×
Community Blog Docker Container-Centric Commands for Beginners: Part 1

Docker Container-Centric Commands for Beginners: Part 1

This tutorial provides a quick demonstration of the 25 Docker commands that can be applied against containers.

By Alwyn Botha, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

This tutorial provides a quick demonstration of the 25 Docker commands that can be applied against containers. The article is structured so that you get to use the following 25 commands at least once each. This will help provide a better understanding of containers from a high-level perspective, such as what containers are and what you can do with them.

Bash Aliases

There are 25 docker container commands, and you do not want to type those words repeatedly. Therefore we need aliases.

Suggestion:

alias dock='docker container'

Its easier for me to type than docc.

this can then fit in logically with other alias you will need:

alias docv='docker volume'

alias doci='docker inspect'

alias docm='docker image'

alias psa='docker ps -a'

alias d='docker '

Docker Pull Alpine:3.8

If you know you already have the Alpine 3.8 Docker image you don't need to do anything here.

Otherwise enter at shell

docker pull alpine:3.8

to get the Alpine image downloaded onto your computer.

Docker Container: Create and Run

Let's create a container so that we can apply those 25 commands against it.

There are several ways to create running containers, we will use create and run here.

Syntax:

docker container run [OPTIONS] IMAGE [COMMAND] [ARG...]

docker container run -d --name mycontain alpine:3.8 sleep 3600

Docker will show the random 64 character ID it generated for that container.

docker ps -a

We now have a running container.

Docker Container Exec

We can enter a container and explore its internals.

docker exec -it your-12-character-container-id  /bin/sh

The -it option specify 2 options:

  • -i ... let this be an interactive docker exec
  • -t ... give me a pseudoterminal / shell console to work at
  • /bin/sh specifies I want to run bash

The / # you see is the container shell prompt. Use it just like a normal shell.

Enter commands shown below to use the shell.

exit exits that specific shell session. The container is still running.

/ # ps

PID  USER  TIME  COMMAND

1 root  0:00 sleep 3600

6 root  0:00 /bin/sh

11 root  0:00 ps

/ # ll

/bin/sh: ll: not found

/ # ls

bin  etc  lib  mnt  root  sbin  sys  usr

dev  home  media  proc  run  srv  tmp  var

/ # echo text > textfile

/ # cat  textfile

text

/ # df -h

Filesystem  Size  Used Available Use% Mounted on

tmpfs  64.0M  0  64.0M  0% /dev

tmpfs  492.6M  0  492.6M  0% /sys/fs/cgroup

/dev/mapper/centos00-root

12.6G  5.3G  7.3G  42% /etc/resolv.conf

/dev/mapper/centos00-root

12.6G  5.3G  7.3G  42% /etc/hostname

/dev/mapper/centos00-root

12.6G  5.3G  7.3G  42% /etc/hosts

shm  64.0M  0  64.0M  0% /dev/shm

tmpfs  492.6M  0  492.6M  0% /proc/acpi

tmpfs  64.0M  0  64.0M  0% /proc/kcore

tmpfs  64.0M  0  64.0M  0% /proc/keys

tmpfs  64.0M  0  64.0M  0% /proc/timer_list

tmpfs  64.0M  0  64.0M  0% /proc/timer_stats

tmpfs  64.0M  0  64.0M  0% /proc/sched_debug

tmpfs  492.6M  0  492.6M  0% /proc/scsi

tmpfs  492.6M  0  492.6M  0% /sys/firmware

/ # exit

Docker Container Pause, Unpause

If you need to temporarily pause a container, you can do that.

Docker uses the cgroups freezer functionality to pause the processes in the container.

Processes in the container are unaware, and unable to capture / prevent this pausing.

Similarly the processes start again using unpause - processes being unaware they were ever paused.

Do a

docker ps -a

to see that the container is running / up.

docker container pause your-12-character-container-id

docker ps -a

Expected output :

CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES

89187919f955  alpine:3.8  "sleep 3600"  49 seconds ago  Up 48 seconds (Paused)  mycontain

Notice the container is (Paused)

Unfortunately you cannot enter a paused container to look around. You will get this error:

Error response from daemon: Container 89187919f955 is paused, unpause the container before exec

Nothing else exiting to see here - paused container is using no cpu cycles.

To unpause:

docker container unpause your-12-character-container-id

Run

docker ps -a

to see that its status is up ( running ) again.

CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES

89187919f955  alpine:3.8  "sleep 3600"  3 minutes ago  Up 3 minutes  mycontain

The pause and unpause commands have no options. However you can pause and unpause several containers in one go, for example

docker container pause cont1 apache2 php42 othercont and-so-on

Docker Container Start, Stop, Restart and Events

To show what these commands do, enter

docker events at another shell session. This will now show Docker events as they happen.

Back to our original first shell.

docker container stop 89187919f955

Please note it takes 10 seconds to stop.

Do a docker ps -a and you will see its status : exited.

Switch back to events shell. Observe the output.

Expected output :

2018-11-15T10:24:09.584676893+02:00 container kill 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain, signal=15)

2018-11-15T10:24:19.605895426+02:00 container kill 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain, signal=9)

2018-11-15T10:24:19.758338864+02:00 container die 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (exitCode=137, image=alpine:3.8, name=mycontain)

2018-11-15T10:24:19.854403805+02:00 network disconnect 4cdddf0dfbaa8d697920bc6e387c9306941d680b054e9026fc52d3dd763cd05a (container=89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1, name=bridge, type=bridge)

2018-11-15T10:24:19.904432478+02:00 container stop 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain)

A signal 15 termination gets sent. This gives the container the opportunity to execute its clean shutdown routines.

10 seconds later, if it still is busy shutting down, it gets killed immediately and forcefully with a kill signal 9. 150 ms later it dies.

Press CTRL-c to interrupt this events display. We are finished with it for now.

Back to original shell:

docker container restart your-12-character-container-id

Do a docker ps -a and you will see its status : up ( running ).

Docker Container Stop --time 0

While busy with development I have no patience to wait those 10 seconds. ( Probably my shutdown cleanup routines are not written yet. )

Therefore for days I will stop the container immediately: using stop --time 0

Our container is still running.

Switch to events shell.

Run docker events again so we can observe different events now.

Back to original shell:

docker container stop --time 0 your-12-character-container-id

Note it stops immediately.

Switch to events shell:

Expected output :

2018-11-15T10:39:40.364765468+02:00 container kill 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain, signal=15)

2018-11-15T10:39:40.380549365+02:00 container kill 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain, signal=9)

2018-11-15T10:39:40.524409344+02:00 container die 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (exitCode=137, image=alpine:3.8, name=mycontain)

2018-11-15T10:39:40.613037711+02:00 network disconnect 4cdddf0dfbaa8d697920bc6e387c9306941d680b054e9026fc52d3dd763cd05a (container=89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1, name=bridge, type=bridge)

2018-11-15T10:39:40.661786770+02:00 container stop 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain)

Notice that 15 ms after the terminate 15 signal, the forcefull kill 9 signal is sent.

Never use this --time 0 in production. It guarantees data corruption.

However in development it speeds up the learning and programming cycles.

Docker Container Kill

There is a long list of potential signals you can send running Linux processes.

https://en.wikipedia.org/wiki/Signal_(IPC)

You now know how to use the events shell console.

Use it to test the following:

docker container kill --signal 15 your-12-character-container-id

look at events

docker container kill --signal 15 your-12-character-container-id

look at events

docker container kill --signal 15 your-12-character-container-id

look at events

docker container kill --signal 9 your-12-character-container-id

look at events

Note that signal 15 only sends that signal. Since our simple container does not know how to shut down cleanly, it just ignores it.

The signal 9 kills the container immediately.

You can use docker container kill to send the complete set of signals available on Linux.

You can use the portable number ( in that table on the wiki page ) or the uppercase signal name.

Unfortunately our simple sleep 3600 command does not know how to catch and process those signals so will ignore it.

What you really need is a bash script, php or python program written specifically to catch those signals to see how this works.

This tutorial just made you aware that Docker containers can receive the full set of Linux signals.

Docker Container Rename

Syntax:

docker container rename OLD-CONTAINER-NAME NEW-OLD-CONTAINER-NAME

You probably now only have one stopped container. So restart it:

docker container restart your-12-character-container-id

docker ps -a

Expected output :

CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES

89187919f955  alpine:3.8  "sleep 3600"  About an hour ago  Up 1 second  mycontain

Let's rename our container:

docker container rename mycontain new-contain-name

Observe the result:

docker ps -a

Expected output :

CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES

89187919f955  alpine:3.8  "sleep 3600"  About an hour ago  Up About a minute  new-contain-name

Directly from Docker source code:

// the characters allowed to represent a container name

const RestrictedNameChars = [a-zA-Z0-9][a-zA-Z0-9_.-]

Note the container name must start with the characters in the first block : [a-zA-Z0-9]

Docker Container Update

Use this command to update runtime cpu or ram restrictions of one or more containers

Full list of options to set:

https://docs.docker.com/engine/reference/commandline/container_update/#options

Restart your container :

docker container restart your-12-character-container-id

Show just the CpusetCpus setting:

docker container inspect your-12-character-container-id  | grep "CpusetCpus"

Let's allow our container to only use cpu number 0:

docker container update --cpuset-cpus 0  your-12-character-container-id

Check if that setting worked:

docker container inspect your-12-character-container-id  | grep "CpusetCpus"

Expected output :

"CpusetCpus": "0",

Success. Container limited to only cpu 0.

You can use docker container update to update all the settings on that webpage of a running container.

Docker Container ls

Show a list of containers on your server.

Run

docker container ls -a

Its output is identical to

docker ps -a

The -a show all containers, running and exited.

Those 2 commands have identical options. I use docker ps -a exclusively since I have a bash psa alias defined.

Docker Container cp

copy files/folders between a container and the local filesystem

Syntax to copy into container :

docker cp [OPTIONS] HOST_SRC_PATH|- CONTAINER:DEST_PATH

Create file on host server to copy into container:

echo text-to-copy > file-to-copy

Copy file into container:

docker container cp file-to-copy your-12-character-container-id:/

List the content of / directory:

docker exec -it  your-12-character-container-id  ls /

You will see that the file is there.

Docker Container Stats and Top

Shows container runtime stats. See below.

docker container stats --no-stream
CONTAINER ID  NAME  CPU %  MEM USAGE / LIMIT  MEM %  NET I/O  BLOCK I/O  PIDS

89187919f955  new-contain-name  0.00%  44KiB / 985.2MiB  0.00%  648B / 0B  1.41MB / 0B  0

Compare this output with :

docker container top your-12-character-container-id

Expected output :

UID  PID  PPID  C  STIME  TTY  TIME  CMD

root  4058  4040  0  12:31  ?  00:00:00  sleep 3600

I find docker container stats much more useful.

However if you use the PIDs from top and you run the normal top command you can find the usual detail about running processes on Linux distros.

Output edited to show only those PIDs.

Tasks: 114 total,  1 running, 113 sleeping,  0 stopped,  0 zombie

%Cpu(s):  0.2 us,  0.2 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st

MiB Mem :  985.219 total,  545.160 free,  126.871 used,  313.188 buff/cache

MiB Swap: 1499.996 total, 1499.996 free,  0.000 used.  688.348 avail Mem

PID USER  PR  NI  VIRT  RES  SHR S  %CPU %MEM  TIME+ COMMAND

4040 root  20  0  7.3m  3.3m  2.6m S  0.3  0:00.08 docker-containe

4058 root  20  0  1.5m  0.2m  0.2m S  0.0  0:00.04 sleep

Docker Container Diff

Shows changes to files or directories on a container's filesystem

We copied that file into the container minutes ago.

diff will show changes to the container's filesystem

docker container diff your-12-character-container-id

Expected output :

A /text-to-copy

It works - shows the file that got added.

If you made several changes to your containers fileysystem you will see more interesting output.

Docker Container Logs and Attach

  • docker container logs ... Show the logs of a container
  • docker container attach ... Attach to standard input STDIN, output, and error streams STDERR

You will now learn the different ways logs versus attach show container logs.

We need a new container with a different command - one that generates log lines to inspect.

First do a docker ps -a - to determine status of our last container.

If status = exited, thats good.

Otherwise run:

docker container stop your-12-character-container-id

Now prune / delete that container:

docker container prune -f

Here is the command that will run our new container - do not run it yet:

docker container run -d --name mycontain alpine:3.8 /bin/sh -c 'for i in 1 2 3 4 5 6 7 8 9 10 ; do echo $i; sleep 5; done'

It loops 10 times; each time echoing the loop number count, sleeping 5 seconds, then continues.

Those echo outputs will be written to the container log.

It sleeps 5 seconds between echo statements otherwise the 10 times loop will finish in milliseconds.

Start a second shell session - you may reuse that events shell used earlier.

Enter these 2 commands - you will get error messages - that is OK. We need those commands in the bash command history so that can quickly recall them using your keyboard up arrow keys.

docker container logs --follow mycontain

docker container attach mycontain

Back to original shell.

Run:

docker container run -d --name mycontain alpine:3.8 /bin/sh -c 'for i in 1 2 3 4 5 6 7 8 9 10 ; do echo $i; sleep 5; done'

Your container is running, echoing an incrementing counter every 5 seconds - writing it to the container log.

Now switch to the second shell.

Press up arrow on keyboard twice to get logs command. Press enter when that is shown.

The logs command will show the echo'ed numbers. Press CTRL-c when you get bored.

Press up arrow on keyboard to get attach command. Press enter when that is shown.

The attach command will show the echo'ed numbers. Press CTRL-c when you get bored.

Problem. When you CTRL-c while viewing attach output you also break out of the bash for loop process: the container exits.

CTRL-c while viewing logs output does not break out of the bash for loop

Therefore I prefer to always use the logs command.

If you have a web server process running, attach it and press CTRL-c, then you will send CTRL-c to the web server process - possibly stopping it.

If your echo numbers ran out before you could do the attach you can rerun this. Start again at ...

0 0 0
Share on

Alibaba Clouder

2,599 posts | 763 followers

You may also like

Comments