Run docker on drone.io?

[lazywei]

Hi,

I'm wondering if I can run a docker on drone.io?
I have some Dockerfiles and a shell script. The script will use those Dockerfiles to somehow build a docker images. Therefore, I'll need a docker client & docker daemon.

I try to install & run docker via the following commands on drone.io:

sudo apt-get update
sudo apt-get install -y linux-image-extra-`uname -r`
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
sudo sh -c "echo deb http://get.docker.io/ubuntu docker main\
> /etc/apt/sources.list.d/docker.list"
sudo apt-get update
sudo apt-get install -y lxc-docker
sudo service docker status
sudo cat /var/log/upstart/docker.log
sleep 60
sudo service docker status
sudo docker -H unix:///var/run/docker.sock version

However, the docker status gives:

sudo service docker status
docker stop/waiting

and the log /var/log/upstart/docker.log:

$ sudo cat /var/log/upstart/docker.log
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
mount: block device cgroup is write-protected, mounting read-only
mount: cannot mount block device cgroup read-only
2014/05/22 07:01:41 WARNING: You are running linux kernel version 3.2.0-23-virtual, which might be unstable running docker. Please upgrade your kernel to 3.8.0.
2014/05/22 07:01:41 docker daemon: 0.11.1 fb99f99; execdriver: native; graphdriver: 
[7210a4bc] +job serveapi(unix:///var/run/docker.sock)
[7210a4bc] +job initserver()
[7210a4bc.initserver()] Creating server
2014/05/22 07:01:41 Listening for HTTP on unix (/var/run/docker.sock)
permission denied
[7210a4bc] -job initserver() = ERR (1)
2014/05/22 07:01:41 permission denied

and the docker info gives

$ sudo docker -H unix:///var/run/docker.sock version
Client version: 0.11.1
Client API version: 1.11
Go version (client): go1.2.1
Git commit (client): fb99f99
2014/05/22 07:02:41 Cannot connect to the Docker daemon. Is 'docker -d' running on this host?

Did I miss something?

[bradrydzewski]

this is more of a question regarding Docker in Docker. Your build is already running inside a Docker container. The default cgroup permissions prevent you from running Docker inside Docker because certain syscalls (such as mounting filesystems) are restricted, which is why you are seeing those error messages.

one workaround might be to run your build in privileged mode. There is a checkbox on your repository settings screen where you can enable this. Your builds will then run inside a Docker container with the -p flag (privileged mode) which should prevent the security restrictions and error messages you pasted above.

I'd also recommend subscribing to issue #1 and issue #114 which are both enhancement requests to build and push Docker images using Drone. These existing issue encompass the overall problem you've described, so I'm going to close this as a duplicate.

Thanks for trying out Drone, and we'll be sure to improve our Docker support in the coming releases! Please keep the feedback coming.

[d11wtq]

I can't find anything to do with privileged mode in your UI. It's hard to understand if this is only available to enterprise users or not (I have an open source project that is a tool for docker itself, so needs to have docker around for integration tests). Is this available on open source projects? If not, at what price mark does it become an option?

[bradrydzewski]

@d11wtq this thread is for the open source Drone CI server which is a new, alpha product. It is a complete re-write of the older, proprietary codebase powering drone.io, so for all intents and purposes they are completely different products. The open source Drone CI server has a checkbox for privileged mode on the repository settings screen.

The hosted version (at drone.io) does not have privileged mode and will therefore not allow running Docker inside the container.

[bradrydzewski]

I should also note that this open source codebase will eventually power drone.io once it is more stable. In the mean time you would need to run your own instance of the open source version for Docker in Docker.

[alban]

Do you know when the hosted version (at drone.io) will use the open source Drone CI with the checkbox for privileged mode?