Skip to content

This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!


Docker

Docker is a utility to pack, ship and run any application as a lightweight container.

Reference(s)

Table of contents


Install

Containers that produce kernel panics will induce kernel panics into the host operating system.

A correct kernel config is needed: See: https://wiki.gentoo.org/wiki/Docker#Kernel

Warning

After configuring the kernel don't forget to do a kernel make and rebuild!

# apt add docker
# apt install docker.io
# rpm --import https://download.docker.com/linux/centos/gpg
# vi /etc/yum.repos.d/docker-ce.repo
    > [docker]
    > name=Docker
    > baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable
    > enabled=1
    > gpgcheck=1
    > gpgkey=https://download.docker.com/linux/centos/gpg
# dnf install -y docker-ce

# dnf install docker-compose
$ sudo emerge -a app-containers/docker
$ sudo emerge -a app-emulation/docker-compose
$ /usr/share/docker/contrib/check-config.sh
# nix-env -iA nixos.docker
# nix-env -iA nixos.docker-compose
# nix-env -iA nixpkgs.docker
# nix-env -iA nixpkgs.docker-compose
# pacman -S docker docker-compose

For Artix users

  • If using dinit:
    # pacman -S docker docker-compose docker-dinit
    
  • If using openrc:
    # pacman -S docker docker-compose docker-openrc
    
  • If using runit:
    # pacman -S docker docker-compose docker-runit
    
  • If using s6:
    # pacman -S docker docker-compose docker-s6
    
# yum install docker
# xbps-install -S docker
# zypper install docker

Then, add it to your init system and start it:

# rc-update add docker default
# rc-service docker start

Depending on your runit implementation, either run:

# ln -s /etc/runit/sv/docker /service
or run:
# ln -s /etc/runit/sv/docker /var/service
or run:
# ln -s /etc/runit/sv/docker /run/runit/service
In any case, finally run:
# sv up docker

# service docker start
# chkconfig docker on
# systemctl enable docker
# systemctl start docker

Finally, check with # docker info that everything is fine.


Config

  • TODO : proxy...

  • Allow docker to be run without sudo (see https://askubuntu.com/a/477554):

    $ sudo groupadd docker
    $ sudo gpasswd -a $USER docker
    $ newgrp docker
    

    ⚠️ Be careful with the associated security risks: https://docs.docker.com/engine/security/#docker-daemon-attack-surface

  • Active experimental features of docker, by creating the file /etc/docker/daemon.json with the following content:

    {"experimental":true}
    
  • Change Docker root directory /var/lib/docker to another location (e.g. /new/path/docker):

TODO

Most distros using Runit won't store active services in the same directory. So let's define a $ACTIVE_RUNIT_SERVICE_DIR environment variable holding the path to that directory. Most common paths are:

  • /service/
  • /var/service/ (e.g. for Void Linux)
  • /etc/service/
  • /run/runit/service/ (e.g. for Artix Linux)
$ sudo sv stop docker

$ sudo vi $ACTIVE_RUNIT_SERVICE_DIR/docker/run
    > ...
  ~ > exec chpst -o 1048576 -p 1048576 dockerd --data-root="/new/path/docker"

$ sudo mkdir -p /new/path/docker
$ sudo rsync -aqxP /var/lib/docker/ /new/path/docker

$ sudo sv start docker

$ ps aux | grep dockerd | grep -v grep

TODO

$ sudo systemctl stop docker.service
$ sudo systemctl stop docker.socket

$ sudo vi /lib/systemd/system/docker.service
    > ...
  ~ > ExecStart=/usr/bin/dockerd --data-root="/new/path/docker" -H fd://
    > ...

$ sudo mkdir -p /new/path/docker
$ sudo rsync -aqxP /var/lib/docker/ /new/path/docker

$ sudo systemctl daemon-reload
$ sudo systemctl start dockerd

$ ps aux | grep dockerd | grep -v grep

Use

  • Print help:

    $ docker --help
    
        Common Commands:
          run         Create and run a new container from an image
          exec        Execute a command in a running container
          ps          List containers
          build       Build an image from a Dockerfile
          pull        Download an image from a registry
          push        Upload an image to a registry
          images      List images
          login       Log in to a registry
          logout      Log out from a registry
          search      Search Docker Hub for images
          version     Show the Docker version information
          info        Display system-wide information
    
        Other Commands:
          attach      Attach local standard input, output, and error streams to a running container
          commit      Create a new image from a container's changes
          cp          Copy files/folders between a container and the local filesystem
          create      Create a new container
          diff        Inspect changes to files or directories on a container's filesystem
          events      Get real time events from the server
          export      Export a container's filesystem as a tar archive
          history     Show the history of an image
          import      Import the contents from a tarball to create a filesystem image
          inspect     Return low-level information on Docker objects
          kill        Kill one or more running containers
          load        Load an image from a tar archive or STDIN
          logs        Fetch the logs of a container
          pause       Pause all processes within one or more containers
          port        List port mappings or a specific mapping for the container
          rename      Rename a container
          restart     Restart one or more containers
          rm          Remove one or more containers
          rmi         Remove one or more images
          save        Save one or more images to a tar archive (streamed to STDOUT by default)
          start       Start one or more stopped containers
          stats       Display a live stream of container(s) resource usage statistics
          stop        Stop one or more running containers
          tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
          top         Display the running processes of a container
          unpause     Unpause all processes within one or more containers
          update      Update configuration of one or more containers
          wait        Block until one or more containers stop, then print their exit codes
    
        Management Commands:
          builder     Manage builds
          checkpoint  Manage checkpoints
          compose*    Docker Compose (Docker Inc., 2.19.1)
          container   Manage containers
          context     Manage contexts
          image       Manage images
          manifest    Manage Docker image manifests and manifest lists
          network     Manage networks
          plugin      Manage plugins
          system      Manage Docker
          trust       Manage trust on Docker images
          volume      Manage volumes
    
        Swarm Commands:
          swarm       Manage Swarm
    
        ...
    
  • Create and run a container with an interactive (-i, --interactive) Bash shell (i.e. keeping stdin open even if not attached):

    $ sudo docker run --interactive <image_name> bash
    
    • E.g.
    $ docker run --interactive --name ubuntu-bash ubuntu bash
    $ docker run --interactive --name rocky-bash rockylinux bash
    $ docker run --interactive --name debian-bash debian bash
    
  • Create and run a container with an interactive Bash shell, assigning a name (--name) to the container (easier to use/read than a container ID):

    $ sudo docker run --interactive --name rocky-bash rockylinux bash
    
  • Create and run a container with an interactive Bash shell, allocating a pseudo-tty (-t, --tty) and auto removing (--rm) the container when done executing:

    $ sudo docker run --interactive --tty --rm rockylinux bash
    
  • Create and run a container in detach (-d, --detach) mode (i.e. in the background), with an interactive Bash shell, and with a pseudo-tty:

    $ sudo docker run -dit rockylinux bash
    
  • Reattach to a detached running container:

    $ sudo docker attach <container_name_or_id>
    
  • "shell" into a running container (docker-1.3+), better than docker attach because exiting won't stop the container:

    $ sudo docker exec -it <container_name_or_id> bash
    
  • Stop a running container:

    $ sudo docker stop <container_name_or_id>
    
  • Start a stoped container:

    $ sudo docker start <container_name_or_id>
    
  • Inspect a running container:

    $ sudo docker inspect <container_name_or_id>
    
  • Get the process ID for a container:

    $ sudo docker inspect --format {{.State.Pid}} <container_name_or_id>
    
  • List the current mounted volumes for a container (and pretty print):

    $ sudo docker inspect --format='{{json .Volumes}}' <container_id> | python -mjson.tool
    
  • Copy files/folders between a container and your host:

    $ sudo docker cp foo.txt mycontainer:/foo.txt
    
  • List currently running containers:

    $ sudo docker ps
    
  • List all containers:

    $ sudo docker ps -a
    
  • Pull down an image (e.g. the latest Rocky Linux image):

    $ sudo docker pull rockylinux
    
  • List all images:

    $ sudo docker images
    
  • Remove a docker container:

    $ sudo docker image rm <container_name>
    
  • Remove a docker image (⚠️ check if a container is associated to it beforehand with $ docker ps -a):

    $ sudo docker image rmi <image_name>
    
  • Display system-wide information:

    $ sudo docker system info
    
  • Remove unused data:

    $ sudo docker system prune
    
  • Show docker disk usage:

    $ sudo docker system df
    
  • Remove all stopped containers, dangling images, and unused networks:

    $ sudo docker system prune
    
    If you want to remove all unused images not just the dangling ones, add the -a (--all) option to the command.

  • List all docker networks:

    $ docker network ls
    

Docker Compose

🚧 WIP

See https://docs.linuxserver.io/general/docker-compose.

Docker Compose is an alternate CLI front-end for the Docker Engine, which specifies properties of containers using a docker-compose.yml YAML file rather than, for example, a script with docker run options. This is useful for setting up services that are use often and/or have complex configurations.

$ sudo mkdir /etc/docker/compose/
$ docker compose -f /etc/docker-compose/service_name.yml up -d
$ docker compose -f /etc/docker-compose/service_name.yml down
[Unit]
Description=service_name with docker compose
PartOf=docker.service
After=docker.service

[Service]
Type=oneshot
RemainAfterExit=true
WorkingDirectory=/etc/docker/compose/
ExecStart=/usr/bin/docker-compose -f service_name.yml up -d --remove-orphans
ExecStop=/usr/bin/docker-compose -f service_name.yml down

[Install]
WantedBy=multi-user.target

Shell access whilst the container is running:

$ docker exec -it service_name /bin/bash

To monitor the logs of the container in real-time:

$ docker logs -f service_name

Container version number

$ docker inspect -f '{{ index .Config.Labels "build_version" }}' service_name

Image version number

$ docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/service_name:latest

Docker scan

TODO https://github.com/docker/scan-cli-plugin

Buildx

https://docs.docker.com/desktop/multi-arch/

Troubleshooting

error pair interfaces: operation not supported

If you get an error like this one:

docker: Error response from daemon: failed to create endpoint cranky_einstein on network bridge: failed to add the host (vethf55744a) <=> sandbox (vethfce3f4d) pair interfaces: operation not supported.

Maybe you just did a Linux Kernel update, in that case: just restart the computer

warning /lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments

Using OpenRC, with /bin/sh as a symlink to /bin/dash, a warning is issued every time Docker is started or stopped:

/lib/rc/sh/openrc-run.sh: 258: ulimit: too many arguments
 * docker: unable to apply RC_ULIMIT settings
 * Stopping docker ...

See https://github.com/moby/moby/issues/43370.


If this cheat sheet has been useful to you, then please consider leaving a star here.