Can docker run inside a Linux Container?

StackOverflow https://stackoverflow.com/questions/22085657

  •  18-10-2022
  •  | 
  •  

Koding is a collaborative programming environment, which creates a virtual machine for multiple user to colaborate on software development. They use Linux Containers to virtualize the machines. I'm not being able to install docker on it:

tiagoboldt@vm-2:~$ sudo docker build -t mongo .       
[sudo] password for tiagoboldt:          
Uploading context 645.1 kB
Uploading context 
Step 0 : FROM ubuntu:latest                                                                                                                                                                                      
Pulling repository ubuntu                                                                                                                                                                                        
9cd978db300e: Error pulling image (latest) from ubuntu, endpoint: https://cdn-registry-1.docker.io/v1/, Driver aufs failed to get image rootfs 6170bb7b0ad1003a827e4dc5253ba49f6719599eac485db51eaafd507c13c311: 
9cd978db300e: Error pulling image (latest) from ubuntu, Driver aufs failed to get image rootfs 6170bb7b0ad1003a827e4dc5253ba49f6719599eac485db51eaafd507c13c311: permission denied                               
6170bb7b0ad1: Error downloading dependent layers                                                                                                                                                                 

2014/02/28 03:32:55 build: pull: Could not find repository on any of the indexed registries.

Can anyone suggest a workaround for installing docker?

有帮助吗?

解决方案 2

Yes, it is possible. However, you can't have an aufs partition nested within aufs. You need to mount an other system or use a different storage backend.

You can take a look at the docker's makefile and hack/dind. You need the privileged mode in order to do so.

The easiest way to try is to do make shell and once in the container, you can start a new docker daemon :)

EDIT: I tried Koding and it indeed not possible. You are not privileged within their container so you can't start a new docker.

其他提示

Yes, docker can run in a linux container.

But docker will only run with the lxc execution driver and in a unconfined lxc.

So, here's how to get docker in LXC:

  1. Ensure you have lxc.aa_profile = lxc-container-default-with-nesting (if it doesn't work or you don't have this profile, try lxc.aa_profile = unconfined) in the config file of your LXC to ensure it will not be blocked by apparmor. For more information, visit (or modify) files in /etc/apparmor.d/lxc.

  2. You need to install lxc in your container. If you are under ubuntu for instance, run in the container apt-get install lxc.

  3. Ensure that docker daemon is called with the --exec-driver=lxc parameter. You can test it before by issuing manualy docker -d --exec-driver=lxc. In ubuntu, to have the argument being used at startup, simply edit /etc/default/docker and ensure that you have the line:

DOCKER_OPTS="--exec-driver=lxc"

Follow this thread for updates: https://github.com/docker/docker/issues/6783

If you need to troubleshoot:

  • keep an eye on apparmor logs in the kern logs of the host.
  • launch docker -d ... manualy to get outputs.

Note: You might not have hand on the host to modify the LXC apparmor script on Koding by judging others answers, anyway, this howto remains of interest if you are the LXC provider, and it answers the more general question you've asked in your question's title and that might attract people in more general scenarios (as I was).

And here is a full guide for anyone else in the same boat.

Start a terminal and start typing..

docker run -i -t --privileged -v /var/lib/docker ubuntu bash
apt-get update && apt-get install -y docker.io
service docker.io start
ln -s /usr/bin/docker.io /usr/local/bin/docker
docker run -i -t ubuntu bash

Now you should be inside a container inside an other container.

Remarks:

  1. The flag --privileged is needed on the outer container to accomplish that.
  2. You MUST use -v /var/lib/docker to avoid the limitation mentioned by creack.
  3. ln -s /usr/bin/docker.io /usr/local/bin/docker is just creating a symbolic link so that we can type docker instead of docker.io

Yes. See this blog post: http://blog.docker.io/tag/inception/

You have to start your container in privileged mode.

docker run -privileged -t -i jpetazzo/dind

You can do this inside of Terminal.com.

Just start a terminal and then run this: https://blog.terminal.com/docker-without-containers-pulldocker/.

Note: I work for Terminal.com. We use a non-LXC, non-libcontainer implementation of container technology (which doesn't have the limitations of AUFS, for example). We're trying to make containers that perform like full Linux machines, and I think we're there. Try it out.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top