In ubuntu based docker/os
$ ps
PID USER TIME COMMAND
1 postgres 0:00 postgres
47 postgres 0:00 postgres: checkpointer process
48 postgres 0:00 postgres: writer process
49 postgres 0:00 postgres: wal writer process
50 postgres 0:00 postgres: autovacuum launcher process
51 postgres 0:00 postgres: stats collector process
52 postgres 0:00 postgres: bgworker: logical replication launcher
Now If run ps -p 1 -o user=, it will get me PID 1 process USER postgres
$ ps -p 1 -o user=
postgres
This is what I can do in ubuntu based image/os
Now
I am really seeking for a way to do the same for alpine based image. Where I can run ps command to get PID 1 process USER.
I didn't find any docs/hints around.
There is very cut version of ps in alpine image by default. It is busybox one:
/ # ps --help
BusyBox v1.27.2 (2017-12-12 10:41:50 GMT) multi-call binary.
Usage: ps [-o COL1,COL2=HEADER]
Show list of processes
-o COL1,COL2=HEADER Select columns for display
It can only show output with defined columns.
If you want use uncut ps, you need to install it first to alpine image:
/ # apk add --no-cache procps
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz
(1/6) Installing libintl (0.19.8.1-r1)
(2/6) Installing ncurses-terminfo-base (6.0_p20171125-r0)
(3/6) Installing ncurses-terminfo (6.0_p20171125-r0)
(4/6) Installing ncurses-libs (6.0_p20171125-r0)
(5/6) Installing libproc (3.3.12-r3)
(6/6) Installing procps (3.3.12-r3)
Executing busybox-1.27.2-r7.trigger
OK: 13 MiB in 17 packages
Now, you can use it you want:
/ # ps -p 1 -o user=
root
Related
I have put a script with an endless loop inside a Containerfile.
When I go inside the container and run that script in the background I can see that the process is running by doing a ps -ef.
But when I try to start the process inside the Containerfile it is not running, even though the podman build and podman run commands are without error.
I am using rootless podman.
This is my Containerfile:
$ cat Containerfile
FROM alpine
RUN apk update
RUN apk add vim
RUN apk add bash
COPY ./useless_process.sh /home
RUN bash /home/useless_process.sh &
# how to build:
# podman build . -t "manualpihimage"
# how to run:
# podman run -it --name "manualpihcontainer" manualpihimage
I have also tried using the CMD and the ENTRYPOINT commands but the process did not start.
The expectation was that the process would run in the background.
I have tried it with Containerfile as follows. Note that I removed the useless & - makes no sense in the context of the container and used CMD because we don't want to run it while building the image but when we start the container.
FROM alpine
RUN apk update
RUN apk add vim
RUN apk add bash
COPY ./useless_process.sh /home
CMD bash /home/useless_process.sh
I created useless_process.sh with:
#!/bin/sh
while `/bin/true`; do
date
sleep 1
done
Then podman build . -t=image1 and podman run -d --name=container1 image1 to start it detached.
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0744f29bec7c localhost/image1:latest /bin/sh -c bash /... 22 seconds ago Up 23 seconds ago container1
And we can see our useless process is running
$ podman exec -it container1 /bin/sh
/ # ps
PID USER TIME COMMAND
1 root 0:00 bash /home/useless_process.sh
188 root 0:00 /bin/sh
197 root 0:00 sleep 1
198 root 0:00 ps
dnf --enablerepo=centos-openstack-wallaby -y upgrade
CentOS-8 - Ceph Nautilus 63 B/s | 38 B 00:00
Error: Failed to download metadata for repo 'centos-ceph-nautilus': Cannot prepare internal mirrorlist: No URLs in mirrorlist
If you need to update your CentOS 8 Stream, you need to change the mirrors to vault.centos.org
Step 1: Go to the /etc/yum.repos.d/ directory
# cd /etc/yum.repos.d/
Step 2: Run the below commands
# sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
# sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
Now run your dnf command.
I used docker and wanted to delete everything
So I tried to remove it but it didn't disappear
docker images
REPOSITORY TAG IMAGE ID CREATED
SIZE
laravel_app_sample latest b5ec6934ff5b 24 minutes ago 852MB
laravel_db_sample latest f0a16ec4f305 27 minutes ago 445MB
ubuntu latest 2ca708c1c9cc 7 days ago 64.2MB
mysql latest b8fd9553f1f0 13 days ago 445MB
centos latest 67fa590cfc1c 5 weeks ago 202MB
nginx latest 5a3221f0137b 5 weeks ago 126MB
I tryed
docker rmi $(docker images -a)
unknown shorthand flag: 'a' in -a)
docker rmi -f $(docker images -a -q)
unknown shorthand flag: 'a' in -a
docker rm -vf $(docker ps -a -q)
unknown shorthand flag: 'a' in -a
How to delete all Docker local Docker images
I saw it but it didn't work
docker image ls -aq | xargs docker image rm -f
I want to start the httpd service on a CentOS 7 container. But the systemctl command doesn't work in containers. In CentOS 6 I can start httpd by simply using the /etc/init.d/apachectl -d command. But in CentOS 7 I can't find any apachectl file in /*/systemd/.
So how can I start httpd service in CentOS 7 container?
The best way is to make your own centos7 image where you install httpd
FROM centos:7
RUN yum -y install httpd; yum clean all; systemctl enable httpd.service
EXPOSE 80
Build your image with docker build -t my-centos:7 .
Systemd cannot run without SYS_ADMIN. That's why I set the following vars.
$ docker run -it -p 80:80 -e "container=docker" --privileged=true -d --security-opt seccomp:unconfined --cap-add=SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro my-centos:7 bash -c "/usr/sbin/init"
Verify container is running:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
967581bdf31a my-centos:7 "bash -c /usr/sbin/in" 1 seconds ago Up 1 seconds 0.0.0.0:80->80/tcp gigantic_stallman
Verifiy httpd is started
$ docker exec -it gigantic_stallman /bin/bash -c "systemctl status httpd"
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2016-12-28 11:44:04 UTC; 2min 20s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 61 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /docker/967581bdf31a3b741a5e857720e199614d816b05a2132271f3adf910f0ed3207/system.slice/httpd.service
├─61 /usr/sbin/httpd -DFOREGROUND
├─66 /usr/sbin/httpd -DFOREGROUND
├─67 /usr/sbin/httpd -DFOREGROUND
├─68 /usr/sbin/httpd -DFOREGROUND
├─69 /usr/sbin/httpd -DFOREGROUND
└─70 /usr/sbin/httpd -DFOREGROUND
Dec 28 11:44:04 967581bdf31a systemd[1]: Starting The Apache HTTP Server...
Dec 28 11:44:04 967581bdf31a httpd[61]: AH00558: httpd: Could not reliably d...e
Dec 28 11:44:04 967581bdf31a systemd[1]: Started The Apache HTTP Server.
TL;DR: For short answer please see the other author's Answer.
My question was wrong here because it doesn't align with the containerization philosophy IMO. As these kinds of questions would be asked by new user I am going to explain a few things that's indirectly related to this question.
What is a container?
From OCI's runtime Specification, approximately,
A container contains the unit of a deliverable software.
A container will encapsulate a software component and it's dependencies.
A container should be portable and platform agnostic.
And one of the major component to achieve containerization is container runtime or in general linux container. Container runtime is a piece of software that is responsible for running containers.
Examples of a few container runtimes are, containerd, docker-engine, crio, mcr etc.
Why the question is wrong?
In general and by design, a linux container is an isolated process (these days virtual machines are also considered as containers). So in an ideal situation we should create a container just with one process which is our deliverable software.
In the question, I was thinking of using systemd to manage the process inside the container because I was neither aware about difference between a virtual machine and a container nor the principles of OCI's specification.
Also, systemd or systemV is system management daemon that is required to manage systems with hundreds or thousands of process. As the desired number of process in a container is only one so we do not need a process management daemon or any other unnecessary tools like ssh, htop, net-tools, firewalld etc.
How do we run the deliverable software?
The ideal way to run an application inside the container is to use it as the container's Entrypoint or CMD. That means, when we run the container, it will try to initiate the Entrypoint and it will start it with default command defined in the CMD. Either way, the first process (PID 1) should be our desired application/software.
So when we build the container image, we should define the entrypoint of that container. For example, I have an httpd and a redis container.
╰──➤ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
23789e2d0416 redis "docker-entrypoint.s…" 36 seconds ago Up 35 seconds 6379/tcp elegant_ganguly
9be725968ff3 httpd "httpd-foreground" 14 minutes ago Up 14 minutes 80/tcp app1
So let's check the first process of the both containers (cat /proc/1/cmdline),
╰──➤ for i in $(docker ps -q); do docker inspect $i --format 'ImageName: {{.Config.Image}}'; printf "First PID: "; docker exec -i $i sh -c "cat /proc/1/cmdline";echo; done
ImageName: redis
First PID: redis-server *:6379
ImageName: httpd
First PID: httpd-DFOREGROUND
Let's try to see the same thing with ps
╰──➤ for i in $(docker ps -q); do docker inspect $i --format 'ImageName: {{.Config.Image}}'; docker run -i --rm --pid container:$i ubuntu sh -c "ps aux | head -n2"; done
ImageName: redis
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
999 1 0.4 0.0 56024 7760 ? Ssl 14:58 0:08 redis-server *:6379
ImageName: httpd
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 7300 4380 ? Ss 14:44 0:00 httpd -DFOREGROUND
So if we are using these images; majority of the time we do not need to start it separately because it's probably already invoked by the entrypoint.
But if we want to create our own container image for our own software we can do that just by mentioning the entrypoint like the both of the httpd and redis image did here and here. You can also use CMD and Entrypoint from the command line when you run the container with the help of --entrypoint or provide the command after container name like the following (here I am using while true; do date; sleep 1; done as the default CMD),
╰──➤ docker run -d --rm ubuntu sh -c "while true; do date; sleep 1; done"
35c6352a55f25335e1bd0874493f2a31155ef752d008eb6718923d1f04ab2c14
Now let's check the first PID,
╰──➤ docker run -i --rm --pid container:35c6352a55f25 ubuntu sh -c "ps aux | head -n2"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2308 832 ? Ss 15:42 0:00 sh -c while true; do date; sleep 1; done
Run the docker pull command to download the Docker image, including Apache named httpd.
#docker pull httpd
Check the docker images using
#docker images
Now run the docker command to invoke the image you downloaded.
#docker run -d --name docker-apache -p 80:80 -d httpd
Mapping the local computer's port 80 to the container's port 80 (-p 80:80).
Try to verify whether the apache web server is working by accessing the server IP or hostname in the browser.
The sunspot_solr version that I am using is 1.3.3.
I am using sunspot_solr gem to start and stop a local instance of Solr. I use the following command to start it:
rake sunspot:solr:start
and the following command to stop it:
rake sunspot:solr:stop
However, stop is not working. I noticed that the pid written in the pids folder is not the correct one.
When I start, I can see the following as output on the ps -ef | grep 'java' command:
1000 4758 4752 0 20:32 ? 00:00:00 sh -c java -Djetty.port\=8982 -Dsolr.data.dir\=/home/panayotis/my_documents/ezMTA/solr/data/development -Dsolr.solr.home\=/home/panayotis/my_documents/ezMTA/solr -Djava.util.logging.config.file\=/tmp/logging.properties20120902-4758-13patuu -jar start.jar
1000 4761 4758 7 20:32 ? 00:00:01 java -Djetty.port=8982 -Dsolr.data.dir=/home/panayotis/my_documents/ezMTA/solr/data/development -Dsolr.solr.home=/home/panayotis/my_documents/ezMTA/solr -Djava.util.logging.config.file=/tmp/logging.properties20120902-4758-13patuu -jar start.jar
This means that the real server process is the one with pid "4761". Process "4758" is only there to start the server in a shell.
When I cat the pid file I see:
cat solr/pids/development/sunspot-solr-development.pid
4758
Which means that rake sunspot:solr:stop is killing "4758" and leaves "4761" up and running.
it's a bug!
1000 4758 4752 0 20:32 ? 00:00:00 sh -c java -Djetty.port\=8982 - Dsolr.data.dir\=/home/panayotis/my_documents/ezMTA/solr/data/development -Dsolr.solr.home\=/home/panayotis/my_documents/ezMTA/solr -Djava.util.logging.config.file\=/tmp/logging.properties20120902-4758-13patuu -jar start.jar
1000 4761 4758 7 20:32 ? 00:00:01 java -Djetty.port=8982 -Dsolr.data.dir=/home/panayotis/my_documents/ezMTA/solr/data/development -Dsolr.solr.home=/home/panayotis/my_documents/ezMTA/solr -Djava.util.logging.config.file=/tmp/logging.properties20120902-4758-13patuu -jar start.jar
because process 4758 is a foreground process, but process 4761 is a background process,so if you kill pid 4758,it will not destroy his child process 4761, the init process will become process 4761's parent!
in sunspot_solr/lib/sunspot/solr/server.rb #line 103
exec(Shellwords.shelljoin(command))
Shellwords.shelljoin(command) is a string,but Kernel#exec descrip:
exec([env,] command... [,options])
If single string is given as the command, it is taken as a command line that is subject to shell expansion before being executed.The standard shell means always "/bin/sh" on Unix-like systems.
so,it will start two process.
use this:
exec(*command)
will start one process,so rake sunspot:solr:stop will work correct.
see this pull request
I have downgraded to 'sunspot_solr', '1.3.1' and now it works ok.
Set env like this - RAILS_ENV=production rake sunspot:solr:stop