-1

I have a docker based application written in Java which calls a shell script to collect data. I want to add a few commands in this script to collect host machine/VM data like below :

firewall-cmd --list-all >> firewall.txt

journalctl >> journal.log

hostnamectl >> hostname-config.txt

iptables-save >> iptables.txt.

As these commands/resources are not directly accessible to the container, Is there any way I can achieve this? Basically what I am looking for is a way to access/run commands on host from inside the container. If yes, please answer with examples associated with any of the above commands.

darecoder
  • 1,478
  • 2
  • 14
  • 29
  • If your host is running `sshd`, you could ssh from the container to the host. You would probably want to employ key-based authentication for this, possibly limited access to specific commands. Alternatively, if the list of commands to which you need access is small, you could just set up a service on the host that accepts requests (via network sockets, unix sockets, etc) and takes the appropriate action. – larsks Feb 24 '21 at 16:19
  • Have you tried [named pipes](https://stackoverflow.com/a/63719458/15219064). – DerMaddi Feb 24 '21 at 16:20
  • I am new to dockers. A couple of examples with any of the mentioned commands would be useful. – darecoder Feb 24 '21 at 16:27
  • Found this somewhere, but still don't know on how to use this. -> https://gist.github.com/jarek-przygodzki/e80c3ed716b94f2678f0455dfce95675 – darecoder Feb 24 '21 at 16:30

1 Answers1

1

A principal design goal of Docker is that processes in containers can't directly run commands on the host and can't directly access the host's filesystem, network configuration, init system, or other details.

If you want to run a detailed low-level diagnostic tool on this system, it needs to run directly on the host system, and probably as root. It can't run in a container, virtual machine, or other isolation system.

David Maze
  • 130,717
  • 29
  • 175
  • 215
  • 1
    your thoughts on this https://gist.github.com/jarek-przygodzki/e80c3ed716b94f2678f0455dfce95675 ?? – darecoder Feb 24 '21 at 16:31
  • `sudo` is shorter, easier, preinstalled on most systems, and doesn't require disabling essentially all of Docker's controls. – David Maze Feb 24 '21 at 17:01