Open kevinmtrowbridge opened 7 years ago
Glad someone is using it. I haven't done much with this in a while...some other folks at Pivotal picked up the ball and ran with it. On Dockerhub you can see other gpdb images now that they are building. Anyway, played around with this and the main issue that seems to be the culprit is the fact that on startup the master will ping the segments to see if they are there. In docker, since ping needs root access to open a port.... that fails. I tested this by just adding a /bin/sh to the startup so that after failure you get a shell and su - gpadmin, then ping localhost. That will fail. On a whim, i took the results of a ping localhost as root and stuck that in a text file and then replaces ping with a script that catted that file and allowed gpadmin access to those. Now when i run ping...I get a fake response. I then ran gpstart and presto....it works. The sysctl settings will might be an issue as well, but if the host level settings are "good enough" it will still run even without changing them.
Hi @dbbaskette -- remember last year, I had also tried "dockerizing" GPDB (https://github.com/kevinmtrowbridge/greenplumdb_singlenode_docker) -- but then, you seemed to do it better, you work for Pivotal, we switched our automated testing to use images generated with your Dockerfile! Thank you. I work on Alpine Chorus -- not sure if you are familiar with this product? We inherited Chorus from Pivotal.
We have a lot of automated testing that uses GPDB, and having it available in a Docker container has made our lives much easier.
Now -- the purpose of this issue: it's been my experience that GPDB needs to be run in Docker's "privileged" mode. (Travis CI is the only one of the "CI as a service" vendors that allows you to run containers in privileged mode and that's how I have been running our tests for the past year.)
As of late we've hired a "packaging engineer," and I am working with him to setup a new CI pipeline based on GitLab, Docker, and Rancher. Very exciting stuff!
Prompted by his questioning, I though it would be good to re-examine the need to run GPDB in privileged mode. (It's not that big of a deal, but I find each time I want to run our tests in a new environment, I have to figure out how to enable this, and in some places it's impossible. So essentially this acts as a friction against the promise of ultimate "portability" which is what Docker is all about.)
I'm not very familiar with GPDB, and not even really that familiar with Docker -- it is the necessity to modify the core linux settings (this sort of stuff: https://github.com/kevinmtrowbridge/gpdb-docker/blob/master/configs/sysctl.conf.add) that necessitates the privileged mode?
Is my experience the same as yours? (First question: I'm not crazy, right?) Second question: do you have any insight into whether or not the requirement for privileged mode can be removed? What needs to be done to make this happen?
Details:
Here's an example of running a GPDB image built from your repo, NOT in privileged mode:
... and here, in privileged mode:
Thanks for your work! It's nice to have at least one other person in the world who shares your problems. :)