github.com/khulnasoft/cli@v0.0.0-20240402070845-01bcad7beefa/docs/extend/index.md (about) 1 --- 2 title: Docker Engine managed plugin system 3 description: Develop and use a plugin with the managed plugin system 4 keywords: "API, Usage, plugins, documentation, developer" 5 --- 6 7 - [Installing and using a plugin](index.md#installing-and-using-a-plugin) 8 - [Developing a plugin](index.md#developing-a-plugin) 9 - [Debugging plugins](index.md#debugging-plugins) 10 11 Docker Engine's plugin system lets you install, start, stop, and remove 12 plugins using Docker Engine. 13 14 For information about legacy (non-managed) plugins, refer to 15 [Understand legacy Docker Engine plugins](legacy_plugins.md). 16 17 > **Note** 18 > 19 > Docker Engine managed plugins are currently not supported on Windows daemons. 20 21 ## Installing and using a plugin 22 23 Plugins are distributed as Docker images and can be hosted on Docker Hub or on 24 a private registry. 25 26 To install a plugin, use the `docker plugin install` command, which pulls the 27 plugin from Docker Hub or your private registry, prompts you to grant 28 permissions or capabilities if necessary, and enables the plugin. 29 30 To check the status of installed plugins, use the `docker plugin ls` command. 31 Plugins that start successfully are listed as enabled in the output. 32 33 After a plugin is installed, you can use it as an option for another Docker 34 operation, such as creating a volume. 35 36 In the following example, you install the `sshfs` plugin, verify that it is 37 enabled, and use it to create a volume. 38 39 > **Note** 40 > 41 > This example is intended for instructional purposes only. Once the volume is 42 > created, your SSH password to the remote host is exposed as plaintext when 43 > inspecting the volume. Delete the volume as soon as you are done with the 44 > example. 45 46 1. Install the `sshfs` plugin. 47 48 ```console 49 $ docker plugin install vieux/sshfs 50 51 Plugin "vieux/sshfs" is requesting the following privileges: 52 - network: [host] 53 - capabilities: [CAP_SYS_ADMIN] 54 Do you grant the above permissions? [y/N] y 55 56 vieux/sshfs 57 ``` 58 59 The plugin requests 2 privileges: 60 61 - It needs access to the `host` network. 62 - It needs the `CAP_SYS_ADMIN` capability, which allows the plugin to run 63 the `mount` command. 64 65 2. Check that the plugin is enabled in the output of `docker plugin ls`. 66 67 ```console 68 $ docker plugin ls 69 70 ID NAME TAG DESCRIPTION ENABLED 71 69553ca1d789 vieux/sshfs latest the `sshfs` plugin true 72 ``` 73 74 3. Create a volume using the plugin. 75 This example mounts the `/remote` directory on host `1.2.3.4` into a 76 volume named `sshvolume`. 77 78 This volume can now be mounted into containers. 79 80 ```console 81 $ docker volume create \ 82 -d vieux/sshfs \ 83 --name sshvolume \ 84 -o sshcmd=user@1.2.3.4:/remote \ 85 -o password=$(cat file_containing_password_for_remote_host) 86 87 sshvolume 88 ``` 89 90 4. Verify that the volume was created successfully. 91 92 ```console 93 $ docker volume ls 94 95 DRIVER NAME 96 vieux/sshfs sshvolume 97 ``` 98 99 5. Start a container that uses the volume `sshvolume`. 100 101 ```console 102 $ docker run --rm -v sshvolume:/data busybox ls /data 103 104 <content of /remote on machine 1.2.3.4> 105 ``` 106 107 6. Remove the volume `sshvolume` 108 109 ```console 110 $ docker volume rm sshvolume 111 112 sshvolume 113 ``` 114 115 To disable a plugin, use the `docker plugin disable` command. To completely 116 remove it, use the `docker plugin remove` command. For other available 117 commands and options, see the 118 [command line reference](https://docs.docker.com/engine/reference/commandline/cli/). 119 120 ## Developing a plugin 121 122 #### The rootfs directory 123 124 The `rootfs` directory represents the root filesystem of the plugin. In this 125 example, it was created from a Dockerfile: 126 127 > **Note** 128 > 129 > The `/run/docker/plugins` directory is mandatory inside of the 130 > plugin's filesystem for Docker to communicate with the plugin. 131 132 ```console 133 $ git clone https://github.com/vieux/docker-volume-sshfs 134 $ cd docker-volume-sshfs 135 $ docker build -t rootfsimage . 136 $ id=$(docker create rootfsimage true) # id was cd851ce43a403 when the image was created 137 $ sudo mkdir -p myplugin/rootfs 138 $ sudo docker export "$id" | sudo tar -x -C myplugin/rootfs 139 $ docker rm -vf "$id" 140 $ docker rmi rootfsimage 141 ``` 142 143 #### The config.json file 144 145 The `config.json` file describes the plugin. See the [plugins config reference](config.md). 146 147 Consider the following `config.json` file. 148 149 ```json 150 { 151 "description": "sshFS plugin for Docker", 152 "documentation": "https://docs.docker.com/engine/extend/plugins/", 153 "entrypoint": ["/docker-volume-sshfs"], 154 "network": { 155 "type": "host" 156 }, 157 "interface": { 158 "types": ["docker.volumedriver/1.0"], 159 "socket": "sshfs.sock" 160 }, 161 "linux": { 162 "capabilities": ["CAP_SYS_ADMIN"] 163 } 164 } 165 ``` 166 167 This plugin is a volume driver. It requires a `host` network and the 168 `CAP_SYS_ADMIN` capability. It depends upon the `/docker-volume-sshfs` 169 entrypoint and uses the `/run/docker/plugins/sshfs.sock` socket to communicate 170 with Docker Engine. This plugin has no runtime parameters. 171 172 #### Creating the plugin 173 174 A new plugin can be created by running 175 `docker plugin create <plugin-name> ./path/to/plugin/data` where the plugin 176 data contains a plugin configuration file `config.json` and a root filesystem 177 in subdirectory `rootfs`. 178 179 After that the plugin `<plugin-name>` will show up in `docker plugin ls`. 180 Plugins can be pushed to remote registries with 181 `docker plugin push <plugin-name>`. 182 183 ## Debugging plugins 184 185 Stdout of a plugin is redirected to dockerd logs. Such entries have a 186 `plugin=<ID>` suffix. Here are a few examples of commands for pluginID 187 `f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62` and their 188 corresponding log entries in the docker daemon logs. 189 190 ```console 191 $ docker plugin install tiborvass/sample-volume-plugin 192 193 INFO[0036] Starting... Found 0 volumes on startup plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 194 ``` 195 196 ```console 197 $ docker volume create -d tiborvass/sample-volume-plugin samplevol 198 199 INFO[0193] Create Called... Ensuring directory /data/samplevol exists on host... plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 200 INFO[0193] open /var/lib/docker/plugin-data/local-persist.json: no such file or directory plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 201 INFO[0193] Created volume samplevol with mountpoint /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 202 INFO[0193] Path Called... Returned path /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 203 ``` 204 205 ```console 206 $ docker run -v samplevol:/tmp busybox sh 207 208 INFO[0421] Get Called... Found samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 209 INFO[0421] Mount Called... Mounted samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 210 INFO[0421] Path Called... Returned path /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 211 INFO[0421] Unmount Called... Unmounted samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 212 ``` 213 214 #### Using runc to obtain logfiles and shell into the plugin. 215 216 Use `runc`, the default docker container runtime, for debugging plugins by 217 collecting plugin logs redirected to a file. 218 219 ```console 220 $ sudo runc --root /run/docker/runtime-runc/plugins.moby list 221 222 ID PID STATUS BUNDLE CREATED OWNER 223 93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25 15806 running /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby-plugins/93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25 2018-02-08T21:40:08.621358213Z root 224 9b4606d84e06b56df84fadf054a21374b247941c94ce405b0a261499d689d9c9 14992 running /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby-plugins/9b4606d84e06b56df84fadf054a21374b247941c94ce405b0a261499d689d9c9 2018-02-08T21:35:12.321325872Z root 225 c5bb4b90941efcaccca999439ed06d6a6affdde7081bb34dc84126b57b3e793d 14984 running /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby-plugins/c5bb4b90941efcaccca999439ed06d6a6affdde7081bb34dc84126b57b3e793d 2018-02-08T21:35:12.321288966Z root 226 ``` 227 228 ```console 229 $ sudo runc --root /run/docker/runtime-runc/plugins.moby exec 93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25 cat /var/log/plugin.log 230 ``` 231 232 If the plugin has a built-in shell, then exec into the plugin can be done as 233 follows: 234 235 ```console 236 $ sudo runc --root /run/docker/runtime-runc/plugins.moby exec -t 93f1e7dbfe11c938782c2993628c895cf28e2274072c4a346a6002446c949b25 sh 237 ``` 238 239 #### Using curl to debug plugin socket issues. 240 241 To verify if the plugin API socket that the docker daemon communicates with 242 is responsive, use curl. In this example, we will make API calls from the 243 docker host to volume and network plugins using curl 7.47.0 to ensure that 244 the plugin is listening on the said socket. For a well functioning plugin, 245 these basic requests should work. Note that plugin sockets are available on the host under `/var/run/docker/plugins/<pluginID>` 246 247 ```console 248 $ curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/e8a37ba56fc879c991f7d7921901723c64df6b42b87e6a0b055771ecf8477a6d/plugin.sock http:/VolumeDriver.List 249 250 {"Mountpoint":"","Err":"","Volumes":[{"Name":"myvol1","Mountpoint":"/data/myvol1"},{"Name":"myvol2","Mountpoint":"/data/myvol2"}],"Volume":null} 251 ``` 252 253 ```console 254 $ curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/45e00a7ce6185d6e365904c8bcf62eb724b1fe307e0d4e7ecc9f6c1eb7bcdb70/plugin.sock http:/NetworkDriver.GetCapabilities 255 256 {"Scope":"local"} 257 ``` 258 259 When using curl 7.5 and above, the URL should be of the form 260 `http://hostname/APICall`, where `hostname` is the valid hostname where the 261 plugin is installed and `APICall` is the call to the plugin API. 262 263 For example, `http://localhost/VolumeDriver.List`