本文翻译自:How to enter in a Docker container already running with a new TTY
I have a container that is running the Apache service in the foreground. 我有一个在前台运行Apache服务的容器。 I would like to be able to access the container from another shell in order to "poke around" inside it and examine the files. 我希望能够从另一个外壳访问该容器,以便在其中“探查”并检查文件。 At the moment, if I attach to the container, I am left looking at the Apache daemon and cannot run any commands. 目前,如果我连接到容器,则只能查看Apache守护程序,并且无法运行任何命令。
Is it possible to attach another tty to a running container? 是否可以将另一个tty附加到正在运行的容器? Possibly, I can take advantage of the fact that Docker is actually just wrapping around LXC containers? 可能,我可以利用Docker实际上只是包裹LXC容器这一事实吗? I have tried sudo lxc-console -n [container-id] -t [1-4]
but it appears that only one tty is made available and that is the one running the apache daemon. 我已经尝试过sudo lxc-console -n [container-id] -t [1-4]
但是看来只有一个tty可用,而那是运行apache守护程序的那个。 Perhaps there is a way to enable multiple lxc consoles during the build? 也许有一种在构建过程中启用多个lxc控制台的方法?
I would rather not configure and build the container with an openssh service if possible. 如果可能的话,我宁愿不使用openssh服务配置和构建容器。
#1楼
参考:https://stackoom.com/question/1PpSf/如何输入已经以新的TTY运行的Docker容器
#2楼
Update 更新资料
As of docker 0.9, for the steps below to now work, one now has to update the /etc/default/docker
file with the '-e lxc'
to the docker daemon startup option before restarting the daemon (I did this by rebooting the host). 从docker 0.9开始,为了使以下步骤正常运行,现在必须在重启守护程序之前将带有'-e lxc'
的/etc/default/docker
文件更新为docker守护程序启动选项(我通过重新启动主办)。
This is all because... 这是因为...
...it [docker 0.9] contains a new "engine driver" abstraction to make possible the use of other API than LXC to start containers. ... [docker 0.9]包含新的“引擎驱动程序”抽象,以使可以使用LXC以外的其他API来启动容器。 It also provide a new engine driver based on a new API library (libcontainer) which is able to handle Control Groups without using LXC tools. 它还提供了一个基于新API库(libcontainer)的新引擎驱动程序,该驱动程序无需使用LXC工具即可处理控制组。 The main issue is that if you are relying on lxc-attach to perform actions on your container, like starting a shell inside the container, which is insanely useful for developpment environment... 主要问题是,如果您依靠lxc-attach在容器上执行操作,例如在容器内启动外壳,这对于开发环境非常有用...
Please note that this will prevent the new host only networking optional feature of docker 0.11 from "working" and you will only see the loopback interface. 请注意,这将阻止docker 0.11的新的仅主机联网可选功能 “正常运行”,并且您只会看到回送接口。 bug report 错误报告
It turns out that the solution to a different question was also the solution to this one: 事实证明, 另一个问题的解决方案也是这个问题的解决方案:
...you can use docker
ps -notrunc
to get the full lxc container ID and then uselxc-attach -n <container_id>
run bash in that container as root. ...您可以使用ps -notrunc
获取完整的lxc容器ID,然后使用lxc-attach -n <container_id>
在该容器中以root身份运行bash。
Update: You will soon need to use ps --no-trunc
instead of ps -notrunc
which is being deprecated. 更新:您很快将需要使用ps --no-trunc
而不是已弃用的ps -notrunc
。
Find the full container ID 查找完整的容器ID
Enter the lxc attach command. 输入lxc attach命令。
Top shows my apache process running that docker started. 顶部显示了运行Docker启动的我的Apache进程。
#3楼
The "nsinit" way is: “ nsinit”的方式是:
install nsinit 安装nsinit
git clone git@github.com:dotcloud/docker.git
cd docker
make shell
from inside the container: 从容器内部:
go install github.com/dotcloud/docker/pkg/libcontainer/nsinit/nsinit
from outside: 从外面:
docker cp id_docker_container:/go/bin/nsinit /root/
use it 用它
cd /var/lib/docker/execdriver/native/<container_id>/
nsinit exec bash
#4楼
You should use Jérôme Petazzoni's tool called 'nsenter' to enter a container without using SSH. 您应该使用JérômePetazzoni的名为“ nsenter”的工具来输入容器,而无需使用SSH。 See: https://github.com/jpetazzo/nsenter 参见: https : //github.com/jpetazzo/nsenter
Install with simply running: docker run -v /usr/local/bin:/target jpetazzo/nsenter
只需运行即可安装: docker run -v /usr/local/bin:/target jpetazzo/nsenter
Then use the command docker-enter <container-id>
to enter the container. 然后使用命令docker-enter <container-id>
进入容器。
#5楼
What about running tmux/GNU Screen within the container? 在容器中运行tmux / GNU Screen怎么办? Seems the smoother way to access as many vty as you want with a simple: 似乎更简单的方法是通过一个简单的方法来访问任意数量的vty:
$ docker attach {container id}
#6楼
nsenter
does that. nsenter
做到了。 However I also needed to enter a container in a simple way and nsenter didn't suffice for my needs. 但是,我还需要以一种简单的方式输入一个容器,nsenter不足以满足我的需求。 It was buggy in some occasions (black screen plus -wd flag not working). 在某些情况下,这是错误的(黑屏加上-wd标志不起作用)。 Furthermore I wanted to login as a specific user and in a specific directory. 此外,我想以特定用户身份和特定目录登录。
I ended up making my own tool to enter containers. 我最终制作了自己的工具来输入容器。 You can find it at: https://github.com/Pithikos/docker-enter 您可以在以下位置找到它: https : //github.com/Pithikos/docker-enter
Its usage is as easy as 它的用法就像
./docker-enter [-u <user>] [-d <directory>] <container ID>