Visualisation de la hiérarchie des images

Afin de mieux comprendre comment sont composées les images Docker, il important de comprendre les couches qui les composent. L’outil DockViz permet de générer une image de ces couches.

Nous allons lancer cet outil sur l’hôte. Les images suivantes sont installées :

docker images

REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
devopstestlab/graphviz           latest              6844578f44e8        5 hours ago         41.4MB
alpine                           latest              d6e46aa2470d        3 weeks ago         5.57MB
devopstestlab/nginx-helloworld   latest              9468dea24c09        7 months ago        19.7MB
nate/dockviz                     latest              93b5259c1e18        2 years ago         6.61MB

Créons un conteneur Docker sur l’image nate/dockviz. Ce conteneur génère une image au format dot. Ensuite, nous utilisons l’image Docker devopstestlab/graphviz pour convertir cette image au format png :

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images --dot |docker run -i -v $PWD:/tmp devopstestlab/graphviz dot -Tpng -o /tmp/docker-graph.png

Une image docker-graph.png est générée :

Les noeuds avec <missing> sont des couches d’images Docker.

Visualization of the image hierarchy

In order to better understand how Docker images are composed, it is important to understand the layers that make them up. The DockViz tool allows you to generate an image of these layers.

We will launch this tool on the host. The following images are installed:

docker images

REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
devopstestlab/graphviz           latest              6844578f44e8        5 hours ago         41.4MB
alpine                           latest              d6e46aa2470d        3 weeks ago         5.57MB
devopstestlab/nginx-helloworld   latest              9468dea24c09        7 months ago        19.7MB
nate/dockviz                     latest              93b5259c1e18        2 years ago         6.61MB

Let’s create a Docker container based on the image nate/dockviz. This container generates an image in dot format. Then we use the Docker image devopstestlab/graphviz to convert this image to png format:

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images --dot |docker run -i -v $PWD:/tmp devopstestlab/graphviz dot -Tpng -o /tmp/docker-graph.png

A docker-graph.png image is generated:

Nodes with <missing> are layers of Docker images.

Formatting the output of the Docker commands

Sometimes it is very useful to change the columns displayed in the output of the Docker commands either to reduce the width of the display or to rearrange the displayed columns.

To do this, use the --format argument. The specified value is in Go format.

For example, let’s display the list of containers with the container name, image name and container status, separated by a tab character :

docker container ps -a --format "table {{.Names}}\t{{.Image}}\t{{.Status}}"

NAMES                   IMAGE                            STATUS
compassionate_burnell   devopstestlab/nginx-helloworld   Up 4 seconds

You can now adapt the display format of the Docker commands according to your wishes.

Formater la sortie des commandes Docker

Parfois, il est très utile de modifier les colonnes affichées dans la sortie des commandes Docker soit pour réduire la largeur de l’affichage, soit pour redisposer les colonnes affichées.

Pour cela, utilisez l’argument --format. La valeur spécifiée est au format Go.

Par exemple, affichons la liste des conteneurs avec le nom du conteneur, le nom de l’image et l’état du conteneur, séparés par un caractère de tabulation :

docker container ps -a --format "table {{.Names}}\t{{.Image}}\t{{.Status}}"

NAMES                   IMAGE                            STATUS
compassionate_burnell   devopstestlab/nginx-helloworld   Up 4 seconds

Vous savez maintenant adapter le format d’affichage des commandes Docker selon vos souhaits.

Monitor the performance of Docker containers with cAdvisor

cAdvisor (https://github.com/google/cadvisor) allows to monitor the performance of a container. It displays information on CPU and memory usage. cAdvisor is written in Go. It captures the metrics that the docker stats command returns and aggregates them.

Let’s launch cAdvisor in a Docker container :

docker run \

  -d \

  -v=/:/rootfs:ro \

  -v=/var/run:/var/run:rw \

  -v=/sys:/sys:ro \

  -v=/var/lib/docker/:/var/lib/docker:ro \

  -p=8080:8080 \

  --privileged \

  --name=cadvisor \

  google/cadvisor:latest

Unable to find image 'google/cadvisor:latest' locally
latest: Pulling from google/cadvisor

5c916c92: Pulling fs layer 
5bb65cdf: Pulling fs layer 
Digest: sha256:815386ebbe9a3490f38785ab11bda34ec8dacf4634af77b8912832d4f85dca04
Status: Downloaded newer image for google/cadvisor:latest
f9c03c73404c04bf371fd501e5a9dab999ebddaf18084a91b4aafbf26459d37b

In order to work, we must give cAdvisor access to the necessary resources on the host. To give full access to the host devices, the container must be launched with the --privileged option.

To access cAdvisor, in a Web browser, go to http://0.0.0.0:8080/.

cAdvisor displays the following sections :

• Overview,
• Processes,
• CPU,
• Memory.

The summary page

This web page displays the following sections :

• The Overview section displays gauges to indicate if the resources have reached their limits.
• The Processes section displays information from the docker ps aux, docker ps and docker top commands in tabular form; to sort the processes, click on the header of the corresponding column. The columns are:
  • User: this is the user who runs the process,
  • PID: this is the ID of the process,
  • PPID: this is the PID of the parent process,
  • Start Time : this is the time the process starts,
  • CPU %: this is the percentage of CPU consumed,
  • MEM %: this is the percentage of RAM consumed,
  • RSS: this is the amount of main memory consumed,
  • Virtual Size: this is the amount of virtual memory consumed,
  • Status: this is the current state of the process (standard Linux status codes),
  • Running Time: this is the process execution time,
  • Command: This is the command executed by the process,
  • Container: this is the container to which the process is attached.
• The CPU section shows the CPU usage with the columns:
  • Total Usage: this is the aggregate usage of all cores,
  • Usage per Core: this is a breakdown of usage per core,
  • Usage Breakdown: this is the aggregated usage on all cores but distributed between what is used by the kernel and by the user’s processes.
• The Memory section is divided into two parts :
  • Total Usage: the total amount of memory used by all processes for the host or container: it is equal to Host Memory + Cold Memory;
    • the Hot Memory corresponds to the pages that have been recently affected by the kernel;
    • the Cold Memory corresponds to the page that has not been touched for a certain period of time and which could be claimed if necessary.
  • Usage Breakdown: it gives a visual representation of Total Usage and Hot Memory.
• The Network section displays :
  • Throughput: shows incoming and outgoing traffic over the last minute;
  • Errors: these are network errors, so this graph should be flat.
• The Filesystem section shows a breakdown of filesystem usage.
• The Subcontainers section shows the top CPU usage and the top memory usage.

The container statistics page

At the top of the page is a link to the running containers to view their statistics.

The Docker Containers page

At the top of the page there is a link Docker Containers to display statistics about the Docker host.

This page contains the following sections:

• The Subcontainers section displays a list of clickable containers. By clicking on the name, cAdvisor displays details on:
  • the isolation (Isolation):
    • CPU: these are the CPU allocations of the container; if there are no resource limits, information about the host CPU is displayed,
    • Memory : these are the memory allocations of the container,
  • usage (Usage):
    • Overview: these are the gauges that allow you to see if you are approaching the resource limits,
    • Processes: these are the processes of the container,
    • CPU: these are the usage graphs of the CPU isolated from the container,
    • Memory: this is the use of the container’s memory.
• The Driver Status section displays:
  • the basic statistics of the main Docker process,
  • information about the host kernel,
  • the name of the host,
  • the operating system used,
  • the total number of containers and images (the number of images counts each file system as an individual image).
• The section Images displays the list of Docker images available on the host: Repository, tag, size, image creation date, image ID.

You now know how to obtain a large amount of very useful statistics on Docker containers, allowing you to diagnose problems and optimize container performance.