Access host via docker container

Question

How to access the host by running commands from the docker container? I need to access the host so that I can check the space usage of my docker containers and images.

Answer 1

This problem is basically a "how can I grab data from the host of a docker container".

Like what Paul said, docker containers are meant to be standalone environments for running an application, isolated from the host environment.

Similar to virtual machine but much more lightweight. Hence containers are not meant to have the power to execute shell commands directly to the host.

I guess this was designed for security reason as well because you won't want malicious containers be executing evil commands on the host like formating disk.

Back to the question.

Fundamentally these are pretty much the standard ways a container can access data from its host;

1. Unix domain socket
2. Volume
3. Network socket e.g. Restful or Web services

Unix domain socket:

This idea is to have a process running on the host acting as a server to listen on a Unix domain socket. Then the container will have a client process to request for resources from its server. In this case the resource can be asking about diskspace.

This method requires the file path of the *.sock socket file to be visible between the host and container and this can be achieved by using the docker volume command.

Advantage: Solution is extensible as you can add different kind of requests once you have built the client-server program.

Disadvantage Can take a bit of time to build the application. A bit of overkill if you ask me.

The Volume Way

You mount a filepath from a host to the container. Then you create a quick and dirty shell script to write the result of df to a file and place it in the shared directory area.

Then in the container, you will have another cron job to run a program/script constantly to parse the df result and do whatever you need to do after that.

Advantage:
Not as expensive as the former solution as you don't have to write small programs to read and write outputs.

Disadvantage: Can be messy or impossible to extend this solution to serve different types of resources. E.g. Run a program from the host's shell.

RESTFUL / Web service way

Very very similar to the unix domain socket method too but you talk HTTP here. You still write your client/server program but in a different way. However it is more troublesome than the first strategy as you need an extra step to lookup the ip address of docker0 network interface. This is so that you know how the container can connect to the host.

Advantage: Extensible. You can use this program to control any remote host which deploy your REST server.

Disadvantage: Expensive to develop. Probably super overkill for your use-case.

Conclusion

I might just go the docker volume way.

Have a cron job to run a simple shell script to run df, process its output and just write "TRUE" or "FALSE" keyword to the file.

Then just have another shell script within the container to cat that file to determine whether to trigger some other scripts when a keyword was expected.

Answer 2

If you would like to have a container which is running tasks to monitor your Docker host system usage and more, you should have a look at https://prometheus.io/ with https://github.com/prometheus/node_exporter.

The node exporter container gets the procfs and sysfs from the Docker host mounted and is therefore capable to monitor the host metrics.

  -v "/proc:/host/proc:ro" \
  -v "/sys:/host/sys:ro" \

Answer 3

If you install the ssh client in the container, and the sshd server on the host, you can ssh from the container to the host to execute commands. To avoid typing passwords, e.g. to run scripts automatically, use ssh keys.

As far as I know, docker does not provide a means to execute commands in the host context from the container. The whole point of docker is to contain the containers, and not let them execute commands on the host.

The opposite is easier. You can enter the container context from the host by using docker exec