Use docker 1.10 user namespacing

buildkite · Mar 17, 2016 · 700da17 · 700da17
1 parent f95ffe0
commit 700da17
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 6 deletions.
diff --git a/packer/buildkite-ami.json b/packer/buildkite-ami.json
@@ -20,11 +20,11 @@
     },
     {
       "type": "shell",
-      "script": "scripts/install-docker.sh"
+      "script": "scripts/install-buildkite.sh"
     },
     {
       "type": "shell",
-      "script": "scripts/install-buildkite.sh"
+      "script": "scripts/install-docker.sh"
     }
   ]
 }
diff --git a/packer/conf/docker.conf b/packer/conf/docker.conf
@@ -2,4 +2,4 @@
 # running containers.  The default value of 1048576 mirrors the value
 # used by the systemd service unit.
 DAEMON_MAXFILES=1048576
-OPTIONS="--default-ulimit nofile=1024:4096 -s overlay"
+OPTIONS="--default-ulimit nofile=1024:4096 -s overlay --userns-remap=buildkite-agent"
diff --git a/packer/conf/subgid b/packer/conf/subgid
@@ -0,0 +1 @@
+buildkite-agent:496:65536
diff --git a/packer/conf/subuid b/packer/conf/subuid
@@ -0,0 +1 @@
+buildkite-agent:498:65536
diff --git a/packer/scripts/install-docker.sh b/packer/scripts/install-docker.sh
@@ -1,11 +1,17 @@
-#!/bin/bash -eu
+#!/bin/bash -eux
 
 sudo yum update -yq
 sudo yum install -yq docker
 sudo usermod -a -G docker ec2-user
 sudo cp /tmp/conf/docker.conf /etc/sysconfig/docker
+sudo cp /tmp/conf/subuid /etc/subuid
+sudo cp /tmp/conf/subgid /etc/subgid
 
-sudo service docker start
+# Overwrite the yum packaged docker with the latest
+sudo wget https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 -O /usr/bin/docker
+sudo chmod +x /usr/bin/docker
+
+sudo service docker start || ( cat /var/log/docker && false )
 sudo docker info
 
 # installs docker-compose
@@ -19,4 +25,4 @@ sudo chmod +x /etc/cron.hourly/docker-gc
 
 # install jq
 sudo curl -o /usr/bin/jq -L https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
-sudo chmod +x /usr/bin/jq
+sudo chmod +x /usr/bin/jq