github.com/rentongzhang/docker@v1.8.2-rc1/man/docker.1.md (about) 1 % DOCKER(1) Docker User Manuals 2 % William Henry 3 % APRIL 2014 4 # NAME 5 docker \- Docker image and container command line interface 6 7 # SYNOPSIS 8 **docker** [OPTIONS] COMMAND [arg...] 9 10 # DESCRIPTION 11 **docker** has two distinct functions. It is used for starting the Docker 12 daemon and to run the CLI (i.e., to command the daemon to manage images, 13 containers etc.) So **docker** is both a server, as a daemon, and a client 14 to the daemon, through the CLI. 15 16 To run the Docker daemon you do not specify any of the commands listed below but 17 must specify the **-d** option. The other options listed below are for the 18 daemon only. 19 20 The Docker CLI has over 30 commands. The commands are listed below and each has 21 its own man page which explain usage and arguments. 22 23 To see the man page for a command run **man docker <command>**. 24 25 # OPTIONS 26 **--help** 27 Print usage statement 28 29 **--api-cors-header**="" 30 Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. 31 32 **-b**, **--bridge**="" 33 Attach containers to a pre\-existing network bridge; use 'none' to disable container networking 34 35 **--bip**="" 36 Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b 37 38 **--config**="" 39 Specifies the location of the Docker client configuration files. The default is '~/.docker'. 40 41 **-D**, **--debug**=*true*|*false* 42 Enable debug mode. Default is false. 43 44 **-d**, **--daemon**=*true*|*false* 45 Enable daemon mode. Default is false. 46 47 **--default-gateway**="" 48 IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) 49 50 **--default-gateway-v6**="" 51 IPv6 address of the container default gateway 52 53 **--default-ulimit**=[] 54 Set default ulimits for containers. 55 56 **--dns**="" 57 Force Docker to use specific DNS servers 58 59 **--dns-search**=[] 60 DNS search domains to use. 61 62 **-e**, **--exec-driver**="" 63 Force Docker to use specific exec driver. Default is `native`. 64 65 **--exec-opt**=[] 66 Set exec driver options. See EXEC DRIVER OPTIONS. 67 68 **--exec-root**="" 69 Path to use as the root of the Docker exec driver. Default is `/var/run/docker`. 70 71 **--fixed-cidr**="" 72 IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) 73 74 **--fixed-cidr-v6**="" 75 IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) 76 77 **-G**, **--group**="" 78 Group to assign the unix socket specified by -H when running in daemon mode. 79 use '' (the empty string) to disable setting of a group. Default is `docker`. 80 81 **-g**, **--graph**="" 82 Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. 83 84 **-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or 85 unix://[/path/to/socket] to use. 86 The socket(s) to bind to in daemon mode specified using one or more 87 tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. 88 89 **--icc**=*true*|*false* 90 Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true. 91 92 **--insecure-registry**=[] 93 Enable insecure registry communication. 94 95 **--ip**="" 96 Default IP address to use when binding container ports. Default is `0.0.0.0`. 97 98 **--ip-forward**=*true*|*false* 99 Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. 100 101 This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". 102 103 **--ip-masq**=*true*|*false* 104 Enable IP masquerading for bridge's IP range. Default is true. 105 106 **--iptables**=*true*|*false* 107 Enable Docker's addition of iptables rules. Default is true. 108 109 **--ipv6**=*true*|*false* 110 Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". 111 112 **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" 113 Set the logging level. Default is `info`. 114 115 **--label**="[]" 116 Set key=value labels to the daemon (displayed in `docker info`) 117 118 **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" 119 Default driver for container logs. Default is `json-file`. 120 **Warning**: `docker logs` command works only for `json-file` logging driver. 121 122 **--log-opt**=[] 123 Logging driver specific options. 124 125 **--mtu**=VALUE 126 Set the containers network mtu. Default is `0`. 127 128 **-p**, **--pidfile**="" 129 Path to use for daemon PID file. Default is `/var/run/docker.pid` 130 131 **--registry-mirror**=<scheme>://<host> 132 Prepend a registry mirror to be used for image pulls. May be specified multiple times. 133 134 **-s**, **--storage-driver**="" 135 Force the Docker runtime to use a specific storage driver. 136 137 **--selinux-enabled**=*true*|*false* 138 Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. 139 140 **--storage-opt**=[] 141 Set storage driver options. See STORAGE DRIVER OPTIONS. 142 143 **--tls**=*true*|*false* 144 Use TLS; implied by --tlsverify. Default is false. 145 146 **--tlscacert**=~/.docker/ca.pem 147 Trust certs signed only by this CA. 148 149 **--tlscert**=~/.docker/cert.pem 150 Path to TLS certificate file. 151 152 **--tlskey**=~/.docker/key.pem 153 Path to TLS key file. 154 155 **--tlsverify**=*true*|*false* 156 Use TLS and verify the remote (daemon: verify client, client: verify daemon). 157 Default is false. 158 159 **--userland-proxy**=*true*|*false* 160 Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. 161 162 **-v**, **--version**=*true*|*false* 163 Print version information and quit. Default is false. 164 165 # COMMANDS 166 **attach** 167 Attach to a running container 168 See **docker-attach(1)** for full documentation on the **attach** command. 169 170 **build** 171 Build an image from a Dockerfile 172 See **docker-build(1)** for full documentation on the **build** command. 173 174 **commit** 175 Create a new image from a container's changes 176 See **docker-commit(1)** for full documentation on the **commit** command. 177 178 **cp** 179 Copy files/folders from a container's filesystem to the host 180 See **docker-cp(1)** for full documentation on the **cp** command. 181 182 **create** 183 Create a new container 184 See **docker-create(1)** for full documentation on the **create** command. 185 186 **diff** 187 Inspect changes on a container's filesystem 188 See **docker-diff(1)** for full documentation on the **diff** command. 189 190 **events** 191 Get real time events from the server 192 See **docker-events(1)** for full documentation on the **events** command. 193 194 **exec** 195 Run a command in a running container 196 See **docker-exec(1)** for full documentation on the **exec** command. 197 198 **export** 199 Stream the contents of a container as a tar archive 200 See **docker-export(1)** for full documentation on the **export** command. 201 202 **history** 203 Show the history of an image 204 See **docker-history(1)** for full documentation on the **history** command. 205 206 **images** 207 List images 208 See **docker-images(1)** for full documentation on the **images** command. 209 210 **import** 211 Create a new filesystem image from the contents of a tarball 212 See **docker-import(1)** for full documentation on the **import** command. 213 214 **info** 215 Display system-wide information 216 See **docker-info(1)** for full documentation on the **info** command. 217 218 **inspect** 219 Return low-level information on a container or image 220 See **docker-inspect(1)** for full documentation on the **inspect** command. 221 222 **kill** 223 Kill a running container (which includes the wrapper process and everything 224 inside it) 225 See **docker-kill(1)** for full documentation on the **kill** command. 226 227 **load** 228 Load an image from a tar archive 229 See **docker-load(1)** for full documentation on the **load** command. 230 231 **login** 232 Register or login to a Docker Registry 233 See **docker-login(1)** for full documentation on the **login** command. 234 235 **logout** 236 Log the user out of a Docker Registry 237 See **docker-logout(1)** for full documentation on the **logout** command. 238 239 **logs** 240 Fetch the logs of a container 241 See **docker-logs(1)** for full documentation on the **logs** command. 242 243 **pause** 244 Pause all processes within a container 245 See **docker-pause(1)** for full documentation on the **pause** command. 246 247 **port** 248 Lookup the public-facing port which is NAT-ed to PRIVATE_PORT 249 See **docker-port(1)** for full documentation on the **port** command. 250 251 **ps** 252 List containers 253 See **docker-ps(1)** for full documentation on the **ps** command. 254 255 **pull** 256 Pull an image or a repository from a Docker Registry 257 See **docker-pull(1)** for full documentation on the **pull** command. 258 259 **push** 260 Push an image or a repository to a Docker Registry 261 See **docker-push(1)** for full documentation on the **push** command. 262 263 **rename** 264 Rename a container. 265 See **docker-rename(1)** for full documentation on the **rename** command. 266 267 **restart** 268 Restart a running container 269 See **docker-restart(1)** for full documentation on the **restart** command. 270 271 **rm** 272 Remove one or more containers 273 See **docker-rm(1)** for full documentation on the **rm** command. 274 275 **rmi** 276 Remove one or more images 277 See **docker-rmi(1)** for full documentation on the **rmi** command. 278 279 **run** 280 Run a command in a new container 281 See **docker-run(1)** for full documentation on the **run** command. 282 283 **save** 284 Save an image to a tar archive 285 See **docker-save(1)** for full documentation on the **save** command. 286 287 **search** 288 Search for an image in the Docker index 289 See **docker-search(1)** for full documentation on the **search** command. 290 291 **start** 292 Start a stopped container 293 See **docker-start(1)** for full documentation on the **start** command. 294 295 **stats** 296 Display a live stream of one or more containers' resource usage statistics 297 See **docker-stats(1)** for full documentation on the **stats** command. 298 299 **stop** 300 Stop a running container 301 See **docker-stop(1)** for full documentation on the **stop** command. 302 303 **tag** 304 Tag an image into a repository 305 See **docker-tag(1)** for full documentation on the **tag** command. 306 307 **top** 308 Lookup the running processes of a container 309 See **docker-top(1)** for full documentation on the **top** command. 310 311 **unpause** 312 Unpause all processes within a container 313 See **docker-unpause(1)** for full documentation on the **unpause** command. 314 315 **version** 316 Show the Docker version information 317 See **docker-version(1)** for full documentation on the **version** command. 318 319 **wait** 320 Block until a container stops, then print its exit code 321 See **docker-wait(1)** for full documentation on the **wait** command. 322 323 # STORAGE DRIVER OPTIONS 324 325 Docker uses storage backends (known as "graphdrivers" in the Docker 326 internals) to create writable containers from images. Many of these 327 backends use operating system level technologies and can be 328 configured. 329 330 Specify options to the storage backend with **--storage-opt** flags. The only 331 backend that currently takes options is *devicemapper*. Therefore use these 332 flags with **-s=**devicemapper. 333 334 Specifically for devicemapper, the default is a "loopback" model which 335 requires no pre-configuration, but is extremely inefficient. Do not 336 use it in production. 337 338 To make the best use of Docker with the devicemapper backend, you must 339 have a recent version of LVM. Use `lvm` to create a thin pool; for 340 more information see `man lvmthin`. Then, use `--storage-opt 341 dm.thinpooldev` to tell the Docker engine to use that pool for 342 allocating images and container snapshots. 343 344 Here is the list of *devicemapper* options: 345 346 #### dm.thinpooldev 347 348 Specifies a custom block storage device to use for the thin pool. 349 350 If using a block device for device mapper storage, it is best to use 351 `lvm` to create and manage the thin-pool volume. This volume is then 352 handed to Docker to create snapshot volumes needed for images and 353 containers. 354 355 Managing the thin-pool outside of Docker makes for the most feature-rich method 356 of having Docker utilize device mapper thin provisioning as the backing storage 357 for Docker's containers. The highlights of the LVM-based thin-pool management 358 feature include: automatic or interactive thin-pool resize support, dynamically 359 changing thin-pool features, automatic thinp metadata checking when lvm activates 360 the thin-pool, etc. 361 362 Example use: `docker -d --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` 363 364 #### dm.basesize 365 366 Specifies the size to use when creating the base device, which limits 367 the size of images and containers. The default value is 100G. Note, 368 thin devices are inherently "sparse", so a 100G device which is mostly 369 empty doesn't use 100 GB of space on the pool. However, the filesystem 370 will use more space for base images the larger the device 371 is. 372 373 This value affects the system-wide "base" empty filesystem that may already 374 be initialized and inherited by pulled images. Typically, a change to this 375 value requires additional steps to take effect: 376 377 $ sudo service docker stop 378 $ sudo rm -rf /var/lib/docker 379 $ sudo service docker start 380 381 Example use: `docker -d --storage-opt dm.basesize=20G` 382 383 #### dm.fs 384 385 Specifies the filesystem type to use for the base device. The 386 supported options are `ext4` and `xfs`. The default is `ext4`. 387 388 Example use: `docker -d --storage-opt dm.fs=xfs` 389 390 #### dm.mkfsarg 391 392 Specifies extra mkfs arguments to be used when creating the base device. 393 394 Example use: `docker -d --storage-opt "dm.mkfsarg=-O ^has_journal"` 395 396 #### dm.mountopt 397 398 Specifies extra mount options used when mounting the thin devices. 399 400 Example use: `docker -d --storage-opt dm.mountopt=nodiscard` 401 402 #### dm.use_deferred_removal 403 404 Enables use of deferred device removal if `libdm` and the kernel driver 405 support the mechanism. 406 407 Deferred device removal means that if device is busy when devices are 408 being removed/deactivated, then a deferred removal is scheduled on 409 device. And devices automatically go away when last user of the device 410 exits. 411 412 For example, when a container exits, its associated thin device is removed. If 413 that device has leaked into some other mount namespace and can't be removed, 414 the container exit still succeeds and this option causes the system to schedule 415 the device for deferred removal. It does not wait in a loop trying to remove a busy 416 device. 417 418 Example use: `docker -d --storage-opt dm.use_deferred_removal=true` 419 420 #### dm.loopdatasize 421 422 **Note**: This option configures devicemapper loopback, which should not be used in production. 423 424 Specifies the size to use when creating the loopback file for the 425 "data" device which is used for the thin pool. The default size is 426 100G. The file is sparse, so it will not initially take up 427 this much space. 428 429 Example use: `docker -d --storage-opt dm.loopdatasize=200G` 430 431 #### dm.loopmetadatasize 432 433 **Note**: This option configures devicemapper loopback, which should not be used in production. 434 435 Specifies the size to use when creating the loopback file for the 436 "metadata" device which is used for the thin pool. The default size 437 is 2G. The file is sparse, so it will not initially take up 438 this much space. 439 440 Example use: `docker -d --storage-opt dm.loopmetadatasize=4G` 441 442 #### dm.datadev 443 444 (Deprecated, use `dm.thinpooldev`) 445 446 Specifies a custom blockdevice to use for data for a 447 Docker-managed thin pool. It is better to use `dm.thinpooldev` - see 448 the documentation for it above for discussion of the advantages. 449 450 #### dm.metadatadev 451 452 (Deprecated, use `dm.thinpooldev`) 453 454 Specifies a custom blockdevice to use for metadata for a 455 Docker-managed thin pool. See `dm.datadev` for why this is 456 deprecated. 457 458 #### dm.blocksize 459 460 Specifies a custom blocksize to use for the thin pool. The default 461 blocksize is 64K. 462 463 Example use: `docker -d --storage-opt dm.blocksize=512K` 464 465 #### dm.blkdiscard 466 467 Enables or disables the use of `blkdiscard` when removing devicemapper 468 devices. This is disabled by default due to the additional latency, 469 but as a special case with loopback devices it will be enabled, in 470 order to re-sparsify the loopback file on image/container removal. 471 472 Disabling this on loopback can lead to *much* faster container removal 473 times, but it also prevents the space used in `/var/lib/docker` directory 474 from being returned to the system for other use when containers are 475 removed. 476 477 Example use: `docker -d --storage-opt dm.blkdiscard=false` 478 479 #### dm.override_udev_sync_check 480 481 By default, the devicemapper backend attempts to synchronize with the 482 `udev` device manager for the Linux kernel. This option allows 483 disabling that synchronization, to continue even though the 484 configuration may be buggy. 485 486 To view the `udev` sync support of a Docker daemon that is using the 487 `devicemapper` driver, run: 488 489 $ docker info 490 [...] 491 Udev Sync Supported: true 492 [...] 493 494 When `udev` sync support is `true`, then `devicemapper` and `udev` can 495 coordinate the activation and deactivation of devices for containers. 496 497 When `udev` sync support is `false`, a race condition occurs between 498 the `devicemapper` and `udev` during create and cleanup. The race 499 condition results in errors and failures. (For information on these 500 failures, see 501 [docker#4036](https://github.com/docker/docker/issues/4036)) 502 503 To allow the `docker` daemon to start, regardless of whether `udev` sync is 504 `false`, set `dm.override_udev_sync_check` to true: 505 506 $ docker -d --storage-opt dm.override_udev_sync_check=true 507 508 When this value is `true`, the driver continues and simply warns you 509 the errors are happening. 510 511 **Note**: The ideal is to pursue a `docker` daemon and environment 512 that does support synchronizing with `udev`. For further discussion on 513 this topic, see 514 [docker#4036](https://github.com/docker/docker/issues/4036). 515 Otherwise, set this flag for migrating existing Docker daemons to a 516 daemon with a supported environment. 517 518 # EXEC DRIVER OPTIONS 519 520 Use the **--exec-opt** flags to specify options to the exec-driver. The only 521 driver that accepts this flag is the *native* (libcontainer) driver. As a 522 result, you must also specify **-s=**native for this option to have effect. The 523 following is the only *native* option: 524 525 #### native.cgroupdriver 526 Specifies the management of the container's `cgroups`. You can specify 527 `cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the 528 system uses `cgroupfs`. 529 530 #### Client 531 For specific client examples please see the man page for the specific Docker 532 command. For example: 533 534 man docker-run 535 536 # HISTORY 537 April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work.