Pasha, please consider
We have ~4 ways:
1) Virtualize mounting cgroups in PCS7CT
+docker test will be happy and all docker-in-docker thing
-we don't want patch kernel for it and thus have a lot of non-mainline code
2) We can patch docker tests to make bindmounts from CT to DockerCT
instead of mounting cgroups from inside.
+only OUR docker test will be happy
-we will have to maintain our patches for docker test
3) We can try to send those our patches for docker test into Docker
+docker tests OK, for other people it will be easier to use
docker-in-docker with PCS7 too
-docker maintainers can say - "Why they need to change their working
code?(Why we don't allow mount cgroups?)"
4) Make docker --priviledged(which is used for docker-in-docker) option
bindmount cgroups inside docker CT
+docker tests OK, cgroups for docker-in-docker will work everywhere
-docker maintainers may find some examples where --priviledged dockerCT
does not need bindmounted cgroups
On 06/09/2015 12:30 PM, Cyrill Gorcunov wrote:
On Tue, Jun 09, 2015 at 12:17:59PM +0300, Pavel Tikhomirov wrote:
On 06/09/2015 11:51 AM, Cyrill Gorcunov wrote:
On Tue, Jun 09, 2015 at 11:48:18AM +0300, Pavel Tikhomirov wrote:
Docker tests create two level docker containers hierarchy, and they need to
mount cgroups on the first level to control containers of second level. Is
it safe to "re-revert" this patch to allow docker test(unit,integration-cli)
mount cgroups?
Could you please provide more info? Which cgroups it mounts?
It tries to mount all cgroups which it can see through /proc/1/cgroup
https://github.com/docker/docker/blob/v1.6.2/hack/dind
https://github.com/docker/docker/blob/master/hack/dind
Sigh :( So we have to allow its back then. But this won't make vdavydov@
happy. Volodya, do you see some other way?
--
Best regards, Tikhomirov Pavel
Junior Software Developer, Odin.
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
