Docker cheatsheet

  • To view Docker images available on your local computer:
$ docker images
  • By default, only the images that you pulled by name are displayed. To view all images on your local computer, including the unnamed intermediate images that were pulled down to compose the named images that you pulled:
$ docker images -a
  • To view the full repository name, tag name and ID of images, use the --no-trunc option:
$ docker images --no-trunc
  • To run a Docker image as a container:
$ docker run image_name
  • To run a Docker image as a container and get a shell into it:
$ docker run -it image_name /bin/bash
  • To view all running containers:
$ docker ps
  • To view all containers, not just the running ones:
$ docker ps -a
  • To view the full container ID, image name and command use the --no-trunc option:
$ docker ps --no-trunc
  • To stop a running Docker container provide its container name (not image name) or its container hash:
$ docker stop container_name

Tried with: Docker 17.09 and Ubuntu 16.04

Advertisements

How to reload group assignment without logout and login

Problem

I was working in a shell in KDE. I installed Docker as described here. To be able to run Docker commands, my username should be in the docker group, so I added that. Now I need to logout and login out of my desktop environment for my username’s new group assignments to be picked up. Otherwise, running any Docker command throws this error:

$ docker images
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.32/images/json: dial unix /var/run/docker.sock: connect: permission denied

We can see that our user’s new group assignment is not reflected in the shell by running this command:

$ id

You will find that the docker group will not appear in the user’s group assignment, though the user has been already added to it. Creating a new shell or a child shell does not achieve what we want.

The only way to get the new group assignment is to logout and login from the desktop environment. The problem I have so many other GUI applications open in my desktop environment. I cannot afford to logout and login from my desktop environment, especially for a shell command to work!

Solution

So, what we want is a shell environment that is similar to what is presented when you login directly at a virtual terminal. Thankfully, we can do that by using the - option of the su command, like this:

$ su - joe
$ docker images
It works!

Another alternative is to run a command with a specific group or GID:

$ sg docker -c "docker images"

Tried with: Docker 17.09 and Ubuntu 16.04

How to install Docker

One way to install Docker is to add its repository and then install it from it. There are a lot of steps that need to be done for this, as seen here.

Since I do not really update packages so often, I prefer downloading the DEB file and installing it manually.

$ sudo dpkg -i your_docker_file.deb
  • Remember to add your username to the docker group:
$ sudo adduser joe docker
  • You will need to logout and login for the group assignment to take effect. If you find that logout-login to be painful, try this trick.

  • Try Docker and see if it works:

$ docker run hello-world

Tried with: Docker 17.09 and Ubuntu 16.04

Docker no pull access error

Problem

A Docker pull command to Docker hub that worked fine for all users failed only for one user. When she tried to pull, it threw up this error:

repository some_org/some_image not found: does not exist or no pull access
The push refers to a repository [docker.io/some_org/some_image]

Docker hub authentication and other details seemed to be in order.

Solution

Turns out this user had run some docker commands before adding the Docker hub authentication. Those early commands had created a ~/.docker directory. Details from this were conflicting with Docker hub authentication that was introduced later. Removing this directory fixed the issue.

Tried with: Docker 1.11 and Ubuntu 14.04

How to set umask for Docker container

Problem

Once you run a Docker container using docker run and get a shell inside it, you can set the file creation mode mask there with the umask command of the shell. This is usually 0022 and you can set it to whatever you want. All consecutive operations at the shell and child processes forked from the shell will have with umask.

What if you don’t want to manually type this umask command, but want it set automatically in the container?

Solution

  • Note that there is no way to do this directly in the Dockerfile. You can have a RUN umask 0002 command in the Dockerfile, but that does not have any effect for when you run the container.

  • You might think you can set this in the command that is passed at the end of a docker run like this:

$ docker run -it --rm some_image "umask 0000; /bin/bash"

This does not work either. The umask is back to the normal one in the shell. There is no other way to specify umask directly in a docker run as discussed here.

  • One solution is to create a shell script that sets this umask:
$ cat set_umask.sh
#!/bin/bash
umask 0002
/bin/bash

To be able to run this script when the container is run, we first need to make this executable:

$ chmod +x set_umask.sh

Next we add commands to the Dockerfile to copy this into the image and make the script as the entry point:

COPY set_umask.sh set_umask.sh
ENTRYPOINT ["./set_umask.sh"]

Build the container and run it and see your umask already enabled at the shell!

  • A final solution is to set the umask in the application you plan to run inside Docker. This is a foolproof way to ensure that the umask is obeyed.

How to set user of Docker container

Problem

When you run a Docker container using docker run, everything inside the container is executed by the root user and root group. Its UID is 0 and GID is 0. This can sometimes be a problem.

For example, I had mounted a directory from the host filesystem into the Docker container using the --volume option. When root creates a new file or directory in this mounted directory, it appears as owned by the user nobody and group nogroup. This was a problem since I wanted these new files and directories to be created with my username or at least my group.

Solution

You can set what username or group you want to run as inside a container by using the --user option.

  • To run as user joe: --user joe. It is highly unlikely that the username joe exists in the Docker container. So this will likely fail unless you have added Dockerfile commands to make this so.

  • Instead, set the UID: --user 1005. Docker will warn that the UID does not have a corresponding username inside the container, but it will work. Files created on the mounted directory will have the UID 1005. There is a problem: many programs inside the container may not run if root is not running it. For example, you may find that you cannot create files or directories inside the container without being root.

  • Another option is to set the group or GID: --user :1005. Notice the colon. Files created on mounted volumes will have the group GID you set. This solution worked to solve my problem.

  • You can set both UID and GID too: --user 1005:9999

Tried with: Ubuntu 16.04