Finding Docker container processes? (from host point of view)

docker linux process-migration

I am doing some tests on docker and containers and I was wondering:

Is there a method I can use to find all process associated with a docker container by its name or ID from the host point of view.

After all, at the end of the day a container is a set of virtualized processes.


You can use docker top command. This command lists all processes running within your container.

For instance this command on a single process container on my box displays:

UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                14097               13930               0                   23:17               pts/6               00:00:00            /bin/bash

All methods mentioned by others are also possible to use but this one should be easiest.

Update:

To simply get the main process id within the container use this command:

 docker inspect -f '{{.State.Pid}}' <container id>

Another way to get an overview of all Docker processes running on a host is using generic cgroup based systemd tools.

systemd-cgls will show all our cgroups and the processes running in them in a tree-view, like this:

├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
├─docker
│ ├─070a034d27ed7a0ac0d336d72cc14671584cc05a4b6802b4c06d4051ce3213bd
│ │ └─14043 bash
│ ├─dd952fc28077af16a2a0a6a3231560f76f363359f061c797b5299ad8e2614245
│ │ └─3050 go-cron -s 0 0 * * * * -- automysqlbackup

As every Docker container has its own cgroup, you can also see Docker Containers and their corresponding host processes this way.

Two interesting properties of this method:

  1. It works even if the Docker Daemon(s) are defunct.
  2. It's a pretty quick overview.

You can also use systemd-cgtop to get an overview of the resource usage of Docker Containers, similar to top.

By the way: Since systemd services also correspond to cgroups these methods are also applicable to non-Dockerized systemd services.


the process run in a docker container is a child of a process named containerd-shim (in Docker v18.09.4)

  • First figure out the process IDs of the containerd-shim processes.
  • For each of them, find their child process.
pgrep containerd-shim

7105
7141
7248

To find the child process of parent process 7105:

pgrep -P 7105

7127

In the end you could get the list with:

for i in $(pgrep containerd-shim); do pgrep -P $i; done

7127
7166
7275

I found a similar solution using a bash script in one line:

for i in $(docker container ls --format "{{.ID}}"); do docker inspect -f '{{.State.Pid}} {{.Name}}' $i; done

When running this on the host, it will give you a list of processes running in a container with <Container ID>, showing host PIDs instead of container PIDs.

DID=$(docker inspect -f '{{.State.Pid}}' <Container ID>);ps --ppid $DID -o pid,ppid,cmd

Related

Validate Enum Values
Why do we need the new keyword and why is the default behavior to hide and not override?
Modelling a permissions system
Apache Camel and other ESB products
SimpleForm without for (non model form)
What does this Django regular expression mean? `?P`
foreach KeyValuePair in NameValueCollection?
htaccess exclude one url from Basic Auth
Path to a file without basename [duplicate]
Monads with Java 8
Install packages in Alpine docker
JSON to string variable dump