I am trying to set up a gitlab ci.
Because I for some reasons I do not have "gitlab-runner" user and I do not have permission writin on "/home/user_1", this is my installation
/usr/local/bin/gitlab-runner install --user=user_1 --working-directory=/data/external/tmp/gitlab-runner
And this is how I register
/usr/local/bin/gitlab-runner register --url GITLAB_URL --registration-token TOKEN
By the way, I create this gitlab-ci.yml file:
stages:
- deploy
deploy:
stage: deploy
# only:
# - 3.0.x
script:
- echo "deploying"
- sudo docker build -t my_image:v1 .
- echo "********Docker Images********"
- sudo docker image list
- echo "********End of Docker Images********"
- sudo docker run -d -p 3000:5000 --rm --name my_container my_image:v1
tags:
- deploy
I get this error:
Error: error creating build container: Error committing the finished image:
error adding layer with blob "sha256:bb7d5a84853b217ac05783963f12b034243070c1c9c8d2e60ada47444f3cce04":
Error processing tar file(exit status 1):
Error setting up pivot dir: mkdir
/home/user_1/.local/share/containers/storage/overlay/62a747bf1719d2d37fff5670ed40de6900a95743172de1b4434cb019b56f30b4/diff/.pivot_root436648414:
permission denied
I would like to replace /home/user_1/.local/share/containers/storage/overlay/
with another address so that I do not get permission error.
Any advice on how to do so?
I am using Redhat Linux
docker --version is podman version 3.2.3
docker info:
server_name:/home/my_user[ 52 ] --> docker info
host:
arch: amd64
buildahVersion: 1.21.3
cgroupControllers: []
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: conmon-2.0.29-1.module+el8.4.0+11822+6cc1e7d7.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.29, commit: ae467a0c8001179d4d0adf4ada381108a893d7ec'
cpus: 8
distribution:
distribution: '"rhel"'
version: "8.4"
eventLogger: file
hostname: server_name
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
uidmap:
- container_id: 0
host_id: 67298
size: 1
kernel: 4.18.0-305.3.1.el8_4.x86_64
linkmode: dynamic
memFree: 1818484736
memTotal: 33444728832
ociRuntime:
name: runc
package: runc-1.0.0-74.rc95.module+el8.4.0+11822+6cc1e7d7.x86_64
path: /usr/bin/runc
version: |-
runc version spec: 1.0.2-dev
go: go1.15.13
libseccomp: 2.5.1
os: linux
remoteSocket:
path: /run/user/67298/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /bin/slirp4netns
package: slirp4netns-1.1.8-1.module+el8.4.0+11822+6cc1e7d7.x86_64
version: |-
slirp4netns version 1.1.8
commit: d361001f495417b880f20329121e3aa431a8f90f
libslirp: 4.3.1
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.1
swapFree: 67353165824
swapTotal: 67448598528
uptime: 789h 40m 40.57s (Approximately 32.88 days)
registries:
localhost:
Blocked: false
Insecure: true
Location: localhost
MirrorByDigestOnly: false
Mirrors: []
Prefix: localhost
mkdcvtmaapp01:
Blocked: false
Insecure: true
Location: server_name
MirrorByDigestOnly: false
Mirrors: []
Prefix: server_name
search:
- registry.access.redhat.com
- registry.redhat.io
- docker.io
store:
configFile: /home/my_user/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.mount_program:
Executable: /bin/fuse-overlayfs
Package: fuse-overlayfs-1.6-1.module+el8.4.0+11822+6cc1e7d7.x86_64
Version: |-
fusermount3 version: 3.2.1
fuse-overlayfs: version 1.6
FUSE library version 3.2.1
using FUSE kernel interface version 7.26
graphRoot: /home/my_user/.local/share/containers/storage
graphStatus:
Backing Filesystem: nfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "false"
imageStore:
number: 0
runRoot: /run/user/67298/containers
volumePath: /home/my_user/.local/share/containers/storage/volumes
version:
APIVersion: 3.2.3
Built: 1627570963
BuiltTime: Thu Jul 29 11:02:43 2021
GitCommit: ""
GoVersion: go1.15.7
OsArch: linux/amd64
Version: 3.2.3
I also have tried these three in my gitlab ci but it did not work:
deploy:
variables:
DOCKER_DRIVER: overlay2
DOCKER_TMP: /data/external/tmp_docker_build
TMPDIR: /data/external/tmp_docker_build
I also did chmod 777 on .local, share, containers, storage, and overlay in this rout /home/user_1/.local/share/containers/storage/overlay/ but it is still not working.
I did not know about this before, either. Apparently you can set the data dir used by docker daemon by adding -g /path/to/dir to the docker daemon command.
For example by adding -g to the DOCKER_OPTS in /etc/default/docker on Ubuntu or Debian systems:
DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4 -g /data/external/docker"
My source is https://forums.docker.com/t/how-do-i-change-the-docker-image-installation-directory/1169 - there is also a note about how this is done on Fedora or CentOS:
edit /etc/sysconfig/docker, and add the -g option in the other_args variable: ex. other_args="-g /var/lib/testdir". If there’s more than one option, make sure you enclose them in " ". After a restart, (service docker restart) Docker should use the new directory.
Related
Hello,
I'm trying to install docker on windows server 2016: Here is the process I made :
INSTALL NUGET
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-PackageProvider -Name NuGet _MinimumVersion 2.8.5.201 -Force
INSTALL DOCKER PROVIDER
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-WindowsFeature Hyper-V -IncludeManagmentTools
INSTALL DOCKER
Install-Package -Name docker -ProviderName DockerMsftProvider -Force
Restart-Computer -Force
DOCKER DAEMON
Get-Service -Name docker
START DOCKER SERVICE
Start-Service -Name docker
[Net.ServicePointManager]::SecurityProtocol = [Net.securityProtocolType]::Tls12
docker search microsoft
CREATE DAEMON.JSON in programData/docker/config
{
"registry-mirrors": [],
"insecure-registries": [],
"debug": false,
"experimental": true
}
Restart-Service docker
docker pull mcr.microsoft.com/nanoserver
Here is my docker info:
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker Application (Docker Inc., v0.8.0)
cluster: Manage Mirantis Container Cloud clusters (Mirantis Inc., v1.9.0)
registry: Manage Docker registries (Docker Inc., 0.1.0)
Server:
Containers: 3
Running: 0
Paused: 0
Stopped: 3
Images: 1
Server Version: 20.10.7
Storage Driver: windowsfilter
Windows:
Logging Driver: json-file
Plugins:
Volume: local
Network: ics internal l2bridge l2tunnel nat null overlay private transparent
Log: awslogs etwlogs fluentd gcplogs gelf json-file local logentries splunk syslog
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 14393
Operating System: Windows Server 2016 Datacenter Version 1607 (OS Build 14393.4770)
OSType: windows
Architecture: x86_64
CPUs: 2
Total Memory: 7.999GiB
Name: OSCAR3
ID: AEF3:RVUB:G2XN:QIOV:PFA6:MZF5:DW76:SA5W:MPLJ:7D4Z:GEVT:EKUQ
Docker Root Dir: C:\ProgramData\docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Here is my docker version :
Client: Mirantis Container Runtime
Version: 20.10.7
API version: 1.41
Go version: go1.13.15
Git commit: 40ef3b6
Built: 08/19/2021 18:54:26
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Mirantis Container Runtime
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.24)
Go version: go1.13.15
Git commit: e1bf5b9c13
Built: 08/19/2021 18:53:20
OS/Arch: windows/amd64
Experimental: true
I tried docker pull php and I got this error:
docker : no matching manifest for windows/amd64 10.0.14393 in the manifest list entries
docker pull php-amd64 and I got this error:
docker : Error response from daemon: pull access denied for php-amd64, repository does not exist or may
require 'docker login': denied: requested access to the resource is denied
I'm trying to make run node images or debian images, but nothing is working. I tried to switch to a linux or windows container by this command:
& $Env:ProgramFiles\Docker\Docker\DockerCli.exe -SwitchDaemon
But it's not working.
I've been battling trying to get Docker installed on RHEL7 and, now that I've been able to get it installed, I'm stuck just trying to do a simple docker pull.
I was able to finally get Docker installed using my proposed solution here Issues installing Docker on RHEL 7 Linux Server, but now during the extraction process, I get the following error:
latest: Pulling from [my-repo]
8657e219e309: Pull complete
a8db9e62fad8: Extracting [==================================================>] 3.507 GB/3.507 GB
failed to register layer: ApplyLayer exit status 1 stdout: stderr: lchown /usr/bin/sbd: no such file or directory
Unable to find image '[my-docker-repo]:latest' locally
latest: Pulling from [my-repo]
8657e219e309: Pull complete
a8db9e62fad8: Extracting [==================================================>] 3.507 GB/3.507 GB
docker: failed to register layer: ApplyLayer exit status 1 stdout: stderr: lchown /usr/bin/sbd: no such file or directory.
I'm not sure if this is related to the way I installed docker or if it's actually something else. I only installed docker using the following two commands:
yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.0.ce-1.el7.centos.noarch.rpm
yum install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-17.03.0.ce-1.el7.centos.x86_64.rpm
I can run docker just fine and start the service, so not sure it's the installation that's the issue per se.
The only two issues I've found on the Internet that seems somewhat related to mine are these:
https://github.com/moby/moby/issues/41803
https://github.com/moby/moby/issues/41821
However, neither one of these issues have solutions other than merged pull requests that apparently still aren't fixed in my case.
I've also visited https://docs.docker.com/engine/security/rootless/#prerequisites and verified that the value shows 65,535 in my /etc/subuid and /etc/subgid values.
Still no luck.
Here's the output of my docker info command:
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.5
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.21.1.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.9 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.349GiB
Name: d8de679d27f2453
ID: L43V:XEXI:6B6D:A3K4:KCI5:VQB7:MOG4:7TO5:QATR:5PM5:QT2Q:TTN5
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
I'm having the same problem as described in https://github.com/dotnet/dotnet-docker/issues/1483 but this time with mcr.microsoft.com/dotnet/aspnet:5.0-buster-slim.
The problem
If a Console.WriteLine($"{251.97:c}") is executed the weird symbol appears instead of $ or €.
Steps to Reproduce
This is my Dockerfile (took out dependcies copy for simplicity):
FROM mcr.microsoft.com/dotnet/aspnet:5.0-buster-slim AS base
# FastReports needs libdgiplus
RUN apt-get update && apt-get install -y libgdiplus
# Disable the invariant mode (set in base image)
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
ENV LC_ALL=es_ES.UTF-8 \
LANG=es_ES.UTF-8 # I've tried also en_US
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM mcr.microsoft.com/dotnet/sdk:5.0-buster-slim AS build
WORKDIR /src
COPY ["MyProject.WebUI/MyProject.WebUI.csproj", "MyProject.WebUI/"]
RUN dotnet restore "MyProject.WebUI/MyProject.WebUI.csproj"
COPY . .
WORKDIR "/src/MyProject.WebUI"
RUN dotnet build "MyProject.WebUI.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "MyProject.WebUI.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "MyProject.WebUI.dll"]
Other Information
Output: 251,97 ¤
Expected: 251,97 €
Output of docker version
Client: Docker Engine - Community
Cloud integration: 1.0.4
Version: 20.10.0
API version: 1.41
Go version: go1.13.15
Git commit: 7287ab3
Built: Tue Dec 8 18:55:31 2020
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.0
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: eeddea2
Built: Tue Dec 8 18:58:04 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.4.3
GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b
runc:
Version: 1.0.0-rc92
GitCommit: ff819c7e9184c13b7c2607fe6c30ae19403a7aff
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Output of docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.4.2-docker)
scan: Docker Scan (Docker Inc., v0.5.0)
Server:
Containers: 19
Running: 1
Paused: 0
Stopped: 18
Images: 186
Server Version: 20.10.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 269548fa27e0089a8b8278fc4fc781d7f65a939b
runc version: ff819c7e9184c13b7c2607fe6c30ae19403a7aff
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 4.19.128-microsoft-standard
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 6.068GiB
Name: docker-desktop
ID: G6ZX:FURA:YMMU:OQK7:FFVP:F6UD:SEQR:KJNC:CTHW:TVJY:KNJ6:Z5P7
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 56
Goroutines: 62
System Time: 2020-12-29T05:43:26.9357651Z
EventsListeners: 4
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No blkio weight support
WARNING: No blkio weight_device support
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
I've tried to solve it by setting the LC_ALL and LANG variables but it seems that does't work.
Thanks
Ok, it seems it was my fault.
I've removed images and containers and it worked as expected.
I am trying to install sentry docker on my linux .After clone it's repository:
git clone https://github.com/getsentry/onpremise
I run this
$ ./install.sh
but i got this error:
alt#mx-alt:/mnt/Software/Linux/sentry/onpremise
$ ./install.sh
Checking minimum requirements...
FAIL: Expected minimum RAM available to Docker to be 2400 MB but found MB
this is my docker info:
$ sudo docker info
Client:
Debug Mode: false
Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 19.03.13
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.19.0-12-amd64
Operating System: Debian GNU/Linux 10 (buster)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.63GiB
Name: mx-alt
ID: DRNU:OLX2:5VCT:GPNW:I3OV:4OHB:43UU:OVZL:OH5Y:5A2U:7MJA:SBHU
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
increase docker ram on linux?
I write my answer maybe help to someone!
1 - I pull busybox first:
$ docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
5f5dd3e95e9f: Pull complete
Digest: sha256:9f1c79411e054199210b4d489ae600a061595967adb643cd923f8515ad8123d2
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
alt#mx-alt:~
alt#mx-alt:~
$ sudo docker run --rm busybox free -m 2
total used free shared buff/cache available
Mem: 16009 2176 11539 208 2293 13350
Swap: 8191 0 8191
alt#mx-alt:~
2- ./install.sh
Done.
I'm trying to run docker but it still fails. Here is what i get
root#c1170137:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c04b14da8d14: Extracting 974 B/974 B
docker: failed to register layer: ApplyLayer exit status 1 stdout: stderr: permission denied.
See 'docker run --help'.
kernel: 4.4.16-1-pve
i'm using debian jessie
Distributor ID: Debian
Description: Debian GNU/Linux 8.5 (jessie)
Release: 8.5
Codename: jessie
Edit:
daemon.log
http://hastebin.com/qinufacuto.coffee
docker info
root#c1177124:~# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 1.12.1
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: host bridge null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options:
Kernel Version: 4.4.16-1-pve
Operating System: Debian GNU/Linux 8 (jessie)
OSType: linux
Architecture: x86_64
CPUs: 32
Total Memory: 2 GiB
Name: c1177124
ID: 4YUJ:OL2E:WLJC:23WJ:5HRW:LRY3:QHKC:MKXO:JDWO:VWOQ:JMWN:V52W
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
127.0.0.0/8
By the way, the problem could be caused by the kernel.
Thank you for any idea or solution
Use lxc.apparmor.profile: unconfined
Just put at the end of an /etc/pve/lxc/ID.conf file and restart your LXC container.
Using lxc.aa_profile: unconfined is deprecated as was renamed.
If you don't care about security or trust your docker containers:
Edit the configuration file of your lxc container on the host in /etc/pve/lxc/ID.conf by adding lxc.aa_profile: unconfined at the end of the file.
Remove apparmor: apt-get remove apparmor --purge
Iam Solved this problem with execute this command on Host:
lxc config set your-lxc-name security.nesting true
lxc config set your-lxc-name security.privileged true
I had the same error. In my case it was due to McAfee antivirus. I removed it and then pull successfully. McAffe was blocking the /etc/passwd folder and Docker could not pull images.
Here people had the same exact problem:
https://github.com/moby/moby/issues/37817