読者です 読者をやめる 読者になる 読者になる

Docker コンテナから Docker API を叩くひとつの方法

Dockerコンテナ内からDocker APIを叩きたくなる時がいずれくるでしょう.

その時,ここで見たことを覚えておくと助けになるかも知れません.

色々方法はあると思いますが,unix socketを-vで内部に押し込む方法で.

host_server~ $ docker run -it -v /var/run/docker.sock:/var/run/docker.sock {image_name}
container  ~ # apt install nginx
container  ~ # vi /etc/nginx/sites-available/default

upstream docker-api {
  server  unix:/var/run/docker.sock;
}

server {
  listen 80;
  server_name localhost;
  location / {
    proxy_pass  http://docker-api;
  }
}

container  ~ # chmod 666 /var/run/docker.sock
container  ~ # nginx
container  ~ # curl "http://localhost/info"

{"Containers":3,"Debug":0,"DockerRootDir":"/var/lib/docker","Driver":"btrfs","DriverStatus":[["Build Version","Btrfs v3.17.1"],["Library Version","101"]],"ExecutionDriver":"native-0.2","ID":"ZULY:GXYJ:3KW5:YSLF:JPVP:6BIC:SAEI:Y22M:7SAD:XWGX:VSZM:EVO6","IPv4Forwarding":1,"Images":19,"IndexServerAddress":"https://index.docker.io/v1/","InitPath":"/usr/libexec/docker/dockerinit","InitSha1":"bfdb766c18e26dece979cab45ebaa23c9380b880","KernelVersion":"3.18.1","Labels":null,"MemTotal":16790044672,"MemoryLimit":1,"NCPU":8,"NEventsListener":0,"NFd":23,"NGoroutines":33,"Name":"localhost","OperatingSystem":"CoreOS 557.2.0","SwapLimit":1}

container  ~ # curl "http://localhost/containers/${HOSTNAME}/json"

{"AppArmorProfile":"","Args":[],"Config":{"AttachStderr":true,"AttachStdin":true,"AttachStdout":true,"Cmd":["bash"],"CpuShares":0,"Cpuset":"","Domainname":"","Entrypoint":null,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOME=/root"],"ExposedPorts":null,"Hostname":"3d513faa145f","Image":"dockerfile/ubuntu","MacAddress":"","Memory":0,"MemorySwap":0,"NetworkDisabled":false,"OnBuild":null,"OpenStdin":true,"PortSpecs":null,"StdinOnce":true,"Tty":true,"User":"","Volumes":null,"WorkingDir":"/root"},"Created":"2015-02-24T11:13:06.978806447Z","Driver":"btrfs","ExecDriver":"native-0.2","HostConfig":{"Binds":["/var/run/docker.sock:/var/run/docker.sock"],"CapAdd":null,"CapDrop":null,"ContainerIDFile":"","Devices":[],"Dns":null,"DnsSearch":null,"ExtraHosts":null,"IpcMode":"","Links":null,"LxcConf":[],"NetworkMode":"bridge","PortBindings":{},"Privileged":false,"PublishAllPorts":false,"RestartPolicy":{"MaximumRetryCount":0,"Name":""},"SecurityOpt":null,"VolumesFrom":null},"HostnamePath":"/var/lib/docker/containers/3d513faa145f7d521fe1306603548abdcf43f9da3f0a4b9a712b62b9807144f2/hostname","HostsPath":"/var/lib/docker/containers/3d513faa145f7d521fe1306603548abdcf43f9da3f0a4b9a712b62b9807144f2/hosts","Id":"3d513faa145f7d521fe1306603548abdcf43f9da3f0a4b9a712b62b9807144f2","Image":"aee14a1743b253f08910346b6776cca2b21441a5fa59714dd0fa13e5b40688f2","MountLabel":"","Name":"/elated_hoover","NetworkSettings":{"Bridge":"docker0","Gateway":"172.17.42.1","IPAddress":"172.17.0.35","IPPrefixLen":16,"MacAddress":"02:42:ac:11:00:23","PortMapping":null,"Ports":{}},"Path":"bash","ProcessLabel":"","ResolvConfPath":"/var/lib/docker/containers/3d513faa145f7d521fe1306603548abdcf43f9da3f0a4b9a712b62b9807144f2/resolv.conf","State":{"Error":"","ExitCode":0,"FinishedAt":"0001-01-01T00:00:00Z","OOMKilled":false,"Paused":false,"Pid":12782,"Restarting":false,"Running":true,"StartedAt":"2015-02-24T11:13:07.317212341Z"},"Volumes":{"/var/run/docker.sock":"/run/docker.sock"},"VolumesRW":{"/var/run/docker.sock":true}}

アクセス制限しないと,どうなっても知らないぞ!