Get container ID through Docker process PID

Although Docker is a namespace isolation technology to isolate the process between containers, in a host running Docker, the process within the Docker container is in the same namespace (assuming a) as the process running within the host. Although the parent process of applying a process within a Docker container is the one with PID 1 (these processes are separate namespace, this namespace is not the same as the namespace mentioned earlier, this is assumed to be B), but in namespace The actual parent process for a container in Docker is Docker daemon, which enables process isolation because the parent process has the ability to manage child processes, and the child processes cannot affect the parent process or other namespace processes.

Because the processes inside the Docker container are in the same namespace as the processes running within the host, using the PS-EF command in the host can find out all the processes running in the current system, which contain all of the full Docker-related processes, in this namespace, The parent process of these processes (either parent or parent) contains Docker daemon, so you can always find the init process for the host, starting with the PID of a process in the Docker container.

Sometimes we need to find this container's container ID based on the PID of the Docker container process, and the underlying command that comes with the Linux system is not able to do that. But there are ways to get the container ID through the PID. There are two possible ways to do this.

The first is based on: Docker inspect <container id> can get the container's PID, through Docker PS can get the container ID, so you can combine the two commands together, using the following command line can be resolved:

Docker Inspect-f ' {. State.pid}} {{. ID} ' $ (Docker ps-a-Q) | grep <pid>

650) this.width=650; "title=" image "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/89/39/wKioL1gNetnymwS9AAAWNU_mxAs228.png "height = "/>"

But the first flaw is that if the process happens to be a subprocess of a process within a container, the process will no longer appear in the host's namespace, because only the container's PID of 1 will appear in the host's namespace. Therefore, the second method must be used.

Second: After Docker Version 1.11, added "Containerd", according to the implementation of this feature can be directly through the process of the parent process of the cmdline to find its container ID. The disadvantage of this approach is that it does not apply to versions prior to Docker version 1.11.

Based on both of these features, a Python script was written to discover:

1. Find the container ID corresponding to the PID and print the container details

2. Get the process tree for this process and the process tree containing the command line

The script also hides a function that derives the port number that the process takes up based on the process. This feature is not very useful in this script, but it is useful elsewhere.

because the script content is long, you can get this script from Gitub: https://github.com/DingGuodong/LinuxBashShellScriptForOps/tree/master/projects/LinuxSystemOps/ Softwaremanagement/docker.

Run (if you can't see it, open the picture using the New tab page to view the original) as follows:

Docker Server Version < 1.11

650) this.width=650; "title=" image "style=" border-right-width:0px;border-bottom-width:0px;border-top-width:0px; " Border= "0" alt= "image" Src= "http://s3.51cto.com/wyfs02/M02/89/39/wKioL1gNetnD2mGdAAF7No9GyCk081.png" width= "1136" height= "549"/>

An example of the first method failure.

650) this.width=650; "title=" image "style=" border-right-width:0px;border-bottom-width:0px;border-top-width:0px; " Border= "0" alt= "image" Src= "Http://s3.51cto.com/wyfs02/M00/89/39/wKioL1gNetmyKBamAAAbE1wdD2s190.png" width= "644" Height= "/>"

At this point, it is necessary to implement the second method (if you can't see it, use the new tab to open the picture to see the original).

650) this.width=650; "title=" image "style=" border-right-width:0px;border-bottom-width:0px;border-top-width:0px; " Border= "0" alt= "image" Src= "Http://s3.51cto.com/wyfs02/M01/89/3B/wKiom1gNetzSJ4GPAANoBgfrVe4212.png" width= "1200" height= "648"/>

Off Topic:

With regard to the INIT process, "The init process is the parent of all Linux processes", this sentence is actually wrong! Perhaps it should be said that the Init process is the parent process of all Linux user-space processes, and PID 2 [Kthreadd] is the parent process of the Linux system kernel space process. Except for 2, 3, 4, and 5 are also special process PID, and their parent process is not init. In addition, 0 is also a special process for process scheduling.

Tag: Get container ID through PID, container namespace, how to find container ID

--end--

This article is from "Communication, My Favorites" blog, please make sure to keep this source http://dgd2010.blog.51cto.com/1539422/1864913

Get container ID through Docker process PID