How do you configure docker to prevent it from updating itself - linux

We ship our app as a docker image.
The database is PostgreSQL's official image.
It runs on a Kubuntu host v 18.4 LTS unfortunately these machines mostly operate offline and have little connectivity throughout the month. I have come to realize that docker has auto-updated at some point and has caused an issue that stops the docker daemon from starting.

Related

Why does the docker container exits immediately? on PLC

I am running docker on a WAGO-PFC 8204 device and successfully able to install an image for node-red flow based editor. However, when i am trying to run the image, it creates a container but automatically exits. I am not running this image on a linux machine itself but instead of other device. I ran docker logs [container name] but output was Error: fatal error, line 0. Please see the image attached.
Please help anyone if you can. Thanks
This is because version 3.0.0 of the Node-RED Docker container will not run on old versions of Docker that do not support 64bit time on a 32bit OS.
You can try adding --security-opt=seccomp=unconfined to the docker run command or upgrade docker/libseccom to a supported version of the latest apline base container.
Details of the minimum version are in the release notes on github
https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.13.0#time64_requirements
https://github.com/node-red/node-red-docker/issues/319
Work around:
Use the nodered/node-red:2.2.2 container rather than the new 3.0.0 (latest) tags

There has been a runner system failure, please try again

How to resolve this error specially on macbook. I have installed docker on my machine also but its not working.
You have to start docker deamon on your gitlab runner.
Below is link to docker desktop for mac.
If you start docker desktop gui, docker deamon will start.
https://docs.docker.com/desktop/mac/
This problem is not just for mac computers but also for windows. I experienced this problem and found out that the the PowerShell script part for Infra as Code that I was using was not installing docker.
I therefore made changes to the Infra as Code to ensure that Microsoft-Hyper-V is enabled and that docker is actually installed and docker service started, then the computer HAS to be restarted for the changes to pick up.
I do not know the exact order of when the restart should happen since I am still understanding the flow but I can update my answer when I have more info

Docker container works on Ubuntu but fails to run on MacOS

Sorry if this is a stupid and/or widely known question.
I've written a docker that basically just runs a single process then exits. It runs fine on my ubuntu machine 16.04 and its been tested on another ubuntu machine. However, someone else has tested out the docker on macos and the docker did not run to completion.
Is this a known limitation of docker? i.e. can linux dockers only run on linux, macos dockers only run on macos, etc... Or is it even more restrictive in that is only works on the same OS (i.e. ubuntu dockers should only be run on ubuntu).
The docker itself is an image processing pipeline. We run it by mounting a directory that contains the image and then mount an output directory as well and just run a process inside the container. I'll post more details of the docker if that's important to the answer.
Since docker runs as a vm on macos, you have to specify the memory. The docker uses 8 gigs of ram and was running out of memory. The solution was to boost the vm memory to 8 gigs and it worked fine...

Which commands of the defined Linux Distribution are available in a Docker container?

I'm new to docker and understand that the linux kernel is shared between the host-os and the containers. But I don't really understand how deep docker emulates a specific linux-distribution. Lets say we have a simple docker file like this:
FROM ubuntu:16.10
RUN apt-get install nginx
It will give me a docker container with nginx installed in an Ubuntu 16.10 environment. So I should be able to use apt-get as default package manager of Ubuntu. But how deep is this? Can I assume that typical commands of those distribution like lsb_release are emulated like in a full VM with Ubuntu 16.10 installed?
The reason behind my question is that linux distributions are different. I need to know which commands are avaliable, for example when I run a container with Ubuntu 16.10 like the one above on a host which a different distribution installed (like Red Hat, CentOS etc).
A Ubuntu image in Docker is about 150 MB. So I think there are not all tools included like in a real installation. But how can I know on which I can desert that they're there.
Base OS images for Docker are deliberately stripped down, and for Ubuntu they are removing more commands with each new release. The image is meant as the base for a dedicated application to run, you wouldn't typically connect to the container and run commands inside it, and a smaller image is easier to move around and has a smaller attack vector.
There isn't a list of commands in each image version that I know of, you'll only know by building your image. But when images are tagged you can assume a future minor update will not break downstream images - a good argument for explicitly specifying a tag in your Dockerfile.
E.g, this Dockerfile builds correctly:
FROM ubuntu:trusty
RUN ping -c 1 127.0.0.1
This one fails:
FROM ubuntu:xenial
RUN ping -c 1 127.0.0.1
That's because ping was removed from the image for the xenial release. If you just used FROM ubuntu then the same Dockerfile would have built correctly when trusty was the latest tag and then failed when it was replaced by xenial.
A container is presenting you with the same software environment as the non-containerized distribution. It may not have (in fact, probably does not have) all the same packages installed by default, but you can install whatever you need using the appropriate package manager. The availability of software in the container has nothing to do with the distribution running on your host (the Ubuntu image will be the same regardless of whether your are running Docker under CentOS, Fedora, Ubuntu, Arch, etc).
If you require certain commands to be available, just ensure that they are installed in your Dockerfile.
One of the few things that works differently inside a container is that there is typically no service management process running (like init or systemd or whatever), so you cannot start services the same way you can on the host without a little bit of work.

How to remove/install a docker image on an unconfigured Docker for centos 7

Using Centos 6.6 and 7 and deciding to move to centos 7 as there are some issues using docker with centos 6.6 (reboot issues for me) and i'm trying to pull the current centos image from docker. (should just be docker pull centos)
However because i already had a docker image of centos installed on the 6.6 virtual machine, i thought it conflicts with the one im trying to pull on the centos 7. It states that the image (f1b something) is already being used on the system and is causing the download to not go through. Simply going over to the centos 6.6 and trying to remove the images (which would be labeled as none by the way, thus you have to do docker images -a),even with force, does nothing. The only solution so far to this is to do a full removal of docker and its dependencies, and reinstall it which should come package free.
Of course this is not the solution i want. One of two things can happen. Either a way to make the two of them to coexist, or a way to remove the current one without removing any other current images. Or if I am not getting this right, take an entirely different approach.
EDIT+1: Ok heres the actual error im receiving when doing the the docker pull...
f1b...: download complete
f1b...:error downloading dependant layers
c85...:Downloading [>
7322...: Error pulling image (latest) from docker.io/centos, endpoint :https://registry-1.docker.io/v1,Dr
7322...:Error pulling image (latest) from docker.io/centos, Driver devicemapper failed to create image rootfs
FATA[0012] Error pulling image (latest) from docker.io/centos, Driver device mapper failed to create image rootfs f1b...:error running DeviceCreate (createSnapDevice) dm_task_run failed
And looking over the problem more im not so sure if its because of the centos 6.6 like i had initially thought despite sharing the same ID's.
EDIT +2: Stranger still is that the fatal error codes keeps changing (im assuming those are FATA[0012]?)
http://docker-sean.readthedocs.org/en/latest/chapter1.html
Theres a config file that needs to be changed for centos 7 docker users which happened to be applying the following change
OPTIONS='-g /docker/data -p /var/run/docker.pid'
in the vim/vi file of /etc/sysconfig/docker.
I swear docker is going to be the death of me...
EDIT +1: Ok lets remap the solution to the following starting from a new centos 7 machine...
yum install docker
service docker start
docker pull centos
ERROR
systemctl enable docker.service
ERROR?
sudo systemctl enable docker.service
systemctl start docker.service
ERROR?
yum remove docker
yum install epel-release.noarch
yum install docker-io
vim /etc/sysconfig/docker
OPTIONS='-g /docker/data -p /var/run/docker.pid'
service docker restart
docker pull centos
and thats how i got docker to work on the new VM if i mapped it correctly.
Also one of the commands i might have used was a thin_check. Somebody used it to verify docker in this link
EDIT +2:
Oh wow, this would explain even better whats happening here. See, the docker server can be installed straight out of the box with centos 7, however the daemon must still be installed from epel. As a reminder, the daemon is the item that actually runs the docker service. The server just allows docker to connect to the internet and view its repositories. Link is right here.

Resources