- Running software in containers for isolation:
-
Docker builds container using 10 major system features:
Feature Illustration PID namespaceProcess identifiers and capabilities. UTS namespaceHost and domain name. MNT namespaceFilesystem access and structure. IPC namespaceProcess communication over shared memory. NET namespaceNetwork access and structure. USR namespaceUser names and identifiers. chroot syscallControls the location of the filesystem root. cgroupsResource protection. CAP dropOperating system feature restrictions. Security modulesMandatory access controls. -
Docker use those features as above to build containers at runtime, but it uses another set of technologies to package and ship containers.
-
Example:
# `-d/--detach` := running new container as a background-process, this means that the program started but isn't attached in our terminal. docker run --detach --name web nginx:latest docker run -d --name mailer dockerinaction/ch2_mailer # NOTE: Runnning an interactive containers with the terminal: # `-i/--interactive` := Keep the standard-input-stream (`stdin`) open for the container even if no terminal is attached. # `-t/--tty` := To allocate a virtual terminal for the container, which will allow users to pass signals to the container. # `--link` := Add link to another container. docker run -it --link web:web --name web_test busybox:1.29 # -> Access: `/bin/sh` inside `busybox` container. # -> Run this command: `wget -O - http://web:80/` (remember to disable http(s)_proxy || HTTP(S)_PROXY if your Docker configuration have one). # NOTE: `wget -O <FILE> <URL>` := Save to <FILE> ('-' for stdout). docker run -it --name agent --link web:insideweb --link mailer:insidemailer dockerinaction/ch2_agent
- NOTE:
- Everytime you run
docker runand creare a new container, that new container will get an unique identifier (blob of characters). - Running detached container suitable with programs that sit quietly in the background. That type of program is called as a
daemon, or aservice. - A
daemongenerally interacts with other programs or humans over a network or some other communication channel.
- Everytime you run
- NOTE:
-
List of some basic commands that can easily take effect on a container:
Action Command Display information Listing docker ps -a- The container ID. - The image used. - The command executed the container. - The time since the container was created. - The duration that the container has been running. - The network ports exposed by the container. - The name of the container itself. Stop docker stop <CONTAINER_NAME>/<CONTAINER_ID>docker stop $(docker ps -aq)Restart docker restart <CONTAINER_NAME>/<CONTAINER_ID>docker restart $(docker ps -aq)docker restart $(docker ps -aq | sort -r)Logging docker logs <CONTAINER_NAME>/<CONTAINER_IDfor con in $(docker ps -a --format '{{.Names}}'); do docker logs $con; done