|
@@ -94,20 +94,41 @@ The Docker daemon is the persistent process that manages containers.
|
|
|
Docker uses the same binary for both the daemon and client. To run the
|
|
Docker uses the same binary for both the daemon and client. To run the
|
|
|
daemon you provide the `-d` flag.
|
|
daemon you provide the `-d` flag.
|
|
|
|
|
|
|
|
-To force Docker to use devicemapper as the storage driver, use
|
|
|
|
|
-`docker -d -s devicemapper`.
|
|
|
|
|
|
|
|
|
|
-To set the DNS server for all Docker containers, use
|
|
|
|
|
-`docker -d --dns 8.8.8.8`.
|
|
|
|
|
|
|
+To run the daemon with debug output, use `docker -d -D`.
|
|
|
|
|
|
|
|
-To set the DNS search domain for all Docker containers, use
|
|
|
|
|
-`docker -d --dns-search example.com`.
|
|
|
|
|
|
|
+### Daemon socket option
|
|
|
|
|
|
|
|
-To run the daemon with debug output, use `docker -d -D`.
|
|
|
|
|
|
|
+The Docker daemon can listen for [Docker Remote API](reference/api/docker_remote_api/)
|
|
|
|
|
+requests via three different types of Socket: `unix`, `tcp`, and `fd`.
|
|
|
|
|
+
|
|
|
|
|
+By default, a `unix` domain socket (or IPC socket) is created at `/var/run/docker.sock`,
|
|
|
|
|
+requiring either `root` permission, or `docker` group membership.
|
|
|
|
|
+
|
|
|
|
|
+If you need to access the Docker daemon remotely, you need to enable the `tcp`
|
|
|
|
|
+Socket. Beware that the default setup provides un-encrypted and un-authenticated
|
|
|
|
|
+direct access to the Docker daemon - and should be secured either using the
|
|
|
|
|
+[built in https encrypted socket](/articles/https/), or by putting a secure web
|
|
|
|
|
+proxy in front of it. You can listen on port `2375` on all network interfaces
|
|
|
|
|
+with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP
|
|
|
|
|
+address: `-H tcp://192.168.59.103:2375`.
|
|
|
|
|
|
|
|
-To use lxc as the execution driver, use `docker -d -e lxc`.
|
|
|
|
|
|
|
+On Systemd based systems, you can communicate with the daemon via
|
|
|
|
|
+[systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use
|
|
|
|
|
+`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but
|
|
|
|
|
+you can also specify individual sockets: `docker -d -H fd://3`. If the
|
|
|
|
|
+specified socket activated files aren't found, then Docker will exit. You
|
|
|
|
|
+can find examples of using Systemd socket activation with Docker and
|
|
|
|
|
+Systemd in the [Docker source tree](
|
|
|
|
|
+https://github.com/docker/docker/tree/master/contrib/init/systemd/).
|
|
|
|
|
+
|
|
|
|
|
+You can configure the Docker daemon to listen to multiple sockets at the same
|
|
|
|
|
+time using multiple `-H` options:
|
|
|
|
|
|
|
|
-The docker client will also honor the `DOCKER_HOST` environment variable to set
|
|
|
|
|
|
|
+ # listen using the default unix socket, and on 2 specific IP addresses on this host.
|
|
|
|
|
+ docker -d -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2
|
|
|
|
|
+
|
|
|
|
|
+The Docker client will honor the `DOCKER_HOST` environment variable to set
|
|
|
the `-H` flag for the client.
|
|
the `-H` flag for the client.
|
|
|
|
|
|
|
|
$ sudo docker -H tcp://0.0.0.0:2375 ps
|
|
$ sudo docker -H tcp://0.0.0.0:2375 ps
|
|
@@ -124,18 +145,55 @@ string is equivalent to setting the `--tlsverify` flag. The following are equiva
|
|
|
$ export DOCKER_TLS_VERIFY=1
|
|
$ export DOCKER_TLS_VERIFY=1
|
|
|
$ sudo docker ps
|
|
$ sudo docker ps
|
|
|
|
|
|
|
|
|
|
+### Daemon storage-driver option
|
|
|
|
|
+
|
|
|
|
|
+The Docker daemon has support for three different image layer storage drivers: `aufs`,
|
|
|
|
|
+`devicemapper`, and `btrfs`.
|
|
|
|
|
+
|
|
|
|
|
+The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that
|
|
|
|
|
+is unlikely to be merged into the main kernel. These are also known to cause some
|
|
|
|
|
+serious kernel crashes. However, `aufs` is also the only storage driver that allows
|
|
|
|
|
+containers to share executable and shared library memory, so is a useful choice
|
|
|
|
|
+when running thousands of containers with the same program or libraries.
|
|
|
|
|
+
|
|
|
|
|
+The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) snapshots.
|
|
|
|
|
+This driver will create a 100GB sparse file containing all your images and
|
|
|
|
|
+containers. Each container will be limited to a 10 GB thin volume, and either of
|
|
|
|
|
+these will require tuning - see [~jpetazzo/Resizing Docker containers with the
|
|
|
|
|
+Device Mapper plugin]( http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/)
|
|
|
|
|
+To tell the Docker daemon to use `devicemapper`, use
|
|
|
|
|
+`docker -d -s devicemapper`.
|
|
|
|
|
+
|
|
|
|
|
+The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not
|
|
|
|
|
+share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`.
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
|
|
+### Docker exec-driver option
|
|
|
|
|
+
|
|
|
|
|
+The Docker daemon uses a specifically built `libcontainer` execution driver as its
|
|
|
|
|
+interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`.
|
|
|
|
|
+
|
|
|
|
|
+There is still legacy support for the original [LXC userspace tools](
|
|
|
|
|
+https://linuxcontainers.org/) via the `lxc` execution driver, however, this is
|
|
|
|
|
+not where the primary development of new functionality is taking place.
|
|
|
|
|
+Add `-e lxc` to the daemon flags to use the `lxc` execution driver.
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
|
|
+### Daemon DNS options
|
|
|
|
|
+
|
|
|
|
|
+To set the DNS server for all Docker containers, use
|
|
|
|
|
+`docker -d --dns 8.8.8.8`.
|
|
|
|
|
+
|
|
|
|
|
+To set the DNS search domain for all Docker containers, use
|
|
|
|
|
+`docker -d --dns-search example.com`.
|
|
|
|
|
+
|
|
|
|
|
+### Miscellaneous options
|
|
|
|
|
+
|
|
|
IP masquerading uses address translation to allow containers without a public IP to talk
|
|
IP masquerading uses address translation to allow containers without a public IP to talk
|
|
|
to other machines on the Internet. This may interfere with some network topologies and
|
|
to other machines on the Internet. This may interfere with some network topologies and
|
|
|
can be disabled with --ip-masq=false.
|
|
can be disabled with --ip-masq=false.
|
|
|
|
|
|
|
|
-To run the daemon with [systemd socket activation](
|
|
|
|
|
-http://0pointer.de/blog/projects/socket-activation.html), use
|
|
|
|
|
-`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but
|
|
|
|
|
-you can also specify individual sockets too `docker -d -H fd://3`. If the
|
|
|
|
|
-specified socket activated files aren't found then docker will exit. You
|
|
|
|
|
-can find examples of using systemd socket activation with docker and
|
|
|
|
|
-systemd in the [docker source tree](
|
|
|
|
|
-https://github.com/docker/docker/tree/master/contrib/init/systemd/).
|
|
|
|
|
|
|
+
|
|
|
|
|
|
|
|
Docker supports softlinks for the Docker data directory
|
|
Docker supports softlinks for the Docker data directory
|
|
|
(`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this:
|
|
(`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this:
|
|
@@ -145,6 +203,7 @@ Docker supports softlinks for the Docker data directory
|
|
|
export DOCKER_TMPDIR=/mnt/disk2/tmp
|
|
export DOCKER_TMPDIR=/mnt/disk2/tmp
|
|
|
/usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1
|
|
/usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1
|
|
|
|
|
|
|
|
|
|
+
|
|
|
## attach
|
|
## attach
|
|
|
|
|
|
|
|
Usage: docker attach [OPTIONS] CONTAINER
|
|
Usage: docker attach [OPTIONS] CONTAINER
|
SvenDowideit