Running and Managing Containers
4.1. So let's play with this thing called container​
As we all know, Docker uses the command line for you to interact with it -- basically you use the "docker" command.
Well, now that we've started Docker, let's run our first container.
As is customary when someone is learning a new programming language, it's quite common to make a hello world! as the first code.
Although Docker is not a programming language, we'll use this custom with our first example of a running container.
Docker has a custom hello-world image that serves to allow you to test your installation and validate that everything works as expected.
To execute a container, we use the "run" parameter of the "container" subcommand of the "docker" command. Simple, right?
root@linuxtips:~# docker container run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
03f4658f8b78: Pull complete a3ed95caeb02: Pull complete
Digest: sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
Status: Downloaded newer image for hello-world:latest
Hello from Docker.
This message shows that your installation appears to be working correctly.
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account:
https://hub.docker.com
For more examples and ideas, visit:
https://docs.docker.com/userguide/
root@linuxtips:~#
In the previous example, we are running a container using the custom hello-world image.
Although it's a simple task, when you ran the "docker container run hello-world" command, four steps were necessary for its completion, let's see which ones:
-
The "docker" command communicates with the Docker daemon informing the desired action.
-
The Docker daemon checks if the "hello-world" image exists on your host; if not, Docker downloads the image directly from Docker Hub.
-
The Docker daemon creates a new container using the image you just downloaded.
-
The Docker daemon sends the output to the "docker" command, which prints the message on your terminal.
See? It's as simple as flying!
Very well, now that we already have an image on our host, how do I view it?
Very simple, just type the following command:
root@linuxtips:~# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest 690ed74de00f 5 months 960 B
root@linuxtips:~#
As you can notice in the code, the output shows five columns:
-
REPOSITORY -- The image name.
-
TAG -- The image version.
-
IMAGE ID -- Image identification.
-
CREATED -- When it was created.
-
SIZE -- Image size.
When we ran the "docker container run hello-world" command, it created the container, printed the message on the screen and then the container was automatically terminated, that is, it executed its task, which was to display the message, and then was terminated.
To make sure it was really terminated, type:
root@linuxtips:~# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORT NAMES
root@linuxtips:~#
With "docker container ls", you can view all running containers and still get details about them. The output of "docker container ls" is divided into seven columns; let's get to know what they tell us:
-
CONTAINER ID -- Unique identification of the container.
-
IMAGE -- The image that was used to run the container.
-
COMMAND -- The command being executed.
-
CREATED -- When it was created.
-
STATUS -- Its current status.
-
PORTS -- The container and host port that this container uses.
-
NAMES -- The container name.
An interesting option of "docker container ls" is the "-a" parameter.
root@linuxtips:~# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e45cf509282 hello-world "/hello" 4 seconds Exited(0) tracted_ardinghelli
root@linuxtips:~#
With the "-a" option you can view not only running containers, but also containers that are stopped or have been terminated.
4.2. Cool, I want more​
Now that we've seen how to create a simple container, as well as view the images and containers that are on our host, let's create a new one, but learning about three parameters that will bring greater flexibility in the use and administration of our containers. I'm talking about the "-t", "-i" and "-d" parameters.
-
-t -- Provides a TTY (console) for our container.
-
-i -- Keeps STDIN open even if you are not connected to the container.
-
-d -- Makes the container run as a daemon, that is, without the interactivity that the other two parameters provide us.
With this we have two execution modes for our containers: interactive mode or daemonizing the container.
4.2.1. Interactive mode​
Most of the time you will start a container from an image that is already ready, all configured. However, there are some cases where you need to interact with your container -- this can happen, for example, when building your custom image.
In this case, using interactive mode is the best option. To do this, just pass the "-ti" parameters to the "docker container run" command.
4.2.2. Daemonizing the container​
Using the "-d" parameter of the "docker container run" command, it is possible to daemonize the container, making the container run as a daemon process.
This is ideal when we already have a container that we will not access (via shell) to make adjustments. Imagine an image already with your application and everything needed configured; you will start the container and will only consume the service delivered by your application. If it's a web application, just access it in the browser by passing the IP and port where the service is available in the container. Awesome, right?
In other words, if you want to start a container to be used as a conventional Linux machine with shell and that needs some configuration or adjustment, use interactive mode, that is, the "-ti" parameters.
Now, if you already have the container configured, with your application and all dependencies resolved, there is no need to use interactive mode -- in this case we use the "-d" parameter, that is, the daemonized container. We will only access the services it provides, simple as that.
4.3. Got it, now let's practice a bit?​
Perfect. Let's start a new container using two of these new parameters we learned.
For our example, let's start a CentOS 7 container:
root@linuxtips:~# docker container run -ti centos:7
Unable to find image 'centos:7' locally
7: Pulling from library/centos
a3ed95caeb02: Pull complete 196355c4b639: Pull complete
Digest: sha256:3cdc0670fe9130ab3741b126cfac6d7720492dd2c1c8ae033dcd77d32855bab2
Status: Downloaded newer image for centos:7
[root@3c975fb7fbb5 /]#
Since the image didn't exist on our host, it started downloading from Docker Hub, however, if the image was already on our host, it would use it, with no need for the download.
Notice that your prompt (variable $PS1) changed, because now you are already inside the container. To prove that we are inside our CentOS container, run the following command:
[root@3c975fb7fbb5 /]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@3c975fb7fbb5 /]#
The "/etc/redhat-release" file indicates which version of CentOS we are using, that is, we are really in our CentOS 7 container.
4.4. OK, now I want to exit​
Ideally, there will only be one process running in the container. In our case, since we are interacting (option "-ti"), it's the bash process; therefore, you cannot use the "exit" command to leave the console, because this way this single process stops running and your container dies. If you want to exit the container and keep it running, you need to exit with the following keyboard shortcut:
keep the Ctrl button pressed + p + q
This way, you will exit the container and it will continue running. To confirm if the container continues running, do:
root@linuxtips:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3c975fb7fbb5 centos:7 "/bin/bash" 2 minutes Up 2 minutes angry_wescoff
root@linuxtips:~#
4.5. Can I go back to the container?​
We left our container running and now we want to access it again. How can we do this?
Simple! Just type the following command:
root@linuxtips:~# docker container attach <CONTAINER ID>
The "attach" parameter of the "docker container" command allows us to connect to a running container. To do this, just pass the "CONTAINER ID" as a parameter, which you can get from the output of "docker ps", as we showed in the previous example.
4.6. Continuing the fun​
It is possible to create a container, but not execute it immediately. When we use the "create" parameter of the "docker container" command, it only creates the container, not initializing it, as we notice in the following example:
root@linuxtips:~# docker container create -ti ubuntu
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
5a132a7e7af1: Pull complete
fd2731e4c50c: Pull complete
28a2f68d1120: Pull complete
a3ed95caeb02: Pull complete
Digest:sha256:4e85ebe01d056b43955250bbac22bdb8734271122e3c78d21e55ee235fc6802d
Status: Downloaded newer image for ubuntu:latest3e63e65db85a6e36950959dc6bdc00279e2208a335580c478e01723819de9467
root@linuxtips:~#
Notice that when you type "docker container ls" it doesn't bring the newly created container, after all the output of "docker container ls" only brings running containers. To view the newly created container it was necessary to use the "-a" parameter.
root@linuxtips:~# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e63e65db85a ubuntu "/bin/bash" 18 seconds ago Created elo_visves
root@linuxtips:~#
For our newly created container to be executed, just use "docker container start [CONTAINER ID]", as follows:
root@linuxtips:~# docker container start [CONTAINER ID]
root@linuxtips:~# docker container attach [CONTAINER ID]
root@b422f04df14c:/#
Verifying if we are really using the Ubuntu container:
root@b422f04df14c:/# cat /etc/issue
Ubuntu 18.04 LTS \n \l
root@b422f04df14c:/#
Remember that to exit the container and keep it running you need to use the shortcut: Ctrl + p + q.
4.7. Starting and killing containers​
If I want to stop a running container, just use the "stop" parameter followed by the "CONTAINER ID":
# docker container stop [CONTAINER ID]
Checking if the container continues running:
# docker container ls
Remember that to view containers that are not running you need to use the "-a" parameter.
To put a stopped container back into execution, it is necessary to use the "start" parameter of the "docker container" command followed by the "CONTAINER ID":
# docker container start [CONTAINER ID]
In the same way that we can use stop/start to shut down/start a container, we can also use "restart", as we notice below:
# docker container restart [CONTAINER ID]
To pause a container, execute:
# docker container pause [CONTAINER ID]
And check the container status:
root@linuxtips:~# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b34f4987bdce ubuntu "/bin/bash" 12 seconds ago Up 11 seconds (Paused) drunk_turi
root@linuxtips:~#
To "unpause" the container:
# docker container unpause [CONTAINER ID]
4.8. Viewing resource consumption by the container​
If you want to view information regarding resource consumption by the container, it's also quite simple: just use the "stats" parameter to check CPU, memory and network consumption by the container in real time.
# docker container stats [CONTAINER ID]
CONTAINER CPU% MEM USAGE/LIMIT MEM % NET I/O BLOCK I/O PIDS
b34f4987bdce 0.00% 503.8kB/2.094GB 0.02% 648B/648B 0B/0B 2
To exit, press Ctrl + C.
To view all containers at once, just don't specify the [CONTAINER ID], as follows:
# docker container stats
Now, if you want to view which processes are running in a specific container, use the "top" parameter. With it you can get information about running processes, such as, for example, the UID and PID of the process.
# docker container top [CONTAINER ID]
UID PID PPID C STIME TTY TIME COMMAND
root 10656 4303 0 20:24 pts/3 00:00:00 /bin/bash
To check the logs of a specific container, use the "logs" parameter, simple as that.
# docker container logs [CONTAINER ID]
Remember: it displays STDOUT, the standard output. That is, normally you will view the history of messages that appear in the foreground during the execution of the container.
To display the logs dynamically, that is, as new messages appear it updates the output on the terminal, we use the "-f" option:
# docker container logs -f [CONTAINER ID]
With this your terminal will be locked, just listening to the log, and any new entry it will display on the screen. Output similar to "tail -f" on Linux. Remember, use ctrl+c to cancel the log display.
4.9. I'm tired of playing with container, I want to remove it​
Well, removing a container is even simpler than its creation. When we remove a container, the image that was used for its creation remains on the host; only the container is deleted.
root@linuxtips:~# docker container rm b34f4987bdce
Failed to remove container (b34f4987bdce): Error response from daemon:
Conflict, You cannot remove a running container. Stop the container
before attempting removal or use -f
root@linuxtips:~#
Notice that when you tried to remove the container, it returned an error saying it failed to remove, because the container was running. It even recommends that you stop the container before removing it or use the "-f" option, thus forcing its removal.
root@linuxtips:~# docker container rm -f b34f4987bdce
b34f4987bdce
root@linuxtips:~#
To confirm the removal of the container, use the command "docker container ls -a".