Close to bare metal in containers, and about SPC

Cardiff
Docks {width=”240” height=”180”}

Sometimes, when you mess with LVM, iSCSI and friends, you need device access. This is actually not one of the things you will get when you start with containers. Actually, containers are hiding those ‘details’ by default.

But if you need this access, you can get it.

Privileged containers seem to be containers which are started (in the dockerland) with run --privileged, docker will then not drop privileges. To give that container even more powers, you can specify what capabilities the process should get. run --privileged --cap-add=ALL will then give you a fully privilged container with all powers, a so called super privileged container.

That container is now capable of launching all sorts of software which interacts with the kernel in several ways, i.e. launching systemd requires some privileges to work correctly.

But in this case you still do not get access to the host devices. You know, those files in /dev/. To get access to the host devices, you can eitehr specify them one by one when launching the container, using run --device=/dev/sda. This has some limitations, like: The device needs to be available when you launch the container. The second method is to pass all of /dev/ to the container using: run -v /dev:/dev. Passing /dev/ to an SPC container should give you close to what you have when you run software on bare-metal.

Some things I still need to play with are --pid=host, --ipc=host, and - some more ideas around - --net=host.

::: {#footer} [ April 28th, 2015 4:57pm ]{#timestamp} [docker]{.tag} [spc]{.tag} [lvm]{.tag} [iscsi]{.tag} [dev]{.tag} [devices]{.tag} [container]{.tag} :::