Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use newer help out for 'docker' and 'docker run' 

Closes #10828

Signed-off-by: Doug Davis <dug@us.ibm.com>
This commit is contained in:
Doug Davis 2015-02-16 08:43:09 -08:00 committed by Tibor Vass
parent e2ac0fc917
commit 3820b31267
1 changed files with 69 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
docs/sources/reference/commandline/cli.md
View File

@ -74,40 +74,41 @@ expect an integer, and they can only be specified once.
A self-sufficient runtime for linux containers. A self-sufficient runtime for linux containers.
Options: Options:
--api-enable-cors=false Enable CORS headers in the remote API --api-enable-cors=false Enable CORS headers in the remote API
-b, --bridge="" Attach containers to a network bridge -b, --bridge="" Attach containers to a network bridge
--bip="" Specify network bridge IP --bip="" Specify network bridge IP
-D, --debug=false Enable debug mode -D, --debug=false Enable debug mode
-d, --daemon=false Enable daemon mode -d, --daemon=false Enable daemon mode
--dns=[] DNS server to use --dns=[] DNS server to use
--dns-search=[] DNS search domains to use --dns-search=[] DNS search domains to use
-e, --exec-driver="native" Exec driver to use -e, --exec-driver="native" Exec driver to use
--fixed-cidr="" IPv4 subnet for fixed IPs --fixed-cidr="" IPv4 subnet for fixed IPs
--fixed-cidr-v6="" IPv6 subnet for fixed IPs --fixed-cidr-v6="" IPv6 subnet for fixed IPs
-G, --group="docker" Group for the unix socket -G, --group="docker" Group for the unix socket
-g, --graph="/var/lib/docker" Root of the Docker runtime -g, --graph="/var/lib/docker" Root of the Docker runtime
-H, --host=[] Daemon socket(s) to use or connect to -H, --host=[] Daemon socket(s) to use or connect to
--icc=true Enable inter-container communication -h, --help=false Print usage
--insecure-registry=[] Enable insecure registry communication --icc=true Enable inter-container communication
--ip=0.0.0.0 Default IP when binding container ports --insecure-registry=[] Enable insecure registry communication
--ip-forward=true Enable net.ipv4.ip_forward --ip=0.0.0.0 Default IP when binding container ports
--ip-masq=true Enable IP masquerading --ip-forward=true Enable net.ipv4.ip_forward
--iptables=true Enable addition of iptables rules --ip-masq=true Enable IP masquerading
--ipv6=false Enable IPv6 networking --iptables=true Enable addition of iptables rules
-l, --log-level="info" Set the logging level --ipv6=false Enable IPv6 networking
--label=[] Set key=value labels to the daemon -l, --log-level="info" Set the logging level
--mtu=0 Set the containers network MTU --label=[] Set key=value labels to the daemon
-p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --mtu=0 Set the containers network MTU
--registry-mirror=[] Preferred Docker registry mirror -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file
-s, --storage-driver="" Storage driver to use --registry-mirror=[] Preferred Docker registry mirror
--selinux-enabled=false Enable selinux support -s, --storage-driver="" Storage driver to use
--storage-opt=[] Set storage driver options --selinux-enabled=false Enable selinux support
--tls=false Use TLS; implied by --tlsverify flag --storage-opt=[] Set storage driver options
--tlscacert="/home/sven/.docker/ca.pem" Trust certs signed only by this CA --tls=false Use TLS; implied by --tlsverify flag
--tlscert="/home/sven/.docker/cert.pem" Path to TLS certificate file --tlscacert="~/.docker/ca.pem" Trust certs signed only by this CA
--tlskey="/home/sven/.docker/key.pem" Path to TLS key file --tlscert="~/.docker/cert.pem" Path to TLS certificate file
--tlsverify=false Use TLS and verify the remote --tlskey="~/.docker/key.pem" Path to TLS key file
-v, --version=false Print version information and quit --tlsverify=false Use TLS and verify the remote
-v, --version=false Print version information and quit
Options with [] may be specified multiple times. Options with [] may be specified multiple times.
@ -202,8 +203,8 @@ share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_p
The `overlay` is a very fast union filesystem. It is now merged in the main The `overlay` is a very fast union filesystem. It is now merged in the main
Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137).
Call `docker -d -s overlay` to use it. Call `docker -d -s overlay` to use it.
> **Note:** > **Note:**
> It is currently unsupported on `btrfs` or any Copy on Write filesystem > It is currently unsupported on `btrfs` or any Copy on Write filesystem
> and should only be used over `ext4` partitions. > and should only be used over `ext4` partitions.
@ -222,11 +223,11 @@ Currently supported options are:
are inherently "sparse", so a 10G device which is mostly empty doesn't use are inherently "sparse", so a 10G device which is mostly empty doesn't use
10 GB of space on the pool. However, the filesystem will use more space for 10 GB of space on the pool. However, the filesystem will use more space for
the empty case the larger the device is. the empty case the larger the device is.
**Warning**: This value affects the system-wide "base" empty filesystem **Warning**: This value affects the system-wide "base" empty filesystem
that may already be initialized and inherited by pulled images. Typically, that may already be initialized and inherited by pulled images. Typically,
a change to this value will require additional steps to take effect: a change to this value will require additional steps to take effect:
$ sudo service docker stop $ sudo service docker stop
$ sudo rm -rf /var/lib/docker $ sudo rm -rf /var/lib/docker
$ sudo service docker start $ sudo service docker start
@ -371,7 +372,7 @@ verification failed (i.e., wrong CA).
By default, Docker assumes all, but local (see local registries below), registries are secure. By default, Docker assumes all, but local (see local registries below), registries are secure.
Communicating with an insecure registry is not possible if Docker assumes that registry is secure. Communicating with an insecure registry is not possible if Docker assumes that registry is secure.
In order to communicate with an insecure registry, the Docker daemon requires `--insecure-registry` In order to communicate with an insecure registry, the Docker daemon requires `--insecure-registry`
in one of the following two forms: in one of the following two forms:
* `--insecure-registry myregistry:5000` tells the Docker daemon that myregistry:5000 should be considered insecure. * `--insecure-registry myregistry:5000` tells the Docker daemon that myregistry:5000 should be considered insecure.
* `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries whose domain resolve to an IP address is part * `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries whose domain resolve to an IP address is part
@ -476,7 +477,7 @@ attaching to a tty-enabled container (i.e.: launched with `-t`).
$ echo $? $ echo $?
0 0
$ docker ps -a | grep topdemo $ docker ps -a | grep topdemo
7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo 7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo
And in this second example, you can see the exit code returned by the `bash` process And in this second example, you can see the exit code returned by the `bash` process
is returned by the `docker attach` command to its caller too: is returned by the `docker attach` command to its caller too:
@ -665,8 +666,8 @@ instructions instead of `Dockerfile`.
$ sudo docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . $ sudo docker build -f dockerfiles/Dockerfile.debug -t myapp_debug .
$ sudo docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . $ sudo docker build -f dockerfiles/Dockerfile.prod -t myapp_prod .
The above commands will build the current build context (as specified by The above commands will build the current build context (as specified by
the `.`) twice, once using a debug version of a `Dockerfile` and once using the `.`) twice, once using a debug version of a `Dockerfile` and once using
a production version. a production version.
$ cd /home/me/myapp/some/dir/really/deep $ cd /home/me/myapp/some/dir/really/deep
@ -674,9 +675,9 @@ a production version.
$ sudo docker build -f ../../../../dockerfiles/debug /home/me/myapp $ sudo docker build -f ../../../../dockerfiles/debug /home/me/myapp
These two `docker build` commands do the exact same thing. They both These two `docker build` commands do the exact same thing. They both
use the contents of the `debug` file instead of looking for a `Dockerfile` use the contents of the `debug` file instead of looking for a `Dockerfile`
and will use `/home/me/myapp` as the root of the build context. Note that and will use `/home/me/myapp` as the root of the build context. Note that
`debug` is in the directory structure of the build context, regardless of how `debug` is in the directory structure of the build context, regardless of how
you refer to it on the command line. you refer to it on the command line.
> **Note:** `docker build` will return a `no such file or directory` error > **Note:** `docker build` will return a `no such file or directory` error
@ -1009,8 +1010,8 @@ For example:
> **Note:** > **Note:**
> `docker export` does not export the contents of volumes associated with the > `docker export` does not export the contents of volumes associated with the
> container. If a volume is mounted on top of an existing directory in the > container. If a volume is mounted on top of an existing directory in the
> container, `docker export` will export the contents of the *underlying* > container, `docker export` will export the contents of the *underlying*
> directory, not the contents of the volume. > directory, not the contents of the volume.
> >
> Refer to [Backup, restore, or migrate data volumes](/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes) > Refer to [Backup, restore, or migrate data volumes](/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes)
@ -1414,7 +1415,7 @@ for further details.
rename a existing container to a NEW_NAME rename a existing container to a NEW_NAME
The `docker rename` command allows the container to be renamed to a different name. The `docker rename` command allows the container to be renamed to a different name.
## ps ## ps
@ -1602,45 +1603,36 @@ removed before the image is removed.
--cidfile="" Write the container ID to the file --cidfile="" Write the container ID to the file
--cpuset="" CPUs in which to allow execution (0-3, 0,1) --cpuset="" CPUs in which to allow execution (0-3, 0,1)
-d, --detach=false Run container in background and print container ID -d, --detach=false Run container in background and print container ID
--device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) --device=[] Add a host device to the container
--dns=[] Set custom DNS servers --dns=[] Set custom DNS servers
--dns-search=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) --dns-search=[] Set custom DNS search domains
-e, --env=[] Set environment variables -e, --env=[] Set environment variables
--entrypoint="" Overwrite the default ENTRYPOINT of the image --entrypoint="" Overwrite the default ENTRYPOINT of the image
--env-file=[] Read in a line delimited file of environment variables --env-file=[] Read in a file of environment variables
--expose=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host --expose=[] Expose a port or a range of ports
-h, --hostname="" Container host name -h, --hostname="" Container host name
--help=false Print usage
-i, --interactive=false Keep STDIN open even if not attached -i, --interactive=false Keep STDIN open even if not attached
--ipc="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container --ipc="" IPC namespace to use
'container:<name|id>': reuses another container shared memory, semaphores and message queues --link=[] Add link to another container
'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure.
--link=[] Add link to another container in the form of name:alias
--lxc-conf=[] Add custom lxc options --lxc-conf=[] Add custom lxc options
-m, --memory="" Memory limit -m, --memory="" Memory limit
-memory-swap="" Total memory (memory+swap), '-1' to disable swap
--mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33)
--memory-swap="" Total memory (memory + swap), '-1' to disable swap
--name="" Assign a name to the container --name="" Assign a name to the container
--net="bridge" Set the Network mode for the container --net="bridge" Set the Network mode for the container
'bridge': creates a new network stack for the container on the docker bridge -P, --publish-all=false Publish all exposed ports to random ports
'none': no networking for this container -p, --publish=[] Publish a container's port(s) to the host
'container:<name|id>': reuses another container network stack --pid="" PID namespace to use
'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
-P, --publish-all=false Publish all exposed ports to random ports on the host interfaces
-p, --publish=[] Publish a container's port to the host
format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
Both hostPort and containerPort can be specified as a range of ports.
When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`)
(use 'docker port' to see the actual mapping)
--pid=host 'host': use the host PID namespace inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
--privileged=false Give extended privileges to this container --privileged=false Give extended privileges to this container
--read-only=false Mount the container's root filesystem as read only --read-only=false Mount the container's root filesystem as read only
--restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) --restart="" Restart policy to apply when a container exits
--rm=false Automatically remove the container when it exits --rm=false Automatically remove the container when it exits
--security-opt=[] Security Options --security-opt=[] Security Options
--sig-proxy=true Proxy received signals to the process --sig-proxy=true Proxy received signals to the process
-t, --tty=false Allocate a pseudo-TTY -t, --tty=false Allocate a pseudo-TTY
-u, --user="" Username or UID -u, --user="" Username or UID (format: <name|uid>[:<group|gid>])
-v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) -v, --volume=[] Bind mount a volume
--volumes-from=[] Mount volumes from the specified container(s) --volumes-from=[] Mount volumes from the specified container(s)
-w, --workdir="" Working directory inside the container -w, --workdir="" Working directory inside the container
@ -1724,7 +1716,7 @@ folder before starting your container.
$ sudo docker run --read-only -v /icanwrite busybox touch /icanwrite here $ sudo docker run --read-only -v /icanwrite busybox touch /icanwrite here
Volumes can be used in combination with `--read-only` to control where Volumes can be used in combination with `--read-only` to control where
a container writes files. The `--read-only` flag mounts the container's root a container writes files. The `--read-only` flag mounts the container's root
filesystem as read only prohibiting writes to locations other than the filesystem as read only prohibiting writes to locations other than the
specified volumes for the container. specified volumes for the container.
@ -1754,7 +1746,7 @@ ports in Docker.
This sets environmental variables in the container. For illustration all three This sets environmental variables in the container. For illustration all three
flags are shown here. Where `-e`, `--env` take an environment variable and flags are shown here. Where `-e`, `--env` take an environment variable and
value, or if no `=` is provided, then that variable's current value is passed value, or if no `=` is provided, then that variable's current value is passed
through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container). through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container).
When no `=` is provided and that variable is not defined in the client's When no `=` is provided and that variable is not defined in the client's
environment then that variable will be removed from the container's list of environment then that variable will be removed from the container's list of
environment variables. environment variables.
@ -2009,8 +2001,8 @@ See [*Find Public Images on Docker Hub*](
/userguide/dockerrepos/#searching-for-images) for /userguide/dockerrepos/#searching-for-images) for
more details on finding shared images from the command line. more details on finding shared images from the command line.
> **Note:** > **Note:**
> Search queries will only return up to 25 results > Search queries will only return up to 25 results
## start ## start
@ -2039,7 +2031,7 @@ Running `docker stats` on multiple containers
redis2 0.07% 2.746 MiB/64 MiB 4.29% 1.266 KiB/648 B redis2 0.07% 2.746 MiB/64 MiB 4.29% 1.266 KiB/648 B
The `docker stats` command will only return a live stream of data for running The `docker stats` command will only return a live stream of data for running
containers. Stopped containers will not return any data. containers. Stopped containers will not return any data.
> **Note:** > **Note:**