LXD/Docker in LXD

From Funtoo
< LXD
Jump to navigation Jump to search

If you have followed our notes about LXD in LXD then there is not much you need to do to be able to run Docker inside your container.

   Note

The container has to be setup similarly as for LXD in LXD (security.nesting needs to be enabled) so let us know if you want this turned on for your container at bugs.funtoo.org

Let's start a simple Hello world docker container inside our LXD container.

Install and start docker

As simple as:

root # emerge -v app-emulation/docker
root # /etc/init.d/docker start

Starting your first docker microcontainer

root # docker run --detach --name app carinamarina/hello-world-app
root # docker run --detach --name web --link app:helloapp -p 80:5000 carinamarina/hello-world-web

Go to your containers ip address and if you were not running anything on port 80 you should get:

The linked container said... "Hello World!"

Building a Funtoo Docker Container

To build a docker container you will need a Dockerfile with the description how to build an image and internet connection and docker of course.

   
# This Dockerfile creates a funtoo stage3 container image. By default it
# creates a stage3 generic 64bit image. It utilizes a multi-stage build and requires
# docker-17.05.0 or later. It fetches a daily snapshot from the official
# sources and verifies its checksum as well as its gpg signature.

# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools
# to fetch the signing key.

# we are going to use alpine as our bootstrap container
ARG BOOTSTRAP
FROM ${BOOTSTRAP:-alpine:3.7} as builder

WORKDIR /funtoo

# here are all the arguments about arch/subarch ... defined
ARG ARCH=x86-64bit
ARG SUBARCH=generic_64
ARG DIST="https://build.funtoo.org/funtoo-current"
ARG FILENAME="stage3-latest.tar.xz"
ARG BDFL_KEY="E986E8EE"
ARG BDFL_FP="E8EE"
ARG SIGNING_KEYS="11FD00FD 683A2F8A BEA87CD2 EEE54A43 62DD6D47 6B365A89"

RUN echo "Building Funtoo Container image for ${ARCH} ${SUBARCH} fetching from ${DIST}" \
 && sleep 3 \
 && apk --no-cache add gnupg tar wget xz \
 && STAGE3="${DIST}/${ARCH}/${SUBARCH}/${FILENAME}" \
 && wget -nv "${STAGE3}" "${STAGE3}.gpg" "${STAGE3}.hash.txt" \
 && gpg --list-keys \
 && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \
 && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \
 && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
 && gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys ${BDFL_KEY} ${SIGNING_KEYS} \
 && gpg --list-keys --fingerprint | grep ${BDFL_FP} | tr -d '[:space:]' | awk 'BEGIN { FS = "=" } ; { print $1 ":6:" }' | gpg --import-ownertrust \
 && gpg --verify ${FILENAME}.gpg ${FILENAME} \
 && echo "Hash value from hash file:" \
 && cat ${FILENAME}.hash.txt \
 && echo "Hash value computed:" \
 && sha256sum ${FILENAME} \
 && awk '{print $2 "  stage3-latest.tar.xz"}' ${FILENAME}.hash.txt | sha256sum -c - \
 && tar xpf ${FILENAME} --xattrs --numeric-owner \
 && sed -i -e 's/#rc_sys=""/rc_sys="docker"/g' etc/rc.conf \
 && echo 'UTC' > etc/timezone \
 && rm stage3-latest.tar.xz* \
 && rm -rf usr/src/linux-debian-sources-4.14.12 \
 && rm -rf lib64/modules/4.14.12-2 \
 && rm -rf boot/*-4.14.12-2

FROM scratch

WORKDIR /
COPY --from=builder /funtoo/ /
CMD ["/bin/bash"]

And this is how we use it. Create a directory my_funtoo_img and put the Docker file in there. And then run this:

root # mkdir my_funtoo_img
root # cd my_funtoo_img
root # touch Dockerfile

Paste the contents inside Dockerfile and continue with:

root # docker build -t funtoo .
Sending build context to Docker daemon  4.096kB
Step 1/16 : ARG BOOTSTRAP           
Step 2/16 : FROM ${BOOTSTRAP:-alpine:3.7} as builder
 ---> 791c3e2ebfcb               
Step 3/16 : WORKDIR /funtoo            
 ---> Using cache                     
 ---> 55f68b42e50c              
Step 4/16 : ARG ARCH=x86-64bit     
 ---> Using cache               
 ---> 756b8f4d4229                 
Step 5/16 : ARG SUBARCH=generic_64   
 ---> Using cache               
 ---> be81f9929e20                  
Step 6/16 : ARG SUFFIX
 ---> Using cache
 ---> 5eaf818944d2
Step 7/16 : ARG DIST="https://build.funtoo.org/funtoo-current"
 ---> Using cache
 ---> ac85a6ef2c5d
Step 8/16 : ARG FILENAME="stage3-latest.tar.xz"
 ---> Using cache
 ---> 980145cd90ab
Step 9/16 : ARG BDFL_KEY="E986E8EE"
 ---> Using cache
 ---> e4a24bfc1232
Step 10/16 : ARG BDFL_FP="E8EE"
 ---> Using cache
 ---> 6e53c1d550bf
Step 11/16 : ARG SIGNING_KEYS="11FD00FD 683A2F8A BEA87CD2 EEE54A43 62DD6D47 6B365A89"
 ---> Using cache
 ---> 9576df27fa15
Step 12/16 : RUN echo "Building Funtoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}"  && sleep 3  && apk --no-cache add gnupg tar wget xz  && STAGE3="${DIST}/${ARCH}/${SUBARCH}/${FILENAME}"  && ec
ho "STAGE3:" $STAGE3  && wget -nv "${STAGE3}" "${STAGE3}.gpg" "${STAGE3}.hash.txt"  && gpg --list-keys  && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf  && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf
&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf  && gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys ${BDFL_KEY} ${SIGNING_KEYS}  && gpg --list-keys --fingerprint | grep ${BDFL_FP} | tr -d '[:space:]' |
 awk 'BEGIN { FS = "=" } ; { print $1 ":6:" }' | gpg --import-ownertrust  && gpg --verify ${FILENAME}.gpg ${FILENAME}  && echo "Hash value from hash file:"  && cat ${FILENAME}.hash.txt  && echo "Hash value compu
ted:"  && sha256sum ${FILENAME}  && awk '{print $2 "  stage3-latest.tar.xz"}' ${FILENAME}.hash.txt | sha256sum -c -  && tar xpf ${FILENAME} --xattrs --numeric-owner  && sed -i -e 's/#rc_sys=""/rc_sys="docker"/g'
 etc/rc.conf  && echo 'UTC' > etc/timezone  && rm stage3-latest.tar.xz*  && rm -rf usr/src/linux-debian-sources-4.14.12  && rm -rf lib64/modules/4.14.12-2  && rm -rf boot/*-4.14.12-2
 ---> Running in 6df725ddcdb1 
Building Funtoo Container image for x86-64bit  fetching from https://build.funtoo.org/funtoo-current
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz
(1/26) Installing libgpg-error (1.27-r1)
(2/26) Installing libassuan (2.4.4-r0)
(3/26) Installing libcap (2.25-r1)
(4/26) Installing ncurses-terminfo-base (6.0_p20171125-r1)
(5/26) Installing ncurses-terminfo (6.0_p20171125-r1)
(6/26) Installing ncurses-libs (6.0_p20171125-r1)
(7/26) Installing pinentry (1.0.0-r0)
Executing pinentry-1.0.0-r0.post-install
(8/26) Installing libbz2 (1.0.6-r6)
(9/26) Installing libgcrypt (1.8.3-r0)
(10/26) Installing gmp (6.1.2-r1)
(11/26) Installing nettle (3.3-r0)
(12/26) Installing libffi (3.2.1-r4)
(13/26) Installing libtasn1 (4.12-r3)
(14/26) Installing p11-kit (0.23.2-r2)
(15/26) Installing libunistring (0.9.7-r0)
(16/26) Installing gnutls (3.6.1-r0)
(17/26) Installing libksba (1.3.5-r0)
(18/26) Installing db (5.3.28-r0)
(19/26) Installing libsasl (2.1.26-r11)
(20/26) Installing libldap (2.4.45-r3)
(21/26) Installing npth (1.5-r1)
(22/26) Installing gnupg (2.2.3-r1)
(23/26) Installing tar (1.29-r1)
(24/26) Installing wget (1.19.5-r0)
(25/26) Installing xz-libs (5.2.3-r1)
(26/26) Installing xz (5.2.3-r1)
Executing busybox-1.27.2-r11.trigger
OK: 25 MiB in 39 packages
STAGE3: https://build.funtoo.org/funtoo-current/x86-64bit/generic_64/stage3-latest.tar.xz
2018-09-06 00:08:23 URL:https://1570734985.rsc.cdn77.org/funtoo-current/x86-64bit/generic_64/2018-08-27/stage3-generic_64-funtoo-current-2018-08-27.tar.xz [374824936/374824936] -> "stage3-latest.tar.xz" [1]
2018-09-06 00:08:23 URL:https://build.funtoo.org/funtoo-current/x86-64bit/generic_64/stage3-latest.tar.xz.gpg [566/566] -> "stage3-latest.tar.xz.gpg" [1]
2018-09-06 00:08:23 URL:https://build.funtoo.org/funtoo-current/x86-64bit/generic_64/stage3-latest.tar.xz.hash.txt [72/72] -> "stage3-latest.tar.xz.hash.txt" [1]
FINISHED --2018-09-06 00:08:23--
Total wall clock time: 1m 18s
Downloaded: 3 files, 357M in 1m 15s (4.78 MB/s)
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 28CE446E6B365A89: 1 signature not checked due to a missing key
gpg: key 28CE446E6B365A89: public key "Daniel Robbins (metro:ryzen) <drobbins@funtoo.org>" imported
gpg: key 4BE69BAE62DD6D47: 1 signature not checked due to a missing key
gpg: key 4BE69BAE62DD6D47: public key "Daniel Robbins (metro:odroid-c2) <drobbins@funtoo.org>" imported
gpg: key 2A7B0B2EEEE54A43: 1 signature not checked due to a missing key
gpg: key 2A7B0B2EEEE54A43: public key "Daniel Robbins (metro:odroid-xu4) <drobbins@funtoo.org>" imported
gpg: key A9021CE4BEA87CD2: 1 signature not checked due to a missing key
gpg: key A9021CE4BEA87CD2: public key "Daniel Robbins (metro:jaguar) <drobbins@funtoo.org>" imported
gpg: key 3AA5CA5E683A2F8A: 1 signature not checked due to a missing key
gpg: key 3AA5CA5E683A2F8A: public key "Daniel Robbins (metro:excavator) <drobbins@funtoo.org>" imported
gpg: key 9266C4FA11FD00FD: 1 signature not checked due to a missing key
gpg: key 9266C4FA11FD00FD: public key "Daniel Robbins (metro:node) <drobbins@funtoo.org>" imported
gpg: key 9A658306E986E8EE: public key "Daniel Robbins (BDFL) <drobbins@funtoo.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 7
gpg:               imported: 7
gpg: inserting ownertrust of 6
gpg: Signature made Mon Aug 27 08:06:40 2018 UTC
gpg:                using RSA key 30737D12308C9D0C882FC34B57CB0A121BAECB2E
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   6  signed:   0  trust: 6-, 0q, 0n, 0m, 0f, 0u
gpg: Good signature from "Daniel Robbins (metro:node) <drobbins@funtoo.org>" [full]
Hash value from hash file:
sha256 dad9f3f8a58eb8a20f5697a57b30ab140cdce11a1624fde7d409070ba1052e60
Hash value computed:
dad9f3f8a58eb8a20f5697a57b30ab140cdce11a1624fde7d409070ba1052e60  stage3-latest.tar.xz
stage3-latest.tar.xz: OK
Removing intermediate container 6df725ddcdb1
 ---> 3e47b26959ff
Step 13/16 : FROM scratch
 --->
Step 14/16 : WORKDIR /
 ---> Using cache
 ---> 4bb5c1565f15
Step 15/16 : COPY --from=builder /funtoo/ /
 ---> Using cache
 ---> 6759ad727278
Step 16/16 : CMD ["/bin/bash"]
 ---> Using cache
 ---> c869e0c35b0c
Successfully built c869e0c35b0c
Successfully tagged funtoo:latest
root # docker image list
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
funtoo                         latest              c869e0c35b0c        42 hours ago        897MB