I have a host machine which has one docker container. The container is active and running a particular service. On meeting a particular condition, I want to remove the container and shut down the machine also. Is it possible to do so?
I am planning to modify the code which runs the service to handle the shutting down of the machine? Any suggestions are welcome!
Running a clean shutdown will be dependent on the hosts init system.
To avoid giving the container --privileged access and to also avoid installing host specific init tools in your container, you could create an interface to signal the host to shutdown rather than trying to get the container to run the shutdown.
An Interface
There's many ways this could be done. A simple starting point could be a mounted volume to share data between the container and host. A file will do for now but you could use a socket, fifo, TCP or any other IPC method you want.
Create a file on the host, say /var/run/shutdown_signal and mount the file into your container
docker run -d -v /var/run/shutdown_signal:/shutdown_signal whatever
Write a string into the file when you want the host to shutdown
docker exec $cid sh -c 'echo true > /shutdown_signal'
Then you need something running on the host to monitor the file.
A simple script that waits for file changes with inotifywait.
echo "waiting" > /var/run/shutdown_signal
while inotifywait -e close_write /var/run/shutdown_signal; do
signal=$(cat /var/run/shutdown_signal)
if [ "$signal" == "true" ]; then
echo "done" > /var/run/shutdown_signal
shutdown -h now
fi
done
You could poll the file if inotifywait is not available.
while sleep 30; do
signal=$(cat /var/run/shutdown_signal)
...
The Horrible Alternative
There is also a more universal, kernel way to trigger an immediate, unclean shutdown in Linux.
docker run --privileged busybox \
sh -c 'echo 1 > /proc/sys/kernel/sysrq; echo o > /proc/sysrq-trigger'
But this will likely cause more issues for you than it's worth.
For example I run
docker run --rm --name mycontainer -p 8080:8080 myrepo/myimage
then I see an output of my application, everything is OK. Then I press the Ctrl+C but the container is still running and I'm forced to explicitly stop and remove it:
docker rm -f <container_id>
Or even worse:
docker stop <container_id>
docker rm <container_id>
Is there any way to do it automatically? If not it's OK.
PS: What is the purpose of all that stopped containers still kept on the harddrive?!
What is the purpose of all that stopped containers still kept on the harddrive?!
Running containers include the process you are running along with the namespaced environment to run that process inside of (networking, pid, filesystem, etc).
A stopped container has the container specific read/write filesystem layer, any configuration you included to run the container (e.g. environment variables), and logs if you are using the json logging driver (default).
Removing a container deletes that RW filesystem layer, json logs, and the configuration, which also removes the container from the list of stopped containers. This is a permanent operation, so do not remove containers you may want to later inspect or restart.
I press the Ctrl+C but the container is still running and I'm forced to explicitly stop and remove it
First, make sure you are running a current version of docker. I believe somewhere around 1.13 they migrated the processing of the --rm option from the client to the server. Next, make sure your application handles the Ctrl+C command. In a shell script, this would be a handler for a SIGTERM. You also need run the container interactively so that the keyboard input is sent to the container, that is the -it flag. With all three of those done, you should see containers automatically cleaned up with:
docker run --rm -it --name mycontainer -p 8080:8080 myrepo/myimage
followed by a Ctrl+C. The -it will pass the SIGTERM to the container which should then stop the process, which stops the running container. And the --rm will result in the container being automatically removed.
If for some reason you cannot get your container to handle the SIGTERM, then you can send a SIGKILL with a docker kill command, which cannot be trapped and ignored by the application.
Note that if you run a docker stop on your container and see a 10 second delay before it is stopped, then your application is ignoring the SIGTERM. One common cause for this is a /bin/sh running as pid 1. A shell will ignore this signal when it's running as pid 1 by default, on the assumption that you are in signal user mode.
Per default, docker runs the image command as pid 1. pid 1 is handled special by the kernel as it normally is used for the system init process. For this reason, CTRL+C / SIGTERM does not work on pid 1.
Actual docker versions provide option --init to run a minimal init system (tini) as pid 1. Your image command runs as a child of tini. As no longer being pid 1, your image command will accept CTRL+C again.
Add --init to your sample command, and you can stop with CTRL+C
docker run --rm --init --name mycontainer -p 8080:8080 myrepo/myimage
Not needed in your case, just additional info: You can change the signal from docker stop with --stop-signal SIGNAL with SIGNAL being one of the many signals shown by kill -L, for example SIGHUP or SIGINT.
I have a Docker container running with this command in my Jenkins job:
docker run --name="mydoc" reportgeneration:1.0 start=$START end=$END config=$myfile
This works very well. The image is created from a DockerFile which is executing a shell script with ENTRYPOINT.
Now I want to know how much CPU and memory has been utilized by this container. I am using a Jenkins job, where in the "execute shell command", I am running the above Docker run command.
I saw about 'docker stats' command. It works very well in my Ubuntu machine. But I want it to run via Jenkins as my container is running via Jenkins console. So here follows the limitations I have.
I don't know if there is any way to stop docker stats command. In Ubuntu command line, we hit 'ctrl+c' to stop it. How will I do it in Jenkins?
Even if I figure out a way to stop docker stats, once the 'docker run' command gets executed, the container will not be active and will be exited. For exited container, CPU and memory utilisation will be zero.
docker run 'image'
docker stats container id/name
With the above two lines, docker stats command will only get an exited container and I don't think docker stats will even work with Jenkins console as it cannot be stopped.
Is there any way that I can get container's resource utilization (CPU, memory) in a better way via Jenkins console?
Suggestion is to not run docker stats interactively, but have a piece of a shell script with a loop like this:
#!/bin/sh
# First, start the container
CONTAINER_ID=$(docker run -d ...)
# Then start watching that it's running (with inspect)
while [ "$(docker inspect -f {{.State.Running}} $CONTAINER_ID 2>/dev/null)" = "true" ]; do
# And while it's running, check stats
docker stats --no-stream $CONTAINER_ID
sleep 1
done
# When the script reaches this point, the container had stopped.
# For example, let's clean it up (assuming you haven't used --rm in run).
docker rm $CONTAINER_ID
The condition checks whenever the container is running or not, and docker stats --no-stream prints stats once then exits, making it suitable for non-interactive use.
I believe you can use a variant of such shell script file (obviously, updated to do something useful, rather than just starting the container and watching its stats) as a build step.
But if you need/want/have an interactive process that you want to stop, kill is the command you're looking for. Ctrl-C in a terminal just sends a SIGINT to the process.
You need to know an PID, of course. I'm not sure about Jenkins, but if you've just started a child process from a shell script with child-process & (e.g. docker stats &), then its PID would be in the $! variable. Or you can try to figure it using pidof or ps commands, but that may be error-prone in case of concurrent jobs (unless they're all isolated).
Here I've assumed that your Jenkins jobs are shell scripts that do the actual work. If your setup is different (e.g. if you use some plugins so Jenkins talk to Docker directly), things may be different and more complicated.
I have a host machine which has one docker container. The container is active and running a particular service. On meeting a particular condition, I want to remove the container and shut down the machine also. Is it possible to do so?
I am planning to modify the code which runs the service to handle the shutting down of the machine? Any suggestions are welcome!
Running a clean shutdown will be dependent on the hosts init system.
To avoid giving the container --privileged access and to also avoid installing host specific init tools in your container, you could create an interface to signal the host to shutdown rather than trying to get the container to run the shutdown.
An Interface
There's many ways this could be done. A simple starting point could be a mounted volume to share data between the container and host. A file will do for now but you could use a socket, fifo, TCP or any other IPC method you want.
Create a file on the host, say /var/run/shutdown_signal and mount the file into your container
docker run -d -v /var/run/shutdown_signal:/shutdown_signal whatever
Write a string into the file when you want the host to shutdown
docker exec $cid sh -c 'echo true > /shutdown_signal'
Then you need something running on the host to monitor the file.
A simple script that waits for file changes with inotifywait.
echo "waiting" > /var/run/shutdown_signal
while inotifywait -e close_write /var/run/shutdown_signal; do
signal=$(cat /var/run/shutdown_signal)
if [ "$signal" == "true" ]; then
echo "done" > /var/run/shutdown_signal
shutdown -h now
fi
done
You could poll the file if inotifywait is not available.
while sleep 30; do
signal=$(cat /var/run/shutdown_signal)
...
The Horrible Alternative
There is also a more universal, kernel way to trigger an immediate, unclean shutdown in Linux.
docker run --privileged busybox \
sh -c 'echo 1 > /proc/sys/kernel/sysrq; echo o > /proc/sysrq-trigger'
But this will likely cause more issues for you than it's worth.
In Docker 1.1.2 (latest), what's the correct way to detach from a container without stopping it?
So for example, if I try:
docker run -i -t foo /bin/bash or
docker attach foo (for already running container)
both of which get me to a terminal in the container, how do I exit the container's terminal without stopping it?
exit and CTR+C both stop the container.
Type Ctrl+p then Ctrl+q. It will help you to turn interactive mode to daemon mode.
See https://docs.docker.com/engine/reference/commandline/cli/#default-key-sequence-to-detach-from-containers:
Once attached to a container, users detach from it and leave it running using the using CTRL-p CTRL-q key sequence. This detach key sequence is customizable using the detachKeys property. [...]
Update: As mentioned in below answers Ctrl+p, Ctrl+q will now turn interactive mode into daemon mode.
Well Ctrl+C (or Ctrl+\) should detach you from the container but it will kill the container because your main process is a bash.
A little lesson about docker.
The container is not a real full functional OS. When you run a container the process you launch take the PID 1 and assume init power. So when that process is terminated the daemon stop the container until a new process is launched (via docker start) (More explanation on the matter http://phusion.github.io/baseimage-docker/#intro)
If you want a container that run in detached mode all the time, i suggest you use
docker run -d foo
With an ssh server on the container. (easiest way is to follow the dockerizing openssh tutorial https://docs.docker.com/engine/examples/running_ssh_service/)
Or you can just relaunch your container via
docker start foo
(it will be detached by default)
I dug into this and all the answers above are partially right. It all depends on how the container is launched. It comes down to the following when the container was launched:
was a TTY allocated (-t)
was stdin left open (-i)
^P^Q does work, BUT only when -t and -i is used to launch the container:
[berto#g6]$ docker run -ti -d --name test python:3.6 /bin/bash -c 'while [ 1 ]; do sleep 30; done;'
b26e39632351192a9a1a00ea0c2f3e10729b6d3e22f8e0676d6519e15c08b518
[berto#g6]$ docker attach test
# here I typed ^P^Q
read escape sequence
# i'm back to my prompt
[berto#g6]$ docker kill test; docker rm -v test
test
test
ctrl+c does work, BUT only when -t (without -i) is used to launch the container:
[berto#g6]$ docker run -t -d --name test python:3.6 /bin/bash -c 'while [ 1 ]; do sleep 30; done;'
018a228c96d6bf2e73cccaefcf656b02753905b9a859f32e60bdf343bcbe834d
[berto#g6]$ docker attach test
^C
[berto#g6]$
The third way to detach
There is a way to detach without killing the container though; you need another shell. In summary, running this in another shell detached and left the container running pkill -9 -f 'docker.*attach':
[berto#g6]$ docker run -d --name test python:3.6 /bin/bash -c 'while [ 1 ]; do sleep 30; done;'
b26e39632351192a9a1a00ea0c2f3e10729b6d3e22f8e0676d6519e15c08b518
[berto#g6]$ docker attach test
# here I typed ^P^Q and doesn't work
^P
# ctrl+c doesn't work either
^C
# can't background either
^Z
# go to another shell and run the `pkill` command above
# i'm back to my prompt
[berto#g6]$
Why? Because you're killing the process that connected you to the container, not the container itself.
If you do "docker attach "container id" you get into the container.
To exit from the container without stopping the container you need to enter Ctrl+P+Q
I consider Ashwin's answer to be the most correct, my old answer is below.
I'd like to add another option here which is to run the container as follows
docker run -dti foo bash
You can then enter the container and run bash with
docker exec -ti ID_of_foo bash
No need to install sshd :)
Try CTRL+P,CTRL+Q to turn interactive mode to daemon.
If this does not work and you attached through docker attach, you can detach by killing the docker attach process.
Better way is to use sig-proxy parameter to avoid passing the CTRL+C to your container :
docker attach --sig-proxy=false [container-name]
Same option is available for docker run command.
The default way to detach from an interactive container is Ctrl+P Ctrl+Q, but you can override it when running a new container or attaching to existing container using the --detach-keys flag.
You can use the --detach-keys option when you run docker attach to override the default CTRL+P, CTRL + Q sequence (that doesn't always work).
For example, when you run docker attach --detach-keys="ctrl-a" test and you press CTRL+A you will exit the container, without killing it.
Other examples:
docker attach --detach-keys="ctrl-a,x" test - press CTRL+A and then X to exit
docker attach --detach-keys="a,b,c" test - press A, then B, then C to exit
Extract from the official documentation:
If you want, you can configure an override the Docker key sequence for detach. This is useful if the Docker default sequence conflicts with key sequence you use for other applications. There are two ways to define your own detach key sequence, as a per-container override or as a configuration property on your entire configuration.
To override the sequence for an individual container, use the --detach-keys="<sequence>" flag with the docker attach command. The format of the <sequence> is either a letter [a-Z], or the ctrl- combined with any of the following:
a-z (a single lowercase alpha character )
# (at sign)
[ (left bracket)
\ (two backward slashes)
_ (underscore)
^ (caret)
These a, ctrl-a, X, or ctrl-\\ values are all examples of valid key sequences. To configure a different configuration default key sequence for all containers, see Configuration file section.
Note: This works since docker version 1.10+ (at the time of this answer, the current version is 18.03)
If you just want see the output of the process running from within the container, you can do a simple docker container logs -f <container id>.
The -f flag makes it so that the output of the container is followed and updated in real-time. Very useful for debugging or monitoring.
In Docker container atleast one process must be run, then only the container will be running the docker image(ubuntu,httd..etc, whatever it is) at background without exiting
For example in ubuntu docker image ,
To create a new container with detach mode (running background atleast on process),
docker run -d -i -t f63181f19b2f /bin/bash
it will create a new contain for this image(ubuntu) id f63181f19b2f . The container will run in the detached mode (running in background) at that time a small process tty bash shell will be running at background. so, container will keep on running untill the bash shell process will killed.
To attach to the running background container,use
docker attach b1a0873a8647
if you want to detach from container without exiting(without killing the bash shell),
By default , you can use ctrl-p,q. it will come out of container without exiting from the container(running background. that means without killing the bash shell).
You can pass the custom command during attach time to container,
docker attach --detach-keys="ctrl-s" b1a0873a8647
this time ctrl-p,q escape sequence won't work. instead, ctrl-s will work for exiting from container. you can pass any key eg, (ctrl-*)
You can simply kill docker cli process by sending SEGKILL. If you started the container with
docker run -it some/container
You can get it's pid
ps -aux | grep docker
user 1234 0.3 0.6 1357948 54684 pts/2 Sl+ 15:09 0:00 docker run -it some/container
let's say it's 1234, you can "detach" it with
kill -9 1234
It's somewhat of a hack but it works!
To prevent having logs you should run in detach mode using the -d flag
docker run -d <your_command>
If you are already stuck, you could open a new window/tab in your terminal and close the first one. It won't stop the process of the running job
in case if you using docker on windows, you may use combination 'CTRL + D'
Old post but just exit then start it again... the issue is if you are on a windows machine Ctrl p or Ctrl P are tied to print... exiting the starting the container should not hurt anything