Loading...

VONDS ©

Lab 159: Docker Images

Back to Lab Index

Prepare a Docker image for offline transfer by tagging it for internal use, exporting it to a tar archive, removing it from the local host, loading it back, and proving it is runnable before cleanup.

containers packages troubleshooting

Scenario

Ops ticket: Prepare an image for offline transfer to a restricted environment. Pull a base image, add an internal tag, export it to a tar archive, remove it locally, then load it back and prove it is available and runnable.

Operator context

This workflow is common when the destination environment has no registry access. Your evidence is the tar archive plus the ability to load and run the image.

Objective

  • List current images for baseline evidence.
  • Pull a known base image.
  • Tag it with an internal repository name.
  • Save the tagged image to a tar archive.
  • Remove local tags to simulate a clean host.
  • Load the image back from the tar file.
  • Prove the loaded image runs.
  • Clean up the image and tar artifact.

Concepts

  • Image tags are pointers to the same underlying image ID. Multiple tags can reference one image.
  • docker save produces a tar archive suitable for offline transport.
  • docker load imports an image tar archive into the local image store.
  • Evidence should show tags exist, the archive exists, the image was removed, and the image is runnable after load.
  • Cleanup prevents artifact drift: remove both images and tar files after validation.

Walkthrough

Step 1 : List local Docker images.
Command 
docker images
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
Step 2 : Pull the alpine image.
Command 
docker pull alpine:latest
latest: Pulling from library/alpine
Digest: sha256:........................................................
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
Step 3 : Add an internal tag: corp/alpine:transfer
Command 
docker tag alpine:latest corp/alpine:transfer
(tag created)
Step 4 : Verify both tags appear.
Command 
docker images | grep -E "^(alpine|corp/alpine)"
alpine       latest     4e38e38c8ce0   2 weeks ago   7.3MB
corp/alpine  transfer   4e38e38c8ce0   2 weeks ago   7.3MB
Step 5 : Save the internal tag to a tar archive.
Command 
docker save -o /root/alpine-transfer.tar corp/alpine:transfer
(image saved)
Step 6 : Remove both tags from the local host.
Command 
docker rmi corp/alpine:transfer alpine:latest
Untagged: corp/alpine:transfer
Untagged: alpine:latest
Deleted: sha256:........................................................
Step 7 : Confirm alpine no longer appears.
Command 
docker images | grep -E "^(alpine|corp/alpine)" || true
(no output)
Step 8 : Load the image back from the tar archive.
Command 
docker load -i /root/alpine-transfer.tar
Loaded image: corp/alpine:transfer
Step 9 : Prove the loaded image runs (print /etc/os-release).
Command 
docker run --rm corp/alpine:transfer cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.19.1
Step 10 : Remove the loaded image.
Command 
docker rmi corp/alpine:transfer
Untagged: corp/alpine:transfer
Deleted: sha256:........................................................
Step 11 : Remove the tar archive.
Command 
rm -f /root/alpine-transfer.tar
(removed)

Common breakpoints

Tag exists but docker rmi does not delete the image

Multiple tags can reference the same image ID. Remove all tags pointing to the image before expecting the underlying image to be deleted.

docker load succeeds but image name is unexpected

docker load restores whatever repository and tag names are in the tar archive. Confirm what was saved before transfer.

docker run fails after load

Confirm the correct tag is present with docker images and run the exact repository and tag you loaded.

Cleanup checklist

Remove the transferred image tag and the tar archive to prevent disk drift and stale artifacts.

Commands 
docker images | grep -E "^(alpine|corp/alpine)" || true
docker rmi corp/alpine:transfer || true
rm -f /root/alpine-transfer.tar
Success signal

docker images shows no alpine or corp/alpine tags, and the tar file is removed from /root.

Reference

  • docker images : Lists local images.
  • docker pull <image>:<tag> : Downloads an image from a registry.
  • docker tag <src>:<tag> <dst>:<tag> : Adds a new tag pointing to an existing image ID.
  • docker save -o <file.tar> <image>:<tag> : Exports an image to a tar archive for offline transfer.
    • -o : Writes output to a file path.
  • docker load -i <file.tar> : Imports an image tar archive into the local image store.
    • -i : Reads input from a file path.
  • docker rmi <image>:<tag> : Removes an image tag (and deletes the image only when no tags remain).
  • docker run --rm <image>:<tag> <cmd> : Runs a container from an image and removes it on exit.
    • --rm : Automatically removes the container when it exits.
  • grep -E <pattern> : Filters output using an extended regular expression.
    • -E : Enables extended regex syntax.
  • || true : Prevents a non-zero exit status from breaking a command chain.
  • rm -f <path> : Removes a file without prompting.
    • -f : Ignores missing files and suppresses prompts.