github.com/chenchun/docker@v1.3.2-0.20150629222414-20467faf132b/man/docker.1.md (about)

     1  % DOCKER(1) Docker User Manuals
     2  % William Henry
     3  % APRIL 2014
     4  # NAME
     5  docker \- Docker image and container command line interface
     6  
     7  # SYNOPSIS
     8  **docker** [OPTIONS] COMMAND [arg...]
     9  
    10  # DESCRIPTION
    11  **docker** has two distinct functions. It is used for starting the Docker
    12  daemon and to run the CLI (i.e., to command the daemon to manage images,
    13  containers etc.) So **docker** is both a server, as a daemon, and a client
    14  to the daemon, through the CLI.
    15  
    16  To run the Docker daemon you do not specify any of the commands listed below but
    17  must specify the **-d** option.  The other options listed below are for the
    18  daemon only.
    19  
    20  The Docker CLI has over 30 commands. The commands are listed below and each has
    21  its own man page which explain usage and arguments.
    22  
    23  To see the man page for a command run **man docker <command>**.
    24  
    25  # OPTIONS
    26  **-h**, **--help**
    27    Print usage statement
    28  
    29  **--api-cors-header**=""
    30    Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all.
    31  
    32  **-b**, **--bridge**=""
    33    Attach containers to a pre\-existing network bridge; use 'none' to disable container networking
    34  
    35  **--bip**=""
    36    Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b
    37  
    38  **-D**, **--debug**=*true*|*false*
    39    Enable debug mode. Default is false.
    40  
    41  **-d**, **--daemon**=*true*|*false*
    42    Enable daemon mode. Default is false.
    43  
    44  **--default-gateway**=""
    45    IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip)
    46  
    47  **--default-gateway-v6**=""
    48    IPv6 address of the container default gateway
    49  
    50  **--dns**=""
    51    Force Docker to use specific DNS servers
    52  
    53  **-e**, **--exec-driver**=""
    54    Force Docker to use specific exec driver. Default is `native`.
    55  
    56  **--exec-opt**=[]
    57    Set exec driver options. See EXEC DRIVER OPTIONS.
    58  
    59  **--exec-root**=""
    60    Path to use as the root of the Docker execdriver. Default is `/var/run/docker`.
    61  
    62  **--fixed-cidr**=""
    63    IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip)
    64  
    65  **--fixed-cidr-v6**=""
    66    IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64)
    67  
    68  **-G**, **--group**=""
    69    Group to assign the unix socket specified by -H when running in daemon mode.
    70    use '' (the empty string) to disable setting of a group. Default is `docker`.
    71  
    72  **-g**, **--graph**=""
    73    Path to use as the root of the Docker runtime. Default is `/var/lib/docker`.
    74  
    75  **-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or
    76  unix://[/path/to/socket] to use.
    77    The socket(s) to bind to in daemon mode specified using one or more
    78    tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
    79  
    80  **--icc**=*true*|*false*
    81    Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true.
    82  
    83  **--ip**=""
    84    Default IP address to use when binding container ports. Default is `0.0.0.0`.
    85  
    86  **--ip-forward**=*true*|*false*
    87    Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect.
    88  
    89    This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6".
    90  
    91  **--ip-masq**=*true*|*false*
    92    Enable IP masquerading for bridge's IP range. Default is true.
    93  
    94  **--iptables**=*true*|*false*
    95    Enable Docker's addition of iptables rules. Default is true.
    96  
    97  **--ipv6**=*true*|*false*
    98    Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6".
    99  
   100  **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*""
   101    Set the logging level. Default is `info`.
   102  
   103  **--label**="[]"
   104    Set key=value labels to the daemon (displayed in `docker info`)
   105  
   106  **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*"
   107    Default driver for container logs. Default is `json-file`.
   108    **Warning**: `docker logs` command works only for `json-file` logging driver.
   109  
   110  **--log-opt**=[]
   111    Logging driver specific options.
   112  
   113  **--mtu**=VALUE
   114    Set the containers network mtu. Default is `0`.
   115  
   116  **-p**, **--pidfile**=""
   117    Path to use for daemon PID file. Default is `/var/run/docker.pid`
   118  
   119  **--registry-mirror**=<scheme>://<host>
   120    Prepend a registry mirror to be used for image pulls. May be specified multiple times.
   121  
   122  **-s**, **--storage-driver**=""
   123    Force the Docker runtime to use a specific storage driver.
   124  
   125  **--selinux-enabled**=*true*|*false*
   126    Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver.
   127  
   128  **--storage-opt**=[]
   129    Set storage driver options. See STORAGE DRIVER OPTIONS.
   130  
   131  **-tls**=*true*|*false*
   132    Use TLS; implied by --tlsverify. Default is false.
   133  
   134  **-tlsverify**=*true*|*false*
   135    Use TLS and verify the remote (daemon: verify client, client: verify daemon).
   136    Default is false.
   137  
   138  **--userland-proxy**=*true*|*false*
   139      Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true.
   140  
   141  **-v**, **--version**=*true*|*false*
   142    Print version information and quit. Default is false.
   143  
   144  # COMMANDS
   145  **attach**
   146    Attach to a running container
   147    See **docker-attach(1)** for full documentation on the **attach** command.
   148  
   149  **build**
   150    Build an image from a Dockerfile
   151    See **docker-build(1)** for full documentation on the **build** command.
   152  
   153  **commit**
   154    Create a new image from a container's changes
   155    See **docker-commit(1)** for full documentation on the **commit** command.
   156  
   157  **cp**
   158    Copy files/folders from a container's filesystem to the host
   159    See **docker-cp(1)** for full documentation on the **cp** command.
   160  
   161  **create**
   162    Create a new container
   163    See **docker-create(1)** for full documentation on the **create** command.
   164  
   165  **diff**
   166    Inspect changes on a container's filesystem
   167    See **docker-diff(1)** for full documentation on the **diff** command.
   168  
   169  **events**
   170    Get real time events from the server
   171    See **docker-events(1)** for full documentation on the **events** command.
   172  
   173  **exec**
   174    Run a command in a running container
   175    See **docker-exec(1)** for full documentation on the **exec** command.
   176  
   177  **export**
   178    Stream the contents of a container as a tar archive
   179    See **docker-export(1)** for full documentation on the **export** command.
   180  
   181  **history**
   182    Show the history of an image
   183    See **docker-history(1)** for full documentation on the **history** command.
   184  
   185  **images**
   186    List images
   187    See **docker-images(1)** for full documentation on the **images** command.
   188  
   189  **import**
   190    Create a new filesystem image from the contents of a tarball
   191    See **docker-import(1)** for full documentation on the **import** command.
   192  
   193  **info**
   194    Display system-wide information
   195    See **docker-info(1)** for full documentation on the **info** command.
   196  
   197  **inspect**
   198    Return low-level information on a container or image
   199    See **docker-inspect(1)** for full documentation on the **inspect** command.
   200  
   201  **kill**
   202    Kill a running container (which includes the wrapper process and everything
   203  inside it)
   204    See **docker-kill(1)** for full documentation on the **kill** command.
   205  
   206  **load**
   207    Load an image from a tar archive
   208    See **docker-load(1)** for full documentation on the **load** command.
   209  
   210  **login**
   211    Register or login to a Docker Registry
   212    See **docker-login(1)** for full documentation on the **login** command.
   213  
   214  **logout**
   215    Log the user out of a Docker Registry
   216    See **docker-logout(1)** for full documentation on the **logout** command.
   217  
   218  **logs**
   219    Fetch the logs of a container
   220    See **docker-logs(1)** for full documentation on the **logs** command.
   221  
   222  **pause**
   223    Pause all processes within a container
   224    See **docker-pause(1)** for full documentation on the **pause** command.
   225  
   226  **port**
   227    Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
   228    See **docker-port(1)** for full documentation on the **port** command.
   229  
   230  **ps**
   231    List containers
   232    See **docker-ps(1)** for full documentation on the **ps** command.
   233  
   234  **pull**
   235    Pull an image or a repository from a Docker Registry
   236    See **docker-pull(1)** for full documentation on the **pull** command.
   237  
   238  **push**
   239    Push an image or a repository to a Docker Registry
   240    See **docker-push(1)** for full documentation on the **push** command.
   241  
   242  **restart**
   243    Restart a running container
   244    See **docker-restart(1)** for full documentation on the **restart** command.
   245  
   246  **rm**
   247    Remove one or more containers
   248    See **docker-rm(1)** for full documentation on the **rm** command.
   249  
   250  **rmi**
   251    Remove one or more images
   252    See **docker-rmi(1)** for full documentation on the **rmi** command.
   253  
   254  **run**
   255    Run a command in a new container
   256    See **docker-run(1)** for full documentation on the **run** command.
   257  
   258  **save**
   259    Save an image to a tar archive
   260    See **docker-save(1)** for full documentation on the **save** command.
   261  
   262  **search**
   263    Search for an image in the Docker index
   264    See **docker-search(1)** for full documentation on the **search** command.
   265  
   266  **start**
   267    Start a stopped container
   268    See **docker-start(1)** for full documentation on the **start** command.
   269  
   270  **stats**
   271    Display a live stream of one or more containers' resource usage statistics
   272    See **docker-stats(1)** for full documentation on the **stats** command.
   273  
   274  **stop**
   275    Stop a running container
   276    See **docker-stop(1)** for full documentation on the **stop** command.
   277  
   278  **tag**
   279    Tag an image into a repository
   280    See **docker-tag(1)** for full documentation on the **tag** command.
   281  
   282  **top**
   283    Lookup the running processes of a container
   284    See **docker-top(1)** for full documentation on the **top** command.
   285  
   286  **unpause**
   287    Unpause all processes within a container
   288    See **docker-unpause(1)** for full documentation on the **unpause** command.
   289  
   290  **version**
   291    Show the Docker version information
   292    See **docker-version(1)** for full documentation on the **version** command.
   293  
   294  **wait**
   295    Block until a container stops, then print its exit code
   296    See **docker-wait(1)** for full documentation on the **wait** command.
   297  
   298  # STORAGE DRIVER OPTIONS
   299  
   300  Docker uses storage backends (known as "graphdrivers" in the Docker
   301  internals) to create writable containers from images.  Many of these
   302  backends use operating system level technologies and can be
   303  configured.
   304  
   305  Specify options to the storage backend with **--storage-opt** flags. The only
   306  backend that currently takes options is *devicemapper*. Therefore use these
   307  flags with **-s=**devicemapper.
   308  
   309  Specifically for devicemapper, the default is a "loopback" model which
   310  requires no pre-configuration, but is extremely inefficient.  Do not
   311  use it in production.
   312  
   313  To make the best use of Docker with the devicemapper backend, you must
   314  have a recent version of LVM.  Use `lvm` to create a thin pool; for
   315  more information see `man lvmthin`.  Then, use `--storage-opt
   316  dm.thinpooldev` to tell the Docker engine to use that pool for
   317  allocating images and container snapshots.
   318  
   319  Here is the list of *devicemapper* options:
   320  
   321  #### dm.thinpooldev
   322  
   323  Specifies a custom block storage device to use for the thin pool.
   324  
   325  If using a block device for device mapper storage, it is best to use
   326  `lvm` to create and manage the thin-pool volume. This volume is then
   327  handed to Docker to create snapshot volumes needed for images and
   328  containers.
   329  
   330  Managing the thin-pool outside of Docker makes for the most feature-rich method
   331  of having Docker utilize device mapper thin provisioning as the backing storage
   332  for Docker's containers. The highlights of the LVM-based thin-pool management
   333  feature include: automatic or interactive thin-pool resize support, dynamically
   334  changing thin-pool features, automatic thinp metadata checking when lvm activates
   335  the thin-pool, etc.
   336  
   337  Example use: `docker -d --storage-opt dm.thinpooldev=/dev/mapper/thin-pool`
   338  
   339  #### dm.basesize
   340  
   341  Specifies the size to use when creating the base device, which limits
   342  the size of images and containers. The default value is 10G. Note,
   343  thin devices are inherently "sparse", so a 10G device which is mostly
   344  empty doesn't use 10 GB of space on the pool. However, the filesystem
   345  will use more space for base images the larger the device
   346  is. 
   347  
   348  This value affects the system-wide "base" empty filesystem that may already
   349  be initialized and inherited by pulled images. Typically, a change to this
   350  value requires additional steps to take effect:
   351  
   352          $ sudo service docker stop
   353          $ sudo rm -rf /var/lib/docker
   354          $ sudo service docker start
   355  
   356  Example use: `docker -d --storage-opt dm.basesize=20G`
   357  
   358  #### dm.fs
   359  
   360  Specifies the filesystem type to use for the base device. The
   361  supported options are `ext4` and `xfs`. The default is `ext4`.
   362  
   363  Example use: `docker -d --storage-opt dm.fs=xfs`
   364  
   365  #### dm.mkfsarg
   366  
   367  Specifies extra mkfs arguments to be used when creating the base device.
   368  
   369  Example use: `docker -d --storage-opt "dm.mkfsarg=-O ^has_journal"`
   370  
   371  #### dm.mountopt
   372  
   373  Specifies extra mount options used when mounting the thin devices.
   374  
   375  Example use: `docker -d --storage-opt dm.mountopt=nodiscard`
   376  
   377  #### dm.use_deferred_removal
   378  
   379  Enables use of deferred device removal if `libdm` and the kernel driver
   380  support the mechanism.
   381  
   382  Deferred device removal means that if device is busy when devices are
   383  being removed/deactivated, then a deferred removal is scheduled on
   384  device. And devices automatically go away when last user of the device
   385  exits.
   386  
   387  For example, when a container exits, its associated thin device is removed. If
   388  that device has leaked into some other mount namespace and can't be removed,
   389  the container exit still succeeds and this option causes the system to schedule
   390  the device for deferred removal. It does not wait in a loop trying to remove a busy
   391  device.
   392  
   393  Example use: `docker -d --storage-opt dm.use_deferred_removal=true`
   394  
   395  #### dm.loopdatasize
   396  
   397  **Note**: This option configures devicemapper loopback, which should not be used in production.
   398  
   399  Specifies the size to use when creating the loopback file for the
   400  "data" device which is used for the thin pool. The default size is
   401  100G. The file is sparse, so it will not initially take up
   402  this much space.
   403  
   404  Example use: `docker -d --storage-opt dm.loopdatasize=200G`
   405  
   406  #### dm.loopmetadatasize
   407  
   408  **Note**: This option configures devicemapper loopback, which should not be used in production.
   409  
   410  Specifies the size to use when creating the loopback file for the
   411  "metadadata" device which is used for the thin pool. The default size
   412  is 2G. The file is sparse, so it will not initially take up
   413  this much space.
   414  
   415  Example use: `docker -d --storage-opt dm.loopmetadatasize=4G`
   416  
   417  #### dm.datadev
   418  
   419  (Deprecated, use `dm.thinpooldev`)
   420  
   421  Specifies a custom blockdevice to use for data for a
   422  Docker-managed thin pool.  It is better to use `dm.thinpooldev` - see
   423  the documentation for it above for discussion of the advantages.
   424  
   425  #### dm.metadatadev
   426  
   427  (Deprecated, use `dm.thinpooldev`)
   428  
   429  Specifies a custom blockdevice to use for metadata for a
   430  Docker-managed thin pool.  See `dm.datadev` for why this is
   431  deprecated.
   432  
   433  #### dm.blocksize
   434  
   435  Specifies a custom blocksize to use for the thin pool.  The default
   436  blocksize is 64K.
   437  
   438  Example use: `docker -d --storage-opt dm.blocksize=512K`
   439  
   440  #### dm.blkdiscard
   441  
   442  Enables or disables the use of `blkdiscard` when removing devicemapper
   443  devices.  This is disabled by default due to the additional latency,
   444  but as a special case with loopback devices it will be enabled, in
   445  order to re-sparsify the loopback file on image/container removal.
   446  
   447  Disabling this on loopback can lead to *much* faster container removal
   448  times, but it also prevents the space used in `/var/lib/docker` directory
   449  from being returned to the system for other use when containers are
   450  removed.
   451  
   452  Example use: `docker -d --storage-opt dm.blkdiscard=false`
   453  
   454  #### dm.override_udev_sync_check
   455  
   456  By default, the devicemapper backend attempts to synchronize with the
   457  `udev` device manager for the Linux kernel.  This option allows
   458  disabling that synchronization, to continue even though the
   459  configuration may be buggy.
   460  
   461  To view the `udev` sync support of a Docker daemon that is using the
   462  `devicemapper` driver, run:
   463  
   464          $ docker info
   465  	[...]
   466  	 Udev Sync Supported: true
   467  	[...]
   468  
   469  When `udev` sync support is `true`, then `devicemapper` and `udev` can
   470  coordinate the activation and deactivation of devices for containers.
   471  
   472  When `udev` sync support is `false`, a race condition occurs between
   473  the`devicemapper` and `udev` during create and cleanup. The race
   474  condition results in errors and failures. (For information on these
   475  failures, see
   476  [docker#4036](https://github.com/docker/docker/issues/4036))
   477  
   478  To allow the `docker` daemon to start, regardless of whether `udev` sync is
   479  `false`, set `dm.override_udev_sync_check` to true:
   480  
   481          $ docker -d --storage-opt dm.override_udev_sync_check=true
   482  
   483  When this value is `true`, the driver continues and simply warns you
   484  the errors are happening.
   485  
   486  **Note**: The ideal is to pursue a `docker` daemon and environment
   487  that does support synchronizing with `udev`. For further discussion on
   488  this topic, see
   489  [docker#4036](https://github.com/docker/docker/issues/4036).
   490  Otherwise, set this flag for migrating existing Docker daemons to a
   491  daemon with a supported environment.
   492  
   493  # EXEC DRIVER OPTIONS
   494  
   495  Use the **--exec-opt** flags to specify options to the exec-driver. The only
   496  driver that accepts this flag is the *native* (libcontainer) driver. As a
   497  result, you must also specify **-s=**native for this option to have effect. The 
   498  following is the only *native* option:
   499  
   500  #### native.cgroupdriver
   501  Specifies the management of the container's `cgroups`. You can specify 
   502  `cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the 
   503  system uses `cgroupfs`.
   504  
   505  #### Client
   506  For specific client examples please see the man page for the specific Docker
   507  command. For example:
   508  
   509      man docker-run
   510  
   511  # HISTORY
   512  April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work.