Merge commit 'ce7b24a56bd17d269c51b49bb21c8fe8db390307' as 'dind'
This commit is contained in:
commit
c0937a2e8e
1
dind/.gitignore
vendored
Normal file
1
dind/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
*~
|
22
dind/Dockerfile
Normal file
22
dind/Dockerfile
Normal file
|
@ -0,0 +1,22 @@
|
|||
FROM ubuntu:14.04
|
||||
MAINTAINER jerome.petazzoni@docker.com
|
||||
|
||||
# Let's start with some basic stuff.
|
||||
RUN apt-get update -qq && apt-get install -qqy \
|
||||
apt-transport-https \
|
||||
ca-certificates \
|
||||
curl \
|
||||
lxc \
|
||||
iptables
|
||||
|
||||
# Install Docker from Docker Inc. repositories.
|
||||
RUN curl -sSL https://get.docker.com/ubuntu/ | sh
|
||||
|
||||
# Install the magic wrapper.
|
||||
ADD ./wrapdocker /usr/local/bin/wrapdocker
|
||||
RUN chmod +x /usr/local/bin/wrapdocker
|
||||
|
||||
# Define additional metadata for our image.
|
||||
VOLUME /var/lib/docker
|
||||
CMD ["wrapdocker"]
|
||||
|
202
dind/LICENSE
Normal file
202
dind/LICENSE
Normal file
|
@ -0,0 +1,202 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
136
dind/README.md
Normal file
136
dind/README.md
Normal file
|
@ -0,0 +1,136 @@
|
|||
# Docker-in-Docker
|
||||
|
||||
This recipe lets you run Docker within Docker.
|
||||
|
||||
![Inception's Spinning Top](spintop.jpg)
|
||||
|
||||
There is only one requirement: your Docker version should support the
|
||||
`--privileged` flag.
|
||||
|
||||
|
||||
## Quickstart
|
||||
|
||||
Build the image:
|
||||
```bash
|
||||
docker build -t dind .
|
||||
```
|
||||
|
||||
Run Docker-in-Docker and get a shell where you can play, and docker daemon logs
|
||||
to stdout:
|
||||
```bash
|
||||
docker run --privileged -t -i dind
|
||||
```
|
||||
|
||||
Run Docker-in-Docker and get a shell where you can play, but docker daemon logs
|
||||
into `/var/log/docker.log`:
|
||||
```bash
|
||||
docker run --privileged -t -i -e LOG=file dind
|
||||
```
|
||||
|
||||
Run Docker-in-Docker and expose the inside Docker to the outside world:
|
||||
```bash
|
||||
docker run --privileged -d -p 4444 -e PORT=4444 dind
|
||||
```
|
||||
|
||||
Note: when started with the `PORT` environment variable, the image will just
|
||||
the Docker daemon and expose it over said port. When started *without* the
|
||||
`PORT` environment variable, the image will run the Docker daemon in the
|
||||
background and execute a shell for you to play.
|
||||
|
||||
### Daemon configuration
|
||||
|
||||
You can use the `DOCKER_DAEMON_ARGS` environment variable to configure the
|
||||
docker daemon with any extra options:
|
||||
```bash
|
||||
docker run --privileged -d -e DOCKER_DAEMON_ARGS="-D" dind
|
||||
```
|
||||
|
||||
## It didn't work!
|
||||
|
||||
If you get a weird permission message, check the output of `dmesg`: it could
|
||||
be caused by AppArmor. In that case, try again, adding an extra flag to
|
||||
kick AppArmor out of the equation:
|
||||
|
||||
```bash
|
||||
docker run --privileged --lxc-conf="lxc.aa_profile=unconfined" -t -i dind
|
||||
```
|
||||
|
||||
If you get the warning:
|
||||
|
||||
````
|
||||
WARNING: the 'devices' cgroup should be in its own hierarchy.
|
||||
````
|
||||
|
||||
When starting up dind, you can get around this by shutting down docker and running:
|
||||
|
||||
````
|
||||
# /etc/init.d/lxc stop
|
||||
# umount /sys/fs/cgroup/
|
||||
# mount -t cgroup devices 1 /sys/fs/cgroup
|
||||
````
|
||||
|
||||
If the unmount fails, you can find out the proper mount-point with:
|
||||
|
||||
````
|
||||
$ cat /proc/mounts | grep cgroup
|
||||
````
|
||||
|
||||
## How It Works
|
||||
|
||||
The main trick is to have the `--privileged` flag. Then, there are a few things
|
||||
to care about:
|
||||
|
||||
- cgroups pseudo-filesystems have to be mounted, and they have to be mounted
|
||||
with the same hierarchies than the parent environment; this is done by a
|
||||
wrapper script, which is setup to run by default;
|
||||
- `/var/lib/docker` cannot be on AUFS, so we make it a volume.
|
||||
|
||||
That's it.
|
||||
|
||||
|
||||
## Important Warning About Disk Usage
|
||||
|
||||
Since AUFS cannot use an AUFS mount as a branch, it means that we have to
|
||||
use a volume. Therefore, all inner Docker data (images, containers, etc.)
|
||||
will be in the volume. Remember: volumes are not cleaned up when you
|
||||
`docker rm`, so if you wonder where did your disk space go after nesting
|
||||
10 Dockers within each other, look no further :-)
|
||||
|
||||
|
||||
## Which Version Of Docker Does It Run?
|
||||
|
||||
Outside: it will use your installed version.
|
||||
|
||||
Inside: the Dockerfile will retrieve the latest `docker` binary from
|
||||
https://get.docker.io/; so if you want to include *your* own `docker`
|
||||
build, you will have to edit it. If you want to always use your local
|
||||
version, you could change the `ADD` line to be e.g.:
|
||||
|
||||
ADD /usr/bin/docker /usr/local/bin/docker
|
||||
|
||||
|
||||
## Can I Run Docker-in-Docker-in-Docker?
|
||||
|
||||
Yes. Note, however, that there seems to be a weird FD leakage issue.
|
||||
To work around it, the `wrapdocker` script carefully closes all the
|
||||
file descriptors inherited from the parent Docker and `lxc-start`
|
||||
(except stdio). I'm mentioning this in case you were relying on
|
||||
those inherited file descriptors, or if you're trying to repeat
|
||||
the experiment at home.
|
||||
|
||||
[kojiromike/inception](https://github.com/kojiromike/inception) is
|
||||
a wrapper script that uses dind to nest Docker to arbitrary depth.
|
||||
|
||||
Also, when you will be exiting a nested Docker, this will happen:
|
||||
|
||||
```bash
|
||||
root@975423921ac5:/# exit
|
||||
root@6b2ae8bf2f10:/# exit
|
||||
root@419a67dfdf27:/# exit
|
||||
root@bc9f450caf22:/# exit
|
||||
jpetazzo@tarrasque:~/Work/DOTCLOUD/dind$
|
||||
```
|
||||
|
||||
At that point, you should blast Hans Zimmer's [Dream Is Collapsing](
|
||||
http://www.youtube.com/watch?v=imamcajBEJs) on your loudspeakers while twirling
|
||||
a spinning top.
|
17
dind/alpine/Dockerfile
Normal file
17
dind/alpine/Dockerfile
Normal file
|
@ -0,0 +1,17 @@
|
|||
FROM gliderlabs/alpine
|
||||
MAINTAINER platform-eng@c2fo.com
|
||||
|
||||
# Let's start with some basic stuff.
|
||||
RUN apk-install iptables ca-certificates lxc e2fsprogs
|
||||
|
||||
# Install Docker from Alpine repos
|
||||
RUN apk-install docker
|
||||
|
||||
# Install the magic wrapper.
|
||||
ADD ./wrapdocker /usr/local/bin/wrapdocker
|
||||
RUN chmod +x /usr/local/bin/wrapdocker
|
||||
|
||||
# Define additional metadata for our image.
|
||||
VOLUME /var/lib/docker
|
||||
CMD ["wrapdocker"]
|
||||
|
5
dind/alpine/build.sh
Executable file
5
dind/alpine/build.sh
Executable file
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
cp ../wrapdocker .
|
||||
docker build -t dind_alpine .
|
||||
rm wrapdocker
|
14
dind/archlinux/Dockerfile
Normal file
14
dind/archlinux/Dockerfile
Normal file
|
@ -0,0 +1,14 @@
|
|||
FROM logankoester/archlinux
|
||||
MAINTAINER logan@logankoester.com
|
||||
|
||||
# Install Docker from Arch repos
|
||||
RUN pacman -S --noprogressbar --noconfirm --needed ca-certificates lxc e2fsprogs docker
|
||||
|
||||
# Install the magic wrapper.
|
||||
ADD ./wrapdocker /usr/local/bin/wrapdocker
|
||||
RUN chmod +x /usr/local/bin/wrapdocker
|
||||
|
||||
# Define additional metadata for our image.
|
||||
VOLUME /var/lib/docker
|
||||
CMD ["wrapdocker"]
|
||||
|
5
dind/archlinux/build.sh
Executable file
5
dind/archlinux/build.sh
Executable file
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
cp ../wrapdocker .
|
||||
docker build -t dind_archlinux .
|
||||
rm wrapdocker
|
19
dind/fedora/Dockerfile
Normal file
19
dind/fedora/Dockerfile
Normal file
|
@ -0,0 +1,19 @@
|
|||
FROM fedora:20
|
||||
MAINTAINER amitsaha.in@gmail.com
|
||||
|
||||
# Let's start with some basic stuff.
|
||||
RUN yum -y clean all
|
||||
RUN yum -y update
|
||||
RUN yum install -y iptables ca-certificates lxc e2fsprogs
|
||||
|
||||
# Install Docker from Fedora repos
|
||||
RUN yum -y install docker-io
|
||||
|
||||
# Install the magic wrapper.
|
||||
ADD ./wrapdocker /usr/local/bin/wrapdocker
|
||||
RUN chmod +x /usr/local/bin/wrapdocker
|
||||
|
||||
# Define additional metadata for our image.
|
||||
VOLUME /var/lib/docker
|
||||
CMD ["wrapdocker"]
|
||||
|
5
dind/fedora/build.sh
Executable file
5
dind/fedora/build.sh
Executable file
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
cp ../wrapdocker .
|
||||
docker build -t dind_fedora .
|
||||
rm wrapdocker
|
16
dind/opensuse/Dockerfile
Normal file
16
dind/opensuse/Dockerfile
Normal file
|
@ -0,0 +1,16 @@
|
|||
FROM opensuse:latest
|
||||
MAINTAINER git@yeoldegrove.de
|
||||
|
||||
# Let's start with some basic stuff.
|
||||
RUN zypper --gpg-auto-import-keys --non-interactive refresh && \
|
||||
zypper --gpg-auto-import-keys --non-interactive update && \
|
||||
zypper --gpg-auto-import-keys --non-interactive install --auto-agree-with-licenses e2fsprogs apparmor-parser docker
|
||||
|
||||
# Install the magic wrapper.
|
||||
ADD ./wrapdocker /usr/local/bin/wrapdocker
|
||||
RUN chmod +x /usr/local/bin/wrapdocker
|
||||
|
||||
# Define additional metadata for our image.
|
||||
VOLUME /var/lib/docker
|
||||
CMD ["wrapdocker"]
|
||||
|
5
dind/opensuse/build.sh
Executable file
5
dind/opensuse/build.sh
Executable file
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
cp ../wrapdocker .
|
||||
docker build -t dind_opensuse .
|
||||
rm wrapdocker
|
BIN
dind/spintop.jpg
Normal file
BIN
dind/spintop.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 36 KiB |
113
dind/wrapdocker
Executable file
113
dind/wrapdocker
Executable file
|
@ -0,0 +1,113 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Ensure that all nodes in /dev/mapper correspond to mapped devices currently loaded by the device-mapper kernel driver
|
||||
dmsetup mknodes
|
||||
|
||||
# First, make sure that cgroups are mounted correctly.
|
||||
CGROUP=/sys/fs/cgroup
|
||||
: {LOG:=stdio}
|
||||
|
||||
[ -d $CGROUP ] ||
|
||||
mkdir $CGROUP
|
||||
|
||||
mountpoint -q $CGROUP ||
|
||||
mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || {
|
||||
echo "Could not make a tmpfs mount. Did you use --privileged?"
|
||||
exit 1
|
||||
}
|
||||
|
||||
if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security
|
||||
then
|
||||
mount -t securityfs none /sys/kernel/security || {
|
||||
echo "Could not mount /sys/kernel/security."
|
||||
echo "AppArmor detection and --privileged mode might break."
|
||||
}
|
||||
fi
|
||||
|
||||
# Mount the cgroup hierarchies exactly as they are in the parent system.
|
||||
for SUBSYS in $(cut -d: -f2 /proc/1/cgroup)
|
||||
do
|
||||
[ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS
|
||||
mountpoint -q $CGROUP/$SUBSYS ||
|
||||
mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS
|
||||
|
||||
# The two following sections address a bug which manifests itself
|
||||
# by a cryptic "lxc-start: no ns_cgroup option specified" when
|
||||
# trying to start containers withina container.
|
||||
# The bug seems to appear when the cgroup hierarchies are not
|
||||
# mounted on the exact same directories in the host, and in the
|
||||
# container.
|
||||
|
||||
# Named, control-less cgroups are mounted with "-o name=foo"
|
||||
# (and appear as such under /proc/<pid>/cgroup) but are usually
|
||||
# mounted on a directory named "foo" (without the "name=" prefix).
|
||||
# Systemd and OpenRC (and possibly others) both create such a
|
||||
# cgroup. To avoid the aforementioned bug, we symlink "foo" to
|
||||
# "name=foo". This shouldn't have any adverse effect.
|
||||
echo $SUBSYS | grep -q ^name= && {
|
||||
NAME=$(echo $SUBSYS | sed s/^name=//)
|
||||
ln -s $SUBSYS $CGROUP/$NAME
|
||||
}
|
||||
|
||||
# Likewise, on at least one system, it has been reported that
|
||||
# systemd would mount the CPU and CPU accounting controllers
|
||||
# (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu"
|
||||
# but on a directory called "cpu,cpuacct" (note the inversion
|
||||
# in the order of the groups). This tries to work around it.
|
||||
[ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct
|
||||
done
|
||||
|
||||
# Note: as I write those lines, the LXC userland tools cannot setup
|
||||
# a "sub-container" properly if the "devices" cgroup is not in its
|
||||
# own hierarchy. Let's detect this and issue a warning.
|
||||
grep -q :devices: /proc/1/cgroup ||
|
||||
echo "WARNING: the 'devices' cgroup should be in its own hierarchy."
|
||||
grep -qw devices /proc/1/cgroup ||
|
||||
echo "WARNING: it looks like the 'devices' cgroup is not mounted."
|
||||
|
||||
# Now, close extraneous file descriptors.
|
||||
pushd /proc/self/fd >/dev/null
|
||||
for FD in *
|
||||
do
|
||||
case "$FD" in
|
||||
# Keep stdin/stdout/stderr
|
||||
[012])
|
||||
;;
|
||||
# Nuke everything else
|
||||
*)
|
||||
eval exec "$FD>&-"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
popd >/dev/null
|
||||
|
||||
|
||||
# If a pidfile is still around (for example after a container restart),
|
||||
# delete it so that docker can start.
|
||||
rm -rf /var/run/docker.pid
|
||||
|
||||
# If we were given a PORT environment variable, start as a simple daemon;
|
||||
# otherwise, spawn a shell as well
|
||||
if [ "$PORT" ]
|
||||
then
|
||||
exec docker -d -H 0.0.0.0:$PORT -H unix:///var/run/docker.sock \
|
||||
$DOCKER_DAEMON_ARGS
|
||||
else
|
||||
if [ "$LOG" == "file" ]
|
||||
then
|
||||
docker -d $DOCKER_DAEMON_ARGS &>/var/log/docker.log &
|
||||
else
|
||||
docker -d $DOCKER_DAEMON_ARGS &
|
||||
fi
|
||||
(( timeout = 60 + SECONDS ))
|
||||
until docker info >/dev/null 2>&1
|
||||
do
|
||||
if (( SECONDS >= timeout )); then
|
||||
echo 'Timed out trying to connect to internal docker host.' >&2
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
[[ $1 ]] && exec "$@"
|
||||
exec bash --login
|
||||
fi
|
Loading…
Reference in a new issue