-
Notifications
You must be signed in to change notification settings - Fork 293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better defaults for --docker-host
.
#1338
Comments
+1 With docker rootless, I currently use "--docker-host inherit", which works, but it would be good if this were not needed. Related to this request: can "pack" detect docker host from context if DOCKER_HOST is not set? See: https://docs.docker.com/engine/security/rootless/#client. Edit: I'll create another issue for that. |
Another problem: |
ssh-add -k "$HOME/.ssh/podman-machine-default" login into the root userssh root@localhost -p 58780 create link to docker.sockln -s /run/podman/podman.sock /var/run/docker.sock then exportexport DOCKER_HOST=ssh://root@localhost:58780 |
Relates to #1830 |
I stumbled across this today as I used another container for
It seems like, parts of pack (as in downloading images), seem to recognise The other option would be to amend the documentation to tell people to use Is there a downside to using |
Hi @till
I think we put it in the docs: And this ticket was created and linked in |
Couldn't find it, apologies. Do you have any pointers what you'd like to see in a PR? I can try to whip something up. |
I may have overlooked this also because the wording is somewhat wrong in the docs. This is not (just) related to a socket connection, but overall using For reference, I set Anyhow, if anyone has any pointers, I would make a PR that uses |
@till this should be fine, when passed
It probably makes sense for |
The |
@till There are cases when this is one single machine, for instance your are running |
@till Another example: imagine you have one Linux machine with docker running there. From point of view of that machine the docker socket is
To elaborate:
|
tl;dr we cannot universally assume |
Another example: |
related: buildpacks#1338 Signed-off-by: till <[email protected]>
I am not sure what you are guarding against. And why wouldn't the builder have access? Wouldn't that be up for the user to sort out? Or unset I think if it's set, it should be used as is as that is behaviour most people expect and that is also mentioned in blog posts (e.g. regarding podman). I made a PR as a pass, let me know if you have thoughts. It also falls back to the original behaviour, at least so I hope. |
@till I am not strongly against At least with Also with With So by using defaulting |
@matejvasek thanks for elaborating and clarifying, I think I understand what you mean. I am trying to make it behave how it is generally expected for a new user, vs. what someone needs who runs pack on a k8s cluster (though I am in that bucket). My TCP (non tls) example already works with the proper So I realize changing this may be a BC break, but I think this could be further improved by adding more variables to the build (such as the location of the TLS certs), or potentially providing an ssh config: I have to admit, I haven't looked into the internals how docker/cli connects to an ssh host, as in, where it's getting configuration from. I have only used the socket and http(s) so far. |
@till I think we could conditionally default to
|
related: buildpacks#1338 Signed-off-by: till <[email protected]>
@till even in your specific case What you could do instead: pack --network=host --docker-host=tcp://localhost:2375 <rest of args here> |
No, the dind is running per user in a tenant/namespace with resource quotas applied. Also to ensure the cache doesn't work across boundaries etc.. I definitely do not want host network. I used a service to ensure it's predictable between updates and longer running than the pod with pack. This also allows for simultaneous builds, etc.. |
There is one more way to avoid setting |
So, the issue that we have on macos (= where podman is running like docker in a local VM) is that the mount point is not correct When set the DOCKER_HOST using the unix sock file:
then lifecycle fails when executed by this pack command
Error:
|
Description
When running
pack
against docker socket at non-standard location using theDOCKER_HOST
environment variable,the user also has to set the
--docker-host
flag so export container knows how to access the daemon.Right now it defaults to
unix://var/run/docker.sock
which is not always right.The value of the flag can be determined if docker host is either
unix socket
orssh
.For
unix socket
the mapping is identity.For
ssh
we can acutally ask remote what is the value of theDOCKER_HOST
there.For
TCP
there is no way that I know of; user simply must know what to enter.The mapping could be possibly identity but there are possible problems when when accessing localhost:
the export container sees itself as localhost not the host machine running the daemon (unless
--network=host
).The text was updated successfully, but these errors were encountered: