I have a following Makefile:
start: delete-network create-network start-container delete-network
start-container:
docker run -it --rm --network docky docky bash
create-network:
docker network create docky
delete-network:
docker network remove docky 2> /dev/null || true
Unfortunately when I call make start, delete-network task is ignored after I exit from cotainer. How can I execute all tasks?
If running the container and cleaning up is the goal, this will do it:
start: delete-network create-network start-container
start-container:
docker run -it --rm --network alpine alpine sh; docker network remove alpine
create-network:
docker network create alpine
delete-network:
docker network remove alpine 2> /dev/null || true
and a version without duplication:
start: create-network start-container delete-network
start-container:
-docker run -it --rm --network alpine alpine sh
create-network:
docker network create alpine || true
delete-network:
docker network remove alpine 2> /dev/null || true
Related
Any commands hang terminal inside docker container.
I login in container with docker exec -t php-zts /bin/bash
And then print any elementary command (date, ls, cd /, etc.)
Command hang
When I press ctrl+c I going back to host machine.
But, if I run any command without container - it's work normally
docker exec -t php-zts date
Wed Jan 26 00:04:38 UTC 2022
tty is enabled in docker-compose.yml
docker system prune and all cleanups can not help me.
I can't identify the problem and smashed my brain. Please help :(
The solution is to use the flag -i/--interactive with docker run. Here is a relevant section of the documentation:
--interactive , -i Keep STDIN open even if not attached
You can try to run your container using -i for interactive and -t for tty which will allow you to navigate and execute commands inside the container
docker run -it --rm alpine
In the other hand you can run the container with docker run then execute commands inside that container like so:
tail -f /dev/null will keep your container running.
-d will run the command in the background.
docker run --rm -d --name container1 alpine tail -f /dev/null
or
docker run --rm -itd --name container1 alpine sh # You can use -id or -td or -itd
This will allow you to run commands from inside the container.
you can choose sh, bash, or any other shell you prefer.
docker exec -it container1 alpine sh
For CI/CD purposes, I need docker in docker:
docker network create some-network
docker volume create some-docker-certs-ca
docker volume create some-docker-certs-client
docker run --privileged --name some-dind -d --network some-network --network-alias docker -e DOCKER_TLS_CERTDIR=/certs -v some-docker-certs-ca:/certs/ca -v some-docker-certs-client:/certs/client docker:dind
Now if I run the docker:latest image with -it option, I can use docker in the container as expected:
docker run --rm -it --network some-network -e DOCKER_TLS_CERTDIR=/certs -v some-docker-certs-client:/certs/client:ro docker:latest sh
/ # docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
/ #
But I need to customize docker:latest image in a Dockerfile:
FROM docker:latest
# install package1
# install package2
# install package3
...
# install package4
And build the customized docker image:
docker build -t customized-docker .
But when I run the customized-docker image with -it options, It cannot connect to docker daemon:
docker run --rm -it --network some-network -e DOCKER_TLS_CERTDIR=/certs -v some-docker-certs-client:/certs/client:ro customized-docker:latest sh
/ # docker ps
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
/ #
What is the problem? Isn't there any way I can use customized docker image?
Edit:
I found a better way to do my CI/CD without "docker in docker". As David Maze mentioned, most of the times, there is no need to use "docker in docker". But my question still remains: Why can the docker:latest container connect to docker daemon but a customized docker container cannot.
I am running a metasploitable2 docker container on a server. Here is the docker command to create this docker container:
docker run --name victumb-it tleemcjr/metasploitable2:latest sh -c "/bin/services.sh && bash" --security-opt apparmor=unconfined -privileged true --network host
I then ran an exploit on Kali linux container on a different server targeting the docker image, however it failed.
use exploit/unix/ftp/vsftpd_234_backdoor
msf5 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOST 134.122.105.88
RHOST => 134.122.105.88
msf5 exploit(unix/ftp/vsftpd_234_backdoor) > run
[-] 134.122.105.88:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (134.122.105.88:21).
I am confused as to why this exploit failed. Due to the --network host i thought that the traffic would be mirrored into the container. Is their anyway to fix this networking error, so that the hack is successful?
Here is the tutorial I was loosely following: https://medium.com/cyberdefendersprogram/kali-linux-metasploit-getting-started-with-pen-testing-89d28944097b
Because the option --network host should be placed before the image
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
This should work:
docker run --name victumb-it --network host --security-opt apparmor=unconfined --privileged tleemcjr/metasploitable2:latest sh -c "/bin/services.sh && bash"
Here sh is the command, and everything after that is arguments passed to sh command.
The docker run options like --network, --security-opt and --privileged are placed before the image.
If you run docker inspect container_id you'll see at the Args key the arguments passed to the command. It means they are not arguments to docker run.
I face this strange issue and can't explain why.
$ docker run -d --name dind --privileged --net=host -v `pwd`:/app -w /app docker:stable-dind
fe66d6e7e5effcf15e439a332a2368fddab810e9bc8ac3445392c8e56b0aa38a
$ docker exec dind ls
Dockerfile
$ docker exec dind docker run -v `pwd`:/app -w /app alpine ls
$ docker exec dind docker build -t demo .
Sending build context to Docker daemon 521.7kB
Step 1/24 : FROM alpine
So why I can't see my files in docker container which running in docker?
Why it can read the file Dockerfile with command docker build, but not docker run?
This is because pwd in your code will be parsed in your host machine, not in the container, so the container which in the container get the current directory of host machine, not current directory of container machine, you can prove it by change following command from:
$ docker exec dind docker run -v `pwd`:/app -w /app alpine ls
to
$ docker exec dind docker run -v /app:/app -w /app alpine ls
Then, you will see your Dockerfile output. FYI.
The dind (Docker IN Docker) pulled from DockerHub works fine, but I cannot build the dind from scratch.
I tried to build as follows.
My Docker version is 1.1.
$ git clone https://github.com/docker-library/docker
$ cd docker/
$ cd 1.1/
$ docker build -t docker:dind .
I could create a "dind" Docker image. After that I tried to run.
$ docker run -it --privileged --name test -d docker:dind
52e590b6636b3726bbe9774627f4424c2b9f8958a745d57c27d04cbec77a2d7b
$ docker run -it --rm --link test:docker docker run -it ubuntu bash
docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
See 'docker run --help'.
The dind did not work well.
So, I tried to customize from the dind pulled from Docker Hub.
$ docker pull docker:dind
$ docker run -it docker:dind ash
/ # exit
$ docker commit d508c2fd7131 docker:dind
sha256:f20e0314f996fe9f66806df47c1bdff956c84d11a6bfe2ff66279bee968323ec
$ docker run -it --privileged --name test -d docker:dind
d877c1993275fd4039b749f52d60a3095d40d52e13255c4fd88a319ca7ec306a
$ docker run -it --rm --link test:docker docker run -it ubuntu bash
docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
See 'docker run --help'.
It also had same problem. I just run the "dind" on Docker and exit immediately.
I cannot understand why I cannot customize the "dind" image.
Please tell me how to fix this problem.
Try this.
docker run --privileged -d --name test docker:dind
docker exec -it test docker version
docker commit test mydind
You can use mydind image