Provide Docker option for installation

alecristia commented 6 years ago
riebling commented 6 years ago

Another 'gotcha' with Docker: it requires root privileges to run. (maybe not always, but for certain things) - I remember the explanation being that because it's possible to run a Docker container that does insecure things (that a normal user could not even do) it should require that you run it "as root" so that you know it may do potentially dangerous things.

About the /var file space problem: if users have root privileges, they can work around the limitation by creating a symbolic link /var/lib/docker that points to a folder with sufficient space. How to find out which folder does, and set this up, may not be something we even want to instruct novice users to try.

riebling commented 6 years ago

Candidate Vagrantfile that can do docker or virtualbox provisioning: does not do anything about the problems incurred with Docker running up disk space in /var/lib/docker...

Bring up the Docker version with

vagrant up --provider=docker

bring up the Virtualbox version with

vagrant up --provider=virtualbox
riebling commented 6 years ago

This may be a showstopper: Using Docker provider instead of Virtualbox, the shared "synced" host folder functionality is crippled. Guest OS does not necessarily have write permissions to host filesystem, it depends on the user & group & permissions of the working folder where 'vagrant up' happens.

How can we ensure that this folder is world-writable? We cannot. We want to support people running a myriad of local OS possibilities and environments, including ones where users may not have full write permissions, or root to be able to change them.

If we really want to support Docker, we may have to resort to using it directly, in place of Vagrant, which will require a new set of instructions and provisioning directives, e.g. Dockerfile instead of Vagrantfile. This may (to repeat) require users to be root.


riebling commented 6 years ago

In spite of these complaints; Vagrantfile updated to support Docker as a virtualization provider within Vagrant. Use (ubuntu) with:

chmod 777 .  # make current directory world writable
vagrant up --provider=docker

Testers for Windows,Mac needed :)

riebling commented 6 years ago

Tried it - current Vagrantfile, on a fresh Windows 10 computer with Vagrant and Docker installed, actually works! Other things tried:

saving the running Docker Container as a Docker Image docker commit <container id> srvk:divime

Saving that image as a tar archive docker image save -o divime.tar <image id>

copying that tar archive to a linux host running Docker.

loading that image into docker: docker load < divime.tar

Giving that image a better name: docker image tag 9b17e srvk/divime

Starting that image in a way similar to (but without) Vagrant, such that it has a shared host folder (/usr1/er1k/Desktop/DiViMe) mounted in the usual VM place (/vagrant):

docker run -v /usr1/er1k/Desktop/DiViMe:/vagrant -it --entrypoint /bin/bash srvk/divime

chmod 777 /vagrant
su vagrant
cd /home/vagrant

resulting in:

vagrant@fdb9186f7d4a:~$ tools/
Testing noisemes...
Noisemes passed the test.
Testing DIARTK...
DiarTK passed the test.
Congratulations, everything is OK!

Reasoning: Docker does not map file ownerships across shared host filesystem like Vagrant does, so the Docker Container has to do some things 'as root' and the host filesystem has to be world-writable.

riebling commented 6 years ago

Marking closed, documentation here:

riebling commented 6 years ago

Docker is really not a VM, and the more I read about the Docker philosophy, the less inclined I am to believe it's benefits will outweigh it's costs. Yes the philosophy is that Docker containers are 'lightweight, ephemerable, disposable' and should only run 1 process/service. But that's not the philosophy of the Diarization VM, which is to build a somewhat heavy weight, persistent tool, with control over how much hardware (disk, memory, cores) it can use. Re-implementing the entire VM as a Docker build container will not make it any more lightweight. In particular, it might break disk space in ways novice DiViMe users cannot diagnose, control, or fix.

I plan to use this space to document problems encountered in constructing a Docker-native (as opposed to Vagrant using Docker as a 'provider') container.

  1. Dockerfile is not the same as Vagrantfile - Vagrantfile uses normal shell commands, Docker commands are idiosyncratic (see 4.)

  2. Default Docker user is 'root' not 'vagrant'

  3. The default Docker shell is /bin/sh not /bin/bash (this can be overridden)

  4. Docker RUN commands require special handling

    • some need to be glommed together to run 'at once' with &&
    • commands that run as a pipeline require special pipefail error handling
    • the cacheing of RUN commands sometimes needs to be circumvented. We have no need to refer to intermediate states during provisioning time.
  5. The local working directory shared-folder implicit with Vagrant needs to be explicitly specified when running with Docker with the -v switch

  6. New commands will need to be documented for users; We will have to maintain 2 sets of instructions "Docker mode" vs "Vagrant mode", 2 sets of provision scripts (Vagrantfile, Dockerfile)

  7. Users may need to be added to 'docker' group to be able to run Docker as a nonroot user (so anyone wishing to use Docker must/might have root access on their computer)

  8. the Union File System: we have no need of a history of every state the filesystem has been in since creation. It just Grows and Grows, until /var/lib/docker fills up. Can be worked around by making symbolic links (Mac, Linux ... not Windows), assuming again users have root on their machine.

  9. Shared folders: are VOLUMEs available during docker build time? No. Can't write to the host. Can't read from the host. Sort of a showstopper vs. Vagrant technique. How will we install, e.g. HTK? Other downloadable binaries?

  10. point 2 all over again; how to create a non-root user e.g. 'vagrant' in Docker container, and not get linux spec user: unable to find user vagrant: no matching entries in passwd file message - can be worked around with useradd -m which forces home folder creation

  11. no equivalent 'vagrant destroy' - or is there? Docker rmi -f xxxxxxxxx. Docker images may pile up invisibly, using up disk.

  12. Docker tags and images and containers and hubs and repositories OH MY (terminology fatigue)

  13. Docker container and image naming conventions, please don't make DiViMe users have to look up or type in hideous strings of gobbledygook characters e.g

    docker run -it 8fd9bb45444e /bin/bash -i
    docker run -it 8fd9 --mount src="$(pwd)",target=/vagrant,type=bind /bin/bash
    • can be worked around by tagging images (containers?) at build time(?)
  14. Permission problems:
    Docker can't write to shared host filesystem: Permission denied - point 9 over again, but at runtime instead of build time. There seem to be numerous hack-arounds for this, all of them ugly. Docker developers are brittle about this going against portability, being a performance bottleneck, not working across shared 'swarm' volumes. It seems like it's a dealbreaker.

  15. Cryptic error messages:

    docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "exec: \"--mount\"\
    : executable file not found in $PATH": unknown.

    What was the actual error: wrong order of arguments to the docker command. (How in the world is that error message supposed to inform someone of what was done wrong?)

  16. Owners and permissions Part 2: when doing Docker build some things are installed as root by default, some as the default user (vagrant). To fix things up, we like to chown -R vagrant:vagrant /home/vagrant to make sure the user and group are set correctly. If you try doing this in docker, BAD THINGS HAPPEN. It's COPYING every single file, because of the stupid union filesystem that was supposed to be a selling point of Docker.

  17. Double bind: we're told that Docker container processes should not run as root. But we're also told that by default, they do. As a test, running in a container, it is possible to create a file on the shared host volume filesystem in 'bind' mode, and the owner of that file is the host's 'root' user (maybe by accident?). So if DiViMe users have root on their computers, this might be acceptable, but if they don't, there's going to be a lot of piled up files owned by root they can't do much with. (Have the Docker container delete things since it runs as root??)

  18. No sudo (by default) in container. You have to install it, and add users to sudo group manually

So long as we use it in the way it was intended, for things that are LIGHTWEIGHT, EPHEMERAL, DISPOSABLE... single process, single thread, then throw away the container. Separate containers for separate concerns. Building up a giant "VM" with numerous tools, packages, 3rd party libraries, models etc. - kind of defeats this purpose.

riebling commented 6 years ago

Here's an example of not understanding what is going on with Docker Images piling up, or how to remove them if new ones keep appearing: I don't want Docker images piling up filling disk. There's enough hidden disk bloat without Docker's help.

So I use "docker images" to see some images I've been working on lately. I use "docker rmi -f xxxxxx" to delete some.


So I repeatedly do this, until all the new ones that keep appearing go away. So theoretically I've deleted all the ones I've been adding recently.

er1k@islpc22:~/docker/DiViMe$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              0fe1d13ddf4c        5 minutes ago       10.4GB
<none>                    <none>              3c14a42d5d97        6 hours ago         937MB
<none>                    <none>              9ca77341173c        23 hours ago        937MB
ubuntu                    16.04               52b10959e8aa        9 days ago          115MB
boom/docker               latest              e500348ad975        2 weeks ago         1.02GB
srvk/divime               latest              9b17ef870b40        2 months ago        11.6GB
phusion/baseimage         0.10.1              2391dfad8777        5 months ago        241MB
tknerr/baseimage-ubuntu   14.04               634404a207da        15 months ago       260MB
tknerr/baseimage-ubuntu   16.04               8ea8daaeafe4        15 months ago       257MB
er1k@islpc22:~/docker/DiViMe$ docker rmi -f 0fe1d1
Deleted: sha256:0fe1d13ddf4c161274545d7b168488375ff7445fcb459e1cefbe08cea2dcd913
Deleted: sha256:368e3de82d35e47ec7a1b65d5e53ba3b23ce2d5b115445c01d751ff03c3d5e0d
Deleted: sha256:57273dd5f286ba1eed65b676df0dcbd4524c1bbe21905b4f53d4949b80947ad5
er1k@islpc22:~/docker/DiViMe$ docker rmi -f 3c14
Deleted: sha256:3c14a42d5d97f528203fca21945839f64d6d4615eaa509c59a1f8b2eba877e12
Deleted: sha256:1bbf78f2bcb8ab17d386cc35a13363c1b419d969d879a6ffb15a4f88600c0425
Deleted: sha256:98738d114e389a913ef6b0face138e98f3641adb9b1a8b287d34d28ac7448143
Deleted: sha256:624855d5ba0d5bc762f99e6fa7570468202f910b24c834666749715fee484c2b
Deleted: sha256:84173566ae1a339931dd9a49fb101ec8db0227e3730e6e3c5c0252e67867273e
Deleted: sha256:25c960d01fb6a7a7388f22efea90522bec548dfa93ed84a9b787262c82d12032
Deleted: sha256:dc8c572a16e9d0673d29349c45963a6f1a4769354beb4549b4c490d871768c7b
er1k@islpc22:~/docker/DiViMe$ docker rmi -f 9ca7
Deleted: sha256:9ca77341173cb845e330d5722ff2e73941e9aa238319a3a51db58c7ca7b41e00
Deleted: sha256:46d57bc8b7da78bd87c98ab3f5eed44cee7d00c50c39eeef12abfda33b735662
Deleted: sha256:1488383b076ebd9a67918ccc4e392c0126b84c265c500c6d7787c3228643fc53
Deleted: sha256:120c89b6838019e62bd5dbd47f80be492a276d07e681b4e9497519c7a1364e96
er1k@islpc22:~/docker/DiViMe$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              160dd8274150        7 minutes ago       10.4GB
ubuntu                    16.04               52b10959e8aa        9 days ago          115MB
boom/docker               latest              e500348ad975        2 weeks ago         1.02GB
srvk/divime               latest              9b17ef870b40        2 months ago        11.6GB
phusion/baseimage         0.10.1              2391dfad8777        5 months ago        241MB
tknerr/baseimage-ubuntu   14.04               634404a207da        15 months ago       260MB
tknerr/baseimage-ubuntu   16.04               8ea8daaeafe4        15 months ago       257MB
er1k@islpc22:~/docker/DiViMe$ docker rmi -f 160d
Deleted: sha256:160dd827415090ecc26ad9ffaaa2701aff02ea57b2db7ef41e4cf2bd47685fbe
er1k@islpc22:~/docker/DiViMe$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              aad4362c5347        14 minutes ago      6.39GB
ubuntu                    16.04               52b10959e8aa        9 days ago          115MB
boom/docker               latest              e500348ad975        2 weeks ago         1.02GB
srvk/divime               latest              9b17ef870b40        2 months ago        11.6GB
phusion/baseimage         0.10.1              2391dfad8777        5 months ago        241MB
tknerr/baseimage-ubuntu   14.04               634404a207da        15 months ago       260MB
tknerr/baseimage-ubuntu   16.04               8ea8daaeafe4        15 months ago       257MB
er1k@islpc22:~/docker/DiViMe$ docker rmi aad4
Error response from daemon: conflict: unable to delete aad4362c5347 (must be forced) - image is being used by stopped container 7b2d48361bd4
er1k@islpc22:~/docker/DiViMe$ docker rmi  -f aad4
Deleted: sha256:aad4362c5347d13844d3d58ad7412e3b7d7e57eb24d2d409f9a479c62ccd3e9e
er1k@islpc22:~/docker/DiViMe$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              8fb601f4f7e7        19 minutes ago      6.39GB
ubuntu                    16.04               52b10959e8aa        9 days ago          115MB
boom/docker               latest              e500348ad975        2 weeks ago         1.02GB
srvk/divime               latest              9b17ef870b40        2 months ago        11.6GB
phusion/baseimage         0.10.1              2391dfad8777        5 months ago        241MB
tknerr/baseimage-ubuntu   14.04               634404a207da        15 months ago       260MB
tknerr/baseimage-ubuntu   16.04               8ea8daaeafe4        15 months ago       257MB
er1k@islpc22:~/docker/DiViMe$ docker rmi  -f 8fb6
Deleted: sha256:8fb601f4f7e736b0ef717a02f5d19ba0d32c1965b3d3a4e34a2ab2c84286a384
Deleted: sha256:bf91b3ff8c7314f1d693b1f6ab3f4bb9aa0aa4ae61780929c93f891a4d08f38c
Deleted: sha256:bb9ff28c4dbdd29192d7424fa41e207a919e2d9f7a7cbe961b05a79411a82a51
Deleted: sha256:250efa5eb3ced9ff8eb67f0bb06324b2805a492aecc5c3cace6916c0e6e07849
Deleted: sha256:784b7125cd9264274887b55b063af8c3cfe3fd978aef01951e1b2cea4398c94f
er1k@islpc22:~/docker/DiViMe$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              d31b68cedfed        About an hour ago   5.94GB
ubuntu                    16.04               52b10959e8aa        9 days ago          115MB
boom/docker               latest              e500348ad975        2 weeks ago         1.02GB
srvk/divime               latest              9b17ef870b40        2 months ago        11.6GB
phusion/baseimage         0.10.1              2391dfad8777        5 months ago        241MB
tknerr/baseimage-ubuntu   14.04               634404a207da        15 months ago       260MB
tknerr/baseimage-ubuntu   16.04               8ea8daaeafe4        15 months ago       257MB
er1k@islpc22:~/docker/DiViMe$ docker rmi -f d3ab68
Error: No such image: d3ab68
er1k@islpc22:~/docker/DiViMe$ docker rmi -f d31b68
Deleted: sha256:d31b68cedfed734ebdc60dcee49f65a20e02025884bf851f2dac5f86d50dc542
Deleted: sha256:fda0058fac64ac732b5770b69e94f62fb007b5abb4fbbdd6123e66dc8af9ef4b
er1k@islpc22:~/docker/DiViMe$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              a56208d6898d        About an hour ago   5.93GB
ubuntu                    16.04               52b10959e8aa        9 days ago          115MB
boom/docker               latest              e500348ad975        2 weeks ago         1.02GB
srvk/divime               latest              9b17ef870b40        2 months ago        11.6GB
phusion/baseimage         0.10.1              2391dfad8777        5 months ago        241MB
tknerr/baseimage-ubuntu   14.04               634404a207da        15 months ago       260MB
tknerr/baseimage-ubuntu   16.04               8ea8daaeafe4        15 months ago       257MB
er1k@islpc22:~/docker/DiViMe$ docker rmi -f a56208
Deleted: sha256:a56208d6898d49ba432d5bd2ea27edcea9298e6ca7e1e8341b67746a4a5f668d
er1k@islpc22:~/docker/DiViMe$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              1510fc4c8671        2 hours ago         5.93GB
ubuntu                    16.04               52b10959e8aa        9 days ago          115MB
boom/docker               latest              e500348ad975        2 weeks ago         1.02GB
srvk/divime               latest              9b17ef870b40        2 months ago        11.6GB
phusion/baseimage         0.10.1              2391dfad8777        5 months ago        241MB
tknerr/baseimage-ubuntu   14.04               634404a207da        15 months ago       260MB
tknerr/baseimage-ubuntu   16.04               8ea8daaeafe4        15 months ago       257MB
er1k@islpc22:~/docker/DiViMe$ docker rmi -f 1510f
Deleted: sha256:1510fc4c8671c892d594a420b1ab98ddf64bf61b2a6bb6fcdf9d9d292148d467
Deleted: sha256:744d50696bc095abf4da00459b279ad2a4f8ccacc70a477a285814df2519e162
Deleted: sha256:43c8fec079810b3d953f7bf9b595c6ca6f991da3398c9fe625996902a251f9e2
Deleted: sha256:abc265b387a2f0bb95ae728eb057dca1ca8ce44a65f7403c13c5b6e9669ab13f
Deleted: sha256:855aec249a5a728ad26c8fde5c12a9aefb33cbd7c41a0c8812e890b3a8342787
Deleted: sha256:a6e9f623c6f9ff5fa468da6d4efc665497d27e194fa8118f3b4f2a9a848ab785
Deleted: sha256:8c5be0825e8e544686874abe50602c68c901a68c8e398291334f4bc7dbed501b
Deleted: sha256:b0b1f9758ed892ee22cf970595a477ee4437627ea1698092eb107eb9e4a5481b
Deleted: sha256:5a1c26c7a2ccd7684444bf365498f03b3273f886c09fe70aecb39bc23760bd05
Deleted: sha256:4f8689351dc5335c1b1fd4f8726661d85c558a2cddf5a7cd639b1dcd2afdf41e
Deleted: sha256:91f71b2822fe1f6039a1d0b3af52d960fbdb0d235db0c340560bd46203178cf1
Deleted: sha256:c3f5a385355cbc3b58d7d56051fca800096f162615370f77d0a2c2d707e5e641
Deleted: sha256:baf5a2e795e2e1e971226d36859de98dbadef4f0162fa25f010d975f46f85827
Deleted: sha256:71c3e3cd9de12582c8a47c57e2c074970666ad43677f12c8930b2f7867541573
Deleted: sha256:91bacb94fa637710c0bd28091a605c88ec962202df9ba3aa7a95a37aba12b1b1
Deleted: sha256:6e5712d0a0e6a9dff6478d4f0ae8607970d6f78602a233d55a114f8bb9e27656
Deleted: sha256:098bdc3cf1d1727b21b013c68520be4dbbc4faac6cbf449f2981ca072b255e92
Deleted: sha256:4a909aeac6578ef37562a23f62b3baa8f3ee946dbed0b2383644104585b4c572
Deleted: sha256:c5db11e935f9b2e65c0b48a6d7efc648053d9b86eacb9276b87a26ed37cfc7e2
er1k@islpc22:~/docker/DiViMe$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
ubuntu                    16.04               52b10959e8aa        9 days ago          115MB
boom/docker               latest              e500348ad975        2 weeks ago         1.02GB
srvk/divime               latest              9b17ef870b40        2 months ago        11.6GB
phusion/baseimage         0.10.1              2391dfad8777        5 months ago        241MB
tknerr/baseimage-ubuntu   14.04               634404a207da        15 months ago       260MB
tknerr/baseimage-ubuntu   16.04               8ea8daaeafe4        15 months ago       257MB
er1k@islpc22:~/docker/DiViMe$ !sudo
sudo du -hs /usr1/docker
53G    /usr1/docker
er1k@islpc22:~/docker/DiViMe$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              b513e29a2afb        3 days ago          16.4GB
ubuntu                    16.04               52b10959e8aa        12 days ago         115MB
boom/docker               latest              e500348ad975        3 weeks ago         1.02GB
srvk/divime               latest              9b17ef870b40        2 months ago        11.6GB
phusion/baseimage         0.10.1              2391dfad8777        5 months ago        241MB
tknerr/baseimage-ubuntu   14.04               634404a207da        15 months ago       260MB
tknerr/baseimage-ubuntu   16.04               8ea8daaeafe4        15 months ago       257MB
er1k@islpc22:~/docker/DiViMe$ docker images -q --filter "dangling=true"
er1k@islpc22:~/docker/DiViMe$ docker rmi -f b513
Deleted: sha256:b513e29a2afbe7f4b4e3fa115d08dbb7ddf6f321ea0a20bcfbafa1ba59f53a04
Deleted: sha256:d397b5d700c65234853aa3fd628e97453038a9baca2317313d14c07357f4e5f2


What the heck is going on?

riebling commented 6 years ago

Current issue, a catch-22: We want things to run inside the Docker container as user 'vagrant' (it's baked into almost all our code) - but 'vagrant' doesn't have write permission to shared volume '/docker'. If instead we run in the container as user 'root', which DOES have permission to write to /vagrant, things break. For example they python virtualenv is installed belonging to user 'vagrant', not 'root'. When doing RUN commands in the Dockerfile we have to be very careful which user it's running as

Also by default, there is no sudo, and user vagrant does not have sudo privileges. (unlike in the VM)

Turns out one technique is to make the host working directory WORLD WRITABLE with chmod 777 .. I have no idea how this will work in a Windows+Docker environment.

riebling commented 6 years ago

If you docker run a shell in a container, then exit... things done to the container DO NOT PERSIST. I just installed software so it could have sudo and mlocate, exited, re-ran, and they're not there.

(Maybe there's some way to find a new UUID for a new image that is the result of the previous docker run ..., and so you docker run that NEW UUID to get the changes, otherwise you're running the old version?)

riebling commented 6 years ago

Still not sure how to manage space used by Docker on a computer, it seems they want to hide that from you, or make up new, obscure, cryptic ways to do it. So trying one of these ways: docker container prune - here goes, and what does this even mean?

er1k@islpc22:~/docker/DiViMe$ docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Deleted Containers:

Total reclaimed space: 14.9GB
riebling commented 6 years ago It's an ongoing struggle. There's no good solution. We need Docker to map userids between Container and Host, and Docker folds their arms like a petulant Trump and refuses, because it's "Not the Docker Way"

I don't see how our code can work when it's not free to create and remove files on the host (which it all refers to as /vagrant/data/...)

WORKAROUND: make working directory world-writable. make subdirectories the same (if they are to be written to) such as /vagrant/data and /vagrant/Yunitemp

riebling commented 6 years ago

After making much noise on the topic (see above), I have produced and tested (minimally) a Dockerfile that produces a Container that passes the self-test (tools/ There are still more things to do:

riebling commented 6 years ago

Some more good news:

riebling commented 6 years ago

A problem with Docker: any scripts intended to run outside the VM (at least the one to get ACLEW Starter data) cannot simply call "vagrant ssh ..." any more, but will need parallel Docker specific commands.

It wasn't such a difficulty to make Docker 'see' it's shared host folder as /vagrant and have a user named 'vagrant', but it's definitely getting too Vagrant-centric to have scripts that assume a Vagrant VM is currently running.

riebling commented 5 years ago

This is nearly nearly done, in terms of the Dockerfile. But that will need to be updated to match any changes to Vagrantfile, especially in light of the work @junghanw is doing for the branch. And the documenting part "how to run Docker mode" vs Vagrant mode still needs to be done