- Running software in containers for isolation:
-
Docker builds container using 10 major system features:
Feature Illustration PID namespace
Process identifiers and capabilities. UTS namespace
Host and domain name. MNT namespace
Filesystem access and structure. IPC namespace
Process communication over shared memory. NET namespace
Network access and structure. USR namespace
User names and identifiers. chroot syscall
Controls the location of the filesystem root. cgroups
Resource protection. CAP drop
Operating system feature restrictions. Security modules
Mandatory access controls. -
Docker use those features as above to build containers at runtime, but it uses another set of technologies to package and ship containers.
-
Example:
# `-d/--detach` := running new container as a background-process, this means that the program started but isn't attached in our terminal. docker run --detach --name web nginx:latest docker run -d --name mailer dockerinaction/ch2_mailer # NOTE: Runnning an interactive containers with the terminal: # `-i/--interactive` := Keep the standard-input-stream (`stdin`) open for the container even if no terminal is attached. # `-t/--tty` := To allocate a virtual terminal for the container, which will allow users to pass signals to the container. # `--link` := Add link to another container. docker run -it --link web:web --name web_test busybox:1.29 # -> Access: `/bin/sh` inside `busybox` container. # -> Run this command: `wget -O - http://web:80/` (remember to disable http(s)_proxy || HTTP(S)_PROXY if your Docker configuration have one). # NOTE: `wget -O <FILE> <URL>` := Save to <FILE> ('-' for stdout). docker run -it --name agent --link web:insideweb --link mailer:insidemailer dockerinaction/ch2_agent
- NOTE:
- Everytime you run
docker run
and creare a new container, that new container will get an unique identifier (blob of characters). - Running detached container suitable with programs that sit quietly in the background. That type of program is called as a
daemon
, or aservice
. - A
daemon
generally interacts with other programs or humans over a network or some other communication channel.
- Everytime you run
- NOTE:
-
List of some basic commands that can easily take effect on a container:
Action Command Display information Listing docker ps -a
- The container ID. - The image used. - The command executed the container. - The time since the container was created. - The duration that the container has been running. - The network ports exposed by the container. - The name of the container itself. Stop docker stop <CONTAINER_NAME>/<CONTAINER_ID>
docker stop $(docker ps -aq)
Restart docker restart <CONTAINER_NAME>/<CONTAINER_ID>
docker restart $(docker ps -aq)
docker restart $(docker ps -aq | sort -r)
Logging docker logs <CONTAINER_NAME>/<CONTAINER_ID
for con in $(docker ps -a --format '{{.Names}}'); do docker logs $con; done