How to enter/ssh into your docker container

If you want to debug or enter your docker container, you might think that you will easily run a sshd server and that's fine. But it's wrong and most of all: it's not necessary.

Like @jpetazzo explained in "Docker SSHD considered evil": containers run with only one executable as main process. So if you want to have a sshd next to your php-fpm, you will need monit or supervisor to launch them. That's already 3 services in total!

That's why: keep your docker image clean!

But how to enter the container? There is a little tool called "nsenter" (available with util-linux >= 2.24)

$ PID=$(docker inspect --format  <container_name_or_ID>)
$ sudo nsenter --target $PID --mount --uts --ipc --net --pid

There is also a wrapper for the nsenter command from the beginning, called docker-enter (available at https://github.com/jpetazzo/nsenter):

$ sudo docker-enter my_awesome_container ls -la

If you don't have nsenter available (e.g. it does not come with ubuntu, yet), you can install it like this:

$ # use jpetazzo container to build and cat nsenter to /usr/local/bin/nsenter on your local machine
$ sudo docker run jpetazzo/nsenter cat /nsenter > /usr/local/bin/nsenter

or build it on your own (needs the build-essential package):

$ cd /tmp
$ curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz | tar -zxf-
$ cd util-linux-2.24
$ ./configure --without-ncurses
$ make nsenter
$ sudo cp nsenter /usr/local/bin/nsenter

Happy debugging.

In docker, open source, ubuntu, vm by @ 09 Jul 2014

comments powered by Disqus

Recent Files


Recent Dev-Articles

Read recently