What is a container?

Processes

---

Containers are just normal Linux Processes with additional configuration applied. Launch the following Redis container so we can see what is happening under the covers.

[root@jenkins-master ~]# docker run -d --name=db redis:alpine
Unable to find image 'redis:alpine' locally
alpine: Pulling from library/redis
540db60ca938: Pull complete 

[root@jenkins-master ~]# docker ps
CONTAINER ID        IMAGE                                 COMMAND                  CREATED              STATUS                  PORTS                                                           NAMES
4d04385ee53a        redis:alpine                          "docker-entrypoint.s??   About a minute ago   Up About a minute       6379/tcp                                                        db

The Docker container launches a process called redis-server. From the host, we can view all the processes running, including those started by Docker.

$ ps aux | grep redis-server
999       1099  0.2  1.1  29156 11224 ?        Ssl  15:08   0:01 redis-server *:6379

Docker can help us identify information about the process including the PID (Process ID) and PPID (Parent Process ID) via docker top db

$ docker top db
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
999                 1099                1085                0                   15:08               ?                   00:00:00            redis-server *:6379

Who is the PPID? Use ps aux | grep <ppid> to find the parent process. Likely to be Containerd.

$ ps aux | grep 1085
root      1085  0.0  0.5   8924  5192 ?        Sl   15:08   0:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ed8db95d82fa86a1dad78a908988114f567cab7e42872bc2f2336d7be1c7b45d -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc -debug

The command pstree will list all of the sub processes. See the Docker process tree using

$ pstree -c -p -A $(pgrep dockerd)
dockerd(685)-+-docker-containe(731)-+-docker-containe(1085)-+-redis-server(1099)-+-{bio_aof_fsync}(113+
             |                      |                       |                    |-{bio_close_file}(11+
             |                      |                       |                    |-{bio_lazy_free}(113+
             |                      |                       |                    `-{jemalloc_bg_thd}(1+
             |                      |                       |-{docker-containe}(1086)
             |                      |                       |-{docker-containe}(1087)
             |                      |                       |-{docker-containe}(1088)
             |                      |                       |-{docker-containe}(1089)
             |                      |                       |-{docker-containe}(1117)
             |                      |                       `-{docker-containe}(1118)
             |                      |-{docker-containe}(735)
             |                      |-{docker-containe}(736)
             |                      |-{docker-containe}(737)
             |                      |-{docker-containe}(741)
             |                      |-{docker-containe}(742)
             |                      |-{docker-containe}(743)
             |                      |-{docker-containe}(769)
             |                      `-{docker-containe}(1024)
             |-{dockerd}(724)
             |-{dockerd}(725)
             |-{dockerd}(726)
             |-{dockerd}(727)
             |-{dockerd}(728)
             |-{dockerd}(729)
             |-{dockerd}(730)
             |-{dockerd}(746)
             `-{dockerd}(1044)

As you can see, from the viewpoint of Linux, these are standard processes and have the same properties as other processes on our system.

Process Directory

---

Linux is just a series of magic files and contents, this makes it fun to explore and navigate to see what is happening under the covers, and in some cases, change the contents to see the results.

The configuration for each process is defined within the /proc directory. If you know the process ID, then you can identify the configuration directory.

The command below will list all the contents of /proc, and store the Redis PID for future use.

[root@jenkins-master ~]# DBPID=$(pgrep redis-server)
[root@jenkins-master ~]# echo Redis is $DBPID
Redis is  117779

[root@jenkins-master ~]# pgrep redis-server
117779

Each process has it's own configuration and security settings defined within different files. ls /proc/$DBPID

[root@jenkins-master ~]# ls /proc/117779
attr        cmdline          environ  io         mem         ns             pagemap      schedstat  stat     timers
autogroup   comm             exe      limits     mountinfo   numa_maps      personality  sessionid  statm    uid_map
auxv        coredump_filter  fd       loginuid   mounts      oom_adj        projid_map   setgroups  status   wchan
cgroup      cpuset           fdinfo   map_files  mountstats  oom_score      root         smaps      syscall
clear_refs  cwd              gid_map  maps       net         oom_score_adj  sched        stack      task

For example, you can view and update the environment variables defined to that process. cat /proc/$DBPID/environ

docker exec -it db env

[root@jenkins-master ~]# cat /proc/117779/environ 
*:6379[root@jenkins-master ~]# docker exec -it db env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=4d04385ee53a
TERM=xterm
REDIS_VERSION=6.2.3
REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-6.2.3.tar.gz
REDIS_DOWNLOAD_SHA=98ed7d532b5e9671f5df0825bb71f0f37483a16546364049384c63db8764512b
HOME=/root