mail

docker container run

Usage :

Run a command in a new container
docker container run is equivalent to docker run (source) :
  • both exist for historical reasons :
    • only docker run existed initially
    • docker container run was added later to have more intuitive commands like docker command subcommand since the number of commands was increasing
  • use docker container run, which is the modern way of running a container

Flags :

Flag Usage
--name myContainer assign a name to the container
--rm (1, 2) when the container exits, remove :
-v volumeSpecification
--volume=volumeSpecification		 bind mount a volume using volumeSpecification : X:Y:Z
  • X can either be :
    • a host directory, specified as an absolute path
    • an arbitrary volume name
    • omitted (aka anonymous volume). In such case, it will be created automatically with a path + name like : /var/lib/docker/volumes/848acf58ffb933b/
  • Y is :
    • the path to the volume inside the container (aka mount point)
    • specified as an absolute path
  • Z :
    • is for permissions : rw, ro,
    • can be omitted. No idea what it defaults to
It is possible to declare a volume in a Dockerfile with the VOLUME directive, with the limitation of not being able to specify a host directory.
  • This is because an image has no control on its environment and can not guarantee that the host directory actually exists.
  • If you want to control both ends of a volume specification, you have no choice but use the -v / --volume flag.
-w dir --workdir dir use dir as working directory inside the container
mail

docker inspect

Usage :

Return low-level information on Docker objects

Flags :

Flag Usage
-f formatString
--format=formatString		 Format the output using the given Go template (details : 1, 2)
  • By default, data is returned as a JSON array.
  • formatString is not just a list of output format flags (as seen with other tools) but rather a mix of :
    • the list of queried fields
    • and a function (if any) to combine them to build the result
    like in the pseudo-code : join(', ', (field1, field2, field3))

Example :

Let's discover docker inspect :

  • Learn everything about the containerId container :
    docker inspect containerId
  • Extract specific values :
    docker inspect -f '{{.LogPath}}' containerId
    /var/lib/docker/containers/containerId_full/containerId_full-json.log
    docker inspect -f '{{.HostConfig.Binds}}' containerId
    [/opt/docker/myApp/myApp.json:/etc/myApp.json:rw]
  • Values only or keys + values :
    docker inspect -f '{{.State}}' containerId
    {running true false false false false 5654 0  2020-09-09T09:49:07.578164883Z 0001-01-01T00:00:00Z <nil>}
    docker inspect -f '{{json .State}}' containerId
    {"Status":"running", "Running":true, "Paused":false, "Restarting":false, "OOMKilled":false, "Dead":false, "Pid":5654, "ExitCode":0, "Error":"", "StartedAt":"2020-09-09T09:49:07.578164883Z", "FinishedAt":"0001-01-01T00:00:00Z"}

Output formatting hacks :

jq :

Some experienced users prefer jq as an alternative to --format.

Python :

And if jq is not available, Python comes to the rescue :
  • raw result (JSON array) :
    docker inspect -f '{{.State}}' containerId
    {running true false false false false 5654 0  2020-09-09T09:49:07.578164883Z 0001-01-01T00:00:00Z <nil>}
  • keys + values as a JSON string :
    docker inspect -f '{{json .State}}' containerId
    {"Status":"running", "Running":true, "Paused":false, "Restarting":false, "OOMKilled":false, "Dead":false, "Pid":5654, "ExitCode":0, "Error":"", "StartedAt":"2020-09-09T09:49:07.578164883Z", "FinishedAt":"0001-01-01T00:00:00Z"}
  • pretty print of data (with keys sorted alphabetically) :
    docker inspect -f '{{json .State}}' containerId | python -m json.tool
    {
    "Dead": false,
    "Error": "",
    "ExitCode": 0,
    "FinishedAt": "0001-01-01T00:00:00Z",
    "OOMKilled": false,
    "Paused": false,
    "Pid": 5654,
    "Restarting": false,
    "Running": true,
    "StartedAt": "2020-09-09T09:49:07.578164883Z",
    "Status": "running"
}
mail

docker exec

Usage :

Run a command in a running container

Flags :

Flag Usage
-i --interactive Keep STDIN open even if not attached
-t --tty Allocate a pseudo-TTY
-u --user specify a username or UID

Example :

Run a command in a container as a specific user :

  • docker exec -u bob -it 9f78e57b54d9 whoami
    bob
  • Open a shell as bob (details) :
    docker exec -u bob -it 9f78e57b54d9 sh