Getting docker running in spawned user container

[Analect]

@benz0li .. thanks for your efforts with these resources.

I am running up a user container using your glcr.b-data.ch/jupyterlab/r/verse:4.3.2-devtools-docker-root-linux-amd64 image. This looked like it was going to give me access to a running docker capability for user jovyan. While the docker executable is installed, I am getting Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?. I tried some of the obvious fixes like:

docker exec -it <spawned-user-container> bin/sh #to enable root access to the container
# then from within the container
sudo groupadd docker
sudo usermod -aG docker jovyan

However, this doesn't appear to fix. Any suggestions, if indeed this is possible. Thanks.

[benz0li]

There is just docker-ce-cli, docker-buildx-plugin, docker-compose-plugin (and docker-scan-plugin, amd64 only) installed – no Docker container engine (i.e. docker-ce): https://github.com/b-data/jupyterlab-r-docker-stack/blob/663f02125e820f493d35b55177da9c3f0e9c392a/common/subtags/docker/Dockerfile#L28-L31

---

One option is to run the container in rootless mode and use the hosts Docker engine.

docker run -it --rm \
  -p 8888:8888 \
  -u root \
  -v "${PWD}/jupyterlab-root":/home/root \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e NB_USER=root \
  -e NB_UID=0 \
  -e NB_GID=0 \
  glcr.b-data.ch/jupyterlab/r/verse:4.3.2-devtools-docker start-notebook.sh --allow-root

There are also other options.

[Analect]

@benz0li . Thanks for the info. So I'm using your deployment set-up per https://gitlab.com/b-data/docker/deployments/jupyter ... is there a setting for jupyterhub_config.py that would allow me to achieve this?

A quick search on github ... https://github.com/UCSC-Treehouse/hub/blob/master/jupyterhub_config.py#L18 ... would suggest that maybe its possible to use the gitlab spawner to attach volumes, akin to what you are doing on the command-line above. Does the user have to run as root, or could the default jovyan user be accommodated?

[Analect]

Just as an update, I modified the jupyterhub_config.py as follows:

c.Spawner.volumes = { 'jupyterhub-user-{username}': notebook_dir, '/var/run/docker.sock': '/var/run/docker.sock'}

Then I performed these steps manually, so I could get docker working with jovyan. Ideally, I would capture those steps as part of the jupyterhub_config.py too.

docker exec -it <spawned-container> /bin/bash
# this inserts me in the container as root automatically
sudo groupadd docker
sudo usermod -aG docker jovyan
sudo chmod 666 /var/run/docker.sock

This allowed me to piggy-back off the docker installation on the host machine.

[benz0li]

(Don't touch /var/run/docker.sock)

Does the user have to run as root, or could the default jovyan user be accommodated?

In this case you should use the -root image and go for jovyan with passwordless sudo capabilities:

docker run -it --rm \
  -p 8888:8888 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e GRANT_SUDO=yes \
  glcr.b-data.ch/jupyterlab/r/verse:4.3.2-devtools-docker-root

---

jupyterhub_config.py:

c.Spawner.environment = {
    'GRANT_SUDO': 'yes'
}

---

If you do not want to type sudo docker any time, add line

alias docker="sudo docker"

to file ~/.zshrc.

[benz0li]

I strongly advise against using this method on a multi-user JupyterHub server because it enables root access to the host.

[Analect]

@benz0li .. thanks for follow-up. I'll keep that in mind.