Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit) 

Add some information about the storage and execution driver choices

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
This commit is contained in:
SvenDowideit 2014-09-25 14:13:30 +10:00 committed by Tibor Vass
parent eecd9e7003
commit 22c0b17eb2
1 changed files with 77 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
docs/sources/reference/commandline/cli.md
View File

@ -94,20 +94,41 @@ The Docker daemon is the persistent process that manages containers.
Docker uses the same binary for both the daemon and client. To run the Docker uses the same binary for both the daemon and client. To run the
daemon you provide the `-d` flag. daemon you provide the `-d` flag.
To force Docker to use devicemapper as the storage driver, use
`docker -d -s devicemapper`.
To set the DNS server for all Docker containers, use
`docker -d --dns 8.8.8.8`.
To set the DNS search domain for all Docker containers, use
`docker -d --dns-search example.com`.
To run the daemon with debug output, use `docker -d -D`. To run the daemon with debug output, use `docker -d -D`.
To use lxc as the execution driver, use `docker -d -e lxc`. ### Daemon socket option
The docker client will also honor the `DOCKER_HOST` environment variable to set The Docker daemon can listen for [Docker Remote API](reference/api/docker_remote_api/)
requests via three different types of Socket: `unix`, `tcp`, and `fd`.
By default, a `unix` domain socket (or IPC socket) is created at `/var/run/docker.sock`,
requiring either `root` permission, or `docker` group membership.
If you need to access the Docker daemon remotely, you need to enable the `tcp`
Socket. Beware that the default setup provides un-encrypted and un-authenticated
direct access to the Docker daemon - and should be secured either using the
[built in https encrypted socket](/articles/https/), or by putting a secure web
proxy in front of it. You can listen on port `2375` on all network interfaces
with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP
address: `-H tcp://192.168.59.103:2375`.
On Systemd based systems, you can communicate with the daemon via
[systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use
`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but
you can also specify individual sockets: `docker -d -H fd://3`. If the
specified socket activated files aren't found, then Docker will exit. You
can find examples of using Systemd socket activation with Docker and
Systemd in the [Docker source tree](
https://github.com/docker/docker/tree/master/contrib/init/systemd/).
You can configure the Docker daemon to listen to multiple sockets at the same
time using multiple `-H` options:
# listen using the default unix socket, and on 2 specific IP addresses on this host.
docker -d -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2
The Docker client will honor the `DOCKER_HOST` environment variable to set
the `-H` flag for the client. the `-H` flag for the client.
$ sudo docker -H tcp://0.0.0.0:2375 ps $ sudo docker -H tcp://0.0.0.0:2375 ps
@ -124,18 +145,55 @@ string is equivalent to setting the `--tlsverify` flag. The following are equiva
$ export DOCKER_TLS_VERIFY=1 $ export DOCKER_TLS_VERIFY=1
$ sudo docker ps $ sudo docker ps
### Daemon storage-driver option
The Docker daemon has support for three different image layer storage drivers: `aufs`,
`devicemapper`, and `btrfs`.
The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that
is unlikely to be merged into the main kernel. These are also known to cause some
serious kernel crashes. However, `aufs` is also the only storage driver that allows
containers to share executable and shared library memory, so is a useful choice
when running thousands of containers with the same program or libraries.
The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) snapshots.
This driver will create a 100GB sparse file containing all your images and
containers. Each container will be limited to a 10 GB thin volume, and either of
these will require tuning - see [~jpetazzo/Resizing Docker containers with the
Device Mapper plugin]( http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/)
To tell the Docker daemon to use `devicemapper`, use
`docker -d -s devicemapper`.
The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not
share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`.
### Docker exec-driver option
The Docker daemon uses a specifically built `libcontainer` execution driver as its
interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`.
There is still legacy support for the original [LXC userspace tools](
https://linuxcontainers.org/) via the `lxc` execution driver, however, this is
not where the primary development of new functionality is taking place.
Add `-e lxc` to the daemon flags to use the `lxc` execution driver.
### Daemon DNS options
To set the DNS server for all Docker containers, use
`docker -d --dns 8.8.8.8`.
To set the DNS search domain for all Docker containers, use
`docker -d --dns-search example.com`.
### Miscellaneous options
IP masquerading uses address translation to allow containers without a public IP to talk IP masquerading uses address translation to allow containers without a public IP to talk
to other machines on the Internet. This may interfere with some network topologies and to other machines on the Internet. This may interfere with some network topologies and
can be disabled with --ip-masq=false. can be disabled with --ip-masq=false.
To run the daemon with [systemd socket activation](
http://0pointer.de/blog/projects/socket-activation.html), use
`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but
you can also specify individual sockets too `docker -d -H fd://3`. If the
specified socket activated files aren't found then docker will exit. You
can find examples of using systemd socket activation with docker and
systemd in the [docker source tree](
https://github.com/docker/docker/tree/master/contrib/init/systemd/).
Docker supports softlinks for the Docker data directory Docker supports softlinks for the Docker data directory
(`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this: (`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this:
@ -145,6 +203,7 @@ Docker supports softlinks for the Docker data directory
export DOCKER_TMPDIR=/mnt/disk2/tmp export DOCKER_TMPDIR=/mnt/disk2/tmp
/usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1
## attach ## attach
Usage: docker attach [OPTIONS] CONTAINER Usage: docker attach [OPTIONS] CONTAINER