Docker compose: mount docker.sock + install Docker CLI so Cookbook can reach sibling containers

Cookbook now needs to docker-exec into ollama-rocm (and any other sibling container holding a model server) from inside its own container, so: - Dockerfile installs the Docker CLI from the static binary tarball (the Debian docker.io package ships dockerd but not the client on slim) - docker-compose.yml bind-mounts /var/run/docker.sock and adds group_add for the host docker group (default GID 963) - entrypoint.sh detects the socket GID, creates a local group with that GID, and runs usermod -aG before gosu-dropping to the app user so the supplementary group propagates through (gosu strips by default)
2026-06-28 15:45:22 -04:00 · 2026-06-19 00:32:47 +00:00
parent d70c00e8d2
commit b3e186746a
3 changed files with 58 additions and 2 deletions
@@ -20,6 +20,23 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    gosu \
    && rm -rf /var/lib/apt/lists/*

+# Docker CLI (client only — daemon stays on the host via the
+# /var/run/docker.sock mount). The Debian `docker.io` package ships
+# dockerd but not the client binary on slim, so grab the static client
+# tarball from download.docker.com instead.
+ARG DOCKER_CLI_VERSION=27.5.1
+RUN ARCH="$(dpkg --print-architecture)" \
+    && case "$ARCH" in \
+         amd64) DARCH=x86_64 ;; \
+         arm64) DARCH=aarch64 ;; \
+         *) echo "unsupported arch $ARCH"; exit 1 ;; \
+       esac \
+    && curl -fsSL "https://download.docker.com/linux/static/stable/${DARCH}/docker-${DOCKER_CLI_VERSION}.tgz" \
+       -o /tmp/docker.tgz \
+    && tar -xzf /tmp/docker.tgz -C /tmp \
+    && install -m 0755 /tmp/docker/docker /usr/local/bin/docker \
+    && rm -rf /tmp/docker /tmp/docker.tgz
+
 WORKDIR /app

 # Install Python deps first (layer cache). Optional extras (PyMuPDF AGPL, etc.)