I need to update all docker images through console command. Full list:
andrey#BushM1 ~ % docker images --format "{{.Repository}}" | sort --unique
bitnami/kafka
bitnami/zookeeper
confluentinc/cp-kafka
confluentinc/cp-kafka-connect
confluentinc/cp-schema-registry
confluentinc/cp-zookeeper
denoland/deno
mariadb
mcr.microsoft.com/azure-sql-edge
mcr.microsoft.com/dotnet/aspnet
mcr.microsoft.com/dotnet/runtime
mcr.microsoft.com/dotnet/sdk
mongo
mongo-express
mysql
node
portainer/portainer-ce
postgres
provectuslabs/kafka-ui
python
rabbitmq
redis
traefik
vault
wordpress
andrey#BushM1 ~ %
I need something like this:
andrey#BushM1 ~ % docker pull $(docker images --format "{{.Repository}}" | sort --unique)
"docker pull" requires exactly 1 argument.
See 'docker pull --help'.
Usage: docker pull [OPTIONS] NAME[:TAG|#DIGEST]
Pull an image or a repository from a registry
andrey#BushM1 ~ %
How to write right iteration?
Sounds like a typical job for xargs:
docker images --format "{{.Repository}}" | sort -u | xargs -n1 docker pull
See man xargs for more options. You can also just do a loop:
.... | while IFS= read -r line; do docker pull "$line"; done
Related
We regularly push new versions of our containers to our private repository. We also have a set of containers we start when we need them like so:
docker run -e "env=val" -p 9001:80 --name blah --rm our_repo/the_image:latest
The thing we run into is when we push a new version of the_image:latest to our repository, our machines will already have a the_image:latest cached locally and it seems that the run command does not perform a pull of the image.
Is there a way to make it do that other than always having to manually issue a docker pull our_repo/the_image:latest command?
Thanks in advance
docker run --pull=always
is merged here github
will ship as part of Docker 19.09 but you can download nightly
builds with that change
commit
As mentioned by #Linpy you can try the nightly builds, but if you do not want to update you can try the below command. It will pull the image on every run.
docker run -it $(docker pull alpine | grep Status | awk 'NF>1{print $NF}')
Or
docker run -e "env=val" -p 9001:80 --name blah --rm $(docker pull our_repo/the_image:latest | grep Status | awk 'NF>1{print $NF}')
You can also use AWK with out grep
docker run -it $(docker pull alpine | awk 'END{print}' | awk 'NF>1{print $NF}')
Bash Script
#!/bin/bash
image_name="${1}"
docker run -it $(docker pull $image_name | awk 'END{print}' | awk 'NF>1{print $NF}')
$ ./test.sh alpine
We use a lot of 3rd party images [Eg: gitlab , jenkins, centos7 ..] which we run inside our docker containers. I would like to know how to check if any of the applications running in the container is run as root user. Is it the same as checking on a normal server ps -elf|grep root but inside the container.
Running Containers
To get all processes and their UIDs inside your running containers on a host, you can do the following:
for c in $(docker ps -q); do docker inspect $c -f "{{ .Name }}:"; docker top $c | awk '{print $1, $2, $8}'; echo "--------------"; done
This will print something like
/webserver-dockerized_nginx_1:
UID PID CMD
root 13437 nginx:
systemd+ 13522 nginx:
systemd+ 13526 nginx:
systemd+ 13527 nginx:
systemd+ 13528 nginx:
--------------
for all containers you have running.
Images
To get the configured users for all images on a host you can do
docker image inspect $(docker image ls -q) -f "{{ .RepoTags }}: {{ .ContainerConfig.User }} {{ .Config.User }}"
This will output something like
[nginx:mainline-alpine]:
[memcached:alpine]: memcache memcache
[redis:5-alpine]:
As Marvin mentioned: If there is no user in the output, no USER was defined in the Dockerfile, thus the container will run as root (Reference: Docker Documentation)
You can attach the terminal to your running container and once you're inside you can run the ps command:
Attaching to the container
$ docker exec -it <container_id> /bin/bash
You can read more about docker exec in the official docs site: https://docs.docker.com/engine/reference/commandline/exec/
Hope it helps!
You could use docker top command in association with the process id...
Combining "docker ps" and "docker top" could make the thing..
You could do stg like that :
docker ps | perl -ne '#cols = split /\s{2,}/, $_; printf "%15s\n", $cols[0]' > tmp.txt && tail -n $(($(wc -l < tmp.txt)-1)) tmp.txt | xargs -L1 docker top | perl -ne '#cols = split /\s{2,}/, $_; printf "%15s %65s\n", $cols[0], $cols[7]' && rm tmp.txt
That's not a perfect answer ((ould be prettyfied), and also note that it only works for running container. It'd be safer to check this from a image point of view, before you run the container.
Then, every time you get an image, just check this way :
d image inspect <image id> | grep -i user
I might be wrong, but I think no user means root. Otherwise, you will have to analyse the output there.
I want to get a container ID of docker service.
Is there any command available for this ?
I tried
docker service ps MyService
but this one only gives the service ID, I am interested in the container id in which the service is running
try combination of docker process filtering and formatting:
docker ps -f name=YOUR_SERVICE_NAME --format "{{.ID}}"
UPDATE
thanks to ahivert for even shorter solution:
# same behavior with
docker ps -f name=YOUR_SERVICE_NAME --quiet
try from
https://github.com/moby/moby/issues/31369
for f in $(docker service ps -q $service);do docker inspect --format '{{.NodeID}} {{.Status.ContainerStatus.ContainerID}}' $f; done
and
docker network inspect --verbose
from https://github.com/moby/moby/pull/31710
docker service ps -q -f desired-state=running SERVICE_NAME | xargs docker inspect --format '{{.Status.ContainerStatus.ContainerID}}'
docker ps | grep "<service-name>\." | awk '{print $1}'
I tried this, it gives me a list of running services:
docker container ls
how to find which docker container is using/referencing a particular image?
To give more detail, say I have some 10 docker images and there are some 30 docker containers.. How can find which containers are created using docker image ID XXXXX using a simple command?
You need to dig through the docker history output for other images to see what is linked back. There's an image out there that automates much of this that you can run with the following:
docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock \
nate/dockviz images -t -l
More details on the above command can be found on this github repo.
Here you go:
docker ps -a | awk '{ print $1,$2 }' | grep $(docker images | grep *image-id* | awk '{ print $1}')
What is the command to get the Docker container id from the container name?
In Linux:
sudo docker ps -aqf "name=containername"
Or in OS X, Windows:
docker ps -aqf "name=containername"
where containername is your container name.
To avoid getting false positives, as #llia Sidorenko notes, you can use regex anchors like so:
docker ps -aqf "name=^containername$"
explanation:
-q for quiet. output only the ID
-a for all. works even if your container is not running
-f for filter.
^ container name must start with this string
$ container name must end with this string
You can try this:
docker inspect --format="{{.Id}}" container_name
This approach is OS independent.
Get container Ids of running containers ::
$docker ps -qf "name=IMAGE_NAME"
-f: Filter output based on conditions provided
-q: Only display numeric container IDs
Get container Ids of all containers ::
$docker ps -aqf "name=IMAGE_NAME"
-a: all containers
You could use the following command to print the container id:
docker container ls | grep 'container-name' | awk '{print $1}'
As a bonus point, if you want to login to the container with a container name:
docker exec -it $(docker container ls | grep 'container-name' | awk '{print $1}') /bin/bash
The following command:
docker ps --format 'CONTAINER ID : {{.ID}} | Name: {{.Names}} | Image: {{.Image}} | Ports: {{.Ports}}'
Gives this output:
CONTAINER ID : d8453812a556 | Name: peer0.ORG2.ac.ae | Image: hyperledger/fabric-peer:1.4 | Ports: 0.0.0.0:27051->7051/tcp, 0.0.0.0:27053->7053/tcp
CONTAINER ID : d11bdaf8e7a0 | Name: peer0.ORG1.ac.ae | Image: hyperledger/fabric-peer:1.4 | Ports: 0.0.0.0:17051->7051/tcp, 0.0.0.0:17053->7053/tcp
CONTAINER ID : b521f48a3cf4 | Name: couchdb1 | Image: hyperledger/fabric-couchdb:0.4.15 | Ports: 4369/tcp, 9100/tcp, 0.0.0.0:5985->5984/tcp
CONTAINER ID : 14436927aff7 | Name: ca.ORG1.ac.ae | Image: hyperledger/fabric-ca:1.4 | Ports: 0.0.0.0:7054->7054/tcp
CONTAINER ID : 9958e9f860cb | Name: couchdb | Image: hyperledger/fabric-couchdb:0.4.15 | Ports: 4369/tcp, 9100/tcp, 0.0.0.0:5984->5984/tcp
CONTAINER ID : 107466b8b1cd | Name: ca.ORG2.ac.ae | Image: hyperledger/fabric-ca:1.4 | Ports: 0.0.0.0:7055->7054/tcp
CONTAINER ID : 882aa0101af2 | Name: orderer1.o1.ac.ae | Image: hyperledger/fabric-orderer:1.4 | Ports: 0.0.0.0:7050->7050/tcp
If you want to get complete ContainerId based on Container name then use following command
docker ps --no-trunc -aqf name=containername
In my case I was running Tensorflow Docker container in Ubuntu 20.04 :Run your docker container in One terminal , I ran it with
docker run -it od
And then started another terminal and ran below docker ps with sudo:
sudo docker ps
I successfully got container id:
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES
e4ca1ad20b84 od "/bin/bash" 18 minutes ago
Up 18 minutes unruffled_stonebraker
Thanks for the answer of https://stackoverflow.com/a/65513726/889126, it gave me an idea to make a complete bash script as it is
export api_image_id=$(docker inspect --format="{{.Id}}" <image-name> | sed '/^[[:space:]]*$/d')
sudo docker exec -i -t ${api_image_id} /bin/bash
I need a specific container and make a script to extract some info from it in a quick sight.
Hope this would help others.
I tried sudo docker container stats, and it will give out Container ID along with details of memory usage and Name, etc. If you want to stop viewing the process, do Ctrl+C. I hope you find it useful.
I also need the container name or Id which a script requires to attach to the container.
took some tweaking but this works perfectly well for me...
export svr=$(docker ps --format "table {{.ID}}"| sed 's/CONTAINER ID//g' | sed '/^[[:space:]]*$/d')
docker exec -it $svr bash
The sed command is needed to get rid of the fact that the words CONTAINER ID gets printed too ... but I just need the actual id stored in a var.
To have container id and image Id -
$ docker container ls -a | awk 'NR>1 {print $1, $2}'
Docker image inspect ImageName\ImageId --format={{'.ConatinerConfig.Hostname'}}
The simplest way I can think of is to parse the output of docker ps
Let's run the latest ubuntu image interactively and connect to it
docker run -it ubuntu /bin/bash
If you run docker ps in another terminal you can see something like
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8fddbcbb101c ubuntu:latest "/bin/bash" 10 minutes ago Up 10 minutes gloomy_pasteur
Unfortunately, parsing this format isn't easy since they uses spaces to manually align stuff
$ sudo docker ps | sed -e 's/ /#/g'
CONTAINER#ID########IMAGE###############COMMAND#############CREATED#############STATUS##############PORTS###############NAMES
8fddbcbb101c########ubuntu:latest#######"/bin/bash"#########13#minutes#ago######Up#13#minutes###########################gloomy_pasteur######
Here is a script that converts the output to JSON.
https://gist.github.com/mminer/a08566f13ef687c17b39
Actually, the output is a bit more convenient to work with than that. Every field is 20 characters wide.
[['CONTAINER ID',0],['IMAGE',20],['COMMAND',40],['CREATED',60],['STATUS',80],['PORTS',100],['NAMES',120]]