Spike: Determine work necessary to get rid of Docker in Docker

[stxue1]

Docker in docker was originally made for Mesos, but most batchsystems nowaday are not as compatible with our current Docker in Docker configuration; there shouldn't be much reason to run the workflow inside a container that is contained inside another container. This is causing some issues with toil-wdl-runner and toil-cwl-runner whenever they try to run an image. If the appliance container isn't given the right permissions, the runners will fail; for example, Funnel wants to run all docker images as read-only with no permissions given for user namespaces, meaning Singularity cannot run. I think this will cause future issues with batch system plugins if they have specific requirements for running docker containers. It also seems like the idea of DinD is generally discouraged/frowned upon.

@adamnovak How hard do you think it would be to get rid of DinD, and do you think it would be a good idea to implement this?

┆Issue is synchronized with this Jira Story ┆Issue Number: TOIL-1562