Introduction

In this lab, you will learn how to use the docker container diff command to inspect filesystem changes within a Docker container. We will start by running a simple Nginx container and then use docker container diff to examine the initial filesystem modifications made upon container creation.

Following the initial inspection, you will make changes inside the running container. Finally, you will use docker container diff again to observe and understand the filesystem differences resulting from these modifications. This hands-on exercise will provide practical experience in using this valuable Docker command for debugging and understanding container behavior.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL docker(("Docker")) -.-> docker/ContainerOperationsGroup(["Container Operations"]) docker(("Docker")) -.-> docker/ImageOperationsGroup(["Image Operations"]) docker/ContainerOperationsGroup -.-> docker/run("Run a Container") docker/ContainerOperationsGroup -.-> docker/ps("List Running Containers") docker/ContainerOperationsGroup -.-> docker/rm("Remove Container") docker/ContainerOperationsGroup -.-> docker/exec("Execute Command in Container") docker/ContainerOperationsGroup -.-> docker/inspect("Inspect Container") docker/ImageOperationsGroup -.-> docker/pull("Pull Image from Repository") docker/ImageOperationsGroup -.-> docker/images("List Images") subgraph Lab Skills docker/run -.-> lab-555107{{"How to use docker container diff command to inspect container filesystem changes"}} docker/ps -.-> lab-555107{{"How to use docker container diff command to inspect container filesystem changes"}} docker/rm -.-> lab-555107{{"How to use docker container diff command to inspect container filesystem changes"}} docker/exec -.-> lab-555107{{"How to use docker container diff command to inspect container filesystem changes"}} docker/inspect -.-> lab-555107{{"How to use docker container diff command to inspect container filesystem changes"}} docker/pull -.-> lab-555107{{"How to use docker container diff command to inspect container filesystem changes"}} docker/images -.-> lab-555107{{"How to use docker container diff command to inspect container filesystem changes"}} end

Run an Nginx container

In this step, we will learn how to run a simple Nginx web server inside a Docker container. Docker allows us to package applications and their dependencies into containers, ensuring they run consistently across different environments.

First, we need to make sure the Nginx image is available on our system. We can pull the official Nginx image from Docker Hub using the docker pull command. This command downloads the image to your local machine.

docker pull nginx:latest

You should see output indicating that the image is being downloaded. Once the download is complete, you can verify that the image is available by listing the images on your system:

docker images

You should see nginx listed in the output.

Now, let's run the Nginx container. We will use the docker run command. The -d flag runs the container in detached mode (in the background), and the -p 80:80 flag maps port 80 on our host machine to port 80 inside the container. This allows us to access the Nginx web server from our host browser. We also give the container a name using --name my-nginx-container for easier identification.

docker run -d -p 80:80 --name my-nginx-container nginx

After running the command, Docker will output a long string, which is the container ID. This indicates that the container has started successfully in the background.

To verify that the container is running, you can use the docker ps command, which lists all running containers:

docker ps

You should see my-nginx-container listed with a status of Up.

Finally, let's access the Nginx web server from our host machine. Since we mapped port 80, we can use curl to make an HTTP request to localhost on port 80.

curl localhost

You should see the default Nginx welcome page HTML in the output. This confirms that the Nginx container is running and accessible.

Inspect initial filesystem changes using docker container diff

In this step, we will explore how to inspect the filesystem changes that occur when a Docker container is started. Docker uses a layered filesystem, and when a container is run, a new writable layer is added on top of the image layers. The docker container diff command allows us to see the differences introduced in this writable layer since the container was created.

The docker container diff command takes the container name or ID as an argument. We will use the name of the Nginx container we started in the previous step, which is my-nginx-container.

docker container diff my-nginx-container

When you run this command immediately after starting the container, you will likely see a list of files and directories. The output shows changes in the container's filesystem relative to the base image. The output format is typically:

A indicates a file or directory was added.
C indicates a file or directory was changed.
D indicates a file or directory was deleted.

The initial changes you see are often related to the container's startup process, such as the creation of temporary files, log files, or changes to system directories. These are the files and directories that are created or modified in the container's writable layer when it starts up.

Understanding these initial changes helps us see what happens under the hood when a container is launched and how the writable layer is populated.

Make changes inside the container

In this step, we will make some changes to the filesystem inside the running Nginx container. This will demonstrate how modifications within a container are recorded in its writable layer.

We will use the docker exec command to run commands inside the container. The docker exec command allows us to execute a command in a running container. We need to specify the container name (my-nginx-container) and the command we want to run.

First, let's create a new file inside the container's /tmp directory. We will use the touch command.

docker exec my-nginx-container touch /tmp/my_new_file.txt

This command executes touch /tmp/my_new_file.txt inside the my-nginx-container. You won't see any output if the command is successful.

Next, let's modify the default Nginx index file. The default Nginx welcome page is typically located at /usr/share/nginx/html/index.html inside the container. We will use the echo command to append some text to this file.

docker exec my-nginx-container echo "<h1>Hello from LabEx!</h1>" >> /usr/share/nginx/html/index.html

This command appends the HTML string "

Hello from LabEx!

" to the index.html file inside the container.

To verify that the changes have been made, you can again use curl from your host machine to access the Nginx server.

curl localhost

You should now see the original Nginx welcome page content followed by "

Hello from LabEx!

". This confirms that the index.html file inside the container has been modified.

These changes we made (creating a new file and modifying an existing one) are recorded in the writable layer of the my-nginx-container. In the next step, we will use docker container diff again to see these specific changes.

Inspect updated filesystem changes using docker container diff

In this final step, we will use the docker container diff command again to observe the filesystem changes we made in the previous step. This will clearly show how our actions inside the container are reflected in its writable layer.

Recall that in the previous step, we created a new file /tmp/my_new_file.txt and modified the /usr/share/nginx/html/index.html file inside the my-nginx-container. Now, let's run docker container diff on the container again.

docker container diff my-nginx-container

This time, the output should include the changes we made. You should see lines similar to these:

A /tmp/my_new_file.txt
C /usr/share/nginx/html/index.html

The A /tmp/my_new_file.txt line indicates that a new file named my_new_file.txt was Added in the /tmp directory.
The C /usr/share/nginx/html/index.html line indicates that the file index.html in the /usr/share/nginx/html/ directory was Changed.

This output confirms that docker container diff effectively shows the modifications made to the container's filesystem since it was started. These changes are stored in the container's writable layer, which is separate from the base image layers. This is a fundamental concept in Docker's layered filesystem and how containers maintain their state.

When the container is removed, this writable layer is also removed, and any changes made within the container are lost unless they are persisted using volumes or bind mounts (which are topics for another lab).

To clean up, you can stop and remove the container:

docker stop my-nginx-container
docker rm my-nginx-container

This concludes our exploration of docker container diff. You have learned how to inspect the initial filesystem changes when a container starts and how to see the changes you make inside a running container.

Summary

In this lab, we learned how to run a simple Nginx container using docker run, ensuring it was accessible via port mapping and verifying its status with docker ps. We then explored the docker container diff command to inspect the initial filesystem changes introduced by the container's image layers upon creation.

Subsequently, we practiced making modifications within the running container's filesystem and utilized docker container diff again to observe and understand how these changes are tracked and reflected by Docker, highlighting the command's utility in identifying differences between the container's current state and its base image.