All-Hands-AI
[Feature] Support running docker-in-docker for OpenHands runtime
What problem or use case are you trying to solve?
Right now OpenHands can't really run runtime tests from OpenHands because it is not able to run docker inside the docker runtime.
Describe the UX of the solution you'd like
Figure a way to allow docker-in-docker.
Do you have thoughts on the technical implementation?
Describe alternatives you've considered
Additional context
I have OpenHands running inside a WSL container and it is creating other nested docker containers as sandboxes. Isn't this docker-in-docker?
Hey @kripper, I think i'm referring to allowing OpenHands agent itself to:
- Install docker
- and run containers within the
runtimecontainer
Not sure if this is what you are seeing now?
Currently, if you add --privilege to the container launch command, the agent is capable of installing & running docker on its own. But probably it won't work without --privilege. We are looking at something like https://github.com/nestybox/sysbox to see if it allows us to run agent inside docker, while be able to tweak around k8s/docker.
I see. Actually I'm now testing your use case. I'm trying to run:
WSL OH container --> OH Sandbox container --> my-app container
if you add --privilege to the container launch command, the agent is capable of installing & running docker on its own
Where do you set the --privilege?
BTW, how do we keep the sandbox-container and the OH-controlled-container created so we can resume them when resuming the session?
[EDIT] This was discussed here: https://github.com/SmartManoj/Kevin/issues/144
As a workaround, have you considered the idea of forwarding the port of the docker-service running on the host to the sandbox container so that OH creates the container outside the sandbox?
Thanks. It works with:
[sandbox]
docker_runtime_kwargs = { privileged = true }
IMO, this ticket can be closed.
Sorry for missing the convo! Glad that this works for you!!
OpenHands, now the issue is resolved, can you read the complete conversation here, and try to update documentation in docs/modules/usage/runtimes.md by add a section towards the end about "Running docker-in-docker with DockerRuntime"?
In v0.22, this config is not being read anymore:
docker_runtime_kwargs = { privileged = true }
This issue is stale because it has been open for 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been stalled for over 30 days with no activity.
In v0.22, this config is not being read anymore:
docker_runtime_kwargs = { privileged = true }
does this method still work? I have a similar use case where I want to run docker within the sandbox docker container to automate a test flow.
does this method still work?
Yes. I use it to run OH inside OH. https://github.com/kripper/OpenHands/commit/f3cfe728fcb48f04460dc6a054d01fa8c1cec528
docker_runtime_kwargs = { privileged = true }
This method, didn't work for me when giving this as option using the commandline and Sandbox environment variables. Would you provide details on how you are passing to the sandbox container?
Just use docker_runtime_kwargs = { privileged = true } in config.toml.
Check the logs, ps aux or debug _init_container() to make sure the args are passed to self.docker_client.containers.run().
Thanks. After a bit of digging, I was able to do what I need to do without making docker a privileged container.
Specifically for docker compilation and docker deployments, I just setup local drone CI and minikube. Works flawlessly.