Lab 4 : Managing Containers

Introduction

Linux containers run all over the same Linux Kernel. It means all process running inside each container will be visible in the host machine. Due that, how do we know if a process is running in the host or in a container? And how do we discover in which container that process is running.

As with the previous labs, you will need to SSH the aio node.
If you have logged out, SSH into your AIO node:

ssh centos@aio110

If asked, the user password (as with the sudo password) would be centos, then become root via the sudo password:

sudo su –

1. Explore processes within a Container

1.1 Process IDs inside and outside the container

Outside the container

Now let’s see running container using the docker ps command.

ps command: Reports process status

Now the ps utility shall write information about processes, subject to having the appropriate privileges to obtain information about those processes. By default, ps shall select all processes with the same effective user ID as the current user and the same controlling terminal as the invoker.

ps -aux

ps -aux | grep centos

Docker does not use virtualization, so all processes run by the native host kernel just isolated from each other. Non-root user cannot kill processes inside container, but root can stop the entire container not only kill a process.

To distinguish between processes running inside container and others, run top then press shift+f and select the nsPID and nsUSER as shown in the attached screenshot.

Then we will see beside each process the namespace if it is running on the server directly this value most likely will be empty and if the process running inside a container will see the namespace id for each container.

top 

Top command will show information like tasks, memory, cpu and swap.

Inside the container

1. when you run a container you can refer to a tagged image.

docker run -it --name centos_test centos 

2. ps shall select all processes with the same effective user ID as the current user and the same controlling terminal as the invoker.

ps -aux

Output:

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.3  0.0  11776  1868 ?        Ss   05:49   0:00 /bin/bash
root        14  0.0  0.0  47424  1676 ?        R+   05:50   0:00 ps -aux

3. Top command will show information like tasks, memory, cpu and swap.

top

Output:

top - 06:02:28 up 1 day, 12 min,  0 users,  load average: 0.00, 0.01, 0.05
Tasks:   2 total,   1 running,   1 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.1 sy,  0.0 ni, 99.9 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem :  8176168 total,  5436860 free,   203572 used,  2535736 buff/cache
KiB Swap:     2044 total,     2044 free,        0 used.  7652028 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
    1 root      20   0   11776   1880   1492 S   0.0  0.0   0:00.02 bash
   15 root      20   0   51876   1936   1404 R   0.0  0.0   0:00.00 top

Note: Press q to quit.
4. Exit from the container.

exit

5. To check all the containers, use this command.

docker ps -a

6. To start container.

docker start centos_test

2. Files within a Container

1. This will create a container and start a Bash session

docker exec -it centos_test /bin/bash

2. Change the directory to bin

cd bin/

3. Make a directory named testfile

touch testfile

4. Check whether the directory is created and exit

ls test*
exit

5. This will run a container named centos_test and remove demo directory.

docker exec centos_test rm /bin/testfile

6. This will run inside the running container centos_test, in the background.

docker exec centos_test ls /bin/test*

3. Resources within a Container

3.1 Docker ps commands

1. To check the running containers, use this command

docker ps

2. To check the details of all containers (i.e up, exited & created), use this command

docker ps -a

3.2 Debugging inside a Container

Containers are awesome, but sometimes it can feel like code has been shut up in a black box, stuck off in the cloud where we can’t see what it’s doing. When our app runs the way it’s supposed to this isn’t a problem. But then there’s that moment when user push a new version of image and check the cluster status only to see it crashlooping.

1. Use the following command, to display the log file in the container

Syntax

docker logs container-name

docker logs centos_test

2. View stdout history with the logs command.

Lots of programs log stuff to stdout. Anything that gets written to stdout for the process that is pid 1 inside the container will get captured to a history file on the host, where it can be viewed with the logs command.

docker run --name centos_ping -dit centos /bin/bash -c "ping 8.8.8.8"

This history is available even after the container exits, as long as its file system is still present on disk (until it is removed with docker rm). The data is stored in a json file buried under /var/lib/docker. The log command takes options that allows to follow this file, basically tail -f, as well as choose how many lines the command returns (tail – n). By default, the command returns all lines.

3. Check the status of all containers.

docker ps -a

4. Stream stdout with the attach command. To see what is written to stdout in real time, then the attach command is used. By default, this command attaches stdin and proxy’s signals to the remote process. Options are available to control both of these behaviors. To detach from the process, use the default `ctrl-p ctrl-q` sequence.

docker attach centos_ping

Note: Press ctrl+c to exit.
5. Execute arbitrary commands with exec. The exec command allows to run arbitrary commands inside a running container.
Note: exec only works while the container is running.

docker run -dit --name centos_echo centos `echo "Hi" >> /var/lib/test.log`

cat /var/lib/test.log

6. Get process stats with the top command.

The docker top command is exactly what it sounds like: top that runs in the container.

docker run --name centos_stat -dit centos /bin/bash -c "top"

docker top centos_stat

Output:

UID
                 
PID
                 
PPID
                
C
                   
STIME
              
TTY
                 
TIME
                
CMD
root
                
25926
               
25912
               
0
                   
06:15
               
pts/8
               
00:00:00
            
top

7. View container details with the inspect command.

The inspect command returns information about a container or an image.

docker inspect centos_stat
docker inspect centos_stat | grep IPAddress

3.3 Logging from the Container

The docker logs command batch-retrieves logs present at the time of execution.
1. The docker logs –follow command will continue streaming the new output from the container’s STDOUT and STDERR.

docker logs -f centos_stat

Note: Press ctrl+c to exit.
2. The docker logs –timestamps command will add an RFC3339 Nano timestamp , for example 2014-09-16T06:17:46.000000000Z, to each log entry. To ensure that the timestamps are aligned the nano-second part of the timestamp will be padded with zero when necessary.

docker logs -t centos_stat

Note: Press ctrl+c to exit.

3.4 Updating/Adding packages

1. Use the following command, to update the packages.

docker exec -it centos_stat  yum update -y

2. Use the following command, to install the packages.

docker exec -it centos_stat yum install git -y

3. Use the following command, to get the details of all the available packages of the specific service.

docker exec -it centos_stat yum --showduplicates list httpd | expand 

docker exec -it centos_stat yum install httpd-2.4.6-40.e17.centos -y

Lab Cleanup

To remove all the containers run the below commands:

docker rm `docker ps -a -q` -f

To remove all the images run the below commands,

docker rmi `docker images -q` -f