Docker Community Forums

Share and learn in the Docker community.

How can i run docker command inside a docker container?


(wangyumi) #1

Hi gurus,

I want use docker build/push command to manage docker images (into our private registry) inside a docker container, by which I will gain a lot of flexibilities.

My host os is coreos and the base image is ubuntu. But I found inside the docker container, /usr/bin/docker is not available. I guess it was designed intentionally.

Is my request valid? DO I have a alternative way to achieve the same function?

Regards
wangyumi


(Usertaken) #2

I’m not sure about CoreOS but normally you can manage your host containers from within a container by mounting the Docker socket.

Such as

docker run -it -v /var/run/docker.sock:/var/run/docker.sock ubuntu:latest sh -c "apt-get update ; apt-get install docker.io -y ; bash"

or

https://registry.hub.docker.com/u/abh1nav/dockerui/


(wangyumi) #3

Thanks for your quick response.

Any ideas about how to quick “enable” docker in a docker image by Dockerfile?

Regards,
wangyumi


(Usertaken) #4

Within a Dockerfile I think you can only create a data volume. You need to manually specific which host directory or file to mount as a volume when running.

http://docs.docker.com/userguide/dockervolumes/#mount-a-host-file-as-a-data-volume


(Nathan Le Claire) #5

Yes, anyone with direct access to the Docker socket has root privileges on the host system. Usually not what you want.

If you’re running on Linux, you don’t have to directly install Docker in the container at all. You can bind mount the docker binary (usually at /usr/bin/docker) directly. Note that bind mounting the socket does not give you a totally new Docker, but rather access to the existing Docker daemon from inside the container. If you want to bake in the Docker binary to an image you could always make one called laoyumi/docker or something and then to “quickly” get access to it in another image you just start the Dockerfile with from laoyumi/docker.

There is Docker in Docker but it’s a little heavyweight if all you want to do is “some docker-ey stuff in containers that doesn’t need to be that isolated”.


(wangyumi) #6

Hi,
I wrote a Dockerfile like:

RUN apt-get -yqq update
VOLUME ["/var/run/docker.sock"]
RUN apt-get -yqq install docker.io

Subsequently, I build the image and run a container and attach it.

When I was trying to build a docker image inside the container, I got following error:
root@fd8d47323d89:/Dockerimages/sample/2014-11-05 10:59:18.431193458 +0000 UTC# docker build .
2014/11/05 11:11:05 Cannot connect to the Docker daemon. Is ‘docker -d’ running on this host?

How can I let a docker client inside a docker container connects the docker daemon on the host os?

Regards,
wangyumi


(Bernhard Rümenapp) #7

Hi wangyumi, the commands you wrote are working!
Here is my Dockerfile (the parent is on docker hub, so you can try it out):

FROM bdruemen/jenkins-uid-from-volume
RUN apt-get -yqq update && apt-get -yqq install docker.io && usermod -g docker jenkins
VOLUME /var/run/docker.sock
ENTRYPOINT groupmod -g $(stat -c “%g” /var/run/docker.sock) docker && usermod -u $(stat -c “%u” /var/jenkins_home) jenkins && gosu jenkins /bin/tini – /usr/local/bin/jenkins.sh

docker build .
docker run -d -v /var/run/docker.sock:/var/run/docker.sock (IMAGE)
docker exec -u jenkins (CONTAINER) bash
jenkins@8da12737527b:/$ docker images
(shows a list)


(Michael J. Ryan) #8

Just create a volume map for both the docker executable, and the docker socket descriptor…

docker run -it -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker ubuntu:latest bash

In your case, your image, and the command to run are up to you, but mapping those two pieces are enough to interact with the docker executable. :slight_smile:


(Jmcollin) #9

Hi Michael,

I try your proposal but without success. Into container I’ve this message:

root$ docker exec -it Jenkins /bin/bash
bash-4.3$ docker ps
bash: /usr/bin/docker: No such file or directory
bash-4.3$ which docker
/usr/bin/docker
bash-4.3$

Any idea ? My root docker is on Alpine Linux/ Maybe it have so impacts.

EDIT:
same problem with unbuntu

root$ docker run -it -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker ubuntu:latest bash
Unable to find image ‘ubuntu:latest’ locally
latest: Pulling from library/ubuntu
b6f892c0043b: Pull complete
55010f332b04: Pull complete
2955fb827c94: Pull complete
3deef3fcbd30: Pull complete
cf9722e506aa: Pull complete
Digest: sha256:382452f82a8bbd34443b2c727650af46aced0f94a44463c62a9848133ecb1aa8
Status: Downloaded newer image for ubuntu:latest
root@57fb8536d5b1:/#
root@57fb8536d5b1:/#
root@57fb8536d5b1:/# docker ps
docker: error while loading shared libraries: libltdl.so.7: cannot open shared object file: No such file or directory
root@57fb8536d5b1:/#

JM.


(Vp2405) #10

same problem for me, with Alpine Linux


(Jmcollin) #11

The solution for me was to chmod /var/run/docker.sock with correct rightd considering that user/group inside container is not the user/group on the host.


(Fangzx) #12

yes, I do like this:

(1) In Dockerfile , just add
RUN curl -fsSLO https://get.docker.com/builds/Linux/x86_64/docker-17.03.1-ce.tgz &&
tar --strip-components=1 -xvzf docker-17.03.1-ce.tgz -C /usr/local/bin

(2) in docker run command, add
-v /var/run/docker.sock:/var/run/docker.sock \

(3) in container .bash_profile file add
chown -R dev:dev /var/run/docker.sock

dev is the user in container.