Menu
There are several processes running in a Docker container, their PIDs are isolated in the container namespace, is there a way to figure out what are their PIDs on the Docker host?
For example there is an Apache web server running inside a Docker container, (I use Apache+PHP image from Docker Hub), and the Apache, when it starts, creates more worker processes inside the container. Those worker processes are actually handling incoming requests. To view these processes I run pstree inside the docker container:
# pstree -p 1 apache2(1)-+-apache2(8) |-apache2(9) |-apache2(10) |-apache2(11) |-apache2(12) `-apache2(20) The parent Apache process runs on PID 1 inside of the container process namespace. However from the host's perspective it can be also accessed, but its PID on the host is different and can be determined by running docker compose command:
$ docker inspect --format '{{.State.Pid}}' container 17985 From this we can see that the PID 1 from within the container process namespace maps to PID 17985 on the host. So I can run pstree on the host, to list the children of the Apache process:
$ pstree -p 17985 apache2(17985)─┬─apache2(18010) ├─apache2(18011) ├─apache2(18012) ├─apache2(18013) ├─apache2(18014) └─apache2(18164) From this I assume that the same way how PID 1 in the container maps to PID 17985 on the host, it also maps:
(This allows me to debug the processes from docker container, using tools that are only available only on the host, and not the in the container, like strace)
The problem is that I don't know how safe is to assume that pstree lists the processes in the same order both in the container and in the host.
Would be great if someone could suggest a more reliable way to detect what is a PID on the host of a specific process running inside the Docker container.
979
The docker.pid file stores the Windows process ID of the Docker daemon. When you try to host Docker daemon on port 2375 you might see an error as shown in the following screenshot: As the error explains, docker.pid already exists which means dockerd.exe is already running on the host machine.
Find the running container's ID by using the docker ps command. Find the PID number of the first process in the running container by running the docker inspect command. Enter the running container by using the nsenter command.
Docker is efficient at creating and starting containers. It allocates PID (Process ID) 1 to the process running inside the container.
PID namespaces allow containers to provide functionality such as suspending/resuming the set of processes in the container and migrating the container to a new host while the processes inside the container maintain the same PIDs.
You can look at the /proc/<pid>/status file to determine the mapping between the namespace PID and the global PID. For example, if in a docker container I start several sleep 900 processes, like this:
# docker run --rm -it alpine sh / # sleep 900 & / # sleep 900 & / # sleep 900 & I can see them running in the container:
/ # ps -fe PID USER TIME COMMAND 1 root 0:00 sh 7 root 0:00 sleep 900 8 root 0:00 sleep 900 9 root 0:00 sleep 900 10 root 0:00 ps -fe I can look at these on the host:
# ps -fe | grep sleep root 10394 10366 0 09:11 pts/10 00:00:00 sleep 900 root 10397 10366 0 09:12 pts/10 00:00:00 sleep 900 root 10398 10366 0 09:12 pts/10 00:00:00 sleep 900 And for any one of those, I can look at the status file to see the namespace pid:
# grep -i pid /proc/10394/status Pid: 10394 PPid: 10366 TracerPid: 0 NSpid: 10394 7 Looking at the NSpid line, I can see that within the PID namespace this process has pid 7. And indeed, if I kill process 10394 on the host:
# kill 10394 Then in the container I see that PID 7 is no longer running:
/ # ps -fe PID USER TIME COMMAND 1 root 0:00 sh 8 root 0:00 sleep 900 9 root 0:00 sleep 900 11 root 0:00 ps -fe If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
