sven-lange-last commented on issue #4430: Update docker client version to 18.06.3 URL: https://github.com/apache/incubator-openwhisk/pull/4430#issuecomment-490030169 @style95 thanks a lot for providing this PR - very thorough work. Particularly, the performance tests are helpful for deciding whether the update to a newer Docker version is a feasible. Some thoughts around the transient data directory `docker-runc` is using for containers: * When Docker 18.06 uses `docker-runc`, directory `/run/docker/runtime-runc/moby` is used as base directory. * `docker-runc` itself has different default directories that are used when not specifying the `--root` option. These are `/run/runc` for root (uid 0) and `/run/user/<uid>/runc` for non-root users. * Apparently, all uses of `docker-runc` need to make sure that they use the same data directory as Docker - otherwise `docker-runc` won't be able to work on the containers created by Docker before. * In `ansible/roles/invoker/tasks/clean.yml`, you explicitly use the `--root` option to make sure the proper directory is used. * You have no changes in the Scala `RuncClient` used by the invoker. https://github.com/apache/incubator-openwhisk/blob/be1e3a19c02956c9be85023a0bb0ff399c21444d/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/RuncClient.scala#L56-L64 * The Scala `RuncClient` works because you always mount the (configurable) transient data directory location to `/run/runc` in file `ansible/roles/invoker/tasks/deploy.yml` and `docker-runc` is run by root user. * What happens if the invoker process is run by a non-root user? Won't `docker-runc` invoked by Scala `RuncClient` then fall back to the default transient data directory, i.e. `/run/user/<uid>/runc`? * I do not know the details of lean setup - but what happens in other setup variants? Do we always make sure that the proper transient data directory location is available at `/run/runc` when running Scala `RuncClient`? Which user runs the process? * Can we make things more robust by also using the `--root /run/runc` option in Scala `RuncClient`?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
