Best IT Recipes

The difference between docker app and docker exec

Both can execute commands in the container. Both can detach the container.

So what is the real difference between docker exec and docker?

+65
docker exec docker-exec
Jun 21 '15 at 2:23
source share
4 answers

There was a PR commit that added to the document:

Note. This command ( attach ) is not intended to start a new process in the container. See: docker exec .

The answer to " Docker. How to get bash \ ssh inside a running container ( run -d )? " Illustrates the difference:

(docker> = 1.3) If we use docker attach , we can use only one shell instance .
Therefore, if we want to open a new terminal with a new instance of the container shell, we just need to run docker exec

If the Docker container was started using the /bin/bash command, you can access it using attach, if not, you need to run the command to create a bash instance inside the container using exec .

As mentioned in this issue :

  • Joining is not for launching additional stuff in the container, it is for joining a running process.
  • " docker exec " is specifically for launching new things in an already running container, whether it be a shell or some other process.

The same problem adds:

Although attach is not named very well, especially because of the LXC lxc-attach command (which is more like docker exec <container> /bin/sh but specific to LXC), it really has a specific purpose - to literally attach you to the process, running docker.
Depending on what the process is, the behavior may be different , for example, connecting to /bin/bash will give you a shell, but connecting to a redis server will be the same as if you had just started redis directly, without demonization.

+73
Jun 21 '15 at 7:05
source share

When a container starts using / bin / bash, it becomes PID 1 containers, and docker docking is used to enter PID 1 of the container. This way docker attaches <container-id> will lead you inside the bash terminal, like PID 1, as we mentioned when starting the container. Exiting the container will stop the container.

While in the docker exec command, you can specify which shell you want to enter. This will not lead you to the PID 1 container. It will create a new process for bash. docker exec -it <container-id> bash . Exiting the container will not stop the container.

You can also use nsenter to enter inside containers. nsenter -m -u -n -p -i -t <container pid> You can find the container PID using: docker inspect <container-id> | grep PID

Note. . If you started your container with the -d flag, exiting the container will not stop the container if you use attach or exec to enter inside.

+18
May 9 '17 at 8:13
source share

Docker exec executes a new command / creates a new process in the container environment, while Docker attach simply connects the standard input / output / error of the main process (with PID 1) inside the container with the corresponding standard input / output / current error terminal (terminal that you use to run the command).

A container is an isolated environment in which some processes run. In particular, a container has its own file system space and PID space that are isolated from the host and other containers. When the container is started using "docker run –it ...", the main process will have pseudo-tty and STDIN left open. When connecting in tty mode, you can disconnect from the container (and leave it working) using a custom key sequence. The default sequence is CTRL-p CTRL-q. You configure the key sequence using the --detach-keys option or the configuration file. You can attach it to a separate container using the dock.

Docker exec simply starts a new process inside the container environment, that is, it belongs to the container's PID space.

For example, if you start your container using "docker run –dit XXX / bin / bash", you can connect to the container (the main process) using two different terminals. When you enter data on one terminal, you can see that it appears on the other terminal, since both terminals are connected to the same terminal. Be careful that you are now in the main container process, if you type "exit", you will exit the container (so be careful using detach keys to disconnect), and you will see that both terminals have exited. But if you run "docker exec –it XXX / bin / bash" in two terminals, you start two new processes inside the container, and they are not connected to each other and to the main process, and you can safely exit them,

+2
Sep 06 '18 at 7:34
source share

As Michael Sun stated in his answer

docker exec executes a new command / creates a new process in the container environment, while docker attach simply connects the standard input / output / error of the main process (with PID 1) inside the container with the corresponding standard input / output / current error terminal (terminal that you use to run the command).

My answer will focus on allowing you to confirm the above statement and understand it more clearly.

Open a terminal window and run the command docker run -itd --name busybox busybox/bin/sh . The busybox command image busybox if it is not already. He will then create a container named busybox using this image.

You can check the status of your container by running docker ps -a | grep busybox docker ps -a | grep busybox docker ps -a | grep busybox docker ps -a | grep busybox .

If you run docker top busybox , you should see something like this.

 UID PID PPID C STIME TTY TIME CMD root 7469 7451 0 11:40 pts/0 00:00:00 /bin/sh

Of course, PID , PPID and other values ​​will be different in your case. You can use other tools and utilities such as pstree , top , htop to see a list of PID and PPID .

PID and PPID mean process identifier and parent process identifier. The process started when we created and launched our container using the /bin/sh command. Now run the docker attach busybox . This will attach the standard container I / O / error stream to your terminal.

After attaching the container, create a shell session by running the sh command. Press CTRL-p CTRL-q sequence. This will disconnect the terminal from the container and keep it operational. If you now run docker top busybox , you should see two processes in the list.

 UID PID PPID C STIME TTY TIME CMD root 7469 7451 0 11:40 pts/0 00:00:00 /bin/sh root 7737 7469 0 11:43 pts/0 00:00:00 sh

But the PPID two processes will be different. In fact, the PPID second process will be the same as the PID first. The first process acts as the parent process for the shell session we just created.

Now run docker exec -it busybox sh . Once inside the container, check the list of running processes for the busybox container in another terminal window by running the docker top busybox . You should see something like this.

 UID PID PPID C STIME TTY TIME CMD root 7469 7451 0 11:40 pts/0 00:00:00 /bin/sh root 7737 7469 0 11:43 pts/0 00:00:00 sh root 7880 7451 0 11:45 pts/1 00:00:00 sh

PPID first and third processes will be the same, which confirms that docker exec creates a new process in the container environment, while docker attach simply connects the standard input / output / error of the main process inside the container with the corresponding standard input / output / error of the current terminal.

+1
Jul 20 '19 at 17:05
source share


More articles:


All Articles