I want to write Docker containers management script in Python. However, since I use CoreOS, Python is not included as standard command. So, I am thinking of using Python Docker container (https://registry.hub.docker.com/_/python/) to execute my script. However, in that case the script will be executed in container's VM which doesn't have access to the host's Docker CLI.

Is there a way to use Python (or other programming languages not packaged in CoreOS), to manage host environment without installing it on the host machine?

PS, the script will do something like:

docker run/rm/stop <another container>;

If you make the Docker daemon reachable via HTTPS then you can communicate with the daemon from remote machines, or from within Docker containers. The instructions for enabling HTTPS in the daemon are here https://docs.docker.com/articles/https/

In short it involves creating client and server certificates (for security) and running the Docker daemon with a command such as

docker -d --tlsverify --tlscacert=ca.pem \
--tlscert=server-cert.pem --tlskey=server-key.pem \
-H=0.0.0.0:2376

When running in this mode, you can use an appropriate client library for the programming language of your choice https://docs.docker.com/engine/reference/api/remote_api_client_libraries/

There is one for python docker-py I haven't tried it but can say from experience this approach works using docker-java client library, having a Java program inside a container stopping and starting other containers.

You can either mount the docker binary and socket into the container:

$ docker run -v $(which docker):/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock debian docker --version
Docker version 1.7.0, build 0baf609

Or set up docker to allow remote access (I can't find a good reference for this at the minute).

You should also look at using the Docker API rather than making command line calls. There is a python library available to help you.

A different way would be to use CoreOS toolbox to access python and exec docker. For example, my CoreOS machine running a simple python command from CoreOS to see docker process status":

core@zz1 ~ $ toolbox python -c 'import os;os.system("/media/root/usr/bin/docker -H unix:///media/root/var/run/docker.sock ps")'
CONTAINER ID        IMAGE                                            COMMAND                CREATED             STATUS              PORTS               NAMES
2f5480ebc129        gcr.io/google_containers/etcd:2.0.12             "/usr/local/bin/etcd   47 minutes ago      Up 46 minutes                           k8s_etcd.3a160ccf_kube-dns-45.55.230.109_kube-system_790a48cfb2e2a5ae0abfcb6e3221275f_9d4fc659                   
ddbbc5e5033c        gcr.io/google_containers/skydns:2015-03-11-001   "/skydns -addr=0.0.0   47 minutes ago      Up 47 minutes                           k8s_skydns.db942972_kube-dns-45.55.230.109_kube-system_790a48cfb2e2a5ae0abfcb6e3221275f_59835376                 
...

-g