docker-compose with local backend

[notestaff]

at https://github.com/broadinstitute/cromwell/blame/develop/docs/Configuring.md#L184 add a note that the local backend should not run dockerized tasks, per https://gatkforums.broadinstitute.org/wdl/discussion/9581/whats-the-best-practice-way-to-run-cromwell-server-in-docker

[geoffjentry]

Running dockerized tasks in the local backend is perfectly fine. You're referring to running a local backended Cromwell from within a docker container

[notestaff]

Right: the docs section I linked talks about running a local backended Cromwell from within a docker container (via docker-compose). @geoffjentry

[Horneth]

You could technically achieve this by adding docker to the Cromwell image and mounting the docker daemon socket. See here for an example: https://github.com/antonkulaga/cromwell-client/tree/master/services

[notestaff]

So why does https://gatkforums.broadinstitute.org/wdl/discussion/9581/whats-the-best-practice-way-to-run-cromwell-server-in-docker refer to these solutions as "terrible"? @Horneth

[Horneth]

That'd be a question to ask to the author of that post, I was only mentioning that it's possible 😄 Generally doing docker in docker doesn't work, and I suppose mounting the socket is not technically "docker in docker" but rather "docker next to docker" and you may lose a good chunk of the isolation that docker is supposed to provide. For instance if your docker tasks and Cromwell are on the same docker network you could maybe find a way to talk to Cromwell within your task which could lead to all kinds of problems.

[geoffjentry]

@notestaff @Horneth What about a line along the lines of heeding typical concerns regarding docker-in-docker situations? I don't really want to go down the path of providing various workarounds (as we already see in this thread they're controversial) but I think it'd satisfy @notestaff 's request to at least make the issue visible