This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!
Docker is a utility to pack, ship and run any application as a lightweight container.
Table of contents¶
Containers that produce kernel panics will induce kernel panics into the host operating system.
# rpm --import https://download.docker.com/linux/centos/gpg # vi /etc/yum.repos.d/docker-ce.repo > [docker] > name=Docker > baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable > enabled=1 > gpgcheck=1 > gpgkey=https://download.docker.com/linux/centos/gpg # dnf install -y docker-ce # dnf install docker-compose
Then, add it to your init system and start it:
Depending on your
runit implementation, either run:
Finally, check with
# docker info that everything is fine.
TODO : proxy...
Allow docker to be run without
⚠️ Be careful with the associated security risks: https://docs.docker.com/engine/security/#docker-daemon-attack-surface
Active experimental features of docker, by creating the file
/etc/docker/daemon.jsonwith the following content:
Change Docker root directory
/var/lib/dockerto another location (e.g.
Most distros using Runit won't store active services in the same directory. So let's
$ACTIVE_RUNIT_SERVICE_DIR environment variable holding the path to that
directory. Most common paths are:
/var/service/(e.g. for Void Linux)
/run/runit/service/(e.g. for Artix Linux)
$ sudo systemctl stop docker.service $ sudo systemctl stop docker.socket $ sudo vi /lib/systemd/system/docker.service > ... ~ > ExecStart=/usr/bin/dockerd --data-root="/new/path/docker" -H fd:// > ... $ sudo mkdir -p /new/path/docker $ sudo rsync -aqxP /var/lib/docker/ /new/path/docker $ sudo systemctl daemon-reload $ sudo systemctl start dockerd $ ps aux | grep dockerd | grep -v grep
- It is possible to use a Btrfs or ZFS (or etc) storage driver for Docker, see https://wiki.archlinux.org/title/Docker#Storage_driver and https://wiki.gentoo.org/wiki/Docker#Storage_driver.
$ docker --help Common Commands: run Create and run a new container from an image exec Execute a command in a running container ps List containers build Build an image from a Dockerfile pull Download an image from a registry push Upload an image to a registry images List images login Log in to a registry logout Log out from a registry search Search Docker Hub for images version Show the Docker version information info Display system-wide information Other Commands: attach Attach local standard input, output, and error streams to a running container commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server export Export a container's filesystem as a tar archive history Show the history of an image import Import the contents from a tarball to create a filesystem image inspect Return low-level information on Docker objects kill Kill one or more running containers load Load an image from a tar archive or STDIN logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images save Save one or more images to a tar archive (streamed to STDOUT by default) start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers wait Block until one or more containers stop, then print their exit codes Management Commands: builder Manage builds checkpoint Manage checkpoints compose* Docker Compose (Docker Inc., 2.19.1) container Manage containers context Manage contexts image Manage images manifest Manage Docker image manifests and manifest lists network Manage networks plugin Manage plugins system Manage Docker trust Manage trust on Docker images volume Manage volumes Swarm Commands: swarm Manage Swarm ...
Create and run a container with an interactive (
--interactive) Bash shell (i.e. keeping stdin open even if not attached):
Create and run a container with an interactive Bash shell, assigning a name (
--name) to the container (easier to use/read than a container ID):
Create and run a container with an interactive Bash shell, allocating a pseudo-tty (
--tty) and auto removing (
--rm) the container when done executing:
Create and run a container in detach (
--detach) mode (i.e. in the background), with an interactive Bash shell, and with a pseudo-tty:
Reattach to a detached running container:
"shell" into a running container (
docker-1.3+), better than
docker attachbecause exiting won't stop the container:
Stop a running container:
Start a stoped container:
Inspect a running container:
Get the process ID for a container:
List the current mounted volumes for a container (and pretty print):
Copy files/folders between a container and your host:
List currently running containers:
List all containers:
Pull down an image (e.g. the latest Rocky Linux image):
List all images:
Remove a docker container:
Remove a docker image (⚠️ check if a container is associated to it beforehand with
$ docker ps -a):
Display system-wide information:
Remove unused data:
Show docker disk usage:
Remove all stopped containers, dangling images, and unused networks:
--all) option to the command.
List all docker networks:
Docker Compose is an alternate CLI front-end for the Docker Engine, which specifies properties of
containers using a
docker-compose.yml YAML file rather than, for example, a script with docker
run options. This is useful for setting up services that are use often and/or have complex
[Unit] Description=service_name with docker compose PartOf=docker.service After=docker.service [Service] Type=oneshot RemainAfterExit=true WorkingDirectory=/etc/docker/compose/ ExecStart=/usr/bin/docker-compose -f service_name.yml up -d --remove-orphans ExecStop=/usr/bin/docker-compose -f service_name.yml down [Install] WantedBy=multi-user.target
Shell access whilst the container is running:
To monitor the logs of the container in real-time:
Container version number
Image version number
pair interfaces: operation not supported¶
If you get an error like this one:
Maybe you just did a Linux Kernel update, in that case: just restart the computer
/lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments¶
Using OpenRC, with
/bin/sh as a symlink to
/bin/dash, a warning is issued every time Docker is
started or stopped:
If this cheat sheet has been useful to you, then please consider leaving a star here.