Skip to main content

Docker Success Center

The Docker enterprise customer portal.

Docker, Inc.

How can I gain root level CLI access to a Docker for AWS instance?

When a user gains SSH access to a Docker for AWS node, in actuality the user's access is only within a SSH container deployed on the node. As a result, many non-Docker CLI commands are run within the container itself and not at a host level. Users can run CLI commands at the host level by performing an additional step as outlined in this article.

Prerequisites

Before performing these steps, you must meet the following requirements:

  • Docker EE cluster deployed via Docker for AWS
  • A UCP admin client bundle or SSH access to the nodes in a Docker for AWS cluster

Steps

Users can perform either of the following steps to gain access to the host level of a Docker for AWS node:

Via SSH

To gain access to the host level of a Docker for AWS node via SSH, log into the Docker for AWS node using your Docker username and your private key file. After doing so, start a privileged container to enable shell access on the host using nsenter (https://github.com/jpetazzo/nsenter): 

docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh 

Via UCP Admin Client Bundle

To gain access to the host level of a Docker for AWS node via the UCP admin client bundle, run the same command as mentioned previously but with a node constraint to specify which node you're targeting. For example, if you intend to run it on a node named node1:

docker run -it -e constraint:node==node1 --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh 
  • Was this article helpful?