So you may have heard about this Docker™ thing.
You know; it runs containers and all that jazz.
You might think the container craze is only for developers that think this time they’ve finally understood operations.
You’d be wrong however.
I’m going to explain a simple trick that I use often when
sshing into a remote machine for some old school sysadmin work.
If the title of this post seems unintelligible, fear not!
Dotfiles are a slang term for command line tools’ configuration files that are scattered in your
As it turns out, they all happen to be prefixed by a dot as the result of unintentional behavior (pronounced bug) in Unix.
Lots of people store their dotfiles on GitHub so that they can easily synchronize them across machines.
I’ve publicly maintained mine here since 2013.
As I’ve moved back and forth between machines, I found that I’d make my life significantly easier if I wrote a script for installing my dotfiles onto a new machine, so I did that. There are lots of ways to manage your dotfiles; often mentioned is GNU Stow instead of rolling your own script like I did.
Ok, cool. The next prereq for this article is roughly understanding Linux containers. Oh boy, is this a big one, but don’t sweat it because we don’t need to know how deep the rabbithole goes for the sake of this demonstration. Containers are just isolated processes running on a Linux kernel. By isolated, I mean that they don’t have access to the whole system, like you do. Docker, if you’ve been living under a rock, is convenient way to create, distribute, and execute software as containers.
In CoreOS Linux, we didn’t have a package manager.
The OS was meant to have only enough for you to run containers.
This was a very nice property for reliable production deployments of software, but it left you with zero tools when it came time to debug something.
The toolbox command.
This was just a shell script that pulled down a Fedora image and ran the container with very little isolation.
When you’re in the toolbox, you could use tools installed on a Fedora system or
dnf to temporarily install whatever you want.
When you exited the toolbox, poof, all that Fedora was gone.
Toolbox is an example of a BYOU: Bring Your Own Userspace. Using a Dockerfile to build a container image of your dotfiles means that you can take that userspace to any system. Wish that machine over there had your git/vim/zsh config? Just use the toolbox trick with the container image of your dotfiles. I use different flags to docker depending on how much access I want to the system, but a good start that’s simple could be like so:
docker run --privileged=true -v /:/mnt -ti quay.io/jzelinskie/toolbox:latest zsh
If you give yourself privileged you can do things like
nsenter into other containers and muck around with them.
In the past, I have actually been able to use this to debug some pretty nasty production incidents.