Virtualization technologies like Vmware and Xen enable a Linux kernel and an operating system to run atop a virtualized layer which is referred to as a hypervisor. With this kind of virtualization, each virtual machine is isolated because every kernel is allocated its own memory and a hardware entry point through physical hardware, another kernel or something that resembles hardware. Containers differ from virtualization technologies like Vmware. Multiple containers share the same kernel on which the isolation is implemented.
The key concept to note about a container is that it is a complete package of all parts required to run an application. Multiple containers on a single host share the kernel and they can be completely isolated or have access to other containers on the same host. By sharing the operating system, there is an efficiency in the way resources are utilized. To effectively work with containers you need to drop concepts related to virtualization technologies like Vmware. You should think about a container as a way to wrap a process that will eventually be run.
In the tutorial, ‘learn how to use Docker images part 1’, we discussed images as blueprints that we used to create containers. We discussed how to download images from the Docker hub. We also discussed how to run and manage images. We noted a container as a running instance of an image. In this tutorial, we will build on that material to demonstrate how to work with containers.
The docker run command we used in the images tutorial was a simple way of combining two steps. When the docker run command is executed, a docker creates command and a docker start command is also executed. The docker create command creates a container from the specified image and the docker start command executes the command.
The Docker create and start commands can be run separately and their options are used to specify the initial set up of a container. In the images tutorial, while discussing the run docker command we showed how you should specify the ports that will be used. That was a way of specifying container set up. There are several container options that can be used to specify how a container is set up. In the following sections, we will discuss these options in detail.
The default Docker behavior is to give a container name that is random and is not desirable. A Dockerfile contains default settings among them container name, but they can be overridden. To override the default name you specify a name using –name flag of the create command. Container names must be unique on each host, you can not reuse a name. In the images tutorial, we downloaded a wordpress image and we can run it with a name firstcont using the command below.
sudo docker create --name firstcont bitnami/wordpress
In the images tutorial, we demonstrated how to use labels to search for images. Whenever we create a container from an image, the label of the image is inherited by the container. It is desirable to add custom metadata to the containers created. To add a label we pass the –l or –label flag to the run command. For example to add a blogging label to our wordpress image, we use the command below.
sudo docker run -l blogging bitnami/wordpress
When our containers have well thought out metadata, we can use the ps command to search containers. To return a list of running containers, we use this command sudo docker ps, to show all containers we add -a flag like this sudo docker ps -a.
Instead of returning all containers we can use container metadata to filter returned containers. We pass the -f or –filter flag with a key value pair of the property and its value. Container properties that you can use are ID, label, name, exited and status. The status is used to show if a container has been created, restarted, running, paused, or exited. For example, to return containers with a blogging tag we use the command below.
sudo docker ps -a -f 'label = blogging'
There are other container properties that can be customized once you have a good understanding of how Docker works. These properties are host name, domain name service (DNS) and media access control (MAC) address.
The default behaviour when a container is started is to copy some system files like /etc/hostname into the container configuration file. A bind mount then creates a link between the system file and its copy.
When the storage allocation is inadequate because of the size or non persistent nature you can change this. To control storage properties we use the -v flag to change the file system from the host to the container.
Managing resources in virtualization technologies like Vmware is easy because refined control of memory, CPU and other resource usage is possible. With Docker you have to rely on the cgroup of Linux kernel to manage resources used by Docker. The Docker create command allows you to set memory and CPU resources that will be used by a container. Resource allocations remain in force in life time of the container. To change the resource allocations of a running container, you have to create another container with the same image. The other alternative to changing container resource allocation is to directly manipulate the cgroup kernel.
Docker resource management is only possible if your kernel supports resource limits and they are enabled. To check this, run sudo docker info at a terminal.
Any resource management limitations will be shown as warnings. For example, from the output, we are lacking support for memory swaps.
In this tutorial, we introduced Docker containers and explained how they differ from other virtualization technologies like Vmware. We discussed the docker to create commands and options that can be set when a container is created. Finally, we identified that some resources use limitations that can be placed on containers.
Now, you can read “How To Stop, Kill And Clean Up Docker Containers?“ for understanding the difference between normal processes and docker containers, stop a running container, killing a running container, difference between stopping and killing a container, pause and resume a container, and how to remove images and containers.