Skip to content

This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!


Docker

Docker is a utility to pack, ship and run any application as a lightweight container.

Reference(s)

Table of contents


Install

Containers that produce kernel panics will induce kernel panics into the host operating system.

A correct kernel config is needed: See: https://wiki.gentoo.org/wiki/Docker#Kernel

Warning

After configuring the kernel don't forget to do a kernel make and rebuild!

# apt add docker
# apt install docker.io
# dnf install docker
$ sudo emerge -a app-containers/docker
$ sudo emerge -a app-emulation/docker-compose
$ /usr/share/docker/contrib/check-config.sh
# nix-env -iA nixos.docker
# nix-env -iA nixpkgs.docker
# pacman -S docker

For Artix users

  • If using dinit:
    # pacman -S docker docker-dinit
    
  • If using openrc:
    # pacman -S docker docker-openrc
    
  • If using runit:
    # pacman -S docker docker-runit
    
  • If using s6:
    # pacman -S docker docker-s6
    
# yum install docker
# xbps-install -S docker
# zypper install docker

Then, add it to your init system and start it:

# rc-update add docker default
# rc-service docker start

Depending on your runit implementation, either run:

# ln -s /etc/runit/sv/docker /service
or run:
# ln -s /etc/runit/sv/docker /var/service
or run:
# ln -s /etc/runit/sv/docker /run/runit/service
In any case, finally run:
# sv up docker

# service docker start
# chkconfig docker on
# systemctl enable docker
# systemctl start docker

Finally, check with # docker info that everything is fine.


Config

  • TODO : proxy...

  • Allow docker to be run without sudo (see https://askubuntu.com/a/477554):

    $ sudo groupadd docker
    $ sudo gpasswd -a $USER docker
    $ newgrp docker
    
    ⚠️ Be careful with the associated security risks: https://docs.docker.com/engine/security/#docker-daemon-attack-surface⚠️

  • Active experimental features of docker, by creating the file /etc/docker/daemon.json with the following content:

    {"experimental":true}
    

  • Change Docker root directory /var/lib/docker to another location (e.g. /new/path/docker):

TODO

Most distros using Runit won't store active services in the same directory. So let's define a $ACTIVE_RUNIT_SERVICE_DIR environment variable holding the path to that directory. Most common paths are:

  • /service/
  • /var/service/ (e.g. for Void Linux)
  • /etc/service/
  • /run/runit/service/ (e.g. for Artix Linux)
$ sudo sv stop docker

$ sudo vi $ACTIVE_RUNIT_SERVICE_DIR/docker/run
    > ...
  ~ > exec chpst -o 1048576 -p 1048576 dockerd --data-root="/new/path/docker"

$ sudo mkdir -p /new/path/docker
$ sudo rsync -aqxP /var/lib/docker/ /new/path/docker

$ sudo sv start docker

$ ps aux | grep dockerd | grep -v grep

TODO

$ sudo systemctl stop docker.service
$ sudo systemctl stop docker.socket

$ sudo vi /lib/systemd/system/docker.service
    > ...
  ~ > ExecStart=/usr/bin/dockerd --data-root="/new/path/docker" -H fd://
    > ...

$ sudo mkdir -p /new/path/docker
$ sudo rsync -aqxP /var/lib/docker/ /new/path/docker

$ sudo systemctl daemon-reload
$ sudo systemctl start dockerd

$ ps aux | grep dockerd | grep -v grep

Use

  • Start a container with an interactive Bash shell:

    $ sudo docker run --interactive <image_name> bash
    

    • E.g.
      $ docker run --interactive --name ubuntu-bash ubuntu bash
      $ docker run --interactive --name rocky-bash rockylinux bash
      $ docker run --interactive --name debian-bash debian bash
      
  • Start a container with an interactive Bash shell, with a pseudo-tty and auto-remove the container when done executing:

    $ sudo docker container run --interactive --tty --rm rockylinux bash
    

    • --interactive says you want an interactive session.
    • --tty allocates a pseudo-tty.
    • --rm tells Docker to go ahead and remove the container when it’s done executing.
  • "shell" into a running container (docker-1.3+):

    $ sudo docker exec -it <container_name> bash
    

  • Inspect a running container:

    $ sudo docker inspect <container_name> (or <container_id>)
    

  • Get the process ID for a container:

    $ sudo docker inspect --format {{.State.Pid}} <container_name_or_ID>
    

  • List the current mounted volumes for a container (and pretty print):

    $ sudo docker inspect --format='{{json .Volumes}}' <container_id> | python -mjson.tool
    

  • Copy files/folders between a container and your host:

    $ sudo docker cp foo.txt mycontainer:/foo.txt
    

  • List currently running containers:

    $ sudo docker ps
    

  • List all containers:

    $ sudo docker ps -a
    

  • Pull down an image (e.g. the latest Rocky Linux image):

    $ sudo docker pull rockylinux
    

  • List all images:

    $ sudo docker images
    

  • Remove a docker container:

    $ sudo docker image rm <container_name>
    

  • Remove a docker image (⚠️ check if a container is associated to it beforehand with $ docker ps -a):

    $ sudo docker image rmi <image_name>
    

  • Display system-wide information:

    $ sudo docker system info
    

  • Remove unused data:

    $ sudo docker system prune
    

  • Show docker disk usage:

    $ sudo docker system df
    

  • Remove all stopped containers, dangling images, and unused networks:

    $ sudo docker system prune
    
    If you want to remove all unused images not just the dangling ones, add the -a (--all) option to the command.

Buildx

https://docs.docker.com/desktop/multi-arch/

Troubleshooting

error pair interfaces: operation not supported

If you get an error like this one:

docker: Error response from daemon: failed to create endpoint cranky_einstein on network bridge: failed to add the host (vethf55744a) <=> sandbox (vethfce3f4d) pair interfaces: operation not supported.

Maybe you just did a Linux Kernel update, in that case: just restart the computer

warning /lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments

Using OpenRC, with /bin/sh as a symlink to /bin/dash, a warning is issued every time Docker is started or stopped:

/lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments
 * docker: unable to apply RC_ULIMIT settings
 * Stopping docker ...

See https://github.com/moby/moby/issues/43370.


If this cheat sheet has been useful to you, then please consider leaving a star here.