The (already created and tailored) docker container, which is on a Tegra TX2 host, was created with the priveleged flag.
I want to add devices from my Tegra TX2 host to the container, but 'docker run --device=...' would create a new container. How can I do this?
Regards
docker update is what you would use if you want to update the configuration of a container. Unfortunately there is no way to add a new device without recreating the container.
For more information on what can be updated check the documentation.
Related
My main developer box is running Centos8. I'm working on a project where I need to do some builds on RHEL7/8/9. I have docker installed on the host and pulling RHEL7 image from registry.redhat.io/rhel7:7.9-702.1655292978, RHEL8 from docker hub (redhat/ubi8:latest) and RHEL9 also from docker hub (redhat/ubi9:latest). RHEL 7/8 work without issue but RHEL9 has the error:
subscription-manager is disabled when running inside a container.
Please refer to your host system for subscription management.
I have a valid subscription but for some reason, it is not possible to actually run a RHEL9 image from a non RHEL host. I'm not sure I understand the reason for this but is there a workaround (other than changing the host to RHEL) so that I can register my RHEL9 container?
Someone in my team found a solution. The article https://access.redhat.com/solutions/5870841 basically points to injecting the subscription info (from a registered system) into the container.
Here is a sample docker file I used:
FROM registry.redhat.io/ubi9/ubi
COPY rhel9_sub/redhat.repo /run/secrets/redhat.repo
COPY rhel9_sub/rhsm /run/secrets/rhsm
COPY rhel9_sub/entitlement /run/secrets/etc-pki-entitlement
where the rhel9_sub folder I was copying from came from my registered RHEL9 host.
I can now query the repo and pull kernel packages into the container without issue.
I start a Docker container with a special bash script that runs the container and then creates a user X with a dynamic name, UID and GUID in the container. I can then bash into the container and perform actions as this user X. The script also creates an 'alias' user named vscode with the same UID as the earlier created dynamic user X.
In VSCode I can attach to this container. Two questions:
How can I setup VSCode to perform all actions as the 'vscode' user or as the user X? (When using devcontainer.json to create the container this is trivial, but now I attach to an existing container and devcontainer.json is not used).
In devcontainer.json you have the option to automatically install extensions. Which settings file do I need to create to automatically install extensions when attaching to a container?
The solution should be automated. Eg. manual intervention and committing the image as suggested below is possible but will make it much harder for users to just use my Docker image.
I updated to vscode 1.39 and tried to add:
ADD server-env-setup /root/.vscode-server/server-env-setup
But "server-env-setup" seems to be only used for WSL.
I'll answer your questions in reverted order:
VSCode installs extensions after creating the container by using docker exec command.
And now recipe: The easiest way is to take container already created by VSCode:
Run "Open folder on container" for creating dev container.
After container has done and you can work with VSCode. Stop your environment by clicking "Close remote connection".
Run docker ps -a. You should see last died containers something as:
How you can see the latest running container is: a7aa5af7ec08 vsc-typescript-2ea9f347739c5397afc431028000c02b. This your container with all extensions installed. And it doesn't matter how you install extensions manually or by configuring via devcontainer.json.
Run docker commit a7aa5af7ec08 all-installed-vscode-image:latest. Now you have a docker image with all your loved software installed. You can upload this image to your favorite docker registry and use also on other machines.
Now you can run docker run -i -u vscode all-installed-vscode-image:latest. And attach vscode to this container. This is an answer to your first question.
Also, you can review vscode documentation and use devcontainer.json configurations when you attach to already running containers and even containers running on remote machines.
VSCode now implements a "remoteUser" property ehich you can set in the image configuration. This will ensure that VSCode logs into the container as the correct user.
When you are inside a docker container, is there anyway to obtain the "build history" (i.e. the original Dockerfile, or rather list of commands in the original Dockerfile that was used to build that container)?
The reason is that for tracking and version control purposes, it might be useful to indicate what/how the environment was configured when the process was run.
Thanks.
You can do it with
docker history
command. But not inside the container. Container itself does not have Docker and container itself does not hold its own history. To run that command you need to be in the host and not in the container.
docker history documentation
have a great explanation on how to use that command.
docker label is a good way to add additional metadata to your docker images.
Check this for more info.
You can get this data using docker inspect. But these commands can be run from outside the container, to run it from the inside you need to make use of docker remote api's as explained here in this answer.
You can also retrieve details of docker image using docker history through this remote api.
If you want just few details about images like version, etc. Then put those data as environment variable while building the image so that you can refer it later inside your running docker container.
Need to know where docker volumes are located when using the docker machine on macOS.
The installation is using boot2docker, so the VM works behind.
Example:
docker volume create test-data
docker inspect shows a path, but where can I find the specific (physical) location?
It’s inside the virtual machine and isn’t directly accessible from the host.
Debug-level commands like docker volume inspect will give you a path, but they really are only for emergency debugging and not for routine use. If you have a way to get a shell in the VM you can see that path, but you really shouldn’t be directly accessing files there, and you shouldn’t be routinely docker inspecting anything.
macOS use a virtual machine it's different to linux where you can access to volumes from /var/lib/docker/volumes.
For macOS you should connect to a VM to find your volumes.
If you use persistent data volumes in Docker, and you want to access them with command-line.
If your docker host is Linux, that’s not a problem; you can find Docker volumes by /var/lib/docker/volumes path.
However, that’s not the case when you use Docker for Mac.
Try to cd /var/lib/docker/volumes from your MacOS terminal, you ‘ll get nothing.
You see, your Mac machine isn’t a real Docker host. Docker for Mac runs a virtual machine and hides it from you to make things simple.
So, to access persistent volumes created by Docker for Mac, you need to connect on that VM.
In order to accomplish this, we need to use a serial terminal on Mac. There’s a terminal application called “screen” that’s going to help us.
We need to “screen into” the Docker driver by executing a command:
screen
~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
You should see a blank screen, just press Enter , and after a while, you should see a command line prompt
Now you’re inside Docker’s VM and you can cd into volumes dir by typing: cd /var/lib/docker/volumes
Profit, you got there!
If you need to transfer files from your MacOS host into Docker host you can refer to File Sharing
Hope this helps you!
If you have installed docker using snap then volumes are located at:
/var/snap/docker/common/var-lib-docker/volumes/
location of volumes when using docker official install
/var/lib/docker/volumes/
Normally, if you want to "know" where a volume lives, you would want to map a volume to the local filesystem. When you create a named volume you are just allocating "shared" storage. However, if your really need to know, run this command:
docker volume inspect test-data
i am using native docker for mac and i have a small application running with docker container .
currently i am manually copying the data from my mac to docker container using docker cp command.
i want to make it dynamic, i want to put the data in my local directory which should get sync with docker container .
example:
mac local dir : users/vishnu/data/
which should get sync to
`<Docker-container-ID>:/opt/deploy/`
the container is already running ,i should not release the running container . i can only stop and start . is there a way ?? Thanks in advance
host mounted volume.
when you docker run you add a -v /Users/vishnu/data:/opt/deploy parameters.
if you need to add a mounted volume to your existing container, use the Kitematic UI. it's easier that way. but in general, you should add this when you docker run.
...
also, FYI - the idea that you can't delete a container is an anti-pattern with Docker. if you can't delete your container, because it would cause too many problems, you're doing something wrong. https://derickbailey.com/2017/04/05/what-i-learned-by-deleting-all-of-my-docker-images-and-containers/