Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

info

Great article on this at https://www.ctl.io/developers/blog/post/dockerfile-entrypoint-vs-cmd/

Both instructions allow you to execute a command from within a container, but there is a subtle difference between executing commands via a shell or through exec.  

Consider the following script

shell mode
FROM ubuntu:trusty
#shell mode
CMD ping localhost

Build it with docker built -t demo .

Then we execute docker run -t demo

Now run docker ps - notice the command that was executed was  "/bin/sh -c 'ping localhost'"

Let's change the script to 

exec mode
FROM ubuntu:trusty
#exec mode
CMD ["ping", "localhost"]

Build it with docker built -t demo .

Then we execute docker run -t demo

Now run docker ps - notice the command that was executed was  "ping localhost"

Shell or exec mode

Shell mode

If you docker exec into the container that has been written CMD in shell mode, then list the processes you see something quite interesting (On Windows we don't actually see the expected result).  If you execute docker exec demo ps -f,  straight after docker run demo, you should get a list of all active processes.  You will notice that the shell is PID 1.   This can be problematic if we need to send any sort of POSIX signals to the container since /bin/sh won't forward signals to child processes (for a detailed write-up, see Gracefully Stopping Docker Containers).

Beyond the PID 1 issue, you may also run into problems with the shell form if you're building a minimal image which doesn't even include a shell binary. When Docker is constructing the command to be run it doesn't check to see if the shell is available inside the container -- if you don't have /bin/sh in your image, the container will simply fail to start.

A better option is to use the exec form of the ENTRYPOINT/CMD instructions which looks like this:

CMD ["executable","param1","param2"]

or

ENTRYPOINT ["executable","param1","param2"]

It is strongly recommended that you always execute CMD and ENTRYPOINT as exec not shell commands.

CMD or ENTRYPOINT

Either of these keywords can be used to kick start the executable when a container is run.  The difference is how parameters are passed to the container:

CMD

Using our simple example (exec or shell are applicable)

exec mode
FROM ubuntu:trusty
#exec mode
CMD ["ping", "localhost"]

We can interact with docker using

  • docker run demo hostname
    • returns the host's name
  • docker run demo ls -al
    • lists all the files in the landing directory, notice the param "-al" is passed to the "ls" command



  • No labels