On 04/19/2016 07:21 AM, Jan Pazdziora wrote:
On Wed, Feb 17, 2016 at 10:44:52AM -0500, Daniel J Walsh wrote:
Right but your install script could communicate with docker to create a
container.
IE You separate out the act of running the install script from the
actual creation of the
container.
You install.sh could execute
docker create -h ipa.execample.com FOOBAR
This would have to be
chroot $HOST docker create -h ipa.execample.com FOOBAR
right?
Is invocation of the docker (client) from inside of the INSTALL
container recommended practice that we plan to support long-term?
The container running the install.sh would need to be --privileged,
to populate content on $HOST and call the docker command, and the
second container could then be unprivileged, calling something like
install-unprivileged.sh in the image.
I like the approach, I'm only worried if we are ready to support it
long term.
Either that or you embed docker inside of the container, and volume
mount /run into the container.
But I like your example better. atomic install should almost always be
a privileged container.
