Container Management

Subcommands supported by the current Docker are classified into the following groups by function:

Function

Command

Description

Host environment

version

Views the Docker version.

info

Views the Docker system and host environment information.

Container-related information

Container lifecycle management

create

Creates a container using an image.

run

Creates and runs a container using an image.

start

Starts a stopped container.

stop

Stops a running container.

restart

Restarts a container.

wait

Waits for a container to stop and prints the exit code.

rm

Deletes a container.

Container process management

pause

Suspends all processes in a container.

unpause

Resumes a suspended process in a container.

top

Views processes in a container.

exec

Executes a process in containers.

Container inspection tool

ps

Views running containers (without attaching any option).

logs

Displays the log information of a container.

attach

Connects standard input and output to a container.

inspect

Returns the bottom-layer information of a container.

port

Lists the port mappings between containers and hosts.

diff

Returns the changes made by the container compared with rootfs in the image.

cp

Copies files between containers and hosts.

export

Exports the file system in a container in a .tar package.

stats

Views the resource usage of a container in real time.

Images

Generates an image.

build

Creates an image using a Dockerfile.

commit

Creates an image based on the container rootfs.

import

Creates an image using the content in the .tar package as the file system.

load

Loads an image from the .tar package.

Image registry

login

Logs in to a registry.

logout

Logs out of a registry.

pull

Pulls an image from the registry.

push

Pushes an image to the registry.

search

Searches for an image in the registry.

Image management

images

Displays images in the system.

history

Displays the change history of an image.

rmi

Deletes an image.

tag

Adds a tag to an image.

save

Saves an image to a .tar package.

Others

events

Obtains real-time events from the Docker daemon.

rename

Renames a container.

Some subcommands have some parameters, such as docker run. You can run the docker _command _--help command to view the help information of the command. For details about the command parameters, see the preceding command parameter description. The following sections describe how to use each command.

attach

Syntax: docker attach [options] container

Function: Attaches an option to a running container.

Parameter description:

--no-stdin=false: Does not attach any STDIN.

--sig-proxy=true: Proxies all signals of the container, except SIGCHLD, SIGKILL, and SIGSTOP.

Example:

shell
$ sudo docker attach attach_test
root@2988b8658669:/# ls bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

commit

Syntax: docker commit [options] _container _[repository[:tag]]

Function: creates an image from a container.

Parameter description:

-a, --author="": specifies an author.

-m, --message="": specifies the submitted information.

-p, --pause=true: pauses the container during submission.

Example:

Run the following command to start a container and submit the container as a new image:

shell
$ sudo docker commit test busybox:test
sha256:be4672959e8bd8a4291fbdd9e99be932912fe80b062fba3c9b16ee83720c33e1

$ sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
busybox             latest              e02e811dd08f        2 years ago         1.09MB

cp

Syntax: docker cp [options] container:src_path dest_path|-

docker cp [options] src_path|- container:dest_path

Function: Copies a file or folder from a path in a container to a path on the host or copies a file or folder from the host to the container:

Precautions: The docker cp command does not support the copy of files in virtual file systems such as /proc, /sys, /dev, and /tmp in the container and files in the file systems mounted by users in the container.

Parameter description:

-a, --archive: Sets the owner of the file copied to the container to the container user (--user).

-L, --follow-link: Parses and traces the symbolic link of a file.

Example:

Run the following command to copy the /test directory in the registry container to the /home/aaa directory on the host:

shell
sudo docker cp registry:/test /home/aaa

create

Syntax: docker create [options] image [command] [arg...]

Function: Creates a container using an image file and return the ID of the container. After the container is created, run the docker start command to start the container. options are used to configure the container during container creation. Some parameters will overwrite the container configuration in the image file. command indicates the command to be executed during container startup.

Parameter description:

Table 1 Parameter description

Parameter

Description

-a --attach=[]

Attaches the console to the STDIN, STDOUT, and STDERR of the process in the container.

--name=""

Name of a container.

--add-host=[host:ip]

Adds a mapping between the host name and IP address to the /etc/hosts in the container.

For example, --add-host=test:10.10.10.10.

--annotation

Sets annotations for the container. For example, set the native.umask parameter.

--annotation native.umask=normal #The umask value of the started container is 0022.
--annotation native.umask=secure #The umask value of the started container is 0027.

If this parameter is not set, the umask configuration in dockerd is used.

--blkio-weight

Relative weight of blockio, which ranges from 10 to 1000.

--blkio-weight-device=[]

Blockio weight, which configures the relative weight.

-c, --cpu-shares=0

Relative weight of the host CPU obtained by the container. This parameter can be used to obtain a higher priority. By default, all containers obtain the same CPU priority.

--cap-add=[]

Adds Linux functions.

--cap-drop=[]

Clears Linux functions.

--cgroup-parent

cgroup parent directory for the container.

--cidfile=""

Writes the container ID to a specified file.

For example: --cidfile=/home/cidfile-test writes the container ID to the /home/cidfile-test file.

--cpu-period

CPU CFS period.

The default value is 100 ms. Generally, --cpu-period and --cpu-quota are used together. For example, --cpu-period=50000 --cpu-quota=25000 indicates that if there is one CPU, the container can obtain 50% of the CPU every 50 ms.

--cpus=0.5 has the same effect.

--cpu-quota

CPU CFS quota. The default value is 0, indicating that there is no restriction on the quota.

--cpuset-cpus

Number of CPUs (0-3, 0, 1) that can be used by processes in the container. By default, there is no restriction on this parameter.

--cpuset-mems

Memory nodes (0-3, 0, 1) for running processes in the container. This parameter is valid only for the NUMA system.

--device=[]

Adds the host device to a container, for example, --device=/dev/sdc:/dev/xvdc:rwm.

--dns=[]

Forcibly enables the container to use the specified DNS server. For example, --dns=114.114.xxx.xxx indicates that nameserver 114.114.xxx.xxx is written to /etc/resolv.conf of the created container and the original content is overwritten.

--dns-opt=[]

DNS options.

--dns-search=[]

Forcibly searches DNS search domain name used by a container.

-e, --env=[]

Sets environment variable for the container.

--env=[KERNEL_MODULES=]:

Inserts a specified module into a container. Currently, only the modules on the host can be inserted. After the container is deleted, the modules still reside on the host, and the --hook-spec option must be configured for the container. The following are valid parameter formats:

KERNEL_MODULERS=

KERNEL_MODULERS=a

KERNEL_MODULERS=a,b

KERNEL_MODULERS=a,b,

--entrypoint=""

Overwrites the original entrypoint in the image. The entrypoint is used to set the command executed when the container is started.

--env-file=[]

Reads environment variables from a file. Multiple environment variables are separated by lines in the file. For example: --env-file=/home/test/env indicates multiple environment variables are stored in the env file.

--expose=[]

Enables an internal port of a container. The -P option described in the following section maps the enabled port to a port on the host.

--group-add=[]

Adds a specified container to an additional group.

-h, --hostname=""

Host name.

--health-cmd

Container health check command.

--health-interval

Interval between two consecutive command executions. The default value is 30s.

--health-timeout

Maximum duration for executing a single check command. If the execution times out, the command fails to be executed. The default value is 30s.

--health-start-period

Interval between the time when the container is started and the time when the first health check is performed. The default value is 0s.

--health-retries

Maximum number of retries after a health check fails. The default value is 3.

--health-exit-on-unhealthy

Specifies whether to stop a container when the container is unhealthy. The default value is false.

--host-channel=[]

Sets a channel for communication between processes in the container and the host, in host path:container path:rw/ro:size limit format.

-i, --interactive=false

Enables STDIN even if it is not attached.

--ip

IPv4 address of a container.

--ip6

IPv6 address of a container.

--ipc

IPC namespace of a container.

--isolation

Container isolation policy.

-l, --label=[]

Label of a container.

--label-file=[]

Obtains the label from the file.

--link=[]

Links to another container. This parameter adds environment variables of the IP address and port number of the linked container to the container and adds a mapping to the /etc/hosts file, for example, --link=name:alias.

--log-driver

Log driver of a container.

--log-opt=[]

Log driver option.

-m, --memory=""

Memory limit of a container. The format is numberoptional unit, and available units are b, k, m, and g. The minimum value of this parameter is 4m.

--mac-address

MAC address of a container, for example, 92:d0:c6:0a:xx:xx.

--memory-reservation

Container memory limit. The default value is the same as that of --memory. --memory is a hard limit, and --memory-reservation is a soft limit. When the memory usage exceeds the preset value, the memory usage is dynamically adjusted (the system attempts to reduce the memory usage to a value less than the preset value when reclaiming the memory). However, the memory usage may exceed the preset value. Generally, this parameter can be used together with --memory. The value must be less than the preset value of --memory.

--memory-swap

Total usage of the common memory and swap partition. -1 indicates no restriction is set on the usage. If this parameter is not set, the swap partition size is twice the value of --memory. That is, the swap partition can use the same amount of memory as --memory.

--memory-swappiness=-1

Time when the container uses the swap memory. The value ranges from 0 to 100, in percentage.

--net="bridge"

Network mode of the container. Docker 1.3.0 has the following network modes: bridge, host, none, and container:name|id. The default value is bridge.

  • bridge: Creates a network stack on the bridge when the Docker daemon is started.
  • host: Uses the network stack of the host in the container.
  • none: Does not use networks.
  • container:name|id: Reuses the network stack of another container.

--no-healthcheck

Does not perform health check for a container.

--oom-kill-disable

Disables the OOM killer. You are advised not to set this parameter if the -m parameter is not set.

--oom-score-adj

Adjusts the OOM rule of a container. The value ranges from -1000 to 1000.

-P, --publish-all=false

Maps all enabled ports of a container to host ports. Containers can be accessed through the host ports. You can run the docker port command to view the mapping between container ports and host ports.

-p, --publish=[]

Maps a port in a container to a port on the host, in IP address:host port:container port | IP address::container port | host port:container port | container port format. If no IP address is configured, accesses of all NICs on the host is listened. If no host port is configured, the host port is automatically allocated.

--pid

PID namespace of a container.

--privileged=false

Grants extra permission to a container. If the --privileged option is used, the container can access all devices on the host.

--restart=""

Configures restart rule when the container exits. Currently, version 1.3.1 supports the following rules:

  • no: indicates that the container is not restarted when it is stopped.
  • on-failure: indicates that the container is restarted when the container exit code is not 0. This rule can be used to add the maximum number of restart times, for example, on-failure:5, indicating that the container can be restarted for a maximum of five times.
  • always: indicates the container is exited regardless of the exit code.

--read-only

Mounts the root file system of the container in read-only mode.

--security-opt=[]

Container security rule.

--shm-size

Size of the /dev/shm device. The default value is 64M.

--stop-signal=SIGTERM

Container stop signal. The default value is SIGTERM.

-t, --tty=false

Allocates a pseudo terminal.

--tmpfs=[]

Mounts the tmpfs directory.

-u, --user=""

User name or user ID.

--ulimit=[]

ulimit option.

--userns

User namespace of a container.

-v, --volume=[]

Mounts a directory of the host to the container, or create a volume in the container. For example, -v /home/test:/home mounts the /home/test directory of the host to the /home directory of the container, and -v /tmp creates the tmp folder in the root directory of the container, the folder can be shared by other containers using the --volumes-from option. The host directory cannot be mounted to the /proc subdirectory of the container. Otherwise, an error is reported when the container is started.

--volume-driver

Data volume driver of the container. This parameter is optional.

--volumes-from=[]

Mounts the volume of another container to the current container to share the volume. For example, -volumes-from container_name mounts the volume of container_name to the current container. -v and --volumes-from=[] are two very important options for data backup and live migration.

-w, --workdir=""

Specifies the working directory of the container.

Example:

Run the following command to create a container named busybox and run the docker start command to start the container.

shell
sudo docker create -ti --name=busybox busybox /bin/bash

diff

Syntax: docker diff container

Function: Checks the differences between containers and determines the changes have been made compared with the container creation.

Parameter description: none.

Example:

shell
$ sudo docker diff registry
C /root
A /root/.bash_history
A /test

exec

Syntax: docker exec [options] container command [arg...]

Function: Runs a command in the container.

Parameter description:

-d and --detach=false: Run in the background.

-i and --interactive=false: Keep the STDIN of the container enabled.

-t and --tty=false: Allocate a virtual terminal.

--privileged: Executes commands in privilege mode.

-u and --user: Specifies the user name or UID.

Example:

shell
$ sudo docker exec -ti exec_test ls
bin  etc   lib   media  opt   root  sbin  sys  tmp  var
dev  home  lib64  mnt  proc  run   srv   test  usr

export

Syntax: docker export container

Function: Exports the file system content of a container to STDOUT in .tar format.

Parameter description: none.

Example:

Run the following commands to export the contents of the container named busybox to the busybox.tar package:

shell
$ sudo docker export busybox > busybox.tar
$ ls
busybox.tar

inspect

Syntax: docker inspect [options] container|image[container|image...]

Function: Returns the underlying information about a container or image.

Parameter description:

-f and --format="": Output information in a specified format.

-s and --size: Display the total file size of the container when the query type is container.

--type: Returns the JSON format of the specified type.

-t and --time=120: Timeout interval, in seconds. If the docker inspect command fails to be executed within the timeout interval, the system stops waiting and immediately reports an error. The default value is 120.

Example:

  1. Run the following command to return information about a container:

    shell
    $ sudo docker inspect busybox_test
    [
        {
            "Id": "9fbb8649d5a8b6ae106bb0ac7686c40b3cbd67ec2fd1ab03e0c419a70d755577",
            "Created": "2019-08-28T07:43:51.27745746Z",
            "Path": "bash",
            "Args": [],
            "State": {
                "Status": "running",
                "Running": true,
                "Paused": false,
                "Restarting": false,
                "OOMKilled": false,
                "Dead": false,
                "Pid": 64177,
                "ExitCode": 0,
                "Error": "",
                "StartedAt": "2019-08-28T07:43:53.021226383Z",
                "FinishedAt": "0001-01-01T00:00:00Z"
            },
    ......
  2. Run the following command to return the specified information of a container in a specified format. The following uses the IP address of the busybox_test container as an example.

    shell
    $ sudo docker inspect -f {{.NetworkSettings.IPAddress}} busybox_test
    172.17.0.91

logs

Syntax: docker logs [options] container

Function: Captures logs in a container that is in the running or stopped state.

Parameter description:

-f and --follow=false: Print logs in real time.

-t and --timestamps=false: Display the log timestamp.

--since: Displays logs generated after the specified time.

--tail="all": Sets the number of lines to be displayed. By default, all lines are displayed.

Example:

  1. Run the following command to check the logs of the jaegertracing container where a jaegertracing service runs:

    shell
    $ sudo docker logs jaegertracing
    {"level":"info","ts":1566979103.3696961,"caller":"healthcheck/handler.go:99","msg":"Health Check server started","http-port":14269,"status":"unavailable"}
    {"level":"info","ts":1566979103.3820567,"caller":"memory/factory.go:55","msg":"Memory storage configuration","configuration":{"MaxTraces":0}}
    {"level":"info","ts":1566979103.390773,"caller":"tchannel/builder.go:94","msg":"Enabling service discovery","service":"jaeger-collector"}
    {"level":"info","ts":1566979103.3908608,"caller":"peerlistmgr/peer_list_mgr.go:111","msg":"Registering active peer","peer":"127.0.0.1:14267"}
    {"level":"info","ts":1566979103.3922884,"caller":"all-in-one/main.go:186","msg":"Starting agent"}
    {"level":"info","ts":1566979103.4047635,"caller":"all-in-one/main.go:226","msg":"Starting jaeger-collector TChannel server","port":14267}
    {"level":"info","ts":1566979103.404901,"caller":"all-in-one/main.go:236","msg":"Starting jaeger-collector HTTP server","http-port":14268}
    {"level":"info","ts":1566979103.4577134,"caller":"all-in-one/main.go:256","msg":"Listening for Zipkin HTTP traffic","zipkin.http-port":9411}
  2. Add -f to the command to output the logs of the jaegertracing container in real time.

    shell
    $ sudo docker logs -f jaegertracing
    {"level":"info","ts":1566979103.3696961,"caller":"healthcheck/handler.go:99","msg":"Health Check server started","http-port":14269,"status":"unavailable"}
    {"level":"info","ts":1566979103.3820567,"caller":"memory/factory.go:55","msg":"Memory storage configuration","configuration":{"MaxTraces":0}}
    {"level":"info","ts":1566979103.390773,"caller":"tchannel/builder.go:94","msg":"Enabling service discovery","service":"jaeger-collector"}
    {"level":"info","ts":1566979103.3908608,"caller":"peerlistmgr/peer_list_mgr.go:111","msg":"Registering active peer","peer":"127.0.0.1:14267"}
    {"level":"info","ts":1566979103.3922884,"caller":"all-in-one/main.go:186","msg":"Starting agent"}

pause/unpause

Syntax: docker pause container

docker unpause container

Function: The two commands are used in pairs. The docker pause command suspends all processes in a container, and the docker unpause command resumes the suspended processes.

Parameter description: none.

Example:

The following uses a container where the docker registry service runs as an example. After the docker pause command is executed to pause the process of the container, access of the registry service by running the curl command is blocked. You can run the docker unpause command to resume the suspended registry service. The registry service can be accessed by running the curl command.

  1. Run the following command to start a registry container:

    shell
    sudo docker run -d --name pause_test -p 5000:5000 registry

    Run the curl command to access the service. Check whether the status code 200 OK is returned.

    shell
    sudo curl -v 127.0.0.1:5000
  2. Run the following command to stop the processes in the container:

    shell
    sudo docker pause pause_test

    Run the curl command to access the service to check whether it is blocked and wait until the service starts.

  3. Run the following command to resume the processes in the container:

    shell
    sudo docker unpause pause_test

    The cURL access in step 2 is restored and the request status code 200 OK is returned.

port

Syntax: docker port container [private_port[/proto]]

Function: Lists the port mapping of a container or queries the host port where a specified port resides.

Parameter description: none.

Example:

  1. Run the following command to list all port mappings of a container:

    shell
    $ sudo docker port registry
    5000/tcp -> 0.0.0.0.:5000
  2. Run the following command to query the mapping of a specified container port:

    shell
    $ sudo docker port registry 5000
    0.0.0.0.:5000

ps

Syntax:docker ps [options]

Function: Lists containers in different states based on different parameters. If no parameter is added, all running containers are listed.

Parameter description:

-a and --all=false: Display the container.

-f and --filter=[]: Filter values. The available options are: exited=int (exit code of the container) status=restarting|running|paused|exited (status code of the container), for example, -f status=running: lists the running containers.

-l and --latest=false: List the latest created container.

-n=-1: Lists the latest created n containers.

--no-trunc=false: Displays all 64-bit container IDs. By default, 12-bit container IDs are displayed.

-q and --quiet=false: Display the container ID.

-s and --size=false: Display the container size.

Example:

  1. Run the following command to lists running containers:

    shell
    sudo docker ps
  2. Run the following command to display all containers:

    shell
    sudo docker ps -a

rename

Syntax: docker rename OLD_NAME NEW_NAME

Function: Renames a container.

Example:

Run the docker run command to create and start a container, run the docker rename command to rename the container, and check whether the container name is changed.

shell
$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
b15976967abb        busybox:latest        "bash"              3 seconds ago       Up 2 seconds                            festive_morse
$ sudo docker rename pedantic_euler new_name
$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
b15976967abb        busybox:latest        "bash"              34 seconds ago      Up 33 seconds                           new_name

restart

Syntax: docker restart [options] container [container...]

Function: Restarts a running container.

Parameter description:

-t and --time=10: Number of seconds to wait for the container to stop before the container is killed. If the container has stopped, restart the container. The default value is 10.

Example:

shell
sudo docker restart busybox

NOTE

During the container restart, if a process in the D or Z state exists in the container, the container may fail to be restarted. In this case, you need to analyze the cause of the D or Z state of the process in the container. Restart the container after the D or Z state of the process in the container is released.

rm

Syntax: docker rm [options] container [container...]

Function: Deletes one or more containers.

Parameter description:

-f and --force=false: Forcibly delete a running container.

-l and --link=false: Remove the specified link and do not remove the underlying container.

-v and --volumes=false: Remove the volumes associated with the container.

Example:

  1. Run the following command to delete a stopped container:

    shell
    sudo docker rm test
  2. Run the following command to delete a running container:

    shell
    sudo docker rm -f rm_test

run

Syntax: docker run [options] image [command] [arg...]

Function: Creates a container from a specified image (if the specified image does not exist, an image is downloaded from the official image registry), starts the container, and runs the specified command in the container. This command integrates the docker create, docker start, and docker exec commands.

Parameter description: (The parameters of this command are the same as those of the docker create command. For details, see the parameter description of the docker create command. Only the following two parameters are different.)

--rm=false: Specifies the container to be automatically deleted when it exits.

-v: Mounts a local directory or an anonymous volume to the container. Note: When a local directory is mounted to a container with a SELinux security label, do not add or delete the local directory at the same time. Otherwise, the security label may not take effect.

--sig-proxy=true: Receives proxy of the process signal. SIGCHLD, SIGSTOP, and SIGKILL do not use the proxy.

Example:

Run the busybox image to start a container and run the /bin/sh command after the container is started:

shell
sudo docker run -ti busybox /bin/sh

start

Syntax: docker start [options] container [container...]

Function: Starts one or more containers that are not running.

Parameter description:

-a and --attach=false: Attach the standard output and error output of a container to STDOUT and STDERR of the host.

-i and --interactive=false: Attach the standard input of the container to the STDIN of the host.

Example:

Run the following command to start a container named busybox and add the -i -a to the command to add standard input and output. After the container is started, directly enter the container. You can exist the container by entering exit.

If -i -a is not added to the command when the container is started, the container is started in the background.

shell
sudo docker start -i -a busybox

stats

Syntax: docker stats [options] [container...]

Function: Continuously monitors and displays the resource usage of a specified container. (If no container is specified, the resource usage of all containers is displayed by default.)

Parameter description:

-a, and --all: Display information about all containers. By default, only running containers are displayed.

--no-stream: Displays only the first result and does not continuously monitor the result.

Example:

Run the docker run command to start and create a container, and run the docker stats command to display the resource usage of the container:

shell
$ sudo docker stats
CONTAINER ID        NAME                    CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
2e242bcdd682        jaeger                  0.00%               77.08MiB / 125.8GiB   0.06%               42B / 1.23kB        97.9MB / 0B         38
02a06be42b2c        relaxed_chandrasekhar   0.01%               8.609MiB / 125.8GiB   0.01%               0B / 0B             0B / 0B             10
deb9e49fdef1        hardcore_montalcini     0.01%               12.79MiB / 125.8GiB   0.01%               0B / 0B             0B / 0B             9

stop

Syntax: docker stop [options] container [container...]

Function: Sends a SIGTERM signal to a container and then sends a SIGKILL signal to stop the container after a certain period.

Parameter description:

-t and --time=10: Number of seconds that the system waits for the container to exit before the container is killed. The default value is 10.

Example:

shell
sudo docker stop -t=15 busybox

top

Syntax: docker top container [ps options]

Function: Displays the processes running in a container.

Parameter description: none.

Example:

Run the top_test container and run the top command in the container.

shell
$ sudo docker top top_test
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                70045               70028               0                   15:52               pts/0               00:00:00            bash

The value of PID is the PID of the process in the container on the host.

update

Syntax: docker update [options] container [container...]

Function: Hot changes one or more container configurations.

Parameter description:

Table 1 Parameter description

Parameter

Description

--accel=[]

Configures one or more container accelerators.

--blkio-weight

Relative weight of the container blockio. The value ranges from 10 to 1000.

--cpu-shares

Relative weight of the host CPU obtained by the container. This parameter can be used to obtain a higher priority. By default, all containers obtain the same CPU priority.

--cpu-period

CPU CFS period.

The default value is 100 ms. Generally, --cpu-period and --cpu-quota are used together. For example, --cpu-period=50000 --cpu-quota=25000 indicates that if there is one CPU, the container can obtain 50% of the CPU every 50 ms.

--cpu-quota

CPU CFS quota. The default value is 0, indicating that there is no restriction on the quota.

--cpuset-cpus

Number of CPUs (0-3, 0, 1) that can be used by processes in the container. By default, there is no restriction on this parameter.

--cpuset-mems

Memory nodes (0-3, 0, 1) for running processes in the container. This parameter is valid only for the NUMA system.

--kernel-memory=""

Kernel memory limit of a container. The format is numberoptional unit, and available units are b, k, m, and g.

-m, --memory=""

Memory limit of a container. The format is numberoptional unit, and available units are b, k, m, and g. The minimum value of this parameter is 4m.

--memory-reservation

Container memory limit. The default value is the same as that of --memory. --memory is a hard limit, and --memory-reservation is a soft limit. When the memory usage exceeds the preset value, the memory usage is dynamically adjusted (the system attempts to reduce the memory usage to a value less than the preset value when reclaiming the memory). However, the memory usage may exceed the preset value. Generally, this parameter can be used together with --memory. The value must be less than the preset value of --memory.

--memory-swap

Total usage of the common memory and swap partition. -1 indicates no restriction is set on the usage. If this parameter is not set, the swap partition size is twice the value of --memory. That is, the swap partition can use the same amount of memory as --memory.

--restart=""

Configures restart rule when the container exits. Currently, version 1.3.1 supports the following rules:

  • no: indicates that the container is not restarted when it is stopped.
  • on-failure: indicates that the container is restarted when the container exit code is not 0. This rule can be used to add the maximum number of restart times, for example, on-failure:5, indicating that the container can be restarted for a maximum of five times.
  • always: indicates the container is exited regardless of the exit code.

--help

Help information.

Example:

Run the following command to change the CPU and memory configurations of the container named busybox, including changing the relative weight of the host CPU obtained by the container to 512, the CPU cores that can be run by processes in the container to 0,1,2,3, and the memory limit for running the container to 512 m.

shell
sudo docker update  --cpu-shares 512  --cpuset-cpus=0,3 --memory 512m ubuntu

wait

Syntax: docker wait container [container...]

Function: Waits for a container to stop and print the exit code of the container:

Parameter description: none.

Example:

Run the following command to start a container named busybox:

shell
sudo docker start -i -a busybox

Run the docker wait command:

shell
$ sudo docker wait busybox
0

Wait until the busybox container exits. After the busybox container exits, the exit code 0 is displayed.