This story is inspired by my futile attempt at writing a Docker-esque container daemon in 100% Python.

Trick 1: Docker for Python

pip install docker

Working with the Docker CLI is fine, but working with the API from Python is much better. You can list containers, look at the attributes and using the 3 other tricks, leverage them for power features.

Trick 2: Namespaces for Python

pip install nsenter

Thanks to the folks at Zalando for this one, it’s a wrapper for the C API to enter a Kernel Namespace. With Docker, a docker running container has it’s own namespace. This is what protects it from the other containers on the host, keeps it isolated. More details here in their great blog post.

Using nsenter is straightforward, let’s say you start a new nginx container using docker run -d nginx and you get back a container ID of 277906bc266c, you can get the running process ID with this command.

Use the example in Trick 1 to get the process ID. Use that process ID to jump into the namespace and run a command, look at the file system or just generally wreak havoc.

Why? Well, you’ll often find yourself hopping up a bash session for a running container to debug a few bugs in your code (me? never!), well it’s called Bash for a reason, so why use a hammer when you can use a sonic screwdriver?

Trick 3: cgroups for Python

pip install cgroups

Control groups are the way that Docker, and other tools ensure that a particular process doesn’t get carried away and use up all the resources on that host. You can, using the cgroups package both create, list an manipulate existing cgroups on the host. CPU limits for example, aren’t set on a container by default, so you can use Python to dynamically shift resources around on the host. This example starts a new process and moves it to a cgroup, you can do a similar thing with the existing process that Docker has started.

Thats all for now, check out my Docker Daemon implementation on GitHub if you want some solid examples of using these packages https://github.com/tonybaloney/mocker