Acessing ARP table of Host from Docker container - docker

How can I access the host ARP records from within a Docker container?
I tried to mount a volume (in a docker-compose file) /proc/net/arp:/proc/net/arp but found out that I can't make any volume with /proc. Then I tried to mount it elsewhere like /proc/net/arp:/root/arp, but then if I cat /root/arp, from within the container, the table comes out empty.
docker run -v /proc/net/arp:/root/arp alpine cat /root/arp <-- returns empty table
Ideas?

You should be good if you add privileged mode and make sure you're in host networking mode. This worked for me:
>$ docker run --net host --privileged -v /proc/net/arp:/host/arp alpine cat /host/arp

Related

Docker different volume path for specific container

By default docker uses /var/lib/docker/volumes/ for any started container.
Is there any way to launch a new container and have it consume all the required disk on a different specified path on the host?
Basically have the root volume different.
For a specific container only, the simplest way i think would be to use docker volumes, Create docker volume and then attach the volume to the container. So the process running on the container uses up the share, so this is using the disk you would like to use.
More information on the following webpage,
https://docs.docker.com/storage/volumes/
you can define the volume path.
docker run -it --rm -v PWD$:/MyVolume ubuntu bash
This command will use the current folder where you execute the command from.
In the container you'll find your file under /MyVolume.
jens#DESKTOP:~$ docker run -it --rm -v $PWD:/MyVolume ubuntu bash
root#71969d68099e:/# cd /MyVolume/
root#71969d68099e:/MyVolume# ls
But you can define any path:
docker run -it --rm -v /home/someuser/somevolumepath:/MyVolume ubuntu bash
Almost the same is available in docker compose.
ports:
- "80:8080"
- "443:443"
volumes:
- $HOME/userhome/https_cert:/etc/nginx/certs
Jens

Docker inside docker : volume is mounted, but empty

I am running a docker container with docker mounted inside using :
docker run -v /Path/to/service:/src/service -v /var/run/docker.sock:/var/run/docker.sock --net=host image-name python run.py
This runs a python script that creates a data folder in /src and fills it. When printing os.listdir('/src/data'), I get a list of files.
I then run a container from within this container, mounting the data folder, using docker-py.
volumes = {'/src/data': {'bind': '/src', 'mode': 'rw'}}
client.containers.run(image, command='ls data', name=container_key, network='host', volumes=volumes)
And it prints :
Starting with UID: 0 and HOME: /src\n0\n'
Which means data is mounted, but empty. What am I doing wrong ?
So- mounting docker inside the container means that containers started from in there are running on your HOST machine.
The end result is you have two containers on host- one with
/Path/to/service:/src/service
and one with
/src/data:/src
If you want to share a volume between two containers you should usually use a "named" volume like
docker run -v sharedvolume:/src/data and docker run -v sharedvolume:/src

Bind to docker socket on Windows

On *nix systems, it is possible to bind-mount the docker socket from the host machine to the VM by doing something like this:
docker run -v /var/run/docker.sock:/var/run/docker.sock ...
Is there an equivalent way to do this when running docker on a windows host?
I tried various combinations like:
docker run -v tcp://127.0.0.1:2376:/var/run/docker.sock ...
docker run -v "tcp://127.0.0.1:2376":/var/run/docker.sock ...
docker run -v localhost:2376:/var/run/docker.sock ...
none of these have worked.
For Docker for Windows following seems to be working:
-v //var/run/docker.sock:/var/run/docker.sock
As the Docker documentation states:
If you are using Docker Machine on Mac or Windows, your Engine daemon
has only limited access to your OS X or Windows filesystem. Docker
Machine tries to auto-share your /Users (OS X) or C:\Users (Windows)
directory. So, you can mount files or directories on OS X using:
docker run -v /Users/<path>:/<container path> ...
On Windows, mount directories using:
docker run -v /c/Users/<path>:/<container path> ...
All other paths come from your virtual machine’s filesystem, so if you
want to make some other host folder available for sharing, you need to
do additional work. In the case of VirtualBox you need to make the
host folder available as a shared folder in VirtualBox. Then, you can
mount it using the Docker -v flag.
With all that being said, you can still use the:
docker run -v /var/run/docker.sock:/var/run/docker.sock ...
The first /var/run/docker.sock refers to the same path in your boot2docker virtual machine.
For example, when I run my own Jenkins image using the following command in a Windows machine:
$ docker run -dP -v /var/run/docker.sock:/var/run/docker.sock alidehghanig/jenkins
I can still talk to the Docker Daemon in the host machine using the typical docker commands. For example, when I run docker ps in the Jenkins container, I can see running containers in the host machine:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
65311731f446 jen... "/bi.." 10... Up 10.. 0.0.0.0:.. jenkins
Just to top it off on the answers provided earlier
When using docker-compose, one must set the COMPOSE_CONVERT_WINDOWS_PATHS=1 by either:
1) create a .env file at the same location as the project's docker-compose.yml file
2) in the CLI set COMPOSE_CONVERT_WINDOWS_PATHS=1
before running the docker-compose up command.
source
This never worked for me on Windows 10 even if it is a linux container:
-v /var/run/docker.sock:/var/run/docker.sock
But this did:
-v /usr/local/bin/docker:/usr/bin/docker
Solution taken from this issue i opened: https://github.com/docker/for-win/issues/4642
Some containers (eg. portainer) work fine with -v /var/run/docker.sock:/var/run/docker.sock
The jenkins container required --user root permissions on the docker run command to successfully access the Docker UNIX socket (using Docker-Desktop on Windows).
By default, a unix domain socket (or IPC socket) is created at
/var/run/docker.sock, requiring either root permission, or docker
group membership.
Source: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option
--group-add docker had no effect using Docker-Desktop on Windows.
To bind to a Windows container you need to use pipes.
-v \\.\pipe\docker_engine:\\.\pipe\docker_engine
What it was suitable for me in Windows 10 was:
-v "\\.\pipe\docker_engine:\\.\pipe\docker_engine"
Have in mind that I was trying to access to portainer that I do recommend a lot it's a great app. For that I use this command:
docker run -d -p 9000:9000 -v "\\.\pipe\docker_engine:\\.\pipe\docker_engine" portainer/portainer
And then just go to:
http://localhost:9000/
I never made it worked myself, but i know it works on windows container on docker for windows server 2016 using this technique:
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option
We actually have at the shop vsts-agents on windows containers that uses the host docker like that:
# listen using the default unix socket, and on 2 specific IP addresses on this host.
$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2
# then you can execute remote docker commands (from container to host for example)
$ docker -H tcp://0.0.0.0:2375 ps
This is what actually made it work for me
docker run -p 8080:8080 -p 50000:50000 -v D:\docker-data\jenkins:/var/jenkins_home -v /usr/local/bin/docker:/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock -u root jenkins/jenkins:lts
it works well :
docker run -it -v //var/run/docker.sock:/var/run/docker.sock -v /usr/local/bin/docker:/usr/bin/docker ubuntu

Docker mount namespace

When i mount $docker run -v /tmp:/tmp -ti ubuntu /bin/bash for the running container that uses the filesystem of the host . When i close the above container from exit command and i link the above container id with the new $docker run --volumes-from="closed container id" -ti ubuntu /bin/bash this as well uses
/tmp files in the newly running container.how is this possible that even after closed the container it is still could be referred in other container.please explain me in a better way what is happening in docker.
how is this possible that even after closed the container it is still could be referred in other container.please explain me in a better way what is happening in docker.
This is an expected behavior, because the you have mapped volume -v /tmp:/tmp on the first instance, which means you have mapped /tmp on your host OS to /tmp inside the container. Now any changes you make within the container remains on the host OS which is accessible by the second or third instance unless the <container id> is removed.
The container exists unless its removed with docker rm <container id>. You can get the <container id> from docker ps -a, which returns the list of all the containers which are running and have been exited AND not been removed.
Check Container Solution's Understanding Volumes in Docker

Mounting volumes on Bluemix containers and sharing between them does not work

I've created a volume with
$ cf ic volume create mosquitto_config
This information shows up as expected:
$ cf ic volume list
mosquitto_config
Then, I've created two containers that are based on an image, which contains the VOLUME ["/etc/mosquitto"] line in its Dockerfile, and on which I'm able to log in via SSH:
$ cf ic run -p 22:22 --volume mosquitto_config:/etc/mosquitto --name ssh-test registry.ng.bluemix.net/{reg-name}/{image-name}:latest
$ cf ic run -p 22:22 --volume mosquitto_config:/etc/mosquitto --name ssh-test-2 registry.ng.bluemix.net/{reg-name}/{image-name}:latest
After logging in, I see the mount point /etc/mosquitto as directory on both containers. However, if I create a file in that directory within one container, the new file does not show up in the other container. As far as I understand the volume concept, the new file should show up in the other container. Is it currently not working or how do you set it up correctly?
this kind of way to share volumes I think is not supported by docker.
In order to give a container access to another container’s volumes, you can simply give the –volumes-from argument to docker run. For example:
$ docker run -it -h NEWCONTAINER --volumes-from container-test debian /bin/bash
All the volumes mounted in 'container-test' will be available to 'NEWCONTAINER' (with the same mount options)
It’s important to note that it works even if the container-test is not running: a volume will never be deleted as long as a container is linked to it.
For further help check this url
http://container-solutions.com/understanding-volumes-docker/

Resources