R
Railway17mo ago
caiosampaio

Docker sandbox

Hello, I have a Python/Django application that runs third-party Python code. For security reasons I run them in a sandbox environment 
comando = f'sudo docker compose -f {self.FULL_PATH_DOCKER_COMPOSE} run sandbox python {self.NAME_FILE}'

processo = subprocess.Popen(
            comando,
            shell=True,
            stdin=subprocess.PIPE,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
            text=True,
        )
comando = f'sudo docker compose -f {self.FULL_PATH_DOCKER_COMPOSE} run sandbox python {self.NAME_FILE}'

processo = subprocess.Popen(
            comando,
            shell=True,
            stdin=subprocess.PIPE,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
            text=True,
        )
But when running the command I get the message docker: command not found, I've tried with docker-compose and it gives the same error. The above code is running inside the web container. my Railway.yml: 
services:
  web:
    build:
      context: .
      dockerfile: Dockerfile.web
  worker:
    build: .
    command: celery -A core worker --loglevel=INFO
  beat:
    build: .
    command: celery -A core beat -l INFO
services:
  web:
    build:
      context: .
      dockerfile: Dockerfile.web
  worker:
    build: .
    command: celery -A core worker --loglevel=INFO
  beat:
    build: .
    command: celery -A core beat -l INFO
Any suggestions please?
3 Replies
Percy
Percy17mo ago
Project ID: 3ba430a8-05c7-4204-a9f8-68e3384f9370
caiosampaio
caiosampaioOP17mo ago
3ba430a8-05c7-4204-a9f8-68e3384f9370 my Dockerfile.web: 
FROM python:3.9

RUN apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release
RUN curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
RUN apt-get update && apt-get install -y docker-ce-cli

# Instalação do Docker Compose
RUN curl -sSL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
RUN chmod +x /usr/local/bin/docker-compose

# Configuração do diretório de trabalho e instalação de dependências
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Cópia dos arquivos do projeto
COPY . .

# Execução dos comandos de migração, coleta de arquivos estáticos e inicialização do servidor Gunicorn
CMD python manage.py migrate && python manage.py collectstatic --noinput && gunicorn core.wsgi
FROM python:3.9

RUN apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release
RUN curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
RUN apt-get update && apt-get install -y docker-ce-cli

# Instalação do Docker Compose
RUN curl -sSL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
RUN chmod +x /usr/local/bin/docker-compose

# Configuração do diretório de trabalho e instalação de dependências
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Cópia dos arquivos do projeto
COPY . .

# Execução dos comandos de migração, coleta de arquivos estáticos e inicialização do servidor Gunicorn
CMD python manage.py migrate && python manage.py collectstatic --noinput && gunicorn core.wsgi
Brody
Brody17mo ago
1. railway's config file does not support yaml 2. if it did, thats not the correct syntax 3. you wouldn't be able to run docker-in-docker, the images are not started with the correct permissions to allow for that tl;dr what youre doing and how you are doing it would not be possible on railway, sorry
Want results from more Discord servers?
Add your server