feat(BA-2327): dockerize agent with DooD (Docker-out-of-Docker)#9596
feat(BA-2327): dockerize agent with DooD (Docker-out-of-Docker)#9596
Conversation
- Add agent Dockerfile with Docker CLI for DooD operations - Add agent service to docker-compose.monorepo.yml - Update Docker installation docs with agent config and DooD notes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Dockerizes the Backend.AI agent for Docker-out-of-Docker (DooD) deployments and updates local compose/docs to run manager+agent+webserver together.
Changes:
- Add a dedicated agent Dockerfile that installs Docker CLI for DooD workloads
- Add
backend-ai-agentservice todocker-compose.monorepo.ymlwith Docker socket and required host mounts - Extend Docker install docs with agent build/run/configuration guidance
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| docs/install/install-docker.rst | Documents building/running the new agent container and DooD-specific configuration notes |
| docker/backend.ai-agent.dockerfile | New agent image build with Python wheels + Docker CLI installation |
| docker-compose.monorepo.yml | Adds agent service to the monorepo compose stack |
| changes/9596.feature.md | Adds changelog entry for agent DooD dockerization |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| RUN install -m 0755 -d /etc/apt/keyrings \ | ||
| && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \ | ||
| && chmod a+r /etc/apt/keyrings/docker.asc \ | ||
| && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list \ | ||
| && apt-get update \ | ||
| && apt-get install -y --no-install-recommends docker-ce-cli \ | ||
| && rm -rf /var/lib/apt/lists/* |
There was a problem hiding this comment.
The image uses curl to fetch Docker’s GPG key but never installs curl (and may also be missing ca-certificates for HTTPS trust depending on the base image variant). This can cause the Dockerfile build to fail on bases where curl isn’t preinstalled. Install required packages (e.g., ca-certificates + curl, and if needed gnupg) before invoking curl, ideally in the same apt-get install step as docker-ce-cli.
| @@ -0,0 +1,33 @@ | |||
| ARG PYTHON_VERSION | |||
| FROM python:${PYTHON_VERSION} AS builder | |||
There was a problem hiding this comment.
Using the full python:${PYTHON_VERSION} base for both stages significantly increases image size and pull time. If OS packages/build tooling aren’t required at runtime (beyond installing docker-ce-cli), consider switching the runtime stage to a slimmer variant (e.g., python:${PYTHON_VERSION}-slim) and only add the minimal apt packages needed for Docker CLI + certs.
| # Install backend.ai packages from /dist (these are not in requirements.txt or PyPI) | ||
| RUN pip wheel --wheel-dir=/wheels --no-cache-dir backend.ai-agent==${PKGVER} --find-links=/dist --no-deps | ||
|
|
||
| FROM python:${PYTHON_VERSION} |
There was a problem hiding this comment.
Using the full python:${PYTHON_VERSION} base for both stages significantly increases image size and pull time. If OS packages/build tooling aren’t required at runtime (beyond installing docker-ce-cli), consider switching the runtime stage to a slimmer variant (e.g., python:${PYTHON_VERSION}-slim) and only add the minimal apt packages needed for Docker CLI + certs.
docs/install/install-docker.rst
Outdated
| .. code-block:: bash | ||
|
|
||
| docker stop backend-ai-manager backend-ai-webserver | ||
| docker rm backend-ai-manager backend-ai-webserver | ||
| docker stop backend-ai-manager backend-ai-agent backend-ai-webserver | ||
| docker rm backend-ai-manager backend-ai-agent backend-ai-webserver |
There was a problem hiding this comment.
These commands are intended to be inside the .. code-block:: bash block but they aren’t indented, so they may render as normal text instead of a code block in RST. Indent the command lines (consistent with other bash blocks in this doc) so the directive formats them correctly.
…mponent configs - Fix REPL port binding for DooD mode: bind to container_bind_host when advertised_host is configured so agent can reach kernel REPL ports - Fix kernel_host to use data from container creation instead of hardcoded 127.0.0.1, enabling DooD agent-kernel TCP communication - Add agent entrypoint script for krunner file sharing via symlinks - Update docker-compose with storage-proxy and appproxy services - Remove 30000-31000 port mapping from agent (DooD port conflict) - Comprehensive docs update with all 6 component configs, DooD notes, address configuration guide, and AppProxy troubleshooting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Summary
container_bind_hostwhenadvertised_hostis configureddocker-compose.monorepo.ymlwith all 6 services (manager, agent, webserver, storage-proxy, appproxy-coordinator, appproxy-worker)Test plan
Resolves BA-2327