Docker hub oracle linux

OracleВ® Linux 6

Docker User’s Guide

The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.

4.1В Pulling Oracle Linux Images from the Docker Hub

An Internet connection is required to pull images from the Docker Hub.

You can obtain images for Oracle Linux for use with the Docker Engine from the oraclelinux repository at the Docker Hub. For a list of the Oracle Linux images that are available, see https://registry.hub.docker.com/_/oraclelinux/).

To download a Oracle Linux image, use the docker pull command, for example:

To display a list of the images that you have downloaded to a system, use the docker images command, for example:

Each image in a repository is distinguished by its tag value and its unique ID. In the following example, the tags 6 and 6.8 refer to the same image ID for Oracle Linux 6 as do the tags 7 , 7.2 , and latest for Oracle Linux 7.

When new images are made available for Oracle Linux updates, the tags 6 , 7 , and latest are updated in the oraclelinux repository to refer to the appropriate newest version.

Источник

ChapterВ 5В Working with Containers and Images

This chapter describes how to use the Docker Engine to run containers and how to obtain the images that are used to create a container. Other information specific to container and image configuration is also provided. In this chapter is assumed that images and containers are hosted on Oracle Linux 7.

5.1В Pulling Oracle Linux Images from a Container Registry

You can get Oracle Linux images to run on the Docker Engine from the oraclelinux repository at the Docker Hub. For a list of the Oracle Linux images that are available, see https://hub.docker.com/_/oraclelinux/).

An Internet connection is required to pull images from the Docker Hub or the Oracle Container Registry. If you make use of a proxy server to access the Internet, see SectionВ 2.5, вЂњConfiguring a Proxy ServerвЂќ.

Oracle Linux images, along with many other Oracle product images, are also hosted on the Oracle Container Registry at https://container-registry.oracle.com and on the Docker Hub at https://hub.docker.com. More information on using the Oracle Container Registry to pull images is covered in SectionВ 6.1, вЂњPulling Images from the Oracle Container RegistryвЂќ. See SectionВ 6.4, вЂњUsing Third-Party RegistriesвЂќ for more information on using the Docker Hub.

To download an Oracle Linux image, use the docker pull command. For example, to pull an Oracle Linux image from the Docker Hub:

To display a list of the images that you have downloaded to a system, use the docker images command, for example:

Each image in the repository is distinguished by its TAG value and its unique IMAGE ID . In the example, the tags 7 and latest refer to the same image ID for Oracle Linux 7.

When new images are made available for Oracle Linux updates, the tags 7 , 8 , and latest are updated in the oraclelinux repository to refer to the appropriate newest version.

If an image is downloaded from an alternate registry to the default registry, the REPOSITORY value also indicates the registry from which the image was pulled. For example:

See SectionВ 4.6, вЂњSetting Container Registry OptionsвЂќ for more information on adding registries and configuring a default registry.

5.1.1В Enabling or Disabling Docker Content Trust

Content Trust allows you to verify the authenticity, integrity, and publication date of Docker images that are made available on the Docker Hub Registry.

By default, Content Trust is disabled. To enable Content Trust for signing and verifying Docker images that you build, push to, or pull from the Docker Hub, set the DOCKER_CONTENT_TRUST environment variable, for example:

If you use sudo to run Docker commands, specify the -E option to preserve the environment or use visudo to add the following line to /etc/sudoers :

For individual docker build , docker push , or docker pull commands, you can specify the —disable-content-trust=false and —disable-content-trust=true options to enable or disable Content Trust.

5.2В Creating and Running Docker Containers

You use the docker run command to run an application inside a container, for example:

This example runs an interactive bash shell using the Oracle Linux 7 image named oraclelinux:7-slim to provide the container. The /bin/bash command is the default command run for all oraclelinux base images. The -t and -i options allow you to use a pseudo-terminal to run the container interactively.

The following examples use the prompt [root@host

] (or similar) to represent the prompts shown by the host and by the container respectively. The actual prompt displayed by the container may be different.

The —name option specifies the name guest for the container instance.

Docker does not remove the container when it exits and we can restart it at a later time, for example:

If an image does not already exist on your system, the Docker Engine performs a docker pull operation to download the image from the Docker Hub (or from another repository that you specify) as shown in the following example:

Because we specified the —rm option instead of naming the container, Docker removes the container when it exits and we cannot restart it.

From another shell window, you can use the docker ps command to display information about the containers that are currently running, for example:

The container named guest with the ID 68359521c0b7 is currently running the command /bin/bash . It is more convenient to manage a container by using its name than by its ID.

To display the processes that a container is running, use the docker top command:

You can use the docker exec command to run additional processes in a container that is already running, for example:

You can also use the docker create command to set up a container that you can start at a later time, for example:

The -a and -i options to docker start attach the current shell’s standard input, output, and error streams to those of the container and also cause all signals to be forwarded to the container.

You can exit a container by typing Ctrl-D or exit at the bash command prompt inside the container or by using the docker stop command:

The -a option to docker ps displays all containers that are currently running or that have exited.

You can use docker start to restart a stopped container. After reattaching to it, the contents remain unchanged from the last time that you used the container.

Because the container preserves any changes that you make to it, you can reconfigure files and install packages in the container without worrying that your changes will disappear.

You can use the docker logs command to watch what is happening inside a container, for example:

The -f option causes the command to update its output as events happen in the container. Type Ctrl-C to exit the command.

You can obtain full information about a container in JSON format by using the docker inspect command. This command also allows you to retrieve specified elements of the configuration, for example:

If you need to remove a container permanently so that you can create a new container with the same name, use the docker rm command:

If you specify the —rm option when you run a container, Docker removes the container when the container exits. You cannot combine the —rm option with the -d option.

Specifying the -f option to docker rm kills a running container before removing it. In previous versions, the same command stops the container before removing it. If you want to stop a container safely, use docker stop .

5.2.1В Configuring How Docker Restarts Containers

To specify how you want Docker to handle a container when it exits, you can use the —restart option with docker run and docker create :

Docker always attempts to restart the container when the container exits.

—restart=no

Docker does not attempt to restart the container when the container exits. This is the default policy.

—restart=on-failure [ : max-retry ]

Docker attempts to restarts the container if the container returns a non-zero exit code. You can optionally specify the maximum number of times that Docker will try to restart the container.

5.2.2В Controlling Capabilities and Making Host Devices Available to Containers

If you specify the —privileged=true option to docker create or docker run , the container has access to all the devices on the host, which can present a security risk. For more precise control, you can use the —cap-add and —cap-drop options to restrict the capabilities of a container, for example:

This example grants all capabilities except NET_ADMIN to the container so that it is not able to perform network-administration operations. For more information, see the capabilities(7) manual page.

To make only individual devices on the host available to a container, you can use the —device option with docker run and docker create :

host_devname is the name of the host device.

container_devname is an optional name for the name of the device in the container.

permissions optionally specifies the permissions that the container has on the device, which is a combination of the following codes:

Grants mknod permission. For example, you can use mknod to set permission bits or the SELinux context for the device file.

Grants read permission.

Grants write permission. For example, you can use a command such as mkfs to format the device.

For example, —device=/dev/sdd:/dev/xvdd:r would make the host device /dev/sdd available to the container as the device / dev/xvdd with read-only permission.

Do not make block devices that can easily be removed from the system available to untrusted containers.

5.2.3В Accessing the Host’s Process ID Namespace

You can make the host’s process ID namespace visible from inside a container by specifying the —pid=host option to docker run . A suggested use of this mode is to debug host processes by using containerized debugging tools.

Host mode is inherently insecure as it gives a container full access to D-Bus and other system services on the host.

5.2.4В Mounting a Host’s root File System in Read-Only Mode

You can mount the host’s root file system in read-only mode from a container by specifying the —read-only=true option to docker create or docker run . You can use this mode to restrict write access by a containerized application.

5.3В Creating a Docker Image from an Existing Container

If you modify the contents of a container, you can use the docker commit command to save the current state of the container as an image.

The following example demonstrates how to modify a container based on the oraclelinux:7-slim image so that it can run an Apache HTTP server. After stopping the container, the image mymod/httpd:v1 is created from it.

The oraclelinux:7-slim and oraclelinux:8-slim images provide the bare minimum operating system required for Oracle Linux 7 and Oracle Linux 8. Using these images can help to reduce resource usage when running containers based on them. You can also ensure that the image that you create is limited to the base requirements for your application.

To create an Apache server image from an oraclelinux:7-slim container:

Run the bash shell inside a container named httpd1 :

If you use a web proxy, edit the yum configuration on the guest as described in Oracle В® Linux 7: Administrator’s Guide.

Install the httpd package:

If required, create the web content to be displayed under the /var/www/html directory hierarchy on the guest.

Exit the guest by simply using the exit command from within the interactive guest session:

Or by using the docker stop command on the host:

Create the image mymod/httpd with the tag v1 using the ID of the container that you stopped:

Use the -m and -a options to document the image and its author. The command returns the full version of the new image’s ID.

The docker ps -l -q command returns the ID of the last created container. We used this command in the example to obtain the ID of the container that we wanted to use to generate the image. You may, alternatively, specify the ID directly or use an alternate variation on this command to obtain the correct ID.

If you use the docker images command, the new image now appears in the list:

Remove the container named httpd1 .

You can now use the new image to create a container that works as a web server, for example:

The -d option runs the command non-interactively in the background and displays the full version of the unique container ID. The -p 8080:80 option maps port 80 in the guest to port 8080 on the host. You can view the port mapping by running docker ps or docker port , for example:

The docker ps command displays the short version of the container ID. You can use the —no-trunc option to display the long version.

The default IP address value of 0.0.0.0 means that the port mapping applies to all network interfaces on the host. You can restrict the IP addresses to which the remapping applies by using multiple -p options, for example:

You can view the web content served by the guest by pointing a browser at port 8080 on the host. If you access the content from a different system, you might need to allow incoming connections to the port on the host, for example:

If you need to remove an image, use the docker rmi command:

You cannot remove the image of a running container.

In a production environment, using the docker commit command to create an image does not provide a convenient record of how you created the image so you might find it difficult to recreate an image that has been lost or become corrupted. The preferred method for creating an image is to set up a Dockerfile , in which you define instructions that allow Docker to build the image for you. See SectionВ 5.4, вЂњCreating a Docker Image from a DockerfileвЂќ.

5.4В Creating a Docker Image from a Dockerfile

You use the docker build command to create a Docker image from the definition contained in a Dockerfile.

The following example demonstrates how to build an image named mymod/httpd with the tag v2 based on the oraclelinux:7-slim image so that it can run an Apache HTTP server.

To create a Docker image from a Dockerfile:

Make a directory where you can create the Dockerfile, for example:

You do not need to create the Dockerfile on the same system on which you want to deploy containers that you create from the image. The only requirement is that the Docker Engine can access the Dockerfile.

In the new directory, create the Dockerfile, which is usually named Dockerfile . The following Dockerfile contents are specific to the example:

The # prefix in the first line indicates that the line is a comment. The remaining lines start with the following instruction keywords that define how Docker creates the image:

Specifies the command that a container created from the image always runs. In this example, the command is /usr/sbin/httpd -D FOREGROUND , which starts the HTTP server process.

Defines that the specified port is available to service incoming requests. You can use the -p or -P options with docker run to map this port to another port on the host. Alternatively, you can use the —link option with docker run to allow another container to access the port over Docker’s internal network (see SectionВ 5.7, вЂњCommunicating Between Docker ContainersвЂќ).

Defines the image that Docker uses as a basis for the new image.

Defines who is responsible for the Dockerfile.

Defines the commands that Docker runs to modify the new image. In the example, the RUN lines set up the web proxy, install the httpd package, and create a simple home page for the server.

For more information about other instructions that you can use in a Dockerfile, see https://docs.docker.com/engine/reference/builder/.

Use the docker build command to create the image :

Having built the image, you can test it by creating a container instance named httpd2 :

You do not need to specify /usr/sbin/httpd -D FOREGROUND as this command is now built into the container.

The -P option specifies that Docker should map the ports exposed by the guest to a random available high-order port (higher than 30000) on the host.

You can use docker inspect to return the host port that Docker maps to TCP port 80:

In this example, TCP port 80 in the guest is mapped to TCP port 49153 on the host.

You can view the web content served by the guest by pointing a browser at port 49153 on the host. If you access the content from a different system, you might need to allow incoming connections to the port on the host.

You can open the port by updating the firewall:

You can also use curl to test that the server is working:

5.5В Creating Multi-stage Docker Image Builds

From Oracle Container Runtime for Docker 17.06, it is possible to perform multi-stage builds from a single Dockerfile. This allows you to perform interim build or compilation steps during the creation of the final image, without including all of the build tools and artifacts in the final image. This helps to reduce image sizes, and improves performance. It also allows you to deliver an image containing only the required binary and not all of the layers that were required to produce the binary.

In this section, we provide a very simple example scenario, where the source of a program is built in an interim compiler image and the resulting binary is copied into a separate image to produce the final target image. This entire build is handled by a single Dockerfile.

Create a simple «hello world» style program in C, by pasting the following text into a file named hello.c :

Create a Dockerfile that contains the following text:

Note that there are two FROM lines in this Dockerfile. The first FROM statement pulls the latest gcc image from the Docker hub and uses the AS syntax to assign it a name that we can refer to later when copying elements from this temporary build environment to our target image.

In the build environment, the source file is copied into the image and the gcc compiler is run against the source file to produce a hello binary.

The second FROM statement pulls the oraclelinux:7-slim image. This image is used to host the hello binary, which is copied into it directly from the build environment. By doing this, the source, the compiler and any other build artifacts can be excluded from the final image.

To build the new image and run it, try running the following:

The hello-world image is generated to contain and run the hello binary, but doesn’t contain any of the components that were required to build the binary. The final image has less layers, is smaller and excludes any of the build steps in its history.

5.6В About Docker Networking

The Docker networking features allow you to create secure networks of web applications that can communicate while running in separate containers. By default, Docker configures two types of network (as displayed by the docker network ls command):

If you specify the —net=host option to the docker create or docker run commands, Docker uses the host’s network stack for the container. The network configuration of the container is the same as that of the host and the container shares the service ports that are available to the host. This configuration does not provide any network isolation for a container.

By default, Docker attaches containers to a bridge network named bridge . When you run a command such as ip link show on the host, the bridge is visible as the docker0 network interface. You can use the bridge network to connect separate application containers. The docker network inspect bridge command allows you to examine the network configuration of the bridge, which is displayed in JSON format. Docker sets up a default subnet address, network mask, and gateway for the bridge network and automatically assigns subnet addresses to containers that you add to the bridge network. Containers on the default bridge network can communicate with each other on this network directly, although there is domain name resolution within this network to make containers specifically aware of each other.

A container can communicate with other containers on a bridge network but not with other networks unless you also attach it to those networks. To define the networks that a container should use, specify a —net= bridge-network-name option for each network to the docker create or docker run commands. To attach a running container to a network, you can use the docker network connect network-name container-name command.

You can use the docker network create —driver bridge bridge-network-name command to create user-defined bridge networks that expose container network ports that can be accessed by external networks and other containers. You specify —net= bridge-network-name to docker create or docker run to attach the container to this network. More information on user-defined networking is provided in SectionВ 5.7, вЂњCommunicating Between Docker ContainersвЂќ.

5.6.1В About Multihost Networking

A bridge network provides network isolation but it limits container connections to a single host system unless you use a complex user-defined bridge. Docker includes the VXLAN-based overlay network driver that supports multihost networking, where you can attach separate application containers running on multiple Docker hosts to the same virtual overlay network. Before you can create an overlay network, you must configure a key-value (KV) service such as Consul, Etcd, or ZooKeeper that the Docker hosts can access to share configuration information. You can then configure the Docker daemon on each host to access the KV server by specifying appropriate values to the вЂ“cluster-advertise and —cluster-store options. Next you use the docker network create -driver overlay multihost-network-name command on one of the hosts to create the overlay network. Having created the overlay network, you can attach the container to this network by specifying —net= multihost-network-name to docker create or docker run .

5.7В Communicating Between Docker Containers

All containers are automatically added to the default bridge network and assigned IP addresses by the Docker Engine. This means that containers are effectively able to communicate directly using the bridge network. However there is no automatic service discovery on the default bridge network. If containers need to be able to resolve IP addresses by container name, you should use a user-defined network instead.

You can use the —link option with docker run to make network connection information about a server container available to a client container. For example to link a client container, client1, to a server container, httpd_server, you could run:

The client container uses a private networking interface to access the exposed port in the server container. Docker sets environment variables about the server container in the client container that describe the interface and the ports that are available. The server container name and IP address are also set in /etc/hosts in the client container, to facilitate easy access.

The —link option is considered a legacy feature and may be deprecated in future releases. It is not recommended in most cases.

The preferred approach to setting up communications between containers is to create user-defined networks. These networks provide better isolation and can perform DNS resolution of container names to IP addresses. A variety of network drivers are available, but the most commonly used is the bridged network which behaves similarly to the default bridge network but which provides additional features.

The following example shows how to create a simple user-defined network bridge and how to connect containers to it, to allow them to communicate easily with each other.

Create a network using the bridge driver.

In the example, the network is named http_network .

You can check that the network has been created and which driver it is using:

You can also inspect the network object to discover more information:

Connect existing containers to the user-defined network.

In this example, http-server and client1 are existing containers that are connected to the newly created http_network bridge network.

Connect a new container to the user-defined network, using the —network option.

You can check that domain name resolution is working from within the container by pinging any other container on the network by its container name:

You can access services on containers within the network using their container names. For example:

5.8В Accessing External Files from Docker Containers

You can use the -v option with docker run to make a file or file system available inside a container. The following example demonstrates how to make web pages on the host available to an HTTP server running in a container.

Create the file /var/www/html/index.html on the host and run an HTTP server container that mounts this file:

The :ro modifier specifies that a container mounts a file or file system read-only. To mount a file or file system read-writable, specify the :rw modifier instead or omit the modifier altogether.

Check that the HTTP server is not running on the host:

Even though an HTTP server is not running directly on the host, you can display the new web page served by the newguest3 container:

Any changes that you make to the /var/www/html/index.html file on the host are reflected in the mounted file in the container:

Even if you delete the file on the host, it is still visible in the container:

It is not possible to use a Dockerfile to define how to mount a file or file system from a host. Docker applications are intended to be portable and it is unlikely that a file or file system that exists on the original host would be available on another system. If you want external file data to be portable, you can encapsulate it in a data volume container . See SectionВ 5.9, вЂњCreating and Using Data Volume ContainersвЂќ.

5.9В Creating and Using Data Volume Containers

If you specify a single directory argument to the -v option of docker run , Docker creates the directory in the container and marks it as a data volume that other containers can mount. You can also use the VOLUME instruction in a Dockerfile to create this data volume in an image. A container that contains such a data volume is called a data volume container. After populating the data volume with files, you can use the —volumes-from option of docker run to have other containers mount the volume and access its data.

When you use docker rm to remove a container that has associated data volumes, specify the -v option to remove these volumes. Unassociated volumes waste disk space and are difficult to remove.

The following example creates a data volume container that an HTTP server container can use as the source of its web content.

To create a data volume container image and an instance of a data volume container from this image:

Make a directory where you can create the Dockerfile for the data volume container image, for example:

In the new directory, create a Dockerfile named Dockerfile that defines the image for a data volume container:

The RUN instructions create a /var/www/html directory that contains three simple files.

The VOLUME instruction makes the directory available as a volume that other containers can mount by using the —volumes-from option to docker run .

The ENTRYPOINT instruction specifies the command that a container created from the image always runs. To prevent the container from exiting, the /usr/bin/tail -f /dev/null command blocks until you use a command such as docker stop dvc1 to stop the container.

Use the docker build command to create the image:

Create an instance of the data volume container, for example dvc1 :

To test that other containers can mount the data volume ( /var/www/html ) from dvc1 , create a container named websvr that runs an HTTP server and mounts its data volume from dvc1 .

After finding out the correct port to use on the host, use curl to test that websvr correctly serves the content of all three files that were set up in the image.

5.10В Moving Data Between Docker Containers and the Host

You can use the -v option of docker run to copy volume data between a data volume container and the host. For example, you might want to back up the data so that you can restore it to the same data volume container or to copy it to a different data volume container.

The examples in this section assume that Docker is running two instances of the data volume container image mymod/dvc:v1 that is described in SectionВ 5.9, вЂњCreating and Using Data Volume ContainersвЂќ. You can use the following commands to start these containers:

To copy the data from a data volume to the host, mount the volume from another container and use the cp command to copy the data to the host, for example:

The container mounts the host directory /var/tmp read-writable as /host , mounts all the volumes, including /var/www/html , that dvc1 exports, and copies the file hierarchy under /var/www/html to /host/dvc1_files , which corresponds to /var/tmp/dvc1_files on the host.

To copy the backup of dvc1 ‘s data from the host to another data volume container dvc2 , use a command such as the following:

The container mounts the host directory /var/tmp read-only as /host , mounts the volumes exported by dvc2 , and copies the file hierarchy under /host/dvc1_files ( /var/tmp/dvc1_files on the host) to /var/www/html , which corresponds to a volume that dvc2 exports.

You could also use a command such as tar to back up and restore the data as a single archive file, for example:

This example uses a transient, interactive container named guest to extract the contents of the archive to dvc2 .

5.11В Using Labels to Define Metadata

You can use labels to add metadata to the Docker daemon and to Docker containers and images. In the Dockerfile, a LABEL instruction defines an image label that can contain one or more key-value pairs, for example:

In this example, each key name is prefixed by the domain name in reverse DNS form ( com.mydom. ) to guard against name-space conflicts. Key values are always expressed as strings and are not interpreted by Docker. If you omit the value, you can use the presence or absence of the key in the metadata to encode information such as the release status. The backslash characters allow you to extend the label definition across several lines.

You can use the docker inspect command to display the labels that are associated with an image, for example:

You can use the —filter «label= key [ = value ] « option with the docker images and docker ps commands to list the images and running containers on which a metadata value has been set, for example:

For containers, you can use —label key = [ value ] options with the docker create and docker run commands to define key-value pairs, for example:

For the Docker Engine, you can use —label key = [ value ] options if you start docker from the command line or edit the docker configuration file /etc/sysconfig/docker .

Alternately, you can append these options to a list in the /etc/docker/daemon.json file, for example:

After adding or modifying a configuration file while the docker service is running, run the command systemctl daemon-reload to tell systemd to reload the configuration for the service.

As containers and the Docker daemon are transitory and run in a known environment, it is not usually necessary to apply reverse domain name prefixes to key names.

5.12В Defining the Logging Driver

You can use the —log-driver option with the docker create and docker run commands to specify the logging driver that a container should use:

Write log messages to a JSON file that you can examine by using the docker logs command, for example:

This is the default logging driver.

none

syslog

Write log messages to syslog .

5.13В About Image Digests

Registry version 2 or later images can be identified by their digest (for example, sha256: digest_value_in_hexadecimal ). You can list the digest by specifying the —digests option to the docker images command. You can use a digest with the docker create , docker pull , docker rmi , and docker run commands and with the FROM instruction in a Dockerfile.

5.14В Specifying Control Groups for Containers

You can use the —cgroup-parent option with the docker create command to specify the control group ( cgroup ) in which a container should run.

5.15В Limiting CPU Usage by Containers

To control a container’s CPU usage, you can use the —cpu-period and —cpu-quota options with the docker create and docker run commands.

The —cpu-quota option specifies the number of microseconds that a container has access to CPU resources during a period specified by —cpu-period . As the default value of —cpu-period is 100000, setting the value of —cpu-quota to 25000 limits a container to 25% of the CPU resources. By default, a container can use all available CPU resources, which corresponds to a —cpu-quota value of -1.

5.16В Making a Container Use the Host’s UTS Namespace

By default, a container runs with a UTS namespace (which defines the system name and domain) that is different from the UTS namespace of the host. To make a container use the same UTS namespace as the host, you can use the —uts=host option with the docker create and docker run commands. This setting allows the container to track the UTS namespace of the host or to set the host name and domain from the container.

As the container has full access to the UTS namespace of the host, this feature is inherently insecure.

5.17В Setting ulimit Values on Containers

The —ulimit option to docker run allows you to specify ulimit values for a container, for example:

This example sets a soft limit of 128 open files and 32 child processes and a hard limit of 256 open files and 64 child processes on the container.

You can set default ulimit values for all containers by specifying default-ulimits options in a /etc/docker/daemon.json configuration file, for example:

After adding or modifying the configuration file while the docker service is running, run the command systemctl daemon-reload to tell systemd to reload the configuration for the service.

Any ulimit values that you specify for a container override the default values that you set for the daemon.

5.18В Building Images with Resource Constraints

You can specify cgroup resource constraints to docker build , for example:

Any containers that you generate from the image inherit these resource constraints.

You can use the docker stats command to display a container’s resource usage, for example:

5.19В Committing, Exporting and Importing Images

You can use the docker commit command to save the current state of a container to an image.

You can use this image to create new containers, for example to debug the container independently of the existing container.

You can use the docker export command to export a container to another system as an image tar file.

You need to export separately any data volumes that the container uses. See SectionВ 5.10, вЂњMoving Data Between Docker Containers and the HostвЂќ.

To import the image tar file, use docker import and specify the image URL or read the file from the standard input.

You can use —change options with docker commit and docker import to specify Dockerfile instructions that modify the configuration of the image, for example:

For docker commit , you can specify the following instructions: ADD , CMD , COPY , ENTRYPOINT , ENV , EXPOSE , FROM , LABEL , MAINTAINER , RUN , USER , VOLUME , and WORKDIR .

For docker import , you can specify the following instructions: CMD , ENTRYPOINT , ENV , EXPOSE , ONBUILD , USER , VOLUME , and WORKDIR .

Источник

Docker hub oracle linux

Установка Docker на Oracle Linux