如何在Docker容器中安装/启动docker引擎服务
我正在从jenkins的官方docker集装箱运行jenkins。 我有以下的dockerfile在https://docs.docker.com/engine/installation/linux/debian/
FROM jenkins:2.32.1 # install docker inside this container USER root # Install Docker inside Jenkins RUN apt-get update RUN apt-get purge "docker.io*" RUN apt-get update RUN apt-get install -y apt-transport-https ca-certificates gnupg2 RUN apt-key adv \ --keyserver hkp://ha.pool.sks-keyservers.net:80 \ --recv-keys 58118E89F3A912897C070ADBF76221572C52609D RUN echo "deb https://apt.dockerproject.org/repo debian-jessie main" > /etc/apt/sources.list.d/docker.list RUN apt-get update RUN apt-cache policy docker-engine RUN apt-get update RUN apt-get install -y docker-engine RUN gpasswd -a jenkins docker USER jenkins
然后我执行以下操作:
- 从这个dockerfilebuild立一个图像
- 从图像运行一个容器
- 以root用户身份在容器中执行bash
- 运行
sudo docker service start在容器内的bash中sudo docker service start
这是我得到的:
root@1e0f4b325d58:/# sudo service docker start mount: permission denied rmdir: failed to remove 'cpu': Read-only file system mount: permission denied rmdir: failed to remove 'cpuacct': Read-only file system mount: permission denied rmdir: failed to remove 'net_cls': Read-only file system mount: permission denied rmdir: failed to remove 'net_prio': Read-only file system /etc/init.d/docker: 96: ulimit: error setting limit (Operation not permitted)
如果要在docker中运行docker,则需要将容器作为特权容器运行。
所以像这样 ( 1 )是必需的:
docker run --privileged your_image:tag
你还需要小心使用iptables和App Armor,但是这有点修补之后。
另一种方法是给容器内的docker守护进程赋予访问权限, 如下所示 ( 2 ):
docker run -v /var/run/docker.sock:/var/run/docker.sock your_image:tag
参考:
1 https://blog.docker.com/2013/09/docker-can-now-run-within-docker/
2 https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/