Docker is a Linux "container virtualization" system, which allows software to be distributed along with dependencies in a single "container" while isolating the running application from the rest of the host system. This approach is much lighter weight than full hardware virtualization a la KVM/Xen, but does not offer all possible features of hardware virtualization (e.g. you cannot run a different kernel or arbitrarily insert kernel modules). It also relies strongly on Linux kernel features so the host OS must support it appropriately.

It is possible to run FUSE filesystems inside a container, but FUSE must be enabled on the host system. Docker will not enable you to load kernel modules that you couldn't load on the host. On the other hand, Docker will allow you to mount a FUSE filesystem at an arbitrary place in the directory tree, as seen by your applications. So you can add a standard /cvmfs mount point in the container.

Installation

Some notes about installing Docker (general instructions here):
  • Docker can be installed from the EPEL repositories for CentOS 6 as the package docker-io. Running a CentOS-derived guest image on a CentOS 6 host causes trouble in Docker 0.9 (e.g. no inbound ssh connections) unless you (totally) disable SELinux on the host. Docker 0.10 is in EPEL-testing.
  • Docker can be installed on OpenSUSE 13.1 with no additional complications.

Building an image

Docker makes it very easy to build an image (especially when compared to hardware virtualization which expects a disk image). The script to run is specified in a "Dockerfile" and building the image is performed with a single command. (Attached to this page is a sample Dockerfile + a few additional files, which will create a container with CVMFS.)

To build an image with CVMFS:

  • untar the .tgz
  • run docker build -t cvmfs . ("cvmfs" will identify the image)

Note you may be able to download the prebuilt image "ponyisi/cvmfs" from the docker.io repository; let me know if this works for you.

Running and connecting to an image

We will run the image with NAT forwarding to SSH port 22:
  • docker run -d -P --privileged --name rcvmfs cvmfs (starts container rcvmfs from image cvmfs; -d = run in background; -P = map network ports; --privileged = allows use of FUSE)
  • figure out what the NAT IP is (constant for Docker instances): /sbin/ifconfig | grep -A 1 docker
  • figure out what the remapped port 22 is: docker port rcvmfs 22 (take only the port number, e.g. 49153)
  • ssh to the container: ssh root@ -p (e.g. ssh root@172NOSPAMPLEASE.17.42.1 -p 49153)
  • the root password for this container is "screencast" (no quotes).

CVMFS Image Issues

  • "mknod" for /dev/fuse is a "privileged" operation - for now we cannot execute it during the docker build, and so the Dockerfile doesn't fully describe the steps needed to make the image. For now run mknod when the container starts.
  • There seems to be a conflict with autofs. For now explicitly mount atlas.cern.ch and atlas-condb.cern.ch in the correct places.

-- PeterOnyisi - 13 May 2014

Topic attachments
I Attachment History Action Size Date Who Comment
Compressed Zip archivetgz docker_cvmfs.tgz r1 manage 1.4 K 2014-05-13 - 18:52 PeterOnyisi Tarball describing how to build a CentOS 6 image with cvmfs
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2014-05-13 - PeterOnyisi
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback