For docker container development, and light using, I found boot2docker to be quite convenient. I have it to boot off its ISO and then mount a permanent drive for the containers (and to store config files).
/dev/sda 19.6G 12.7G 5.9G 68% /mnt/sda/var/lib/docker/aufsWhenever there is a new version, I shut the vm down, swap the ISOs (really just point the alias to the new file), and reboot. Nice and brainless.
I do not like to use the default account, docker, to do container development and running. Also, in a nice production environment you want to have other users running their containers. So, I created a user called ducker, which is a quick play on the default username. I also would prefer not having the user homedir in the drive where the containers are, which has been suggested before. You see, the way I see containers they are by design not important; blow them up if you feel like or wonder if they have been compromised. What matters is the data and the dockerfile required to rebuild the container. As a result, ducker has an account in the fileserver, which does its RAID and backup thingie as any good fileserver should. Now, if we want to have containers created and running from ducker's account when the server boots up, we need to have said account available.
So, the plan is that whenever the boot2docker server reboots, ducker will be there. And we then have a few issues to deal with. First, docker2file's ISO can't do automount. And second, usually when we shut down any user is lost because we are running of an ISO.
boot2docker's ISO is built so that we can provide some permanent stuff, which is why it mounts /dev/sda. But, that is not the only place we can mount things, nor the only way. In /opt/bootscript.sh we have the following interesting lines:
# Allow local bootsync.sh customisation if [ -e /var/lib/boot2docker/bootsync.sh ]; then /bin/sh /var/lib/boot2docker/bootsync.sh echo "------------------- ran /var/lib/boot2docker/bootsync.sh" fi # Launch Docker /etc/rc.d/docker # Allow local HD customisation if [ -e /var/lib/boot2docker/bootlocal.sh ]; then /bin/sh /var/lib/boot2docker/bootlocal.sh > /var/log/bootlocal.log 2>&1 & echo "------------------- ran /var/lib/boot2docker/bootlocal.sh" fi
The files in /var/lib/boot2docker are in /dev/sda. Don't know which one to pick, but the second one does have a comforting Allow local HD customization message. So I will pick /var/lib/boot2docker/bootlocal.sh and add the following lines:
# Create local user, also creating the homedir adduser -D -u 1003 ducker # add user to docker group adduser ducker docker # Mount homedir mount.nfs fileserver.example.com:/export/home/ducker /home/ducker
After we create the file and reboot, we get
docker@boot2docker:~$ id ducker uid=1003(ducker) gid=1003(ducker) groups=1003(ducker),100(docker) docker@boot2docker:~$ df -h Filesystem Size Used Available Use% Mounted on tmpfs 896.6M 123.8M 772.8M 14% / tmpfs 498.1M 0 498.1M 0% /dev/shm /dev/sda 19.6G 12.7G 5.9G 68% /mnt/sda cgroup 498.1M 0 498.1M 0% /sys/fs/cgroup df: /mnt/hgfs: Protocol error fileserver.example.com:/home/ducker 295.3G 285.1G 10.0G 97% /home/ducker /dev/sda 19.6G 12.7G 5.9G 68% /mnt/sda/var/lib/docker/aufs docker@boot2docker:~$
User ducker can login because there is a public ssh key already in place. However, we did not do anything for that user's password, but there are a few ways to take care of that such as using /var/lib/boot2docker/bootlocal.sh to copy the hash into /etc/passwd. And, you really want to take care of that otherwise you will not be able to login.
No comments:
Post a Comment