A docker is a small container which has a small operating system to run specified application with all its libraries. We can have lots and lots of containers in our machine to perform various tasks. If you are still confused, refer the wiki pages and to get started and install docker read the blog “Install Docker on Raspberry Pi“.
In this Blog we are going to discuss about the working of docker and various command used to manage docker. This can also serve as a cheat sheet while working with docker.
List all images on the system.
Run a docker image
The following will run the docker images. The container will run with a process and if the main process stops the container dies with it.
docker run docker run <name of the image> <process to run in that image> docker run -ti #(terminal interactive) docker run --rm #(delete container when the process finishes) docker run -d #(runs a detached container. It runs in the background and keeps it running) docker run --name #(to give container name explicitly) docker run -it debian bash -c "sleep 3; echo all done" #(running one after another command)
Attach a detached container
To attach a detached container docker ps docker attach <container name>
Alternatively, if you want to put the current container in background, then enter the following commands.
ctrl+p + cntrl+q
We can attach this container by attache command again.
Add another process to running container
To add another process with running container (good for debugging).
docker exec -ti <container_name> <process_name> eg:- docker exec -ti suspicious_williams bash
Note:- If the original container exits. This process will die with it.
Check running containers
The following will show us all the running containers.
To see all containers, even the stopped container
docker ps -a
To see the last exited container
docker ps -l
Note: Usually when we run a container and make some changes in it, after that if we stop it all the changes will vanish until with commit it as a image. To save the container permanently we have to commit the container.
The following will make a new image from the recently stopped container.
docker commit <Container_ID>
Now to give the image a name, we have to type
docker tag <image_ID or container_name> <desired name>
[email protected]:~ $ docker run -ti debian:latest bash [email protected]:/# cd [email protected]:~# touch new_file [email protected]:~# exit exit [email protected]:~ $ docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 777cbc7124d8 debian:latest "bash" 28 seconds ago Exited (0) 6 seconds ago keen_murdock [email protected]:~ $ docker commit keen_murdock img_new sha256:5bece2fef595012cbedabbe643b0f92d2a13df1646f4230dc66c75d1c916b595 [email protected]:~ $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE img_new latest 5bece2fef595 7 seconds ago 86.2MB nextcloud latest 865830c36e28 3 days ago 463MB debian latest f3c39a3f6108 2 weeks ago 86.2MB hypriot/rpi-mysql latest 4f3cbdbc3bdb 5 months ago 209MB
We use it to see the output of the container which has already died. This is very useful for debugging.
docker logs #(keeps the logs of the containers) docker logs <Container Name> #(gives the logs of the containers)
To investigate container
Will give all the information about running container including the environment variables.
docker inspect <Container-name>
To stop a container
docker kill <container name> #(stops the container) docker rm <container name> #(deletes the container)
Note:- We have to remove the stopped container, if we wish to create a new container with the same name.
We can limit the memory used by docker.
docker run --memory maximum-allowed-memory image-name command
docker run --cpu-shares #(relative to other containers, if one is free other can use full cpu and vice-versa) docker run --cpu-quota #(specified cpu shares)
Note: – Make your containers include all your dependencies inside.
Don’t leave important things inside un-named containers
Networking in Docker
Docker provides its private networks. We can explicitly set who can talk to whom and any container do not interfere with others.This is achieved by explicitly exposing ports from inside to outside.
docker run --rm -ti -p outside-port-number:inside-port-number --name server-test debian bash example :- docker run -rm -ti -p 45678:45678 --name server-testing debian bash
Expose port dynamically
Docker has commands to list the exposed ports form a container.
docker port <container-name>
Note:-In certain cases to avoid conflicting port numbers, we can specify only the inside port and outside port will be decided by docker.
eg:- docker run --rm -ti -p 45678 -p 45679 --name test-server debian bash
Exposing (tcp/udp) ports
You can choose which type of port needs to be exposed. Although by default tcp is used
docker run -p outside-port:inside-port/protocol(tcp/udp) eg:- docker run -p 1234:1234/udp
Note: Ports are forwarded “from inside to outside”
Rename running containers
docker rename <old-container-name> <new-container-name>
We can link containers within docker without using external network(explicitly exposing the ports).
- Generally used in orchestration
- Link all ports, and that to only one way. (from client to server)
- Only for services that run on same machine.
- A service and its heath check. – good examples.
- A service and its database. – may be used separately
- Automatically assigns a hostname.
docker run -ti --rm --name server debian bash #(server) docker run -ti --rm --link server --name client debian bash #(client)
It does this by adding an entry in “/etc/hosts” automatically in client for server, as soon as the client starts.
Note:- This has a downside as both the services should start in parallel. Otherwise link would break. To overcome this issue we can use Docker’s built in networks. You can create these networks in advance and these will serve as a DNS server which will automatically map both the linking containers.
Create docker network
docker network create <network-name> #(creates a network) docker network ls #(list all the network) docker network inspect <network-name> #(shows details of network and the assigned IP's to the containers) eg: - docker network create example
Now let us link containers to this new virtualDNS
docker run --rm -ti --net=example --name server debian bash docker run --rm -ti --link server --net=example --name client debian bash
Note:-We can make applications to listen connections from the internet. The ip address will start form 0.0.0.0
In contrast, if we want to restrict it to local host we can give local host address. 127.0.0.1:1234:1234
ex-: docker run -p 127.0.0.1:1234:1234/tcp
Docker commit tags images for you
docker commit <container-ID> <image-name> #(tag name defaults to latest) docker commit <container-ID> <image-name>:<tag-name> eg:- docker commit 12j1jg2yg3hj3k3 debian:v2
docker pull #(to pull the images from the registry(repository))
docker rmi <image-id> docker rmi <image-name>:<tag>
Volumes are like shared folders. We can share these between two dockers or host and dockers.
Two types of shared volumes
- Persistent – Will exist even if the container is down.
- Ephemeral – They will exist as long as the containers are using them. However if no container is using, they will vanish.
Sharing data with the host and docker
These are similar to sharing files and folders to virtual machines.
docker run -ti -v <entire-path-on-the-host-machine>:<path-inside-docker-where-this-folder-will-be-found> debian bash eg:- docker run -ti -v /home/shashank/example:/shared-folder ubuntu bash
Note:- For sharing a file just specify a file instead of folder. Be mindful that the file exit otherwise docker will consider it as a folder.
Sharing data between containers
Argument used –> volumes-from
These volumes exit until the containers exits which are using them.
docker run -ti -v /shared-data debian bash $echo hello > /shared-folder/data-file docker run -ti --volumes-from sick_hopper debian bash
This shared folder will be present in this new container.
Volumes mostly implicitly decides the bounds and set things up. However, in certain cases where it is needed to share folder between the host and the container we have to explicitly define the bounds and mounts the folder.
Note:- If using volume fives an error use mounting.
Pieces of software which manages images. We can run our own registries as well. Additionally, docker as a company provides free registry platform (hub.docker.com)
Finding images on command line
First create an account on hub.docker.com
docker login #(enter your username and password) docker search <images-name>
To pull that image on local system
docker pull debian
Push an image to registry
docker tag debian:sid tec2home/test-image-1:V20.1 #(renaming docker image) docker push tec2home/test-image-1:V20.1 #(This image is available for all the world)
Mentioning the gist of all the commands.
|docker attach||Attach local standard input, output, and error streams to a running container|
|docker build||Build an image from a Dockerfile|
|docker checkpoint||Manage checkpoints|
|docker commit||Create a new image from a container’s changes|
|docker config||Manage Docker configs|
|docker container||Manage containers|
|docker cp||Copy files/folders between a container and the local filesystem|
|docker create||Create a new container|
|docker deploy||Deploy a new stack or update an existing stack|
|docker diff||Inspect changes to files or directories on a container’s filesystem|
|docker events||Get real time events from the server|
|docker exec||Run a command in a running container|
|docker export||Export a container’s filesystem as a tar archive|
|docker history||Show the history of an image|
|docker image||Manage images|
|docker images||List images|
|docker import||Import the contents from a tarball to create a filesystem image|
|docker info||Display system-wide information|
|docker inspect||Return low-level information on Docker objects|
|docker kill||Kill one or more running containers|
|docker load||Load an image from a tar archive or STDIN|
|docker login||Log in to a Docker registry|
|docker logout||Log out from a Docker registry|
|docker logs||Fetch the logs of a container|
|docker manifest||Manage Docker image manifests and manifest lists|
|docker network||Manage networks|
|docker node||Manage Swarm nodes|
|docker pause||Pause all processes within one or more containers|
|docker plugin||Manage plugins|
|docker port||List port mappings or a specific mapping for the container|
|docker ps||List containers|
|docker pull||Pull an image or a repository from a registry|
|docker push||Push an image or a repository to a registry|
|docker rename||Rename a container|
|docker restart||Restart one or more containers|
|docker rm||Remove one or more containers|
|docker rmi||Remove one or more images|
|docker run||Run a command in a new container|
|docker save||Save one or more images to a tar archive (streamed to STDOUT by default)|
|docker search||Search the Docker Hub for images|
|docker secret||Manage Docker secrets|
|docker service||Manage services|
|docker stack||Manage Docker stacks|
|docker start||Start one or more stopped containers|
|docker stats||Display a live stream of container(s) resource usage statistics|
|docker stop||Stop one or more running containers|
|docker swarm||Manage Swarm|
|docker system||Manage Docker|
|docker tag||Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE|
|docker top||Display the running processes of a container|
|docker trust||Manage trust on Docker images|
|docker unpause||Unpause all processes within one or more containers|
|docker update||Update configuration of one or more containers|
|docker version||Show the Docker version information|
|docker volume||Manage volumes|
|docker wait||Block until one or more containers stop, then print their exit codes|
References and additional resources