## Containers

Docker containers are processes isolated from the system. In this section we will see how to easily launch containers using docker.

Here is the summary.

* Launching a container

* Publish ports

* Bound Mount

* Resource constraints

* Permissions

* Useful options

## Managing the life cycle of containers

Containers have lifecycle and several states. I am going to present you the different commands that allow you to modify the state of a docker container.

<img src="https://full-stack-assets.s3.eu-west-3.amazonaws.com/images/LEAD/M04-DevOps/D03/container-lifecycle.svg" title="" alt="container-lifecycle.svg" data-align="center">

In this section, you will learn the most common commands used to manage docker containers.

In [None]:
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

The `docker run` command first `creates` a writeable container layer over the specified image, and then `starts` it using the specified command. A stopped container can be restarted with all its previous changes intact using `docker start`.

Idée : Préciser les commandes pour voir les containers "docker ps". What would a tutorial be without the famous hello world?  The following command launches a very light version of linux called alpine.

In [None]:
docker container run alpine echo "Hello world!"
Hello world!

What's going on behind it? As in the previous example, the docker daemon will first download the image if it is not present locally. A container based on this image will be launched.
We have added at the end of the command some instructions when the container is launched. Once launched the container will display the text hello-world. Once the task has been completed the container will end.

### List containers

In [None]:
%%bash
docker container ps;
CONTAINER ID  IMAGE  COMMAND  CREATED   STATUS   PORTS   NAMES

Docker tells us that there is no container running, but we have just launched one. In fact, the previous container stopped as soon as it finished his task. To find it again we have to list the containers that have also stopped.

In [None]:
%%bash
docker container ps -a;
CONTAINER ID        IMAGE               COMMAND                 CREATED             STATUS                     PORTS               NAMES
a42244a40718        alpine              "echo 'Hello world!'"   3 minutes ago       Exited (0) 3 minutes ago                       flamboyant_elbakyan

Option -a allows you to list all containers. Without, only running containers are listed.

1. CONTAINER ID: Container ID, generated so that it is unique.

2. IMAGE : The image used for this container

3. COMMAND: The command executed when the container is started

4. CREATED: Time since creation of the container

5. STATUS: The current status of the container, here exited with a return code 0 (without error) for 3 minutes

6. PORTS: List of listened ports (we will see this later)

7. NAMES: Name of the container, here it is a random name because we have not defined one for our container.

Let's start a nginx server.

In [None]:
%%bash
docker container run -d --name nginx -p 8080:80 nginx;

1. The --name option is used to give a name to the container docker. Be careful, two containers cannot have the same name.

2. 8080 port is exposed.

### Inspect

The **inspect** order gives us all the information about the container. What files are mounted, its image, its ports etc... I let you navigate through this flow of useful information to debug an application.

In [None]:
%%bash
docker inspect nginx;
[
    {
        "Id": "a584be52a1b44d6f5fd4fe5109cdb6711d880a57e8eed0d0f825a2e44247250e",
        "Created": "2020-10-09T15:03:58.403524416Z",
        "Path": "/docker-entrypoint.sh",
        "Args": [
            "nginx",
            "-g",
            "daemon off;"
        ],
        "State": {
            "Status": "running",
[....]

A server like nginx produces logs. When a client connects logs are generated. Accessing these logs is easy.

In [None]:
%%bash
docker logs nginx;
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
[...]

1. nginx is the name of the container.

Logs are only displayed at a time t. To stay logged in and follow the logs, add the -f option.

In [None]:
%%bash
docker logs -f nginx;

1. -f (follow) keep STDOUT open in the terminal

Use your browser to generate logs on at localhost:8080. You will see the created logs in live.

## Exec

With the command "exec" you can execute orders in your container.

In [None]:
%%bash
docker exec nginx service nginx start;
docker ps;
CONTAINER ID  IMAGE  COMMAND  CREATED   STATUS   PORTS   NAMES

1. Stop the nginx server in the container.

2. The main process of the container is stopped

3. The container is stopped

## Stop

There is an easier way to stop a container.

In [None]:
%%bash
docker container stop nginx;

## Rm

The container will be deleted. If files are mounted the data will not be lost. Warning : all other data will be lost.

In [None]:
%%bash
docker container rm nginx;

## Interactive Shell

During the launch of the Alpine container we displayed a message and then the container stopped. The container stops as soon as the process is no longer in progress.
With the command below we can open an interactive shell in the container.

In [None]:
%%bash
 docker container run -it alpine

1. Launch a terminal in an Alpine image
2. The -t option opens a pseudo-terminal in the container.
3. The -i option keep STDIN open even if not attached

This method makes it possible, for example, to use software without installing it directly on your host. We would like to perform some actions in python ( here's a loop that displays "Courage, docker is great!").

In [None]:
%%bash
docker container run -it python:latest python3

In [None]:
for x in range(0, 10):
    print("Courage, docker is great!")

Conversely, the nginx web server needs a process that keeps running. We want the container to keep running after we close the terminal.
Use the -d option :

In [None]:
%%bash
docker container run -d nginx

Your container will then be started in detached mode. STDIN, STDOUT and STDERR are no longer redirected to your terminal but to the daemon. You can close your terminal without stopping the container.

## Publish port

We saw earlier that the containers may need to listen on ports on the host machine. To do this it is necessary to specify which port is to be opened and to which port the traffic will be routed.
Docker offers the possibility to map the outer ports of a container to another port inside. This allows you to run multiple http web servers (on port 80). All you have to do is specify a different port in the host machine.

This command starts two different web servers on port 8080 and 8081 of the machine.

In [None]:
%%bash
docker run -p 8080:80 -d nginx;
docker run -p 8081:80 -d nginx;
docker ps;

1. You can access the first server on port 8080

2. You can access the first server on port 8081

## Bind Mount

With a bind mount, we can share the host file system with the container. 
Here is an example :
You wish to develop a back-end application in javascript using node. Several remote developers work with you to help you on small blocking points. No need for them to download and install node. They will simply download your source code and launch a container with node by sharing your source code with the container. Then, they will be able to develop code from their host while benefiting from node without having to worry about installation.
With this method, the developer can even benefit from hot reloads of his code.

In [None]:
%%bash
mkdir test; cd test;
echo 'console.log("hello world!")' > index.js;
docker container run -v $PWD:/home node home

Second case. You wish to launch an nginx container with certificates for https configuration. 
You share the certificates present on your host with the nginx container. You will be able to easily administer your certificates without having to worry about the container. Several applications will be able to benefit from the same certificates at the same time.

## Limit

By default, a container has no resource constraints and can use as much of a given resource as the host’s kernel scheduler allows. Docker provides ways to control how much memory, or CPU a container can use, setting runtime configuration flags of the `docker run` command. This section provides details on when you should set such limits and the possible implications of setting them.

### Memory

It is important not to allow a running container to consume too much of the host machine’s memory. On Linux hosts, if the kernel detects that there is not enough memory to perform important system functions, it throws an `OOME`, or `Out Of Memory Exception`, and starts killing processes to free up memory. Any process is subject to killing, including Docker and other important applications. This can effectively bring the entire system down if the wrong process is killed.

In [None]:
%%bash
docker container run --memory 4MB estesp/hogit;

1. Launch of a container that stresses the ram

2. Maximum limit of the ram to 4MB

3. The container is stropped by the kernel as soon as the limit is reached.

### CPU

By default, each container’s access to the host machine’s CPU cycles is unlimited. You can set various constraints to limit a given container’s access to the host machine’s CPU cycles.

In [None]:
%%bash
docker container run -ti --rm --cpus="2" ubuntu;
root@a0f492e2fc05:/# apt-get update && apt-get install stress
root@a0f492e2fc05:/# stress -c 3
root@a0f492e2fc05:/# top
    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                                                                                                                                     
    262 root      20   0    3856    100      0 R  67.3   0.0   0:03.35 stress                                                                                                                                      
    263 root      20   0    3856    100      0 R  67.3   0.0   0:03.38 stress                                                                                                                                      
    261 root      20   0    3856    100      0 R  65.3   0.0   0:03.31 stress                                                                                                                                      
      1 root      20   0    4108   3524   2972 S   0.0   0.0   0:00.05 bash                                                                                                                                        
    252 root      20   0    4108   3516   3060 S   0.0   0.0   0:00.01 bash                                                                                                                                        
    259 root      20   0    6092   3280   2740 R   0.0   0.0   0:00.00 top                                                                                                                                         
    260 root      20   0    3856   1048    968 S   0.0   0.0   0:00.00 stress 

1. Launch the container with a limit of 2 cpu. The host used has 4 cpu.

2. Launch the stress test on 3 cpu. The power of 2 cpu is distributed over the 3. Each cpu can expect a maximum of 66% of its use.

### I/O

By default, all containers get the same proportion of block IO bandwidth (blkio). This proportion is 500. To modify this proportion, change the container’s blkio weight relative to the weighting of all other running containers using the `--blkio-weight` flag. We can also limit the writing speed of the disc, thanks to an option.

--device-read-iops: Limits the IO read on a device per second. 

--device-write-bps: Limits the writing speed on a device per second.

Other options are available on the official docker documentation

## Useful command

Here is my personal selection of useful command.

In [None]:
%%bash
docker exec -it container bash;

Allows to open an interactive shell in a container. caution: the storyteller must have the bash utility.

In [None]:
%%bash
docker rm -f nginx

Allows you to forcefully delete all running container.

In [None]:
%%bash
docker rm -f $(docker ps -aq)

1. -f option allows you to remove the containers by force

2. docker ps -aq lists all the containers and displays only their id (quiet mode)

This control must be used with care. It can be used to delete all stopped or running containers. Data can be lost, so be careful.