I've noticed with docker that I need to understand what's happening inside a container or what files exist in there. One example is downloading images from the docker index - you don't have a clue what the image contains so it's impossible to start the application.
What would be ideal is to be able to ssh into them or equivalent. Is there a tool to do this, or is my conceptualisation of docker wrong in thinking I should be able to do this.
To analyze a Docker image, simply run dive command with Docker "Image ID". You can get your Docker images' IDs using "sudo docker images" command. Here, ea4c82dcd15a is Docker image id. The Dive command will quickly analyze the given Docker image and display its contents in the Terminal.
Docker containers make use of the Union File System (UFS), which works with a series of read-only layers that includes a final read-write layer on top. This system functions perfectly when a container doesn't need to save data.
Linux: /var/lib/docker/ Windows: C:ProgramDataDockerDesktop. macOS: ~/Library/Containers/com. docker.
Here are a couple different methods...
Docker version 1.3 or newer supports the command exec
that behave similar to nsenter
. This command can run new process in already running container (container must have PID 1 process running already). You can run /bin/bash
to explore container state:
docker exec -t -i mycontainer /bin/bash
see Docker command line documentation
You can evaluate container filesystem this way:
# find ID of your running container: docker ps # create image (snapshot) from container filesystem docker commit 12345678904b5 mysnapshot # explore this filesystem using bash (for example) docker run -t -i mysnapshot /bin/bash
This way, you can evaluate filesystem of the running container in the precise time moment. Container is still running, no future changes are included.
You can later delete snapshot using (filesystem of the running container is not affected!):
docker rmi mysnapshot
If you need continuous access, you can install sshd to your container and run the sshd daemon:
docker run -d -p 22 mysnapshot /usr/sbin/sshd -D # you need to find out which port to connect: docker ps
This way, you can run your app using ssh (connect and execute what you want).
Use nsenter
, see Why you don't need to run SSHd in your Docker containers
The short version is: with nsenter, you can get a shell into an existing container, even if that container doesn’t run SSH or any kind of special-purpose daemon
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With