sharing files from a running container with the host
747 views
Skip to first unread message
Nirlay Kundu
Jun 21, 2015, 7:48:20 PM6/21/15
to coreo...@googlegroups.com
I have run /usr/bin/toolbox per
and installed tcpdump. It takes me to Fedora namespace where I have run tcpdump and saved a file inside the container. It is saved under /root inside the container. How can I move the file or see the file from the host ?
Thanks
Seán C. McCord
Jun 21, 2015, 7:56:26 PM6/21/15
to Nirlay Kundu, coreo...@googlegroups.com
FWIW, there is a golang tcpdump clone here:
I have made (and use) a thin docker image which installs it. You can install it for use with CoreOS with:
docker run --rm -v /opt/bin:/target ulexus/install-tcpdump
This allows you to execute tcpdump from the host, directly. Note that it's not a perfect clone, and the syntax is slightly quirky, but it produces perfectly fine captures either in ascii or in pcap (for Wireshark). Specifically, it requires explicit `-i` (capture interface) and `-s` (maximum packet size) parameters, as well as enclosing the tcpdump filter in quotes. If feeding to wireshark directly from stdin, you'll need to strip the first line beginning with `tcpdump`. I run remote captures with a script like:
```
#!/bin/bash
ssh $CAPTURE_HOST sudo tcpdump -i eth0 -s 16550 -w - \'$*\' |grep -v ^tcpdump |wireshark -k -i -
```
--
Seán C McCord
CyCore Systems, Inc
Alex Crawford
Jun 21, 2015, 8:11:28 PM6/21/15
to Nirlay Kundu, coreo...@googlegroups.com
toolbox mounts the host's root (among other things) into the container. It's mounted at /media/root. toolbox is just a script so it's easy to see what its doing by cat'ing it out.
-Alex
-Alex
From: Nirlay Kundu
Sent: 6/21/2015 16:48
Cc: coreo...@googlegroups.com
Subject: sharing files from a running container with the host
--
You received this message because you are subscribed to the Google Groups "CoreOS User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coreos-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "CoreOS User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coreos-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nirlay Kundu
Jun 21, 2015, 8:16:00 PM6/21/15
to Alex Crawford, coreo...@googlegroups.com
Thanks Alex.
Here is what I see inside the container
[root@node-8eea44100000 ~]# pwd
/root
[root@node-8eea44100000 ~]# ls -al *.pcap
-rw-r--r-- 1 tcpdump tcpdump 2068520 Jun 19 18:50 061915_1.pcap
-rw-r--r-- 1 tcpdump tcpdump 3083181 Jun 21 22:12 062115_1.pcap
-rw-r--r-- 1 tcpdump tcpdump 285063 Jun 21 22:23 062115_2.pcap
On the host, this is what I see
montana@node-8eea44100000 / $ cd media
montana@node-8eea44100000 /media $ ls
montana@node-8eea44100000 /media $
I need to see the file *.pcap from the host.
thanks
Seán C. McCord
Jun 21, 2015, 8:20:26 PM6/21/15
to Nirlay Kundu, Alex Crawford, coreo...@googlegroups.com
Worst case, you can just install an ssh client (which includes scp) with `yum install openssh-clients`, but you really should have the root fs mounted.
What is the output of `df` from inside toolbox? Are you entering toolbox simply by typing `toolbox`?
Nirlay Kundu
Jun 21, 2015, 8:22:46 PM6/21/15
to Seán C. McCord, coreo...@googlegroups.com
Hi Sean
Thanks for the pointers/ I installed tcpdump per your instructions.
Then on the host I am trying to run tcpdump
montana@node-8eea44100000 ~ $ sudo tcpdump -ni any -s 0 -vv -w <filename>.pcap
sudo: tcpdump: command not found
I am entering the toolbox by doing this on the host
/usr/bin/toolbox
[root@node-8eea44100000 ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda9 290507036 10425688 279115752 4% /
tmpfs 132093980 0 132093980 0% /dev
tmpfs 132093980 0 132093980 0% /dev/shm
tmpfs 132093980 0 132093980 0% /run
/dev/sda3 1032088 295904 683756 31% /media/root/usr
[root@node-8eea44100000 ~]#
Seán C. McCord
Jun 21, 2015, 8:27:30 PM6/21/15
to Nirlay Kundu, coreo...@googlegroups.com
Since you are using a non-default user (montana) instead of `core`, make sure you have `/opt/bin` in your path (assuming you installed tcpdump in with the command I gave). Also, make sure it exists there, as `/opt/bin/tcpdump`. You can always run it with a fully-specified path. Also, that `docker run` command should have been executed from the host, not from inside toolbox.
It's curious that your `/usr` is mounted, but not the root. I've never seen that before. Anyway, your toolbox filesystem should be in `/var/lib/toolbox`, so you can always copy it from there from the host.
Seán C. McCord
Jun 21, 2015, 8:28:35 PM6/21/15
to Nirlay Kundu, coreo...@googlegroups.com
Also: `-s 0` doesn't work as expected with the golang tcpdump. You actually need to specify a maximum packet size. That's why I use 16550.
Nirlay Kundu
Jun 21, 2015, 8:37:00 PM6/21/15
to Seán C. McCord, coreo...@googlegroups.com
Got it. On the host, I see
/var/lib/toolbox/montana-fedora-latest/root
node-8eea44100000 root # ls
061915_1.pcap 062115_1.pcap 062115_2.pcap anaconda-ks.cfg
So my files are there.
Per Alex' suggestion, I installed openssh inside toolbox and scp'd the files to the host.
Thanks Sean and Alex.
Reply all
Reply to author
Forward
0 new messages