How to launch a new docker container from inside a docker container on openshift

Question

Usecase:

I want to write a server application that launches a docker container per customer with only the specific customer data inside (for data protection). The service should run on openshift or openshift origin.

Where I have searched:

openshift origin latest documentation

openshift origin m4 documentation

What I already know:

I can launch a docker container from inside a docker container if the first container is a privileged container or the docker socket and binary from the host is linked into it.

[Edit 31.10.15] Like: docker run -v /var/run/docker.sock:/var/run/docker.sock ...

What I don't know:

Is it possible to launch a privileged docker container on openshift or use the openshift api from inside the docker container to launch an other docker container (with specific runtime configuration)? BTW: the "mother" container should be scalable.

Answer 1

After reading "~jpetazzo/Using Docker-in-Docker for your CI or testing environment? Think twice.", I would consider usings sibbling containers instead of nested containers.
The following extract talsk about CI but could be applied to an openshift launching containers per client (instead of a CI launching containers)

Do you really want Docker-in-Docker? Or do you just want to be able to run Docker (specifically: build, run, sometimes push containers and images) from your CI system, while this CI system itself is in a container?

The simplest way is to just expose the Docker socket to your CI container, by bind-mounting it with the -v flag.

Simply put, when you start your CI container (Jenkins or other), instead of hacking something together with Docker-in-Docker, start it with:

docker run -v /var/run/docker.sock:/var/run/docker.sock ...

Now this container will have access to the Docker socket, and will therefore be able to start containers. Except that instead of starting "child" containers, it will start "sibling" containers.