Coder Social home page Coder Social logo

Docker in Docker - probably harmful? about kythe HOT 5 CLOSED

kythe avatar kythe commented on September 27, 2024
Docker in Docker - probably harmful?

from kythe.

Comments (5)

danielmoy-google avatar danielmoy-google commented on September 27, 2024

astroilov points out correctly that the other alternative approach here is to excise the internal docker bits from current extractrepo binary.

Right now it's fairly baked in, and pulling it out wouldn't be pretty. In particular given the dynamic generation of the ephemeral dockerfile it produces, we'd need to have separate running steps there: running docker image that just takes config as input and generates an ephemeral dockerfile, and then something to run that resulting dockerfile.

I don't see a super clean approach either way.

from kythe.

danielmoy-google avatar danielmoy-google commented on September 27, 2024

Behind door A, investigating the extent to which dind will work for us:

FROM docker:dind

ADD extractrepo extractrepo

ENTRYPOINT ["/extractrepo"]

I'm having some normal docker mechanical difficulties in dealing with input/output, but my initial guess is that's purely because I don't know how to hold this tool properly, not because of any problems with dind.

from kythe.

danielmoy-google avatar danielmoy-google commented on September 27, 2024

^ Nope actually I'm wrong. My problem is still dind, not because of holding input/output:

$ docker run -i -t -v ~/code/testrepo:/inputrepo -v /tmp/dockertest:/outputrepo test-extract -local /inputrepo --output /outputrepo
2018/06/14 19:35:55 Using configuration file: ""
2018/06/14 19:35:55 Failed to clean up docker image: exit status 1
2018/06/14 19:35:55 Failed to extract repo: building docker image: exit status 1
Command output time="2018-06-14T19:35:55Z" level=error msg="failed to dial gRPC: cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: dial unix /var/run/docker.sock: connect: no such file or directory"
context canceled

dang

from kythe.

danielmoy-google avatar danielmoy-google commented on September 27, 2024

Ok well:

$ docker run -i -t -v ~/code/testrepo:/inputrepo -v /tmp/dockertest:/outputrepo -v /var/run/docker.sock:/var/run/docker.sock test-extract -local /inputrepo --output /outputrepo
2018/06/14 19:40:19 Using configuration file: ""
2018/06/14 19:40:21 Failed to extract repo: extracting repo: exit status 1
Command output: cp: cannot stat 'pom.xml': No such file or directory

That might be much closer (probably just failed to copy the repo in properly because this is literally the first time I've ever tried to pass data into docker.

from kythe.

danielmoy-google avatar danielmoy-google commented on September 27, 2024

Ok update - docker in docker sort of works. There's complications in mapping 1st-layer container volumes to the 2nd-layer innermost container. That can be hacked around with e.g.:

$ - outside
/ # - inside first container
# - inside innermost container
(/tmp/testdocker/Dockerfile is just a dummy docker file to show proof of concept, it would be replaced with the extractrepo generated Dockerfile)
 
$ docker run --entrypoint "sh" -i -t --volume /tmp/repodir -v ~/code/craigtest:/inputrepo -v /tmp/dockertest:/output -v/tmp/testdocker:/buildstuff -v /var/run/docker.sock:/var/run/docker.sock test-extract
 
/ # docker build -t bad-test /buildstuff
 
/ # echo 'fake repo' > /tmp/repodir/notarealrepo
 
/ # export UNSPEAKABLETHINGS=`cat /proc/self/cgroup | grep 'docker/' | tail -1 | awk -F "/" '{print $3}' | cut -c 1-12`
 
/ # docker run -i -t --entrypoint "sh" --volumes-from $UNSPEAKABLETHINGS bad-test
 
# cat /tmp/repodir/notarealrepo
fake repo

This will need a modification to extractrepo binary to configure the temp repo dir from output, since the specific volume has to be mapped at container create time. However we have flexibility here and can just name it whatever we want.

Also I think we're still strongly leaning towards not doing docker-in-docker for medium term. This is just a temporary hack.

from kythe.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.