如何在 docker 容器中 install/start docker 引擎服务
how to install/start docker engine service inside a docker container
我正在 运行ning jenkins 脱离官方 docker jenkins 容器。我有以下 dockerfile 按照 https://docs.docker.com/engine/installation/linux/debian/
的说明
FROM jenkins:2.32.1
# install docker inside this container
USER root
# Install Docker inside Jenkins
RUN apt-get update
RUN apt-get purge "docker.io*"
RUN apt-get update
RUN apt-get install -y apt-transport-https ca-certificates gnupg2
RUN apt-key adv \
--keyserver hkp://ha.pool.sks-keyservers.net:80 \
--recv-keys 58118E89F3A912897C070ADBF76221572C52609D
RUN echo "deb https://apt.dockerproject.org/repo debian-jessie main" > /etc/apt/sources.list.d/docker.list
RUN apt-get update
RUN apt-cache policy docker-engine
RUN apt-get update
RUN apt-get install -y docker-engine
RUN gpasswd -a jenkins docker
USER jenkins
然后我执行以下操作:
- 从这个 docker 文件构建图像
- 运行 图片中的一个容器
- 在容器中以root用户
执行bash
- 运行
sudo docker service start 在 bash 容器内
这是我得到的:
root@1e0f4b325d58:/# sudo service docker start
mount: permission denied
rmdir: failed to remove ‘cpu’: Read-only file system
mount: permission denied
rmdir: failed to remove ‘cpuacct’: Read-only file system
mount: permission denied
rmdir: failed to remove ‘net_cls’: Read-only file system
mount: permission denied
rmdir: failed to remove ‘net_prio’: Read-only file system
/etc/init.d/docker: 96: ulimit: error setting limit (Operation not permitted)
如果你想运行docker在docker里面,你需要运行容器作为特权容器。
所以 something like this (1) 是必需的:
docker run --privileged your_image:tag
您还需要小心使用 iptables 和 App Armour,但经过一些修补后它就可以工作了。
另一种方法是允许访问容器内的 docker 守护程序,like so (2):
docker run -v /var/run/docker.sock:/var/run/docker.sock your_image:tag
参考:
1 https://blog.docker.com/2013/09/docker-can-now-run-within-docker/
2 https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/
我正在 运行ning jenkins 脱离官方 docker jenkins 容器。我有以下 dockerfile 按照 https://docs.docker.com/engine/installation/linux/debian/
FROM jenkins:2.32.1
# install docker inside this container
USER root
# Install Docker inside Jenkins
RUN apt-get update
RUN apt-get purge "docker.io*"
RUN apt-get update
RUN apt-get install -y apt-transport-https ca-certificates gnupg2
RUN apt-key adv \
--keyserver hkp://ha.pool.sks-keyservers.net:80 \
--recv-keys 58118E89F3A912897C070ADBF76221572C52609D
RUN echo "deb https://apt.dockerproject.org/repo debian-jessie main" > /etc/apt/sources.list.d/docker.list
RUN apt-get update
RUN apt-cache policy docker-engine
RUN apt-get update
RUN apt-get install -y docker-engine
RUN gpasswd -a jenkins docker
USER jenkins
然后我执行以下操作:
- 从这个 docker 文件构建图像
- 运行 图片中的一个容器
- 在容器中以root用户 执行bash
- 运行
sudo docker service start在 bash 容器内
这是我得到的:
root@1e0f4b325d58:/# sudo service docker start
mount: permission denied
rmdir: failed to remove ‘cpu’: Read-only file system
mount: permission denied
rmdir: failed to remove ‘cpuacct’: Read-only file system
mount: permission denied
rmdir: failed to remove ‘net_cls’: Read-only file system
mount: permission denied
rmdir: failed to remove ‘net_prio’: Read-only file system
/etc/init.d/docker: 96: ulimit: error setting limit (Operation not permitted)
如果你想运行docker在docker里面,你需要运行容器作为特权容器。
所以 something like this (1) 是必需的:
docker run --privileged your_image:tag
您还需要小心使用 iptables 和 App Armour,但经过一些修补后它就可以工作了。
另一种方法是允许访问容器内的 docker 守护程序,like so (2):
docker run -v /var/run/docker.sock:/var/run/docker.sock your_image:tag
参考:
1 https://blog.docker.com/2013/09/docker-can-now-run-within-docker/
2 https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/