3

I have a Jenkins container running inside Docker and I want to use this Jenkins container to spin up other Docker containers when running integration tests etc.

So my plan was to install Docker in the container but this doesn't seem to work so well for me. My Dockerfile looks something like this:

FROM jenkins
MAINTAINER xxxx

# Switch user to root so that we can install apps
USER root

RUN apt-get update 

# Install latest version of Docker
RUN apt-get install -y apt-transport-https
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
RUN sh -c "echo deb https://get.docker.com/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
RUN apt-get update
RUN apt-get install -y lxc-docker

# Switch user back to Jenkins
USER jenkins

The jenkins image is based on Debian Jessie. When I start bash terminal inside container based on the generated image and do for example:

docker images

I get the following error message:

FATA[0000] Get http:///var/run/docker.sock/v1.16/images/json: dial unix /var/run/docker.sock: no such file or directory. Are you trying to connect to a TLS-enabled daemon without TLS?

I suspect that this could be because the docker service is not started. But my next problem arise when I try to start the service:

service docker start

This gives me the following error:

mount: permission denied

I've tracked the error in /etc/init.d/docker to this line:

mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup

So my questions are:

  1. How do I actually start a Docker host inside a container? Or is this something that should be avoided?
  2. Is there something special I need to do if I'm running Mac and boot2docker?
  3. Perhaps I should instead link to the Docker on the host machine as described here?

Update: I've tried the container as user root and jenkins. sudo is not installed.

Community
  • 1
  • 1
Johan
  • 37,479
  • 32
  • 149
  • 237

2 Answers2

5

A simpler alternative is to mount the docker socket and create sibling containers. To do this, install docker on your image and run something like:

docker run -it -v /var/run/docker.sock:/var/run/docker.sock myimage

In the container you should now be able to run docker commands as if you were on the host. The advantage of this method is that you don't need --privileged and get to use the cache from the host. The disadvantage is that you can see all running containers, not just the ones the created from the container.

Adrian Mouat
  • 44,585
  • 16
  • 110
  • 102
  • this works fine on ubuntu, but for debian:jessie you will need libsqlite3-0 package - else `ldd $(which docker)` shows `libsqlite3.so.0 => not found` – Vincent De Smet Jul 16 '15 at 06:25
  • How would this work on OSX where you dont have a /var/run/docker.sock to fwd? – dgorissen Jan 20 '17 at 14:52
  • @dgorissen Docker for Mac starts a small linux VM to run Docker. This VM does indeed have /var/run/docker.sock. – Adrian Mouat Jan 22 '17 at 12:23
  • @AdrianMouat thanks, I actually found the socket in /private/var/run/docker.sock, assume that is the right one – dgorissen Jan 23 '17 at 14:38
  • 1
    @AdrianMouat After some head scratching turns out you are right and the correct path is /var/run/docker.sock and that is shared from within the VM. I was thrown of by the fact that it does not exist on the host but /private/var/run/docker.sock does. However, the latter does not work. For others that face the same confusion, this page from the docker docs finally helped me (namespace section): https://docs.docker.com/docker-for-mac/osxfs/ – dgorissen Feb 02 '17 at 11:08
4

1.- The first container you start (the one you launch other one inside) must be run with the --privileged=true flag.

2.- I think there is not.

3.- Using the privileged flag you don't need to mount the docker socket as a volume.

Check this project to see an example of all this.

Javier Cortejoso
  • 8,851
  • 3
  • 26
  • 27
  • This works if I run my Jenkins container as root and don't include the 'CMD ["wrapdocker"]' at the end of my Dockerfile. I need to run "wrapdocker" manually after I've started the container. The reason for this is probably that the Jenkins image is setting an EntryPoint which doesn't seem to work (the container won't start) if I add CMD ["wrapdocker"]. So even though you've answered my question it still doesn't work the way I want it to but I suppose it's best to create another question for this issue. – Johan Jan 27 '15 at 18:39