By Alwyn Botha, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.
This tutorial provides a quick demonstration of the 25 Docker commands that can be applied against containers. The article is structured so that you get to use the following 25 commands at least once each. This will help provide a better understanding of containers from a high-level perspective, such as what containers are and what you can do with them.
There are 25 docker container commands, and you do not want to type those words repeatedly. Therefore we need aliases.
Suggestion:
alias dock='docker container'
Its easier for me to type than docc.
this can then fit in logically with other alias you will need:
alias docv='docker volume'
alias doci='docker inspect'
alias docm='docker image'
alias psa='docker ps -a'
alias d='docker '
If you know you already have the Alpine 3.8 Docker image you don't need to do anything here.
Otherwise enter at shell
docker pull alpine:3.8
to get the Alpine image downloaded onto your computer.
Let's create a container so that we can apply those 25 commands against it.
There are several ways to create running containers, we will use create and run here.
Syntax:
docker container run [OPTIONS] IMAGE [COMMAND] [ARG...]
docker container run -d --name mycontain alpine:3.8 sleep 3600
Docker will show the random 64 character ID it generated for that container.
docker ps -a
We now have a running container.
We can enter a container and explore its internals.
docker exec -it your-12-character-container-id /bin/sh
The -it option specify 2 options:
The / # you see is the container shell prompt. Use it just like a normal shell.
Enter commands shown below to use the shell.
exit exits that specific shell session. The container is still running.
/ # ps
PID USER TIME COMMAND
1 root 0:00 sleep 3600
6 root 0:00 /bin/sh
11 root 0:00 ps
/ # ll
/bin/sh: ll: not found
/ # ls
bin etc lib mnt root sbin sys usr
dev home media proc run srv tmp var
/ # echo text > textfile
/ # cat textfile
text
/ # df -h
Filesystem Size Used Available Use% Mounted on
tmpfs 64.0M 0 64.0M 0% /dev
tmpfs 492.6M 0 492.6M 0% /sys/fs/cgroup
/dev/mapper/centos00-root
12.6G 5.3G 7.3G 42% /etc/resolv.conf
/dev/mapper/centos00-root
12.6G 5.3G 7.3G 42% /etc/hostname
/dev/mapper/centos00-root
12.6G 5.3G 7.3G 42% /etc/hosts
shm 64.0M 0 64.0M 0% /dev/shm
tmpfs 492.6M 0 492.6M 0% /proc/acpi
tmpfs 64.0M 0 64.0M 0% /proc/kcore
tmpfs 64.0M 0 64.0M 0% /proc/keys
tmpfs 64.0M 0 64.0M 0% /proc/timer_list
tmpfs 64.0M 0 64.0M 0% /proc/timer_stats
tmpfs 64.0M 0 64.0M 0% /proc/sched_debug
tmpfs 492.6M 0 492.6M 0% /proc/scsi
tmpfs 492.6M 0 492.6M 0% /sys/firmware
/ # exit
If you need to temporarily pause a container, you can do that.
Docker uses the cgroups freezer functionality to pause the processes in the container.
Processes in the container are unaware, and unable to capture / prevent this pausing.
Similarly the processes start again using unpause - processes being unaware they were ever paused.
Do a
docker ps -a
to see that the container is running / up.
docker container pause your-12-character-container-id
docker ps -a
Expected output :
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
89187919f955 alpine:3.8 "sleep 3600" 49 seconds ago Up 48 seconds (Paused) mycontain
Notice the container is (Paused)
Unfortunately you cannot enter a paused container to look around. You will get this error:
Error response from daemon: Container 89187919f955 is paused, unpause the container before exec
Nothing else exiting to see here - paused container is using no cpu cycles.
To unpause:
docker container unpause your-12-character-container-id
Run
docker ps -a
to see that its status is up ( running ) again.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
89187919f955 alpine:3.8 "sleep 3600" 3 minutes ago Up 3 minutes mycontain
The pause and unpause commands have no options. However you can pause and unpause several containers in one go, for example
docker container pause cont1 apache2 php42 othercont and-so-on
To show what these commands do, enter
docker events at another shell session. This will now show Docker events as they happen.
Back to our original first shell.
docker container stop 89187919f955
Please note it takes 10 seconds to stop.
Do a docker ps -a and you will see its status : exited.
Switch back to events shell. Observe the output.
Expected output :
2018-11-15T10:24:09.584676893+02:00 container kill 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain, signal=15)
2018-11-15T10:24:19.605895426+02:00 container kill 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain, signal=9)
2018-11-15T10:24:19.758338864+02:00 container die 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (exitCode=137, image=alpine:3.8, name=mycontain)
2018-11-15T10:24:19.854403805+02:00 network disconnect 4cdddf0dfbaa8d697920bc6e387c9306941d680b054e9026fc52d3dd763cd05a (container=89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1, name=bridge, type=bridge)
2018-11-15T10:24:19.904432478+02:00 container stop 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain)
A signal 15 termination gets sent. This gives the container the opportunity to execute its clean shutdown routines.
10 seconds later, if it still is busy shutting down, it gets killed immediately and forcefully with a kill signal 9. 150 ms later it dies.
Press CTRL-c to interrupt this events display. We are finished with it for now.
Back to original shell:
docker container restart your-12-character-container-id
Do a docker ps -a and you will see its status : up ( running ).
While busy with development I have no patience to wait those 10 seconds. ( Probably my shutdown cleanup routines are not written yet. )
Therefore for days I will stop the container immediately: using stop --time 0
Our container is still running.
Switch to events shell.
Run docker events again so we can observe different events now.
Back to original shell:
docker container stop --time 0 your-12-character-container-id
Note it stops immediately.
Switch to events shell:
Expected output :
2018-11-15T10:39:40.364765468+02:00 container kill 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain, signal=15)
2018-11-15T10:39:40.380549365+02:00 container kill 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain, signal=9)
2018-11-15T10:39:40.524409344+02:00 container die 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (exitCode=137, image=alpine:3.8, name=mycontain)
2018-11-15T10:39:40.613037711+02:00 network disconnect 4cdddf0dfbaa8d697920bc6e387c9306941d680b054e9026fc52d3dd763cd05a (container=89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1, name=bridge, type=bridge)
2018-11-15T10:39:40.661786770+02:00 container stop 89187919f9554894a7304f772631d48a894c609daf333eadbd53f55f8555b0a1 (image=alpine:3.8, name=mycontain)
Notice that 15 ms after the terminate 15 signal, the forcefull kill 9 signal is sent.
Never use this --time 0 in production. It guarantees data corruption.
However in development it speeds up the learning and programming cycles.
There is a long list of potential signals you can send running Linux processes.
https://en.wikipedia.org/wiki/Signal_(IPC)
You now know how to use the events shell console.
Use it to test the following:
docker container kill --signal 15 your-12-character-container-id
look at events
docker container kill --signal 15 your-12-character-container-id
look at events
docker container kill --signal 15 your-12-character-container-id
look at events
docker container kill --signal 9 your-12-character-container-id
look at events
Note that signal 15 only sends that signal. Since our simple container does not know how to shut down cleanly, it just ignores it.
The signal 9 kills the container immediately.
You can use docker container kill to send the complete set of signals available on Linux.
You can use the portable number ( in that table on the wiki page ) or the uppercase signal name.
Unfortunately our simple sleep 3600 command does not know how to catch and process those signals so will ignore it.
What you really need is a bash script, php or python program written specifically to catch those signals to see how this works.
This tutorial just made you aware that Docker containers can receive the full set of Linux signals.
Syntax:
docker container rename OLD-CONTAINER-NAME NEW-OLD-CONTAINER-NAME
You probably now only have one stopped container. So restart it:
docker container restart your-12-character-container-id
docker ps -a
Expected output :
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
89187919f955 alpine:3.8 "sleep 3600" About an hour ago Up 1 second mycontain
Let's rename our container:
docker container rename mycontain new-contain-name
Observe the result:
docker ps -a
Expected output :
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
89187919f955 alpine:3.8 "sleep 3600" About an hour ago Up About a minute new-contain-name
Directly from Docker source code:
// the characters allowed to represent a container name
const RestrictedNameChars = [a-zA-Z0-9][a-zA-Z0-9_.-]
Note the container name must start with the characters in the first block : [a-zA-Z0-9]
Use this command to update runtime cpu or ram restrictions of one or more containers
Full list of options to set:
https://docs.docker.com/engine/reference/commandline/container_update/#options
Restart your container :
docker container restart your-12-character-container-id
Show just the CpusetCpus setting:
docker container inspect your-12-character-container-id | grep "CpusetCpus"
Let's allow our container to only use cpu number 0:
docker container update --cpuset-cpus 0 your-12-character-container-id
Check if that setting worked:
docker container inspect your-12-character-container-id | grep "CpusetCpus"
Expected output :
"CpusetCpus": "0",
Success. Container limited to only cpu 0.
You can use docker container update to update all the settings on that webpage of a running container.
Show a list of containers on your server.
Run
docker container ls -a
Its output is identical to
docker ps -a
The -a show all containers, running and exited.
Those 2 commands have identical options. I use docker ps -a exclusively since I have a bash psa alias defined.
copy files/folders between a container and the local filesystem
Syntax to copy into container :
docker cp [OPTIONS] HOST_SRC_PATH|- CONTAINER:DEST_PATH
Create file on host server to copy into container:
echo text-to-copy > file-to-copy
Copy file into container:
docker container cp file-to-copy your-12-character-container-id:/
List the content of / directory:
docker exec -it your-12-character-container-id ls /
You will see that the file is there.
Shows container runtime stats. See below.
docker container stats --no-stream
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
89187919f955 new-contain-name 0.00% 44KiB / 985.2MiB 0.00% 648B / 0B 1.41MB / 0B 0
Compare this output with :
docker container top your-12-character-container-id
Expected output :
UID PID PPID C STIME TTY TIME CMD
root 4058 4040 0 12:31 ? 00:00:00 sleep 3600
I find docker container stats much more useful.
However if you use the PIDs from top and you run the normal top command you can find the usual detail about running processes on Linux distros.
Output edited to show only those PIDs.
Tasks: 114 total, 1 running, 113 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.2 us, 0.2 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 985.219 total, 545.160 free, 126.871 used, 313.188 buff/cache
MiB Swap: 1499.996 total, 1499.996 free, 0.000 used. 688.348 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4040 root 20 0 7.3m 3.3m 2.6m S 0.3 0:00.08 docker-containe
4058 root 20 0 1.5m 0.2m 0.2m S 0.0 0:00.04 sleep
Shows changes to files or directories on a container's filesystem
We copied that file into the container minutes ago.
diff will show changes to the container's filesystem
docker container diff your-12-character-container-id
Expected output :
A /text-to-copy
It works - shows the file that got added.
If you made several changes to your containers fileysystem you will see more interesting output.
You will now learn the different ways logs versus attach show container logs.
We need a new container with a different command - one that generates log lines to inspect.
First do a docker ps -a - to determine status of our last container.
If status = exited, thats good.
Otherwise run:
docker container stop your-12-character-container-id
Now prune / delete that container:
docker container prune -f
Here is the command that will run our new container - do not run it yet:
docker container run -d --name mycontain alpine:3.8 /bin/sh -c 'for i in 1 2 3 4 5 6 7 8 9 10 ; do echo $i; sleep 5; done'
It loops 10 times; each time echoing the loop number count, sleeping 5 seconds, then continues.
Those echo outputs will be written to the container log.
It sleeps 5 seconds between echo statements otherwise the 10 times loop will finish in milliseconds.
Start a second shell session - you may reuse that events shell used earlier.
Enter these 2 commands - you will get error messages - that is OK. We need those commands in the bash command history so that can quickly recall them using your keyboard up arrow keys.
docker container logs --follow mycontain
docker container attach mycontain
Back to original shell.
Run:
docker container run -d --name mycontain alpine:3.8 /bin/sh -c 'for i in 1 2 3 4 5 6 7 8 9 10 ; do echo $i; sleep 5; done'
Your container is running, echoing an incrementing counter every 5 seconds - writing it to the container log.
Now switch to the second shell.
Press up arrow on keyboard twice to get logs command. Press enter when that is shown.
The logs command will show the echo'ed numbers. Press CTRL-c when you get bored.
Press up arrow on keyboard to get attach command. Press enter when that is shown.
The attach command will show the echo'ed numbers. Press CTRL-c when you get bored.
Problem. When you CTRL-c while viewing attach output you also break out of the bash for loop process: the container exits.
CTRL-c while viewing logs output does not break out of the bash for loop
Therefore I prefer to always use the logs command.
If you have a web server process running, attach it and press CTRL-c, then you will send CTRL-c to the web server process - possibly stopping it.
If your echo numbers ran out before you could do the attach you can rerun this. Start again at ...
2,599 posts | 763 followers
FollowAlibaba Clouder - March 11, 2019
Alibaba Clouder - June 11, 2020
Alibaba Clouder - December 28, 2018
Alibaba Clouder - January 24, 2019
Alibaba Clouder - September 16, 2019
Alibaba Cloud Community - December 31, 2021
2,599 posts | 763 followers
FollowLearn More
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn MoreElastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn MoreMore Posts by Alibaba Clouder