ljm42 Posted August 4, 2014 Share Posted August 4, 2014 Curious if anyone has used nsenter? It is discussed here: http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/ and in the latest phusion-baseimage readme: https://github.com/phusion/baseimage-docker#login_nsenter It provides shell access to any running docker image without having to deal with SSH keys or modify the docker images. There are two ways to install it in the unRAID host: 1) This docker command will drop nsenter plus a wrapper script (docker-enter) into /usr/local/bin: docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter You'll need to re-run this command every time you reboot. 2) Or you can install nsenter and phusion's wrapper script (docker-bash) as described here: https://github.com/phusion/baseimage-docker#docker_bash Again, you'll need to re-install after every reboot. Unless someone wants to make a plugin? Once it is installed you just type: docker-enter YOUR-CONTAINER-ID or: docker-bash YOUR-CONTAINER-ID i.e. docker-[enter|bash] PlexMediaServer then you can poke around to look at what is running or check logs, etc. It is really helpful when developing a dockerfile because you have much more visibility into why a command is failing. phusion officially supports nsenter in version 0.9.12 of their baseimage, but it seems to work for me in 0.9.11. I can't tell from the release notes: http://blog.phusion.nl/2014/07/17/baseimage-docker-0-9-12-released/ if there are changes in the latest that we need for nsenter. Quote Link to comment
gfjardim Posted August 5, 2014 Share Posted August 5, 2014 The difference is that in 0.9.11, nsenter was included but unsupported. Now, with 0.9.12, Phusion will start to support this, just that. For development it should be useful, but the final Dockerfile shouldn't have SSH or nsenter, as they could be a serious security threat, specially on those containers exposed on the internet. I will eventually remove ssh and maybe nsenter from my containers. PS. Appears that nscenter only works in the system using namespaces, so it should be safe to use. I reviewed the jpetazzo/nsenter code. It's just a build environment. Copy the /usr/local/bin and delete the container. I made a .txz package for it: https://dl.dropboxusercontent.com/u/18726846/nsenter-2.24-x86_64-1_unRAID.txz Quote Link to comment
BRiT Posted August 5, 2014 Share Posted August 5, 2014 Maybe I'm misreading things, but it seems 'nsenter' is strictly a HOST only program and doesn't impact the Docker Images at all. Quote Link to comment
gfjardim Posted August 5, 2014 Share Posted August 5, 2014 Maybe I'm misreading things, but it seems 'nsenter' is strictly a HOST only program and doesn't impact the Docker Images at all. Look above. Quote Link to comment
ljm42 Posted August 5, 2014 Author Share Posted August 5, 2014 I made a .txz package for it: https://dl.dropboxusercontent.com/u/18726846/nsenter-2.24-x86_64-1_unRAID.txz Thanks! I'm a little confused though, I put the file in /boot/packages/ and ran installpkg, but it throws a bunch of errors: I shutdown, ran checkdisk on the flash (didn't find anything) and rebooted. Now all is good. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.