Exploring Docker container's file system

2018-06-05 19:18:12

I've noticed with docker that I need to understand what's happening inside a container or what files exist in there. One example is downloading images from the docker index - you don't have a clue what the image contains so it's impossible to start the application.

What would be ideal is to be able to ssh into them or equivalent. Is there a tool to do this, or is my conceptualisation of docker wrong in thinking I should be able to do this.

Method 1: snapshoting

You can evaluate container filesystem this way:

# find ID of your running container:
docker ps

# create image (snapshot) from container filesystem
docker commit 12345678904b5 mysnapshot

# explore this filesystem using bash (for example)
docker run -t -i mysnapshot /bin/bash

This way, you can evaluate filesystem of the running container in the precise time moment. Container is still running, no future changes are included.

You can later delete snapshot using (filesystem of the running container is not affected!):

docker rmi mysnapshot

Method 2: ssh

If you need continuous access, you can install sshd to your container and run the sshd daemon:

 docker run -d -p 22 mysnapshot /usr/sbin/sshd -D

 # you need to find out which port to connect:
 docker ps

This way, you can run your app using ssh (connect and execute what you want).

UPDATE - Method 3: nsenter

Use nsenter , see http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/

The short version is: with nsenter, you can get a shell into an existing container, even if that container doesn't run SSH or any kind of special-purpose daemon

UPDATE - Method 4: docker exec

Docker version 1.3 (latest, you might need to use docker apt repo to install latest version as of Nov 2014) supports new command exec that behave similar to nsenter . This command can run new process in already running container (container must have PID 1 process running already). You can run /bin/bash to explore container state:

docker exec -t -i mycontainer /bin/bash

see Docker command line documentation

You may archive your container' filesystem into tar file:

docker export adoring_kowalevski > contents.tar

This way works even if your container is stopped and doesn't have any shell program like /bin/bash . I mean images like hello-world from Docker documentation.

UPDATE: EXPLORING!

This command should let you explore a running docker container :

docker exec -it name-of-container bash

once inside do:

ls -lsa

or any other bash command like:

cd ..

This command should let you explore a docker image :

docker run --rm -it --entrypoint=/bin/bash name-of-image

once inside do:

ls -lsa

or any other bash command like:

cd ..

The -it stands for interactive... and tty

链接地址: http://www.djcxy.com/p/18254.html

上一篇: 如何输入已经运行新TTY的Docker容器

下一篇: 探索Docker容器的文件系统