将命令从一个Docker容器传递到另一个

Question

I have a helper container and an app container.

The helper container handles mounting of code via git to a shared mount with the app container.

I need for the helper container to check for a package.json or requirements.txt in the cloned code and if one exists to run npm install or pip install -r requirements.txt , storing the dependencies in the shared mount. Thing is the npm command and/or the pip command needs to be run from the app container to keep the helper container as generic and as agnostic as possible.

One solution would be to mount the docker socket to the helper container and run docker exec <command> <app container> but what if I have thousands of such apps on a single host. Will there be issues having hundreds of containers all accessing the docker socket at the same time? And is there a better way to do this? Get commands run on another container?

Answer 1

Well there is no "container to container" internal communication layer like "ssh". In this regard, the containers are as standalone as 2 different VMs ( beside the network part in general ).

You might go the usual way, install opensshd-server on the "receiving" server, configure it key-based only. You do not need to export the port to the host, just connect to the port using the docker-internal network. Deploy the ssh private key on the 'caller server' and the public key into .ssh/authorized_keys on the 'receiving server' during container start time ( volume mount ) so you do not keep the secrets in the image (build time).

Probably also create a ssh-alias in .ssh/config and also set HostVerify to no, since the containers could be rebuild. Then do

ssh <alias> your-command

Answer 2

Found that better way I was looking for :-) .

Using supervisord and running the xml rpc server enables me to run something like:

supervisorctl -s http://127.0.0.1:9002 -utheuser -pthepassword start uwsgi supervisorctl -s http://127.0.0.1:9002 -utheuser -pthepassword start uwsgi

In the helper container, this will connect to the rpc server running on port 9002 on the app container and execute a program block that may look something like;

[program:uwsgi]
directory=/app
command=/usr/sbin/uwsgi --ini /app/app.ini --uid nginx --gid nginx --plugins http,python --limit-as 512
autostart=false
autorestart=unexpected
stdout_logfile=/var/log/uwsgi/stdout.log
stdout_logfile_maxbytes=0
stderr_logfile=/var/log/uwsgi/stderr.log
stderr_logfile_maxbytes=0
exitcodes=0
environment = HOME="/app", USER="nginx"]

This is exactly what I needed!

For anyone who finds this you'll probably need your supervisord.conf on your app container to look sth like:

[supervisord]
nodaemon=true

[supervisorctl]

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[inet_http_server]
port=127.0.0.1:9002
username=user
password=password

[program:uwsgi]
directory=/app
command=/usr/sbin/uwsgi --ini /app/app.ini --uid nginx --gid nginx --plugins http,python --limit-as 512
autostart=false
autorestart=unexpected
stdout_logfile=/var/log/uwsgi/stdout.log
stdout_logfile_maxbytes=0
stderr_logfile=/var/log/uwsgi/stderr.log
stderr_logfile_maxbytes=0
exitcodes=0
environment = HOME="/app", USER="nginx"]

You can setup the inet_http_server to listen on a socket. You can link the containers to be able to access them at a hostname.