I've followed the steps from original documentation to deploy a Docker image of Dokku on Macos:
docker run \
--env DOKKU_HOSTNAME=dokku.me \
--name dokku \
--publish 3022:22 \
--publish 8080:80 \
--publish 8443:443 \
--volume /var/lib/dokku:/mnt/dokku \
--volume /var/run/docker.sock:/var/run/docker.sock \
dokku/dokku:latest
Source: https://hub.docker.com/r/dokku/dokku
Then I've initialized the ssh-keys within the container, and made an alias for the hostname dokku.me as advised. Now I can connect to the Dokku container and run commands on it, like creating a new application:
dokku apps:create node-test
dokku git:initialize node-test
I've added a new remote to my node project and tried to push:
git remote add dokku dokku#dokku.me:node-test
But pushing fails with an error that I don't understand completely:
➜ node-test git:(node-test) git push dokku master
Enumerating objects: 27, done.
Counting objects: 100% (27/27), done.
Delta compression using up to 16 threads
Compressing objects: 100% (19/19), done.
Writing objects: 100% (27/27), 2.95 KiB | 301.00 KiB/s, done.
Total 27 (delta 4), reused 3 (delta 0), pack-reused 0
-----> Cleaning up...
-----> Building node-test from herokuish
-----> Setting config vars
CURL_CONNECT_TIMEOUT: 90
-----> Setting config vars
CURL_TIMEOUT: 600
-----> Adding BUILD_ENV to build environment...
BUILD_ENV added successfully
remote: Error response from daemon: Mounts denied:
remote: The path /home/dokku/node-test/cache is not shared from the host and is not known to Docker.
remote: You can configure shared paths from Docker -> Preferences... -> Resources -> File Sharing.
remote: See https://docs.docker.com/docker-for-mac for more info.
remote: Error: failed to start containers: c1ab941dcf71650f99c3199546277ec333463a09695d0dcf1cac755d3ec7bacf
remote: You cannot attach to a stopped container, start it first
remote: 2022/01/27 15:48:15 exit status 1
To dokku.me:node-test
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'dokku.me:node-test'
From Docker Desktop, I've updated the file sharing options and added /var/lib/dokku, after I've created this folder in my Mac's filesystem.
➜ node-test git:(node-test) ls -al /var/lib/dokku
total 0
drwxr-xr-x 2 root wheel 64 Jan 27 14:22 .
drwxr-xr-x 4 root wheel 128 Jan 27 14:22 ..
I suspect it has something to do with the mounted folders in the Docker host, but I cannot figure out exactly what it is.
Macos version 12.01
Dokku version
root#b6df7b8bc9b0:/tmp# dokku version
dokku version 0.26.7
Docker version:
➜ node-test git:(node-test) docker version
Client: Docker Engine - Community
Cloud integration: 1.0.12
Version: 20.10.5
API version: 1.41
Go version: go1.13.15
Git commit: 55c4c88
Built: Tue Mar 2 20:13:00 2021
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.5
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 363e9a8
Built: Tue Mar 2 20:15:47 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad0
I've checked again the Docker Installation Nodes for v0.26.7 and noticed the docker container run has an extra parameter when compared to the instructions from Dockerhub:
docker container create \
--env DOKKU_HOSTNAME=dokku.me \
--env DOKKU_HOST_ROOT=/var/lib/dokku/home/dokku \
--name dokku \
--publish 3022:22 \
--publish 8080:80 \
--publish 8443:443 \
--volume /var/lib/dokku:/mnt/dokku \
--volume /var/run/docker.sock:/var/run/docker.sock \
dokku/dokku:0.26.7
The extra param --env DOKKU_HOST_ROOT=/var/lib/dokku/home/dokku seems to fix my issue.
Now pushing to Dokku doesn't throw the Mounts denied error anymore.
Related
I am trying to use docker's user namespaces feature using the official documentation here
I have added the configuration to my daemon.json file like
{
"debug":true,
"experimental": false,
"features":{"buildkit": false},
"userns-remap":"default"
}
I also verified that both subuid and subguid in /etc contain the following entries
dhost:100000:65536
dockremap:165536:65536
I built my image to verify the functionality using an alpine:latest like so
FROM alpine:latest
RUN mkdir -p /root/.cache
WORKDIR /app
command used in building the image docker image build -t myimage:1 .
Then I run a container from this image using
docker container run -it --rm --name mycontainer -v "$(pwd)/test:/app" myimage:1 sh
I get access to the workdir inside the container (app) but I cannot touch/create any file without getting permission denied. Do I need to change the owner of the test directory I used to mount? if yes, who should own it?
docker version
docker version
Client: Docker Engine - Community
Version: 20.10.14
API version: 1.41
Go version: go1.16.15
Git commit: a224086
Built: Thu Mar 24 01:47:57 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.14
API version: 1.41 (minimum version 1.12)
Go version: go1.16.15
Git commit: 87a90dc
Built: Thu Mar 24 01:45:46 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.11
GitCommit: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc:
Version: 1.0.3
GitCommit: v1.0.3-0-gf46b6ba
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Host OS info
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.6 LTS
Release: 18.04
Codename: bionic
I am trying to follow this article to reproduce a container escape vulnerability that exists in docker. As mentioned in the article (Refining the proof of concept section), I first run,
docker run --rm -it --cap-add=SYS_ADMIN --security-opt apparmor=unconfined ubuntu bash
to create a docker container with needed privileges. After, when I run
mkdir /tmp/cgrp && mount -t cgroup -o rdma cgroup /tmp/cgrp && mkdir /tmp/cgrp/x
which is the next step but I get an error saying mount: /tmp/cgrp: permission denied. Not sure why that happens. I tried the solutions mentioned in this (adding --privileged flag etc) but nothing seemed to work.
Here is the output of the docker version command.
Client:
Version: 20.10.5+dfsg1
API version: 1.41
Go version: go1.15.9
Git commit: 55c4c88
Built: Wed Aug 4 19:55:57 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.5+dfsg1
API version: 1.41 (minimum version 1.12)
Go version: go1.15.9
Git commit: 363e9a8
Built: Wed Aug 4 19:55:57 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.12~ds1
GitCommit: 1.4.12~ds1-1~deb11u1
runc:
Version: 1.0.0~rc93+ds1
GitCommit: 1.0.0~rc93+ds1-5+b2
docker-init:
Version: 0.19.0
GitCommit:
How do I go about this?
I tried to run Minikube v1.19.0 on my laptop first time, using Docker as driver, but no luck though. Here are the execution logs:
PS C:\Users\______\kubernetes> minikube start --driver=docker --alsologtostderr
I0916 19:01:44.059272 20464 out.go:278] Setting OutFile to fd 96 ...
I0916 19:01:44.059272 20464 out.go:291] Setting ErrFile to fd 100...
W0916 19:01:44.091562 20464 root.go:292] Error reading config file at C:\Users\proskos\.minikube\config\config.json: open C:\Users\proskos\.minikube\config\config.json: The system cannot find the file specified.
I0916 19:01:44.097634 20464 out.go:285] Setting JSON to false
I0916 19:01:44.110479 20464 start.go:108] hostinfo: {"hostname":"--------","uptime":118298,"bootTime":1631689806,"procs":291,"os":"windows","platform":"Microsoft Windows 10 Enterprise","platformFamily":"Standalone Workstation","platformVersion":"10.0.18363 Build 18363","kernelVersion":"10.0.18363 Build 18363","kernelArch":"x86_64","virtualizationSystem":"","virtualizationRole":"","hostId":"---------------"}
W0916 19:01:44.110479 20464 start.go:116] gopshost.Virtualization returned error: not implemented yet
I0916 19:01:44.113153 20464 out.go:157] 😄 minikube v1.19.0 on Microsoft Windows 10 Enterprise 10.0.18363 Build 18363
😄 minikube v1.19.0 on Microsoft Windows 10 Enterprise 10.0.18363 Build 18363
I0916 19:01:44.116296 20464 driver.go:322] Setting default libvirt URI to qemu:///system
W0916 19:01:50.237519 20464 docker.go:108] docker version returned error: deadline exceeded running "docker version --format {{.Server.Os}}-{{.Server.Version}}": exit status 1
I0916 19:01:50.244288 20464 out.go:157] ✨ Using the docker driver based on user configuration
✨ Using the docker driver based on user configuration
I0916 19:01:50.244288 20464 start.go:276] selected driver: docker
I0916 19:01:50.244810 20464 start.go:718] validating driver "docker" against <nil>
I0916 19:01:50.244810 20464 start.go:729] status for docker: {Installed:true Healthy:false Running:false NeedsImprovement:false Error:exit status 1
deadline exceeded running "docker version --format {{.Server.Os}}-{{.Server.Version}}"
k8s.io/minikube/pkg/minikube/registry/drvs/docker.status
/app/pkg/minikube/registry/drvs/docker/docker.go:104
k8s.io/minikube/pkg/minikube/registry.Status
/app/pkg/minikube/registry/global.go:140
k8s.io/minikube/pkg/minikube/driver.Status
/app/pkg/minikube/driver/driver.go:305
k8s.io/minikube/cmd/minikube/cmd.selectDriver
github.com/spf13/cobra.(*Command).execute
/go/pkg/mod/github.com/spf13/cobra#v1.1.3/command.go:856
github.com/spf13/cobra.(*Command).ExecuteC
/go/pkg/mod/github.com/spf13/cobra#v1.1.3/command.go:960
github.com/spf13/cobra.(*Command).Execute
/go/pkg/mod/github.com/spf13/cobra#v1.1.3/command.go:897
k8s.io/minikube/cmd/minikube/cmd.Execute
/app/cmd/minikube/cmd/root.go:156
main.main
/app/cmd/minikube/main.go:82
runtime.main
/usr/local/go/src/runtime/proc.go:225
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1371 Reason:PROVIDER_DOCKER_DEADLINE_EXCEEDED Fix:Restart the Docker service Doc:https://minikube.sigs.k8s.io/docs/drivers/docker/}
I0916 19:01:50.250032 20464 out.go:157]
W0916 19:01:50.250390 20464 out.go:222] 💣 Exiting due to PROVIDER_DOCKER_NOT_RUNNING: deadline exceeded running "docker version --format -": exit status 1
💣 Exiting due to PROVIDER_DOCKER_NOT_RUNNING: deadline exceeded running "docker version --format -": exit status 1
W0916 19:01:50.250390 20464 out.go:222] 💡 Suggestion: Restart the Docker service
💡 Suggestion: Restart the Docker service
W0916 19:01:50.250924 20464 out.go:222] 📘 Documentation: https://minikube.sigs.k8s.io/docs/drivers/docker/
📘 Documentation: https://minikube.sigs.k8s.io/docs/drivers/docker/
I0916 19:01:50.252904 20464 out.go:157]
Docker Desktop Service is up and running, though. The problem wasn't resolved by restarting Docker. Here are the details of my Docker desktop installation:
PS C:\Users\______\kubernetes> docker version
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:58:50 2021
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:10 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Finally, my Docker Desktop installation is configured to run Linux containers:
docker info --format '{{.OSType}}'
linux
Could you help me find out why Minikube can't communicate with Docker?
Try these three commands sequentially:
minikube config set driver docker
minikube delete
minikube start --driver=docker
I might be wrong but in my personal opinion this is a docker version issue.
It is not a typical behavior to have such error in the situation when docker service is up&running.
status for docker: {Installed:true Healthy:false Running:false NeedsImprovement:false Error:exit status 1
deadline exceeded running "docker version --format {{.Server.Os}}-{{.Server.Version}}"
and
Exiting due to PROVIDER_DOCKER_NOT_RUNNING: deadline exceeded running "docker version --format -": exit status 1
💣 Exiting due to PROVIDER_DOCKER_NOT_RUNNING: deadline exceeded running "docker version --format -": exit status 1
My recommendations:
docker system prune to completeley delete docker cache, images, etc
remove completely minikube
now 2 options. Either try to again start minikube --driver-docker or uninstall docker and install 1-2 versions below. I would go in your case with last one.
I have created one docker multiarch image with buildx command.
sudo docker buildx build -f build/Dockerfile --platform linux/arm/v7,linux/arm64,linux/amd64 -t uditgaurav/chaos-operator:v3 . --push
build/Dockerfile:
FROM golang:1.13
ENV GO111MODULE=on \
CGO_ENABLED=1
ENV OPERATOR=/usr/local/bin/chaos-operator \
USER_UID=1001 \
USER_NAME=chaos-operator
# install operator binary
COPY build/_output/bin/chaos-operator ${OPERATOR}
COPY build/bin /usr/local/bin
RUN /usr/local/bin/user_setup
RUN export GOOS=$(echo ${TARGETPLATFORM} | cut -d / -f1) && \
export GOARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) && \
GOARM=$(echo ${TARGETPLATFORM} | cut -d / -f3 | cut -c2-)
ENTRYPOINT ["/usr/local/bin/entrypoint"]
USER ${USER_UID}
In dockerhub the images came with diff arch:
But when I ran it in arm clusters it is showing error:
standard_init_linux.go:211: exec user process caused "exec format error"
Docker Version on ARM cluster
Client:
Version: 19.03.6
API version: 1.40
Go version: go1.12.17
Git commit: 369ce74a3c
Built: Fri Feb 28 23:47:53 2020
OS/Arch: linux/arm64
Experimental: false
Server:
Engine:
Version: 19.03.6
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: 369ce74a3c
Built: Wed Feb 19 01:06:16 2020
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.3.3-0ubuntu1~18.04.2
GitCommit:
runc:
Version: spec: 1.0.1-dev
GitCommit:
docker-init:
Version: 0.18.0
GitCommit:
can anyone help on this?
Docker multiarch build is not the problem. The problem is that /usr/local/bin/chaos-operator is an linux/amd64 binary and you're trying to run it on linux/arm64.
I am trying to expose docker remote API on CentOS7.
$ docker version
Client:
Version: 1.10.3
API version: 1.22
Package version: docker-common-1.10.3-46.el7.centos.14.x86_64
Go version: go1.6.3
Git commit: cb079f6-unsupported
Built: Fri Sep 16 13:24:25 2016
OS/Arch: linux/amd64
Server:
Version: 1.10.3
API version: 1.22
Package version: docker-common-1.10.3-46.el7.centos.14.x86_64
Go version: go1.6.3
Git commit: cb079f6-unsupported
Built: Fri Sep 16 1
I have conf file set up on /etc/systemd/system/docker.service.d/docker-external.conf
[Service]
ExecStart=
ExecStart=/usr/bin/docker -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock
followed by
systemctl daemon-reload
systemctl docker restart
This doesn't seem to start any docker process on 4243
Adding add -H tcp://0.0.0.0:4243 to your /lib/systemd/system/docker.service file then running systemctl daemon-reload, followed by systemctl restart docker helps expose the remote API.
ExecStart=/usr/bin/docker-current daemon \
--exec-opt native.cgroupdriver=systemd \
-H tcp://0.0.0.0:4243 -H unix://var/run/docker.sock \