Just a heads up for those who are looking into running Docker containers natively on WSL. While it's not usable for anything serious (even your toy project development), there is a way.
Nuances:
- We'll be using rkt and not Docker. So, no docker-compose for you.
- There will be some source code patching. Nothing serious, just a few lines.
- Very limited isolation and networking capabilities. Think of always
--privileged,--net-hostand no DNS.
WSL doesn't have cgroups at the moment, and probably won't have them anytime soon, so no way Docker would work.
Unless you know a trick to replace runc/containerd with something.
However, rkt has a "rkt fly" feature that uses simple chroot environments.
Here's what I did:
-
Installed Go 1.8.1 using godeb (I was using older 14.04 OS image). I guess
apt-get install golangshould also work, but not sure. -
Checked out rkt git repository:
git clone https://github.com/rkt/rkt.gitandcd rkt -
Installed necessary build dependencies with
apt-get install autoconf build-essential libacl1-dev realpath -
There are few issues that prevent rkt from just running. I've patched the following files:
-
In
pkg/sys/sys_linux.goinfunc Syncfs(int) errorthere is aSYS_SYNCFSsyscall that is not implemented in WSL. Let's ignoreENOSYS:if err != 0 { + if err == syscall.ENOSYS { + return nil + } return syscall.Errno(err) } -
In
stage1_fly/run/main.gothere will be some mounting failures. WSL seem to fail when host path is an empty string:if err := mounter.Mount(mount.HostPath, absTargetPath, mount.Fs, mount.Flags, ""); err != nil { log.PrintE(fmt.Sprintf("can't mount %q on %q with flags %v", mount.HostPath, absTargetPath, mount.Flags), err) - return 254 + if mount.HostPath != "" || mount.Flags != (syscall.MS_REC | syscall.MS_SHARED) { + return 254 + } } } -
And I've had to patch
pkg/mountinfo/mountinfo.go, removingsort.Sort(podMounts)line completely, and a"sort"import line (since sort isn't used anywhere else). I don't know why this was necessary, and too lazy to debug, but rkt stage1runbinary just hang otherwise, afterreadcall, not yet callingclose. I don't think rkt actually relies on results' ordering, anyway.
-
-
With those modifications I was able to build rkt normally:
./autogen.sh && ./configure --with-stage1-flavors=fly --disable-tpm --disable-sdjournal && make -
Then I was able to run a container. Here is a normal
rkt runinvocation:$ sudo ./build-rkt-1.25.0+git/target/bin/rkt run --interactive --insecure-options=image docker://hello-world:latest Downloading sha256:78445dd4522 [=================================] 971 B / 971 B run: disabling overlay support: "overlay entry not present in /proc/filesystems" run: can't mount "" on "/dev" with flags 1064960: invalid argument run: can't mount "" on "/proc" with flags 1064960: invalid argument run: can't mount "" on "/sys" with flags 1064960: invalid argument Hello from Docker! This message shows that your installation appears to be working correctly. ... -
There is a clean-up problem, though - when a pod (container) exists, mounted directories (dev, proc, sys and tmp) aren't unmounted. I haven't yet figured why, but I've had to run the following:
grep -F pods/run /proc/mounts | awk '{ print $2 }' | sort --reverse | xargs -I '{}' sudo umount '{}'(Put pod ID after
pods/run, e.g.pods/run/8ae2ec64to target a specific pod only - this is important if you have some pods still running. The reverse sorting is important, because there are some nested mounts.)After this, pod can be garbage collected:
$ sudo ./build-rkt-1.25.0+git/target/bin/rkt gc --grace-period=1s Garbage collecting pod "8ae2ec64-69fe-412a-a9f4-8e4aabd06405" -
Empty volumes (
kind=empty) are broken as well, probably because of same no-empty-source limitation. Onlykind=hostseem to work.
Of course, this is very fragile and extremely limited. But... it works! Well, sort of.
Here's a more realistic example:
$ sudo ./build-rkt-1.25.0+git/target/bin/rkt run --interactive \
> --volume=volume-var-lib-postgresql-data,kind=host,source=$HOME/tmp \
> --insecure-options=image docker://postgres:latest
run: disabling overlay support: "overlay entry not present in /proc/filesystems"
run: can't mount "" on "/dev" with flags 1064960: invalid argument
run: ignoring this mount issue
run: can't mount "" on "/proc" with flags 1064960: invalid argument
run: ignoring this mount issue
run: can't mount "" on "/sys" with flags 1064960: invalid argument
run: ignoring this mount issue
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... sysv
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
Success. You can now start the database server using:
pg_ctl -D /var/lib/postgresql/data -l logfile start
****************************************************
WARNING: No password has been set for the database.
This will allow anyone with access to the
Postgres port to access your database. In
Docker's default configuration, this is
effectively any other container on the same
system.
Use "-e POSTGRES_PASSWORD=password" to set
it in "docker run".
****************************************************
waiting for server to start....LOG: database system was shut down at 2017-04-24 23:25:02 UTC
LOG: MultiXact member wraparound protections are now enabled
LOG: autovacuum launcher started
LOG: database system is ready to accept connections
done
server started
ALTER ROLE
/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
LOG: received fast shutdown request
LOG: aborting any active transactions
LOG: autovacuum launcher shutting down
waiting for server to shut down....LOG: shutting down
WARNING: could not flush dirty data: Function not implemented
WARNING: could not flush dirty data: Function not implemented
LOG: database system is shut down
done
server stopped
PostgreSQL init process complete; ready for start up.
LOG: database system was shut down at 2017-04-24 23:25:05 UTC
LOG: MultiXact member wraparound protections are now enabled
LOG: autovacuum launcher started
LOG: database system is ready to accept connections
(For some reason, it took a good minute to start, while using CPU a lot. I think Docker in VirtualBox is much faster and less CPU-intensive.)
And in another WSL console window:
$ psql -h 127.0.0.1 -p 5432 -U postgres
psql (9.3.16, server 9.6.2)
WARNING: psql major version 9.3, server major version 9.6.
Some psql features might not work.
Type "help" for help.
postgres=# SELECT version();
version
------------------------------------------------------------------------------------------
PostgreSQL 9.6.2 on x86_64-pc-linux-gnu, compiled by gcc (Debian 4.9.2-10) 4.9.2, 64-bit
(1 row)
:-)