINTAINERs layer,
# and the un-tared base.
2014-04-23 16:48:28 -04:00
## push
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Push an image or a repository to the registry
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker push NAME[:TAG]
2014-04-15 20:53:12 -04:00
Use `docker push` to share your images on public or
private registries.
2014-04-23 16:48:28 -04:00
## restart
Restart a running container
2014-04-15 20:53:12 -04:00
Usage: docker restart [OPTIONS] NAME
2014-04-23 16:48:28 -04:00
-t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
## rm
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Remove one or more containers
2014-04-15 20:53:12 -04:00
Usage: docker rm [OPTIONS] CONTAINER
2014-04-23 16:48:28 -04:00
-l, --link="": Remove the link instead of the actual container
-f, --force=false: Force removal of running container
-v, --volumes=false: Remove the volumes associated to the container
2014-04-15 20:53:12 -04:00
### Known Issues (rm)
- [Issue 197 ](https://github.com/dotcloud/docker/issues/197 ) indicates
that `docker kill` may leave directories behind
and make it difficult to remove the container.
### Examples:
$ sudo docker rm /redis
/redis
This will remove the container referenced under the link
`/redis` .
$ sudo docker rm --link /webapp/redis
/webapp/redis
This will remove the underlying link between `/webapp`
and the `/redis` containers removing all
network communication.
$ sudo docker rm $(docker ps -a -q)
This command will delete all stopped containers. The command
`docker ps -a -q` will return all existing container
IDs and pass them to the `rm` command which will
delete them. Any running containers will not be deleted.
2014-04-23 16:48:28 -04:00
## rmi
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Remove one or more images
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker rmi IMAGE [IMAGE...]
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
-f, --force=false: Force
--no-prune=false: Do not delete untagged parents
2014-04-15 20:53:12 -04:00
### Removing tagged images
2014-04-23 16:48:28 -04:00
Images can be removed either by their short or long ID`s, or their image
2014-04-15 20:53:12 -04:00
names. If an image has more than one name, each of them needs to be
removed before the image is removed.
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB)
test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB)
test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB)
$ sudo docker rmi fd484f19954f
Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories
2013/12/11 05:47:16 Error: failed to remove one or more images
$ sudo docker rmi test1
Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
$ sudo docker rmi test2
Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB)
$ sudo docker rmi test
Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
2014-04-23 16:48:28 -04:00
## run
Run a command in a new container
2014-04-15 20:53:12 -04:00
Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...]
2014-04-23 16:48:28 -04:00
-a, --attach=map[]: Attach to stdin, stdout or stderr
-c, --cpu-shares=0: CPU shares (relative weight)
--cidfile="": Write the container ID to the file
-d, --detach=false: Detached mode: Run container in the background, print new container id
-e, --env=[]: Set environment variables
--env-file="": Read in a line delimited file of ENV variables
-h, --hostname="": Container host name
-i, --interactive=false: Keep stdin open even if not attached
--privileged=false: Give extended privileges to this container
-m, --memory="": Memory limit (format: < number > < optional unit > , where unit = b, k, m or g)
-n, --networking=true: Enable networking for this container
-p, --publish=[]: Map a network port to the container
--rm=false: Automatically remove the container when it exits (incompatible with -d)
-t, --tty=false: Allocate a pseudo-tty
-u, --user="": Username or UID
--dns=[]: Set custom dns servers for the container
--dns-search=[]: Set custom DNS search domains for the container
-v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume.
--volumes-from="": Mount all volumes from the given container(s)
--entrypoint="": Overwrite the default entrypoint set by the image
-w, --workdir="": Working directory inside the container
--lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
--sig-proxy=true: Proxify all received signal to the process (even in non-tty mode)
--expose=[]: Expose a port from the container without publishing it to your host
--link="": Add link to another container (name:alias)
--name="": Assign the specified name to the container. If no name is specific docker will generate a random name
-P, --publish-all=false: Publish all exposed ports to the host interfaces
The `docker run` command first `creates` a writeable container layer over the
specified image, and then `starts` it using the specified command. That is,
`docker run` is equivalent to the API `/containers/create` then
`/containers/(id)/start` . A stopped container can be restarted with all its
previous changes intact using `docker start` . See `docker ps -a` to view a list
of all containers.
The `docker run` command can be used in combination with `docker commit` to
[*change the command that a container runs* ](#commit-an-existing-container ).
2014-04-15 20:53:12 -04:00
2014-04-24 08:12:21 -04:00
See [*Redirect Ports* ](/use/port_redirection/#port-redirection )
2014-04-23 16:48:28 -04:00
for more detailed information about the `--expose` , `-p` , `-P` and `--link`
parameters, and [*Link Containers*](
2014-04-24 08:12:21 -04:00
/use/working_with_links_names/#working-with-links-names) for specific
2014-04-23 16:48:28 -04:00
examples using `--link` .
2014-04-15 20:53:12 -04:00
### Known Issues (run – volumes-from)
2014-04-23 16:48:28 -04:00
- [Issue 2702 ](https://github.com/dotcloud/docker/issues/2702 ):
"lxc-start: Permission denied - failed to mount" could indicate a
permissions problem with AppArmor. Please see the issue for a
workaround.
2014-04-15 20:53:12 -04:00
### Examples:
$ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test"
2014-04-23 16:48:28 -04:00
This will create a container and print `test` to the console. The `cidfile`
flag makes Docker attempt to create a new file and write the container ID to it.
If the file exists already, Docker will return an error. Docker will close this
file when `docker run` exits.
2014-04-15 20:53:12 -04:00
$ sudo docker run -t -i --rm ubuntu bash
root@bc338942ef20:/# mount -t tmpfs none /mnt
mount: permission denied
2014-04-23 16:48:28 -04:00
This will *not* work, because by default, most potentially dangerous kernel
capabilities are dropped; including `cap_sys_admin` (which is required to mount
filesystems). However, the `--privileged` flag will allow it to run:
2014-04-15 20:53:12 -04:00
$ sudo docker run --privileged ubuntu bash
root@50e3f57e16e6:/# mount -t tmpfs none /mnt
root@50e3f57e16e6:/# df -h
Filesystem Size Used Avail Use% Mounted on
none 1.9G 0 1.9G 0% /mnt
2014-04-23 16:48:28 -04:00
The `--privileged` flag gives *all* capabilities to the container, and it also
lifts all the limitations enforced by the `device` cgroup controller. In other
words, the container can then do almost everything that the host can do. This
flag exists to allow special use-cases, like running Docker within Docker.
2014-04-15 20:53:12 -04:00
$ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd
2014-04-23 16:48:28 -04:00
The `-w` lets the command being executed inside directory given, here
`/path/to/dir/` . If the path does not exists it is created inside the container.
2014-04-15 20:53:12 -04:00
$ sudo docker run -v `pwd` :`pwd` -w `pwd` -i -t ubuntu pwd
2014-04-23 16:48:28 -04:00
The `-v` flag mounts the current working directory into the container. The `-w`
lets the command being executed inside the current working directory, by
changing into the directory to the value returned by `pwd` . So this
2014-04-15 20:53:12 -04:00
combination executes the command using the container, but inside the
current working directory.
$ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash
2014-04-23 16:48:28 -04:00
When the host directory of a bind-mounted volume doesn't exist, Docker
2014-04-15 20:53:12 -04:00
will automatically create this directory on the host for you. In the
example above, Docker will create the `/doesnt/exist`
folder before starting your container.
$ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh
By bind-mounting the docker unix socket and statically linked docker
2014-04-23 16:48:28 -04:00
binary (such as that provided by [https://get.docker.io](
https://get.docker.io)), you give the container the full access to create and
manipulate the host's docker daemon.
2014-04-15 20:53:12 -04:00
$ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash
2014-04-23 16:48:28 -04:00
This binds port `8080` of the container to port `80` on `127.0.0.1` of the host
2014-04-24 08:12:21 -04:00
machine. [*Redirect Ports* ](/use/port_redirection/#port-redirection )
2014-04-23 16:48:28 -04:00
explains in detail how to manipulate ports in Docker.
2014-04-15 20:53:12 -04:00
$ sudo docker run --expose 80 ubuntu bash
2014-04-23 16:48:28 -04:00
This exposes port `80` of the container for use within a link without publishing
the port to the host system's interfaces. [*Redirect Ports*](
2014-04-24 08:12:21 -04:00
/use/port_redirection/#port-redirection) explains in detail how to
2014-04-23 16:48:28 -04:00
manipulate ports in Docker.
2014-04-15 20:53:12 -04:00
$ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash
2014-04-23 16:48:28 -04:00
This sets environmental variables in the container. For illustration all three
flags are shown here. Where `-e` , `--env` take an environment variable and
value, or if no "=" is provided, then that variable's current value is passed
through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All
three flags, `-e` , `--env` and `--env-file` can be repeated.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Regardless of the order of these three flags, the `--env-file` are processed
first, and then `-e` , `--env` flags. This way, the `-e` or `--env` will
override variables as needed.
2014-04-15 20:53:12 -04:00
$ cat ./env.list
TEST_FOO=BAR
$ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO
TEST_FOO=This is a test
2014-04-23 16:48:28 -04:00
The `--env-file` flag takes a filename as an argument and expects each line
to be in the VAR=VAL format, mimicking the argument passed to `--env` . Comment
lines need only be prefixed with `#`
2014-04-15 20:53:12 -04:00
An example of a file passed with `--env-file`
$ cat ./env.list
TEST_FOO=BAR
# this is a comment
TEST_APP_DEST_HOST=10.10.0.127
TEST_APP_DEST_PORT=8888
# pass through this variable from the caller
TEST_PASSTHROUGH
$ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env
HOME=/
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=5198e0745561
TEST_FOO=BAR
TEST_APP_DEST_HOST=10.10.0.127
TEST_APP_DEST_PORT=8888
TEST_PASSTHROUGH=howdy
$ sudo docker run --name console -t -i ubuntu bash
This will create and run a new container with the container name being
`console` .
$ sudo docker run --link /redis:redis --name console ubuntu bash
2014-04-23 16:48:28 -04:00
The `--link` flag will link the container named `/redis` into the newly
created container with the alias `redis` . The new container can access the
network and environment of the redis container via environment variables.
The `--name` flag will assign the name `console` to the newly created
container.
2014-04-15 20:53:12 -04:00
$ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd
2014-04-23 16:48:28 -04:00
The `--volumes-from` flag mounts all the defined volumes from the referenced
containers. Containers can be specified by a comma separated list or by
repetitions of the `--volumes-from` argument. The container ID may be
optionally suffixed with `:ro` or `:rw` to mount the volumes in read-only
or read-write mode, respectively. By default, the volumes are mounted in
the same mode (read write or read only) as the reference container.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
The `-a` flag tells `docker run` to bind to the container'sstdin, stdout or
stderr. This makes it possible to manipulate the output and input as needed.
2014-04-15 20:53:12 -04:00
$ sudo echo "test" | docker run -i -a stdin ubuntu cat -
2014-04-23 16:48:28 -04:00
This pipes data into a container and prints the container's ID by attaching
only to the container'sstdin.
2014-04-15 20:53:12 -04:00
$ sudo docker run -a stderr ubuntu echo test
2014-04-23 16:48:28 -04:00
This isn't going to print anything unless there's an error because We've
only attached to the stderr of the container. The container's logs still
store what's been written to stderr and stdout.
2014-04-15 20:53:12 -04:00
$ sudo cat somefile | docker run -i -a stdin mybuilder dobuild
This is how piping a file into a container could be done for a build.
2014-04-23 16:48:28 -04:00
The container's ID will be printed after the build is done and the build
2014-04-15 20:53:12 -04:00
logs could be retrieved using `docker logs` . This is
useful if you need to pipe a file or something else into a container and
2014-04-23 16:48:28 -04:00
retrieve the container's ID once the container has finished running.
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
**A complete example:**
2014-04-15 20:53:12 -04:00
$ sudo docker run -d --name static static-web-files sh
$ sudo docker run -d --expose=8098 --name riak riakserver
$ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver
$ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver
$ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log
This example shows 5 containers that might be set up to test a web
application change:
2014-04-23 16:48:28 -04:00
1. Start a pre-prepared volume image `static-web-files` (in the background)
that has CSS, image and static HTML in it, (with a `VOLUME` instruction in
the Dockerfile to allow the web server to use those files);
2. Start a pre-prepared `riakserver` image, give the container name `riak` and
expose port `8098` to any containers that link to it;
3. Start the `appserver` image, restricting its memory usage to 100MB, setting
two environment variables `DEVELOPMENT` and `BRANCH` and bind-mounting the
current directory (`$(pwd)`) in the container in read-only mode as `/app/bin` ;
4. Start the `webserver` , mapping port `443` in the container to port `1443` on
the Docker server, setting the DNS server to `dns.dev.org` and DNS search
domain to `dev.org` , creating a volume to put the log files into (so we can
access it from another container), then importing the files from the volume
exposed by the `static` container, and linking to all exposed ports from
`riak` and `app` . Lastly, we set the hostname to `web.sven.dev.org` so its
consistent with the pre-generated SSL certificate;
5. Finally, we create a container that runs `tail -f access.log` using the logs
volume from the `web` container, setting the workdir to `/var/log/httpd` . The
`--rm` option means that when the container exits, the container's layer is
removed.
## save
Save an image to a tar archive (streamed to stdout by default)
2014-04-15 20:53:12 -04:00
Usage: docker save IMAGE
2014-04-23 16:48:28 -04:00
-o, --output="": Write to an file, instead of STDOUT
2014-04-15 20:53:12 -04:00
Produces a tarred repository to the standard output stream. Contains all
parent layers, and all tags + versions, or specified repo:tag.
It is used to create a backup that can then be used with
`docker load`
$ sudo docker save busybox > busybox.tar
$ ls -sh b.tar
2.7M b.tar
$ sudo docker save --output busybox.tar busybox
$ ls -sh b.tar
2.7M b.tar
$ sudo docker save -o fedora-all.tar fedora
$ sudo docker save -o fedora-latest.tar fedora:latest
2014-04-23 16:48:28 -04:00
## search
2014-04-15 20:53:12 -04:00
2014-04-26 08:00:01 -04:00
Search [Docker.io ](https://index.docker.io ) for images
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker search TERM
2014-04-15 20:53:12 -04:00
2014-04-18 20:35:45 -04:00
--no-trunc=false: Don᾿ t truncate output
2014-04-15 20:53:12 -04:00
-s, --stars=0: Only displays with at least xxx stars
-t, --trusted=false: Only show trusted builds
2014-04-26 08:00:01 -04:00
See [*Find Public Images on Docker.io*](
/use/workingwithrepository/#find-public-images-on-dockerio) for
2014-04-15 20:53:12 -04:00
more details on finding shared images from the commandline.
2014-04-23 16:48:28 -04:00
## start
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Start a stopped container
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker start [OPTIONS] CONTAINER
2014-04-15 20:53:12 -04:00
2014-04-18 20:35:45 -04:00
-a, --attach=false: Attach container᾿ s stdout/stderr and forward all signals to the process
-i, --interactive=false: Attach container᾿ s stdin
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
## stop
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Stop a running container (Send SIGTERM, and then SIGKILL after grace period)
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
-t, --time=10: Number of seconds to wait for the container to stop before killing it.
2014-04-15 20:53:12 -04:00
The main process inside the container will receive SIGTERM, and after a
grace period, SIGKILL
2014-04-23 16:48:28 -04:00
## tag
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Tag an image into a repository
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG]
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
-f, --force=false: Force
2014-04-15 20:53:12 -04:00
You can group your images together using names and tags, and then upload
2014-04-23 16:48:28 -04:00
them to [*Share Images via Repositories*](
2014-04-24 08:12:21 -04:00
/use/workingwithrepository/#working-with-the-repository).
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
## top
2014-04-15 20:53:12 -04:00
Usage: docker top CONTAINER [ps OPTIONS]
2014-04-23 16:48:28 -04:00
Lookup the running processes of a container
2014-04-15 20:53:12 -04:00
2014-04-23 16:48:28 -04:00
## version
2014-04-15 20:53:12 -04:00
Show the version of the Docker client, daemon, and latest released
version.
2014-04-23 16:48:28 -04:00
## wait
2014-04-15 20:53:12 -04:00
Usage: docker wait [OPTIONS] NAME
2014-04-24 08:12:21 -04:00
Block until a container stops, then print its exit code.