How to access the host by running commands from the docker container? I need to access the host so that I can check the space usage of my docker containers and images.
Asked
Active
Viewed 1,207 times
2
-
1Your question is similar to this one: https://stackoverflow.com/questions/32163955/how-to-run-shell-script-on-host-from-docker-container but the accepted answer there seems to be flawed. – Paul Aug 03 '17 at 03:09
-
Thanks for the answer. I'll check if the possible solution provided in the thread can also work in my case. – Vaanz Aug 03 '17 at 03:16
3 Answers
5
This problem is basically a "how can I grab data from the host of a docker container".
Like what Paul said, docker containers are meant to be standalone environments for running an application, isolated from the host environment.
Similar to virtual machine but much more lightweight. Hence containers are not meant to have the power to execute shell commands directly to the host.
I guess this was designed for security reason as well because you won't want malicious containers be executing evil commands on the host like formating disk.
Back to the question.
Fundamentally these are pretty much the standard ways a container can access data from its host;
- Unix domain socket
- Volume
- Network socket e.g. Restful or Web services
Unix domain socket:
This idea is to have a process running on the host acting as a server to listen on a Unix domain socket. Then the container will have a client process to request for resources from its server. In this case the resource can be asking about diskspace.
This method requires the file path of the *.sock socket file to be visible between the host and container and this can be achieved by using the docker volume command.
Advantage: Solution is extensible as you can add different kind of requests once you have built the client-server program.
Disadvantage Can take a bit of time to build the application. A bit of overkill if you ask me.
The Volume Way
You mount a filepath from a host to the container. Then you create a quick and dirty shell script to write the result of df to a file and place it in the shared directory area.
Then in the container, you will have another cron job to run a program/script constantly to parse the df result and do whatever you need to do after that.
Advantage:
Not as expensive as the former solution as you don't have to write small programs to read and write outputs.
Disadvantage: Can be messy or impossible to extend this solution to serve different types of resources. E.g. Run a program from the host's shell.
RESTFUL / Web service way
Very very similar to the unix domain socket method too but you talk HTTP here. You still write your client/server program but in a different way. However it is more troublesome than the first strategy as you need an extra step to lookup the ip address of docker0 network interface. This is so that you know how the container can connect to the host.
Advantage: Extensible. You can use this program to control any remote host which deploy your REST server.
Disadvantage: Expensive to develop. Probably super overkill for your use-case.
Conclusion
I might just go the docker volume way.
Have a cron job to run a simple shell script to run df, process its output and just write "TRUE" or "FALSE" keyword to the file.
Then just have another shell script within the container to cat that file to determine whether to trigger some other scripts when a keyword was expected.
Samuel Toh
- 18,006
- 3
- 24
- 39
-
Thank you so much for a detailed explanation. I will check on each possible solution provided for what is more feasible in my case. – Vaanz Aug 03 '17 at 06:26
-
This is the easier solution that we got. Creating a cron job that monitors the disk usage and store it in a file every few minutes and then mounting the file to the docker container. – Vaanz Aug 08 '17 at 09:08
3
If you install the ssh client in the container, and the sshd server on the host, you can ssh from the container to the host to execute commands. To avoid typing passwords, e.g. to run scripts automatically, use ssh keys.
As far as I know, docker does not provide a means to execute commands in the host context from the container. The whole point of docker is to contain the containers, and not let them execute commands on the host.
The opposite is easier. You can enter the container context from the host by using docker exec
Paul
- 26,170
- 12
- 85
- 119
-
I'll check if we can also get the credentials or they can just provide us with the key to use to SSH to the host. Thanks! – Vaanz Aug 03 '17 at 03:16
-
Maybe if you have an idea, is it there a way to check the space usage of my container and my image from docker container? Tried running df -vha inside the docker container but it only shows the total space usage of the whole docker including the images that we are not concerned of. – Vaanz Aug 03 '17 at 03:21
-
@Vaanz You could set up a cron job on the host that runs the df command every minute or so, and then copy the result to a file inside the container with `docker cp` – Paul Aug 03 '17 at 03:22
-
@Vaanz Using ssh is probably better than that, as the information is more current, and not running all the time when not needed. – Paul Aug 03 '17 at 03:24
-
@Vaanz If disk space is problem, buy a bigger disk. Disk is inexpensive compared to programmer time. RAM is perhaps a trickier issue. Processes in container show up in display from `top` command on host, so can be monitored. – Paul Aug 03 '17 at 03:26
2
If you would like to have a container which is running tasks to monitor your Docker host system usage and more, you should have a look at https://prometheus.io/ with https://github.com/prometheus/node_exporter.
The node exporter container gets the procfs and sysfs from the Docker host mounted and is therefore capable to monitor the host metrics.
-v "/proc:/host/proc:ro" \
-v "/sys:/host/sys:ro" \
m4r10k
- 1,087
- 8
- 8
-
Yes, I agree with this solution. It's similar as that access host by mounting a host path. This is more straight way. – Jared Jan 10 '18 at 10:35