"drone exec" won't work inside a docker image

To test this, I first build a docker image with both docker and drone-cli installed, here is the procedure:

git clone https://github.com/azuruce/docker-drone.git . # checkout .drone-nopush.yml and Dockerfile
cd docker-drone
drone exec .drone-nopush.yml . # this should generate docker-drone image locally successfully
docker run --rm -it -u root -v /var/run/docker.sock:/var/run/docker.sock -v pwd:/xxxx azuruce/docker-drone:nopush sh
cd /xxxx . # go to the dir holding Dockerfile and drone-nopush.yml
ls .drone-nopush.yml Dockerfile . # check the files are there in inside docker
drone exec .drone-nopush.yml # trigger the problem

[build:L1:0s] + ls -al
[build:L2:0s] total 4
[build:L3:0s] drwxr-xr-x 2 root root 40 May 7 05:21 .
[build:L4:0s] drwxr-xr-x 3 root root 4096 May 7 05:23 …
[build:L5:0s] + docker build -t azuruce/docker-drone:nopush .
[build:L6:0s] unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /drone/src/Dockerfile: no such file or directory
2018/05/07 05:23:23 drone_step_0 : exit code 1

The issue is when docker-drone is mounted, it will not mount current directory.
Something interesting is if I replace xxx above with /User, then the “ls-al” in build:L1 will print out files inside my /Users directory at my mac’s root.

ls -al /users . # . supposed this will show three directory: JOHN, DAVE, EMMA
docker run --rm -it -u root -v /var/run/docker.sock:/var/run/docker.sock -v pwd:/Users azuruce/docker-drone:nopush sh
cd /Users
ls .drone-nopush.yml Dockerfile . # I can see Dockerfile here
drone exec .drone-nopush.yml # trigger the problem

[build:L1:0s] + ls -al
[build:L2:0s] total 4
[build:L3:0s] drwxr-xr-x 5 root root 160 Jan 19 00:40 .
[build:L4:0s] drwxr-xr-x 3 root root 4096 May 7 05:27 …
[build:L5:0s] -rw-r–r-- 1 root root 0 Jul 15 2017 JOHN
[build:L6:0s] drwxrwxrwt 6 root root 192 Jan 19 00:40 DAVE
[build:L7:0s] drwxr-xr-x 72 root root 2304 May 7 05:14 EMMA

I have checked my local docker version is exactly the same as the docker-drone I build (18.03.0-ce)
Anyone has idea?

If I use xxxx, I can inspect the container after “drone exec” by running “docker inspect <container_id>”, and I can find a mounts section with below information where the Source is a dir that contains my docker-drone files.
This is really weird as it seems mount is successful.

“Mounts”: [
“Type”: “bind”,
“Source”: “/var/run/docker.sock”,
“Destination”: “/var/run/docker.sock”,
“Mode”: “”,
“RW”: true,
“Propagation”: “rprivate”
}, {
“Type”: “bind”,
“Source”: “/Users/<user_name>/docker-drone”,
“Destination”: “/xxxx”,
“Mode”: “”,
“RW”: true,
“Propagation”: “rprivate”

ping, I mainly try to run “drone exec” on a jenkins cluster so I can use drone’s pipeline with jenkins’ trigger

What you are trying to achieve technically is “Docker in Docker”. There is literature on it, and it’s not trivial. I recommend not doing it.

The final solution design is kinda nuts. Running Drone in Jenkins in a container… I’m sure you have your reasons, but best to get a VM and install Drone.

Yeah, the problem is not drone related. It is DOOD: same as this:

someone had a solution below. What it does is lookup docker ps. If current process is running inside a DOOD, then the HOST_DIR must come from the evaluation below

CONTAINER_ID="$(docker ps --filter “volume=MOUNT_IN_JENKINS" --format '{{.ID}}')" HOST_DIR="(docker inspect “$CONTAINER_ID” | jq --raw-output '.[0].Mounts[] | select(.Destination==”’"$MOUNT_IN_JENKINS"’").Source’)"

I found two solutions other than running jenkins out side of docker:
One is running below line if DooD and find out the pathname on the HOST to mount (docker inspect $HOSTNAME | grep pwd | head -1)
The other is make sure jenkins docker image map the same path from host to guest.
I want to do this b/c jenkins itself is currently in k8s, it is not a great usecase.

I want to do this b/c jenkins itself is currently in k8s, it is not a great usecase.

That case you can run the Drone containers in k8s as well. While Drone is not fully compatible in design with k8s, it can be done.

One way is to just move the Drone compose file to the k8s yaml format. This way Drone would spin up containers outside of the k8s scheduler, thus racing for resources with k8s. As a k8s admin, I wouldn’t like this at all, unless there are dedicated nodes for this.

An other way is to launch the agent in a Docker in Docker setup within a pod. This would work with the Kubernetes scheduler better, but then again Docker in Docker may be a pain to set up.

You may find some more info in this issue :https://github.com/drone/drone/issues/1815 It’s meant to alter Drone’s design to launch k8s pods instead of docker containers, thus playing better with k8s.

1 Like