What the heck is dual pipes?
- Docker and OS comms
- hacks
Dual Pipes?¶
#!/bin/ash
# Create the FIFO for input commands
rm /var/run/docker_host_pipe -r || true
mkfifo /var/run/docker_host_pipe
rm /var/run/docker_host_results -r || true
# Create the FIFO for output results
mkfifo /var/run/docker_host_results
while true; do
cat /var/run/docker_host_pipe
ip6=$(ip -6 address show dev eth0 | awk '/inet6 fd[0-9a-f:]*\/128/{split($2, a, "/"); print a[1]}' | head -n 1)
echo $ip6 > /var/run/docker_host_results
# eval "$(cat /var/run/docker_host_pipe)" > /var/run/docker_host_results
done
This little snippet is dual pipes. It's a simple concept, create two files, one this script reads and another this script writes to.
If the above script is running, the easiest way to test is to open 2x ssh connections to the machine running it, in the first run
cat /var/run/docker_host_results
The command should hang
Now in the second one, you should be able to echo literally anything at all to /var/run/docker_host_pipe, and the first ssh connection will get dumped the response, the cat from the above command will no longer hang. echo 'test' > /var/run/docker_host_pipe
Why though?¶
To make communication between arbitrary scripts on the host machine and containers possible
Recommended?¶
No.
It seems to have a high likelyhood of working, but a non-zero chance of failure that really can require a system reboot to fix, due to how low level the pipes are. They MUST be created before docker (or podman or kubernetes or whatever container solution you picked) or things will go very bad if a container tries to use them before they're made.
They are not real filesystem entries so every reboot they must be recreated.
In production? Never would recommend.
For practice? It's a lot faster than setting a proper application on the host that the vm's can somehow communicate with via tcp/udp.
Actual results, usually they work but sometimes they just hang. Possible race condition.
Define Very Bad¶
the container application will create a (folder probably) if the fifo's don't already exist. Then the fifo's can't be created because those f(iles|olders) are already in use. The the containerization app must be stopped, the f(iles|olders) removed, then the fifo's created and the script run in the background and finally containerization can restart.