Re: Fwd: Running mesos-slave in Docker container (Atomic Discussion)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

docker run --privileged

Turns off all of the docker security.

Has anyone tried to run a container for something like mesos that execs docker commands, to maybe look like

docker run --privileged -v /:/host -v /run:/run -ti -net=host mesos /bin/sh

This would cause all of / to be mounted in /host and then you could execute

/host/usr/bin/docker for example.  Not sure why you would want /var/lib/docker mounted into the mesos container.



On 09/23/2014 09:18 AM, Tim St Clair wrote:
Scott - 

When you mentioned running in "privileged mode" mode, what does that mean?  Could you provide more details.

Cheers,
Tim

From: "Tim Chen" <tim@xxxxxxxxxxxxx>
To: user@xxxxxxxxxxxxxxxx, "Gabriel Monroy" <gabriel@xxxxxxxxxxxx>
Sent: Tuesday, September 23, 2014 2:41:17 AM
Subject: Re: Running mesos-slave in Docker container

Hi Grzegorz,

To run Mesos master|slave in a docker container is not straight forward because we utilize kernel features therefore you need to explicitly test out the features you like to use with Mesos with slave/master in Docker.

Gabriel during the Mesosphere hackathon has got master and slave running in docker containers, and he can probably share his Dockerfile and run command.

I believe one work around to get cgroups working with Docker run is to mount /sys into the container (mount -v /sys:/sys).

Gabriel do you still have the command you used to run slave/master with Docker?

Tim



On Tue, Sep 23, 2014 at 12:24 AM, Grzegorz Graczyk <gregory90@xxxxxxxxx> wrote:
I'm trying to run mesos-slave inside Docker container, but it can't start due to problem with mounting cgroups.

I'm using:
Kernel Version: 3.13.0-32-generic
Operating System: Ubuntu 14.04.1 LTS
Docker: 1.2.0(commit fa7b24f)
Mesos: 0.20.0

Following error appears:
I0923 07:11:20.921475    19 main.cpp:126] Build: 2014-08-22 05:04:26 by root
I0923 07:11:20.921608    19 main.cpp:128] Version: 0.20.0
I0923 07:11:20.921620    19 main.cpp:131] Git tag: 0.20.0
I0923 07:11:20.921628    19 main.cpp:135] Git SHA: f421ffdf8d32a8834b3a6ee483b5b59f65956497
Failed to create a containerizer: Could not create DockerContainerizer: Failed to find a mounted cgroups hierarchy for the 'cpu' subsystem; you probably need to mount cgroups manually!

I'm running docker container with command:
docker run --name mesos-slave --privileged --net=host -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker:/var/lib/docker -v /usr/local/bin/docker:/usr/local/bin/docker gregory90/mesos-slave --containerizers=docker,mesos --master=zk://localhost:2181/mesos --ip=127.0.0.1

Everything is running on single machine.
Everything works as expected when mesos-slave is run outside docker container.

I'd appreciate some help.




--
Cheers,
Timothy St. Clair
Red Hat Inc.


_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct


_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux