chronos
chronos copied to clipboard
mesos
Allow launching privileged docker containers
It'd be very useful to run docker-in-docker for example. And exposing the feature as a simple JSON attribute should be pretty easy.
@PAStheLoD could you please show more information with you. don't know why reason need run privileged docker.
We're running a patched version of Chronos (--privileged hacked in), to build docker images.
Basically, we use docker-in-docker to build and push to a private registry (running on Marathon/Mesos too), and then start the freshly built container as a Marathon service.
+1 We run a docker container that is building a database in a docker container who needs to be pushed to a private registry. We need to mount inside the container a directory.
+1 docker in docker is also what I need. Any news on this?
Update:
I think this works:
"parameters": [
{"key": "privileged", "value": "true"}
],
Another use case is to run batches on gpu slaves... So basically the jo is not executed since mesos requires privileged mode to use those slaves.
It should be possible to add a privileged field to the job definition and to Chronos' TaskInfo builder set ContainerInfo.privileged based on that.
I don't have time to implement this change myself, but if someone wants to volunteer, I could review and merge the PRs.
Actually, privileged is no longer good anyway. We no longer run tasks on gpu with privileged mode. But a gpu parameter would be a good addition.
More basically, we should simply be able to put a marathon json (gpu, constraints, mesos containerizer options...)
Yeah, finer grain control is needed for leveraging things like RexRay etc..