Docker Cheat Sheet
Docker & Docker Compose Overview
Quick List
docker-compose build
docker-compose up -d
docker-compose logs -f
docker exec -it <container> bash
docker run -it centos
docker ps -aq --no-trunc | xargs docker rm
docker images -q --filter dangling=true | xargs docker rmi
NOTE: Configure Direct-LVM Mode for Production
Misc
Can’t connect to your Container? It Exists immediately and you want to see why?
# docker commit <container-id> my-hosed-container &&
# docker run -it my-hosed-container /bin/sh
Push images to your Registry (GCP)
# gcloud docker -- push us.gcr.io/sysops7/varnish5:dev
List gcloud container Images
# gcloud container images list --repository=us.gcr.io/sysops7
NAME
us.gcr.io/sysops7/varnish5
# gcloud container images list-tags us.gcr.io/sysops7/varnish5
DIGEST TAGS TIMESTAMP
244bf0d4ffc6 dev 2017-12-01T15:44:01
Remove images from Registry (GCP)
# gcloud container images delete us.gcr.io/sysops7/varnish5:dev
Digests:
- us.gcr.io/sysops7/varnish5@sha256:244bf0d4ffc6936f561adf68364fa56ce43b0574ca0db350f7352b466ab3d7ff
Associated tags:
- dev
Tags:
- us.gcr.io/sysops7/varnish5:dev
This operation will delete the tags and images identified by the
digests above.
Do you want to continue (Y/n)? y
Deleted [us.gcr.io/sysops7/varnish5:dev].
Deleted [us.gcr.io/sysops7/varnish5@sha256:244bf0d4ffc6936f561adf68364fa56ce43b0574ca0db350f7352b466ab3d7ff].
Pull images from Registry (GCP)
# gcloud docker -- pull us.gcr.io/my-project/my-image
To pull a specific image, append the image’s tag or digest:
# gcloud docker -- pull us.gcr.io/my-project/my-image:test
# gcloud docker -- pull us.gcr.io/my-project/my-image@sha256:44bde...
Docker Swarm Init
# docker swarm init --advertise-addr 192.168.1.33
Swarm initialized: current node (3ww6m5jr6df24sgg0hj8i1d7) is now a manager.
To add a worker to this swarm, run the following command:
# docker swarm join \
--token SWMTKN-1-1ygehettvmj02Fakeasd4thedfFake8aql26o7jd9u8h6oFakej5u-1f01w77gxtanFakezmnck3jve \
192.168.1.33:2377
To add a manager to this swarm, run docker swarm join-token manager
and follow the instructions.
Docker Lifecycle Commands
docker create
creates a container but does not start it.docker rename
allows the container to be renamed.docker run
creates and starts a container in one operation.docker rm
deletes a container.docker update
updates a container’s resource limits.
Starting and Stopping Docker
docker start
starts a container so it is running.docker stop
stops a running container.docker restart
stops and starts a container.docker pause
pauses a running container, “freezing” it in place.docker unpause
will unpause a running container.docker wait
blocks until running container stops.docker kill
sends a SIGKILL to a running container.docker attach
will connect to a running container.
Removing Docker containers and images
Playing with Docker can leave you with several stopped containers and unneeded, intermediary images. This may waste substantial disk space. This article shows how to efficiently remove such containers and images.
List all exited containers
# docker ps -aq -f status=exited
Remove stopped containers
# docker ps -aq --no-trunc | xargs docker rm
This command will not remove running containers, only an error message will be printed out for each of them.
Remove containers
# docker rm $(docker ps -qa --no-trunc --filter "status=exited")
Removing Unused Volumes
# docker volume rm $(docker volume ls -qf dangling=true
# docker volume ls -qf dangling=true | xargs -r docker volume rm
Removing Networks
# docker network ls
# docker network ls | grep "bridge"
# docker network rm $(docker network ls | grep "bridge" | awk '/ / { print $1 }')
Remove dangling/untagged images
# docker images -q --filter dangling=true | xargs docker rmi
Remove containers created after a specific container
# docker ps --since a1bz3768ez7g -q | xargs docker rm
Remove containers created before a specific container
# docker ps --before a1bz3768ez7g -q | xargs docker rm
Use --rm
for docker build
Use --rm
together with docker build
to remove intermediary images during the build process.
Searching for Images in the Docker Hub
You can search for images available on Docker Hub by using the docker
command with the search
subcommand. For example, to search for the CentOS image, type:
docker search centos
The script will crawl Docker Hub and return a listing of all images whose name match the search string. In this case, the output will be similar to this:
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 2224 [OK]
jdeathe/centos-ssh CentOS-6 6.7 x86_64 / CentOS-7 7.2.1511 x8... 22 [OK]
jdeathe/centos-ssh-apache-php CentOS-6 6.7 x86_64 / Apache / PHP / PHP M... 17 [OK]
million12/centos-supervisor Base CentOS-7 with supervisord launcher, h... 11 [OK]
nimmis/java-centos This is docker images of CentOS 7 with dif... 10 [OK]
torusware/speedus-centos Always updated official CentOS docker imag... 8 [OK]
nickistre/centos-lamp LAMP on centos setup 3 [OK]
...
In the OFFICIAL column, OK indicates an image built and supported by the company behind the project. Once you’ve identifed the image that you would like to use, you can download it to your computer using the pull
subcommand, like so:
docker pull centos
After an image has been downloaded, you may then run a container using the downloaded image with the run
subcommand. If an image has not been downloaded when docker
is executed with the run
subcommand, the Docker client will first download the image, then run a container using it:
- docker run centos
To see the images that have been downloaded to your computer, type:
- docker images
The output should look similar to the following:
[secondary_lable Output]
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 778a53015523 5 weeks ago 196.7 MB
hello-world latest 94df4f0ce8a4 2 weeks ago 967 B
As you’ll see later in this tutorial, images that you use to run containers can be modified and used to generate new images, which may then be uploaded (pushed is the technical term) to Docker Hub or other Docker registries.
Running a Docker Container
The hello-world
container you ran in the previous step is an example of a container that runs and exits, after emitting a test message. Containers, however, can be much more useful than that, and they can be interactive. After all, they are similar to virtual machines, only more resource-friendly.
As an example, let’s run a container using the latest image of CentOS. The combination of the -i and -t switches gives you interactive shell access into the container:
- docker run -it centos
Your command prompt should change to reflect the fact that you’re now working inside the container and should take this form:
[root@59839a1b7de2 /]#
Important: Note the container id in the command prompt. In the above example, it is 59839a1b7de2
.
Now you may run any command inside the container. For example, let’s install MariaDB server in the running container. No need to prefix any command with sudo
, because you’re operating inside the container with root privileges:
- yum install mariadb-server
Committing Changes in a Container to a Docker Image
When you start up a Docker image, you can create, modify, and delete files just like you can with a virtual machine. The changes that you make will only apply to that container. You can start and stop it, but once you destroy it with the docker rm
command, the changes will be lost for good.
This section shows you how to save the state of a container as a new Docker image.
After installing MariaDB server inside the CentOS container, you now have a container running off an image, but the container is different from the image you used to create it.
To save the state of the container as a new image, first exit from it:
- exit
Then commit the changes to a new Docker image instance using the following command. The -m switch is for the commit message that helps you and others know what changes you made, while -a is used to specify the author. The container ID is the one you noted earlier in the tutorial when you started the interactive docker session. Unless you created additional repositories on Docker Hub, the repository is usually your Docker Hub username:
- docker commit -m “What did you do to the image” -a “Author Name” container-id repository/new_image_name
For example:
- docker commit -m “added mariadb-server” -a “Sunday Ogwu-Chinuwa” 59839a1b7de2 finid/centos-mariadb
Note: When you commit an image, the new image is saved locally, that is, on your computer. Later in this tutorial, you’ll learn how to push an image to a Docker registry like Docker Hub so that it may be assessed and used by you and others.
After that operation has completed, listing the Docker images now on your computer should show the new image, as well as the old one that it was derived from:
- docker images
The output should be of this sort:
REPOSITORY TAG IMAGE ID CREATED SIZE
finid/centos-mariadb latest 23390430ec73 6 seconds ago 424.6 MB
centos latest 778a53015523 5 weeks ago 196.7 MB
hello-world latest 94df4f0ce8a4 2 weeks ago 967 B
In the above example, centos-mariadb is the new image, which was derived from the existing CentOS image from Docker Hub. The size difference reflects the changes that were made. And in this example, the change was that MariaDB server was installed. So next time you need to run a container using CentOS with MariaDB server pre-installed, you can just use the new image. Images may also be built from what’s called a Dockerfile. But that’s a very involved process that’s well outside the scope of this article. We’ll explore that in a future article.
Listing Docker Containers
After using Docker for a while, you’ll have many active (running) and inactive containers on your computer. To view the active ones, use:
- docker ps
You will see output similar to the following:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7c79cc556dd centos "/bin/bash" 3 hours ago Up 3 hours silly_spence
To view all containers — active and inactive, pass it the -a
switch:
- docker ps -a
To view the latest container you created, pass it the -l
switch:
- docker ps -l
Stopping a running or active container is as simple as typing:
- docker stop container-id
The container-id
can be found in the output from the docker ps
command.
Pushing Docker Images to a Docker Repository
The next logical step after creating a new image from an existing image is to share it with a select few of your friends, the whole world on Docker Hub, or other Docker registry that you have access to. To push an image to Docker Hub or any other Docker registry, you must have an account there.
This section shows you how to push a Docker image to Docker Hub.
To create an account on Docker Hub, register at Docker Hub. Afterwards, to push your image, first log into Docker Hub. You’ll be prompted to authenticate:
- docker login -u docker-registry-username
If you specified the correct password, authentication should succeed. Then you may push your own image using:
- docker push docker-registry-username/docker-image-name
It will take sometime to complete, and when completed, the output will be of this sort:
The push refers to a repository [docker.io/finid/centos-mariadb]
670194edfaf5: Pushed
5f70bf18a086: Mounted from library/centos
6a6c96337be1: Mounted from library/centos
...
After pushing an image to a registry, it should be listed on your account’s dashboard.
If a push attempt results in an error of this sort, then you likely did not log in first:
The push refers to a repository [docker.io/finid/centos-mariadb]
e3fbbfb44187: Preparing
5f70bf18a086: Preparing
a3b5c80a4eba: Preparing
7f18b442972b: Preparing
3ce512daaf78: Preparing
7aae4540b42d: Waiting
unauthorized: authentication required
Log in, then repeat the push attempt.