2

I'm trying to build a generic system init tool, which will run on all of our systems, which verifies that local Docker images have not been altered. The tool will not know what containers are supposed to be running, and will run each time the system is booted (or rebooted) to verify the identity and integrity of the Docker images on the system. My question is whether it's possible to start Docker and tell it not to start containers which may have a restart policy set? Basically, can I start Docker without it starting any containers?

Secondary question, which may help with the first; where is the config file that the daemon uses to determine which containers need to be restarted when the daemon starts up?

Improve this question

2 Answers 2

Reset to default
4

The container configuration file that holds Restart Policy is under /var/lib/docker/containers/HASH/hostconfig.

"RestartPolicy":{"Name":"always","MaximumRetryCount":0}

1- If you try to stop docker :

sudo systemctl stop docker

2- Change always to none on /var/lib/docker/containers/HASH/hostconfig.

3- Start back Docker service :

sudo systemctl start docker

The container auto startup will be disabled.

But still why not use the simple syntax :

sudo update --restart=none <container_id>

ANOTHER WAY could be by renaming /var/lib/docker/containers :

1- Stop Docker

2- Change the container folder back to /var/lib/docker/containers/

3- Start back Docker

Improve this answer
2
  • I should have included the additional context that this is for a generic edge application and this will all be programmatically by the system at boot. The init script will not know how many containers are running or what their individual restart policy is. Rather than the script going through the effort to learn what containers are supposed to be running and then note their restart policies, is simpler and more bullet proof to just rename the 'containers/' folder. If you want to modify your answer to include this, I'll accept your answer instead of my own. Commented Nov 14, 2020 at 1:06
  • I see. Thanks i will edit my answer. also there is another option is to use docker service unit file and use ExecStartPre and execute a script which will rename the containers path. Commented Nov 14, 2020 at 1:11
0

I found that Docker places configuration information, including restart policy, in hostconfig.json under container ID hashes in /var/lib/docker/containers/. For my test example, the config file was /var/lib/docker/containers/301849...5917f/hostconfig.json. I stopped Docker, renamed the /var/lib/docker/containers/ and restarted Docker and none of the previously configured containers were re-started. I could then do my verifications. To get things running again, I did the reverse:

  1. Stopped Docker
  2. Changed the container folder back to /var/lib/docker/containers/
  3. Restarted Docker

All the containers that were configured with restart policies were restarted and all was good.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.