demo nsenter approach to execute command in another container
This commit is contained in:
34
simple-docker/compose.yaml
Normal file
34
simple-docker/compose.yaml
Normal file
@ -0,0 +1,34 @@
|
||||
services:
|
||||
sometools:
|
||||
# 对于 docker compose 来说,没法指定容器来共享 pid,需要固定容器名称,来给下面的另一个容器使用
|
||||
container_name: sometools
|
||||
# demo 用的,这里刻意区分了debian版本
|
||||
image: debian:buster
|
||||
# 核心是 echo $$ > /shared-pid/tool-container.pid, $$ 是自身 PID
|
||||
# echo 以后就闲置了,开始昏睡
|
||||
# 四个$是因为,yaml中两个$表示一个$,我们需要$$
|
||||
command: bash -c 'set -x; echo $$$$ > /shared-pid/tool-container.pid; while true; do sleep 100000; done'
|
||||
volumes:
|
||||
# 这个卷两个容器共享
|
||||
- shared-pid:/shared-pid
|
||||
do-something-here:
|
||||
image: debian:bookworm
|
||||
# 核心是 nsenter,进入到另一个容器的命名空间去执行命令
|
||||
# 应该会看到另一个容器的系统版本
|
||||
command: bash -c 'set -x; nsenter -t $(cat /shared-pid/tool-container.pid) -m cat /etc/os-release; echo 'exec into this container and run nsenter'; while true; do sleep 10000; done'
|
||||
volumes:
|
||||
# 这个卷两个容器共享
|
||||
- shared-pid:/shared-pid
|
||||
# 共用上面容器的 PID 命名空间
|
||||
pid: container:sometools
|
||||
# 在上面这个容器启动后再启动,因为需要等待新建 PID 命名空间
|
||||
depends_on:
|
||||
- sometools
|
||||
# 对于有一些情况,需要特权
|
||||
cap_add:
|
||||
- CAP_SYS_ADMIN
|
||||
# 实在不行就开特权
|
||||
# privileged: true
|
||||
|
||||
volumes:
|
||||
shared-pid:
|
||||
Reference in New Issue
Block a user