Docker-1.3 makes OS X feel native without hacks

We’ve been coming up to speed with Docker, planning to use it for deployments on AWS and GCE.

 I’ve tried it before and gotten a bit frustrated with the disconnect between my daily driver — a MacBook laptop — and the docker server; the cool kids running Linux laptops have no such issues. While boot2docker is of course a huge help, I had problems.  It wasn’t running like the docs said it would, it asked for a password when bringing it up; something was seriously hosed.

Some of these turned out to be ancient installations of docker, so recently I used brew to remove them and reinstall current versions.  It took me a while to realize that my VM was running an old ~/.boot2docker/boot2docker.iso, so I removed it too and did the brew reinstall again. Even better.

Background: boot2docker for OS X

Folks running Linux run the docker server natively, but it doesn’t run native on OS X, so boot2docker was created. It runs a small VM inside VirtualBox which acts as the docker server. The ‘docker’ command can then communicate with it via a UNIX socket and we can reach it with TCP. This extra distance is what complicates things for OS X users and docker-1.3 makes this much more transparent.

Docker-1.3 wins

Chris Jone’s “How to Use Docker on OS X: The Missing Guide” has been very helpful but it was written a whopping 3 months ago. With the release of docker-1.3, some of the hacks Chris had to do are no longer needed. And these are a BFD for me!

After starting up boot2docker:

boot2docker init
boot2docker up

it tells us to set some environment variables; just do it:

DOCKER_HOST=tcp://192.168.59.105:2376
DOCKER_TLS_VERIFY=1
DOCKER_CERT_PATH=/Users/chris/.boot2docker/certs/boot2docker-vm

That HOST address and port will change if you restart your boot2docker.

So lets get into the big win caricatured in the release’s graphic.

In the sections below, I’m creating then running a container “webvol2” which pulls from DockerHub the standard “nginx” image. I want to mount a section of my local filesystem in the container so I can easily update the content HTML serves. Finally, I want a way to get into the container and look around to verify the volume is as expected.

Mount local OS X volumes in the container

I’ve been feeling like a second-class citizen, compared with my Linux brethren: they could mount local filesystems in their containers. This made it super-easy to — for example — develop web content locally and test it served by a docker-resident application, without resorting to building new images with ADD or COPY in Dockerfiles.  
There’s a great discussion on GitHub about how best to accommodate this on OS X, and happily, it was resolved on October 16 with the docker-1.3 release.  This is huge: I no longer covet my neighbor’s laptop. Check it out, “it just works”:
★ chris@Vampyre:~$ docker run -d -P –name webvol2
   -v /Users/chris/virtual/docker/html:/usr/share/nginx/html nginx

f985f7dc574ce8228c96c64dac769f6123411849330748f3dd2dce4d7daf9ef3
The above mounts a docker-related directory under my home as a volume on the container. In this case, it’s shadowing the one that was originally installed by Nginx; exactly what I want.

Get a shell in the container

Lots of folks want visibility into their containers but you have to do this manually. Some folks include an ssh server in their Dockerfile images, but this bloats the image and may pose a security risk.  Chris used ‘nsenter’ and a neat shell script to get access. That’s no longer necessary; now it’s trivial:

★ chris@Vampyre:~$ docker exec -i -t webvol2 /bin/bash
root@f985f7dc574c:/# cat /usr/share/nginx/html/index.html
Hello docker

Whoa, that’s nice. I CAN HAZ SHELL and can verify my laptop’s directory is available as a volume that Nginx can serve.