Menu
I need to be able to deploy a new container or manage Docker containers running in CoreOS from another running docker container.
Docker version is 1.5.0
CoreOS version is 647.2.0
Right now my process for deploying a new instance of my application is using a shell script.
It basically does:
pwd as -v to the work directory then the application runsI was thinking, if it's possible to execute the shell script from inside the container so that it deploys a new container in CoreOS or are there any alternatives for this method.
Another objective is to be able to stop a running container.
Any comments or suggestions would be greatly appreciated.
904
asked May 29 '15 17:05
Here's the gist: For containers to communicate with other, they need to be part of the same “network”. Docker creates a virtual network called bridge by default, and connects your containers to it. In the network, containers are assigned an IP address, which they can use to address each other.
One of the (many!) features of Docker 0.6 is the new “privileged” mode for containers. It allows you to run some containers with (almost) all the capabilities of their host machine, regarding kernel features and device access.
Containers can only communicate with each other if they share a network. Containers that don't share a network cannot communicate with one another. That's one of the isolation features provided by Docker. A container can belong to more than one network, and a network can have multiple containers inside.
run the controlling container with the Docker client & socket mounted and you will be able to control the docker daemon from within your containers (run docker client within docker container)
EDIT: DO note root access is required to the docker socket, this means the container is able to control the docker daemon and launch a containter to get root on the host, so use this with containers you trust and only you need to access.
$ docker run \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
-v /usr/lib/libdevmapper.so.1.02:/usr/lib/libdevmapper.so.1.02 \
ubuntu docker --version
Docker version 1.1.2, build d84a070
also tested on latest coreOS / Docker:
core@coreos2 /usr/lib $ docker run -it --name=test --rm -h=dod -v /var/run/docker.sock:/var/run/docker.sock -v `which docker`:/usr/bin/docker -v /usr/lib/libdevmapper.so.1.02:/usr/lib/libdevmapper.so.1.02 ubuntu bash
root@dod:/# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6746d8cd1c8d ubuntu:latest "bash" 3 seconds ago Up 2 seconds test
root@dod:/# docker --version
Docker version 1.6.2, build 7c8fca2-dirty
root@dod:/#
EDIT: for debian:jessie this wouldn't work without libsqlite3-0, we can mount it form the host or search for the package:
root@066bf3df3f2e:/# ldd `which docker`
linux-vdso.so.1 (0x00007ffdb7dc8000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fe8a77df000)
libsqlite3.so.0 => not found
libdevmapper.so.1.02 => /usr/lib/libdevmapper.so.1.02 (0x00007fe8a7593000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fe8a71ea000)
/lib64/ld-linux-x86-64.so.2 (0x00007fe8a79fc000)
libudev.so.1 => /lib/x86_64-linux-gnu/libudev.so.1 (0x00007fe8a6fdb000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fe8a6dd3000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fe8a6bcf000)
to find out which package provides this file for debian:jessie use packages.debian.org/search
EDIT: the user within the container will need to have permission to read the docker socket from the host, if it is a non-root user, you could try to have a docker group within the container, but the group gid should match to host docker group (unconfirmed if this actually works).
Alternatively you could apt-get install sudo and
echo "<user_name> ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/90-custom && \
chmod 0440 /etc/sudoers.d/90-custom
at which point you can write scripts for that user to sudo docker .. control the host docker daemon.
131
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
