I need to run 2 commands with docker exec.
I am copying a file out of the docker container and don’t want to have to deal with credentials to use something like ssh.
This command copies a file:
sudo docker exec boring_hawking tar -cv /var/log/file.log | tar -x
But it creates a subdirectory var/log, I want to avoid that so if I could do these in the docker container I should be good:
cd /var/log ; tar -cv ./file.log
How can I make docker exec run 2 commands?
This led to the answer: Escape character in Docker command line
I ended up doing this:
sudo docker exec boring_hawking
bash -c 'cd /var/log ; tar -cv ./file.log'
| tar -x
So it works by, sort of, running the one bash command with a parameter that is the 2 commands I want to run.
1
For anyone else who stumbles across this and wants a different way to specify multiple commands in order to execute a more complex script:
cat <<EOF | docker exec --interactive boring_hawking sh
cd /var/log
tar -cv ./file.log
EOF
6
Quite often, the need for several commands is to change the working directory — as in the OP’s question.
For that, docker now has a -w
option to specify the working directory. E.g. in the present case
docker exec -w /var/log boring_hawking tar -cv ./file.log
0
If anyone else came here for the awesome answer, but also wants a better way to solve OP’s original problem (OP’s OP..?) to copy a file out of a docker container, there is now a docker cp
command that will do this: https://docs.docker.com/engine/reference/commandline/cp/
0
What about bash hacker?
WARNING: This is advanced++ bash programming hack, not easy to understand or read for beginner.
bash (on the host) has a real hacking feature by using typeset -f function_name
…
https://www.gnu.org/software/bash/manual/bash.html#index-typeset
After having a look at the documentation above, I see it’s not well documented, nor at reading declare
…
So this is a real hidden hack!
What is typeset -f
?
typeset -f function_name
: It displays the source code of the given function. Which is very well suitable for remote definition of the same function.
Oh… you think…
you mean: « I can export my local function to the remote container?»
Yeah!
Cherry on the cake: you get all quoting / escaping quotes done magically by bash within string expansion.
Assuming the remote exec environment could parse it: a container without bash wont be able to evaluate bash specific syntax. Nor it could exec command not installed. (Though you could install them on the fly.)
With that, you can hack remote call, and perform 2, or complex calls.
Imagine the given docker scenario:
You’re exec -it somecontainer bash
and crafting a oneliner:
Lets imaging, you want get the list of user, that don’t have the sub-folder in their home: /home/$username/my-sybfolder
First let’s get the list of folder in /home
# a simple approach could be
ls /home
A more real list could be more based on user. As folder in /home
may be mounted and not related to a user’s home.
(assuming the shell in the container has the available commands grep
and cut
)
grep ':/home/' /etc/passwd | cut -d : -f1
And now, let’s combine all those commands, first multi-line code:
for u in $(grep ':/home/' /etc/passwd | cut -d : -f1)
do
if [ ! -d /home/$u/my-subfolder ]
then
echo $u
fi
done
one-liner please
This is not exactly as simple a putting semi-colon at each end-of-line ;
for u in $(grep ':/home/' /etc/passwd | cut -d : -f1) ;do if [ ! -d /home/$u/my-subfolder ] ; then echo $u ; fi ;done
tips: typeset -f
can help you to achieve it. Left as an exercise for future hacker.
on my container it looks like:
d2b1672ae6da:/home$ ls
debian www-data
d2b1672ae6da:/home$ for u in $(grep ':/home/' /etc/passwd | cut -d : -f1) ;do if [ ! -d /home/$u/my-subfolder ] ; then echo $u ; fi ;done
www-data
cool.
mixing host and container exec now
our crafted oneliner is becoming a nice small script.
So let’s save it, on the host as a nice function
# single quote around END herescript marker avoid evaluating $() code
# and keep $var verbatim
cat <<'END' > my_docker_helper_functions.sh
find_user_without_subfolder()
{
for u in $(grep ':/home/' /etc/passwd | cut -d : -f1)
do
if [ ! -d /home/$u/my-subfolder ]
then
echo $u
fi
done
}
END
let’s have it defined on the host
source my_docker_helper_functions.sh
# output nothing, the content of the file is evaluated in the current bash session
test it with our new hacker tool typeset -f
debian@vm-01-d2-4:~$ typeset -f find_user_without_subfolder
# should output ⬇️
find_user_without_subfolder ()
{
for u in $(grep ':/home/' /etc/passwd | cut -d : -f1);
do
if [ ! -d /home/$u/my-subfolder ]; then
echo $u;
fi;
done
}
almost done…
exec that cool function on the container
docker exec somecontainer bash -c "$(typeset -f find_user_without_subfolder); find_user_without_subfolder"
# outputs ⬇️
www-data
explanations:
docker exec somecontainer bash -c "command here"
is the trick you’ve learnt from @Solx
our "command here"
is "$(typeset -f find_user_without_subfolder); find_user_without_subfolder"
"
double-quote mandatory for shell expansion (on host side before to be sent to the container)
Remember I said, bash will handle quote escaping for you? That will happen right here.
the semi-colon ;
split the two things:
# put the function definition verbatim right here before the `;`
# our function will be parsed on the remote side
# (assuming is sourced in the shell on the host)
$(typeset -f find_user_without_subfolder)
# our newly available function in the container call (without argument)
find_user_without_subfolder
Yes it works through ssh too.
Yes, function could have argument, yes multiple functions could exported that way…