features icon indicating copy to clipboard operation
features copied to clipboard
verified publisher icon devcontainers

dind feature causing vscode remote containers plugin issue

Open appleoddity opened this issue 2 years ago • 1 comments

I have added the Docker-in-Docker feature through the Dockerfile like this (sample - not the whole file):

FROM mcr.microsoft.com/devcontainers/base:jammy

# Clone and install features
RUN git clone https://github.com/devcontainers/features.git
RUN git -C features pull && VERSION=latest features/src/git/install.sh
RUN git -C features pull && features/src/git-lfs/install.sh
RUN git -C features pull && features/src/python/install.sh
RUN git -C features pull && DOCKERDASHCOMPOSEVERSION=v2 DOCKERDEFAULTADDRESSPOOL="base=100.64.0.0/16,size=24" features/src/docker-in-docker/install.sh

dind installs fine. The first problem I noticed though is that the docker daemon does not start automatically when the container starts. So after some research, I added the following to the devcontainer.json:

"postCreateCommand": "/usr/local/share/docker-init.sh"

That starts the Docker daemon, but then I have trouble with authentication failures when using any git commands on a repo.

I get:

Error: Cannot find module '/tmp/vscode-remote-containers-d965227b-bfcf-4f38-bfc4-bec463cef2fb.js'
    at Function.Module._resolveFilename (node:internal/modules/cjs/loader:956:15)
    at Function.Module._load (node:internal/modules/cjs/loader:804:27)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
    at node:internal/main/run_main_module:17:47 {
  code: 'MODULE_NOT_FOUND',
  requireStack: []
}

And that appears to be related to this injection into ~/.gitconfig:

[credential]
        helper = "!f() { /home/vscode/.vscode-server/bin/6c3e3dba23e8fadc360aed75ce363ba185c49794/node /tmp/vscode-remote-containers-d965227b-bfcf-4f38-bfc4-bec463cef2fb.js git-credential-helper $*; }; f"

When I check the /tmp folder with and without the postCreateCommand statement in the devcontainer.json I see missing files:

Without the postCreateCommand:

vscode ➜ /workspaces/dev-environment (main) $ ls -la /tmp
total 80
drwxrwxrwt 1 root   root    4096 Sep  9 17:17 .
drwxr-xr-x 1 root   root    4096 Sep  9 17:17 ..
drwxr-xr-x 2 root   root    4096 Aug  3 18:30 build-features-src
drwxr-xr-x 1 root   root    4096 Aug  3 18:30 dev-container-features
drwxr-xr-x 2 vscode vscode  4096 Sep  9 17:17 devcontainers-21caa0c6-d0fb-4351-9c91-d24afc63d90a1694279172388
drwx------ 3 vscode vscode  4096 Sep  9 17:17 user
srwxr-xr-x 1 vscode vscode     0 Sep  9 17:17 vscode-ipc-913dd10e-d567-40fe-a3c9-6b09f98198ed.sock
-rw-r--r-- 1 vscode vscode  2071 Sep  9 17:17 vscode-remote-containers-985c8570-c040-42d0-aae1-e4a88d9f6985.js
srwxr-xr-x 1 vscode vscode     0 Sep  9 17:17 vscode-remote-containers-ipc-985c8570-c040-42d0-aae1-e4a88d9f6985.sock
-rw-r--r-- 1 vscode vscode 42212 Sep  9 17:17 vscode-remote-containers-server-985c8570-c040-42d0-aae1-e4a88d9f6985.js
srwxr-xr-x 1 vscode vscode     0 Sep  9 17:17 vscode-ssh-auth-985c8570-c040-42d0-aae1-e4a88d9f6985.sock
srwxrwxrwx 1 vscode vscode     0 Sep  8 21:09 vscode-wayland-b343312f-90ac-48c6-a012-6018cdf0db69.sock
-rw-r--r-- 1 root   root    3821 Sep  9 17:12 vsdc-settings.env
drwxr-xr-x 2 vscode vscode  4096 Sep  9 17:17 .X11-unix

With the postCreateCommand:

vscode ➜ /workspaces/dev-environment (main) $ ls -la /tmp
total 16
drwxrwxrwt 2 root   root    100 Sep  9 17:26 .
drwxr-xr-x 1 root   root   4096 Sep  9 17:26 ..
-rw-r--r-- 1 root   root   9172 Sep  9 17:26 dockerd.log
srwxr-xr-x 1 vscode vscode    0 Sep  9 17:26 vscode-ipc-6890e219-b636-4d38-8cd0-40cca5a1b9f1.sock
srwxr-xr-x 1 vscode vscode    0 Sep  9 17:26 vscode-ipc-7438a68f-188d-4219-9d25-a0046186f276.sock

Notably, if I change the postCreateCommand to something like "postCreateCommand": "/usr/bin/ls -la" it does not cause an issue. This issue appears to be directly related to trying to start the Docker daemon in the postCreateCommand.

So, my question is first, why doesn't the docker daemon start automatically after installing this feature? Is this the correct way to start it? And then, why does it seem to break other components when I do it like this?

appleoddity avatar Sep 09 '23 17:09 appleoddity

Hi 👋

I am curious of your scenario, why do you prefer running the Feature scripts within the Dockerfile instead of adding them to the devcontainer.json file? Unfortunately, we don't recommend and provide support for using the Features this way as it is not guaranteed to work.

On top of my mind, there are few reasons why using the script would fail -

  • Would need to use entrypoints instead of postCreateCommand
  • Need of privileged mode
  • Have you mounted dockerlib?

However, I would recommend adding the following to devcontainer.json 👇 to ensure docker starts and works as expected.

"features": { "ghcr.io/devcontainers/features/docker-in-docker:2": {} }

samruddhikhandale avatar Sep 12 '23 04:09 samruddhikhandale