new file mode 100644

@@ -0,0 +1,91 @@

+<!--[metadata]>

+title = "attach"

+description = "The attach command description and usage"

+keywords = ["attach, running, container"]

+[menu.main]

+parent = "smn_cli"

+weight=1

+<![end-metadata]-->

+

+# attach

+

+    Usage: docker attach [OPTIONS] CONTAINER

+

+    Attach to a running container

+

+      --no-stdin=false    Do not attach STDIN

+      --sig-proxy=true    Proxy all received signals to the process

+

+The `docker attach` command allows you to attach to a running container using

+the container's ID or name, either to view its ongoing output or to control it

+interactively. You can attach to the same contained process multiple times

+simultaneously, screen sharing style, or quickly view the progress of your

+daemonized process.

+

+You can detach from the container and leave it running with `CTRL-p CTRL-q`

+(for a quiet exit) or with `CTRL-c` if `--sig-proxy` is false.

+

+If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to the

+container.

+

+> **Note:**

+> A process running as PID 1 inside a container is treated specially by

+> Linux: it ignores any signal with the default action. So, the process

+> will not terminate on `SIGINT` or `SIGTERM` unless it is coded to do

+> so.

+

+It is forbidden to redirect the standard input of a `docker attach` command

+while attaching to a tty-enabled container (i.e.: launched with `-t`).

+

+#### Examples

+

+    $ docker run -d --name topdemo ubuntu /usr/bin/top -b

+    $ docker attach topdemo

+    top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05

+    Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie

+    Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st

+    Mem:    373572k total,   355560k used,    18012k free,    27872k buffers

+    Swap:   786428k total,        0k used,   786428k free,   221740k cached

+

+    PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND

+     1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top

+

+     top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05

+     Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie

+     Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st

+     Mem:    373572k total,   355244k used,    18328k free,    27872k buffers

+     Swap:   786428k total,        0k used,   786428k free,   221776k cached

+

+       PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND

+           1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top

+

+

+     top - 02:05:58 up  3:06,  0 users,  load average: 0.01, 0.02, 0.05

+     Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie

+     Cpu(s):  0.2%us,  0.3%sy,  0.0%ni, 99.5%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st

+     Mem:    373572k total,   355780k used,    17792k free,    27880k buffers

+     Swap:   786428k total,        0k used,   786428k free,   221776k cached

+

+     PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND

+          1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top

+    ^C$

+    $ echo $?

+    0

+    $ docker ps -a | grep topdemo

+    7998ac8581f9        ubuntu:14.04        "/usr/bin/top -b"   38 seconds ago      Exited (0) 21 seconds ago                          topdemo

+

+And in this second example, you can see the exit code returned by the `bash`

+process is returned by the `docker attach` command to its caller too:

+

+    $ docker run --name test -d -it debian

+    275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab

+    $ docker attach test

+    $$ exit 13

+    exit

+    $ echo $?

+    13

+    $ docker ps -a | grep test

+    275c44472aeb        debian:7            "/bin/bash"         26 seconds ago      Exited (13) 17 seconds ago                         test

+

new file mode 100644

@@ -0,0 +1,249 @@

+<!--[metadata]>

+title = "build"

+description = "The build command description and usage"

+keywords = ["build, docker, image"]

+[menu.main]

+parent = "smn_cli"

+weight=1

+<![end-metadata]-->

+

+# build

+

+    Usage: docker build [OPTIONS] PATH | URL | -

+

+    Build a new image from the source code at PATH

+

+      -f, --file=""            Name of the Dockerfile (Default is 'PATH/Dockerfile')

+      --force-rm=false         Always remove intermediate containers

+      --no-cache=false         Do not use cache when building the image

+      --pull=false             Always attempt to pull a newer version of the image

+      -q, --quiet=false        Suppress the verbose output generated by the containers

+      --rm=true                Remove intermediate containers after a successful build

+      -t, --tag=""             Repository name (and optionally a tag) for the image

+      -m, --memory=""          Memory limit for all build containers

+      --memory-swap=""         Total memory (memory + swap), `-1` to disable swap

+      -c, --cpu-shares         CPU Shares (relative weight)

+      --cpuset-mems=""         MEMs in which to allow execution, e.g. `0-3`, `0,1`

+      --cpuset-cpus=""         CPUs in which to allow execution, e.g. `0-3`, `0,1`

+      --cgroup-parent=""       Optional parent cgroup for the container

+

+Builds Docker images from a Dockerfile and a "context". A build's context is

+the files located in the specified `PATH` or `URL`. The build process can refer

+to any of the files in the context. For example, your build can use an

+[*ADD*](/reference/builder/#add) instruction to reference a file in the

+context.

+

+The `URL` parameter can specify the location of a Git repository; the repository

+acts as the build context. The system recursively clones the repository and its

+submodules using a `git clone --depth 1 --recursive` command. This command runs

+in a temporary directory on your local host. After the command succeeds, the

+directory is sent to the Docker daemon as the context. Local clones give you the

+ability to access private repositories using local user credentials, VPNs, and

+so forth.

+

+Git URLs accept context configuration in their fragment section, separated by a

+colon `:`.  The first part represents the reference that Git will check out,

+this can be either a branch, a tag, or a commit SHA. The second part represents

+a subdirectory inside the repository that will be used as a build context.

+

+For example, run this command to use a directory called `docker` in the branch

+`container`:

+

+      $ docker build https://github.com/docker/rootfs.git#container:docker

+

+The following table represents all the valid suffixes with their build

+contexts:

+

+Build Syntax Suffix | Commit Used | Build Context Used

+--------------------|-------------|-------------------

+`myrepo.git` | `refs/heads/master` | `/`

+`myrepo.git#mytag` | `refs/tags/mytag` | `/`

+`myrepo.git#mybranch` | `refs/heads/mybranch` | `/`

+`myrepo.git#abcdef` | `sha1 = abcdef` | `/`

+`myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder`

+`myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder`

+`myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder`

+`myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder`

+`myrepo.git#abcdef:myfolder` | `sha1 = abcdef` | `/myfolder`

+

+Instead of specifying a context, you can pass a single Dockerfile in the `URL`

+or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`:

+

+    docker build - < Dockerfile

+

+If you use STDIN or specify a `URL`, the system places the contents into a file

+called `Dockerfile`, and any `-f`, `--file` option is ignored. In this

+scenario, there is no context.

+

+By default the `docker build` command will look for a `Dockerfile` at the root

+of the build context. The `-f`, `--file`, option lets you specify the path to

+an alternative file to use instead. This is useful in cases where the same set

+of files are used for multiple builds. The path must be to a file within the

+build context. If a relative path is specified then it must to be relative to

+the current directory.

+

+In most cases, it's best to put each Dockerfile in an empty directory. Then,

+add to that directory only the files needed for building the Dockerfile. To

+increase the build's performance, you can exclude files and directories by

+adding a `.dockerignore` file to that directory as well. For information on

+creating one, see the [.dockerignore file](/reference/builder#dockerignore-file).

+

+If the Docker client loses connection to the daemon, the build is canceled.

+This happens if you interrupt the Docker client with `ctrl-c` or if the Docker

+client is killed for any reason.

+

+> **Note:**

+> Currently only the "run" phase of the build can be canceled until pull

+> cancellation is implemented).

+

+## Return code

+

+On a successful build, a return code of success `0` will be returned.  When the

+build fails, a non-zero failure code will be returned.

+

+There should be informational output of the reason for failure output to

+`STDERR`:

+

+    $ docker build -t fail .

+    Sending build context to Docker daemon 2.048 kB

+    Sending build context to Docker daemon

+    Step 0 : FROM busybox

+     ---> 4986bf8c1536

+    Step 1 : RUN exit 13

+     ---> Running in e26670ec7a0a

+    INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13

+    $ echo $?

+    1

+

+See also:

+

+[*Dockerfile Reference*](/reference/builder).

+

+## Examples

+

+    $ docker build .

+    Uploading context 10240 bytes

+    Step 1 : FROM busybox

+    Pulling repository busybox

+     ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/

+    Step 2 : RUN ls -lh /

+     ---> Running in 9c9e81692ae9

+    total 24

+    drwxr-xr-x    2 root     root        4.0K Mar 12  2013 bin

+    drwxr-xr-x    5 root     root        4.0K Oct 19 00:19 dev

+    drwxr-xr-x    2 root     root        4.0K Oct 19 00:19 etc

+    drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 lib

+    lrwxrwxrwx    1 root     root           3 Mar 12  2013 lib64 -> lib

+    dr-xr-xr-x  116 root     root           0 Nov 15 23:34 proc

+    lrwxrwxrwx    1 root     root           3 Mar 12  2013 sbin -> bin

+    dr-xr-xr-x   13 root     root           0 Nov 15 23:34 sys

+    drwxr-xr-x    2 root     root        4.0K Mar 12  2013 tmp

+    drwxr-xr-x    2 root     root        4.0K Nov 15 23:34 usr

+     ---> b35f4035db3f

+    Step 3 : CMD echo Hello world

+     ---> Running in 02071fceb21b

+     ---> f52f38b7823e

+    Successfully built f52f38b7823e

+    Removing intermediate container 9c9e81692ae9

+    Removing intermediate container 02071fceb21b

+

+This example specifies that the `PATH` is `.`, and so all the files in the

+local directory get `tar`d and sent to the Docker daemon. The `PATH` specifies

+where to find the files for the "context" of the build on the Docker daemon.

+Remember that the daemon could be running on a remote machine and that no

+parsing of the Dockerfile happens at the client side (where you're running

+`docker build`). That means that *all* the files at `PATH` get sent, not just

+the ones listed to [*ADD*](/reference/builder/#add) in the Dockerfile.

+

+The transfer of context from the local machine to the Docker daemon is what the

+`docker` client means when you see the "Sending build context" message.

+

+If you wish to keep the intermediate containers after the build is complete,

+you must use `--rm=false`. This does not affect the build cache.

+

+    $ docker build .

+    Uploading context 18.829 MB

+    Uploading context

+    Step 0 : FROM busybox

+     ---> 769b9341d937

+    Step 1 : CMD echo Hello world

+     ---> Using cache

+     ---> 99cc1ad10469

+    Successfully built 99cc1ad10469

+    $ echo ".git" > .dockerignore

+    $ docker build .

+    Uploading context  6.76 MB

+    Uploading context

+    Step 0 : FROM busybox

+     ---> 769b9341d937

+    Step 1 : CMD echo Hello world

+     ---> Using cache

+     ---> 99cc1ad10469

+    Successfully built 99cc1ad10469

+

+This example shows the use of the `.dockerignore` file to exclude the `.git`

+directory from the context. Its effect can be seen in the changed size of the

+uploaded context. The builder reference contains detailed information on

+[creating a .dockerignore file](../../builder/#dockerignore-file)

+

+    $ docker build -t vieux/apache:2.0 .

+

+This will build like the previous example, but it will then tag the resulting

+image. The repository name will be `vieux/apache` and the tag will be `2.0`

+

+    $ docker build - < Dockerfile

+

+This will read a Dockerfile from `STDIN` without context. Due to the lack of a

+context, no contents of any local directory will be sent to the Docker daemon.

+Since there is no context, a Dockerfile `ADD` only works if it refers to a

+remote URL.

+

+    $ docker build - < context.tar.gz

+

+This will build an image for a compressed context read from `STDIN`.  Supported

+formats are: bzip2, gzip and xz.

+

+    $ docker build github.com/creack/docker-firefox

+

+This will clone the GitHub repository and use the cloned repository as context.

+The Dockerfile at the root of the repository is used as Dockerfile. Note that

+you can specify an arbitrary Git repository by using the `git://` or `git@`

+schema.

+

+    $ docker build -f Dockerfile.debug .

+

+This will use a file called `Dockerfile.debug` for the build instructions

+instead of `Dockerfile`.

+

+    $ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug .

+    $ docker build -f dockerfiles/Dockerfile.prod  -t myapp_prod .

+

+The above commands will build the current build context (as specified by the

+`.`) twice, once using a debug version of a `Dockerfile` and once using a

+production version.

+

+    $ cd /home/me/myapp/some/dir/really/deep

+    $ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp

+    $ docker build -f ../../../../dockerfiles/debug /home/me/myapp

+

+These two `docker build` commands do the exact same thing. They both use the

+contents of the `debug` file instead of looking for a `Dockerfile` and will use

+`/home/me/myapp` as the root of the build context. Note that `debug` is in the

+directory structure of the build context, regardless of how you refer to it on

+the command line.

+

+> **Note:**

+> `docker build` will return a `no such file or directory` error if the

+> file or directory does not exist in the uploaded context. This may

+> happen if there is no context, or if you specify a file that is

+> elsewhere on the Host system. The context is limited to the current

+> directory (and its children) for security reasons, and to ensure

+> repeatable builds on remote Docker hosts. This is also the reason why

+> `ADD ../file` will not work.

+

+When `docker build` is run with the `--cgroup-parent` option the containers

+used in the build will be run with the [corresponding `docker run`

+flag](/reference/run/#specifying-custom-cgroups).

+

@@ -1,14 +1,14 @@

 <!--[metadata]>

 +++

-title = "Command Line Interface"

+title = "Using the command line"

 description = "Docker's CLI command description and usage"

 keywords = ["Docker, Docker documentation, CLI,  command line"]

 [menu.main]

-parent = "mn_reference"

+parent = "smn_cli"

 +++

 <![end-metadata]-->

-# Docker Command Line

+# Using the command line

 > **Note:** if you are using a remote Docker daemon, such as Boot2Docker, 

 > then _do not_ type the `sudo` before the `docker` commands shown in the

@@ -146,2504 +146,3 @@ Sometimes, multiple options can call for a more complex value string as for

 Options like `--name=""` expect a string, and they

 can only be specified once. Options like `-c=0`

 expect an integer, and they can only be specified once.

-

-## daemon

-

-    Usage: docker [OPTIONS] COMMAND [arg...]

-

-    A self-sufficient runtime for linux containers.

-

-    Options:

-      --api-cors-header=""                   Set CORS headers in the remote API

-      -b, --bridge=""                        Attach containers to a network bridge

-      --bip=""                               Specify network bridge IP

-      -D, --debug=false                      Enable debug mode

-      -d, --daemon=false                     Enable daemon mode

-      --default-gateway=""                   Container default gateway IPv4 address

-      --default-gateway-v6=""                Container default gateway IPv6 address

-      --dns=[]                               DNS server to use

-      --dns-search=[]                        DNS search domains to use

-      --default-ulimit=[]                    Set default ulimit settings for containers

-      -e, --exec-driver="native"             Exec driver to use

-      --exec-opt=[]                          Set exec driver options

-      --exec-root="/var/run/docker"          Root of the Docker execdriver

-      --fixed-cidr=""                        IPv4 subnet for fixed IPs

-      --fixed-cidr-v6=""                     IPv6 subnet for fixed IPs

-      -G, --group="docker"                   Group for the unix socket

-      -g, --graph="/var/lib/docker"          Root of the Docker runtime

-      -H, --host=[]                          Daemon socket(s) to connect to

-      -h, --help=false                       Print usage

-      --icc=true                             Enable inter-container communication

-      --insecure-registry=[]                 Enable insecure registry communication

-      --ip=0.0.0.0                           Default IP when binding container ports

-      --ip-forward=true                      Enable net.ipv4.ip_forward

-      --ip-masq=true                         Enable IP masquerading

-      --iptables=true                        Enable addition of iptables rules

-      --ipv6=false                           Enable IPv6 networking

-      -l, --log-level="info"                 Set the logging level

-      --label=[]                             Set key=value labels to the daemon

-      --log-driver="json-file"               Default driver for container logs

-      --log-opt=[]                           Log driver specific options

-      --mtu=0                                Set the containers network MTU

-      -p, --pidfile="/var/run/docker.pid"    Path to use for daemon PID file

-      --registry-mirror=[]                   Preferred Docker registry mirror

-      -s, --storage-driver=""                Storage driver to use

-      --selinux-enabled=false                Enable selinux support

-      --storage-opt=[]                       Set storage driver options

-      --tls=false                            Use TLS; implied by --tlsverify

-      --tlscacert="~/.docker/ca.pem"         Trust certs signed only by this CA

-      --tlscert="~/.docker/cert.pem"         Path to TLS certificate file

-      --tlskey="~/.docker/key.pem"           Path to TLS key file

-      --tlsverify=false                      Use TLS and verify the remote

-      --userland-proxy=true                  Use userland proxy for loopback traffic

-      -v, --version=false                    Print version information and quit

-

-Options with [] may be specified multiple times.

-

-The Docker daemon is the persistent process that manages containers. Docker

-uses the same binary for both the daemon and client. To run the daemon you

-provide the `-d` flag.

-

-To run the daemon with debug output, use `docker -d -D`.

-

-### Daemon socket option

-

-The Docker daemon can listen for [Docker Remote API](/reference/api/docker_remote_api/)

-requests via three different types of Socket: `unix`, `tcp`, and `fd`.

-

-By default, a `unix` domain socket (or IPC socket) is created at

-`/var/run/docker.sock`, requiring either `root` permission, or `docker` group

-membership.

-

-If you need to access the Docker daemon remotely, you need to enable the `tcp`

-Socket. Beware that the default setup provides un-encrypted and

-un-authenticated direct access to the Docker daemon - and should be secured

-either using the [built in HTTPS encrypted socket](/articles/https/), or by

-putting a secure web proxy in front of it. You can listen on port `2375` on all

-network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network

-interface using its IP address: `-H tcp://192.168.59.103:2375`. It is

-conventional to use port `2375` for un-encrypted, and port `2376` for encrypted

-communication with the daemon.

-

-> **Note:**

-> If you're using an HTTPS encrypted socket, keep in mind that only

-> TLS1.0 and greater are supported. Protocols SSLv3 and under are not

-> supported anymore for security reasons.

-

-On Systemd based systems, you can communicate with the daemon via

-[Systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html),

-use `docker -d -H fd://`. Using `fd://` will work perfectly for most setups but

-you can also specify individual sockets: `docker -d -H fd://3`. If the

-specified socket activated files aren't found, then Docker will exit. You can

-find examples of using Systemd socket activation with Docker and Systemd in the

-[Docker source tree](https://github.com/docker/docker/tree/master/contrib/init/systemd/).

-

-You can configure the Docker daemon to listen to multiple sockets at the same

-time using multiple `-H` options:

-

-    # listen using the default unix socket, and on 2 specific IP addresses on this host.

-    docker -d -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2

-

-The Docker client will honor the `DOCKER_HOST` environment variable to set the

-`-H` flag for the client.

-

-    $ docker -H tcp://0.0.0.0:2375 ps

-    # or

-    $ export DOCKER_HOST="tcp://0.0.0.0:2375"

-    $ docker ps

-    # both are equal

-

-Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than

-the empty string is equivalent to setting the `--tlsverify` flag. The following

-are equivalent:

-

-    $ docker --tlsverify ps

-    # or

-    $ export DOCKER_TLS_VERIFY=1

-    $ docker ps

-

-The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`

-environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes

-precedence over `HTTP_PROXY`.

-

-### Daemon storage-driver option

-

-The Docker daemon has support for several different image layer storage

-drivers: `aufs`, `devicemapper`, `btrfs`, `zfs` and `overlay`.

-

-The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that

-is unlikely to be merged into the main kernel. These are also known to cause

-some serious kernel crashes. However, `aufs` is also the only storage driver

-that allows containers to share executable and shared library memory, so is a

-useful choice when running thousands of containers with the same program or

-libraries.

-

-The `devicemapper` driver uses thin provisioning and Copy on Write (CoW)

-snapshots. For each devicemapper graph location – typically

-`/var/lib/docker/devicemapper` – a thin pool is created based on two block

-devices, one for data and one for metadata. By default, these block devices

-are created automatically by using loopback mounts of automatically created

-sparse files. Refer to [Storage driver options](#storage-driver-options) below

-for a way how to customize this setup.

-[~jpetazzo/Resizing Docker containers with the Device Mapper plugin](http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/)

-article explains how to tune your existing setup without the use of options.

-

-The `btrfs` driver is very fast for `docker build` - but like `devicemapper`

-does not share executable memory between devices. Use

-`docker -d -s btrfs -g /mnt/btrfs_partition`.

-

-The `zfs` driver is probably not fast as `btrfs` but has a longer track record

-on stability. Thanks to `Single Copy ARC` shared blocks between clones will be

-cached only once. Use `docker -d -s zfs`. To select a different zfs filesystem

-set `zfs.fsname` option as described in [Storage driver options](#storage-driver-options).

-

-The `overlay` is a very fast union filesystem. It is now merged in the main

-Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). Call

-`docker -d -s overlay` to use it.

-

-> **Note:**

-> As promising as `overlay` is, the feature is still quite young and should not

-> be used in production. Most notably, using `overlay` can cause excessive

-> inode consumption (especially as the number of images grows), as well as

-> being incompatible with the use of RPMs.

-

-> **Note:**

-> It is currently unsupported on `btrfs` or any Copy on Write filesystem

-> and should only be used over `ext4` partitions.

-

-#### Storage driver options

-

-Particular storage-driver can be configured with options specified with

-`--storage-opt` flags. Options for `devicemapper` are prefixed with `dm` and

-options for `zfs` start with `zfs`.

-

-Currently supported options of `devicemapper`:

-

- *  `dm.basesize`

-

-    Specifies the size to use when creating the base device, which limits the

-    size of images and containers. The default value is 10G. Note, thin devices

-    are inherently "sparse", so a 10G device which is mostly empty doesn't use

-    10 GB of space on the pool. However, the filesystem will use more space for

-    the empty case the larger the device is.

-

-     **Warning:** This value affects the system-wide "base" empty filesystem

-     that may already be initialized and inherited by pulled images. Typically,

-     a change to this value will require additional steps to take effect:

-

-        $ sudo service docker stop

-        $ sudo rm -rf /var/lib/docker

-        $ sudo service docker start

-

-    Example use:

-

-        $ docker -d --storage-opt dm.basesize=20G

-

- *  `dm.loopdatasize`

-

-    Specifies the size to use when creating the loopback file for the "data"

-    device which is used for the thin pool. The default size is 100G. Note that

-    the file is sparse, so it will not initially take up this much space.

-

-    Example use:

-

-        $ docker -d --storage-opt dm.loopdatasize=200G

-

- *  `dm.loopmetadatasize`

-

-    Specifies the size to use when creating the loopback file for the

-    "metadata" device which is used for the thin pool. The default size is 2G.

-    Note that the file is sparse, so it will not initially take up this much

-    space.

-

-    Example use:

-

-        $ docker -d --storage-opt dm.loopmetadatasize=4G

-

- *  `dm.fs`

-

-    Specifies the filesystem type to use for the base device. The supported

-    options are "ext4" and "xfs". The default is "ext4"

-

-    Example use:

-

-        $ docker -d --storage-opt dm.fs=xfs

-

- *  `dm.mkfsarg`

-

-    Specifies extra mkfs arguments to be used when creating the base device.

-

-    Example use:

-

-        $ docker -d --storage-opt "dm.mkfsarg=-O ^has_journal"

-

- *  `dm.mountopt`

-

-    Specifies extra mount options used when mounting the thin devices.

-

-    Example use:

-

-        $ docker -d --storage-opt dm.mountopt=nodiscard

-

- *  `dm.datadev`

-

-    Specifies a custom blockdevice to use for data for the thin pool.

-

-    If using a block device for device mapper storage, ideally both datadev and

-    metadatadev should be specified to completely avoid using the loopback

-    device.

-

-    Example use:

-

-        $ docker -d \

-            --storage-opt dm.datadev=/dev/sdb1 \

-            --storage-opt dm.metadatadev=/dev/sdc1

-

- *  `dm.metadatadev`

-

-    Specifies a custom blockdevice to use for metadata for the thin pool.

-

-    For best performance the metadata should be on a different spindle than the

-    data, or even better on an SSD.

-

-    If setting up a new metadata pool it is required to be valid. This can be

-    achieved by zeroing the first 4k to indicate empty metadata, like this:

-

-        $ dd if=/dev/zero of=$metadata_dev bs=4096 count=1

-

-    Example use:

-

-        $ docker -d \

-            --storage-opt dm.datadev=/dev/sdb1 \

-            --storage-opt dm.metadatadev=/dev/sdc1

-

- *  `dm.blocksize`

-

-    Specifies a custom blocksize to use for the thin pool. The default

-    blocksize is 64K.

-

-    Example use:

-

-        $ docker -d --storage-opt dm.blocksize=512K

-

- *  `dm.blkdiscard`

-

-    Enables or disables the use of blkdiscard when removing devicemapper

-    devices. This is enabled by default (only) if using loopback devices and is

-    required to resparsify the loopback file on image/container removal.

-

-    Disabling this on loopback can lead to *much* faster container removal

-    times, but will make the space used in `/var/lib/docker` directory not be

-    returned to the system for other use when containers are removed.

-

-    Example use:

-

-        $ docker -d --storage-opt dm.blkdiscard=false

-

- *  `dm.override_udev_sync_check`

-

-    Overrides the `udev` synchronization checks between `devicemapper` and `udev`.

-    `udev` is the device manager for the Linux kernel.

-

-    To view the `udev` sync support of a Docker daemon that is using the

-    `devicemapper` driver, run:

-

-        $ docker info

-        [...]

-        Udev Sync Supported: true

-        [...]

-

-    When `udev` sync support is `true`, then `devicemapper` and udev can

-    coordinate the activation and deactivation of devices for containers.

-

-    When `udev` sync support is `false`, a race condition occurs between

-    the`devicemapper` and `udev` during create and cleanup. The race condition

-    results in errors and failures. (For information on these failures, see

-    [docker#4036](https://github.com/docker/docker/issues/4036))

-

-    To allow the `docker` daemon to start, regardless of `udev` sync not being

-    supported, set `dm.override_udev_sync_check` to true:

-

-        $ docker -d --storage-opt dm.override_udev_sync_check=true

-

-    When this value is `true`, the  `devicemapper` continues and simply warns

-    you the errors are happening.

-

-    > **Note:**

-    > The ideal is to pursue a `docker` daemon and environment that does

-    > support synchronizing with `udev`. For further discussion on this

-    > topic, see [docker#4036](https://github.com/docker/docker/issues/4036).

-    > Otherwise, set this flag for migrating existing Docker daemons to

-    > a daemon with a supported environment.

-

-Currently supported options of `zfs`:

-

- * `zfs.fsname`

-

-    Set zfs filesystem under which docker will create its own datasets.

-    By default docker will pick up the zfs filesystem where docker graph

-    (`/var/lib/docker`) is located.

-

-    Example use:

-

-        $ docker -d -s zfs --storage-opt zfs.fsname=zroot/docker

-

-### Docker execdriver option

-

-The Docker daemon uses a specifically built `libcontainer` execution driver as

-its interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`.

-

-There is still legacy support for the original [LXC userspace tools](

-https://linuxcontainers.org/) via the `lxc` execution driver, however, this is

-not where the primary development of new functionality is taking place.

-Add `-e lxc` to the daemon flags to use the `lxc` execution driver.

-

-#### Options for the native execdriver

-

-You can configure the `native` (libcontainer) execdriver using options specified

-with the `--exec-opt` flag. All the flag's options have the `native` prefix. A

-single `native.cgroupdriver` option is available.

-

-The `native.cgroupdriver` option specifies the management of the container's

-cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and

-it is not available, the system uses `cgroupfs`. By default, if no option is

-specified, the execdriver first tries `systemd` and falls back to `cgroupfs`.

-This example sets the execdriver to `cgroupfs`:

-

-    $ sudo docker -d --exec-opt native.cgroupdriver=cgroupfs

-

-Setting this option applies to all containers the daemon launches.

-

-### Daemon DNS options

-

-To set the DNS server for all Docker containers, use

-`docker -d --dns 8.8.8.8`.

-

-To set the DNS search domain for all Docker containers, use

-`docker -d --dns-search example.com`.

-

-### Insecure registries

-

-Docker considers a private registry either secure or insecure. In the rest of

-this section, *registry* is used for *private registry*, and `myregistry:5000`

-is a placeholder example for a private registry.

-

-A secure registry uses TLS and a copy of its CA certificate is placed on the

-Docker host at `/etc/docker/certs.d/myregistry:5000/ca.crt`. An insecure

-registry is either not using TLS (i.e., listening on plain text HTTP), or is

-using TLS with a CA certificate not known by the Docker daemon. The latter can

-happen when the certificate was not found under

-`/etc/docker/certs.d/myregistry:5000/`, or if the certificate verification

-failed (i.e., wrong CA).

-

-By default, Docker assumes all, but local (see local registries below),

-registries are secure. Communicating with an insecure registry is not possible

-if Docker assumes that registry is secure. In order to communicate with an

-insecure registry, the Docker daemon requires `--insecure-registry` in one of

-the following two forms:

-

-* `--insecure-registry myregistry:5000` tells the Docker daemon that

-  myregistry:5000 should be considered insecure.

-* `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries

-  whose domain resolve to an IP address is part of the subnet described by the

-  CIDR syntax, should be considered insecure.

-

-The flag can be used multiple times to allow multiple registries to be marked

-as insecure.

-

-If an insecure registry is not marked as insecure, `docker pull`,

-`docker push`, and `docker search` will result in an error message prompting

-the user to either secure or pass the `--insecure-registry` flag to the Docker

-daemon as described above.

-

-Local registries, whose IP address falls in the 127.0.0.0/8 range, are

-automatically marked as insecure as of Docker 1.3.2. It is not recommended to

-rely on this, as it may change in the future.

-

-### Running a Docker daemon behind a HTTPS_PROXY

-

-When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub

-certificates will be replaced by the proxy's certificates. These certificates

-need to be added to your Docker host's configuration:

-

-1. Install the `ca-certificates` package for your distribution

-2. Ask your network admin for the proxy's CA certificate and append them to

-   `/etc/pki/tls/certs/ca-bundle.crt`

-3. Then start your Docker daemon with `HTTPS_PROXY=http://username:password@proxy:port/ docker -d`.

-   The `username:` and `password@` are optional - and are only needed if your

-   proxy is set up to require authentication.

-

-This will only add the proxy and authentication to the Docker daemon's requests -

-your `docker build`s and running containers will need extra configuration to

-use the proxy

-

-### Default Ulimits

-

-`--default-ulimit` allows you to set the default `ulimit` options to use for

-all containers. It takes the same options as `--ulimit` for `docker run`. If

-these defaults are not set, `ulimit` settings will be inherited, if not set on

-`docker run`, from the Docker daemon. Any `--ulimit` options passed to 

-`docker run` will overwrite these defaults.

-

-### Miscellaneous options

-

-IP masquerading uses address translation to allow containers without a public

-IP to talk to other machines on the Internet. This may interfere with some

-network topologies and can be disabled with --ip-masq=false.

-

-Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and

-for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be

-set like this:

-

-    DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1

-    # or

-    export DOCKER_TMPDIR=/mnt/disk2/tmp

-    /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1

-

-## attach

-

-    Usage: docker attach [OPTIONS] CONTAINER

-

-    Attach to a running container

-

-      --no-stdin=false    Do not attach STDIN

-      --sig-proxy=true    Proxy all received signals to the process

-

-The `docker attach` command allows you to attach to a running container using

-the container's ID or name, either to view its ongoing output or to control it

-interactively. You can attach to the same contained process multiple times

-simultaneously, screen sharing style, or quickly view the progress of your

-daemonized process.

-

-You can detach from the container and leave it running with `CTRL-p CTRL-q`

-(for a quiet exit) or with `CTRL-c` if `--sig-proxy` is false.

-

-If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to the

-container.

-

-> **Note:**

-> A process running as PID 1 inside a container is treated specially by

-> Linux: it ignores any signal with the default action. So, the process

-> will not terminate on `SIGINT` or `SIGTERM` unless it is coded to do

-> so.

-

-It is forbidden to redirect the standard input of a `docker attach` command

-while attaching to a tty-enabled container (i.e.: launched with `-t`).

-

-#### Examples

-

-    $ docker run -d --name topdemo ubuntu /usr/bin/top -b

-    $ docker attach topdemo

-    top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05

-    Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie

-    Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st

-    Mem:    373572k total,   355560k used,    18012k free,    27872k buffers

-    Swap:   786428k total,        0k used,   786428k free,   221740k cached

-

-    PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND

-     1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top

-

-     top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05

-     Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie

-     Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st

-     Mem:    373572k total,   355244k used,    18328k free,    27872k buffers

-     Swap:   786428k total,        0k used,   786428k free,   221776k cached