What is a container?

A “container” is just a term people use to describe a combination of Linux namespaces and cgroups. Linux namespaces and cgroups ARE first class objects. NOT containers.

Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs


Cannot connect to the Docker daemon. Is the docker daemon running on this host?

A user raised a ticket to increase /var filesystem because he needed more space for docker images. We normally don’t add space to /var as it is considered a system filesystem. If application needs to write to a directory under /var, we create a new filesystem mounted at for example /var/application-dir.

As docker store images etc. under /var/lib/docker, we created a new filesystem mounted at /var/lib/docker. The user had no images to migrate, therefore we just cleared /var/lib/docker before mounting the new filesystem. After this, docker did not work. systemctl status docker shows docker is up and loaded but running any “docker command” ends up in:

Cannot connect to the Docker daemon. Is the docker daemon running on this host?

We reinstalled docker a few times without success. In the midst of troubleshooting, I killed all processes except my login shell by running killall5. At which point I have no choice apart from reboot. The issue went away after reboot.

I am trying Kubernetes and it won’t create pods

Following this document from Red Hat, I am giving Kubernetes a spin to manage docker containers today.

So I followed the instructions and got ready to launch pods but it won’t. “docker ps -a” shows nothing. “kubectl get pod” shows me it is trying create two pods but the status remains “creating….”.

Then I see this /var/log/messages:

Feb 4 06:17:26 my_host_name kubelet: E0204 06:17:26.026916 15051 manager.go:1557] Failed to create pod infra container: image pull failed for gcr.io/google_containers/pause:0.8.0, this may be because there are no credentials on this request. details: (unable to ping registry endpoint https://gcr.io/v0/

It is trying pull “pause” image from Google and my server can’t access it. I verified with “docker pull gcr.io/google_containers/pause:0.8.0”.

I found workaround here by way of pulling the image from docker.io which I can access.

docker pull docker.io/kubernetes/pause
docker tag kubernetes/pause gcr.io/google_containers/pause:0.8.0
docker tag gcr.io/google_containers/pause:0.8.0 gcr.io/google_containers/pause

Start a shell in a container

If the container is running bash with PID 1

docker ps
docker attach container_id

Exiting the shell will terminate the container. To exit the container without terminating it, use Control+P+Q.

Otherwise, get the container ID

docker inspect container_id | grep Pid

Use nsenter

nsenter -m -u -n -p -i -t Pid  /bin/bash

In this case, exiting the shell will not terminate the container.

The other, (preferred way, they say) is to use docker exec to run a process in a container.

docker exec -it container_id /bin/bash
man docker-exec

In this method too, exiting the shell will not terminate the container.