ish
ish copied to clipboard
ish-app
Road to docker support
Since @josete89 said docker didn't work, here's a list of what we need:
- [x] MMX support
- [ ] Linux cgroups
- [ ] Namespaces (CLONE_NEWNS, etc.)
Not sure if helpful but just ran some basic docker stuff w/ new build. Don’t need a reply
iPhone:~# docker pull helloname
Using default tag: latest
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
iPhone:~# docker run hello-world
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
iPhone:~# dockerd
INFO[2020-06-01T01:19:05.746354000Z] Starting up
WARN[2020-06-01T01:19:05.751688000Z] Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior dir=/var/lib/docker error="error getting daemon root's parent mount: open /proc/self/mountinfo: no such file or directory"
failed to start containerd: fork/exec /usr/bin/containerd: invalid argument
May be able to connect from different computer but didn’t look into further
So here's how I tried -- but failed -- to get the Docker daemon running manually:
## Start containerd in the background (which successfully started with some errors)
Gloomy-Everest:~# screen -dmS containerd /usr/bin/containerd
Gloomy-Everest:~# /usr/bin/dockerd -H unix:// --containerd=/run/containerd/containerd.sock
INFO[2020-06-01T17:17:48.972704000Z] Starting up
WARN[2020-06-01T17:17:48.975051000Z] Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior dir=/var/lib/docker error="error getting daemon root's parent mount: open /proc/self/mountinfo: no such file or directory"
WARN[2020-06-01T17:17:48.985104000Z] unable to modify root key limit, number of containers could be limited by this quota: open /proc/sys/kernel/keys/root_maxkeys: no such file or directory
FATA[2020-06-01T17:17:48.986838000Z] Your Linux kernel version 3.2.0-ish is not supported for running docker. Please upgrade your kernel to 3.10.0 or newer.
So my question is if it's possible in iSH to upgrade to a kernel newer than 3.2? What are the technical reasons for being on such an old kernel version? I'm assuming there is a reason that iSH is using such an old kernel, so I would love to hear an explanation.
The ish kernel number is faked. We discussed on discord changing it to a more modern number.
Oh, that's interesting, what is the actual kernel version in iSH? And yeah, was there any reason for choosing such an old number or has there just been no reason to make the kernel version appear as newer?
(I'm also wondering out of curiosity how dockerd retrieves the version number. Does it just grab it via uname -r?)
iSH doesn't use linux, it's all faked/emulated. The reason it's set to 3.2 is I once tried to run a program that said it needed at least 3.2, but I probably could have set it to 4.20.69.
The version number probably comes from the uname() system call.
I've encountered a different error that's still in line with this general issue:
(I just ran dockerd)
INFO[2020-07-06T20:15:33.711206000Z] Starting up
WARN[2020-07-06T20:15:33.716055000Z] Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior dir=/var/lib/docker error="error getting daemon root's parent mount: open /proc/self/mountinfo: no such file or directory"
ERRO[2020-07-06T20:15:33.722390000Z] remove /var/run/docker.pid: operation not permitted
failed to load listeners: can't create unix socket /var/run/docker.sock: operation not permitted
I haven't seen this error specifically related to iSH before, so figured this issue would be the appropriate place to put it. Any update on docker support in iSH?
Not sure if this has been discussed on Discord or anywhere else, but I was able to get docker on iSH to connect to a remote Docker instance over TCP and it pulled and ran my image no problem.
More details (for anyone curious to replicate):
My Docker host is a Raspberry Pi that I use as a companion to my iPad Pro.
I configured Docker on my Rasbperry Pi to listen on port 2375 by editing the ExecStart line in /lib/systemd/system/docker.service like so:
ExecStart=/usr/sbin/dockerd -H tcp://10.55.0.1:2375 $DOCKER_OPTS
After editing, reloaded systemd and restarted Docker to apply the changes:
systemctl daemon-reload && systemctl restart docker.service
Then in iSH I set the following variable (you'll probably want to add this to ~/.ashrc or whatever config file for your preferred shell):
export DOCKER_HOST=10.55.0.1:2375
Then from iSH I was able to connect to the Docker daemon on the Pi.
docker run -it --rm hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
4ee5c797bcd7: Pull complete
Digest: sha256:7f0a9f93b4aa3022c3a4c147a449bf11e0941a1fd0bf4a8e6c9408b2600777c5
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(arm32v7)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
Clearly, you should make sure to restrict access to the Docker listener if you use this approach. I use ufw and iptables to restrict access to the Docker listener on my Pi to only be accessible from my iPad's IP (along with some other things to limit access but I won't get any more detailed).
Sorry if this should be obvious, but could someone explain to me how connecting to a remote container instance is functionally better than merely doing ssh to the machine running the container. Put another way, what does this capability enable that is not possible with ssh to the server?
I mean, no. If you're gonna ssh into a host for all of your Docker workflows then there isn't anything inherently "better" about this approach than just SSH-ing into a Docker host and interfacing with the local Docker daemon.
The primary reason I shared this information was because I hadn't seen any positive confirmation that the docker binary on iSH works well with remote hosts.
For me, this approach provides much more convenience. I can originate all of my Docker stuff straight from iSH rather than having the extra step of having to invoke SSH. For example, I can run docker build, docker run, etc. without having to ssh into my Pi. This is useful if I have a Dockerfile stored in iSH and I want to run docker build ... from the working directory in iSH. In contrast, if I wanted to build an image via SSH, I would have to ssh into the host, then cd to the correct directory containing the Dockerfile, and then run docker build.
I don't think one approach is "better" or "worse", it's just nice to have more options.
Huh, if the Dockerfile is on iSH, do COPY commands resolve against iSH or against the remote host?
Good question. I just decided to test and it looks like it's all against iSH.
I just tested on my iSH build:
Here's my test Dockerfile (on iSH):
FROM alpine
COPY example.txt /opt/example.txt
Here's the example.txt file (on iSH):
/tmp/example-dockerfile
❯ cat example.txt
test file
Here's my build (run from iSH):
/tmp/example-dockerfile
❯ docker build -t example .
Sending build context to Docker daemon 3.072kB
Step 1/2 : FROM alpine
---> 7e4bece93b3e
Step 2/2 : COPY example.txt /opt/example.txt
---> 208714f7378a
Successfully built 208714f7378a
Successfully tagged example:latest
Then testing if the example.txt file on iSH was actually copied to the container built on the Docker daemon on my Pi:
/tmp/example-dockerfile
❯ docker run -it --rm example cat /opt/example.txt
test file
The docker binary is just a CLI client that provides an interface for interacting with dockerd via the specified socket.
When you run docker build it will tar the path you specified and use this in the post body for the request to the /build endpoint. All the fun an interesting bits happen in dockerd.
I wanted to try Apple Swift on iPad without Playground, but there's no apk package for it. I then tried going with Dock and run Swift inside it. Hope dock will work in iSH soon :)
# apk search swift
#
# vi /etc/docker/daemon.json
# service docker restart
grep: /proc/filesystems: No such file or directory
* /var/log/docker.log: creating file
* /var/log/docker.log: correcting owner
* Starting Docker Daemon ...
* supervise-daemon: unable to create control fifo: Operation not permitted
* failed to start Docker Daemon [ !! ]
#
I tried using docker on a remote host using contexts
docker context create ishtest --docker "host=ssh://[email protected]"
docker context use ishtest
docker ps
error during connect: Get http://docker/v1.40/containers/json: fork/exec /usr/bin/ssh: invalid argument
Podman would be mich nicer. No daemon needed ;) But looks like it alsodoesnot work. (For ppl who try: it's in @testing and after adding testing repo you need to install by apk add podman@testing) Sadly it just drains your battery when pulling or trying out some commands 🥸
Not sure if this has been discussed on Discord or anywhere else, but I was able to get
dockeron iSH to connect to a remote Docker instance over TCP and it pulled and ran my image no problem.
More details (for anyone curious to replicate):
My Docker host is a Raspberry Pi that I use as a companion to my iPad Pro.
I configured Docker on my Rasbperry Pi to listen on port 2375 by editing the
ExecStartline in/lib/systemd/system/docker.servicelike so:ExecStart=/usr/sbin/dockerd -H tcp://10.55.0.1:2375 $DOCKER_OPTSAfter editing, reloaded systemd and restarted Docker to apply the changes:
systemctl daemon-reload && systemctl restart docker.serviceThen in iSH I set the following variable (you'll probably want to add this to
~/.ashrcor whatever config file for your preferred shell):export DOCKER_HOST=10.55.0.1:2375Then from iSH I was able to connect to the Docker daemon on the Pi.
docker run -it --rm hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 4ee5c797bcd7: Pull complete Digest: sha256:7f0a9f93b4aa3022c3a4c147a449bf11e0941a1fd0bf4a8e6c9408b2600777c5 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (arm32v7) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/Clearly, you should make sure to restrict access to the Docker listener if you use this approach. I use
ufwandiptablesto restrict access to the Docker listener on my Pi to only be accessible from my iPad's IP (along with some other things to limit access but I won't get any more detailed).
wow ! this setup same run docker wsl on windows !
Hello. I managed to start the docker service with openrc, but when I run the "docker run" get this output:
I tried to install Docker on M1 iPad Pro, but with no success.
I followed the instructions here in the Wiki, deleted sysinit in /etc/inittab to enable openrc. After I installed Docker and restarted iSH, the app gets stuck after any command, without any error message.
Tried with M1 iPad Pro as well. Installed docker and openrc. Still getting the error:
Cannot connect to the Docker daemon ... after running docker ps
Also got this error after executing dockerd
Marks-iPad-Pro-M1:~# dockerd
INFO[2021-09-06T07:10:58.344829000Z] Starting up
WARN[2021-09-06T07:10:58.347667000Z] Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior dir=/var/lib/docker error="error getting daemon root's parent mount: open /proc/self/mountinfo: no such file or directory"
ERRO[2021-09-06T07:10:58.373546000Z] remove /var/run/docker.pid: operation not permitted
failed to load listeners: can't create unix socket /var/run/docker.sock: operation not permitted
Docker is not currently supported in iSH. You will not be able to run containers at all.
Is this something we could sponsor? It would be nice to be able to develop the Dokku project locally in iSH, and Docker support would go a long way to making that happen.
You are always welcome to sponsor iSH; we have a couple of good ways to do so listed here. However, getting Docker working in iSH involves a lot of moving parts, and crossing the finish line would require several weeks, if not months, of continuous effort. As it stands we are working on this anyways, albeit somewhat slowly. Donations would be appreciated, but are very unlikely to tip the scales with regards to development velocity or priorities.
Hello guys,
I tried to simply run the docker hello-world without any luck. I was expecting this. So I started researching a bit and I landed on this topic. As it’s more than 1 year old, maybe there are some updates you could share on the topic.
Cheers!
