docker image rm <image_id> # delete a image. -f force

OS Config

systemctl stop apparmor && systemctl disable apparmor


docker run

从 image 创建一个新的 container 并启动。Docs

# CMD 默认直接执行,覆盖 Dockerfile里的 CMD 配置。但如果Dockerfile里定义了ENTRYPOINT, 则CMD会作为附加参数传给ENTRYPOINT
docker run <image_id> [CMD]
# 少部分 image (如 jenkins)需要指定 -u 0 才能以 root 用户身份执行
docker run -it <image_id> -u 0 bash
  • -d : detech。以后台(持久)进程方式启动container。
  • -i : interactive。Keep STDIN open even if not attached
  • -t : Allocate a pseudo-TTY
    • -it : 常常合用 -it 参数。Assign name and allocate pseudo-TTY。可用于进入container里的shell交互环境
  • -e "ENV=value" : 设置环境变量。可多次使用。
  • -p : 将container里的80端口映射到主机0.0.0.0的8080端口。支持 tcp / udp。可多次使用。绑定的IP地址部分可选(默认 "")
  • -v /var/data:/data : "挂载" host 的 /var/data 到 container 里的 /data。本地路径参数部分也可以填写 Docker volume name。
  • --rm : "一次性运行",container进程退出时删除docker记录(即 docker ps -a 里看到的)。

docker build

docker build -t name[:tag] context

context 根目录下需要有 Dockerfile

context 参数可以使用 github / bitbucket 的远程 URL


  • docker stop container_id : 结束 container (并销毁之?)。



network 作用是隔离不同 containers 的虚拟网络。同一 network 里的不同 containers 直接可以通过 name 互相访问 (Docker 自动写入 hosts)

Manage volumes

# docker volume create --name test

# docker volume ls
local               1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465
local               2f13b0cec834a0250845b9dcb2bce548f7c7f35ed9cdaa7d5990bf896e952d02
local               test

# docker inspect 1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465/_data",
        "Name": "1c59d5b7e90e9173ca30a7fcb6b9183c3f5a37bd2505ca78ad77cf4062bd0465",
        "Options": {},
        "Scope": "local"

Migration from devicemapper

  1. Export data
  2. service docker stop
  3. rm -rf /var/lib/docker
  4. Modify your docker startup to use the new storage driver. Set --storage-driver=<name> in any of the below file:
    • /lib/systemd/system/docker.service
    • /etc/systemd/system/docker.service
    • /etc/default/docker
    • /etc/sysconfig/docker
  5. service docker start
  6. Import Data

OverlayFS Driver:

OverlayFS is already available in Ubuntu, just change the storage driver to --storage-driver=overlay2 or --storage-driver=overlay if you are still using a 3.x kernel

Exploring Docker container's file system


# find ID of your running container:
docker ps

# create image (snapshot) from container filesystem
docker commit 12345678904b5 mysnapshot

# explore this filesystem using bash (for example)
docker run -it mysnapshot /bin/bash

docker exec (for docker 1.3+)

"docker exec" command run new process in already running container (container must have PID 1 process running already). You can run /bin/bash to explore container state:

docker exec -it mycontainer /bin/bash

Publish local image to Docker Cloud

docker login # 根据提示输入 Docker Cloud 用户名/密码,假设用户名为 user
docker tag <image_name> user/abc
docker push user/abc

Import / Export image

docker save -o ./centos-16.tar centos:16
docker save myimage:latest | gzip > myimage_latest.tar.gz

docker load -i ./centos-16.tar
docker load < busybox.tar.gz

# 直接传输镜像到远程服务器。也可以用 gzip。可以在 bzip2 后加一层 pv 管道监控进度(需要安装 pv)
docker save app:latest | bzip2 | ssh docker load


"[graphdriver] prior storage driver "aufs" failed: driver not supported"

The problem is that aufs is not supported on kernel 4.0.x

Quick Solutions (removing aufs from docker): rm -rf /var/lib/docker/aufs

But this will delete all existing AUFS containers.

Last update: 2022-07-27 02:01:15 UTC