ChatGPT解决这个技术问题 Extra ChatGPT

How to enter in a Docker container already running with a new TTY

I have a container that is running the Apache service in the foreground. I would like to be able to access the container from another shell in order to "poke around" inside it and examine the files. At the moment, if I attach to the container, I am left looking at the Apache daemon and cannot run any commands.

Is it possible to attach another tty to a running container? Possibly, I can take advantage of the fact that Docker is actually just wrapping around LXC containers? I have tried sudo lxc-console -n [container-id] -t [1-4] but it appears that only one tty is made available and that is the one running the apache daemon. Perhaps there is a way to enable multiple lxc consoles during the build?

I would rather not configure and build the container with an openssh service if possible.

Did you try docker attach [conainer-id] ?
@shabbychef unless docker attach has changed, the attach command attaches to the running tty, not a new one, hence the question title is "...with new TTY". This is why the answer below does not use the attach command.
Since 1.3 there is an easier way as described on this answer

M
Michael_Scharf

With docker 1.3, there is a new command docker exec. This allows you to enter a running container:

docker exec -it [container-id] bash

Note: this assumes bash is installed on your container. You may run sh or whatever interactive shell is installed on the container.


I have changed this to be the correct answer (from my own) because this new method, which wasn't around at the time of the question, is the best current method IMO.
Notice however that exec doesn't act as a normal terminal. For example you can't change user once inside the container.
@Pithikos: I'm able to use exec to run a shell and then su someuser to change user. Running Docker 1.4.1
Note to anyone reading this discussion. I'm sure docker exec -it will eventually provide a fully-functional pseudo tty, but for now (Docker version 1.9.1), there are some shortcomings : github.com/docker/docker/issues/8755
if you get the error 'exec: "bash": executable file not found in $PATH' you can try this : docker exec -it [container-id] /bin/sh
H
Hyperfocus

You should use Jérôme Petazzoni's tool called 'nsenter' to enter a container without using SSH. See: https://github.com/jpetazzo/nsenter

Install with simply running: docker run -v /usr/local/bin:/target jpetazzo/nsenter

Then use the command docker-enter <container-id> to enter the container.


This is the right way. See blog.
With docker 1.3, there is a new command docker exec. This allows you to enter a running docker: docker exec -it <container-id> bash (see my answer below)
Does docker-enter still exist? It gives me command not found.
C
Community

Update

As of docker 0.9, for the steps below to now work, one now has to update the /etc/default/docker file with the '-e lxc' to the docker daemon startup option before restarting the daemon (I did this by rebooting the host).

https://i.stack.imgur.com/iopsa.png

This is all because...

...it [docker 0.9] contains a new "engine driver" abstraction to make possible the use of other API than LXC to start containers. It also provide a new engine driver based on a new API library (libcontainer) which is able to handle Control Groups without using LXC tools. The main issue is that if you are relying on lxc-attach to perform actions on your container, like starting a shell inside the container, which is insanely useful for developpment environment...

source

Please note that this will prevent the new host only networking optional feature of docker 0.11 from "working" and you will only see the loopback interface. bug report

It turns out that the solution to a different question was also the solution to this one:

...you can use docker ps -notrunc to get the full lxc container ID and then use lxc-attach -n run bash in that container as root.

Update: You will soon need to use ps --no-trunc instead of ps -notrunc which is being deprecated.

https://i.stack.imgur.com/F1q1W.png

https://i.stack.imgur.com/LBPOf.png

https://i.stack.imgur.com/khTjI.png


So, there is no way to do this with just Docker, right? I personally prefer not to mix in LXC myself.
Is there any way to run a command with lxc-attach instead to launch the bash? thx!!
@qkrijger as far as I am aware that is correct. Why worried about "mixing" LXC? You realize that docker is built on top of LXC right?
@joselo I dont understand your question, but I suggest that you create a new post with more detail? There are many ways to start a docker process, such as with bash or as a daemon with -d etc.
@programster yes, I realize that :) Still, using LXC directly in combination with Docker feels like hacking. Fun, but not really maintainable. In general, one should code in the abstraction layer that one chose to work in. If you really need LXC itself, it might be time for a pull request on Docker :)
p
patapouf_ai

First step get container id:

docker ps

This will show you something like

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1170fe9e9460 localhost:5000/python:env-7e847468c4d73a0f35e9c5164046ad88 "./run_notebook.sh" 26 seconds ago Up 25 seconds 0.0.0.0:8989->9999/tcp SLURM_TASK-303337_0

1170fe9e9460 is the container id in this case.

Second, enter the docker :

docker exec -it [container_id] bash

so in the above case: docker exec -it 1170fe9e9460 bash


On macOS you need to use docker exec -it 1170fe9e9460 sh
h
hexacyanide

What about running tmux/GNU Screen within the container? Seems the smoother way to access as many vty as you want with a simple:

$ docker attach {container id}

This is an ok solution if you know that you will want to get access to a container (for example to debug it), but this would not help OP who states that they want to look around an existing container.
My issue with this answer is that people have already asked about using docker attach and I pointed out that: ...the attach command attaches to the running tty, not a new one, hence the question title is "...with new TTY"
Well, if the container is already running this solution won't help you but if you previously take care of leaving a multiplexer running you won't have any need for additional ttys... In fact since I started using tmux I use one tty and only one to do everything I need since once into tmux I can spawn as much vtys as I want.
F
Flavio
docker exec -ti 'CONTAINER_NAME' sh

or

docker exec -ti 'CONTAINER_ID' sh


P
Pithikos

nsenter does that. However I also needed to enter a container in a simple way and nsenter didn't suffice for my needs. It was buggy in some occasions (black screen plus -wd flag not working). Furthermore I wanted to login as a specific user and in a specific directory.

I ended up making my own tool to enter containers. You can find it at: https://github.com/Pithikos/docker-enter

Its usage is as easy as

./docker-enter [-u <user>] [-d <directory>] <container ID>

Just tried, very cool! On ubuntu had to run sudo apt-get build-essential -y gcc docker-enter.c -o docker-enter sudo ./docker-enter Nice that I dont have to get the full ID like with lxc-attach -n Codebase is short enough that one can scan the entirety quickly to look for anything malicious.
I made an ebuild available on gentoo at github.com/steveeJ/personal-portage-overlay as app-emulation/docker-enter.
I have added a tutorial/script for automatic this for ubuntu users at programster.blogspot.co.uk/2014/01/…
D
Danstan
docker exec -t -i container_name /bin/bash

Will take you to the containers console.


I landed on this question because I had the same problem. The answer that seems similar didn't work for me until I modified. I can delete this though.
k
kynan

The "nsinit" way is:

install nsinit

git clone git@github.com:dotcloud/docker.git
cd docker
make shell

from inside the container:

go install github.com/dotcloud/docker/pkg/libcontainer/nsinit/nsinit

from outside:

docker cp id_docker_container:/go/bin/nsinit /root/

use it

cd /var/lib/docker/execdriver/native/<container_id>/
nsinit exec bash

A
Ahmed Samir

I started powershell on a running microsoft/iis run as daemon using

docker exec -it <nameOfContainer> powershell

Looks as if the question was about a linux-based container. This answer will probably work only if you have a windows-based container -or- if you have the .NET Core version of PowerShell installed, e.g. PowerShell 6 or later.
P
Pang

On Windows 10, I have docker installed. I am running Jnekins on a container and I encountered the same error message. Here is a step by step guide to resolve this issue:

Step 1: Open gitbash and run docker run -p 8080:8080 -p 50000:50000 jenkins.

Step 2: Open a new terminal.

Step 3: Do "docker ps" to get list of the running container. Copy the container id.

Step 4: Now if you do "docker exec -it {container id} sh" or "docker exec -it {container id} bash" you will get an error message similar to " the input device is not a TTY. If you are using mintty, try prefixing the command with 'winpty'"

Step 5: Run command " $winpty docker exec -it {container id} sh"

vola !! You are now inside the terminal.