3

I am currently working on automating commands for a Docker container with a Python script on the host machine. This Python script for now, builds and runs a docker-compose file, with the commands for the containers written into the docker-compose file and the Dockerfile itself.

What I want to do is have the Python script action all commands to run within the container, so if I have different scripts I want to run, I am not changing the container. I have tried 2 ways.

First was to run os.system() command within the Python script, however, this works only as far as opening the shell for the container, the os.system() command does not execute code in the Docker container itself.

The second way uses CMD within the Dockerfile, however, this is limited and is hard coded to the container. If I have multiple scripts I have to change the Dockerfile, I don't want this. What I want is to build a default container with all services running, then run Python scripts on the host to run a sequence of commands on the container.

I am fairly new to Docker and think there must be something I am overlooking to run scripted commands on the container. One possible solution I have come across is nsenter. Is this a reliable solve and how does it work? Or is there a much simpler way? I have also used docker-volume to copy the python files into the container to be run on build, however, I can still not find a solve to automate the accessing and running these python scripts from the host machine.

Don't Panic
  • 13,965
  • 5
  • 32
  • 51
Chris Maze
  • 41
  • 1
  • 3
  • It's probably better to think of containers as wrappers around a single process. Given your administrative process, you wouldn't try to get a Bourne shell within that Python script and run commands; in the same way, you really shouldn't try to script `docker exec`, but rather set up your containers to be self-sufficient. Can you give a very concrete example, including sample code and the relevant Dockerfile and `docker-compose.yml`, of a specific task you'd need to do this way? – David Maze Sep 14 '20 at 13:25
  • I have a Python app, `tkinter` for GUI, 2 containers, result is a .pcap file of network traffic for threat analysis/artifacts. One container I have small python scripts `portscanner.py` etc, the other `tcpdump`. Network is setup and Volumes to share files with the host, however, I am using `CMD` in the `dockerfile` to run the scripts. I want to be able to control the actioning of these scripts from the `tkinter` GUI without restarting the container just pass commands to start the different scripts to run. Not the typical Docker use case. Its a light-weight automated adversary emulation app. – Chris Maze Sep 15 '20 at 03:16

1 Answers1

2

If the scripts need to be copied into a running container, you can do this via the docker cp command. e.g. docker cp myscript.sh mycontiainer:/working/dir.

Once the scripts are in the container, you can run them via a docker exec command. e.g docker exec -it mycontainer /working/dir/myscript.sh.

Note, this isn't a common practice. Typically the script(s) you need would be built (not copied) into container image(s). Then when you want to execute the script(s), within a container, you would run the container via a docker run command. e.g. docker run -it mycontainerimage /working/dir/myscript.sh

sfb103
  • 264
  • 1
  • 7
  • Thanks, the set up is like a CTF where there is the vulnerable container (with vulnerable services) and an "attack" or challenge container and a Python Tkinter front end running on the host machine. I want the user to be able to run scripts in the challenge container without having to rebuild the container every time, just select the script. If I use `docker run` can I select different scripts? I have a shared volume with the host machine, all my scripts are in the shared `docker volume`, if all the scripts reside in the container can i call the different scripts? Does it work this way? – Chris Maze Sep 14 '20 at 09:17
  • Yes, it would work the same way. But you would embed the scripts at build time (with a shared volume, they can be modified at runtime). Since it's typically best practice that containers be immutable, having them copied in at runtime would be better. Either way, when you want to run the different scripts, you would just use docker run to do that, similar to how I put in my answer. – sfb103 Sep 14 '20 at 23:02