Skip to content
This repository has been archived by the owner on Feb 24, 2020. It is now read-only.

rkt: run dockerd #638

Closed
jonboulle opened this issue Mar 18, 2015 · 6 comments
Closed

rkt: run dockerd #638

jonboulle opened this issue Mar 18, 2015 · 6 comments
Assignees
@alban
Milestone
v0.6.1

Comments

@jonboulle
Copy link
Contributor

As part of #13, it would be nice to be able to run dockerd from within a Rocket pod.

(thinking out loud), while dockerd is running under Rocket, we could mimic the Docker client on the host with something like alias docker="rkt enter $RKT_DOCKER_UUID docker run $@" or similar

Latest status from #13 (comment):

Since #626 is merged, running Dockerd inside Rocket works fine as long as the isolator "os/linux/capabilities-retain-set" contains CAP_NET_ADMIN. The test was reported on this issue. The dind aci was generated by docker2aci.

We don't have a solution to modify automatically the isolator in the aci. Flannel would also benefit from that, see this comment.
@philips philips mentioned this issue Mar 18, 2015
Closed
4 tasks
@iaguis
Copy link
Member

iaguis commented Mar 19, 2015

If you don't have aufs support enabled (debian has it by default) docker will try to use the devicemapper Storage Driver. This will not work because it uses loop devices which are not inside the container.

I could make it work with the overlay Storage Driver.

alban added a commit to endocode/rkt that referenced this issue Mar 19, 2015
@alban
stage1: prepare-app: fix volumes during the root bind-mount
9ea9e36 
The bind mount on / was introduced by
rkt#626 to fix the "Docker inside
Rocket" use case in rkt#638

But this introduced a regression on volume mounted via "rkt run
-volume". This patch fixes the regression.

Regression discovered by Iago when testing Flannel from
rkt#389
@alban alban mentioned this issue Mar 19, 2015
Merged
@jonboulle
Copy link
Contributor Author

I think it is fine if we have to be a little more restrictive about what storage backends can be used running it inside Rocket; in CoreOS itself we can always rely on overlayfs

@alban
Copy link
Member

alban commented Apr 1, 2015

actool patch-manifest has been merged (appc/spec#258)

The script to build the docker aci has been merged (appc/build-repository#1).

The instructions how to use the docker aci can be found on:
https://github.com/appc/build-repository/blob/master/projects/docker.sh
(including how to select overlay rather than devicemapper)

So I think this issue can be closed.

@jonboulle
Copy link
Contributor Author

awesome!
@alban I think the only other thing I would like to see before closing this out is some information on the alban/dind:dockerinrocket image - how about maybe adding that Dockerfile to the build-repository repo?

@jonboulle jonboulle added this to the v0.6.0 milestone Apr 9, 2015
@alban alban mentioned this issue Apr 10, 2015
Merged
@alban
Copy link
Member

alban commented Apr 10, 2015

I added more details on appc/build-repository#6

I'm unsure about adding the Dockerfile from the Docker-in-Docker in build-repository: if Docker-in-Docker gets updated upstream, it would be easier to get them if we keep the same repository structure rather than copying the files in build-repository.

@jonboulle
Copy link
Contributor Author

That's fine, I missed that it was based on that. Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@alban alban

Labels
None yet
Projects
None yet
Milestone
v0.6.1
Development

No branches or pull requests
3 participants
@alban @iaguis @jonboulle