如何使用Docker Compose从另一个容器使用命令? [英] How can I use a command from another container using Docker Compose?
问题描述
我有两个Dockerfile:一个用于adonis(带有 node docker的中心映像),另一个是mongo(带有 mongo docker的中心映像).
mongo_service必须依赖adonis服务,因为我只希望在启动所有mongo实例之后运行adonis.
因此,在mongo dockerfile的末尾,我运行了一个脚本,该脚本最后将运行:
adonis种子阿多尼斯服务 我遇到的错误是: adonis:找不到命令
我了解mongo_service无法访问已安装adonis的adonis_service.
我的问题是我如何访问安装在另一个容器中的内容?我这样做是为了使工作更有条理.
版本:"3"服务:mongo_service:建造:语境: .dockerfile:docker_mongo_context/Dockerfiletty:是的主机名:mongo端口:-"27017:27017";取决于:-adonis_serviceadonis_service:建造:语境: .dockerfile:docker_adonis_context/Dockerfiletty:是的主机名:adonis端口:-"3333:3333";数量:- .:/应用程序 对于那些对如何使用 ssh 的方式感兴趣的人,我添加了一个小示例,允许使用<在没有容器的容器之间使用code> ssh
- 使用密码进行身份验证
- 将私钥/公钥暴露给外部环境或主机
- 具有外部访问权限(只有相同docker网络中的docker容器具有访问权限)
说明
docker-compose.yml
docker-compose 文件.它由一些配置组成.
- 我已为容器分配了静态IP ,这使访问更加方便.
- 我添加了一个卷(
sshdata)以在容器之间共享ssh密钥(用于身份验证).
版本:"3.8"服务:第一服务:建造:语境: .dockerfile:Dockerfile-1网络:vpcbr:ipv4_address:10.5.0.2环境:-SECOND_SERVICE = 10.5.0.3数量:-sshdata:/home/developer/.ssh/第二服务:建造:语境: .dockerfile:Dockerfile-2网络:vpcbr:ipv4_address:10.5.0.3数量:-sshdata:/home/developer/.ssh/取决于:-第一服务网络:vpcbr:司机:桥ipam:配置:-子网:10.5.0.0/16数量:sshdata: Dockerfiles
服务的Dockerfile相同,只是 entrypoint.sh -脚本不同(请参见下文).
从FROM ubuntu:latest#我们需要一些工具运行apt-get update&&&apt-get install -y ssh sudo网络工具#我们希望拥有另一个用户,而不是`root`.RUN adduser开发人员##用户设置#我们希望拥有无密码的sudo访问跑步 \sed -i/etc/sudoers -re's/^%sudo.*/%sudo ALL =(ALL:ALL)NOPASSWD:ALL/g'&&\sed -i/etc/sudoers -re's/^ root.*/root ALL =(ALL:ALL)NOPASSWD:ALL/g'&&\sed -i/etc/sudoers -re's/^#includedir.*/## **删除了include指令** ##"/g'&&\回显开发人员ALL =(ALL)NOPASSWD:ALL";>>/etc/sudoers;su-开发人员-c ID#现在与用户开发人员一起运行用户开发人员添加./entrypoint-1.sh/entrypoint-1.sh运行sudo chmod + x/entrypoint-1.shENTRYPOINT ["/entrypoint-1.sh";] 入口点脚本
现在,我们来了解重要的内容: entrypoint.sh -脚本,该脚本执行所需的设置步骤.我们的第一个容器( first-service )应该能够 ssh 到我们的第二个容器( second-service ).
为此,我们的第一项服务没有特殊设置.我们只是将〜/.ssh 文件夹的所有者更改为具有对〜/.ssh/known_hosts 的写权限(但是,如果不这样做,则可以禁用严格的主机密钥检查)想要这样做)
<代码>#!/bin/bash#ENTRYPOINT FOR SERVICE优先服务#现在我们可以ssh到另一个容器#更改.ssh文件夹的所有者及其内容sudo chown -R开发人员:developer〜/.ssh#执行命令尽管 !ssh-keyscan -H $ {SECOND_SERVICE}>>〜/.ssh/known_hosts做回显主机未启动,请重试..."睡觉1;完毕#-------------------------------------#在这里我们可以运行命令ssh developer @ $ {SECOND_SERVICE}" ls -l/"回声完成!"#-------------------------------------#在这里你可以做其他的事情尾-f/dev/null while循环是一条引人注目的一行:我们真的不知道何时我们的第二项服务已准备好进行ssh连接.我们可以等待,但这并不是那么优雅.而是,我们定期尝试连接到第二个容器,直到命令成功.之后,它将继续执行实际的命令.
最后一件事是第二个服务的 entrypoint.sh -脚本:
<代码>#!/bin/bash#ENTRYPOINT FOR SERVICE二次服务##-ssh的一些设置#启动服务器sudo服务ssh启动#生成密钥须藤ssh-keygen -t rsa -f/home/developer/.ssh/id_rsa#更改.ssh文件夹的所有者及其内容sudo chown -R开发人员:developer〜/.ssh#添加密钥须藤echo $(cat/home/developer/.ssh/id_rsa.pub)>>〜/.ssh/authorized_keys#-------------------------------------#在这里我们可以开始做一些事情尾-f/dev/null
也许这可以帮助某人.
I have two Dockerfiles: one for adonis (with node docker's hub image) and another for mongo (with mongo docker's hub image).
The mongo_service must depend on adonis service because I only want to run adonis after starting all the mongo instances.
Therefore, on the end of the mongo dockerfile I run a script which in the end will run:
adonis seed
adonis serve
The error that I'm having is: adonis: command not found
I understand that somehow the mongo_service is not having access to the adonis_service which has adonis installed.
My question is how can I have access to something that I installed in another container? I did this separation for the work to be more organized.
version: '3'
services:
mongo_service:
build:
context: .
dockerfile: docker_mongo_context/Dockerfile
tty: true
hostname: mongo
ports:
- "27017:27017"
depends_on:
- adonis_service
adonis_service:
build:
context: .
dockerfile: docker_adonis_context/Dockerfile
tty: true
hostname: adonis
ports:
- "3333:3333"
volumes:
- .:/app
For those who are interested in the way on how to use ssh, I've added a small example which allows to use ssh between container without
- dealing with passwords for authetication
- exposing private/public keys to the outside environment or the host
- having access from the outside (only docker container within the same docker network have access)
Description
docker-compose.yml
The docker-compose file. It consist of some configuration.
- I have assigned my container static IPs, which allows a more easy access.
- I have added a volume (
sshdata) to share the ssh-keys between the containers (for authentication).
version: "3.8"
services:
first-service:
build:
context: .
dockerfile: Dockerfile-1
networks:
vpcbr:
ipv4_address: 10.5.0.2
environment:
- SECOND_SERVICE=10.5.0.3
volumes:
- sshdata:/home/developer/.ssh/
second-service:
build:
context: .
dockerfile: Dockerfile-2
networks:
vpcbr:
ipv4_address: 10.5.0.3
volumes:
- sshdata:/home/developer/.ssh/
depends_on:
- first-service
networks:
vpcbr:
driver: bridge
ipam:
config:
- subnet: 10.5.0.0/16
volumes:
sshdata:
Dockerfiles
The Dockerfiles for the services are the same, only the entrypoint.sh-scripts are different (see below).
FROM ubuntu:latest
# We need some tools
RUN apt-get update && apt-get install -y ssh sudo net-tools
# We want to have another user than `root`
RUN adduser developer
## USER SETUP
# We want to have passwordless sudo access
RUN \
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' && \
echo "developer ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers; su - developer -c id
# Run now with user developer
USER developer
ADD ./entrypoint-1.sh /entrypoint-1.sh
RUN sudo chmod +x /entrypoint-1.sh
ENTRYPOINT [ "/entrypoint-1.sh" ]
Entrypoint-Scripts
Now we come to the important stuff: The entrypoint.sh-scripts, which perform the needed set-up-steps. Our first container (first-service) should be able to ssh to our second container (second-service).
For this there is no special setup for our first service. We just change the owner of the ~/.ssh folder to have writing access to ~/.ssh/known_hosts (but you can just disable strict host key checking if you dont want to do this)
#!/bin/bash
# ENTRYPOINT FOR SERVICE first-service
# We can now ssh to our other container
# Change the owner of the .ssh folder and it's content
sudo chown -R developer:developer ~/.ssh
# Perform your command
while ! ssh-keyscan -H ${SECOND_SERVICE} >> ~/.ssh/known_hosts
do
echo "Host not up, trying again..."
sleep 1;
done
# -------------------------------------
# Here we can run our command
ssh developer@${SECOND_SERVICE} "ls -l /"
echo "DONE!"
# -------------------------------------
# Here you can do other stuff
tail -f /dev/null
One remarkable line is the while-loop: We do not really know, when our second service is ready for a ssh-connection. We can wait, but thats not that elegant. Instead, we periodically try to connect to the second container until the command succeeded. Afterwards it will continue with the actual command.
The last thing is the entrypoint.sh-Script for the second service:
#!/bin/bash
# ENTRYPOINT FOR SERVICE second-service
## -- A little bit of setup for ssh
# Starting the server
sudo service ssh start
# Generate a key
sudo ssh-keygen -t rsa -f /home/developer/.ssh/id_rsa
# Change the owner of the .ssh folder and it's content
sudo chown -R developer:developer ~/.ssh
# Add the keys
sudo echo $(cat /home/developer/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys
# -------------------------------------
# Here we can start doing the stuff
tail -f /dev/null
Maybe this help someone.
这篇关于如何使用Docker Compose从另一个容器使用命令?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
