[
https://issues.apache.org/jira/browse/MESOS-5991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15416945#comment-15416945
]
Qian Zhang commented on MESOS-5991:
-----------------------------------
I tried to run Docker daemon and a Docker container in a unified container, it
seems working normally. Here are the detailed steps:
*1. Build a Docker image which has Docker daemon in it and it will run a
busybox container.*
{code}
# cat Dockerfile
FROM ubuntu:14.04
MAINTAINER Qian Zhang <[email protected]>
# Let's start with some basic stuff.
RUN apt-get update -qq && apt-get install -y curl iptables supervisor
# Install Docker from Docker Inc. repositories.
RUN curl -sSL https://get.docker.com/ | sh
ADD ./supervisord.conf /etc/supervisor/conf.d/supervisord.conf
CMD ["/usr/bin/supervisord"]
{code}
{code}
# cat ./supervisord.conf
[supervisord]
nodaemon=true
[program:docker-engine]
command=service docker start
startsecs=0
exitcodes=0
[program:docker-container]
command=docker run busybox sleep 1000
{code}
{code}
# docker save -o dind.tar dind
# mv ./dind.tar /tmp/docker_images/
{code}
*2. Start Mesos master and Mesos agent.*
{code}
# sudo ./bin/mesos-master.sh --work_dir=/opt/mesos
# sudo ./bin/mesos-slave.sh --master=192.168.122.171:5050
--containerizers=mesos --image_providers=appc,docker
--isolation=namespaces/pid,cgroups/cpu,cgroups/mem,filesystem/linux,docker/runtime,network/cni
--network_cni_config_dir=/opt/cni/net_configs
--network_cni_plugins_dir=/opt/cni/plugins --work_dir=/opt/mesos
--docker_registry=/tmp/docker_images
{code}
*3. Use mesos-execute to launch two unified containers from the "dind" image
simultaneously.*
{code}
# sudo src/mesos-execute --master=192.168.122.171:5050 --name=test1
--docker_image=dind --shell=false
# sudo src/mesos-execute --master=192.168.122.171:5050 --name=test2
--docker_image=dind --shell=false
{code}
*4. In each of the unified containers, Docker daemon can be started
successfully and the "busybox" Docker container can be launched successfully.*
{code}
# ps -ef | grep mesos-executor
root 10241 10138 1 17:20 ? 00:00:02
/home/stack/workspace/mesos/build/src/.libs/lt-mesos-executor
--launcher_dir=/home/stack/workspace/mesos/build/src
--sandbox_directory=/mnt/mesos/sandbox --user=root
--task_command={"arguments":["\/usr\/bin\/supervisord"],"shell":false,"value":"\/usr\/bin\/supervisord"}
--rootfs=/opt/mesos/provisioner/containers/8ebb9a95-b404-4ca1-8974-ed9f29d652b8/backends/copy/rootfses/2dd2ccdb-1648-4048-8d16-84286fdb3f8f
root 10294 10138 1 17:20 ? 00:00:02
/home/stack/workspace/mesos/build/src/.libs/lt-mesos-executor
--launcher_dir=/home/stack/workspace/mesos/build/src
--sandbox_directory=/mnt/mesos/sandbox --user=root
--task_command={"arguments":["\/usr\/bin\/supervisord"],"shell":false,"value":"\/usr\/bin\/supervisord"}
--rootfs=/opt/mesos/provisioner/containers/15885f76-c263-40f2-9fc9-d1c1dc267f2c/backends/copy/rootfses/14a4598d-7538-4864-a4a6-837bc2fdc567
stack 10831 9835 0 17:24 pts/7 00:00:00 grep mesos-executor
# sudo nsenter -t 10241 -m -u -i -n -p ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 1 09:20 ? 00:00:02
/home/stack/workspace/mesos/build/src/.libs/lt-mesos-executor
--launcher_dir=/home/stack/workspace/mesos/build/src --sandbo
root 67 1 0 09:20 ? 00:00:00 /usr/bin/python
/usr/bin/supervisord
root 137 1 0 09:20 ? 00:00:00 [start-stop-daem] <defunct>
root 138 1 0 09:20 ? 00:00:01 /usr/bin/dockerd -p
/var/run/docker.pid
root 144 138 0 09:20 ? 00:00:00 docker-containerd -l
unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim
docker-containerd-shim --metrics-in
root 155 67 0 09:20 ? 00:00:00 docker run busybox sleep 1000
root 221 144 0 09:21 ? 00:00:00 docker-containerd-shim
0dedee5b51db5355d61f33f64322a158be6b2221d5e0511f5d72e9adc09a6f36
/var/run/docker/libcontainerd/0dede
root 236 221 0 09:21 ? 00:00:00 sleep 1000
root 259 0 0 09:24 ? 00:00:00 ps -ef
# sudo nsenter -t 10294 -m -u -i -n -p ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 1 09:20 ? 00:00:03
/home/stack/workspace/mesos/build/src/.libs/lt-mesos-executor
--launcher_dir=/home/stack/workspace/mesos/build/src --sandbo
root 67 1 0 09:20 ? 00:00:00 /usr/bin/python
/usr/bin/supervisord
root 137 1 0 09:20 ? 00:00:00 [start-stop-daem] <defunct>
root 138 1 0 09:20 ? 00:00:01 /usr/bin/dockerd -p
/var/run/docker.pid
root 144 138 0 09:20 ? 00:00:00 docker-containerd -l
unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim
docker-containerd-shim --metrics-in
root 154 67 0 09:20 ? 00:00:00 docker run busybox sleep 1000
root 222 144 0 09:21 ? 00:00:00 docker-containerd-shim
040adde6bd4d90275ad1e02784b2b0711743a851013e632d13d773fb43683a2b
/var/run/docker/libcontainerd/040ad
root 237 222 0 09:21 ? 00:00:00 sleep 1000
root 258 0 0 09:26 ? 00:00:00 ps -ef
{code}
So it seems we can support running Docker daemon inside a unified container.
> Support running docker daemon inside a container using unified containerizer.
> -----------------------------------------------------------------------------
>
> Key: MESOS-5991
> URL: https://issues.apache.org/jira/browse/MESOS-5991
> Project: Mesos
> Issue Type: Epic
> Reporter: Jie Yu
>
> The goal is to develop necessary pieces in unified containerizer so that
> framework can launch a full fledge docker daemon in a container.
> This will be useful for frameworks like jenkins. The jenkins job can still
> use docker cli to do build (e.g., `docker build`, `docker push`), but we
> don't have to install docker daemon on the host anymore.
> Looks like LXD already support that and is pretty stable for some users. We
> should do some investigation to see what features that's missing in unified
> containerizer to be able to match what lxd has. Will track all the
> dependencies in this ticket.
> https://www.stgraber.org/2016/04/13/lxd-2-0-docker-in-lxd-712/
> Cgroups and user namespaces support are definitely missing pieces.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
