Docker

System information

docker help
docker info
docker version
docker version --format '{{json .}}' | jq # requires jq installed
docker version --format '{{.Client.Version}}'
docker version --format '{{.Server.Version}}'
docker --version

Run a stateless DEMO application

docker run --rm -p "8080:80" itsziget/phar-examples:1.0
# Press Ctrl-C to quit

Play with the “hello-world” container

Start “hello-world” container

docker run hello-world
# or
docker container run hello-world

Output:

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
  executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

List containers

List running containers

docker ps
# or
docker container ps
# or
docker container ls
# or
docker container list

List all containers

docker ps -a
# or use the other alias commands

List containers based on the hello-world image:

docker ps -a -f ancestor=hello-world
# or
docker container list --all --filter ancestor=hello-world

Delete containers

Delete a stopped container

docker rm containername
# or
docker container rm containername

Delete a running container:

docker rm -f containername

If the generated name of the container is “angry_shaw”

docker rm -f angry_shaw

Start a container with a name

docker run --name hello hello-world

Running the above command again results an error message since “hello” is already used for the previously started container. Run the following command to check the stopped containers:

docker ps -a

Or you can start the stopped container again by using its name:

docker start hello

The above command will display the name of the container. You need to start it in “attached” mode in order to see the output:

docker start -a hello

Delete the container named “hello”

docker rm hello

Start a container and delete it automatically when it stops

docker run --rm hello-world

Start an Ubuntu container

Start Ubuntu in foreground (“attached” mode)

docker run -it --name ubuntu-container ubuntu:20.04

Press Ctrl+P and then Ctrl+Q to detach from the container or type exit and press enter to exit bash and stop the container.

Start Ubuntu in background (“detached” mode)

Linux distribution base Docker images usually don’t contain Systemd as LXD images so these containers cannot run in background unless you pass -it to get interactive terminal. It wouldn’t be necessary with a container which has a process inside running in foreground continuously. -it works with other containers too as long as the containers command is “bash” or some other shell.

docker rm -f ubuntu-container
docker run -it -d --name ubuntu-container ubuntu:20.04

Note

Actually only -i or -t would be enough to keep the container in the backgorund, but if you want to attach the container later, it requires both of them. Of course, -d is always required.

Attach the container

You can attach the container and see the same as you could see when you run a container without -d, in foreground. You can even interact with the container’s main process so be careful and don’t execute a command like exit, or you will stop the whole container by stopping its main process.

docker attach ubuntu-container

Press Ctrl+P and then Ctrl+Q to quit without stopping the container.

The better way to “enter” the container is docker exec which is similar to the way of LXD.

docker exec -it ubuntu-container

Now you can use the “exit” command to quit the container and leave it running.

Start Apache HTTPD webserver

Start the container in the foreground

docker run --name web httpd:2.4

There will be no prompt until you press “CTRL+C” to stop the container running in the foreground.

Note

When you change your terminal window it will send SIGWINCH signal to the container and shut down the server. Use it only for some quick test.

Start it in the background

docker rm web
docker run -d --name web httpd:2.4

Note

You don’t need to use -it and you should not use that either. Running HTTPD server container with and interactive terminal will send SIGWINCH signal to the container and shut down the HTTPD server immediately when you try to attach it.

Even without -it, attaching the HTTPD server container will shut down the server when you change the size of your terminal window.

Use docker logs instead.

Check container logs

docker logs shows the standard error and output of a container without attaching it. Actually it will read and show the content of the log file which was saved from the container’s output.

docker logs web
# or
docker container logs web

Watch the output (logs) continuously

docker logs -f web
# Press Ctrl-C to stop watching

Open the webpage using an IP address

Get the IP address:

CONTAINER_IP=$(docker container inspect web --format '{{.NetworkSettings.IPAddress}}')

You can test if the server is working using wget:

wget -qO- $CONTAINER_IP

Output:

<html><body><h1>It works!</h1></body></html>

Use port forwarding

Delete the container named “web” and forward the port 8080 from the host to the containers internal port 80:

docker rm -f web
docker run -d -p "8080:80" --name web httpd:2.4

Then you can access the page using the host’s IP address.

How we could enter a container in the past

Before docker exec was introduced, nsenter was the only way to enter a container. It does almost the same as docker exec except it does not support Pseudo-TTY so some commands may not work.

CONTAINER_PID=$(docker container inspect --format '{{ .State.Pid }}' web)

sudo nsenter \
  --target $CONTAINER_PID \
  --mount \
  --uts \
  --ipc \
  --net \
  --pid \
  --cgroup \
  --wd \
  env -i - $(sudo cat /proc/$CONTAINER_PID/environ | xargs -0) bash

As you can see, nsenter runs a process inside specific Linux namespaces.

Start Ubuntu virtual machine

There are multiple ways to run a virtual machine with Docker. Using a parameter is not enough. You need to choose a different runtime. The default is runc which runs containers. One of the most popular and easiest runtime is Kata Containers.

Follow the instructions to install the latest stable version of the Kata runtime: Install Kata Containers and configure Docker daemon to use it. An example /etc/docker/daemon.json is the following:

{
  "default-runtime": "runc",
  "runtimes": {
    "kata": {
      "path": "/usr/bin/kata-runtime"
    }
  }
}

Now run

docker run -d -it --runtime kata --name ubuntu-vm ubuntu:20.04

It is still lightweight. You can run ps aux inside to see there is no systemd or other process like that, however, run the following command on the host machine and see it has only one CPU core:

docker exec -it ubuntu-vm cat /proc/cpuinfo

Docker

System information

Run a stateless DEMO application

Play with the “hello-world” container

Start “hello-world” container

List containers

Delete containers

Start a container with a name

Start a container and delete it automatically when it stops

Start an Ubuntu container

Start Ubuntu in foreground (“attached” mode)

Start Ubuntu in background (“detached” mode)

Attach the container

Start Apache HTTPD webserver

Start the container in the foreground

Start it in the background

Check container logs

Open the webpage using an IP address

Use port forwarding

How we could enter a container in the past

Share namespaces

Start Ubuntu virtual machine