diff --git a/docs/reference/run.md b/docs/reference/run.md index 859f3f2966..62c175c2b8 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -43,7 +43,7 @@ settings affect: * network settings * runtime constraints on CPU and memory * privileges and LXC configuration - + An image developer may set defaults for these same settings when they create the image using the `docker build` command. Operators, however, can override all defaults set by the developer using the `run` options. And, operators can also @@ -209,12 +209,12 @@ more advanced use case would be changing the host's hostname from a container. By default, all containers have the IPC namespace enabled. -IPC (POSIX/SysV IPC) namespace provides separation of named shared memory +IPC (POSIX/SysV IPC) namespace provides separation of named shared memory segments, semaphores and message queues. Shared memory segments are used to accelerate inter-process communication at memory speed, rather than through pipes or through the network stack. Shared -memory is commonly used by databases and custom-built (typically C/OpenMPI, +memory is commonly used by databases and custom-built (typically C/OpenMPI, C++/using boost libraries) high performance applications for scientific computing and financial services industries. If these types of applications are broken into multiple containers, you might need to share the IPC mechanisms @@ -237,6 +237,9 @@ with `docker run --net none` which disables all incoming and outgoing networking. In cases like this, you would perform I/O through files or `STDIN` and `STDOUT` only. +Publishing ports and linking to other containers will not work +when `--net` is anything other than the default (bridge). + Your container will use the same DNS servers as the host by default, but you can override this with `--dns`. @@ -305,9 +308,8 @@ traffic will be routed though this bridge to the container. With the networking mode set to `host` a container will share the host's network stack and all interfaces from the host will be available to the container. The container's hostname will match the hostname on the host -system. Publishing ports and linking to other containers will not work -when sharing the host's network stack. Note that `--add-host` `--hostname` -`--dns` `--dns-search` and `--mac-address` is invalid in `host` netmode. +system. Note that `--add-host` `--hostname` `--dns` `--dns-search` and +`--mac-address` is invalid in `host` netmode. Compared to the default `bridge` mode, the `host` mode gives *significantly* better networking performance since it uses the host's native networking stack @@ -323,8 +325,8 @@ or a High Performance Web Server. With the networking mode set to `container` a container will share the network stack of another container. The other container's name must be -provided in the format of `--net container:`. Note that `--add-host` -`--hostname` `--dns` `--dns-search` and `--mac-address` is invalid +provided in the format of `--net container:`. Note that `--add-host` +`--hostname` `--dns` `--dns-search` and `--mac-address` is invalid in `container` netmode, and `--publish` `--publish-all` `--expose` are also invalid in `container` netmode. @@ -340,7 +342,7 @@ running the `redis-cli` command and connecting to the Redis server over the Your container will have lines in `/etc/hosts` which define the hostname of the container itself as well as `localhost` and a few other common things. The -`--add-host` flag can be used to add additional lines to `/etc/hosts`. +`--add-host` flag can be used to add additional lines to `/etc/hosts`. $ docker run -it --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts 172.17.0.22 09d03f76bf2c @@ -375,7 +377,7 @@ Docker supports the following restart policies: no - Do not automatically restart the container when it exits. This is the + Do not automatically restart the container when it exits. This is the default. @@ -387,7 +389,7 @@ Docker supports the following restart policies: Restart only if the container exits with a non-zero exit status. - Optionally, limit the number of restart retries the Docker + Optionally, limit the number of restart retries the Docker daemon attempts. @@ -426,7 +428,7 @@ Or, to get the last time the container was (re)started; $ docker inspect -f "{{ .State.StartedAt }}" my-container # 2015-03-04T23:47:07.691840179Z -You cannot set any restart policy in combination with +You cannot set any restart policy in combination with ["clean up (--rm)"](#clean-up-rm). Setting both `--restart` and `--rm` results in an error. @@ -439,7 +441,7 @@ so that if the container exits, Docker will restart it. $ docker run --restart=on-failure:10 redis -This will run the `redis` container with a restart policy of **on-failure** +This will run the `redis` container with a restart policy of **on-failure** and a maximum restart count of 10. If the `redis` container exits with a non-zero exit status more than 10 times in a row Docker will abort trying to restart the container. Providing a maximum restart limit is only valid for the @@ -463,7 +465,7 @@ the container exits**, you can add the `--rm` flag: --security-opt="label:type:TYPE" : Set the label type for the container --security-opt="label:level:LEVEL" : Set the label level for the container --security-opt="label:disable" : Turn off label confinement for the container - --security-opt="apparmor:PROFILE" : Set the apparmor profile to be applied + --security-opt="apparmor:PROFILE" : Set the apparmor profile to be applied to the container You can override the default labeling scheme for each container by specifying @@ -665,7 +667,7 @@ division of CPU shares: ### CPU period constraint The default CPU CFS (Completely Fair Scheduler) period is 100ms. We can use -`--cpu-period` to set the period of CPUs to limit the container's CPU usage. +`--cpu-period` to set the period of CPUs to limit the container's CPU usage. And usually `--cpu-period` should work with `--cpu-quota`. Examples: @@ -989,9 +991,9 @@ or override the Dockerfile's exposed defaults: --expose=[]: Expose a port or a range of ports from the container without publishing it to your host -P=false : Publish all exposed ports to the host interfaces - -p=[] : Publish a container᾿s port or a range of ports to the host + -p=[] : Publish a container᾿s port or a range of ports to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort - Both hostPort and containerPort can be specified as a range of ports. + Both hostPort and containerPort can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) (use 'docker port' to see the actual mapping) --link="" : Add link to another container (:alias or ) @@ -1039,13 +1041,13 @@ variables automatically: HOSTNAME - + The hostname associated with the container PATH - + Includes popular directories, such as :
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -1060,8 +1062,8 @@ as a result of the container being linked with another container. See the [*Container Links*](/userguide/dockerlinks/#container-linking) section for more details. -Additionally, the operator can **set any environment variable** in the -container by using one or more `-e` flags, even overriding those mentioned +Additionally, the operator can **set any environment variable** in the +container by using one or more `-e` flags, even overriding those mentioned above, or already defined by the developer with a Dockerfile `ENV`: $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export @@ -1143,7 +1145,7 @@ container's `/etc/hosts` entry will be automatically updated. --volumes-from="": Mount all volumes from the given container(s) The volumes commands are complex enough to have their own documentation -in section [*Managing data in +in section [*Managing data in containers*](/userguide/dockervolumes). A developer can define one or more `VOLUME`'s associated with an image, but only the operator can give access from one container to another (or from a container to a