Short question Is it possible to mount ` var run docker sock Pants #general

Short question: Is it possible to mount `/var/run/...

microscopic-parrot-94355

01/25/2024, 3:16 PM

Short question: Is it possible to mount

/var/run/docker.sock

inside a docker_environment during tests? Longer question: I've successfully set up my repo to run my tests in a docker-environment. (🎉 ) However, some integration tests use the nifty python

testcontainers

package to stand up a database, which uses docker through python's

docker

package. When I run tests that use this, I get errors:

Copy code

docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))

According to a bit of online sleuthing, this error is likely due to the "docker daemon not running", which usually listens on

/var/run/docker.sock

. I've installed docker into the container, and if I run with a volume mount, the usual docker commands just work:

Copy code

$docker run -it --volume /var/run/docker.sock:/var/run/docker.sock my-image /bin/bash
root@ccc1e128ec75:/src/astrometry# docker ps
CONTAINER ID   IMAGE     COMMAND         CREATED         STATUS         PORTS   NAMES
ccc1e128ec75   my-image  "/bin/bash"     3 seconds ago   Up 2 seconds           affectionate_maxwell

I suspect that the tests will also "just work" if we mount the docker socket into the container. Is there a way to tell pants to do this when running the test environment?

fast-nail-55400

01/25/2024, 4:10 PM

There was some (ongoing) work to allow specifying mounts for

docker_environment

fast-nail-55400

01/25/2024, 4:10 PM

https://github.com/pantsbuild/pants/pull/20322

fast-nail-55400

01/25/2024, 4:12 PM

I presume you would just bind mount

/var/run/docker.sock

into the container using that support. But it has not landed yet, so no way to do that currently.

👍 1

microscopic-parrot-94355

01/25/2024, 4:13 PM

Cool! I'll take this as a "not available yet, but maybe soon". Seems that my options are spin up docker-in-docker for the test container, or refactor my code in order to make the specific tests I need run in the default environment. I'll probably go with the latter, since I think it's possible in this case.

microscopic-parrot-94355

01/25/2024, 4:13 PM

Should I add this as a use case in the PR comments?

fast-nail-55400

01/25/2024, 4:14 PM

You can, although I cannot speak for the PR's author as to whether it will be part of the intended scope of the PR.

👍 1

fast-nail-55400

01/25/2024, 4:14 PM

since "get docker in docker working" is a bit more scope than "mount some directory into container"

microscopic-parrot-94355

01/25/2024, 4:18 PM

Agreed that it could take more work, but I think there's a good chance it will come for free 🙂, which would a killer improvement for me and probably some other folks who use containers. Note that people do tend to distinguish "run docker in docker" (which refers to running the docker daemon in the container) from "mounting the docker socket", with the latter being preferred.

microscopic-parrot-94355

01/25/2024, 4:18 PM

I'll mention that it's worth trying to see if it works. Thanks for your help!

curved-television-6568

01/26/2024, 8:24 AM

another (potentially less secure) option is to connect to the daemon over TCP using

DOCKER_HOST

option... requires some configuration tweaks for the daemon config though, and may be a no-go based on security concerns for the server socket being too open.

2 Views

Open in Slack

Previous Next