This story is inspired by my futile attempt at writing a Docker-esque container daemon in 100% Python.
Trick 1: Docker for Python
pip install docker
Working with the Docker CLI is fine, but working with the API from Python is much better. You can list containers, look at the attributes and using the 3 other tricks, leverage them for power features.
Trick 2: Namespaces for Python
pip install nsenter
Thanks to the folks at Zalando for this one, it’s a wrapper for the C API to enter a Kernel Namespace. With Docker, a docker running container has it’s own namespace. This is what protects it from the other containers on the host, keeps it isolated. More details here in their great blog post.
Using nsenter is straightforward, let’s say you start a new nginx container using
docker run -d nginx and you get back a container ID of 277906bc266c, you can get the running process ID with this command.
Use the example in Trick 1 to get the process ID. Use that process ID to jump into the namespace and run a command, look at the file system or just generally wreak havoc.
Why? Well, you’ll often find yourself hopping up a bash session for a running container to debug a few bugs in your code (me? never!), well it’s called Bash for a reason, so why use a hammer when you can use a sonic screwdriver?
cgroups for Python
pip install cgroups
Control groups are the way that Docker, and other tools ensure that a particular process doesn’t get carried away and use up all the resources on that host. You can, using the
cgroups package both create, list an manipulate existing cgroups on the host. CPU limits for example, aren’t set on a container by default, so you can use Python to dynamically shift resources around on the host. This example starts a new process and moves it to a cgroup, you can do a similar thing with the existing process that Docker has started.
Thats all for now, check out my Docker Daemon implementation on GitHub if you want some solid examples of using these packages https://github.com/tonybaloney/mocker
Hacker Noon is how hackers start their afternoons. We’re a part of the @AMIfamily. We are now accepting submissions and happy to discuss advertising & sponsorship opportunities.
To learn more, read our about page, like/message us on Facebook, or simply, tweet/DM @HackerNoon.
If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!