#I m trying to use `WithUnixSocket` but

1 messages ยท Page 1 of 1 (latest)

timid mango
#

you could check socket path and make sure it's read and mounted correct path.

#

not sure if it make any difference but the path generally mount socket is /var/run/docker.sock

#

Do you have example code?

forest owl
#

Yeah if I screw with the client path dagger complains so it's at least finding the socket on the client.

timid mango
# 
    client,err := dagger.Connect(ctx)
    if err != nil {
        return err
    }

    container := client.Container()

    socket := client.Host().UnixSocket("/var/run/docker.sock")

    container = container.
        From("docker:latest").
        WithUnixSocket("/var/run/docker.sock", socket).
        WithExec([]string{"ash", "-c", `
#!/bin/sh

v=$(mount | grep "/run/docker.sock")

if [ -n "$v" ]; then
  echo "injected-socket"
elif [ -S /var/run/docker.sock ]; then
  echo "local-socket"
else
  echo "no-socket"
  exit 1
fi
`})

    _, err = container.ExitCode(ctx)
    if err != nil {
        return err
    }

    return nil
}```
#

I just created this simple container to check socket and

#

This is the my local output

Running target: T
#1 resolve image config for docker.io/library/docker:latest
#1 DONE 0.4s

#2 mkdir /meta
#2 CACHED

#3 docker-image://docker.io/library/docker:latest
#3 resolve docker.io/library/docker:latest
#3 resolve docker.io/library/docker:latest 0.2s done
#3 CACHED

#4 docker-entrypoint.sh ash -c 
#!/bin/sh

v=$(mount | grep "/run/docker.sock")

if [ -n "$v" ]; then
  echo "injected-socket"
elif [ -S /var/run/docker.sock ]; then
  echo "local-socket"
else
  echo "no-socket"
  exit 1
fi

#0 0.110 injected-socket
timid mango
forest owl
#

Oh... I may be stupid...

#

WithExec is before the socket...

#

Fixed that and it's in there now... next step... could not open docker socket file: open /run/docker.sock: no such device or address

#

I think this won't work ๐Ÿ˜ฆ

#

I'm going to guess SCM_RIGHTS won't work across this proxied socket?

dire sedge
#

Interested in the use case though, I see "qemu" in the repo name and am intrigued ๐Ÿ™‚

forest owl
#

We'll see ๐Ÿ™‚

So the project is spinning up a VM with docker very quickly (like sub-1s).
I did this so I can test different kernels/configs for a containerd shim quickly.

Right now that's a bunch of make and shell stuff.
Working on moving that into dagger... and ideally I'd like to have a mode where qmeu is just run via dagger.

In order to eliminate the need for SSH I'm trying to forward a unix socket into the VM which will then have an init process that sets up socket activation for dockerd.

dire sedge
#

Working on moving that into dagger... and ideally I'd like to have a mode where qmeu is just run via dagger.
Neat! Are you have qemu use kvm to run the VMs? Or just software emulation? Right now /dev/kvm is not mounted into containers, but we could add that feature.

I also wonder if you'll need privileged execs for that or if /dev/kvm is good enough. Last I checked you don't inherently need any root capabilities to start a vm with kvm, but qemu does a lot of stuff so hopefully none of it requires root.

#

For the unix socket part, if you are able to run qemu fully in dagger rather than docker then you should be able to get SCM_RIGHTS and everything working since you can just directly share the unix socket between dagger containers rather than needing them to be proxied necessarily

forest owl
#

I know you need sudo for /dev/kvm... I haven't taken the time to see if that's just perms or what.

#

In dagger it would just be software emulation because of that.
But what I'm trying to do sadly doesn't really work well in dagger, so I'll build everything in dagger and then load it into docker (where I can have more control anyway).
Unfortunately that does mean some extra overhead for loading images and such but it works.

forest owl
#

That could work nicely.

#

(minus KVM access)

forest owl
#

@dire sedge In theory I should be able to share some state between dagger containers via a shared cache dir?