Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Moving man pages out of docs 

Adding in other areas per comments
Updating with comments; equalizing generating man page info
Updating with duglin's comments
Doug is right here again;fixing.

Signed-off-by: Mary Anthony <mary@docker.com>
This commit is contained in:
Mary Anthony 2015-06-08 10:48:20 -07:00 committed by Tibor Vass
parent 972214455d
commit 77868b76b9
45 changed files with 3872 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/README.md
View File

@ -280,24 +280,11 @@ aws cloudfront create-invalidation --profile docs.docker.com --distribution-id
aws cloudfront create-invalidation --profile docs.docker.com --distribution-id $DISTRIBUTION_ID --invalidation-batch '{"Paths":{"Quantity":1, "Items":["/v1.1/reference/api/docker_io_oauth_api/"]},"CallerReference":"6Mar2015sventest1"}'
```
### Generate the man pages for Mac OSX
### Generate the man pages
When using Docker on Mac OSX the man pages will be missing by default. You can manually generate them by following these steps:
For information on generating man pages (short for manual page), see [the man
page directory](https://github.com/docker/docker/tree/master/docker) in this
project.
1. Checkout the docker source. You must clone into your `/Users` directory because Boot2Docker can only share this path
with the docker containers.
$ git clone https://github.com/docker/docker.git
2. Build the docker image.
$ cd docker/docs/man
$ docker build -t docker/md2man .
3. Build the man pages.
$ docker run -v /Users/<path-to-git-dir>/docker/docs/man:/docs:rw -w /docs -i docker/md2man /docs/md2man-all.sh
4. Copy the generated man pages to `/usr/share/man`
$ cp -R man* /usr/share/man/

7
man/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM golang:1.3
RUN mkdir -p /go/src/github.com/cpuguy83
RUN mkdir -p /go/src/github.com/cpuguy83 \
&& git clone -b v1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \
&& cd /go/src/github.com/cpuguy83/go-md2man \
&& go get -v ./...
CMD ["/go/bin/go-md2man", "--help"]

329
man/Dockerfile.5.md Normal file
View File

@ -0,0 +1,329 @@
% DOCKERFILE(5) Docker User Manuals
% Zac Dover
% May 2014
# NAME
Dockerfile - automate the steps of creating a Docker image
# INTRODUCTION
The **Dockerfile** is a configuration file that automates the steps of creating
a Docker image. It is similar to a Makefile. Docker reads instructions from the
**Dockerfile** to automate the steps otherwise performed manually to create an
image. To build an image, create a file called **Dockerfile**.
The **Dockerfile** describes the steps taken to assemble the image. When the
**Dockerfile** has been created, call the `docker build` command, using the
path of directory that contains **Dockerfile** as the argument.
# SYNOPSIS
INSTRUCTION arguments
For example:
FROM image
# DESCRIPTION
A Dockerfile is a file that automates the steps of creating a Docker image.
A Dockerfile is similar to a Makefile.
# USAGE
docker build .
-- Runs the steps and commits them, building a final image.
The path to the source repository defines where to find the context of the
build. The build is run by the Docker daemon, not the CLI. The whole
context must be transferred to the daemon. The Docker CLI reports
`"Sending build context to Docker daemon"` when the context is sent to the
daemon.
```
docker build -t repository/tag .
```
-- specifies a repository and tag at which to save the new image if the build
succeeds. The Docker daemon runs the steps one-by-one, committing the result
to a new image if necessary, before finally outputting the ID of the new
image. The Docker daemon automatically cleans up the context it is given.
Docker re-uses intermediate images whenever possible. This significantly
accelerates the *docker build* process.
# FORMAT
`FROM image`
`FROM image:tag`
-- The **FROM** instruction sets the base image for subsequent instructions. A
valid Dockerfile must have **FROM** as its first instruction. The image can be any
valid image. It is easy to start by pulling an image from the public
repositories.
-- **FROM** must be the first non-comment instruction in Dockerfile.
-- **FROM** may appear multiple times within a single Dockerfile in order to create
multiple images. Make a note of the last image ID output by the commit before
each new **FROM** command.
-- If no tag is given to the **FROM** instruction, Docker applies the
`latest` tag. If the used tag does not exist, an error is returned.
**MAINTAINER**
-- **MAINTAINER** sets the Author field for the generated images.
**RUN**
-- **RUN** has two forms:
```
# the command is run in a shell - /bin/sh -c
RUN <command>
# Executable form
RUN ["executable", "param1", "param2"]
```
-- The **RUN** instruction executes any commands in a new layer on top of the current
image and commits the results. The committed image is used for the next step in
Dockerfile.
-- Layering **RUN** instructions and generating commits conforms to the core
concepts of Docker where commits are cheap and containers can be created from
any point in the history of an image. This is similar to source control. The
exec form makes it possible to avoid shell string munging. The exec form makes
it possible to **RUN** commands using a base image that does not contain `/bin/sh`.
Note that the exec form is parsed as a JSON array, which means that you must
use double-quotes (") around words not single-quotes (').
**CMD**
-- **CMD** has three forms:
```
# Executable form
CMD ["executable", "param1", "param2"]`
# Provide default arguments to ENTRYPOINT
CMD ["param1", "param2"]`
# the command is run in a shell - /bin/sh -c
CMD command param1 param2
```
-- There can be only one **CMD** in a Dockerfile. If more than one **CMD** is listed, only
the last **CMD** takes effect.
The main purpose of a **CMD** is to provide defaults for an executing container.
These defaults may include an executable, or they can omit the executable. If
they omit the executable, an **ENTRYPOINT** must be specified.
When used in the shell or exec formats, the **CMD** instruction sets the command to
be executed when running the image.
If you use the shell form of the **CMD**, the `<command>` executes in `/bin/sh -c`:
Note that the exec form is parsed as a JSON array, which means that you must
use double-quotes (") around words not single-quotes (').
```
FROM ubuntu
CMD echo "This is a test." | wc -
```
-- If you run **command** without a shell, then you must express the command as a
JSON array and give the full path to the executable. This array form is the
preferred form of **CMD**. All additional parameters must be individually expressed
as strings in the array:
```
FROM ubuntu
CMD ["/usr/bin/wc","--help"]
```
-- To make the container run the same executable every time, use **ENTRYPOINT** in
combination with **CMD**.
If the user specifies arguments to `docker run`, the specified commands
override the default in **CMD**.
Do not confuse **RUN** with **CMD**. **RUN** runs a command and commits the result.
**CMD** executes nothing at build time, but specifies the intended command for
the image.
**LABEL**
-- `LABEL <key>[=<value>] [<key>[=<value>] ...]`
The **LABEL** instruction adds metadata to an image. A **LABEL** is a
key-value pair. To include spaces within a **LABEL** value, use quotes and
backslashes as you would in command-line parsing.
```
LABEL "com.example.vendor"="ACME Incorporated"
```
An image can have more than one label. To specify multiple labels, separate
each key-value pair by a space.
Labels are additive including `LABEL`s in `FROM` images. As the system
encounters and then applies a new label, new `key`s override any previous
labels with identical keys.
To display an image's labels, use the `docker inspect` command.
**EXPOSE**
-- `EXPOSE <port> [<port>...]`
The **EXPOSE** instruction informs Docker that the container listens on the
specified network ports at runtime. Docker uses this information to
interconnect containers using links, and to set up port redirection on the host
system.
**ENV**
-- `ENV <key> <value>`
The **ENV** instruction sets the environment variable <key> to
the value `<value>`. This value is passed to all future
RUN, **ENTRYPOINT**, and **CMD** instructions. This is
functionally equivalent to prefixing the command with `<key>=<value>`. The
environment variables that are set with **ENV** persist when a container is run
from the resulting image. Use `docker inspect` to inspect these values, and
change them using `docker run --env <key>=<value>`.
Note that setting "`ENV DEBIAN_FRONTEND noninteractive`" may cause
unintended consequences, because it will persist when the container is run
interactively, as with the following command: `docker run -t -i image bash`
**ADD**
-- **ADD** has two forms:
```
ADD <src> <dest>
# Required for paths with whitespace
ADD ["<src>",... "<dest>"]
```
The **ADD** instruction copies new files, directories
or remote file URLs to the filesystem of the container at path `<dest>`.
Multiple `<src>` resources may be specified but if they are files or directories
then they must be relative to the source directory that is being built
(the context of the build). The `<dest>` is the absolute path, or path relative
to **WORKDIR**, into which the source is copied inside the target container.
All new files and directories are created with mode 0755 and with the uid
and gid of **0**.
**COPY**
-- **COPY** has two forms:
```
COPY <src> <dest>
# Required for paths with whitespace
COPY ["<src>",... "<dest>"]
```
The **COPY** instruction copies new files from `<src>` and
adds them to the filesystem of the container at path <dest>. The `<src>` must be
the path to a file or directory relative to the source directory that is
being built (the context of the build) or a remote file URL. The `<dest>` is an
absolute path, or a path relative to **WORKDIR**, into which the source will
be copied inside the target container. All new files and directories are
created with mode **0755** and with the uid and gid of **0**.
**ENTRYPOINT**
-- **ENTRYPOINT** has two forms:
```
# executable form
ENTRYPOINT ["executable", "param1", "param2"]`
# run command in a shell - /bin/sh -c
ENTRYPOINT command param1 param2
```
-- An **ENTRYPOINT** helps you configure a
container that can be run as an executable. When you specify an **ENTRYPOINT**,
the whole container runs as if it was only that executable. The **ENTRYPOINT**
instruction adds an entry command that is not overwritten when arguments are
passed to docker run. This is different from the behavior of CMD. This allows
arguments to be passed to the entrypoint, for instance `docker run <image> -d`
passes the -d argument to the **ENTRYPOINT**. Specify parameters either in the
**ENTRYPOINT** JSON array (as in the preferred exec form above), or by using a **CMD**
statement. Parameters in the **ENTRYPOINT** are not overwritten by the docker run
arguments. Parameters specified via **CMD** are overwritten by docker run
arguments. Specify a plain string for the **ENTRYPOINT**, and it will execute in
`/bin/sh -c`, like a **CMD** instruction:
```
FROM ubuntu
ENTRYPOINT wc -l -
```
This means that the Dockerfile's image always takes stdin as input (that's
what "-" means), and prints the number of lines (that's what "-l" means). To
make this optional but default, use a **CMD**:
```
FROM ubuntu
CMD ["-l", "-"]
ENTRYPOINT ["/usr/bin/wc"]
```
**VOLUME**
-- `VOLUME ["/data"]`
The **VOLUME** instruction creates a mount point with the specified name and marks
it as holding externally-mounted volumes from the native host or from other
containers.
**USER**
-- `USER daemon`
Sets the username or UID used for running subsequent commands.
The **USER** instruction can optionally be used to set the group or GID. The
followings examples are all valid:
USER [user | user:group | uid | uid:gid | user:gid | uid:group ]
Until the **USER** instruction is set, instructions will be run as root. The USER
instruction can be used any number of times in a Dockerfile, and will only affect
subsequent commands.
**WORKDIR**
-- `WORKDIR /path/to/workdir`
The **WORKDIR** instruction sets the working directory for the **RUN**, **CMD**,
**ENTRYPOINT**, **COPY** and **ADD** Dockerfile commands that follow it. It can
be used multiple times in a single Dockerfile. Relative paths are defined
relative to the path of the previous **WORKDIR** instruction. For example:
```
WORKDIR /a
WORKDIR b
WORKDIR c
RUN pwd
```
In the above example, the output of the **pwd** command is **a/b/c**.
**ONBUILD**
-- `ONBUILD [INSTRUCTION]`
The **ONBUILD** instruction adds a trigger instruction to an image. The
trigger is executed at a later time, when the image is used as the base for
another build. Docker executes the trigger in the context of the downstream
build, as if the trigger existed immediately after the **FROM** instruction in
the downstream Dockerfile.
You can register any build instruction as a trigger. A trigger is useful if
you are defining an image to use as a base for building other images. For
example, if you are defining an application build environment or a daemon that
is customized with a user-specific configuration.
Consider an image intended as a reusable python application builder. It must
add application source code to a particular directory, and might need a build
script called after that. You can't just call **ADD** and **RUN** now, because
you don't yet have access to the application source code, and it is different
for each application build.
-- Providing application developers with a boilerplate Dockerfile to copy-paste
into their application is inefficient, error-prone, and
difficult to update because it mixes with application-specific code.
The solution is to use **ONBUILD** to register instructions in advance, to
run later, during the next build stage.
# HISTORY
*May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation.
*Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability

44
man/README.md Normal file
View File

@ -0,0 +1,44 @@
Docker Documentation
====================
This directory contains the Docker user manual in the Markdown format.
Do *not* edit the man pages in the man1 directory. Instead, amend the
Markdown (*.md) files.
# Generating man pages from the Markdown files
The recommended approach for generating the man pages is via a Docker
container using the supplied `Dockerfile` to create an image with the correct
environment. This uses `go-md2man`, a pure Go Markdown to man page generator.
### Generate the man pages
On Linux installations, Docker includes a set of man pages you can access by typing `man command-name` on the command line. For example, `man docker` displays the `docker` man page. When using Docker on Mac OSX the man pages are not automatically included.
You can generate and install the `man` pages yourself by following these steps:
1. Checkout the `docker` source.
$ git clone https://github.com/docker/docker.git
If you are using Boot2Docker, you must clone into your `/Users` directory
because Boot2Docker can only share this path with the docker containers.
2. Build the docker image.
$ cd docker/man
$ docker build -t docker/md2man .
3. Build the man pages.
$ docker run -v <path-to-git-dir>/docker/man:/man:rw -w /man -i docker/md2man /man/md2man-all.sh
The `md2man` Docker container processes the Markdown files and generates
a `man1` and `man5` subdirectories in the `docker/man` directory.
4. Copy the generated man pages to `/usr/share/man`
$ cp -R man* /usr/share/man/

70
man/docker-attach.1.md Normal file
View File

@ -0,0 +1,70 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-attach - Attach to a running container
# SYNOPSIS
**docker attach**
[**--help**]/
[**--no-stdin**[=*false*]]
[**--sig-proxy**[=*true*]]
CONTAINER
# DESCRIPTION
The **docker attach** command allows you to attach to a running container using
the container's ID or name, either to view its ongoing output or to control it
interactively. You can attach to the same contained process multiple times
simultaneously, screen sharing style, or quickly view the progress of your
daemonized process.
You can detach from the container (and leave it running) with `CTRL-p CTRL-q`
(for a quiet exit) or `CTRL-c` which will send a `SIGKILL` to the container.
When you are attached to a container, and exit its main process, the process's
exit code will be returned to the client.
It is forbidden to redirect the standard input of a `docker attach` command while
attaching to a tty-enabled container (i.e.: launched with `-t`).
# OPTIONS
**--help**
Print usage statement
**--no-stdin**=*true*|*false*
Do not attach STDIN. The default is *false*.
**--sig-proxy**=*true*|*false*
Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*.
# EXAMPLES
## Attaching to a container
In this example the top command is run inside a container, from an image called
fedora, in detached mode. The ID from the container is passed into the **docker
attach** command:
# ID=$(sudo docker run -d fedora /usr/bin/top -b)
# sudo docker attach $ID
top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05
Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 373572k total, 355560k used, 18012k free, 27872k buffers
Swap: 786428k total, 0k used, 786428k free, 221740k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top
top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05
Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 373572k total, 355244k used, 18328k free, 27872k buffers
Swap: 786428k total, 0k used, 786428k free, 221776k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

215
man/docker-build.1.md Normal file
View File

@ -0,0 +1,215 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-build - Build a new image from the source code at PATH
# SYNOPSIS
**docker build**
[**--help**]
[**-f**|**--file**[=*PATH/Dockerfile*]]
[**--force-rm**[=*false*]]
[**--no-cache**[=*false*]]
[**--pull**[=*false*]]
[**-q**|**--quiet**[=*false*]]
[**--rm**[=*true*]]
[**-t**|**--tag**[=*TAG*]]
[**-m**|**--memory**[=*MEMORY*]]
[**--memory-swap**[=*MEMORY-SWAP*]]
[**-c**|**--cpu-shares**[=*0*]]
[**--cpu-period**[=*0*]]
[**--cpu-quota**[=*0*]]
[**--cpuset-cpus**[=*CPUSET-CPUS*]]
[**--cpuset-mems**[=*CPUSET-MEMS*]]
[**--cgroup-parent**[=*CGROUP-PARENT*]]
PATH | URL | -
# DESCRIPTION
This will read the Dockerfile from the directory specified in **PATH**.
It also sends any other files and directories found in the current
directory to the Docker daemon. The contents of this directory would
be used by **ADD** commands found within the Dockerfile.
Warning, this will send a lot of data to the Docker daemon depending
on the contents of the current directory. The build is run by the Docker
daemon, not by the CLI, so the whole context must be transferred to the daemon.
The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to
the daemon.
When a single Dockerfile is given as the URL, then no context is set.
When a Git repository is set as the **URL**, the repository is used
as context.
# OPTIONS
**-f**, **--file**=*PATH/Dockerfile*
Path to the Dockerfile to use. If the path is a relative path then it must be relative to the current directory. The file must be within the build context. The default is *Dockerfile*.
**--force-rm**=*true*|*false*
Always remove intermediate containers, even after unsuccessful builds. The default is *false*.
**--no-cache**=*true*|*false*
Do not use cache when building the image. The default is *false*.
**--help**
Print usage statement
**--pull**=*true*|*false*
Always attempt to pull a newer version of the image. The default is *false*.
**-q**, **--quiet**=*true*|*false*
Suppress the verbose output generated by the containers. The default is *false*.
**--rm**=*true*|*false*
Remove intermediate containers after a successful build. The default is *true*.
**-t**, **--tag**=""
Repository name (and optionally a tag) to be applied to the resulting image in case of success
**-m**, **--memory**=*MEMORY*
Memory limit
**--memory-swap**=*MEMORY-SWAP*
Total memory (memory + swap), '-1' to disable swap.
**-c**, **--cpu-shares**=*0*
CPU shares (relative weight).
By default, all containers get the same proportion of CPU cycles. You can
change this proportion by adjusting the container's CPU share weighting
relative to the weighting of all other running containers.
To modify the proportion from the default of 1024, use the **-c** or
**--cpu-shares** flag to set the weighting to 2 or higher.
The proportion is only applied when CPU-intensive processes are running.
When tasks in one container are idle, the other containers can use the
left-over CPU time. The actual amount of CPU time used varies depending on
the number of containers running on the system.
For example, consider three containers, one has a cpu-share of 1024 and
two others have a cpu-share setting of 512. When processes in all three
containers attempt to use 100% of CPU, the first container would receive
50% of the total CPU time. If you add a fourth container with a cpu-share
of 1024, the first container only gets 33% of the CPU. The remaining containers
receive 16.5%, 16.5% and 33% of the CPU.
On a multi-core system, the shares of CPU time are distributed across the CPU
cores. Even if a container is limited to less than 100% of CPU time, it can
use 100% of each individual CPU core.
For example, consider a system with more than three cores. If you start one
container **{C0}** with **-c=512** running one process, and another container
**{C1}** with **-c=1024** running two processes, this can result in the following
division of CPU shares:
PID container CPU CPU share
100 {C0} 0 100% of CPU0
101 {C1} 1 100% of CPU1
102 {C1} 2 100% of CPU2
**--cpu-period**=*0*
Limit the CPU CFS (Completely Fair Scheduler) period.
Limit the container's CPU usage. This flag causes the kernel to restrict the
container's CPU usage to the period you specify.
**--cpu-quota**=*0*
Limit the CPU CFS (Completely Fair Scheduler) quota.
By default, containers run with the full CPU resource. This flag causes the
kernel to restrict the container's CPU usage to the quota you specify.
**--cpuset-cpus**=*CPUSET-CPUS*
CPUs in which to allow execution (0-3, 0,1).
**--cpuset-mems**=*CPUSET-MEMS*
Memory nodes (MEMs) in which to allow execution (-1-3, 0,1). Only effective on
NUMA systems.
For example, if you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
to ensure the processes in your Docker container only use memory from the first
two memory nodes.
**--cgroup-parent**=*CGROUP-PARENT*
Path to `cgroups` under which the container's `cgroup` are created.
If the path is not absolute, the path is considered relative to the `cgroups` path of the init process.
Cgroups are created if they do not already exist.
# EXAMPLES
## Building an image using a Dockerfile located inside the current directory
Docker images can be built using the build command and a Dockerfile:
docker build .
During the build process Docker creates intermediate images. In order to
keep them, you must explicitly set `--rm=false`.
docker build --rm=false .
A good practice is to make a sub-directory with a related name and create
the Dockerfile in that directory. For example, a directory called mongo may
contain a Dockerfile to create a Docker MongoDB image. Likewise, another
directory called httpd may be used to store Dockerfiles for Apache web
server images.
It is also a good practice to add the files required for the image to the
sub-directory. These files will then be specified with the `COPY` or `ADD`
instructions in the `Dockerfile`.
Note: If you include a tar file (a good practice), then Docker will
automatically extract the contents of the tar file specified within the `ADD`
instruction into the specified target.
## Building an image and naming that image
A good practice is to give a name to the image you are building. There are
no hard rules here but it is best to give the names consideration.
The **-t**/**--tag** flag is used to rename an image. Here are some examples:
Though it is not a good practice, image names can be arbitrary:
docker build -t myimage .
A better approach is to provide a fully qualified and meaningful repository,
name, and tag (where the tag in this context means the qualifier after
the ":"). In this example we build a JBoss image for the Fedora repository
and give it the version 1.0:
docker build -t fedora/jboss:1.0
The next example is for the "whenry" user repository and uses Fedora and
JBoss and gives it the version 2.1 :
docker build -t whenry/fedora-jboss:V2.1
If you do not provide a version tag then Docker will assign `latest`:
docker build -t whenry/fedora-jboss
When you list the images, the image above will have the tag `latest`.
So renaming an image is arbitrary but consideration should be given to
a useful convention that makes sense for consumers and should also take
into account Docker community conventions.
## Building an image using a URL
This will clone the specified Github repository from the URL and use it
as context. The Dockerfile at the root of the repository is used as
Dockerfile. This only works if the Github repository is a dedicated
repository.
docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache
Note: You can set an arbitrary Git repository via the `git://` schema.
# HISTORY
March 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

59
man/docker-commit.1.md Normal file
View File

@ -0,0 +1,59 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-commit - Create a new image from a container's changes
# SYNOPSIS
**docker commit**
[**-a**|**--author**[=*AUTHOR*]]
[**--help**]
[**-c**|**--change**[= []**]]
[**-m**|**--message**[=*MESSAGE*]]
[**-p**|**--pause**[=*true*]]
CONTAINER [REPOSITORY[:TAG]]
# DESCRIPTION
Using an existing container's name or ID you can create a new image.
# OPTIONS
**-a**, **--author**=""
Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
**-c** , **--change**=[]
Apply specified Dockerfile instructions while committing the image
Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
**--help**
Print usage statement
**-m**, **--message**=""
Commit message
**-p**, **--pause**=*true*|*false*
Pause container during commit. The default is *true*.
# EXAMPLES
## Creating a new image from an existing container
An existing Fedora based container has had Apache installed while running
in interactive mode with the bash shell. Apache is also running. To
create a new image run `docker ps` to find the container's ID and then run:
# docker commit -m="Added Apache to Fedora base image" \
-a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20
## Apply specified Dockerfile instructions while committing the image
If an existing container was created without the DEBUG environment
variable set to "true", you can create a new image based on that
container by first getting the container's ID with `docker ps` and
then running:
# docker commit -c="ENV DEBUG true" 98bd7fc99854 debug-image
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and in
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
Oct 2014, updated by Daniel, Dao Quang Minh <daniel at nitrous dot io>

70
man/docker-cp.1.md Normal file
View File

@ -0,0 +1,70 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-cp - Copy files or folders from a container's PATH to a HOSTDIR
or to STDOUT.
# SYNOPSIS
**docker cp**
[**--help**]
CONTAINER:PATH HOSTDIR|-
# DESCRIPTION
Copy files or folders from a `CONTAINER:PATH` to the `HOSTDIR` or to `STDOUT`.
The `CONTAINER:PATH` is relative to the root of the container's filesystem. You
can copy from either a running or stopped container.
The `PATH` can be a file or directory. The `docker cp` command assumes all
`PATH` values start at the `/` (root) directory. This means supplying the
initial forward slash is optional; The command sees
`compassionate_darwin:/tmp/foo/myfile.txt` and
`compassionate_darwin:tmp/foo/myfile.txt` as identical.
The `HOSTDIR` refers to a directory on the host. If you do not specify an
absolute path for your `HOSTDIR` value, Docker creates the directory relative to
where you run the `docker cp` command. For example, suppose you want to copy the
`/tmp/foo` directory from a container to the `/tmp` directory on your host. If
you run `docker cp` in your `~` (home) directory on the host:
$ docker cp compassionate_darwin:tmp/foo /tmp
Docker creates a `/tmp/foo` directory on your host. Alternatively, you can omit
the leading slash in the command. If you execute this command from your home directory:
$ docker cp compassionate_darwin:tmp/foo tmp
Docker creates a `~/tmp/foo` subdirectory.
When copying files to an existing `HOSTDIR`, the `cp` command adds the new files to
the directory. For example, this command:
$ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /tmp
Creates a `/tmp/foo` directory on the host containing the `myfile.txt` file. If
you repeat the command but change the filename:
$ docker cp sharp_ptolemy:/tmp/foo/secondfile.txt /tmp
Your host's `/tmp/foo` directory will contain both files:
$ ls /tmp/foo
myfile.txt secondfile.txt
Finally, use '-' to write the data as a `tar` file to STDOUT.
# OPTIONS
**--help**
Print usage statement
# EXAMPLES
An important shell script file, created in a bash shell, is copied from
the exited container to the current dir on the host:
# docker cp c071f3c3ee81:setup.sh .
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

246
man/docker-create.1.md Normal file
View File

@ -0,0 +1,246 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-create - Create a new container
# SYNOPSIS
**docker create**
[**-a**|**--attach**[=*[]*]]
[**--add-host**[=*[]*]]
[**--blkio-weight**[=*[BLKIO-WEIGHT]*]]
[**-c**|**--cpu-shares**[=*0*]]
[**--cap-add**[=*[]*]]
[**--cap-drop**[=*[]*]]
[**--cidfile**[=*CIDFILE*]]
[**--cpu-period**[=*0*]]
[**--cpuset-cpus**[=*CPUSET-CPUS*]]
[**--cpuset-mems**[=*CPUSET-MEMS*]]
[**--cpu-quota**[=*0*]]
[**--device**[=*[]*]]
[**--dns-search**[=*[]*]]
[**--dns**[=*[]*]]
[**-e**|**--env**[=*[]*]]
[**--entrypoint**[=*ENTRYPOINT*]]
[**--env-file**[=*[]*]]
[**--expose**[=*[]*]]
[**-h**|**--hostname**[=*HOSTNAME*]]
[**--help**]
[**-i**|**--interactive**[=*false*]]
[**--ipc**[=*IPC*]]
[**-l**|**--label**[=*[]*]]
[**--label-file**[=*[]*]]
[**--link**[=*[]*]]
[**--lxc-conf**[=*[]*]]
[**--log-driver**[=*[]*]]
[**--log-opt**[=*[]*]]
[**-m**|**--memory**[=*MEMORY*]]
[**--memory-swap**[=*MEMORY-SWAP*]]
[**--mac-address**[=*MAC-ADDRESS*]]
[**--name**[=*NAME*]]
[**--net**[=*"bridge"*]]
[**--oom-kill-disable**[=*false*]]
[**-P**|**--publish-all**[=*false*]]
[**-p**|**--publish**[=*[]*]]
[**--pid**[=*[]*]]
[**--uts**[=*[]*]]
[**--privileged**[=*false*]]
[**--read-only**[=*false*]]
[**--restart**[=*RESTART*]]
[**--security-opt**[=*[]*]]
[**-t**|**--tty**[=*false*]]
[**-u**|**--user**[=*USER*]]
[**-v**|**--volume**[=*[]*]]
[**--volumes-from**[=*[]*]]
[**-w**|**--workdir**[=*WORKDIR*]]
[**--cgroup-parent**[=*CGROUP-PATH*]]
IMAGE [COMMAND] [ARG...]
# DESCRIPTION
Creates a writeable container layer over the specified image and prepares it for
running the specified command. The container ID is then printed to STDOUT. This
is similar to **docker run -d** except the container is never started. You can
then use the **docker start <container_id>** command to start the container at
any point.
The initial status of the container created with **docker create** is 'created'.
# OPTIONS
**-a**, **--attach**=[]
Attach to STDIN, STDOUT or STDERR.
**--add-host**=[]
Add a custom host-to-IP mapping (host:ip)
**--blkio-weight**=0
Block IO weight (relative weight) accepts a weight value between 10 and 1000.
**-c**, **--cpu-shares**=0
CPU shares (relative weight)
**--cap-add**=[]
Add Linux capabilities
**--cap-drop**=[]
Drop Linux capabilities
**--cidfile**=""
Write the container ID to the file
**--cgroup-parent**=""
Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
**--cpu-peroid**=0
Limit the CPU CFS (Completely Fair Scheduler) period
**--cpuset-cpus**=""
CPUs in which to allow execution (0-3, 0,1)
**--cpuset-mems**=""
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
then processes in your Docker container will only use memory from the first
two memory nodes.
**-cpu-quota**=0
Limit the CPU CFS (Completely Fair Scheduler) quota
**--device**=[]
Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
**--dns-search**=[]
Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
**--dns**=[]
Set custom DNS servers
**-e**, **--env**=[]
Set environment variables
**--entrypoint**=""
Overwrite the default ENTRYPOINT of the image
**--env-file**=[]
Read in a line delimited file of environment variables
**--expose**=[]
Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host
**-h**, **--hostname**=""
Container host name
**--help**
Print usage statement
**-i**, **--interactive**=*true*|*false*
Keep STDIN open even if not attached. The default is *false*.
**--ipc**=""
Default is to create a private IPC namespace (POSIX SysV IPC) for the container
'container:<name|id>': reuses another container shared memory, semaphores and message queues
'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
**-l**, **--label**=[]
Adds metadata to a container (e.g., --label=com.example.key=value)
**--label-file**=[]
Read labels from a file. Delimit each label with an EOL.
**--link**=[]
Add link to another container in the form of <name or id>:alias or just
<name or id> in which case the alias will match the name.
**--lxc-conf**=[]
(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*none*"
Logging driver for container. Default is defined by daemon `--log-driver` flag.
**Warning**: `docker logs` command works only for `json-file` logging driver.
**--log-opt**=[]
Logging driver specific options.
**-m**, **--memory**=""
Memory limit (format: <number><optional unit>, where unit = b, k, m or g)
Allows you to constrain the memory available to a container. If the host
supports swap memory, then the **-m** memory setting can be larger than physical
RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of trillions).
**--memory-swap**=""
Total memory limit (memory + swap)
Set `-1` to disable swap (format: <number><optional unit>, where unit = b, k, m or g).
This value should always larger than **-m**, so you should always use this with **-m**.
**--mac-address**=""
Container MAC address (e.g. 92:d0:c6:0a:29:33)
**--name**=""
Assign a name to the container
**--net**="bridge"
Set the Network mode for the container
'bridge': creates a new network stack for the container on the docker bridge
'none': no networking for this container
'container:<name|id>': reuses another container network stack
'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
**--oom-kill-disable**=*true*|*false*
Whether to disable OOM Killer for the container or not.
**-P**, **--publish-all**=*true*|*false*
Publish all exposed ports to random ports on the host interfaces. The default is *false*.
**-p**, **--publish**=[]
Publish a container's port, or a range of ports, to the host
format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
Both hostPort and containerPort can be specified as a range of ports.
When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`)
(use 'docker port' to see the actual mapping)
**--pid**=host
Set the PID mode for the container
**host**: use the host's PID namespace inside the container.
Note: the host mode gives the container full access to local PID and is therefore considered insecure.
**--uts**=host
Set the UTS mode for the container
**host**: use the host's UTS namespace inside the container.
Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure.
**--privileged**=*true*|*false*
Give extended privileges to this container. The default is *false*.
**--read-only**=*true*|*false*
Mount the container's root filesystem as read only.
**--restart**="no"
Restart policy to apply when a container exits (no, on-failure[:max-retry], always)
**--security-opt**=[]
Security Options
**-t**, **--tty**=*true*|*false*
Allocate a pseudo-TTY. The default is *false*.
**-u**, **--user**=""
Username or UID
**-v**, **--volume**=[]
Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)
**--volumes-from**=[]
Mount volumes from the specified container(s)
**-w**, **--workdir**=""
Working directory inside the container
# HISTORY
August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
September 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

49
man/docker-diff.1.md Normal file
View File

@ -0,0 +1,49 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-diff - Inspect changes on a container's filesystem
# SYNOPSIS
**docker diff**
[**--help**]
CONTAINER
# DESCRIPTION
Inspect changes on a container's filesystem. You can use the full or
shortened container ID or the container name set using
**docker run --name** option.
# OPTIONS
**--help**
Print usage statement
# EXAMPLES
Inspect the changes to on a nginx container:
# docker diff 1fdfd1f54c1b
C /dev
C /dev/console
C /dev/core
C /dev/stdout
C /dev/fd
C /dev/ptmx
C /dev/stderr
C /dev/stdin
C /run
A /run/nginx.pid
C /var/lib/nginx/tmp
A /var/lib/nginx/tmp/client_body
A /var/lib/nginx/tmp/fastcgi
A /var/lib/nginx/tmp/proxy
A /var/lib/nginx/tmp/scgi
A /var/lib/nginx/tmp/uwsgi
C /var/log/nginx
A /var/log/nginx/access.log
A /var/log/nginx/error.log
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

86
man/docker-events.1.md Normal file
View File

@ -0,0 +1,86 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-events - Get real time events from the server
# SYNOPSIS
**docker events**
[**--help**]
[**-f**|**--filter**[=*[]*]]
[**--since**[=*SINCE*]]
[**--until**[=*UNTIL*]]
# DESCRIPTION
Get event information from the Docker daemon. Information can include historical
information and real-time information.
Docker containers will report the following events:
create, destroy, die, export, kill, pause, restart, start, stop, unpause
and Docker images will report:
untag, delete
# OPTIONS
**--help**
Print usage statement
**-f**, **--filter**=[]
Provide filter values (i.e., 'event=stop')
**--since**=""
Show all events created since timestamp
**--until**=""
Stream events until this timestamp
You can specify `--since` and `--until` parameters as an RFC 3339 date,
a UNIX timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Docker computes
the date relative to the client machines time.
# EXAMPLES
## Listening for Docker events
After running docker events a container 786d698004576 is started and stopped
(The container name has been shortened in the output below):
# docker events
2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) start
2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) die
2015-01-28T20:21:32.000000000-08:00 59211849bc10: (from whenry/testimage:latest) stop
## Listening for events since a given date
Again the output container IDs have been shortened for the purposes of this document:
# docker events --since '2015-01-28'
2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create
2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start
2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create
2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start
2015-01-28T20:25:40.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die
2015-01-28T20:25:42.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop
2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start
2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die
2015-01-28T20:25:46.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop
The following example outputs all events that were generated in the last 3 minutes,
relative to the current time on the client machine:
# docker events --since '3m'
2015-05-12T11:51:30.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die
2015-05-12T15:52:12.999999999Z07:00 4 4386fb97867d: (from ubuntu-1:14.04) stop
2015-05-12T15:53:45.999999999Z07:00 7805c1d35632: (from redis:2.8) die
2015-05-12T15:54:03.999999999Z07:00 7805c1d35632: (from redis:2.8) stop
If you do not provide the --since option, the command returns only new and/or
live events.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
June 2015, updated by Brian Goff <cpuguy83@gmail.com>

51
man/docker-exec.1.md Normal file
View File

@ -0,0 +1,51 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-exec - Run a command in a running container
# SYNOPSIS
**docker exec**
[**-d**|**--detach**[=*false*]]
[**--help**]
[**-i**|**--interactive**[=*false*]]
[**-t**|**--tty**[=*false*]]
[**-u**|**--user**[=*USER*]]
CONTAINER COMMAND [ARG...]
# DESCRIPTION
Run a process in a running container.
The command started using `docker exec` will only run while the container's primary
process (`PID 1`) is running, and will not be restarted if the container is restarted.
If the container is paused, then the `docker exec` command will wait until the
container is unpaused, and then run
# OPTIONS
**-d**, **--detach**=*true*|*false*
Detached mode: run command in the background. The default is *false*.
**--help**
Print usage statement
**-i**, **--interactive**=*true*|*false*
Keep STDIN open even if not attached. The default is *false*.
**-t**, **--tty**=*true*|*false*
Allocate a pseudo-TTY. The default is *false*.
**-u**, **--user**=""
Sets the username or UID used and optionally the groupname or GID for the specified command.
The followings examples are all valid:
--user [user | user:group | uid | uid:gid | user:gid | uid:group ]
Without this argument the command will be run as root in the container.
The **-t** option is incompatible with a redirection of the docker client
standard input.
# HISTORY
November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

44
man/docker-export.1.md Normal file
View File

@ -0,0 +1,44 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-export - Export the contents of a filesystem as a tar archive to STDOUT
# SYNOPSIS
**docker export**
[**--help**]
CONTAINER
# DESCRIPTION
Export the contents of a container's filesystem using the full or shortened
container ID or container name. The output is exported to STDOUT and can be
redirected to a tar file.
Stream to a file instead of STDOUT by using **-o**.
# OPTIONS
**--help**
Print usage statement
**-o**, **--output**=""
Write to a file, instead of STDOUT
# EXAMPLES
Export the contents of the container called angry_bell to a tar file
called angry_bell.tar:
# docker export angry_bell > angry_bell.tar
# docker export --output=angry_bell-latest.tar angry_bell
# ls -sh angry_bell.tar
321M angry_bell.tar
# ls -sh angry_bell-latest.tar
321M angry_bell-latest.tar
# See also
**docker-import(1)** to create an empty filesystem image
and import the contents of the tarball into it, then optionally tag it.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
January 2015, updated by Joseph Kern (josephakern at gmail dot com)

51
man/docker-history.1.md Normal file
View File

@ -0,0 +1,51 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-history - Show the history of an image
# SYNOPSIS
**docker history**
[**--help**]
[**--no-trunc**[=*false*]]
[**-q**|**--quiet**[=*false*]]
IMAGE
# DESCRIPTION
Show the history of when and how an image was created.
# OPTIONS
**--help**
Print usage statement
**-H**. **--human**=*true*|*false*
Print sizes and dates in human readable format. The default is *true*.
**--no-trunc**=*true*|*false*
Don't truncate output. The default is *false*.
**-q**, **--quiet**=*true*|*false*
Only show numeric IDs. The default is *false*.
# EXAMPLES
$ docker history fedora
IMAGE CREATED CREATED BY SIZE COMMENT
105182bb5e8b 5 days ago /bin/sh -c #(nop) ADD file:71356d2ad59aa3119d 372.7 MB
73bd853d2ea5 13 days ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B
511136ea3c5a 10 months ago 0 B Imported from -
## Display comments in the image history
The `docker commit` command has a **-m** flag for adding comments to the image. These comments will be displayed in the image history.
$ sudo docker history docker:scm
IMAGE CREATED CREATED BY SIZE COMMENT
2ac9d1098bf1 3 months ago /bin/bash 241.4 MB Added Apache to Fedora base image
88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB
c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B
511136ea3c5a 19 months ago 0 B Imported from -
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

84
man/docker-images.1.md Normal file
View File

@ -0,0 +1,84 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-images - List images
# SYNOPSIS
**docker images**
[**--help**]
[**-a**|**--all**[=*false*]]
[**--digests**[=*false*]]
[**-f**|**--filter**[=*[]*]]
[**--no-trunc**[=*false*]]
[**-q**|**--quiet**[=*false*]]
[REPOSITORY]
# DESCRIPTION
This command lists the images stored in the local Docker repository.
By default, intermediate images, used during builds, are not listed. Some of the
output, e.g., image ID, is truncated, for space reasons. However the truncated
image ID, and often the first few characters, are enough to be used in other
Docker commands that use the image ID. The output includes repository, tag, image
ID, date created and the virtual size.
The title REPOSITORY for the first title may seem confusing. It is essentially
the image name. However, because you can tag a specific image, and multiple tags
(image instances) can be associated with a single name, the name is really a
repository for all tagged images of the same name. For example consider an image
called fedora. It may be tagged with 18, 19, or 20, etc. to manage different
versions.
# OPTIONS
**-a**, **--all**=*true*|*false*
Show all images (by default filter out the intermediate image layers). The default is *false*.
**--digests**=*true*|*false*
Show image digests. The default is *false*.
**-f**, **--filter**=[]
Filters the output. The dangling=true filter finds unused images. While label=com.foo=amd64 filters for images with a com.foo value of amd64. The label=com.foo filter finds images with the label com.foo of any value.
**--help**
Print usage statement
**--no-trunc**=*true*|*false*
Don't truncate output. The default is *false*.
**-q**, **--quiet**=*true*|*false*
Only show numeric IDs. The default is *false*.
# EXAMPLES
## Listing the images
To list the images in a local repository (not the registry) run:
docker images
The list will contain the image repository name, a tag for the image, and an
image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG,
IMAGE ID, CREATED, and VIRTUAL SIZE.
To get a verbose list of images which contains all the intermediate images
used in builds use **-a**:
docker images -a
Previously, the docker images command supported the --tree and --dot arguments,
which displayed different visualizations of the image data. Docker core removed
this functionality in the 1.7 version. If you liked this functionality, you can
still find it in the third-party dockviz tool: https://github.com/justone/dockviz.
## Listing only the shortened image IDs
Listing just the shortened image IDs. This can be useful for some automated
tools.
docker images -q
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

59
man/docker-import.1.md Normal file
View File

@ -0,0 +1,59 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-import - Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it.
# SYNOPSIS
**docker import**
[**-c**|**--change**[= []**]]
[**--help**]
URL|- [REPOSITORY[:TAG]]
# OPTIONS
**-c**, **--change**=[]
Apply specified Dockerfile instructions while importing the image
Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR`
# DESCRIPTION
Create a new filesystem image from the contents of a tarball (`.tar`,
`.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it.
# OPTIONS
**--help**
Print usage statement
# EXAMPLES
## Import from a remote location
# docker import http://example.com/exampleimage.tgz example/imagerepo
## Import from a local file
Import to docker via pipe and stdin:
# cat exampleimage.tgz | docker import - example/imagelocal
## Import from a local file and tag
Import to docker via pipe and stdin:
# cat exampleimageV2.tgz | docker import - example/imagelocal:V-2.0
## Import from a local directory
# tar -c . | docker import - exampleimagedir
## Apply specified Dockerfile instructions while importing the image
This example sets the docker image ENV variable DEBUG to true by default.
# tar -c . | docker import -c="ENV DEBUG true" - exampleimagedir
# See also
**docker-export(1)** to export the contents of a filesystem as a tar archive to STDOUT.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

49
man/docker-info.1.md Normal file
View File

@ -0,0 +1,49 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-info - Display system-wide information
# SYNOPSIS
**docker info**
[**--help**]
# DESCRIPTION
This command displays system wide information regarding the Docker installation.
Information displayed includes the number of containers and images, pool name,
data file, metadata file, data space used, total data space, metadata space used
, total metadata space, execution driver, and the kernel version.
The data file is where the images are stored and the metadata file is where the
meta data regarding those images are stored. When run for the first time Docker
allocates a certain amount of data space and meta data space from the space
available on the volume where `/var/lib/docker` is mounted.
# OPTIONS
**--help**
Print usage statement
# EXAMPLES
## Display Docker system information
Here is a sample output:
# docker info
Containers: 14
Images: 52
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Dirs: 80
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.13.0-24-generic
Operating System: Ubuntu 14.04 LTS
CPUs: 1
Total Memory: 2 GiB
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

267
man/docker-inspect.1.md Normal file
View File

@ -0,0 +1,267 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-inspect - Return low-level information on a container or image
# SYNOPSIS
**docker inspect**
[**--help**]
[**-f**|**--format**[=*FORMAT*]]
CONTAINER|IMAGE [CONTAINER|IMAGE...]
# DESCRIPTION
This displays all the information available in Docker for a given
container or image. By default, this will render all results in a JSON
array. If a format is specified, the given template will be executed for
each result.
# OPTIONS
**--help**
Print usage statement
**-f**, **--format**=""
Format the output using the given go template.
# EXAMPLES
## Getting information on a container
To get information on a container use its ID or instance name:
$ docker inspect 1eb5fabf5a03
[{
"AppArmorProfile": "",
"Args": [],
"Config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/usr/sbin/nginx"
],
"Domainname": "",
"Entrypoint": null,
"Env": [
"HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"ExposedPorts": {
"80/tcp": {}
},
"Hostname": "1eb5fabf5a03",
"Image": "summit/nginx",
"Labels": {
"com.example.vendor": "Acme",
"com.example.license": "GPL",
"com.example.version": "1.0"
},
"MacAddress": "",
"NetworkDisabled": false,
"OnBuild": null,
"OpenStdin": false,
"StdinOnce": false,
"Tty": true,
"User": "",
"Volumes": null,
"WorkingDir": "",
},
"Created": "2014-04-04T21:33:52.02361335Z",
"Driver": "devicemapper",
"ExecDriver": "native-0.1",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"CapAdd": null,
"CapDrop": null,
"CgroupParent": "",
"ContainerIDFile": "",
"CpuShares": 512,
"CpusetCpus": "0,1",
"CpusetMems": "",
"Devices": [],
"Dns": null,
"DnsSearch": null,
"ExtraHosts": null,
"IpcMode": "",
"Links": null,
"LogConfig": {
"Config": null,
"Type": "json-file"
},
"LxcConf": null,
"Memory": 16777216,
"MemorySwap": -1,
"NetworkMode": "",
"PidMode": "",
"PortBindings": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "80"
}
]
},
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"RestartPolicy": {
"MaximumRetryCount": 0,
"Name": ""
},
"SecurityOpt": null,
"Ulimits": null,
"VolumesFrom": null
}
"HostnamePath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hostname",
"HostsPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hosts",
"ID": "1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b",
"Image": "df53773a4390e25936f9fd3739e0c0e60a62d024ea7b669282b27e65ae8458e6",
"LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
"MountLabel": "",
"Name": "/ecstatic_ptolemy",
"NetworkSettings": {
"Bridge": "docker0",
"Gateway": "172.17.42.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"MacAddress": "",
"PortMapping": null,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "80"
}
]
}
},
"Path": "/usr/sbin/nginx",
"ProcessLabel": "",
"ResolvConfPath": "/etc/resolv.conf",
"RestartCount": 0,
"State": {
"Dead": false,
"Error": "",
"ExitCode": 0,
"FinishedAt": "0001-01-01T00:00:00Z",
"OOMKilled": false,
"Paused": false,
"Pid": 858,
"Restarting": false,
"Running": true,
"StartedAt": "2014-04-04T21:33:54.16259207Z",
},
"Volumes": {},
"VolumesRW": {},
}
## Getting the IP address of a container instance
To get the IP address of a container use:
$ docker inspect --format='{{.NetworkSettings.IPAddress}}' 1eb5fabf5a03
172.17.0.2
## Listing all port bindings
One can loop over arrays and maps in the results to produce simple text
output:
$ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} \
{{$p}} -> {{(index $conf 0).HostPort}} {{end}}' 1eb5fabf5a03
80/tcp -> 80
You can get more information about how to write a go template from:
http://golang.org/pkg/text/template/.
## Getting information on an image
Use an image's ID or name (e.g., repository/name[:tag]) to get information
on it.
$ docker inspect fc1203419df2
[{
"Architecture": "amd64",
"Author": "",
"Comment": "",
"Config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"make",
"direct-test"
],
"Domainname": "",
"Entrypoint": [
"/dind"
],
"Env": [
"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
],
"ExposedPorts": null,
"Hostname": "242978536a06",
"Image": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a",
"Labels": {},
"MacAddress": "",
"NetworkDisabled": false,
"OnBuild": [],
"OpenStdin": false,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": null,
"WorkingDir": "/go/src/github.com/docker/libcontainer"
},
"Container": "1c00417f3812a96d3ebc29e7fdee69f3d586d703ab89c8233fd4678d50707b39",
"ContainerConfig": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/bin/sh",
"-c",
"#(nop) CMD [\"make\" \"direct-test\"]"
],
"Domainname": "",
"Entrypoint": [
"/dind"
],
"Env": [
"PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
],
"ExposedPorts": null,
"Hostname": "242978536a06",
"Image": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a",
"Labels": {},
"MacAddress": "",
"NetworkDisabled": false,
"OnBuild": [],
"OpenStdin": false,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": null,
"WorkingDir": "/go/src/github.com/docker/libcontainer"
},
"Created": "2015-04-07T05:34:39.079489206Z",
"DockerVersion": "1.5.0-dev",
"Id": "fc1203419df26ca82cad1dd04c709cb1b8a8a947bd5bcbdfbef8241a76f031db",
"Os": "linux",
"Parent": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a",
"Size": 0,
"VirtualSize": 613136466
}]
# HISTORY
April 2014, originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2015, updated by Qiang Huang <h.huangqiang@huawei.com>

28
man/docker-kill.1.md Normal file
View File

@ -0,0 +1,28 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-kill - Kill a running container using SIGKILL or a specified signal
# SYNOPSIS
**docker kill**
[**--help**]
[**-s**|**--signal**[=*"KILL"*]]
CONTAINER [CONTAINER...]
# DESCRIPTION
The main process inside each container specified will be sent SIGKILL,
or any signal specified with option --signal.
# OPTIONS
**--help**
Print usage statement
**-s**, **--signal**="KILL"
Signal to send to the container
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

45
man/docker-load.1.md Normal file
View File

@ -0,0 +1,45 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-load - Load an image from a tar archive on STDIN
# SYNOPSIS
**docker load**
[**--help**]
[**-i**|**--input**[=*INPUT*]]
# DESCRIPTION
Loads a tarred repository from a file or the standard input stream.
Restores both images and tags.
# OPTIONS
**--help**
Print usage statement
**-i**, **--input**=""
Read from a tar archive file, instead of STDIN
# EXAMPLES
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
busybox latest 769b9341d937 7 weeks ago 2.489 MB
$ docker load --input fedora.tar
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
busybox latest 769b9341d937 7 weeks ago 2.489 MB
fedora rawhide 0d20aec6529d 7 weeks ago 387 MB
fedora 20 58394af37342 7 weeks ago 385.5 MB
fedora heisenbug 58394af37342 7 weeks ago 385.5 MB
fedora latest 58394af37342 7 weeks ago 385.5 MB
# See also
**docker-save(1)** to save an image(s) to a tar archive (streamed to STDOUT by default).
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

51
man/docker-login.1.md Normal file
View File

@ -0,0 +1,51 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-login - Register or log in to a Docker registry.
# SYNOPSIS
**docker login**
[**-e**|**--email**[=*EMAIL*]]
[**--help**]
[**-p**|**--password**[=*PASSWORD*]]
[**-u**|**--username**[=*USERNAME*]]
[SERVER]
# DESCRIPTION
Register or log in to a Docker Registry located on the specified
`SERVER`. You can specify a URL or a `hostname` for the `SERVER` value. If you
do not specify a `SERVER`, the command uses Docker's public registry located at
`https://registry-1.docker.io/` by default. To get a username/password for Docker's public registry, create an account on Docker Hub.
You can log into any public or private repository for which you have
credentials. When you log in, the command stores encoded credentials in
`$HOME/.dockercfg` on Linux or `%USERPROFILE%/.dockercfg` on Windows.
# OPTIONS
**-e**, **--email**=""
Email
**--help**
Print usage statement
**-p**, **--password**=""
Password
**-u**, **--username**=""
Username
# EXAMPLES
## Login to a registry on your localhost
# docker login localhost:8080
# See also
**docker-logout(1)** to log out from a Docker registry.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2015, updated by Mary Anthony for v2 <mary@docker.com>

32
man/docker-logout.1.md Normal file
View File

@ -0,0 +1,32 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-logout - Log out from a Docker Registry.
# SYNOPSIS
**docker logout**
[SERVER]
# DESCRIPTION
Log out of a Docker Registry located on the specified `SERVER`. You can
specify a URL or a `hostname` for the `SERVER` value. If you do not specify a
`SERVER`, the command attempts to log you out of Docker's public registry
located at `https://registry-1.docker.io/` by default.
# OPTIONS
There are no available options.
# EXAMPLES
## Log out from a registry on your localhost
# docker logout localhost:8080
# See also
**docker-login(1)** to register or log in to a Docker registry server.
# HISTORY
June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io)
July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2015, updated by Mary Anthony for v2 <mary@docker.com>

55
man/docker-logs.1.md Normal file
View File

@ -0,0 +1,55 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-logs - Fetch the logs of a container
# SYNOPSIS
**docker logs**
[**-f**|**--follow**[=*false*]]
[**--help**]
[**--since**[=*SINCE*]]
[**-t**|**--timestamps**[=*false*]]
[**--tail**[=*"all"*]]
CONTAINER
# DESCRIPTION
The **docker logs** command batch-retrieves whatever logs are present for
a container at the time of execution. This does not guarantee execution
order when combined with a docker run (i.e., your run may not have generated
any logs at the time you execute docker logs).
The **docker logs --follow** command combines commands **docker logs** and
**docker attach**. It will first return all logs from the beginning and
then continue streaming new output from the containers stdout and stderr.
**Warning**: This command works only for **json-file** logging driver.
# OPTIONS
**--help**
Print usage statement
**-f**, **--follow**=*true*|*false*
Follow log output. The default is *false*.
**--since**=""
Show logs since timestamp
**-t**, **--timestamps**=*true*|*false*
Show timestamps. The default is *false*.
**--tail**="all"
Output the specified number of lines at the end of logs (defaults to all logs)
The `--since` option shows only the container logs generated after
a given date. You can specify the date as an RFC 3339 date, a UNIX
timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Docker computes
the date relative to the client machines time. You can combine
the `--since` option with either or both of the `--follow` or `--tail` options.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2015, updated by Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>

30
man/docker-pause.1.md Normal file
View File

@ -0,0 +1,30 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-pause - Pause all processes within a container
# SYNOPSIS
**docker pause**
CONTAINER [CONTAINER...]
# DESCRIPTION
The `docker pause` command uses the cgroups freezer to suspend all processes in
a container. Traditionally when suspending a process the `SIGSTOP` signal is
used, which is observable by the process being suspended. With the cgroups freezer
the process is unaware, and unable to capture, that it is being suspended,
and subsequently resumed.
See the [cgroups freezer documentation]
(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for
further details.
# OPTIONS
There are no available options.
# See also
**docker-unpause(1)** to unpause all processes within a container.
# HISTORY
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

47
man/docker-port.1.md Normal file
View File

@ -0,0 +1,47 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-port - List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT
# SYNOPSIS
**docker port**
[**--help**]
CONTAINER [PRIVATE_PORT[/PROTO]]
# DESCRIPTION
List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT
# OPTIONS
**--help**
Print usage statement
# EXAMPLES
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test
## Find out all the ports mapped
# docker port test
7890/tcp -> 0.0.0.0:4321
9876/tcp -> 0.0.0.0:1234
## Find out a specific mapping
# docker port test 7890/tcp
0.0.0.0:4321
# docker port test 7890
0.0.0.0:4321
## An example showing error for non-existent mapping
# docker port test 7890/udp
2014/06/24 11:53:36 Error: No public port '7890/udp' published for test
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

91
man/docker-ps.1.md Normal file
View File

@ -0,0 +1,91 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% FEBRUARY 2015
# NAME
docker-ps - List containers
# SYNOPSIS
**docker ps**
[**-a**|**--all**[=*false*]]
[**--before**[=*BEFORE*]]
[**--help**]
[**-f**|**--filter**[=*[]*]]
[**-l**|**--latest**[=*false*]]
[**-n**[=*-1*]]
[**--no-trunc**[=*false*]]
[**-q**|**--quiet**[=*false*]]
[**-s**|**--size**[=*false*]]
[**--since**[=*SINCE*]]
# DESCRIPTION
List the containers in the local repository. By default this show only
the running containers.
# OPTIONS
**-a**, **--all**=*true*|*false*
Show all containers. Only running containers are shown by default. The default is *false*.
**--before**=""
Show only container created before Id or Name, include non-running ones.
**--help**
Print usage statement
**-f**, **--filter**=[]
Provide filter values. Valid filters:
exited=<int> - containers with exit code of <int>
label=<key> or label=<key>=<value>
status=(created|restarting|running|paused|exited)
name=<string> - container's name
id=<ID> - container's ID
**-l**, **--latest**=*true*|*false*
Show only the latest created container, include non-running ones. The default is *false*.
**-n**=-1
Show n last created containers, include non-running ones.
**--no-trunc**=*true*|*false*
Don't truncate output. The default is *false*.
**-q**, **--quiet**=*true*|*false*
Only display numeric IDs. The default is *false*.
**-s**, **--size**=*true*|*false*
Display total file sizes. The default is *false*.
**--since**=""
Show only containers created since Id or Name, include non-running ones.
# EXAMPLES
# Display all containers, including non-running
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a87ecb4f327c fedora:20 /bin/sh -c #(nop) MA 20 minutes ago Exit 0 desperate_brattain
01946d9d34d8 vpavlin/rhel7:latest /bin/sh -c #(nop) MA 33 minutes ago Exit 0 thirsty_bell
c1d3b0166030 acffc0358b9e /bin/sh -c yum -y up 2 weeks ago Exit 1 determined_torvalds
41d50ecd2f57 fedora:20 /bin/sh -c #(nop) MA 2 weeks ago Exit 0 drunk_pike
# Display only IDs of all containers, including non-running
# docker ps -a -q
a87ecb4f327c
01946d9d34d8
c1d3b0166030
41d50ecd2f57
# Display only IDs of all containers that have the name `determined_torvalds`
# docker ps -a -q --filter=name=determined_torvalds
c1d3b0166030
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
February 2015, updated by André Martins <martins@noironetworks.com>

73
man/docker-pull.1.md Normal file
View File

@ -0,0 +1,73 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-pull - Pull an image or a repository from a registry
# SYNOPSIS
**docker pull**
[**-a**|**--all-tags**[=*false*]]
[**--help**]
NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG]
# DESCRIPTION
This command pulls down an image or a repository from a registry. If
there is more than one image for a repository (e.g., fedora) then all
images for that repository name are pulled down including any tags.
If you do not specify a `REGISTRY_HOST`, the command uses Docker's public
registry located at `registry-1.docker.io` by default.
# OPTIONS
**-a**, **--all-tags**=*true*|*false*
Download all tagged images in the repository. The default is *false*.
**--help**
Print usage statement
# EXAMPLE
# Pull a repository with multiple images
# Note that if the image is previously downloaded then the status would be
# 'Status: Image is up to date for fedora'
$ docker pull fedora
Pulling repository fedora
ad57ef8d78d7: Download complete
105182bb5e8b: Download complete
511136ea3c5a: Download complete
73bd853d2ea5: Download complete
Status: Downloaded newer image for fedora
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB
fedora 20 105182bb5e8b 5 days ago 372.7 MB
fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB
fedora latest 105182bb5e8b 5 days ago 372.7 MB
# Pull an image, manually specifying path to Docker's public registry and tag
# Note that if the image is previously downloaded then the status would be
# 'Status: Image is up to date for registry.hub.docker.com/fedora:20'
$ docker pull registry.hub.docker.com/fedora:20
Pulling repository fedora
3f2fed40e4b0: Download complete
511136ea3c5a: Download complete
fd241224e9cf: Download complete
Status: Downloaded newer image for registry.hub.docker.com/fedora:20
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
fedora 20 3f2fed40e4b0 4 days ago 372.7 MB
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2015, updated by John Willis <john.willis@docker.com>
April 2015, updated by Mary Anthony for v2 <mary@docker.com>

51
man/docker-push.1.md Normal file
View File

@ -0,0 +1,51 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-push - Push an image or a repository to a registry
# SYNOPSIS
**docker push**
[**--help**]
NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG]
# DESCRIPTION
This command pushes an image or a repository to a registry. If you do not
specify a `REGISTRY_HOST`, the command uses Docker's public registry located at
`registry-1.docker.io` by default.
# OPTIONS
**--help**
Print usage statement
# EXAMPLES
# Pushing a new image to a registry
First save the new image by finding the container ID (using **docker ps**)
and then committing it to a new image name:
# docker commit c16378f943fe rhel-httpd
Now, push the image to the registry using the image ID. In this example the
registry is on host named `registry-host` and listening on port `5000`. To do
this, tag the image with the host name or IP address, and the port of the
registry:
# docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd
# docker push registry-host:5000/myadmin/rhel-httpd
Check that this worked by running:
# docker images
You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd`
listed.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2015, updated by Mary Anthony for v2 <mary@docker.com>

13
man/docker-rename.1.md Normal file
View File

@ -0,0 +1,13 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% OCTOBER 2014
# NAME
docker-rename - Rename a container
# SYNOPSIS
**docker rename**
OLD_NAME NEW_NAME
# OPTIONS
There are no available options.

26
man/docker-restart.1.md Normal file
View File

@ -0,0 +1,26 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-restart - Restart a running container
# SYNOPSIS
**docker restart**
[**--help**]
[**-t**|**--time**[=*10*]]
CONTAINER [CONTAINER...]
# DESCRIPTION
Restart each container listed.
# OPTIONS
**--help**
Print usage statement
**-t**, **--time**=10
Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

56
man/docker-rm.1.md Normal file
View File

@ -0,0 +1,56 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-rm - Remove one or more containers
# SYNOPSIS
**docker rm**
[**-f**|**--force**[=*false*]]
[**-l**|**--link**[=*false*]]
[**-v**|**--volumes**[=*false*]]
CONTAINER [CONTAINER...]
# DESCRIPTION
**docker rm** will remove one or more containers from the host node. The
container name or ID can be used. This does not remove images. You cannot
remove a running container unless you use the \fB-f\fR option. To see all
containers on a host use the **docker ps -a** command.
# OPTIONS
**--help**
Print usage statement
**-f**, **--force**=*true*|*false*
Force the removal of a running container (uses SIGKILL). The default is *false*.
**-l**, **--link**=*true*|*false*
Remove the specified link and not the underlying container. The default is *false*.
**-v**, **--volumes**=*true*|*false*
Remove the volumes associated with the container. The default is *false*.
# EXAMPLES
##Removing a container using its ID##
To remove a container using its ID, find either from a **docker ps -a**
command, or use the ID returned from the **docker run** command, or retrieve
it from a file used to store it using the **docker run --cidfile**:
docker rm abebf7571666
##Removing a container using the container name##
The name of the container can be found using the **docker ps -a**
command. The use that name as follows:
docker rm hopeful_morse
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
August 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

42
man/docker-rmi.1.md Normal file
View File

@ -0,0 +1,42 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-rmi - Remove one or more images
# SYNOPSIS
**docker rmi**
[**-f**|**--force**[=*false*]]
[**--help**]
[**--no-prune**[=*false*]]
IMAGE [IMAGE...]
# DESCRIPTION
Removes one or more images from the host node. This does not remove images from
a registry. You cannot remove an image of a running container unless you use the
**-f** option. To see all images on a host use the **docker images** command.
# OPTIONS
**-f**, **--force**=*true*|*false*
Force removal of the image. The default is *false*.
**--help**
Print usage statement
**--no-prune**=*true*|*false*
Do not delete untagged parents. The default is *false*.
# EXAMPLES
## Removing an image
Here is an example of removing and image:
docker rmi fedora/httpd
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2015, updated by Mary Anthony for v2 <mary@docker.com>

658
man/docker-run.1.md Normal file
View File

@ -0,0 +1,658 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-run - Run a command in a new container
# SYNOPSIS
**docker run**
[**-a**|**--attach**[=*[]*]]
[**--add-host**[=*[]*]]
[**--blkio-weight**[=*[BLKIO-WEIGHT]*]]
[**-c**|**--cpu-shares**[=*0*]]
[**--cap-add**[=*[]*]]
[**--cap-drop**[=*[]*]]
[**--cidfile**[=*CIDFILE*]]
[**--cpu-period**[=*0*]]
[**--cpuset-cpus**[=*CPUSET-CPUS*]]
[**--cpuset-mems**[=*CPUSET-MEMS*]]
[**-d**|**--detach**[=*false*]]
[**--cpu-quota**[=*0*]]
[**--device**[=*[]*]]
[**--dns-search**[=*[]*]]
[**--dns**[=*[]*]]
[**-e**|**--env**[=*[]*]]
[**--entrypoint**[=*ENTRYPOINT*]]
[**--env-file**[=*[]*]]
[**--expose**[=*[]*]]
[**-h**|**--hostname**[=*HOSTNAME*]]
[**--help**]
[**-i**|**--interactive**[=*false*]]
[**--ipc**[=*IPC*]]
[**-l**|**--label**[=*[]*]]
[**--label-file**[=*[]*]]
[**--link**[=*[]*]]
[**--lxc-conf**[=*[]*]]
[**--log-driver**[=*[]*]]
[**--log-opt**[=*[]*]]
[**-m**|**--memory**[=*MEMORY*]]
[**--memory-swap**[=*MEMORY-SWAP*]]
[**--mac-address**[=*MAC-ADDRESS*]]
[**--name**[=*NAME*]]
[**--net**[=*"bridge"*]]
[**--oom-kill-disable**[=*false*]]
[**-P**|**--publish-all**[=*false*]]
[**-p**|**--publish**[=*[]*]]
[**--pid**[=*[]*]]
[**--uts**[=*[]*]]
[**--privileged**[=*false*]]
[**--read-only**[=*false*]]
[**--restart**[=*RESTART*]]
[**--rm**[=*false*]]
[**--security-opt**[=*[]*]]
[**--sig-proxy**[=*true*]]
[**-t**|**--tty**[=*false*]]
[**-u**|**--user**[=*USER*]]
[**-v**|**--volume**[=*[]*]]
[**--volumes-from**[=*[]*]]
[**-w**|**--workdir**[=*WORKDIR*]]
[**--cgroup-parent**[=*CGROUP-PATH*]]
IMAGE [COMMAND] [ARG...]
# DESCRIPTION
Run a process in a new container. **docker run** starts a process with its own
file system, its own networking, and its own isolated process tree. The IMAGE
which starts the process may define defaults related to the process that will be
run in the container, the networking to expose, and more, but **docker run**
gives final control to the operator or administrator who starts the container
from the image. For that reason **docker run** has more options than any other
Docker command.
If the IMAGE is not already loaded then **docker run** will pull the IMAGE, and
all image dependencies, from the repository in the same way running **docker
pull** IMAGE, before it starts the container from that image.
# OPTIONS
**-a**, **--attach**=[]
Attach to STDIN, STDOUT or STDERR.
In foreground mode (the default when **-d**
is not specified), **docker run** can start the process in the container
and attach the console to the processs standard input, output, and standard
error. It can even pretend to be a TTY (this is what most commandline
executables expect) and pass along signals. The **-a** option can be set for
each of stdin, stdout, and stderr.
**--add-host**=[]
Add a custom host-to-IP mapping (host:ip)
Add a line to /etc/hosts. The format is hostname:ip. The **--add-host**
option can be set multiple times.
**--blkio-weight**=0
Block IO weight (relative weight) accepts a weight value between 10 and 1000.
**-c**, **--cpu-shares**=0
CPU shares (relative weight)
By default, all containers get the same proportion of CPU cycles. This proportion
can be modified by changing the container's CPU share weighting relative
to the weighting of all other running containers.
To modify the proportion from the default of 1024, use the **-c** or **--cpu-shares**
flag to set the weighting to 2 or higher.
The proportion will only apply when CPU-intensive processes are running.
When tasks in one container are idle, other containers can use the
left-over CPU time. The actual amount of CPU time will vary depending on
the number of containers running on the system.
For example, consider three containers, one has a cpu-share of 1024 and
two others have a cpu-share setting of 512. When processes in all three
containers attempt to use 100% of CPU, the first container would receive
50% of the total CPU time. If you add a fourth container with a cpu-share
of 1024, the first container only gets 33% of the CPU. The remaining containers
receive 16.5%, 16.5% and 33% of the CPU.
On a multi-core system, the shares of CPU time are distributed over all CPU
cores. Even if a container is limited to less than 100% of CPU time, it can
use 100% of each individual CPU core.
For example, consider a system with more than three cores. If you start one
container **{C0}** with **-c=512** running one process, and another container
**{C1}** with **-c=1024** running two processes, this can result in the following
division of CPU shares:
PID container CPU CPU share
100 {C0} 0 100% of CPU0
101 {C1} 1 100% of CPU1
102 {C1} 2 100% of CPU2
**--cap-add**=[]
Add Linux capabilities
**--cap-drop**=[]
Drop Linux capabilities
**--cgroup-parent**=""
Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist.
**--cidfile**=""
Write the container ID to the file
**--cpu-period**=0
Limit the CPU CFS (Completely Fair Scheduler) period
Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify.
**--cpuset-cpus**=""
CPUs in which to allow execution (0-3, 0,1)
**--cpuset-mems**=""
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
then processes in your Docker container will only use memory from the first
two memory nodes.
**--cpu-quota**=0
Limit the CPU CFS (Completely Fair Scheduler) quota
Limit the container's CPU usage. By default, containers run with the full
CPU resource. This flag tell the kernel to restrict the container's CPU usage
to the quota you specify.
**-d**, **--detach**=*true*|*false*
Detached mode: run the container in the background and print the new container ID. The default is *false*.
At any time you can run **docker ps** in
the other shell to view a list of the running containers. You can reattach to a
detached container with **docker attach**. If you choose to run a container in
the detached mode, then you cannot use the **-rm** option.
When attached in the tty mode, you can detach from a running container without
stopping the process by pressing the keys CTRL-P CTRL-Q.
**--device**=[]
Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
**--dns-search**=[]
Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)
**--dns**=[]
Set custom DNS servers
This option can be used to override the DNS
configuration passed to the container. Typically this is necessary when the
host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
is the case the **--dns** flags is necessary for every run.
**-e**, **--env**=[]
Set environment variables
This option allows you to specify arbitrary
environment variables that are available for the process that will be launched
inside of the container.
**--entrypoint**=""
Overwrite the default ENTRYPOINT of the image
This option allows you to overwrite the default entrypoint of the image that
is set in the Dockerfile. The ENTRYPOINT of an image is similar to a COMMAND
because it specifies what executable to run when the container starts, but it is
(purposely) more difficult to override. The ENTRYPOINT gives a container its
default nature or behavior, so that when you set an ENTRYPOINT you can run the
container as if it were that binary, complete with default options, and you can
pass in more options via the COMMAND. But, sometimes an operator may want to run
something else inside the container, so you can override the default ENTRYPOINT
at runtime by using a **--entrypoint** and a string to specify the new
ENTRYPOINT.
**--env-file**=[]
Read in a line delimited file of environment variables
**--expose**=[]
Expose a port, or a range of ports (e.g. --expose=3300-3310), from the container without publishing it to your host
**-h**, **--hostname**=""
Container host name
Sets the container host name that is available inside the container.
**--help**
Print usage statement
**-i**, **--interactive**=*true*|*false*
Keep STDIN open even if not attached. The default is *false*.
When set to true, keep stdin open even if not attached. The default is false.
**--ipc**=""
Default is to create a private IPC namespace (POSIX SysV IPC) for the container
'container:<name|id>': reuses another container shared memory, semaphores and message queues
'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
**-l**, **--label**=[]
Set metadata on the container (e.g., --label com.example.key=value)
**--label-file**=[]
Read in a line delimited file of labels
**--link**=[]
Add link to another container in the form of <name or id>:alias or just <name or id>
in which case the alias will match the name
If the operator
uses **--link** when starting the new client container, then the client
container can access the exposed port via a private networking interface. Docker
will set some environment variables in the client container to help indicate
which interface and port to use.
**--lxc-conf**=[]
(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*none*"
Logging driver for container. Default is defined by daemon `--log-driver` flag.
**Warning**: `docker logs` command works only for `json-file` logging driver.
**--log-opt**=[]
Logging driver specific options.
**-m**, **--memory**=""
Memory limit (format: <number><optional unit>, where unit = b, k, m or g)
Allows you to constrain the memory available to a container. If the host
supports swap memory, then the **-m** memory setting can be larger than physical
RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of trillions).
**--memory-swap**=""
Total memory limit (memory + swap)
Set `-1` to disable swap (format: <number><optional unit>, where unit = b, k, m or g).
This value should always larger than **-m**, so you should always use this with **-m**.
**--mac-address**=""
Container MAC address (e.g. 92:d0:c6:0a:29:33)
Remember that the MAC address in an Ethernet network must be unique.
The IPv6 link-local address will be based on the device's MAC address
according to RFC4862.
**--name**=""
Assign a name to the container
The operator can identify a container in three ways:
UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”)
UUID short identifier (“f78375b1c487”)
Name (“jonah”)
The UUID identifiers come from the Docker daemon, and if a name is not assigned
to the container with **--name** then the daemon will also generate a random
string name. The name is useful when defining links (see **--link**) (or any
other place you need to identify a container). This works for both background
and foreground Docker containers.
**--net**="bridge"
Set the Network mode for the container
'bridge': creates a new network stack for the container on the docker bridge
'none': no networking for this container
'container:<name|id>': reuses another container network stack
'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
**--oom-kill-disable**=*true*|*false*
Whether to disable OOM Killer for the container or not.
**-P**, **--publish-all**=*true*|*false*
Publish all exposed ports to random ports on the host interfaces. The default is *false*.
When set to true publish all exposed ports to the host interfaces. The
default is false. If the operator uses -P (or -p) then Docker will make the
exposed port accessible on the host and the ports will be available to any
client that can reach the host. When using -P, Docker will bind any exposed
port to a random port on the host within an *ephemeral port range* defined by
`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host
ports and the exposed ports, use `docker port`.
**-p**, **--publish**=[]
Publish a container's port, or range of ports, to the host.
format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
Both hostPort and containerPort can be specified as a range of ports.
When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`)
(use 'docker port' to see the actual mapping)
**--pid**=host
Set the PID mode for the container
**host**: use the host's PID namespace inside the container.
Note: the host mode gives the container full access to local PID and is therefore considered insecure.
**--uts**=host
Set the UTS mode for the container
**host**: use the host's UTS namespace inside the container.
Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure.
**--privileged**=*true*|*false*
Give extended privileges to this container. The default is *false*.
By default, Docker containers are
“unprivileged” (=false) and cannot, for example, run a Docker daemon inside the
Docker container. This is because by default a container is not allowed to
access any devices. A “privileged” container is given access to all devices.
When the operator executes **docker run --privileged**, Docker will enable access
to all devices on the host as well as set some configuration in AppArmor to
allow the container nearly all the same access to the host as processes running
outside of a container on the host.
**--read-only**=*true*|*false*
Mount the container's root filesystem as read only.
By default a container will have its root filesystem writable allowing processes
to write files anywhere. By specifying the `--read-only` flag the container will have
its root filesystem mounted as read only prohibiting any writes.
**--restart**="no"
Restart policy to apply when a container exits (no, on-failure[:max-retry], always)
**--rm**=*true*|*false*
Automatically remove the container when it exits (incompatible with -d). The default is *false*.
**--security-opt**=[]
Security Options
"label:user:USER" : Set the label user for the container
"label:role:ROLE" : Set the label role for the container
"label:type:TYPE" : Set the label type for the container
"label:level:LEVEL" : Set the label level for the container
"label:disable" : Turn off label confinement for the container
**--sig-proxy**=*true*|*false*
Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*.
**-t**, **--tty**=*true*|*false*
Allocate a pseudo-TTY. The default is *false*.
When set to true Docker can allocate a pseudo-tty and attach to the standard
input of any container. This can be used, for example, to run a throwaway
interactive shell. The default is value is false.
The **-t** option is incompatible with a redirection of the docker client
standard input.
**-u**, **--user**=""
Sets the username or UID used and optionally the groupname or GID for the specified command.
The followings examples are all valid:
--user [user | user:group | uid | uid:gid | user:gid | uid:group ]
Without this argument the command will be run as root in the container.
**-v**, **--volume**=[]
Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)
The **-v** option can be used one or
more times to add one or more mounts to a container. These mounts can then be
used in other containers using the **--volumes-from** option.
The volume may be optionally suffixed with :ro or :rw to mount the volumes in
read-only or read-write mode, respectively. By default, the volumes are mounted
read-write. See examples.
Labeling systems like SELinux require that proper labels are placed on volume
content mounted into a container. Without a label, the security system might
prevent the processes running inside the container from using the content. By
default, Docker does not change the labels set by the OS.
To change a label in the container context, you can add either of two suffixes
`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file
objects on the shared volumes. The `z` option tells Docker that two containers
share the volume content. As a result, Docker labels the content with a shared
content label. Shared volume labels allow all containers to read/write content.
The `Z` option tells Docker to label the content with a private unshared label.
Only the current container can use a private volume.
Note: Multiple Volume options can be added separated by a ","
**--volumes-from**=[]
Mount volumes from the specified container(s)
Mounts already mounted volumes from a source container onto another
container. You must supply the source's container-id. To share
a volume, use the **--volumes-from** option when running
the target container. You can share volumes even if the source container
is not running.
By default, Docker mounts the volumes in the same mode (read-write or
read-only) as it is mounted in the source container. Optionally, you
can change this by suffixing the container-id with either the `:ro` or
`:rw ` keyword.
If the location of the volume from the source container overlaps with
data residing on a target container, then the volume hides
that data on the target.
**-w**, **--workdir**=""
Working directory inside the container
The default working directory for
running binaries within a container is the root directory (/). The developer can
set a different default with the Dockerfile WORKDIR instruction. The operator
can override the working directory by using the **-w** option.
# EXAMPLES
## Exposing log messages from the container to the host's log
If you want messages that are logged in your container to show up in the host's
syslog/journal then you should bind mount the /dev/log directory as follows.
# docker run -v /dev/log:/dev/log -i -t fedora /bin/bash
From inside the container you can test this by sending a message to the log.
(bash)# logger "Hello from my container"
Then exit and check the journal.
# exit
# journalctl -b | grep Hello
This should list the message sent to logger.
## Attaching to one or more from STDIN, STDOUT, STDERR
If you do not specify -a then Docker will attach everything (stdin,stdout,stderr)
. You can specify to which of the three standard streams (stdin, stdout, stderr)
youd like to connect instead, as in:
# docker run -a stdin -a stdout -i -t fedora /bin/bash
## Sharing IPC between containers
Using shm_server.c available here: https://www.cs.cf.ac.uk/Dave/C/node27.html
Testing `--ipc=host` mode:
Host shows a shared memory segment with 7 pids attached, happens to be from httpd:
```
$ sudo ipcs -m
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
0x01128e25 0 root 600 1000 7
```
Now run a regular container, and it correctly does NOT see the shared memory segment from the host:
```
$ docker run -it shm ipcs -m
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
```
Run a container with the new `--ipc=host` option, and it now sees the shared memory segment from the host httpd:
```
$ docker run -it --ipc=host shm ipcs -m
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
0x01128e25 0 root 600 1000 7
```
Testing `--ipc=container:CONTAINERID` mode:
Start a container with a program to create a shared memory segment:
```
$ docker run -it shm bash
$ sudo shm/shm_server &
$ sudo ipcs -m
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
0x0000162e 0 root 666 27 1
```
Create a 2nd container correctly shows no shared memory segment from 1st container:
```
$ docker run shm ipcs -m
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
```
Create a 3rd container using the new --ipc=container:CONTAINERID option, now it shows the shared memory segment from the first:
```
$ docker run -it --ipc=container:ed735b2264ac shm ipcs -m
$ sudo ipcs -m
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
0x0000162e 0 root 666 27 1
```
## Linking Containers
The link feature allows multiple containers to communicate with each other. For
example, a container whose Dockerfile has exposed port 80 can be run and named
as follows:
# docker run --name=link-test -d -i -t fedora/httpd
A second container, in this case called linker, can communicate with the httpd
container, named link-test, by running with the **--link=<name>:<alias>**
# docker run -t -i --link=link-test:lt --name=linker fedora /bin/bash
Now the container linker is linked to container link-test with the alias lt.
Running the **env** command in the linker container shows environment variables
with the LT (alias) context (**LT_**)
# env
HOSTNAME=668231cb0978
TERM=xterm
LT_PORT_80_TCP=tcp://172.17.0.3:80
LT_PORT_80_TCP_PORT=80
LT_PORT_80_TCP_PROTO=tcp
LT_PORT=tcp://172.17.0.3:80
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
LT_NAME=/linker/lt
SHLVL=1
HOME=/
LT_PORT_80_TCP_ADDR=172.17.0.3
_=/usr/bin/env
When linking two containers Docker will use the exposed ports of the container
to create a secure tunnel for the parent to access.
## Mapping Ports for External Usage
The exposed port of an application can be mapped to a host port using the **-p**
flag. For example, a httpd port 80 can be mapped to the host port 8080 using the
following:
# docker run -p 8080:80 -d -i -t fedora/httpd
## Creating and Mounting a Data Volume Container
Many applications require the sharing of persistent data across several
containers. Docker allows you to create a Data Volume Container that other
containers can mount from. For example, create a named container that contains
directories /var/volume1 and /tmp/volume2. The image will need to contain these
directories so a couple of RUN mkdir instructions might be required for you
fedora-data image:
# docker run --name=data -v /var/volume1 -v /tmp/volume2 -i -t fedora-data true
# docker run --volumes-from=data --name=fedora-container1 -i -t fedora bash
Multiple --volumes-from parameters will bring together multiple data volumes from
multiple containers. And it's possible to mount the volumes that came from the
DATA container in yet another container via the fedora-container1 intermediary
container, allowing to abstract the actual data source from users of that data:
# docker run --volumes-from=fedora-container1 --name=fedora-container2 -i -t fedora bash
## Mounting External Volumes
To mount a host directory as a container volume, specify the absolute path to
the directory and the absolute path for the container directory separated by a
colon:
# docker run -v /var/db:/data1 -i -t fedora bash
When using SELinux, be aware that the host has no knowledge of container SELinux
policy. Therefore, in the above example, if SELinux policy is enforced, the
`/var/db` directory is not writable to the container. A "Permission Denied"
message will occur and an avc: message in the host's syslog.
To work around this, at time of writing this man page, the following command
needs to be run in order for the proper SELinux policy type label to be attached
to the host directory:
# chcon -Rt svirt_sandbox_file_t /var/db
Now, writing to the /data1 volume in the container will be allowed and the
changes will also be reflected on the host in /var/db.
## Using alternative security labeling
You can override the default labeling scheme for each container by specifying
the `--security-opt` flag. For example, you can specify the MCS/MLS level, a
requirement for MLS systems. Specifying the level in the following command
allows you to share the same content between containers.
# docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash
An MLS example might be:
# docker run --security-opt label:level:TopSecret -i -t rhel7 bash
To disable the security labeling for this container versus running with the
`--permissive` flag, use the following command:
# docker run --security-opt label:disable -i -t fedora bash
If you want a tighter security policy on the processes within a container,
you can specify an alternate type for the container. You could run a container
that is only allowed to listen on Apache ports by executing the following
command:
# docker run --security-opt label:type:svirt_apache_t -i -t centos bash
Note:
You would have to write policy defining a `svirt_apache_t` type.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

45
man/docker-save.1.md Normal file
View File

@ -0,0 +1,45 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-save - Save an image(s) to a tar archive (streamed to STDOUT by default)
# SYNOPSIS
**docker save**
[**--help**]
[**-o**|**--output**[=*OUTPUT*]]
IMAGE [IMAGE...]
# DESCRIPTION
Produces a tarred repository to the standard output stream. Contains all
parent layers, and all tags + versions, or specified repo:tag.
Stream to a file instead of STDOUT by using **-o**.
# OPTIONS
**--help**
Print usage statement
**-o**, **--output**=""
Write to a file, instead of STDOUT
# EXAMPLES
Save all fedora repository images to a fedora-all.tar and save the latest
fedora image to a fedora-latest.tar:
$ docker save fedora > fedora-all.tar
$ docker save --output=fedora-latest.tar fedora:latest
$ ls -sh fedora-all.tar
721M fedora-all.tar
$ ls -sh fedora-latest.tar
367M fedora-latest.tar
# See also
**docker-load(1)** to load an image from a tar archive on STDIN.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
November 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

65
man/docker-search.1.md Normal file
View File

@ -0,0 +1,65 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-search - Search the Docker Hub for images
# SYNOPSIS
**docker search**
[**--automated**[=*false*]]
[**--help**]
[**--no-trunc**[=*false*]]
[**-s**|**--stars**[=*0*]]
TERM
# DESCRIPTION
Search Docker Hub for an image with that matches the specified `TERM`. The table
of images returned displays the name, description (truncated by default), number
of stars awarded, whether the image is official, and whether it is automated.
*Note* - Search queries will only return up to 25 results
# OPTIONS
**--automated**=*true*|*false*
Only show automated builds. The default is *false*.
**--help**
Print usage statement
**--no-trunc**=*true*|*false*
Don't truncate output. The default is *false*.
**-s**, **--stars**=0
Only displays with at least x stars
# EXAMPLES
## Search Docker Hub for ranked images
Search a registry for the term 'fedora' and only display those images
ranked 3 or higher:
$ docker search -s 3 fedora
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mattdm/fedora A basic Fedora image corresponding roughly... 50
fedora (Semi) Official Fedora base image. 38
mattdm/fedora-small A small Fedora image on which to build. Co... 8
goldmann/wildfly A WildFly application server running on a ... 3 [OK]
## Search Docker Hub for automated images
Search Docker Hub for the term 'fedora' and only display automated images
ranked 1 or higher:
$ docker search -s 1 -t fedora
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
goldmann/wildfly A WildFly application server running on a ... 3 [OK]
tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK]
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2015, updated by Mary Anthony for v2 <mary@docker.com>

34
man/docker-start.1.md Normal file
View File

@ -0,0 +1,34 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-start - Start one or more stopped containers
# SYNOPSIS
**docker start**
[**-a**|**--attach**[=*false*]]
[**--help**]
[**-i**|**--interactive**[=*false*]]
CONTAINER [CONTAINER...]
# DESCRIPTION
Start one or more stopped containers.
# OPTIONS
**-a**, **--attach**=*true*|*false*
Attach container's STDOUT and STDERR and forward all signals to the process. The default is *false*.
**--help**
Print usage statement
**-i**, **--interactive**=*true*|*false*
Attach container's STDIN. The default is *false*.
# See also
**docker-stop(1)** to stop a running container.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

31
man/docker-stats.1.md Normal file
View File

@ -0,0 +1,31 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-stats - Display a live stream of one or more containers' resource usage statistics
# SYNOPSIS
**docker stats**
[**--help**]
CONTAINER [CONTAINER...]
# DESCRIPTION
Display a live stream of one or more containers' resource usage statistics
# OPTIONS
**--help**
Print usage statement
**--no-stream**="false"
Disable streaming stats and only pull the first result
# EXAMPLES
Run **docker stats** with multiple containers.
$ docker stats redis1 redis2
CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O
redis1 0.07% 796 KB/64 MB 1.21% 788 B/648 B
redis2 0.07% 2.746 MB/64 MB 4.29% 1.266 KB/648 B

30
man/docker-stop.1.md Normal file
View File

@ -0,0 +1,30 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-stop - Stop a running container by sending SIGTERM and then SIGKILL after a grace period
# SYNOPSIS
**docker stop**
[**--help**]
[**-t**|**--time**[=*10*]]
CONTAINER [CONTAINER...]
# DESCRIPTION
Stop a running container (Send SIGTERM, and then SIGKILL after
grace period)
# OPTIONS
**--help**
Print usage statement
**-t**, **--time**=10
Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.
#See also
**docker-start(1)** to restart a stopped container.
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

65
man/docker-tag.1.md Normal file
View File

@ -0,0 +1,65 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-tag - Tag an image into a repository
# SYNOPSIS
**docker tag**
[**-f**|**--force**[=*false*]]
[**--help**]
IMAGE[:TAG] [REGISTRY_HOST/][USERNAME/]NAME[:TAG]
# DESCRIPTION
Assigns a new alias to an image in a registry. An alias refers to the
entire image name including the optional `TAG` after the ':'.
If you do not specify a `REGISTRY_HOST`, the command uses Docker's public
registry located at `registry-1.docker.io` by default.
# "OPTIONS"
**-f**, **--force**=*true*|*false*
When set to true, force the alias. The default is *false*.
**REGISTRYHOST**
The hostname of the registry if required. This may also include the port
separated by a ':'
**USERNAME**
The username or other qualifying identifier for the image.
**NAME**
The image name.
**TAG**
The tag you are assigning to the image. Though this is arbitrary it is
recommended to be used for a version to distinguish images with the same name.
Note that here TAG is a part of the overall name or "tag".
# OPTIONS
**-f**, **--force**=*true*|*false*
Force. The default is *false*.
# EXAMPLES
## Giving an image a new alias
Here is an example of aliasing an image (e.g., 0e5574283393) as "httpd" and
tagging it into the "fedora" repository with "version1.0":
docker tag 0e5574283393 fedora/httpd:version1.0
## Tagging an image for a private repository
To push an image to an private registry and not the central Docker
registry you must tag it with the registry hostname and port (if needed).
docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
July 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
April 2015, updated by Mary Anthony for v2 <mary@docker.com>

33
man/docker-top.1.md Normal file
View File

@ -0,0 +1,33 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-top - Display the running processes of a container
# SYNOPSIS
**docker top**
[**--help**]
CONTAINER [ps OPTIONS]
# DESCRIPTION
Look up the running process of the container. ps-OPTION can be any of the
options you would pass to a Linux ps command.
# OPTIONS
**--help**
Print usage statement
# EXAMPLES
Run **docker top** with the ps option of -x:
$ docker top 8601afda2b -x
PID TTY STAT TIME COMMAND
16623 ? Ss 0:00 sleep 99999
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

27
man/docker-unpause.1.md Normal file
View File

@ -0,0 +1,27 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-unpause - Unpause all processes within a container
# SYNOPSIS
**docker unpause**
CONTAINER [CONTAINER...]
# DESCRIPTION
The `docker unpause` command uses the cgroups freezer to un-suspend all
processes in a container.
See the [cgroups freezer documentation]
(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for
further details.
# OPTIONS
There are no available options.
# See also
**docker-pause(1)** to pause all processes within a container.
# HISTORY
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

15
man/docker-version.1.md Normal file
View File

@ -0,0 +1,15 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-version - Show the Docker version information.
# SYNOPSIS
**docker version**
# OPTIONS
There are no available options.
# HISTORY
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

30
man/docker-wait.1.md Normal file
View File

@ -0,0 +1,30 @@
% DOCKER(1) Docker User Manuals
% Docker Community
% JUNE 2014
# NAME
docker-wait - Block until a container stops, then print its exit code.
# SYNOPSIS
**docker wait**
[**--help**]
CONTAINER [CONTAINER...]
# DESCRIPTION
Block until a container stops, then print its exit code.
# OPTIONS
**--help**
Print usage statement
# EXAMPLES
$ docker run -d fedora sleep 99
079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622
$ docker wait 079b83f558a2bc
0
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com)
based on docker.com source material and internal work.
June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>

393
man/docker.1.md Normal file
View File

@ -0,0 +1,393 @@
% DOCKER(1) Docker User Manuals
% William Henry
% APRIL 2014
# NAME
docker \- Docker image and container command line interface
# SYNOPSIS
**docker** [OPTIONS] COMMAND [arg...]
# DESCRIPTION
**docker** has two distinct functions. It is used for starting the Docker
daemon and to run the CLI (i.e., to command the daemon to manage images,
containers etc.) So **docker** is both a server, as a daemon, and a client
to the daemon, through the CLI.
To run the Docker daemon you do not specify any of the commands listed below but
must specify the **-d** option. The other options listed below are for the
daemon only.
The Docker CLI has over 30 commands. The commands are listed below and each has
its own man page which explain usage and arguments.
To see the man page for a command run **man docker <command>**.
# OPTIONS
**-h**, **--help**
Print usage statement
**--api-cors-header**=""
Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all.
**-b**, **--bridge**=""
Attach containers to a pre\-existing network bridge; use 'none' to disable container networking
**--bip**=""
Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b
**-D**, **--debug**=*true*|*false*
Enable debug mode. Default is false.
**-d**, **--daemon**=*true*|*false*
Enable daemon mode. Default is false.
**--default-gateway**=""
IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip)
**--default-gateway-v6**=""
IPv6 address of the container default gateway
**--dns**=""
Force Docker to use specific DNS servers
**-e**, **--exec-driver**=""
Force Docker to use specific exec driver. Default is `native`.
**--exec-opt**=[]
Set exec driver options. See EXEC DRIVER OPTIONS.
**--exec-root**=""
Path to use as the root of the Docker execdriver. Default is `/var/run/docker`.
**--fixed-cidr**=""
IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip)
**--fixed-cidr-v6**=""
IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64)
**-G**, **--group**=""
Group to assign the unix socket specified by -H when running in daemon mode.
use '' (the empty string) to disable setting of a group. Default is `docker`.
**-g**, **--graph**=""
Path to use as the root of the Docker runtime. Default is `/var/lib/docker`.
**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or
unix://[/path/to/socket] to use.
The socket(s) to bind to in daemon mode specified using one or more
tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
**--icc**=*true*|*false*
Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true.
**--ip**=""
Default IP address to use when binding container ports. Default is `0.0.0.0`.
**--ip-forward**=*true*|*false*
Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect.
This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6".
**--ip-masq**=*true*|*false*
Enable IP masquerading for bridge's IP range. Default is true.
**--iptables**=*true*|*false*
Enable Docker's addition of iptables rules. Default is true.
**--ipv6**=*true*|*false*
Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6".
**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*""
Set the logging level. Default is `info`.
**--label**="[]"
Set key=value labels to the daemon (displayed in `docker info`)
**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*none*"
Default driver for container logs. Default is `json-file`.
**Warning**: `docker logs` command works only for `json-file` logging driver.
**--log-opt**=[]
Logging driver specific options.
**--mtu**=VALUE
Set the containers network mtu. Default is `0`.
**-p**, **--pidfile**=""
Path to use for daemon PID file. Default is `/var/run/docker.pid`
**--registry-mirror**=<scheme>://<host>
Prepend a registry mirror to be used for image pulls. May be specified multiple times.
**-s**, **--storage-driver**=""
Force the Docker runtime to use a specific storage driver.
**--selinux-enabled**=*true*|*false*
Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver.
**--storage-opt**=[]
Set storage driver options. See STORAGE DRIVER OPTIONS.
**-tls**=*true*|*false*
Use TLS; implied by --tlsverify. Default is false.
**-tlsverify**=*true*|*false*
Use TLS and verify the remote (daemon: verify client, client: verify daemon).
Default is false.
**--userland-proxy**=*true*|*false*
Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true.
**-v**, **--version**=*true*|*false*
Print version information and quit. Default is false.
# COMMANDS
**attach**
Attach to a running container
See **docker-attach(1)** for full documentation on the **attach** command.
**build**
Build an image from a Dockerfile
See **docker-build(1)** for full documentation on the **build** command.
**commit**
Create a new image from a container's changes
See **docker-commit(1)** for full documentation on the **commit** command.
**cp**
Copy files/folders from a container's filesystem to the host
See **docker-cp(1)** for full documentation on the **cp** command.
**create**
Create a new container
See **docker-create(1)** for full documentation on the **create** command.
**diff**
Inspect changes on a container's filesystem
See **docker-diff(1)** for full documentation on the **diff** command.
**events**
Get real time events from the server
See **docker-events(1)** for full documentation on the **events** command.
**exec**
Run a command in a running container
See **docker-exec(1)** for full documentation on the **exec** command.
**export**
Stream the contents of a container as a tar archive
See **docker-export(1)** for full documentation on the **export** command.
**history**
Show the history of an image
See **docker-history(1)** for full documentation on the **history** command.
**images**
List images
See **docker-images(1)** for full documentation on the **images** command.
**import**
Create a new filesystem image from the contents of a tarball
See **docker-import(1)** for full documentation on the **import** command.
**info**
Display system-wide information
See **docker-info(1)** for full documentation on the **info** command.
**inspect**
Return low-level information on a container or image
See **docker-inspect(1)** for full documentation on the **inspect** command.
**kill**
Kill a running container (which includes the wrapper process and everything
inside it)
See **docker-kill(1)** for full documentation on the **kill** command.
**load**
Load an image from a tar archive
See **docker-load(1)** for full documentation on the **load** command.
**login**
Register or login to a Docker Registry
See **docker-login(1)** for full documentation on the **login** command.
**logout**
Log the user out of a Docker Registry
See **docker-logout(1)** for full documentation on the **logout** command.
**logs**
Fetch the logs of a container
See **docker-logs(1)** for full documentation on the **logs** command.
**pause**
Pause all processes within a container
See **docker-pause(1)** for full documentation on the **pause** command.
**port**
Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
See **docker-port(1)** for full documentation on the **port** command.
**ps**
List containers
See **docker-ps(1)** for full documentation on the **ps** command.
**pull**
Pull an image or a repository from a Docker Registry
See **docker-pull(1)** for full documentation on the **pull** command.
**push**
Push an image or a repository to a Docker Registry
See **docker-push(1)** for full documentation on the **push** command.
**restart**
Restart a running container
See **docker-restart(1)** for full documentation on the **restart** command.
**rm**
Remove one or more containers
See **docker-rm(1)** for full documentation on the **rm** command.
**rmi**
Remove one or more images
See **docker-rmi(1)** for full documentation on the **rmi** command.
**run**
Run a command in a new container
See **docker-run(1)** for full documentation on the **run** command.
**save**
Save an image to a tar archive
See **docker-save(1)** for full documentation on the **save** command.
**search**
Search for an image in the Docker index
See **docker-search(1)** for full documentation on the **search** command.
**start**
Start a stopped container
See **docker-start(1)** for full documentation on the **start** command.
**stats**
Display a live stream of one or more containers' resource usage statistics
See **docker-stats(1)** for full documentation on the **stats** command.
**stop**
Stop a running container
See **docker-stop(1)** for full documentation on the **stop** command.
**tag**
Tag an image into a repository
See **docker-tag(1)** for full documentation on the **tag** command.
**top**
Lookup the running processes of a container
See **docker-top(1)** for full documentation on the **top** command.
**unpause**
Unpause all processes within a container
See **docker-unpause(1)** for full documentation on the **unpause** command.
**version**
Show the Docker version information
See **docker-version(1)** for full documentation on the **version** command.
**wait**
Block until a container stops, then print its exit code
See **docker-wait(1)** for full documentation on the **wait** command.
# STORAGE DRIVER OPTIONS
Options to storage backend can be specified with **--storage-opt** flags. The
only backend which currently takes options is *devicemapper*. Therefore use these
flags with **-s=**devicemapper.
Here is the list of *devicemapper* options:
#### dm.basesize
Specifies the size to use when creating the base device, which limits the size
of images and containers. The default value is 10G. Note, thin devices are
inherently "sparse", so a 10G device which is mostly empty doesn't use 10 GB
of space on the pool. However, the filesystem will use more space for the empty
case the larger the device is. **Warning**: This value affects the system-wide
"base" empty filesystem that may already be initialized and inherited by pulled
images.
#### dm.loopdatasize
Specifies the size to use when creating the loopback file for the "data"
device which is used for the thin pool. The default size is 100G. Note that the
file is sparse, so it will not initially take up this much space.
#### dm.loopmetadatasize
Specifies the size to use when creating the loopback file for the "metadadata"
device which is used for the thin pool. The default size is 2G. Note that the
file is sparse, so it will not initially take up this much space.
#### dm.fs
Specifies the filesystem type to use for the base device. The supported
options are "ext4" and "xfs". The default is "ext4"
#### dm.mkfsarg
Specifies extra mkfs arguments to be used when creating the base device.
#### dm.mountopt
Specifies extra mount options used when mounting the thin devices.
#### dm.datadev
Specifies a custom blockdevice to use for data for the thin pool.
If using a block device for device mapper storage, ideally both datadev and
metadatadev should be specified to completely avoid using the loopback device.
#### dm.metadatadev
Specifies a custom blockdevice to use for metadata for the thin pool.
For best performance the metadata should be on a different spindle than the
data, or even better on an SSD.
If setting up a new metadata pool it is required to be valid. This can be
achieved by zeroing the first 4k to indicate empty metadata, like this:
dd if=/dev/zero of=/dev/metadata_dev bs=4096 count=1
#### dm.blocksize
Specifies a custom blocksize to use for the thin pool. The default blocksize
is 64K.
#### dm.blkdiscard
Enables or disables the use of blkdiscard when removing devicemapper devices.
This is enabled by default (only) if using loopback devices and is required to
resparsify the loopback file on image/container removal.
Disabling this on loopback can lead to *much* faster container removal times,
but will prevent the space used in `/var/lib/docker` directory from being returned to
the system for other use when containers are removed.
# EXAMPLES
Launching docker daemon with *devicemapper* backend with particular block devices
for data and metadata:
docker -d -s=devicemapper \
--storage-opt dm.datadev=/dev/vdb \
--storage-opt dm.metadatadev=/dev/vdc \
--storage-opt dm.basesize=20G
# EXEC DRIVER OPTIONS
Use the **--exec-opt** flags to specify options to the exec-driver. The only
driver that accepts this flag is the *native* (libcontainer) driver. As a
result, you must also specify **-s=**native for this option to have effect. The
following is the only *native* option:
#### native.cgroupdriver
Specifies the management of the container's `cgroups`. You can specify
`cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the
system uses `cgroupfs`.
#### Client
For specific client examples please see the man page for the specific Docker
command. For example:
man docker-run
# HISTORY
April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work.

22
man/md2man-all.sh Executable file
View File

@ -0,0 +1,22 @@
#!/bin/bash
set -e
# get into this script's directory
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
[ "$1" = '-q' ] || {
set -x
pwd
}
for FILE in *.md; do
base="$(basename "$FILE")"
name="${base%.md}"
num="${name##*.}"
if [ -z "$num" -o "$name" = "$num" ]; then
# skip files that aren't of the format xxxx.N.md (like README.md)
continue
fi
mkdir -p "./man${num}"
go-md2man -in "$FILE" -out "./man${num}/${name}"
done