How can I run docker commands inside a docker container when the user is not root?
The reason behind this (running as non root) is that the (first) container creates some files on a mounted volume. If the user in the container is root then these files' owner is also root. If I run the container with the same user as on the host system then these files have the correct user and group.
docker run --rm -it -u $(id -u):$(id -g) -v /var/run/docker.sock:/var/run/docker.sock ubuntu /bin/bash
// inside container:
// assume docker binary is available
docker pull alpine
This will not work when run as a non root user giving following error:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=alpine&tag=latest: dial unix /var/run/docker.sock: connect: permission denied
Docker:
docker run -it -u $(id -u):$(id -g) --group-add $(getent group docker | cut -d ':' -f 3) --rm -v /var/run/docker.sock:/var/run/docker.sock docker docker --version
For Docker Compose set group_add under your service and set the env variable:
export DOCKER_GROUP_ID=$(getent group docker | cut -d ':' -f 3);
services:
myservice:
image: docker
group_add:
- ${DOCKER_GROUP_ID}
Related
I am following an already written guideline on running docker and Mariadb on VM. but I am using wsl ubuntu on windows.
(sudo) apt update
(sudo) apt upgrade
* Docker
(sudo) apt-get install docker.io
Portainer
(sudo) docker volume create portainer_data
(sudo) docker run --name portainer -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer --log-opt max-size=50m --log-opt max-file=5 -d --privileged -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v /path/on/host/data:/data portainer/portainer
MariaDB
(sudo) mkdir /mnt/raid/data/mariadb
(sudo) mkdir /mnt/raid/data/mariadb/storage
(sudo) touch /mnt/raid/data/mariadb/config.cnf
(sudo) nano /mnt/raid/data/mariadb/config.cnf
but I get an error whenever I run docker run --log-opt max-size=50m --log-opt max-file=5 --name mariadb -v /mnt/raid/data/mariadb/storage:/var/lib/mysql -v /mnt/raid/data/mariadb/config.cnf:/etc/mysql/my.cnf -p 3306:3306 -e MYSQL_ROOT_PASSWORD=admin -d mariadb/server:latest
This is the error:
Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:75: mounting "/run/desktop/mnt/host/wsl/docker-desktop-bind-mounts/Ubuntu/e18d5bf9d7f9627840069cbdafadd22ec458ffe154082d3c685ed8b1a4f15eb2" to rootfs at "/etc/mysql/my.cnf" caused: mount through procfd: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
I guess it might be an error with the mounting because I cannot locate the locations of the created path or the folder in the system.
How can I access files on a shared network drive from docker container?
I tried:
docker run --rm -it --name my_app -v //shared_drive_name:/opt/local/shared_drive my_app:1.0 /bin/bash
Also I tried method mentioned here: Docker add network drive as volume on windows
The directory /opt/local/shared_drive is created but empty. I tried different variations of slashes since the host is win and docker running linux. I am connected to the VPN from the host to access these drives.
I have this script for mounting Windows shared folders in Ubuntu Docker container. You have to copy the script in your image.
Then you should run the container, and after that call these commands:
docker exec container_name mkdir -p %shared folder inside docker path%
docker exec container_name /bin/bash /~path to your script~/mount_folder.sh %username% %password% %network_path% %docker_path%
For instance:
docker exec container_name /bin/bash /~path to your script~/mount_folder.sh "Admin" somePassword //192.168.7.1/shared_folder /data
Script is (mount_folder.sh):
#!/bin/bash
set -e
USERNAME=${1}
PASSWORD=${2}
NETWORK_PATH=${3}
DOCKER_PATH=${4}
mount -t cifs -o rw,username="${USERNAME}",password="${PASSWORD}",vers=3.0,nolock $NETWORK_PATH $DOCKER_PATH
I'm using following system version/spec for the docker-redis setup using default redis.conf.
Redhat version: 7.6 (Red Hat Enterprise Linux Server)
Redis Version: 5.0.4
Docker Version: 1.13.1, build b2f74b2/1.13.1
When I run following command it's working perfectly fine.
sudo docker run -d -v $PWD/redis.conf:/usr/local/etc/redis/redis.conf --name redis-persistance --net tyk -p 7070:6379 redis redis-server /usr/local/etc/redis/redis.conf --appendonly yes
I need to get redis data (which is in /data inside the container) to the host directory (/usr/local/etc/redis/data) (-v $PWD/data:/data). So when I run following command I'm getting the below error.
Note $PWD = /usr/local/etc/redis/
sudo docker run -d -v $PWD/redis.conf:/usr/local/etc/redis/redis.conf -v $PWD/data:/data --name redis-persistance --net tyk -p 7070:6379 redis redis-server /usr/local/etc/redis/redis.conf --appendonly yes
Error in docker logs:
journal: chown: changing ownership of '.': Permission denied
level=warning msg="05ce842f052e28566aed0e2eab32281138462cead771033790266ae145fce116 cleanup: failed to unmount secrets: invalid argument"
Also I tried changing the ownership of the data folder in the host to following as well. chown redis:redis data
drwxrwxrwx. 2 redis redis 6 May 3 07:11 data
Can someone help me out on this. Thanks.
First create a volume:
docker volume create redis_data
Check the volume is created (note the Mountpoint):
docker volume inspect redis_data
Then use this volume to start your container:
sudo docker run -d -v $PWD/redis.conf:/usr/local/etc/redis/redis.conf -v redis_data:/data --name redis-persistance --net tyk -p 7070:6379 redis redis-server /usr/local/etc/redis/redis.conf --appendonly yes
You can then check the contents of the "Mountpoint" that should be the redis data.
sudo docker run -p 3000:3000 -d --name mca-service myteam/reponame
this is the command i usually using to run the container. i have a folder in /var/log/appLog. i need to mount this directory with the contaner to store my app log file to make it persistent. i tried
sudo docker run -p 3000:3000 -d --name mca-service -v /var/log/appLog:/var/log/appLog:rw --entrypoint myteam/reponame
this command. but it raise some errors. can someone please help me to do this?
Under which user is your container (myteam/reponame) running? If it is not root, you have to change the user and group and the read/write permission of your folder on the host.
Your --entrypoint is empty. Either remove it or use --entrypoint []
I'm using Docker for a course about Spark.
I've set up my environment like this:
docker pull bigdatauniversity/spark2
docker run -it --name bdu_spark2 -P -p 4040:4040 -p 4041:4041 -p 8080:8080 -p 8081:8081 bigdatauniversity/spark2:latest /etc/bootstrap.sh -bash
Then I exited Docker and ran this:
docker start bdu_spark2
docker attach bdu_spark2
Now, when I go into Zeppelin I can't find the files given for the course.
I tried finding out if there is another Zeppelin process running at another port so I ran in the Docker console:
docker ps
However, the command docker is not recognised:
bash: docker: command not found
I also tried running docker exec -it docker ps but I got the same result.
So how can I see the files from the Docker container in Zeppelin?