SyntaxFix

[jenkins] Is it ok to run docker from inside docker?

I'm running Jenkins inside a Docker container. I wonder if it's ok for the Jenkins container to also be a Docker host? What I'm thinking about is to start a new docker container for each integration test build from inside Jenkins (to start databases, message brokers etc). The containers should thus be shutdown after the integration tests are completed. Is there a reason to avoid running docker containers from inside another docker container in this way?

This question is related to jenkins docker docker-dind

The answer is

Yes, we can run docker in docker, we'll need to attach the unix sockeet "/var/run/docker.sock" on which the docker daemon listens by default as volume to the parent docker using "-v /var/run/docker.sock:/var/run/docker.sock". Sometimes, permissions issues may arise for docker daemon socket for which you can write "sudo chmod 757 /var/run/docker.sock".

And also it would require to run the docker in privileged mode, so the commands would be:

sudo chmod 757 /var/run/docker.sock

docker run --privileged=true -v /var/run/docker.sock:/var/run/docker.sock -it ...

I answered a similar question before on how to run a Docker container inside Docker.

To run docker inside docker is definitely possible. The main thing is that you run the outer container with extra privileges (starting with --privileged=true) and then install docker in that container.

Check this blog post for more info: Docker-in-Docker.

One potential use case for this is described in this entry. The blog describes how to build docker containers within a Jenkins docker container.

However, Docker inside Docker it is not the recommended approach to solve this type of problems. Instead, the recommended approach is to create "sibling" containers as described in this post

So, running Docker inside Docker was by many considered as a good type of solution for this type of problems. Now, the trend is to use "sibling" containers instead. See the answer by @predmijat on this page for more info.

It's OK to run Docker-in-Docker (DinD) and in fact Docker (the company) has an official DinD image for this.

The caveat however is that it requires a privileged container, which depending on your security needs may not be a viable alternative.

The alternative solution of running Docker using sibling containers (aka Docker-out-of-Docker or DooD) does not require a privileged container, but has a few drawbacks that stem from the fact that you are launching the container from within a context that is different from that one in which it's running (i.e., you launch the container from within a container, yet it's running at the host's level, not inside the container).

I wrote a blog describing the pros/cons of DinD vs DooD here.

Having said this, Nestybox (a startup I just founded) is working on a solution that runs true Docker-in-Docker securely (without using privileged containers). You can check it out at www.nestybox.com.

Source: Stackoverflow.com

Examples related to jenkins

Maven dependencies are failing with a 501 error Jenkins pipeline how to change to another folder Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock groovy.lang.MissingPropertyException: No such property: jenkins for class: groovy.lang.Binding How to solve npm install throwing fsevents warning on non-MAC OS? Run bash command on jenkins pipeline Try-catch block in Jenkins pipeline script How to print a Groovy variable in Jenkins? Jenkins pipeline if else not working Error "The input device is not a TTY"

Examples related to docker

standard_init_linux.go:190: exec user process caused "no such file or directory" - Docker What is the point of WORKDIR on Dockerfile? E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation How do I add a user when I'm using Alpine as a base image? docker: Error response from daemon: Get https://registry-1.docker.io/v2/: Service Unavailable. IN DOCKER , MAC How to fix docker: Got permission denied issue pull access denied repository does not exist or may require docker login Docker error: invalid reference format: repository name must be lowercase Docker: "no matching manifest for windows/amd64 in the manifest list entries" OCI runtime exec failed: exec failed: (...) executable file not found in $PATH": unknown

Examples related to docker-dind

Is it ok to run docker from inside docker?

Tags

Debian Msxml4 Lokad-cqrs Der Win32ole Out-of-browser Database-cluster Fsm Ms-word Jquery-ui-accordion Network-traffic Custom-field-type Vsdbcmd Google-product-search Createuser Language-switching Darcs Flashpaper Slashdot Wcf-ria-services Elasticity Django-queryset Selection-object Google-data Coding-efficiency Fault Dbus Jquery-address Dvd-burning Catransaction Xz Dojox.gfx Automated-refactoring Pretty-urls Video-codecs Dynatree Candlestick-chart Ios32 Qlineedit Printwriter Reverse-engineering Ipsec Mod-proxy Variable-width Dojo Phpdoc Apt Groff Paintevent Top-n Datagridcolumn Probability-theory Appserver Gssapi Spf Powerbuilder-conversion Speech-to-text Office-interop Indy-9 Wcf-behaviour Ucma2.0 Cvi Release-management Auto-indent Zabbix Design-by-contract Use-strict Scalability View-path Py++ Saaj Authentication Switch-statement Google-translate C-strings Commutativity Persistence Mouselistener Xlc Mediastreamsource Crypt Timeago Extending Weboperationcontext Partcover Auto-build Aaa-security-protocol Mojo Factorization Fputs Email-client Selectinputdate Sqlsoup Contact Url-pattern Mysql-error-1242 Volumes Raw-post Idbcommand Pandastream