Created
November 19, 2015 16:07
-
-
Save nickithewatt/e07f92922ee8c3d2602b to your computer and use it in GitHub Desktop.
wrapdocker script capable of being used to run docker in docker (dind) with jenkins mesos-plugin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" | |
echo " ABOUT TO START DOCKER ... " | |
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" | |
# -------------------------------------------------------------------------- | |
# primarily based on https://github.com/jpetazzo/dind/blob/master/wrapdocker | |
# -------------------------------------------------------------------------- | |
# Ensure that all nodes in /dev/mapper correspond to mapped devices currently loaded by the device-mapper kernel driver | |
dmsetup mknodes | |
# First, make sure that cgroups are mounted correctly. | |
CGROUP=/sys/fs/cgroup | |
: {LOG:=stdio} | |
[ -d $CGROUP ] || | |
mkdir $CGROUP | |
mountpoint -q $CGROUP || | |
mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || { | |
echo "Could not make a tmpfs mount. Did you use --privileged?" | |
exit 1 | |
} | |
if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security | |
then | |
mount -t securityfs none /sys/kernel/security || { | |
echo "Could not mount /sys/kernel/security." | |
echo "AppArmor detection and --privileged mode might break." | |
} | |
fi | |
# Mount the cgroup hierarchies exactly as they are in the parent system. | |
for SUBSYS in $(cut -d: -f2 /proc/1/cgroup) | |
do | |
[ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS | |
mountpoint -q $CGROUP/$SUBSYS || | |
mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS | |
# The two following sections address a bug which manifests itself | |
# by a cryptic "lxc-start: no ns_cgroup option specified" when | |
# trying to start containers withina container. | |
# The bug seems to appear when the cgroup hierarchies are not | |
# mounted on the exact same directories in the host, and in the | |
# container. | |
# Named, control-less cgroups are mounted with "-o name=foo" | |
# (and appear as such under /proc/<pid>/cgroup) but are usually | |
# mounted on a directory named "foo" (without the "name=" prefix). | |
# Systemd and OpenRC (and possibly others) both create such a | |
# cgroup. To avoid the aforementioned bug, we symlink "foo" to | |
# "name=foo". This shouldn't have any adverse effect. | |
echo $SUBSYS | grep -q ^name= && { | |
NAME=$(echo $SUBSYS | sed s/^name=//) | |
ln -s $SUBSYS $CGROUP/$NAME | |
} | |
# Likewise, on at least one system, it has been reported that | |
# systemd would mount the CPU and CPU accounting controllers | |
# (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu" | |
# but on a directory called "cpu,cpuacct" (note the inversion | |
# in the order of the groups). This tries to work around it. | |
[ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct | |
done | |
# Note: as I write those lines, the LXC userland tools cannot setup | |
# a "sub-container" properly if the "devices" cgroup is not in its | |
# own hierarchy. Let's detect this and issue a warning. | |
grep -q :devices: /proc/1/cgroup || | |
echo "WARNING: the 'devices' cgroup should be in its own hierarchy." | |
grep -qw devices /proc/1/cgroup || | |
echo "WARNING: it looks like the 'devices' cgroup is not mounted." | |
# Now, close extraneous file descriptors. | |
pushd /proc/self/fd >/dev/null | |
for FD in * | |
do | |
case "$FD" in | |
# Keep stdin/stdout/stderr | |
[012]) | |
;; | |
# Nuke everything else | |
*) | |
eval exec "$FD>&-" | |
;; | |
esac | |
done | |
popd >/dev/null | |
# ------------------------------------------------------- | |
# START : Fix for running out of loopback devices | |
# FROM HERE https://github.com/jpetazzo/dind/issues/19 | |
# ------------------------------------------------------- | |
#!/bin/bash | |
ensure_loop(){ | |
num="$1" | |
dev="/dev/loop$num" | |
if test -b "$dev"; then | |
echo "$dev is a usable loop device." | |
return 0 | |
fi | |
echo "Attempting to create $dev for docker ..." | |
if ! mknod -m660 $dev b 7 $num; then | |
echo "Failed to create $dev!" 1>&2 | |
return 3 | |
fi | |
return 0 | |
} | |
LOOP_A=$(losetup -f) | |
LOOP_A=${LOOP_A#/dev/loop} | |
LOOP_B=$(expr $LOOP_A + 1) | |
ensure_loop $LOOP_A | |
ensure_loop $LOOP_B | |
# ------------------------------------------------------- | |
# END : Fix for running out of loopback devices | |
# ------------------------------------------------------- | |
# If a pidfile is still around (for example after a container restart), | |
# delete it so that docker can start. | |
rm -rf /var/run/docker.pid | |
# If we were given a PORT environment variable, start as a simple daemon; | |
if [ "$PORT" ] | |
then | |
exec docker -d -H 0.0.0.0:$PORT -H unix:///var/run/docker.sock \ | |
$DOCKER_DAEMON_ARGS | |
else | |
if [ "$LOG" == "file" ] | |
then | |
docker -d $DOCKER_DAEMON_ARGS &>/var/log/docker.log & | |
else | |
docker -d $DOCKER_DAEMON_ARGS & | |
fi | |
(( timeout = 60 + SECONDS )) | |
until docker info >/dev/null 2>&1 | |
do | |
if (( SECONDS >= timeout )); then | |
echo 'Timed out trying to connect to internal docker host.' >&2 | |
break | |
fi | |
sleep 1 | |
done | |
fi | |
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" | |
echo " DOCKER STARTED !!!! " | |
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" | |
if [ "$#" -eq 0 ] | |
then | |
# Start a bash shell | |
/bin/bash | |
else | |
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" | |
echo " EXEC ADDITIONAL COMMANDS " | |
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" | |
echo "about to exec $@" | |
exec /bin/bash -c "$@" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment