From 3a763c0647cf0e4d5e9c00d3283a3895484b23cc Mon Sep 17 00:00:00 2001 From: Maxim Kuvyrkov Date: Sat, 9 Jul 2016 10:23:01 +0100 Subject: trusty-*-tcwg: Don't use VOLUME for bind-mounts Turns out that dockerfile's VOLUME command doesn't support bind-mounts on purpose (to stay portable). It only supports scratch mounts and mounts from other docker containers (--volumes-from). The ":" in the VOLUME's argument is treated as a normal character, so we get a bunch of scratch mounts with long strange names. So leave /tmp scratch mount in the dockerfile and remove all bind-mounts. Also copy comments on VOLUME and "VOLUME /tmp" to amd64 and i386 dockerfiles. Change-Id: Ic0644a93a9d7de7c2792b5ae7e56c59455488ccf --- trusty-armhf-tcwg/Dockerfile | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'trusty-armhf-tcwg') diff --git a/trusty-armhf-tcwg/Dockerfile b/trusty-armhf-tcwg/Dockerfile index 4e14d08..1c183b4 100644 --- a/trusty-armhf-tcwg/Dockerfile +++ b/trusty-armhf-tcwg/Dockerfile @@ -72,8 +72,20 @@ RUN groupadd -g 9000 tcwg-infra \ EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"] -VOLUME /srv/docker/ssh/id_rsa_tcwg-buildslave.pub:/home/tcwg-buildslave/.ssh/authorized_keys:ro -VOLUME /srv/docker/ssh/tcwg-buildslave.config:/home/tcwg-buildslave/.ssh/config:ro -VOLUME /home/tcwg-buildslave/snapshots-ref:/home/tcwg-buildslave/snapshots-ref:ro -VOLUME /home/tcwg-buildslave/workspace:/home/tcwg-buildslave/workspace:rw +# Unfortunately, VOLUME doesn't support bind-mounts for portability reasons. +# Therefore, the bind-mounts for the following paths are configured in +# the ci.linaro.org's docker plugin. +# SSH credentials for tcwg-buildslave (read-only): +# /srv/docker/ssh/id_rsa_tcwg-buildslave.pub:/home/tcwg-buildslave/.ssh/authorized_keys:ro +# /srv/docker/ssh/tcwg-buildslave.config:/home/tcwg-buildslave/.ssh/config:ro +# Sources caches (read-only): +# /home/tcwg-buildslave/snapshots-ref:/home/tcwg-buildslave/snapshots-ref:ro +# Workspace (read-write): +# /home/tcwg-buildslave/workspace:/home/tcwg-buildslave/workspace:rw + +# We use ssh multiplexing, which creates sockets in /tmp. Overlayfs, +# which docker is using can't host sockets, so we use a scratch mount +# for /tmp. This requires that we add --rm option to "docker run" +# invocations (e.g., mark "Remove volumes" checkbox in docker plugin) to +# cleanup host directories used for the scratch mounts. VOLUME /tmp -- cgit v1.2.3