github.com/chenchun/docker@v1.3.2-0.20150629222414-20467faf132b/man/docker.1.md (about) 1 % DOCKER(1) Docker User Manuals 2 % William Henry 3 % APRIL 2014 4 # NAME 5 docker \- Docker image and container command line interface 6 7 # SYNOPSIS 8 **docker** [OPTIONS] COMMAND [arg...] 9 10 # DESCRIPTION 11 **docker** has two distinct functions. It is used for starting the Docker 12 daemon and to run the CLI (i.e., to command the daemon to manage images, 13 containers etc.) So **docker** is both a server, as a daemon, and a client 14 to the daemon, through the CLI. 15 16 To run the Docker daemon you do not specify any of the commands listed below but 17 must specify the **-d** option. The other options listed below are for the 18 daemon only. 19 20 The Docker CLI has over 30 commands. The commands are listed below and each has 21 its own man page which explain usage and arguments. 22 23 To see the man page for a command run **man docker <command>**. 24 25 # OPTIONS 26 **-h**, **--help** 27 Print usage statement 28 29 **--api-cors-header**="" 30 Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. 31 32 **-b**, **--bridge**="" 33 Attach containers to a pre\-existing network bridge; use 'none' to disable container networking 34 35 **--bip**="" 36 Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b 37 38 **-D**, **--debug**=*true*|*false* 39 Enable debug mode. Default is false. 40 41 **-d**, **--daemon**=*true*|*false* 42 Enable daemon mode. Default is false. 43 44 **--default-gateway**="" 45 IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) 46 47 **--default-gateway-v6**="" 48 IPv6 address of the container default gateway 49 50 **--dns**="" 51 Force Docker to use specific DNS servers 52 53 **-e**, **--exec-driver**="" 54 Force Docker to use specific exec driver. Default is `native`. 55 56 **--exec-opt**=[] 57 Set exec driver options. See EXEC DRIVER OPTIONS. 58 59 **--exec-root**="" 60 Path to use as the root of the Docker execdriver. Default is `/var/run/docker`. 61 62 **--fixed-cidr**="" 63 IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) 64 65 **--fixed-cidr-v6**="" 66 IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) 67 68 **-G**, **--group**="" 69 Group to assign the unix socket specified by -H when running in daemon mode. 70 use '' (the empty string) to disable setting of a group. Default is `docker`. 71 72 **-g**, **--graph**="" 73 Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. 74 75 **-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or 76 unix://[/path/to/socket] to use. 77 The socket(s) to bind to in daemon mode specified using one or more 78 tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. 79 80 **--icc**=*true*|*false* 81 Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true. 82 83 **--ip**="" 84 Default IP address to use when binding container ports. Default is `0.0.0.0`. 85 86 **--ip-forward**=*true*|*false* 87 Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. 88 89 This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". 90 91 **--ip-masq**=*true*|*false* 92 Enable IP masquerading for bridge's IP range. Default is true. 93 94 **--iptables**=*true*|*false* 95 Enable Docker's addition of iptables rules. Default is true. 96 97 **--ipv6**=*true*|*false* 98 Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". 99 100 **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" 101 Set the logging level. Default is `info`. 102 103 **--label**="[]" 104 Set key=value labels to the daemon (displayed in `docker info`) 105 106 **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" 107 Default driver for container logs. Default is `json-file`. 108 **Warning**: `docker logs` command works only for `json-file` logging driver. 109 110 **--log-opt**=[] 111 Logging driver specific options. 112 113 **--mtu**=VALUE 114 Set the containers network mtu. Default is `0`. 115 116 **-p**, **--pidfile**="" 117 Path to use for daemon PID file. Default is `/var/run/docker.pid` 118 119 **--registry-mirror**=<scheme>://<host> 120 Prepend a registry mirror to be used for image pulls. May be specified multiple times. 121 122 **-s**, **--storage-driver**="" 123 Force the Docker runtime to use a specific storage driver. 124 125 **--selinux-enabled**=*true*|*false* 126 Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. 127 128 **--storage-opt**=[] 129 Set storage driver options. See STORAGE DRIVER OPTIONS. 130 131 **-tls**=*true*|*false* 132 Use TLS; implied by --tlsverify. Default is false. 133 134 **-tlsverify**=*true*|*false* 135 Use TLS and verify the remote (daemon: verify client, client: verify daemon). 136 Default is false. 137 138 **--userland-proxy**=*true*|*false* 139 Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. 140 141 **-v**, **--version**=*true*|*false* 142 Print version information and quit. Default is false. 143 144 # COMMANDS 145 **attach** 146 Attach to a running container 147 See **docker-attach(1)** for full documentation on the **attach** command. 148 149 **build** 150 Build an image from a Dockerfile 151 See **docker-build(1)** for full documentation on the **build** command. 152 153 **commit** 154 Create a new image from a container's changes 155 See **docker-commit(1)** for full documentation on the **commit** command. 156 157 **cp** 158 Copy files/folders from a container's filesystem to the host 159 See **docker-cp(1)** for full documentation on the **cp** command. 160 161 **create** 162 Create a new container 163 See **docker-create(1)** for full documentation on the **create** command. 164 165 **diff** 166 Inspect changes on a container's filesystem 167 See **docker-diff(1)** for full documentation on the **diff** command. 168 169 **events** 170 Get real time events from the server 171 See **docker-events(1)** for full documentation on the **events** command. 172 173 **exec** 174 Run a command in a running container 175 See **docker-exec(1)** for full documentation on the **exec** command. 176 177 **export** 178 Stream the contents of a container as a tar archive 179 See **docker-export(1)** for full documentation on the **export** command. 180 181 **history** 182 Show the history of an image 183 See **docker-history(1)** for full documentation on the **history** command. 184 185 **images** 186 List images 187 See **docker-images(1)** for full documentation on the **images** command. 188 189 **import** 190 Create a new filesystem image from the contents of a tarball 191 See **docker-import(1)** for full documentation on the **import** command. 192 193 **info** 194 Display system-wide information 195 See **docker-info(1)** for full documentation on the **info** command. 196 197 **inspect** 198 Return low-level information on a container or image 199 See **docker-inspect(1)** for full documentation on the **inspect** command. 200 201 **kill** 202 Kill a running container (which includes the wrapper process and everything 203 inside it) 204 See **docker-kill(1)** for full documentation on the **kill** command. 205 206 **load** 207 Load an image from a tar archive 208 See **docker-load(1)** for full documentation on the **load** command. 209 210 **login** 211 Register or login to a Docker Registry 212 See **docker-login(1)** for full documentation on the **login** command. 213 214 **logout** 215 Log the user out of a Docker Registry 216 See **docker-logout(1)** for full documentation on the **logout** command. 217 218 **logs** 219 Fetch the logs of a container 220 See **docker-logs(1)** for full documentation on the **logs** command. 221 222 **pause** 223 Pause all processes within a container 224 See **docker-pause(1)** for full documentation on the **pause** command. 225 226 **port** 227 Lookup the public-facing port which is NAT-ed to PRIVATE_PORT 228 See **docker-port(1)** for full documentation on the **port** command. 229 230 **ps** 231 List containers 232 See **docker-ps(1)** for full documentation on the **ps** command. 233 234 **pull** 235 Pull an image or a repository from a Docker Registry 236 See **docker-pull(1)** for full documentation on the **pull** command. 237 238 **push** 239 Push an image or a repository to a Docker Registry 240 See **docker-push(1)** for full documentation on the **push** command. 241 242 **restart** 243 Restart a running container 244 See **docker-restart(1)** for full documentation on the **restart** command. 245 246 **rm** 247 Remove one or more containers 248 See **docker-rm(1)** for full documentation on the **rm** command. 249 250 **rmi** 251 Remove one or more images 252 See **docker-rmi(1)** for full documentation on the **rmi** command. 253 254 **run** 255 Run a command in a new container 256 See **docker-run(1)** for full documentation on the **run** command. 257 258 **save** 259 Save an image to a tar archive 260 See **docker-save(1)** for full documentation on the **save** command. 261 262 **search** 263 Search for an image in the Docker index 264 See **docker-search(1)** for full documentation on the **search** command. 265 266 **start** 267 Start a stopped container 268 See **docker-start(1)** for full documentation on the **start** command. 269 270 **stats** 271 Display a live stream of one or more containers' resource usage statistics 272 See **docker-stats(1)** for full documentation on the **stats** command. 273 274 **stop** 275 Stop a running container 276 See **docker-stop(1)** for full documentation on the **stop** command. 277 278 **tag** 279 Tag an image into a repository 280 See **docker-tag(1)** for full documentation on the **tag** command. 281 282 **top** 283 Lookup the running processes of a container 284 See **docker-top(1)** for full documentation on the **top** command. 285 286 **unpause** 287 Unpause all processes within a container 288 See **docker-unpause(1)** for full documentation on the **unpause** command. 289 290 **version** 291 Show the Docker version information 292 See **docker-version(1)** for full documentation on the **version** command. 293 294 **wait** 295 Block until a container stops, then print its exit code 296 See **docker-wait(1)** for full documentation on the **wait** command. 297 298 # STORAGE DRIVER OPTIONS 299 300 Docker uses storage backends (known as "graphdrivers" in the Docker 301 internals) to create writable containers from images. Many of these 302 backends use operating system level technologies and can be 303 configured. 304 305 Specify options to the storage backend with **--storage-opt** flags. The only 306 backend that currently takes options is *devicemapper*. Therefore use these 307 flags with **-s=**devicemapper. 308 309 Specifically for devicemapper, the default is a "loopback" model which 310 requires no pre-configuration, but is extremely inefficient. Do not 311 use it in production. 312 313 To make the best use of Docker with the devicemapper backend, you must 314 have a recent version of LVM. Use `lvm` to create a thin pool; for 315 more information see `man lvmthin`. Then, use `--storage-opt 316 dm.thinpooldev` to tell the Docker engine to use that pool for 317 allocating images and container snapshots. 318 319 Here is the list of *devicemapper* options: 320 321 #### dm.thinpooldev 322 323 Specifies a custom block storage device to use for the thin pool. 324 325 If using a block device for device mapper storage, it is best to use 326 `lvm` to create and manage the thin-pool volume. This volume is then 327 handed to Docker to create snapshot volumes needed for images and 328 containers. 329 330 Managing the thin-pool outside of Docker makes for the most feature-rich method 331 of having Docker utilize device mapper thin provisioning as the backing storage 332 for Docker's containers. The highlights of the LVM-based thin-pool management 333 feature include: automatic or interactive thin-pool resize support, dynamically 334 changing thin-pool features, automatic thinp metadata checking when lvm activates 335 the thin-pool, etc. 336 337 Example use: `docker -d --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` 338 339 #### dm.basesize 340 341 Specifies the size to use when creating the base device, which limits 342 the size of images and containers. The default value is 10G. Note, 343 thin devices are inherently "sparse", so a 10G device which is mostly 344 empty doesn't use 10 GB of space on the pool. However, the filesystem 345 will use more space for base images the larger the device 346 is. 347 348 This value affects the system-wide "base" empty filesystem that may already 349 be initialized and inherited by pulled images. Typically, a change to this 350 value requires additional steps to take effect: 351 352 $ sudo service docker stop 353 $ sudo rm -rf /var/lib/docker 354 $ sudo service docker start 355 356 Example use: `docker -d --storage-opt dm.basesize=20G` 357 358 #### dm.fs 359 360 Specifies the filesystem type to use for the base device. The 361 supported options are `ext4` and `xfs`. The default is `ext4`. 362 363 Example use: `docker -d --storage-opt dm.fs=xfs` 364 365 #### dm.mkfsarg 366 367 Specifies extra mkfs arguments to be used when creating the base device. 368 369 Example use: `docker -d --storage-opt "dm.mkfsarg=-O ^has_journal"` 370 371 #### dm.mountopt 372 373 Specifies extra mount options used when mounting the thin devices. 374 375 Example use: `docker -d --storage-opt dm.mountopt=nodiscard` 376 377 #### dm.use_deferred_removal 378 379 Enables use of deferred device removal if `libdm` and the kernel driver 380 support the mechanism. 381 382 Deferred device removal means that if device is busy when devices are 383 being removed/deactivated, then a deferred removal is scheduled on 384 device. And devices automatically go away when last user of the device 385 exits. 386 387 For example, when a container exits, its associated thin device is removed. If 388 that device has leaked into some other mount namespace and can't be removed, 389 the container exit still succeeds and this option causes the system to schedule 390 the device for deferred removal. It does not wait in a loop trying to remove a busy 391 device. 392 393 Example use: `docker -d --storage-opt dm.use_deferred_removal=true` 394 395 #### dm.loopdatasize 396 397 **Note**: This option configures devicemapper loopback, which should not be used in production. 398 399 Specifies the size to use when creating the loopback file for the 400 "data" device which is used for the thin pool. The default size is 401 100G. The file is sparse, so it will not initially take up 402 this much space. 403 404 Example use: `docker -d --storage-opt dm.loopdatasize=200G` 405 406 #### dm.loopmetadatasize 407 408 **Note**: This option configures devicemapper loopback, which should not be used in production. 409 410 Specifies the size to use when creating the loopback file for the 411 "metadadata" device which is used for the thin pool. The default size 412 is 2G. The file is sparse, so it will not initially take up 413 this much space. 414 415 Example use: `docker -d --storage-opt dm.loopmetadatasize=4G` 416 417 #### dm.datadev 418 419 (Deprecated, use `dm.thinpooldev`) 420 421 Specifies a custom blockdevice to use for data for a 422 Docker-managed thin pool. It is better to use `dm.thinpooldev` - see 423 the documentation for it above for discussion of the advantages. 424 425 #### dm.metadatadev 426 427 (Deprecated, use `dm.thinpooldev`) 428 429 Specifies a custom blockdevice to use for metadata for a 430 Docker-managed thin pool. See `dm.datadev` for why this is 431 deprecated. 432 433 #### dm.blocksize 434 435 Specifies a custom blocksize to use for the thin pool. The default 436 blocksize is 64K. 437 438 Example use: `docker -d --storage-opt dm.blocksize=512K` 439 440 #### dm.blkdiscard 441 442 Enables or disables the use of `blkdiscard` when removing devicemapper 443 devices. This is disabled by default due to the additional latency, 444 but as a special case with loopback devices it will be enabled, in 445 order to re-sparsify the loopback file on image/container removal. 446 447 Disabling this on loopback can lead to *much* faster container removal 448 times, but it also prevents the space used in `/var/lib/docker` directory 449 from being returned to the system for other use when containers are 450 removed. 451 452 Example use: `docker -d --storage-opt dm.blkdiscard=false` 453 454 #### dm.override_udev_sync_check 455 456 By default, the devicemapper backend attempts to synchronize with the 457 `udev` device manager for the Linux kernel. This option allows 458 disabling that synchronization, to continue even though the 459 configuration may be buggy. 460 461 To view the `udev` sync support of a Docker daemon that is using the 462 `devicemapper` driver, run: 463 464 $ docker info 465 [...] 466 Udev Sync Supported: true 467 [...] 468 469 When `udev` sync support is `true`, then `devicemapper` and `udev` can 470 coordinate the activation and deactivation of devices for containers. 471 472 When `udev` sync support is `false`, a race condition occurs between 473 the`devicemapper` and `udev` during create and cleanup. The race 474 condition results in errors and failures. (For information on these 475 failures, see 476 [docker#4036](https://github.com/docker/docker/issues/4036)) 477 478 To allow the `docker` daemon to start, regardless of whether `udev` sync is 479 `false`, set `dm.override_udev_sync_check` to true: 480 481 $ docker -d --storage-opt dm.override_udev_sync_check=true 482 483 When this value is `true`, the driver continues and simply warns you 484 the errors are happening. 485 486 **Note**: The ideal is to pursue a `docker` daemon and environment 487 that does support synchronizing with `udev`. For further discussion on 488 this topic, see 489 [docker#4036](https://github.com/docker/docker/issues/4036). 490 Otherwise, set this flag for migrating existing Docker daemons to a 491 daemon with a supported environment. 492 493 # EXEC DRIVER OPTIONS 494 495 Use the **--exec-opt** flags to specify options to the exec-driver. The only 496 driver that accepts this flag is the *native* (libcontainer) driver. As a 497 result, you must also specify **-s=**native for this option to have effect. The 498 following is the only *native* option: 499 500 #### native.cgroupdriver 501 Specifies the management of the container's `cgroups`. You can specify 502 `cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the 503 system uses `cgroupfs`. 504 505 #### Client 506 For specific client examples please see the man page for the specific Docker 507 command. For example: 508 509 man docker-run 510 511 # HISTORY 512 April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work.