-
Notifications
You must be signed in to change notification settings - Fork 459
Docker app implementation
Docker and Podman provide similar capabilities: they offer a CLI that lets you build images from Dockerfiles and run containers, They differ in architecture:
-
Docker uses a daemon, which typically runs as root. The CLI program is typically run by a non-root user, and communicates with the daemon over a pipe.
-
Podman doesn't use a daemon. The CLI program works directly. However, the Linux 'control group' mechanism is available only to root, and the container pause/unpause mechanism relies on this. So if you want to pause containers (needed for BOINC) you have to run the CLI program as root.
What volunteers need to do:
Docker must be installed and configured so that
- the daemon is always running.
- the user under which the BOINC client runs can run the DOCKER CLI programs. There are various ways to do this: see https://docs.docker.com/engine/install/ubuntu/
We can't use Podman on Unix because the BOINC client can't run apps as root (see above).
WSL and Hyper-V must be enabled. There must be either
- A WSL distro with Podman installed. To do this, you can install a recent Linux distro (e.g. Ubuntu 22.04) from the Windows store, and install Podman on it:
sudo apt update
sudo apt -y install podman
Our plan is to create a WSL with Podman installed, put it on the Windows store, recommend that to volunteers.
- A WSL distro with Docker installed and configured so
that the daemon always runs.
It suffices to install Docker Desktop;
this creates a WSL distro called
docker-desktop
.
If both are present, a WSL distro with Podman is used.
We prefer Podman over Docker on Windows because
- Podman is simpler (for us and for volunteers who want to do it themselves) to install and configure.
- Podman is free and open source; Docker is not.
We initially considered requiring volunteers to install Docker Desktop. But this is involved; they have to create an account. Our approach is basically one click.
Here's what happens when the BOINC client runs a Docker app:
The BOINC client runs docker_wrapper
(the app version's main program)
and communicates with it (pause/resume etc.)
through shared memory, as with all BOINC apps.
docker_wrapper
interacts with Docker or Podman
by running the CLI program (using popen()
).
It issues commands to list images, build an image,
and start a container, and monitor the container.
docker_wrapper
mounts the slot directory at the container's WORKDIR.
docker_wrapper
optionally mounts the project directory in the container,
if specified in the job config file, job.toml
.
Based on info in init_data.xml
,
docker_wrapper
picks a WSL distro.
Using CreateProcess()
, it runs wsl -d distro -u root
,
which runs a shell (as root) in WSL, connected to docker_wrapper by pipes.
Using these pipes, docker_wrapper
issues Docker CLI commands,
which run in the WSL container.
These commands build images, run Docker containers, etc.
The WSL container shares the host filesystem.
The shell's current directory is that of docker_wrapper
,
namely the job's slot directory.
TBD