从Docker容器内执行主机命令 [英] Execute host commands from within a docker container

问题描述

我正在寻找一种方式让用户能够在主机上执行一组有限的命令，而只能从容器/浏览器访问它。目标是防止SSH主机只需要运行命令，例如 make start ， make stop 等等。这些使命令只执行一系列 docker-compose 命令，有时在dev中需要。 / p>

我可以想到的两种可能的方式是：

• 通过cloud9终端内部的浏览器（我们已经在使用它）。默认情况下，该终端只能访问容器本身。


• 通过一个带有映射到命令的按钮的自定义迷你webapp（例如node.js / express）。如果在主机本身运行，这将很容易做到，但是我想保留所有这样的代码作为容器。

解决方案

这种方法将违反a href =https://docs.docker.com/introduction/understanding-docker/#the-underlying-technology的停泊点概念 =nofollow >进程/资源封装。使用docker，您可以从主机和彼此完全封装进程（除非链接容器/卷）。在Docker容器中，由于进程名称空间。当你现在想要在一个容器内执行主机上的进程，这个过程就是违反Docker的方法。

I'm looking for a way for a user to be able to execute a limited set of commands on the host, while only accessing it from containers/browser. The goal is to prevent the need for SSH'ing to the host just to run commands occasionally like make start, make stop, etc. These make commands just execute a series of docker-compose commands and are needed sometimes in dev.

The two possible ways in I can think of are:

• Via cloud9 terminal inside browser (we'll already be using it). By default this terminal only accesses the container itself of course.
• Via a custom mini webapp (e.g. node.js/express) with buttons that map to commands. This would be easy to do if running on the host itself, but I want to keep all code like this as containers.

解决方案

That approach would be against the docker concepts of process/resources encapsulation. With docker you encapsulate processes completely from the host and from each other (unless you link containers/volumes). From within a docker container you cannot see any processes running on the host due to process namespaces. When you now want to execute processes on the host from within a container that would be against the docker methodology.

这篇关于从Docker容器内执行主机命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！