in our when Docker container operation, sometimes misoperation or other reasons inadvertently quit the container in operation, you may worry that some of your operations have not been saved, there is no need to worry, this article will provide a variety of methods for your reference (my recommendation to use the last one). In this article, we will discuss five (4+1) ways to connect the Docker container and interact with it. All of the code in the example can be found in GitHub, and you can test them yourself.
1.nsenter
Installation
The Nsenter tool is included after the Util-linux package version 2.23. If the Util-linux package does not have this command in the system, you can install it from the source code in the following ways.
You can also click this link to download http://pan.baidu.com/s/1FEt8y
$ cd/tmp; Curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz | tar-zxf-CD util-linux-2.24;
$./configure--without-ncurses
$ make nsenter && sudo cp nsenter/usr/local/bin
Use
Nsenter can access the name space of another process. Nsenter requires root permission to work properly. Unfortunately, Ubuntu 14.4 still uses the Util-linux 2.20. To install the latest version of Util-linux (2.24), follow these steps:
$ wget https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz; Tar xzvf util-linux-2.24.tar.gz
$ cd util-linux-2.24
$./configure--without-ncurses && make Nsenter
$ sudo cp nsenter/usr/local/bin
Starting with Util-linux version 2.23, the Nsenter tool is included. It is used to access the name space of another process. Nsenter requires root permission to work properly. Unfortunately, Ubuntu 14.4 still uses the Util-linux version 2.20. To install the latest version of Util-linux (2.24), follow these steps:
Cd/tmp
In order to connect to the container, you also need to find the first process of the container PID, through this PID, you can connect to this container:
$ docker Inspect--format "{{. State.pid} ' <container-id>
//or run ' Docker inspect-f ' {{. State.pid}} "<container-id>"
2.nsinit
Starting with version 0.9, Docker itself has a library of management containers, named Libcontainer. The Nsinit tool in Libcontainer allows users to directly access the Linux namespace and the Cgroup kernel. Before installing Nsinit, you first need to install the GO Runtime environment:
$ apt-get installgit golang-go
$ mkdir-p $HOME/go-dev/binmkdir-p $HOME/go-dev/src
$ echo "Export gopath=\ $HOME/ Go-dev ">> ~/.profileecho" path=\ $PATH: \ $GOPATH/bin ">> ~/.profile
$ source~/.profile
Next Install Nsinit:
$ apt-get installgit golang-go
$ mkdir-p $HOME/go-dev/binmkdir-p $HOME/go-dev/src
$ echo "Export gopath=\ $HOME/ Go-dev ">> ~/.profileecho" path=\ $PATH: \ $GOPATH/bin ">> ~/.profile
$ source~/.profile
Nsinit reads the configuration data that is located in the/var/lib/docer/execdriver/native/<container-id> container directory. To run Nsinit, you need to switch to the container directory. Because the/var/lib/docker directory is read-only for root users, you also need root permissions. By Docker the PS command, you can determine the container ID. Once you enter the/var/lib/docker directory, you can connect the container:
Nsinit Exec/bin/bash
3.LXC (-attach)
Until Docker version 0.8.1, LXC has been the basic tool for managing containers, Docker has been supporting this tool. However, starting with version 0.9.0, Docker uses the Libcontainer management container by default and no longer relies on LXC. So by default, you can't use Lxc-attach anymore.
If you still want to use Lxc-attach, then you need to use the-e lxc option to restart the Docker service process. With this option, the LXC Management container will be used again within the Docker. The easiest way to accomplish this task is to create the/etc/default/docker file (if it still does not exist) and add the following:
Docker_opts= "-E Lxc"
Now you can restart the Docker service. To connect the container, you need to know the full container ID:
Docker PS--no-trunc
Next, you'll be able to connect to the container. To complete the following tasks, you will also need root privileges:
Lxc-attach-n <container-id>--/bin/bash
4.sshd
All three of these methods require root permissions for the host system. Access to the container via SSH is a good choice to not use root permissions.
To do this, you need to build an underlying image that supports the SSH service. At this point, we may encounter the problem: do we use Docker cmd or entrypoint to run a command on it? If there are sshd processes running at this time, then we should stop running other processes. The next step is to create a script or use a process management tool like Supervisord to start all other processes that need to be started. Excellent documentation on how to use Supervisord can be found on the Docker web site. Once you start the container with the sshd process, you can connect to the container through the SSH client as usual.
Conclusion
The Sshd method may be the simplest way to connect the container, and most users are accustomed to connecting the virtual machine via SSH. In addition, you do not need to use root permissions when connecting containers. However, there is still much controversy over whether a container should manage more than one process. This approach ultimately makes each container a sshd process, which is fundamentally not advocated by process virtualization.
The other three methods require root permissions. Until version 0.8.1, Docker uses LXC to manage the container. It is for this reason that it is easy to use the Lxc-attach connection container. However, starting with version 0.9.0 the Docker service must be started with the-e lxc option to support LXC management containers internally. However, because this option is set, Docker will again rely on LXC, and LXC may be eliminated as a result of the release or installation.
Nsenter and Nsinit are generally the same. The main difference between the two tools is that Nsinit creates a new process in its own container, while Nsenter simply accesses the namespace. Jerome Petazzoni in Docker blog article to say this very thoroughly.
Several of the above methods I have tried, they are basically into the running of the container, Nsenter can also implement a multiple terminal to a container operation. If you enter the container that has been terminated, the first time you install it is OK, you can get the value of the PID, but then when you perform it, you will find that the PID value is 0 if you proceed
<del>nsenter--target $PID--mount--uts--ipc--net--pid</del>
You will find that switching to the host's Super administrator privileges.
The correct approach is described below, first by adding the meaning of some of the parameters of the command:
viewing mirrors
Docker Images: List images
Docker images-a: List all images (including history)
Docker Images--tree: Show all layers of mirrors (layer)
Docker RMI <image Id>: Deleting one or more image
View Container
Docker PS: Lists all currently running container
Docker ps-l: Lists the most recently started container
Docker ps-a: List all container (including history, the container that ran)
Docker ps-q: Lists the last run container IDs
5. The emphasis has come:
$ docker ps-a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9cff554fb6d7 ubuntuold:14.04/bin/bash about a hour ago up about a hour Condescending_blackwell
E5c5498881ed ubuntuold:14.04 /bin/bash about an hour ago exited (0) minutes ago Backstabbing_ Bardeen
The above information shows the difference between the two: The former is a running container, and the latter is the container that has been terminated (exited (0)).
Docker start/stop/restart<container>: Open/stop/reboot container
Docker start [container_id]: Run a container again (including history container)
Docker attach [container_id]: Connecting a running container instance (that is, the instance must be a start state, and multiple windows can attach a container instance at the same time)
Docker start-i <container>: Start a container and enter interactive mode (equivalent to start first, in attach)
Take the latter e5c5498881ed as an example: first execute
$ docker Start e5c5498881ed
//After viewing again exited (0) is gone, which means that the container has changed from the terminated state to the running state
$docker attach E5c5498881ed
//You will find that the container has been entered, and the previous operation of the file remains
//If no response, once again click Enter
Docker run-i-T <image>/bin/bash: Using image to create container and enter interactive mode, the login shell is/bin/bash
Docker run-i-t-p
Note: use start to start a container that has already been created, using Run to open a new container with image.
Additional:
View root Password
The password for the root user at the start of the Docker container is randomly assigned. So, in this way, you get the password for the root user of the container.
Docker Logs 5817938c3f6e 2>&1 | grep ' User: ' | Tail-n1
Thank you for reading, I hope to help you, thank you for your support for this site!