docker nsenter

# nsenter

nsenter라는 명령어는 namespace enter의 약어. 격리된 namespace에 진입하는 명령어.

1. centos 이미지로 test1 컨테이너 실행

[root@centos7 ~]# docker run -it --name test1 centos
[root@a97f2864a314 /]# ctrl p+q 눌러서 빠져나오기
[root@centos7 ~]#
[root@centos7 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
a97f2864a314        centos              "/bin/bash"         6 seconds ago       Up 6 seconds                            test1

 

2. namespace pid 확인

[root@centos7 ~\]# docker inspect -f '{{.State.Pid}}' test1 
19542 

 

3. test1 namespace에 진입해서 'ip a' 명령어 실행

[root@centos7 ~]# nsenter -t 19542 -n ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
22: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:2/64 scope link
       valid_lft forever preferred_lft forever

 

4. OS의 namespace 확인하는 명령으로는 안보임

[root@centos7 ~]# ip netns
[root@centos7 ~]#

 

 HostOS와 test1 컨테이너 형상