container-demos icon indicating copy to clipboard operation
container-demos copied to clipboard
verified publisher icon ipfs-shipyard

Publishing container tags with IPFS in 5 seconds.

Open hosh opened this issue 11 years ago • 6 comments

Overview

  1. Make a container.
  2. Tag it.
  3. Start a container elsewhere.

Discussion

  1. Where is the tag stored? Is it tagged locally or is it published elsewhere?
  2. Or do we have a IPFS hash entry somewhere mapping tags to addresses of images?
  3. Future: what about sharing and propagating said tags?

hosh avatar Mar 13 '15 19:03 hosh

Same as #1, For docker, this means working with https://github.com/docker/distribution -- implementing https://github.com/docker/distribution/blob/master/doc/spec/api.md

jbenet avatar Mar 14 '15 17:03 jbenet

To simplify this demo, here is what I am thinking:

  1. First, get the IPFS-in-a-container working. This requires starting it with Docker 1.5.0 and starting it with additional privs: https://github.com/docker/docker/issues/9448#issuecomment-65529399 docker run -ti --cap-add SYS_ADMIN --device /dev/fuse peter/dev:sshfs /bin/bash
  2. Use a Docker Registry (https://www.vultr.com/docs/setup-your-own-docker-registry-on-coreos) that pulls a volume from the IPFS container.

I think this will work, will just have to try and see.

hosh avatar Mar 27 '15 02:03 hosh

See: https://github.com/jbenet/ipfs-container-demos/issues/4

hosh avatar Mar 27 '15 02:03 hosh

So --privileged worked. That example of using sshfs works. However, ipfs doesn't. When I attempt to run it, what appears to be blocking it is apparmor. Inside the container, this is what dmesg reports:

[15411407.627213] type=1400 audit(1427433682.487:81): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="docker-default" name="/ipfs/" pid=12399 comm="fusermount" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"
[15411407.628119] type=1400 audit(1427433682.487:82): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="docker-default" name="/ipns/" pid=12400 comm="fusermount" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"

Ubuntu's docker-default apparmor profile contains:

  mount fstype=fuse.*,

and it doesn't appear to be matching.

I don't know about apparmor, but I did try adding

  mount fstype=fuse,

but still get the same error.

hosh avatar Mar 27 '15 05:03 hosh

Using --volumes-from in a different container to link to a FUSE-mount inside a contaner may not be possible as it is now: https://groups.google.com/forum/#!msg/docker-dev/_8bAG561VAI/ofDLtK8dxigJ

cryptix@freenode suggested checking if it is the same with sshfs

hosh avatar Mar 28 '15 00:03 hosh

Tried it with sshfs still does not work. Limitation of Docker and all.

I think for this demo, I'll use docker exec to demonstrate being able to grab data from /ipfs. However, this would be more interesting if the HTTP API gets exposed.

For https://github.com/jbenet/ipfs-container-demos/issues/2 though, would have to have ipfs run on the host, and then bind-mount the container to ipfs and ipns to bring up a registry, will see what happens.

hosh avatar Mar 28 '15 01:03 hosh