hello i have a problem with docker, recently i make dockerfile for create a image of "mosquitto-mqtt" to make my own broken mqtt with ssl protection. i build dockerfile all is good, i don't have a problem but if i run a new container with " docker run -itd --name broken ce69ee4b2f4e" a container run and exit automaticly, and if a check log all is good "[ ok .] Starting network daemon:: mosquitto.". i don't have why ? check my dockerfile. i need help to solve it, thanks you
#Download base image debian
FROM debian:latest
#Update system
RUN apt-get update -y
#Install Wget and gnup2
RUN apt-get install wget -y && apt-get install gnupg2 -y
#Download and add key
RUN wget http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key
RUN apt-key add mosquitto-repo.gpg.key
RUN rm mosquitto-repo.gpg.key
## append apt mirror for debian
RUN echo "# mirror" >> /etc/apt/source.list
RUN echo "deb http://repo.mosquitto.org/debian stretch main" >> /etc/apt/source.list
#Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y
#install mosquitto
RUN apt-get install mosquitto -y
#Copy file configuration
COPY mosquitto.conf /etc/mosquitto
#Copy certificate folder
COPY certs/mosquitto-ca.crt /etc/mosquitto/certs
COPY certs/mosquitto-server.crt /etc/mosquitto/certs
COPY certs/mosquitto-server.key /etc/mosquitto/certs
#Run command
ENTRYPOINT ["/etc/init.d/mosquitto", "start"]
log print
[ ok .] Starting network daemon:: mosquitto.
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d00bd23ae2d6 ce69ee4b2f4e "/etc/init.d/mosquit…" 9 minutes ago Exited (0) 9 minutes ago broken
Containers are a wrapper around a process, and when that process exits, the container exits. In this case:
ENTRYPOINT ["/etc/init.d/mosquitto", "start"]
That process is /etc/init.d/mosquitto which almost certainly runs, spawns a daemon in the background, and exits (standard for anything in init.d). You should instead run mosquito directly with foreground options if available.
If that's some possible, something like supervisord would be a less than optimal fallback, with the ability to watch a background daemon.
And if neither of those work, you can run your command from a script that ends with a tail -f /dev/null, but that would be the worst option since you ignore any errors.
it works ! i found the solution, it just need to add "-C" on command and specify directory
this is a good method
ENTRYPOINT ["mosquitto", "-c", "/etc/mosquitto/mosquitto.conf"]
thanks all to help Me!
I'm trying to switch user to the tomcat7 user in order to setup SSH certificates.
When I do su tomcat7, nothing happens.
whoami still ruturns root after doing su tomcat7
Doing a more /etc/passwd, I get the following result which clearly shows that a tomcat7 user exists:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
messagebus:x:101:104::/var/run/dbus:/bin/false
colord:x:102:105:colord colour management daemon,,,:/var/lib/colord:/bin/false
saned:x:103:106::/home/saned:/bin/false
tomcat7:x:104:107::/usr/share/tomcat7:/bin/false
What I'm trying to work around is this error in Hudson:
Command "git fetch -t git#________.co.za:_______/_____________.git +refs/heads/*:refs/remotes/origin/*" returned status code 128: Host key verification failed.
This is my Dockerfile, it takes an existing hudson war file and config that is tarred and builds an image, hudson runs fine, it just can't access git due to certificates not existing for user tomcat7.
FROM debian:wheezy
# install java on image
RUN apt-get update
RUN apt-get install -y openjdk-7-jdk tomcat7
# install hudson on image
RUN rm -rf /var/lib/tomcat7/webapps/*
ADD ./ROOT.tar.gz /var/lib/tomcat7/webapps/
# copy hudson config over to image
RUN mkdir /usr/share/tomcat7/.hudson
ADD ./dothudson.tar.gz /usr/share/tomcat7/
RUN chown -R tomcat7:tomcat7 /usr/share/tomcat7/
# add ssh certificates
RUN mkdir /root/.ssh
ADD ssh.tar.gz /root/
# install some dependencies
RUN apt-get update
RUN apt-get install --y maven
RUN apt-get install --y git
RUN apt-get install --y subversion
# background script
ADD run.sh /root/run.sh
RUN chmod +x /root/run.sh
# expose port 8080
EXPOSE 8080
CMD ["/root/run.sh"]
I'm using the latest version of Docker (Docker version 1.0.0, build 63fe64c/1.0.0), is this a bug in Docker or am I missing something in my Dockerfile?
You should not use su in a dockerfile, however you should use the USER instruction in the Dockerfile.
At each stage of the Dockerfile build, a new container is created so any change you make to the user will not persist on the next build stage.
For example:
RUN whoami
RUN su test
RUN whoami
This would never say the user would be test as a new container is spawned on the 2nd whoami. The output would be root on both (unless of course you run USER beforehand).
If however you do:
RUN whoami
USER test
RUN whoami
You should see root then test.
Alternatively you can run a command as a different user with sudo with something like
sudo -u test whoami
But it seems better to use the official supported instruction.
As a different approach to the other answer, instead of indicating the user upon image creation on the Dockerfile, you can do so via command-line on a particular container as a per-command basis.
With docker exec, use --user to specify which user account the interactive terminal will use (the container should be running and the user has to exist in the containerized system):
docker exec -it --user [username] [container] bash
See https://docs.docker.com/engine/reference/commandline/exec/
In case you need to perform privileged tasks like changing permissions of folders you can perform those tasks as a root user and then create a non-privileged user and switch to it.
FROM <some-base-image:tag>
# Switch to root user
USER root # <--- Usually you won't be needed it - Depends on base image
# Run privileged command
RUN apt install <packages>
RUN apt <privileged command>
# Set user and group
ARG user=appuser
ARG group=appuser
ARG uid=1000
ARG gid=1000
RUN groupadd -g ${gid} ${group}
RUN useradd -u ${uid} -g ${group} -s /bin/sh -m ${user} # <--- the '-m' create a user home directory
# Switch to user
USER ${uid}:${gid}
# Run non-privileged command
RUN apt <non-privileged command>
Add this line to docker file
USER <your_user_name>
Use docker instruction USER
You should also be able to do:
apt install sudo
sudo -i -u tomcat
Then you should be the tomcat user. It's not clear which Linux distribution you're using, but this works with Ubuntu 18.04 LTS, for example.
There's no real way to do this. As a result, things like mysqld_safe fail, and you can't install mysql-server in a Debian docker container without jumping through 40 hoops because.. well... it aborts if it's not root.
You can use USER, but you won't be able to apt-get install if you're not root.
After I update my Docker version to 0.8.0, I get an error message while entering sudo docker version:
Client version: 0.8.0
Go version (client): go1.2
Git commit (client): cc3a8c8
2014/02/19 12:54:16 Can't connect to docker daemon. Is 'docker -d' running on this host?
And I've followed the instructions and entered command sudo docker -d, and I got this:
[/var/lib/docker|2462000b] +job initserver()
[/var/lib/docker|2462000b.initserver()] Creating server
open /var/lib/docker/aufs/layers/cf2414da53f9bcfaa48bc3d58360d7f1cfd3784e4fe51fbef95197709dfc285d: no such file or directory[/var/lib/docker|2462000b] -job initserver() = ERR (1)
2014/02/19 12:55:57 initserver: open /var/lib/docker/aufs/layers/cf2414da53f9bcfaa48bc3d58360d7f1cfd3784e4fe51fbef95197709dfc285d: no such file or directory
How do I solve the problem?
Linux
The Post-installation steps for Linux documentation reveals the following steps:
Create the docker group.
sudo groupadd docker
Add the user to the docker group.
sudo usermod -aG docker $(whoami)
Log out and log back in to ensure docker runs with correct permissions.
Start docker.
sudo service docker start
Mac OS X
As Dayel Ostraco says is necessary to add environments variables:
docker-machine start # Start virtual machine for docker
docker-machine env # It's helps to get environment variables
eval "$(docker-machine env default)" # Set environment variables
The docker-machine start command outputs the comments to guide the process.
Linux
To run docker daemon on Linux (from CLI), run:
$ sudo service docker start # Ubuntu/Debian
Note: Skip the $ character when copy and pasting.
On RedHat/CentOS, run: sudo systemctl start docker.
To initialize the "base" filesystem, run:
$ sudo service docker stop
$ sudo rm -rf /var/lib/docker
$ sudo service docker start
or manually like:
$ sudo docker -d --storage-opt dm.basesize=20G
Install docker-machine on Linux
To install machine binaries on Linux:
locally:
install -vm755 <(curl -L https://github.com/docker/machine/releases/download/v0.5.3/docker-machine_linux-amd64) $HOME/bin/docker-machine
global:
sudo bash -c 'install -vm755 <(curl -L https://github.com/docker/machine/releases/download/v0.5.3/docker-machine_linux-amd64) /usr/local/bin/docker-machine'
macOS
On macOS the docker binary is only a client and you cannot use it to run the docker daemon, because Docker daemon uses Linux-specific kernel features, therefore you can’t run Docker natively in OS X. So you have to install docker-machine in order to create VM and attach to it.
Install docker-machine on macOS
If you don't have docker-machine command yet, install it by using one of the following methods:
Using Brew command: brew install docker-machine docker.
manually from GitHub:
install -v <(curl https://github.com/docker/machine/releases/download/v0.5.3/docker-machine_linux-amd64) /usr/local/bin/docker-machine
See: Get started with Docker for Mac.
Configure docker-machine on macOS
To start Docker Machine via Homebrew, run:
brew services start docker-machine
To create a default machine (if you don't have one, see: docker-machine ls):
docker-machine create --driver virtualbox default
Then set-up the environment for the Docker client:
eval "$(docker-machine env default)"
Then double-check by listing containers:
docker ps
See: Get started with Docker Machine and a local VM.
Install Docker.app on macOS
Alternatively to above solution, you can install a Docker app by:
brew cask install docker
Check this post for more details. See also: Cannot connect to the Docker daemon on macOS
If you are running Docker on OS X, running the following eval has worked for me.
eval "$(docker-machine env default)"
If you'd prefer not to have to run this eval statement on every terminal session, you can add this to your bash_profile:
#Docker
eval "$(docker-machine env default)"
Be sure to restart the terminal session or run source on bash_profile for the changes to take effect.
After a detailed investigation, this issue seems to happen every time after Mac OS X is rebooted (or the Docker virtual machine is restarted) which prevents the Docker client from connecting to the Docker daemon.
To solve the issue, you can either:
A) Reinstall Docker Toolbox using the official installer (https://www.docker.com/products/docker-toolbox), or simply
B) Run the following commands in order:
# First make sure that the virtual machine is running
docker-machine start default
# Regenerate TLS connection certs, requires confirmation
docker-machine regenerate-certs default
# Finally, set env
eval "$(docker-machine env default)"
C) Same as (B), you can also copy and paste the following line to run all of the three commands:
docker-machine start default; docker-machine regenerate-certs default; eval "$(docker-machine env default)"
In case you get the following error:
Error getting SSH command: Something went wrong running an SSH command!
command : cat /etc/os-release
err : exit status 255
output :
just re-run the three commands another time, and it should work the second time.
This usually happens when you are not in the docker group. You can add yourself to the docker group with:
sudo usermod -aG docker yourusername
or
sudo usermod -aG docker $(whoami)
After this, you need to logout and log back into the server.
Alternatively, you can sudo every Docker command.
If all the other solutions above don't work you can try checking the ownership of /var/run/docker.sock:
ls -l /var/run/docker.sock
If you're not the owner then change ownership with the command:
sudo chown *your-username* /var/run/docker.sock
Then you can go ahead and try executing the Docker commands hassle-free :D
You can use the command
sudo service docker stop && sudo service docker start
OR
sudo service docker restart
to simply restart it.
The best way to find out why Docker isn't working will be to run the daemon manually.
$ sudo service docker stop
$ ps aux | grep docker # do this until you don't see /usr/bin/docker -d
$ /usr/bin/docker -d
The Docker daemon logs to STDOUT, so it will start spitting out whatever it's doing.
Here was what my problem was:
[8bf47e42.initserver()] Creating pidfile
2015/01/11 15:20:33 pid file found, ensure docker is not running or delete /var/run/docker.pid
This was because the instance had been cloned from another virtual machine. I just had to remove the pidfile, and everything worked afterwards.
Of course, instead of blindly assuming this will work, I'd suggest running the daemon manually one more time and reviewing the log output for any other errors before starting the service back up.
Do a ps aux | grep docker to see if the daemon is running. If not run /etc/init.d/docker start
If you get the message Can't connect to docker daemon. Is 'docker -d' running on this host?, you can check it by docker version.
If you see the information like Docker Client is running. but Docker Server is not, it's obviously you need to start the Docker server.
In CentOS, you can use service to start or stop the Docker server.
$ sudo service docker stop
$ sudo service docker start
Then, after you type docker version, you will get the information of Docker Client and Docker Server, and the Docker daemon has been started.
Use Docker CE app
macOS
Use the new Docker Community Edition app for macOS. For example:
Uninstall all Docker Homebrew packages which you've installed so far:
brew uninstall docker-compose
brew uninstall docker-machine
brew uninstall docker
Install an app manually or via Homebrew-Cask:
brew install --cask docker
Note: This app will create necessary links to docker, docker-compose, docker-machine, etc.
After running the app, checkout the a Docker whale icon in the status menu.
Now you should be able to use docker, docker-compose, docker-machine commands as usual in the Terminal.
Related:
Brew install docker does not include docker engine?
Cannot connect to the Docker daemon on macOS
Linux/Windows
Download the Docker CE from the download page and follow the instructions.
I have similar problem. I had to logout and login again to shell because I have just installed Docker and following command didn't show in my environment.
export DOCKER_HOST=127.0.0.1:4243 >> ~/.bashrc
I restart Docker after installing it:
$ sudo service docker stop
$ sudo service docker start
And it works.
I have faced this problem, and I restarted Docker using these commands:
$ sudo service docker stop
$ sudo service docker start
But I did not solve my problem, because I forgot to execute my Docker commands without sudo. For those who faces this problem, try to check that.
Try
$ sudo docker info
instead of this:
$ docker info
I have the same error and trying docker-machine regenerate-certs or eval.. did not work for me.
This on OS X 10.11.3 (El Capitan) and Docker v1.10.1. I was able to fix it only by deleting and recreating docker-machine again. Source
If running docker-machine ls, it shows you a similar output to the one below;
DOCKER
Unknown
ERRORS
Unable to query docker version: Cannot
connect to the docker engine endpoint
Try removing your Docker machine with;
docker-machine rm -f default
Where default is your Docker machine name. Then;
docker-machine create -d virtualbox default
Creates a new Docker machine.
Double check that everything looks normal now (no errors or unknown Docker) with:
docker-machine ls
Finally don't forget to run "$(docker-machine env default)" before you continue or run the Docker Quickstart Terminal which does it for you...
I knew that there are plenty of answers already in this post. Just I would like to add one simple answer that is solved the above mentioned problem .
sudo systemctl start docker
Run the above command and it will start all the docker related threads/services.
Try adding the current user to docker group:
sudo usermod -aG docker $USER
Then log out and login.
At April 2020 on MacOS Catalina, you just need to open the desktop application:
I had the same problem - "Can't connect to docker daemon." (except I didn't get any 'file not found' errors on trying to start the server.)
'ps' showed that "/usr/bin/docker -d" was still running
I realised that I'd never actually succeeded in running the server myself though. Every attempt had produced
...
2014/03/24 21:57:29 pid file found, ensure docker is not running or delete /var/run/docker.pid
So I belatedly realised that installing docker had maybe registered the daemon with upstart, which had started it for me. Hence, trying to kill the daemon to manually restart it fails (operation not permitted). So I did a
sudo kill -9 <PID>
on the daemon process. Another daemon immediately took its place, and this new one DOES now let my CLI client connect:
$ sudo docker info
Containers: 0
Images: 0
Driver: aufs
Root Dir: /var/lib/docker/aufs
Dirs: 0
WARNING: No memory limit support
WARNING: No swap limit support
Following Docker's DOC site: Manage Docker as a non-root user
1) Create Docker Group
sudo groupadd docker
2) Make user belong to docker group to get the group's privileges.
sudo usermod -aG docker $USER
Check whether the DOCKER_HOST environment variable is set for your shell.
env | grep DOCKER_HOST
If it exists,
unset DOCKER_HOST
Then this should work:
docker run hello-world
I just had the same issue, running on Amazon AWS.
Here's what I attempted:
Set up docker-machine locally with already existing AWS instance
Used generic setup
It kind of connected, but since the remote port was closed, it failed
After that, the Docker daemon refused to start up, but running dockerd did work...
It was tested following on the remote machine:
service docker start # Also restart, no success
systemctl start docker # Also restart, no success
dockerd # Success
I removed /var/lib/docker and uninstalled everything, but there was no success after reinstallation. Unfortunately I have no logs stored from failures, but docker.service just refused to start.
However, what finally solved my issue was basically:
sudo usermod -aG docker $(whoami)
I got the same problem. In CentOS 6.5:
ps aux |grep `cat /var/run/docker.pid`
If it shows no Docker daemon process exists, then I type:
docker -d
Then Ctrl + D to stop Docker. Because we use the -d option, Docker will run as daemon. Now we can do:
service docker start
Then I can do a docker pull centos. That's all.
NOTE: If these do not work, you can try yum update, and then repeat these again, because I yum install before these.
If you are running on OS X using Docker tool, follow this.
Restart the daemon and configure your environment:
docker-machine restart
And then
docker-machine env
Finally,
eval $(docker-machine env)
To test the daemon is running:
docker ps -a or docker-machine ls. This will list all containers.
The Docker Service may not be running.
If you are on a RedHat/Fedora/CentOS, please try this:
sudo systemctl start docker
If you are on Ubuntu/Debian:
sudo service start docker
Docker will start running on your host and respective port.
Run the following command:
docker context use default
To fix this issue, I had to enable the docker service:
sudo systemctl enable /usr/lib/systemd/system/docker.service
Check if you are using Docker Machine :)
Run docker-machine env default should do the trick.
Because according to documentation:
Docker Machine is a tool that lets you install Docker Engine on
virtual hosts, and manage the hosts with docker-machine commands. You
can use Machine to create Docker hosts on your local Mac or Windows
box, on your company network, in your data center, or on cloud
providers like AWS or Digital Ocean.
Using docker-machine commands, you can start, inspect, stop, and
restart a managed host, upgrade the Docker client and daemon, and
configure a Docker client to talk to your host.
Point the Machine CLI at a running, managed host, and you can run
docker commands directly on that host. For example, run
docker-machine env default to point to a host called default, follow on-screen
instructions to complete env setup, and run docker ps,
docker run hello-world, and so forth.
https://docs.docker.com/machine/overview/
I also had the same issue. The problem was in sockets allocated to docker-daemon and docker-client.
First, permission was not set for the docker-client on docker.sock You can set it using "sudo usermod -aG docker $USER"
Then check your bash file where the docker-client is running, For me it was on 0.0.0.0:2375, while docker-daemon was running on unix socket.(It was set in the configuration file of dockerd).
Just comment the bash-line and it'll work fine.
But if you want to make it work on TCP port instead of unix socket, change the configuration file of dockerd and set it on 0.0.0.0.2375 and keep the line in bash as it is if present or set it to 0.0.0.0:2375.
To fix, you need to issue the following commands in the terminal. I'll explain each step:
# Uninstall Docker from apt packages
$ sudo apt-get remove docker docker.io
# Remove it from the libraries just to be
# sure it's gone forever
$ sudo rm -rf /var/lib/docker/*
Now, if you want to simplify things and get more time, you can run my init script with the parameter installDocker:
# Pull the init script from GitHub
$ wget https://github.com/dminca/dotfiles/blob/master/init
# Add rights to run the script
$ chmod 755 init
# Just run the script with the installDocker parameter
$ ./init installDocker
A reboot is optional, but I suggest you do it to be sure all runs smoothly.
I had the same problem running Docker 1.10 on Ubuntu 14.04 and none of the given answers worked. For me, the fix was to specify the storage driver when running the Docker daemon.
sudo docker daemon --storage-driver=devicemapper