(nettipäiväkirja 10.08.2016) I decided to document the solution
to a problem I tackled today, since I couldn't find any solution by
googling. The problem manifests itself when you're running a full
systemd within a container (at least with Centos 7) '''and''' you want
to access the host Docker from the systemd-container.
The problem is that upon bootup/initialisation, systemd seems
to mess up /var/run so that docker volume mount -v
/var/run/docker.sock:/var/run/docker.sock gets purged. So here's what
you have to do if you want [how to run a
virtualhost-like full systemd environment within a container and
access the host's dockerd from within that container:
!!! Create a systemd-enabled version of some standard
image
For Centos 7, you get this by this Dockerfile: {{{ FROM
centos:7 # systemd-enabled Centos7 image, as per: #
https://hub.docker.com/_/centos/ section "Systemd integration" ENV
container=docker RUN (cd /lib/systemd/system/sysinit.target.wants/; \
for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i;
done); \ rm -f /lib/systemd/system/multi-user.target.wants/*;\ rm -f
/etc/systemd/system/*.wants/*;\ rm -f
/lib/systemd/system/local-fs.target.wants/*; \ rm -f
/lib/systemd/system/sockets.target.wants/*udev*; \ rm -f
/lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f
/lib/systemd/system/basic.target.wants/*;\ rm -f
/lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup"
] CMD ["/usr/sbin/init"] }}}
If you also want to run sshd in the container so that you can
connect to the container, run {{{ ssh-keygen -N '' -f id_rsa }}}
and append the following lines to your Dockerfile: {{{ #
https://github.com/CentOS/CentOS-Dockerfiles/blob/master/ssh/centos7/Doc
kerfile RUN yum -y install openssh-server && yum clean all RUN mkdir
/var/run/sshd && ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
COPY id_rsa.pub /root/.ssh/authorized_keys RUN chmod -R go= /root/.ssh
}}}
Build your image by running (in the directory where you have
the Dockerfile and id_rsa.pub): {{{ virtual server
style docker build -t local/my-systemd-image . }}}
!!! Run the container in privileged mode and
with docker socket mounted
Start the container in background mode, since its pid 1 is a
real init (which doesn't do anything useful interactively): {{{ docker
run -d -v /var/run/docker.sock:/var/tmp/docker.sock \ -p 22222:22
local/my-systemd-image }}}
The important thing here is to '''not''' mount docker.sock
under /var/run. And to run the container in privileged mode, since
otherwise systemd won't start up properly.
You can access the container with docker: {{{ docker
exec -it mycont bash }}}
... or, if you enabled sshd in the container, by ssh: {{{ ssh
-o StrictHostKeyChecking=no -i id_rsa -p 22222 root@localhost }}}
!!! Use the non-standard docker.sock location
Directly, from command line within the container: {{{ docker -H
unix:///var/tmp/docker.sock ps # shows e.g. the container itself
}}}
Set up the environment so that docker from all shells will
contact the right socket: create /etc/profile.d/docker.sh containing
{{{ export DOCKER_HOST=unix:///var/tmp/docker.sock }}}
* [merkintä: 2016-08] * [atehwa] * [kategoria:
päiväkirjamerkintä] to host docker]