Docker run: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(61 intermediate revisions by the same user not shown)
Line 7: Line 7:


* [[Docker_Client_Operations#Create_and_Run_a_New_Container|Container Lifecycle Operations]]
* [[Docker_Client_Operations#Create_and_Run_a_New_Container|Container Lifecycle Operations]]
* [[docker create#Overview|docker create]]


=Overview=
=Overview=
Line 48: Line 49:
=The Run Process=
=The Run Process=


Once the "run" command is executed, the following sequence takes place:
{{Internal|Docker_Concepts#Container_Lifecycle|Container Lifecycle}}


* The Docker runtime creates a set of [[Linux Namespaces|namespaces]] and [[Linux cgroups|control groups]] for the container.
=Options=
* <font color=red>TODO</font>


=Options=
==-i, --interactive==
 
Start the container in interactive mode. See {{Internal|Docker_Concepts#Interactive_Mode|Docker Concepts &#124; Interactive Mode}}


==-d, --detach==
==-d, --detach==


Run the container in the background and print the container ID.
Start the container in detached mode and print the container ID. Note that [[#-a.2C_--attach|-a|--attach]] and -d|--detach are mutually exclusive.
 
For more details see: {{Internal|Docker_Concepts#Detached_Mode|Docker Concepts &#124; Detached Mode}}
 
==-a, --attach==
 
-a|--attach <''stream-name''>
 
where the stream name may be "STDIN", "stdin", "STDOUT", "stdout", "STDERR" or "stderr". Specifies what standard streams to attach to. By default, all are attached.
 
If multiple streams are to be attached, the syntax is:
 
-a STDIN -a STDOUT -a STDERR
 
Note that -a|--attach and [[#-d.2C_--detach|-d|--detach]] are mutually exclusive.
 
For more details, see: {{Internal|Docker_Concepts#Interaction_with_a_Container|Docker Concepts &#124; stdin/stdout/stderr Interaction with a Container}}
 
==-t, --tty==
See: {{Internal|Docker_Concepts#Association_with_a_TTY_Device|Docker Concepts &#124; Association with a TTY Device}}
 
==--entrypoint==
 
If ENTRYPOINT is specified in the container metadata, it can be overridden on command line with:
 
docker run --entrypoint <other-entrypoint>
 
Example:
 
docker run --entrypoint bash -it novaordis/someimage:latest
 
For more details see: {{Internal|Dockerfile#ENTRYPOINT|ENTRYPOINT}}


==-e, --env==
==-e, --env==
Line 63: Line 96:
  -e SOME_ENV_VAR="some value"  
  -e SOME_ENV_VAR="some value"  


Set environment variables.
Set environment variables. Default values for those environment variables can be declared in the Dockerfile with [[Dockerfile#ENV|ENV]]. Those values will be overridden by the command line value.


==--name==
==--name==
Line 73: Line 106:
==--restart==
==--restart==


Configures the [[Docker_Concepts#Restart_Policy|restart policy]] of the container being created.
Configures the [[Docker_Concepts#Restart_Policy|restart policy]] of the container being created. The restart policy applies when container exits.


  --restart=always
  --restart=always
Line 84: Line 117:


Publish a container's port(s) to the host. Also see [[Dockerfile#EXPOSE|Dockerfile EXPOSE]].
Publish a container's port(s) to the host. Also see [[Dockerfile#EXPOSE|Dockerfile EXPOSE]].
To publish port 8080:
docker run ... -p 8080:8080/tcp ...
===Port Mapping===
-p <''host-port''>:<''container-port''>
Maps the specified container port to the specified host port.


==-P, --publish-all==
==-P, --publish-all==
Line 91: Line 134:
==<span id='-v'></span>-v, --volume==
==<span id='-v'></span>-v, --volume==


[[#--mount|--mount]] is recommended instead.
See: {{Internal|Docker_Storage_Operations#Container-Generated_Data_Storage_Operations|Docker Storage Operations}}
 
==--mount==
 
See: {{Internal|Docker_Storage_Operations#Container-Generated_Data_Storage_Operations|Docker Storage Operations}}
 
==--rm==


See: {{Internal|#Mounting_Data_Volumes|Mounting Data Volumes}}
Automatically remove the container when it exits.


==--mount==
==--network==
 
The option is used to connect a container to a [[Docker_Networking_Concepts#Connecting_Containers_to_a_User-Defined_Bridge_Network|user-defined network]]. If not specified, the container is connected to the default network, which is [[Docker_Networking_Concepts#The_Default_Bridge_Network|the default "bridge" network]]. "Connecting" in this context means that the command associates the container with the specified network and "plugs it" into the network. After the command completes, the container's IP is routable outside to the Docker host.


See: {{Internal|#Mounting_Data_Volumes|Mounting Data Volumes}}
docker run ... --network <''network-name''> ...


==--storage-opt list==
==--storage-opt list==
Line 103: Line 154:
Storage driver options for the container. Controls the following:
Storage driver options for the container. Controls the following:


1. The amount of storage allocated to the container when the image is run (in GB)
===Base Device Size===


...  --storage-opt size:60 ...
The amount of storage allocated to the container when the image is run (this was only tested with device-mapper):


<font color=red>Does not seem to work in 1.12: "Invalid storage option"</font>
...  --storage-opt size=20G ...


Also see: {{Internal|Docker_device-mapper_Storage_Backend#Base_Device_Size|device-mapper Base Device Size}}
This value cannot be smaller than the default value, see [[Docker_device-mapper_Storage_Backend#Base_Device_Size|device-mapper Base Device Size]].
 
==-h==


==Resource Management Options==
==Resource Management Options==
Line 117: Line 170:
The memory limit, in bytes. Apparently, that means the same amount will be allowed for "RAM" ''and'' swap, so a process can use double the specified amount, if it starts swapping.  Also see [[Docker Concepts#Resource_Management|Resource Management]].
The memory limit, in bytes. Apparently, that means the same amount will be allowed for "RAM" ''and'' swap, so a process can use double the specified amount, if it starts swapping.  Also see [[Docker Concepts#Resource_Management|Resource Management]].


==--rm==
==--link==
 
Automatically remove the container when it exits.
 
=Mounting Data Volumes=


If the container has volume mount points specified with [[Dockerfile#VOLUME|VOLUME]] in its original Dockerfile, those mount points must be bound to paths on the native host when the container is created. This is done with [[#-v.2C_--volume|--v|--volume]] or [[#--mount|--mount]] (recommended) command line options, as follows:
Add link to another container.


docker run ... --mount type=bind,src=<''native-host-path''>,dst=<''container-mount-point''> ...
==-u, --user==


docker run ... --mount type=bind,src=/data-volumes/postgresql,dst=/var/lib/pgsql/data ...
Specify the username or UID and optionally the group name or GID to run the container with, using the format:
<syntaxhighlight lang='bash'>
<username|uid>[:<group|gid>]
</syntaxhighlight>


When --mount with type=bind is used, the native-host-path must refer to an existing path on the host. The path will not be created if it does not exist, and the command will fail. Also, the mount point must have sufficient permissions. For more details on native host path permissions, see [[Docker_Concepts#Native_Host_Path_Permissions|Native Host Path Permissions]].
Also see: {{Internal|Dockerfile#USER|Dockerfile USER}}


=Troubleshooting=
=Troubleshooting=

Latest revision as of 19:30, 2 January 2021

External

Internal

Overview

Without any arguments except the name of image, it creates a new container based on the given image, and executes it in the foreground, connecting the current terminal's stdin/stdout/stderr to the container:

 docker run novaordis/centos-loop

The docker runtime will first attempt to use an image from the local registry, and if it does find it, it will attempt to pull it from Docker Hub and then cache locally in the local registry.

In order to run the container in the background, use -d | --detach.

The generic format of the command is:

docker run [options] <image> [command] [args...]

Example:

docker run -d --name="runloop1" -e SOME_ENV_VAR="some value" \
  busybox \
  /bin/sh -c 'i=0; while true; do echo ${i}; i=$(expr ${i} + 1);  sleep 1s; done'

A running container, either in foreground or background, can be with listed with:

docker ps

it can be stopped with:

docker stop

and then it can be restarted with:

docker start

Anything that a running container sends to stdout can be explored with docker logs.

More container operations:

Docker Client Operations

The Run Process

Container Lifecycle

Options

-i, --interactive

Start the container in interactive mode. See

Docker Concepts | Interactive Mode

-d, --detach

Start the container in detached mode and print the container ID. Note that -a|--attach and -d|--detach are mutually exclusive.

For more details see:

Docker Concepts | Detached Mode

-a, --attach

-a|--attach <stream-name>

where the stream name may be "STDIN", "stdin", "STDOUT", "stdout", "STDERR" or "stderr". Specifies what standard streams to attach to. By default, all are attached.

If multiple streams are to be attached, the syntax is:

-a STDIN -a STDOUT -a STDERR

Note that -a|--attach and -d|--detach are mutually exclusive.

For more details, see:

Docker Concepts | stdin/stdout/stderr Interaction with a Container

-t, --tty

See:

Docker Concepts | Association with a TTY Device

--entrypoint

If ENTRYPOINT is specified in the container metadata, it can be overridden on command line with:

docker run --entrypoint <other-entrypoint>

Example:

docker run --entrypoint bash -it novaordis/someimage:latest

For more details see:

ENTRYPOINT

-e, --env

-e SOME_ENV_VAR="some value" 

Set environment variables. Default values for those environment variables can be declared in the Dockerfile with ENV. Those values will be overridden by the command line value.

--name

Assign a name to the container, otherwise the name will be assigned automatically to something like "pedantic_einstein" or "competent_aryabhata".

--name="bluebox"

--restart

Configures the restart policy of the container being created. The restart policy applies when container exits.

--restart=always

See:

Start a Container Automatically

-p, --publish

-p|--publish list

Publish a container's port(s) to the host. Also see Dockerfile EXPOSE.

To publish port 8080:

docker run ... -p 8080:8080/tcp ...

Port Mapping

-p <host-port>:<container-port> 

Maps the specified container port to the specified host port.

-P, --publish-all

Publish all exposed ports to random ports. Also see Dockerfile EXPOSE.

-v, --volume

See:

Docker Storage Operations

--mount

See:

Docker Storage Operations

--rm

Automatically remove the container when it exits.

--network

The option is used to connect a container to a user-defined network. If not specified, the container is connected to the default network, which is the default "bridge" network. "Connecting" in this context means that the command associates the container with the specified network and "plugs it" into the network. After the command completes, the container's IP is routable outside to the Docker host.

docker run ... --network <network-name> ...

--storage-opt list

Storage driver options for the container. Controls the following:

Base Device Size

The amount of storage allocated to the container when the image is run (this was only tested with device-mapper):

...  --storage-opt size=20G ...

This value cannot be smaller than the default value, see device-mapper Base Device Size.

-h

Resource Management Options

-m, --memory

The memory limit, in bytes. Apparently, that means the same amount will be allowed for "RAM" and swap, so a process can use double the specified amount, if it starts swapping. Also see Resource Management.

--link

Add link to another container.

-u, --user

Specify the username or UID and optionally the group name or GID to run the container with, using the format:

<username|uid>[:<group|gid>]

Also see:

Dockerfile USER

Troubleshooting

User has No Appropriate Permissions

The attempt to run the ps or run command under a user that has no appropriate permissions leads to:

Cannot connect to the Docker daemon. Is the docker daemon running on this host?