got everytihng running so far; mount still does not show up in host #7
Conversation
…e mount is only in the client container, not on the host
|
sorry for beeing inactive on this for some time. I hit my timbox limit in at work, now I have spend half a day of my spare time to look at this again with some distance. I resolved the problem by creating my own quay.io/cornelius/quobyte-client-nsenter:1.2.16 container derived from the quay.io/quobyte/quobyte-client:1.2.16 here: https://github.com/cornelius-keller/quobyte-client-nsenter . In the long run I think it would be great if the nsenter binary could be part of the quobyte-client container, so that it is not necessary to create a custom container for that. |
|
@cornelius-keller just fyi, in newer Docker releases there is mount propagation support: moby/moby#17034. The corresponding Kubernetes PR is kubernetes/kubernetes#20698. quobyte-client is definitely another use-case for that feature. When it is merged into Kube, the is no need for this hacky nsenter code anymore. |
|
Hi @cornelius-keller @sttts , |
|
@cornelius-keller @sttts I played around with Docker 1.12 + Ubuntu 16.04: Since Docker 1.12 the The following snippet allows a Mount from a Container without running it in a fully privileged mode (on CoreOS you probably don't need the $ docker run -ti \
--cap-add SYS_ADMIN \
--security-opt apparmor:unconfined \
--device /dev/fuse \
--pid=host \
-v /mnt:/mnt:shared \
quay.io/quobyte/quobyte-client:1.3.1 ./bin/mount.quobyte -f -d INFO ${REGISTRY}:7861/ /mnt
$ findmnt -m /mnt
TARGET SOURCE FSTYPE OPTIONS
/mnt quobyte@<IP>:7861/ fuse rw,nosuid,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other
$ echo "Hello Quobyte" > /mnt/TestVolume/hello.txt
$ cat /mnt/TestVolume/hello.txt
Hello QuobyteI just found a challenge that needs to be solved: If the container gets killed or crashes the mount is not usable anymore and needs a $ docker kill dadb4d1dfa78
dadb4d1dfa78
$ ll /mnt
ls: cannot access '/mnt': Transport endpoint is not connected
$ $ docker run -ti \
--cap-add SYS_ADMIN \
--security-opt apparmor:unconfined \
--device /dev/fuse \
--pid=host \
-v /mnt:/mnt:shared \
quay.io/quobyte/quobyte-client:1.3.1 ./bin/mount.quobyte -f -d INFO ${REGISTRY}:7861/ /mnt
853d6e18d45a5e72ebcc26f30f52af28abee3cf6c018ef70f36e00a88f0f366d
docker: Error response from daemon: mkdir /mnt: file exists. |
|
@casusbelli like @sttts said I think there is no need for |
|
@johscheuer, thanks for the hint! |
|
@johscheuer the need for nsenter comes exacly from having existing running kubernetes clusters where there is no mount propagaton (yet). The if you are on plain docker you don't need this, also for future kubernetes clusters it will become obsolete. |
|
Hi! As this pr is somewhat old and the nsenter topic solved i will close this at the end of the week (unless somebody wants to update & push this?). |
The main problem seems to be that with a recent change of quobyte the way devices are scanned has changed so that the one level depth subdirectories are not scanned anymore for marker files.
So the bind mounts have to point to the device directly in order to make registry, metadata and data pods run properly. Thanks to the guys at quobyte for helping me to solve this.
Next I had a problem with the client pot not finding some shared libs. After some fiddeling around I skipped the nsenter approach and use the quobyte-client docker image for this.
This is working and the client is running, however the shared mount works only in the container.
Issues remaining: