is there any strategy to nsenter a running container that does not contain any interactive shell binaries like /bin/sh?
Mic92
mgoelzer: nsenter -F
wrong
just use nsenter -t <pid> ... -- programm
dwalsh joined the channel
dwalsh_ joined the channel
mgoelzer
Mic92: sorry, i'm confused. doesn't program need to be an executable binary already inside the container? my problem is, i don't have a /bin/sh inside the container.
duglin: it's the same issue, isn't it? i don't have a <program> inside the container to run. sorry if i am not explaining this well...
duglin
well, w/o a program to run, what do you want to do? :-)
Mic92
mgoelzer: do you want to run, which is not in the container?
mgoelzer
i want to poke around the container's file system, but it's Dockerfile is "FROM golang:1.3" so there is no shell or other executable tools inside the image
duglin
“poke around” means use “sh”, right? no sh, no can do
mgoelzer
i want to run /bin/sh, but because there is no /bin/sh inside the container, i'm asking if i can provide the /bin/sh on the host or somethign like that
duglin: yes, that's what i mean. so, it's impossible to do anything with a running container if it has no /bin/sh? no way to copy in an external /bin/sh from the host?
duglin
if we had “docker cp <host> <container>” then you could copy sh into it
cnf
mgoelzer: you nsenter like real men shave
duglin
but that PR isn’t merged yet
mgoelzer
duglin: yes! that's what i want. bummer that it does not exist
Mic92
mgoelzer: you skip --mount
And just change to the root directory of the container manually
duglin
true you could mount it into the original container
mgoelzer
Mic92: thank you!!! yes, that's it, youre right
that fixed it
jainvipin_ has quit
tianon
mgoelzer: uh, "FROM golang:1.3" should have a shell in it
mgoelzer
tianon: really? i can't find one.
jpoimboe is now known as jpoimboe_away
Mic92: hold on, though, if i remove --mount, what do i do next?
tianon
$ docker run -it --rm golang:1.3 sh
#
mgoelzer
hmmm, you're right tianon
tianon
:D
Mic92
mgoelzer: what filesystem backend do you use?
in docker
mgoelzer
well, the container is just docker swarm. like do "docker pull swarm" and then "docker run -d -p 1234:2375 swarm manage token://whatever". now the container is running, but i cannot nsenter it
nope, the Dockerfile linked from the Hub page for it is :) that's the main development Dockerfile, and I think there's an automated build of it somewhere too
Mic92: so with aufs, is there a way to manually mount the container's filesystem after i run nsenter without the --mount option?
cnf
mgoelzer: wth are you trying to accomplish?
Mic92
mgoelzer: I don't know how the aufs driver is implementend, but probably it is mounted in your host mount namespace already
mgoelzer
cnf: at this point, it is just a curiousity question: given a running container with no /bin/sh binary, is there still a way to "poke around" inside the container using nsenter?
cnf
i consider "poking around" a failure
i don't do it
mgoelzer
cnf: even just for debugging or exploration?
dwalsh has quit
dwalsh_ has quit
cnf
i have no need for it
maounis joined the channel
nathanleclaire joined the channel
Mic92
cnf: but other people have
mgoelzer: mount | grep aufs
cnf
Mic92: hence why all my statements where prepended with "I"
achanda has quit
tarnfeld has quit
tarnfeld_ joined the channel
Mic92
I think docker should not be a blackbox no one can understand.
cnf
mgoelzer: i generally don't see the need to enter a container
mgoelzer
Mic92: mount | grep aufs ==> no output
cnf
Mic92: it isn't a blackbox
docker is dead easy
Mic92
except something does not work as expected
cnf
Mic92: "something"?
miminar joined the channel
mgoelzer
honestly, i'm just trying to learn here. nsenter seems like a good learning and exploration tool, but i guess you can only use it if you have included a /bin/sh or whatever diagnostic program you want in your container
cnf
mgoelzer: what do you need it for, though?
tlonim
I see the engine shutdown hook doesn't clean up the unix socket (with Close()), is this intended (or a bug)? (I don't see that happening with signal handling either)
miminar
dmp42, ping
dmp42
hello miminar :)
miminar
dmp42, hi
dmp42
can you join #docker-distribution?
miminar
dmp42, yep
mgoelzer
cnf: i think my original goal was to look at the environment variables in the container
Mic92
mgoelzer: you could try the vfs driver.
cnf
mgoelzer: docker inspect ?
Mic92
mgoelzer: then you have just plain folders instead of mounts
cnf
and if you want to see what files are in a container
mgoelzer
cnf: yeah, i guess you're right that that's a better solution. but i also wanted to see the file system and possibly modify files
cnf
docker export <name>|tar -tvf -
mgoelzer: ^^^ shows the filesystem
mgoelzer
cnf: i guess i didn't have a specific goal, just a general sense that i wanted to poke around
cnf: oh, that's a good idea
cnf
mgoelzer: the general point is for containers to be stateless
mgoelzer: so poking around and changing things manually tends to be counter to that
mgoelzer
Mic92: i'll try vfs too. i need to read more about the different drivers
cnf
vfs is used for volumes
i don't think you can use it for layered fs
mgoelzer
cnf: yeah, i do see what you mean
cnf
mgoelzer: use Dockerfiles to change things, and the line above to see what is in images you didn't make
mgoelzer: and you can always -v the file you are playing with into a container
mgoelzer
cnf: yes, i think docker export / inspect is good solution for what i'm trying to do.
ndumont joined the channel
cpuguy83 joined the channel
cnf
mgoelzer: also, you can do
docker inspect -f {{.Config.Entrypoint}} <name>
to just get one entry
cpuguy83 joined the channel
jainvipin_ joined the channel
rsampaio_ has quit
test99 joined the channel
jmreicha_ joined the channel
bkuberek joined the channel
Mic92
cnf: vfs is also a graph driver
cjellick_ joined the channel
cpuguy83 joined the channel
bkuberek_ has quit
cpuguy83 joined the channel
dwalsh_ joined the channel
cpuguy83
Sweet, now running rc3, and setup default ulimits and syslog logging, very nice