Docker Debugging Cli Lab

By /

Lab 1: The “Resource Hog” Hunt

Goal: Identify a container causing performance issues.

  1. Start a Stress Container: docker run -d --name heavy-load alpine sh -c "yes > /dev/null" (This command runs an infinite loop, eating CPU).
  2. Run Monitor: docker stats
  3. Observe: Look at the CPU column. You will see heavy-load hitting 100% CPU.
  4. Fix: Press Ctrl+C to exit stats. docker rm -f heavy-load

Lab 2: The “Hidden Secret” Hunt

Goal: Extract hidden configuration details.

  1. Start App with Secret: docker run -d --name secret-app -e PASSWORD=SuperSecret123 alpine sleep 1000
  2. Inspect: docker inspect secret-app
  3. Find the Password:
    • Beginner Way: Scroll through the text until you see “Env”.
    • Pro Way: docker inspect secret-app | grep PASSWORD
    • Architect Way: docker inspect -f '{{.Config.Env}}' secret-app
  4. Result: You see [PASSWORD=SuperSecret123].
    • Lesson: Never rely on Environment Variables for high security!

Lab 1: The “Silent Killer” (OOM Investigation)

Goal: Diagnose why a container crashed silently.

  1. Run with Limits: docker run -d --name memory-test --memory="10m" alpine sleep 1000 (We are giving it a tiny 10MB limit).
  2. Trigger the Crash:
    • We will run a command that eats memory instantly.
    • docker exec memory-test grep -r "x" /
    • Wait a few seconds. The container will likely stop running.
  3. The Mystery:
    • Run docker ps. It’s gone.
    • Run docker logs memory-test. It’s likely empty or unhelpful.
  4. The Autopsy (Inspect):
    • docker inspect memory-test | grep OOMKilled
  5. Result:
    • "OOMKilled": true
    • Conclusion: The Linux Kernel killed your container to save the system. This is the #1 reason for “random” crashes in production.

Lab 2: The “Intruder” Check (Filesystem Forensics)

Goal: Detect unauthorized changes inside a container.

  1. Start a Clean Container: docker run -d --name secure-server nginx
  2. Simulate an Attack:
    • docker exec -it secure-server touch /etc/hacker-was-here.txt
    • docker exec -it secure-server rm /usr/share/nginx/html/index.html
  3. Run Forensics: docker diff secure-server
A /etc/hacker-was-here.txt   (A = Added)
C /run/nginx.pid             (C = Changed - this is normal)
D /usr/share/nginx/html/index.html (D = Deleted - CRITICAL!)

Lesson: Security tools use this logic to alert you if critical files change.

    Lab 3: The “Data Miner” (Go Template Magic)

    Goal: Extract specific data for automation scripts without using grep.

    1. Scenario: You have a container, and you need only its IP address to pass to another script.
    2. Start Container: docker run -d --name my-app nginx
    3. Attempt 1 (Grep – The Messy Way):docker inspect my-app | grep IPAddress
      • Result: Gives you 4-5 lines of output with commas and quotes. Bad for scripts.
    4. Attempt 2 (Go Template – The Pro Way): docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' my-app
    5. Result: 172.17.0.2 (Clean, pure text).
    6. Challenge: Get the Log Path. docker inspect --format='{{.LogPath}}' my-app
      • Use Case: You can use this to back up logs automatically: cp $(docker inspect --format='{{.LogPath}}' my-app) ./backup.log

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Scroll to Top