Ok, so long story short, I want to mount CVMFS repositories in a Docker container. Is that asking too much ? The CVMFS docs say “hell no !”; and I quote :
Even the Docker docs confirm that :
When the operator executes docker run --privileged, Docker will enable to access to all devices on the host as well as set some configuration in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host.
It’s a container that has been prepared with only Anisble on it (and dependencies), allowing us to test our playbooks on various platforms. The playbook in question is one I’m working on to mount the CODE-RADE cvmfs repos statically (ie, not with autofs).
When you run the playbook, you get
Let’s see that again in the slow-motion replay :
After action frustration
So, we can reach the CVMFS repos and validate them inside the container, we just can’t create the fuse channel and this is where I left off yesterday. I just can’t figure out whether the problem is with my host machine (Is it AppArmor, some wierd config of the Docker API ?) or with the container (It’s not like I built it strangely…) or is there some fundamental problem I’m not seeing.