It is known that in the Linux world, Every system has just one root process with PID 1 and PID 0 which is the root of the complete process tree of that system. Docker Cleverly uses the Namespaces to spin a new process tree, causing the process running inside the container to have no access to the parent process of the Docker Host. But the Host where Docker is running has a complete view of the Child PID namespace started by the Docker Engine.
Namespace allow us to create restricted view of system like the process tree, network interface, mount etc. So chroot restricts file system, namespace restricts other important system resources like network, process tree etc. So, a kernel namespace call wraps a global system resource in abstraction and isolation so that processes within that namespace think they have their own isolated instance of the global resource. Modifications done to that resource inside the namespace are not visible to the original resource being used by host machine or other namespaces.
The PID Namespace provides a consistent and unique resource name in place of host dependent resource name. This way pids inside the container are assigned a unique naming manner that are localised to the container. The naming can be the same as the way a traditional host machine provides its pids but the ones that are provided by containers are unique to processes running inside the container. This way the resource naming conflicts are removed.As a result, processes are created inside of a container and spend their entire lifetimes in the context of that container; they are not allowed to leave one container and join another.
Lets see how docker uses some sort of translation hash table between the pids of container and how they are viewed by the host
[root@ansible tmp]# docker run -d alpine sleep 200
6ffcbdba3fab640b0fb8f71626f558382ddb6816fd974c2153f18b2dcede3c08
[root@ansible tmp]# docker ps
ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6ffcb** alpine "sleep 200" 2 minutes Up kind_mestorf
Check the PID of the Running Docker Container using,
[root@ansible tmp]# docker inspect --format "{{ .State.Pid }}" 6ffcbdba3fab
10522
Check the Pid details on the Host machine using
[root@ansible tmp]# ps -fp 10522
UID PID PPID C STIME TTY TIME CMD
root 10522 10503 0 14:39 ? 00:00:00 sleep 200
Get the environ details of the PID from the /proc using [root@ansible tmp]# cat /proc/10522/environ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOSTNAME=6ffcbdba3fabHOME=/root
This way we can grab details regarding the Running Process details in a container on the Host machine where this container is running. More to come. Happy Learning
No comments :
Post a Comment