Currently Browsing: Docker

Docker-in-docker Docker Compose with sshd


# Docker client with docker-compose && sshd
# use on a Docker host to allow you to ssh and access Docker and Compose remotely
# e.g., as part of CI/CD on a private network.
# ** Not for production use on publicly-exposed server **
# mount for docker host socket:
#    -v /var/run/docker.sock:/var/run/docker.sock:ro
# mount for docker-compose access (optional):
#    -v /host/compose/root:/opt/compose/alias
# cd or reference -f /alias/to/docker-compose.yml file when using docker-compose ...
FROM docker:17
# (uses Alpine)
RUN apk add --update py-pip
RUN pip install docker-compose
# RUN apk add ca-certificates curl openssl nano
RUN apk add openssh
# use fresh keys: (could also do on startup)
RUN rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
RUN /usr/bin/ssh-keygen -A
# install (or append) to authorized_keys: (optional)
COPY certs/ /root/.ssh/authorized_keys
# cleanup install:
RUN rm  -rf /tmp/* /var/cache/apk/*
# remove prior entrypoint if there is one:
CMD ["/usr/sbin/sshd","-D"]

Override Docker Entrypoint properly

It’s not always so obvious what format the `ENTRYPOINT` override should take in a `docker run` command, so here is an example to clarify if you wanted to get a file list instead of the default entrypoint: first override the default ENTRYPOINT command with `/bin/ls` as a `run` argument then pass any args after the image name.

docker run --entrypoint "/bin/ls" namespace/imagename -al /container/path/tolist

As mentioned in the Docker docs, ENTRYPOINT only specifies the executable to run when the container starts.

Docker copy files from image to local

You can’t easily copy file directly from a Docker image, but you can from a temporary container. Couple different ways to do it include:

Run a temp container and copy into local mounted directory, here it’s a directory named “tmp” inside your current directory:

docker run --rm -v $(pwd)/tmp:/tmp <image-name:tag> sh -c "cp -r /path/to/files/* /tmp"

You could do additional pre/post processing and gather additional files as needed, etc. by updating the sh (or bash or other) command.

Or you can simply copy a directory from a static temporary container to a tar file:

id=$(docker create <image-name:tag>)
docker cp $id:path - > local.tar
docker rm -v $id

Docker stats with container names

docker stats `docker ps | awk '{print $NF}' | grep -v NAMES`

Docker remove orphaned volumes

docker volume prune

see: commandline/volume_prune/

to remove all unused containers, networks, images (both dangling and unreferenced), and optionally, volumes:

docker system prune [--all --volumes]

see: commandline/system_prune

Alternate method:

docker volume rm $(docker volume ls -qf dangling=true)

« Previous Entries Next Entries »