Silly tricks with Docker in the JPC

Message from 2018: I was going through my blog post drafts and found this post.
I've made few small tweaks to it that seem to be what I was hoping to add before publishing.
If you've ever wanted to replace your SSH access to a native branded zone with docker exec access, this is the blog post for you. We now return you to the bleeding edge of at least 1 or 2 years ago:

As a quick pre-emptive caveat, this post describes using the Docker CLI tool basically to managed what Joyent are calling "infrastructure containers". Classic illumos zones with many processes in them, not the kind of containers that you typically create and run with Docker. It's a how-to on using the Docker CLI instead of the CloudAPI tools you might usually use in the Joyent Public Cloud (JPC).

I stumbled across this gem in the Joyent docs the other day. It turns out that you can use the Docker CLI tool to create and manage "joyent-minimal" branded zones. Getting Docker set up with your JPC account is beyond the scope of this blog post but it's covered here.

As that first link describes, if instead of a regular image name you provide the uuid of a "smartos" type image it will be used to provision a joyent-minimal branded zone.

Let's fire up a recent image with 128 MB of RAM and a public IP:

docker run -P -d -m 128 --name=tiny 390639d4-f146-11e7-9280-37ae5c6d53d4 /sbin/init

It will sidestep all the normal zone setup, so we have to manually set the default route:

docker exec -it tiny /bin/bash -c 'route -p add default $(mdata-get sdc:nics | json 1.gateway)'

Thanks to changes I worked on a while back you can import pretty much any service manifest you want quite easily to bring various services online.

Instead of SSH access, use the docker cli to log in to your container:

docker exec -it tiny /bin/bash

Experiment with installing packages and enabling any necessary SMF services; have fun!

And of course, don't forget to delete this zone when you're done with it:

docker rm -f tiny