Use dokku-daemon to allow running inside container

[josegonzalez]

Hi! I saw your tweet about how you are using dokku via slack, and I think its awesome.

We provide the following package that should allow you to interface with dokku. You can start this process on the host, then mount the socket it creates into a container to have a bit more safety around the command being run. It's meant specifically for your use case, and is how we will be writing a future api/web dashboard around dokku.

https://github.com/dokku/dokku-daemon

Let me know how I can help, this is pretty exciting!

[yymm]

Thank you for watching :)

dokku-daemon is a good solution!

I tried dokku-daemon, as shown in the following:

% git clone https://github.com/dokku/dokku-daemon
% cd dokku-daemon
% sudo make install
% sudo service dokku-daemon start
% echo "apps" | sudo nc -U /var/run/dokku-daemon/dokku-daemon.sock -q 2

(in Ubuntu 14.04 x64, and above commands run successfully.)

But I do not know how to refer to the dokku-daemon.sock from container that was built in dokku. ( mount the /var/run/dokku-daemon/dokku-daemon.sock in the container...? )

Please tell me this usage?

[josegonzalez]

Yes, I would mount the socket into your container, and then you can write to that socket.

[yymm]

I tried to mount the socket into my container:

$ sudo dokku docker-options:add myapp deploy,run "-v /var/run/dokku-daemon/dokku-daemon.sock:/var/run/dokku-daemon/dokku-daemon.sock"
$ sudo dokku ps:retart myapp

But, Permission denied has occurred:

$ sudo dokku enter myapp --container-id XXXXXX
uYYYY@XXXXXX:~$ echo "ls" | nc -U /var/run/dokku-daemon/dokku-daemon.sock -q 2
nc: unix connect failed: Permission denied
bash: echo: write error: Broken pipe

As a way to avoid this,

• use sudo (but, buildpack can't use sudo by default)
• change the permissions (755 => 777)

These will be considered , but what is good for?

[josegonzalez]

The socket's permissions should be 777 already.

[josegonzalez]

Note: seems if you use the storage plugin and mount the directory - /var/run/dokku-daemon - the directory needs to be writeable as well before you can do anything useful.

[josegonzalez]

I've updated the code of the project to be 777, which seems to work for me. Normally you'd only mount it in a trusted container, so I think this is fine :)

---

Note: I am using the project to do container scaling from within an application deployment service. I'm using it to simulate the heroku one-off dyno feature :)

[yymm]

hubot-dokku updated using dokku-daemon!

Use dokku-daemon(Dokku v0.4.x). · yymm/hubot-dokku@8c24181

Thank you for your advice 👍

[josegonzalez]

Nice! How do you like/dislike it? Anything I should change about the project?

[yymm]

I think dokku-daemon is good :) I'm glad I can be useful in this case!

I think that it may prohibit the use of the "enter" in the same way as "apps:destroy".