How PID works in a Docker Container(s)
Scope: What this document addresses:
1.???? Are the pids unique across multiple containers on the same host OS?
2.???? Can a pid, which was killed be reused?
Case: Say, in your application you have a need to identify and track if a particular process is still running or terminated. You need to know this because, in case if it is terminated you may want to restart it on a certain event. Now, one way to do this to save a record of pid of the process ( may be along with a timestamp) and check if the pid is still running. If yes(still runing) then, there are two possibilities:
1.???? Either the process is continuously running or
2.???? the process was terminated and the OS assigned the same pid to another process
If possibility 2 (pid assigned to another process) then it is a false positive and not in line with our application.
The confusion gets more complex when we consider it in case of a docker container. The docker itself can be restarted (leading to creation of same pid) or there can be multiple dockers at a time that may have same pid.
Explantation:
1.???? Sequential PID: The host OS (in our case: Ubuntu) and the docker OS ( again ubuntu) ensures that all pid are sequential and the system will wrap around once it reaches the maximum PID value, which is determined by the value in /proc/sys/kernel/pid_max. The default value of pid_max is usually 32768, though it can be set as high as 4194304 on systems with a 64-bit kernel.
2.???? PID Reuse: A PID of a killed process may be reused. If the system is creating processes very rapidly, it will cycle through the available PIDs more quickly, increasing the likelihood that a given PID will be reused in a short amount of time. However, even on a system with a high rate of process creation, modern Linux kernels implement a delay before a PID is reused, to help avoid potential issues with leftover process state.
3.???? Should we be concerned?: In practice, for most users and most use cases, PID reuse is not something that needs to be actively worried about. The Linux kernel is designed to handle PID assignment and reuse efficiently and safely, and PID reuse will generally not cause issues for well-behaved applications.
4.???? Do you notice PID reuse: If you find that PID reuse is causing issues to application, it might be worth reviewing the application's design and implementation to ensure it is robustly handling the creation and termination of processes.
5.???? PID in a docker: When Docker runs a container, it isolates various aspects of the environment for that container, including the process ID (PID) namespace. However, this isolation doesn’t mean that the container generates its own PIDs independent of the host; it means that the container has its own view of PIDs.
By default, Docker uses the host’s PID namespace, which means that processes running inside the container are visible on the host and they receive a unique PID on the host. For example, if you run a process inside a container, you could see that process listed in the output of the ps command on the host system, and it would have a unique PID assigned by the host’s kernel.
领英推荐
6.???? Docker PID Namespace: Docker also supports PID namespace isolation. If you start a Docker container with the --pid flag set to a value other than host, the container will have its own isolated PID namespace. In this case, PIDs inside the container are independent of PIDs on the host, and the container’s init process will have PID 1. However, even in this case, the host's kernel is still responsible for assigning PIDs to the processes, but it keeps track of separate namespaces for the host and the container.
1.???? So in our case, as long as we start Docker with the --pid flag set to host, the pid of process in it will be unique on host and container. This is what you may want in your case.
2.???? instead, if the container is started with the --pid flag set to container (which is the default) then container will have is own isolated PID and if we use these values to store in our application it can cause confusion.
3.???? See this screenshot from https://docs.docker.com/engine/reference/run/
7.???? Conclusion:
1.???? Test by starting your docker always with --pid set to host.
2.???? In case of a reuse of PID, reviewing the application's design and implementation to ensure it is robustly handling the creation and termination of processes.
8.???? Disclaimer:
1.???? These are purely based on reading of the manual and documents. I have not tested these.
References:
·?????? Docker Run reference
·?????? pid_namespaces - Linux man page