Share and learn in the Docker community.
Hey all,
I’m curious to know whether we can invoke docker containers from other docker containers…!
For example, say I have a container DocCont1, and when I run this using
docker run -it DocCont1
I want to start another container, say DocCont2, automatically based on certain conditions, just like calling user defined functions in C/C++/Java programming.
Is this possible? Some insights into this will be helpful!
Thanks…!
Only if you have access to a running instance of Docker somehow.
Remember: Access to Docker is root-level access. So, any process (including containers) which have access to run Docker commands, have root-level permissions on whichever host the daemon is running.
That said, you have two options:
/var/run/docker.sock into the container and communicate with the original Docker daemon using this network socket. So, for instance, you could also bind mount the Docker binary from the host (if it’s statically compiled), and use that:$ docker run -ti -v /var/run/docker.sock:/var/run/docker.sock \
-v $(which docker):$(which docker) \
debian \
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fd76985d9dad debian "docker ps" Less than a second ago Up Less than a second nauseous_thompson
In the case of invoking from C++ or Java code, you’d probably find client bindings for your language (which directly access the Docker API using HTTP-ish), and connect to that socket.
EDIT: Corrected the link to run Docker-in-Docker.
FYI, for those interested in running Docker-in-Docker, there is a new container runtime (aka runc) that allows running Docker-in-Docker without using privileged containers. It’s not only more secure, but has some new features such as support for building containers that come pre-loaded with inner container images. You can find it at www.nestybox.com.