Debian Question posted in
The oficial documentation can be found here.

How to get docker container ID from within the container with cgroup v2 – Debian

As Docker supports cgroup v2 since engine version 20.10, it will automatically use it on distributions that have cgroups v2 enabled. The known solutions to get the unique container ID from within the container, do not work anymore.

/ # cat /proc/self/cgroup
0::/

/ # cat /proc/1/cpuset
/

Tried with docker v20.10.8 on Debian 11 with alpine:latest.

Working solutions for cgroup v1:
How can I get Docker Linux container information from within the container itself?

As stated in the docker reference, with cgroup v2, the container id is still visible in the filesystem at the following places, but those aren’t accessible from the container itself.

/sys/fs/cgroup/memory/docker/<longid>/ on cgroup v1, cgroupfs driver
/sys/fs/cgroup/memory/system.slice/docker-<longid>.scope/ on cgroup v1, systemd driver
/sys/fs/cgroup/docker/<longid/> on cgroup v2, cgroupfs driver
/sys/fs/cgroup/system.slice/docker-<longid>.scope/ on cgroup v2, systemd driver

https://docs.docker.com/config/containers/runmetrics/#find-the-cgroup-for-a-given-container

Edit 1/2021-09-01:

One Workaround is to run the container with the option --cgroupns host. But that requires control over the creation of the container.

$ docker run -it --cgroupns host alpine cat /proc/self/cgroup
0::/system.slice/docker-09ec67119d38768dbf7994d81c325e2267214428a3c2e581c81557e3650863d8.scope

$ docker run -it alpine cat /proc/self/cgroup
0::/

Question:

Is there any way, to get the unique container id from within? (without relying on the container hostname or having to use the docker api to fetch the id)

Tags:

5

Answers


  1. 0

    I have encountered the same problem while trying to fetch the container identification from cgroup.

    But there is another way to achieve the same goal. Docker containers are rely on OverlayFS storage driver, each container will be assigned an unqiue directory which is mapped to a virtual filesystem where the container files are written.

    root@container:~# cat /proc/self/mountinfo | grep -i overlay

767 553 0:187 / / rw,relatime master:167 - overlay overlay rw,lowerdir=/var/lib/docker/overlay2/l/ZTHS22AHCPD2HJEY6UIKIO3BHY:/var/lib/docker/overlay2/l/4P6QELQ6532G5362S5VVTA7Y7K,upperdir=/var/lib/docker/overlay2/76c8877e95fa589df1fb97bf831ec221df130fdfb8f1f1cb8166bd99bebf51de/diff,workdir=/var/lib/docker/overlay2/76c8877e95fa589df1fb97bf831ec221df130fdfb8f1f1cb8166bd99bebf51de/work

    as the command result has shown above, upperdir=/var/lib/docker/overlay2/76c8877e95fa589df1fb97bf831ec221df130fdfb8f1f1cb8166bd99bebf51de/diff locates in host machine and it serves only one container that it is allocated to.

    Notice that OverlayFS could be replace to any driver that implement the speicification of storage driver, but upperdir information remains the same structure.

    Make sure that the decision must take inside the container since the host machine would show up OverlayFS mount information if LXC is delopyed on the host machine.

    Login or Signup to reply.
  2. 0

    This seems to work without the need to query to cgroup and without using the value of hostname, which sometimes is not set to the value of container id, for example in gitlab runners with docker executors.

    OVERLAY_ID=`cat /proc/self/mountinfo | grep -i overlay | sed -n "s/.+upperdir\=\(.+\)\/diff.+/1/p"`
CONTAINER_ID=`docker inspect -f $'{{.ID}}t{{.Name}}t{{.GraphDriver.Data.MergedDir}}' $(docker ps -aq) | grep $OVERLAY_ID | sed -n "s/t+.+//p"`
echo $CONTAINER_ID

    Thanks @soxfmr and to this How do I identify which container owns which overlay directory?

    Login or Signup to reply.
  3. 0

    The --cgroupns host fix is effective, but not available if you don’t control the container’s creation. Further, this docker run option is not available in the API or docker compose (https://github.com/compose-spec/compose-spec/issues/148).

    But… good news – the container ID is still exposed via /proc/self/mountinfo:

    678 655 254:1 /docker/containers/7a0144cee1256c539fab790199527b7051aff1b603ebcf7ed3fd436440ef3b3a/resolv.conf /etc/resolv.conf rw,relatime - ext4 /dev/vda1 rw
679 655 254:1 /docker/containers/7a0144cee1256c539fab790199527b7051aff1b603ebcf7ed3fd436440ef3b3a/hostname /etc/hostname rw,relatime - ext4 /dev/vda1 rw
680 655 254:1 /docker/containers/7a0144cee1256c539fab790199527b7051aff1b603ebcf7ed3fd436440ef3b3a/hosts /etc/hosts rw,relatime - ext4 /dev/vda1 rw

    Here’s a Python snippet that’ll parse it:

    with open( '/proc/self/mountinfo' ) as file:
    line = file.readline().strip()    
    while line:
        if '/docker/containers/' in line:
            containerID = line.split('/docker/containers/')[-1]     # Take only text to the right
            containerID = containerID.split('/')[0]                 # Take only text to the left
            break
        line = file.readline().strip()

    Credit goes to richgriswold: https://community.toradex.com/t/python-nullresource-error-when-running-torizoncore-builder-build/15240/4

    Login or Signup to reply.
  4. 0

    You could also get the systemmd using:

    grep 'systemd' /proc/self/mountinfo|cut -d/ -f3

    from outside the Docker container, will be:

    docker run -it alpine grep 'systemd' /proc/self/mountinfo|cut -d/ -f3

    And the output will be just the UUID, for example, 7a0144cee1256c539fab790199527b7051aff1b603ebcf7ed3fd436440ef3b3a.

    Login or Signup to reply.
  5. 0

    run this command inside the container :

    cat /proc/self/mountinfo | grep "/docker/containers/" | head -1 | awk '{print $4}' | sed 's//var/lib/docker/containers///g' | sed 's//resolv.conf//g'
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search