Enable Remote API

cat <<EOF> /etc/docker/daemon.json
    "hosts": [
mkdir /etc/systemd/system/docker.service.d
cat <<EOF> /etc/systemd/system/docker.service.d/override.conf
systemctl daemon-reload
service docker restart
# ubuntu package
DOCKER_OPTS="-H tcp:// -H unix:///var/run/docker.sock"
# test API connection
docker --host info

Add user to docker group

sudo usermod -aG docker $USER
su - $USER
systemctl enable docker
systemctl status docker

List container / output format - Formating output

docker ps -a --filter 'exited=0'
docker images --format '{{.Repository}}:{{.Tag}}'
docker images --format '{{.Size}}\t{{.Repository}}\t{{.Tag}}\t{{.ID}}'
docker ps -a --filter status=exited --filter status=restarting --format "{{.ID}} {{.Names}}" | grep -v skydive

Start all exited container

docker start $(docker ps -a -q -f status=exited)
# Stop all containers
docker stop $(docker ps -a -q)
# Delete all containers
docker rm $(docker ps -a -q) -f
# Delete exited containers
docker ps --filter status=exited --quiet | xargs docker rm
# Delete all images
docker rmi $(docker images -aq) -f
# fix missing btrf storage driver
sudo rm -rf /var/lib/docker/aufs

Debug / Run test container

docker info
docker run hello-world
#docker run -it centos bash
docker run -it ubuntu

Login to container

docker exec -it --user root CONTAINER bash
#docker run -i --rm ubuntu bash
sudo docker run -i -t --name dc-ubuntu ubuntu bash
sudo docker start -i dc-ubuntu
# wordpress
docker run -d --name dc-mysql -e MYSQL_ROOT_PASSWORD=mysqlpwd mysql
docker run -d --name dc-wordpress --link dc-mysql:mysql -p 7894:80 wordpress
# search
docker  search icinga
docker search --filter is-official=true ubuntu
docker pull phre/icinga
docker run --name dc-nginx -d -p 7890:80 nginx
docker logs dc-nginx
# images
sudo docker images
sudo docker rmi 3eXXXXx
apt-get install docker
docker run -t -i --rm ubuntu bash
docker run -i -t --name dc-ubuntu ubuntu bash
docker start -i dc-ubuntu
docker run --name dc-nginx -d -p 7890:80 nginx
docker logs dc-nginx
docker stop dc-nginx
docker rm dc-nginx
docker run --name dc-nginx -d -p 7890:80 -v /tmp/srv/:/usr/local/nginx/html:ro nginx
docker run --name dc-nginx-tmp -t -i nginx /bin/bash
docker commit dc-nginx-tmp img-mynginx
docker run --name dc-mynginx -d -p 7891:80 img-mynginx nginx
# view all cointainer (also inactive)
docker ps -a
# remove all container
docker ps -qa | xargs docker rm
FROM nginx
RUN echo '<html><body><p>Hello again!</p> </body></html>' > /usr/local/nginx/html/index.html
docker build -t=img-mynginx2 /tmp/dbuildtst/
docker run --name dc-mynginx2 -d -p 7892:80 img-mynginx2


# generate auth configuration for private remote docker repository
docker login -u user -p pass
AUTH=$(echo -n username:password | base64)
# auto login
# ~/.docker/config.json
	"auths": {
		"": {
			"auth": "$AUTH"
	"HttpHeaders": {
		"User-Agent": "Docker-Client/18.12.3-ce (linux)"
docker login

Run Docker inside LXC container

echo 'DOCKER_OPTS="--exec-driver=lxc"' | tee -a /etc/default/docker
service docker restart
# mysql container
sudo docker pull mysql
# build a container
# notes
docker run --lxc-conf="" my_image ifconfig
edit /etc/default/docker: DOCKER_OPTS="--dns -e lxc"
apt-get install lxc (lxc-docker is not enough)
docker run --lxc-conf="" -t myimage

# non root?

# quick & easy install
wget -qO- | sh

Docker under LXC

cat /var/lib/lxc/docker/config
lxc.aa_profile = unconfined
lxc.cgroup.devices.allow = a
lxc.cap.drop =

# 15 Quick Docker Tips


# list volumes
docker inspect -f '{{ .Mounts }}' CONTAINER
# get volume information
for VOLUME in $(docker volume ls -q); do
    docker volume inspect ${VOLUME}
# delete unused volumes
docker volume rm $(docker volume ls -qf dangling=true)
# show space used by volume
docker system df -v
# show volumes used by container
docker ps -q | xargs -L1 docker inspect -f '{{ .Mounts }}' | grep elasticsearch
# service


Docker Machine

Docker Compose

List content of docker repository

curl -X GET http://${DOCKER_REPOSITORY_IP}:5000/v2/_catalog | python -m json.tool
<strong>Create profile with connection to VLAN</strong>
lxc profile copy default mgmt-dev
# lxc profile list
lxc profile device set mgmt-dev eth0 nictype macvlan
lxc profile device set mgmt-dev eth0 parent mgmt-dev-v1234
lxc profile show mgmt-dev

Configure HTTPS proxy

# configure https proxy
cat <<EOF> /etc/systemd/system/docker.service.d/http-proxy.conf
systemctl daemon-reload
systemctl restart docker
# find restarting nodes
docker ps -a --filter status=exited --filter status=restarting

Get registry packages

curl -X GET ${DOCKER_REPOSITORY_IP}/v2/_catalog | python -m json.tool
curl -X GET ${DOCKER_REPOSITORY_IP}/v2/${DOCKER_CONTAINER}/tags/list | python -m json.tool

Macvlan network driver

Disk usage

docker system df
docker system df -v
docker ps --size | grep GB
curl -X GET http://${DOCKER_REPOSITORY_IP}:5000/v2/${DOCKER_CONTAINER}/tags/list | python -m json.tool


# manual login
docker login


for CONTAINER in $(docker ps -a --filter status=exited --filter status=restarting -q); do
    docker restart ${CONTAINER}
    sleep 10

restart all continer

for CONTAINER in $(docker ps -a -q); do
    docker ps | grep ${CONTAINER}
    docker restart ${CONTAINER}
    sleep 30

Enable autostart

#docker login
# Disable autostart for all containers
docker update --restart=no $(docker ps -qa)
docker update --restart=on-failure:3 abebf7571666 foo_container_1
# Enable autostart for all currently running containers
docker update --restart=always $(docker ps -q)
# Show RestartPolicy
docker inspect --format '{{json .HostConfig.RestartPolicy.Name}}' ${CONTAINER_ID}
docker inspect ${CONTAINER_ID} | grep RestartPolicy -A3
# set to unless-stopped on all containers
docker update --restart=unless-stopped $(docker ps -aq)
# show restart policy
docker ps -aq | xargs docker inspect {} | jq -r '.[] | (.Name + " " + .HostConfig.RestartPolicy.Name)'

Docker and LXD on same host

# cat /etc/docker/daemon.json
    "iptables": false


docker stats


docker image prune --all -f
# system
docker system  df
docker system prune

Comparing Ingress controllers for Kubernetes


# /etc/docker/daemon.json
"log-driver": "json-file",
"log-opts": {
    "max-size": "10m",    
    "max-file": "3"    

How do I authenticate with the V2 API