I have installed Docker on Ubuntu 16.04 server, using the manual on this page: https://docs.docker.com/cs-engine/1.13/, so, using these steps:
curl -fsSL 'https://sks-keyservers.net/pks/lookup?op=get&search=0xee6d536cf7dc86e2d7d56f59a178ac6c6238f52e' | sudo apt-key add -
sudo add-apt-repository "deb https://packages.docker.com/1.13/apt/repo/ \
ubuntu-$(lsb_release -cs) \
main"
sudo apt-get update
sudo apt-get -y install docker-engine
I have installed it on two servers and I need them to see each other, I needed to let Docker daemon listen on port 2375 (probably doesn't matter, but using this manual: https://github.com/yeasy/cello/blob/master/docs/deployment.md)
So I created the conf file:
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo vim /etc/systemd/system/docker.service.d/override.conf
Added this to the override.conf:
[Service]
DOCKER_OPTS="$DOCKER_OPTS -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --api-cors-header='*' --default-ulimit=nofile=8192:16384 --default-ulimit=nproc=8192:16384"
EnvironmentFile=-/etc/default/docker
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS
Then:
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker.service
Tested the connection between servers like this:
$ docker -H 10.101.35.61:2375 version
The response:
Client:
Version: 1.13.1-cs4
API version: 1.27
Go version: go1.7.5
Git commit: e46aec0
Built: Mon May 22 18:46:40 2017
OS/Arch: linux/amd64
Cannot connect to the Docker daemon at tcp://10.101.35.61:2375. Is the docker daemon running?
Tried restarting the server, same problem. Tried to run with sudo. Tried adding the user to group docker:
sudo usermod -aG docker $USER
Didn't help. I have disabled firewall on both servers. When I check the ports open on the server with sudo lsof -i, I can't see anything listening to port 2375 - I am guessing Docker should be listening to it?
Try the config file in this location, create it if it does not exist:
/etc/docker/daemon.json
Put this and restart the docker service:
{"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
You can add more configs, documented here.
Related
I am deploying an Azure Self hosted agent on a Kubernetes Cluster 1.22+ following steps in:
https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops#linuxInstructions
I am adding podman to self hosted agent as container manager, following code is added to self hosted agent Dockerfile:
# install podman
ENV VERSION_ID=20.04
RUN apt-get update -y && apt-get install curl wget gnupg2 -y && . ./etc/os-release && sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" && wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- | apt-key add - && apt-get update -y && apt-get -y install podman && podman --version
Everything runs smoothly when running the container in privileged mode.
...
securityContext:
privileged: true
...
When swith to privileged: false and try to connect to podman, I get following error
level=warning msg="\"/\" is not a shared mount, this could cause issues or missing mounts with rootless containers"
Error: mount /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay, flags: 0x1000: permission denied
the Command I use for connecting is:
podman login private.container.registry \
--username $USER \
--password $PASS \
--storage-opt mount_program=/usr/bin/fuse-overlayfs
How can I use podman with unprivileged mode ?
Issue was related to Containerd's apparmor profile denying the mount syscall,
I fixed it for now by disabling apparmor for the container while running unprivileged mode
...
template:
metadata:
labels:
app: vsts-agent-2
annotations:
container.apparmor.security.beta.kubernetes.io/kubepodcreation: unconfined
...
securityContext:
privileged: false #true
A better way would be creating an apparmor profile that allows the mount and apply it to the container
I have a bash script that is running on an ec2 instance.It is running periodically,now the issue is that whenever in the script i run
sudo service docker start
it runs but after that when i run docker ps it gives me this error
ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
Now while i have run the command in the script to provide permissions to run docker without sudo but whenever i restart it it seems to rewrite all the configurations.
echo "Installing Docker..."
sudo yum install -y docker
#sudo groupadd docker
#sudo usermod -aG docker ${USER}
tries=3
interval=15s
while [ $tries -gt 0 ]
do
#sudo yum reinstall -y docker
#sudo service docker start
sudo groupadd docker
sudo chmod 777 /var/run/docker.sock
sudo usermod -aG docker ${USER}
sudo service docker start
sudo chkconfig docker on
docker --version
sudo service docker restart
#sudo service docker start
docker info && break
let "tries--" && sleep $interval
done
docker info || exit
It gives me this error
Stopping docker: [60G[[0;32m OK [0;39m]
Starting docker: .[60G[[0;32m OK [0;39m]
Client:
Context: default
Debug Mode: false
Server:
ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied
errors pretty printing info
is there any way to run docker without sudo even after running the restart command. Keep in mind that i cannot remove the restart command
You can try this instead
sudo chmod 666 /var/run/docker.sock
I'm using following system version/spec for the docker-redis setup using default redis.conf.
Redhat version: 7.6 (Red Hat Enterprise Linux Server)
Redis Version: 5.0.4
Docker Version: 1.13.1, build b2f74b2/1.13.1
When I run following command it's working perfectly fine.
sudo docker run -d -v $PWD/redis.conf:/usr/local/etc/redis/redis.conf --name redis-persistance --net tyk -p 7070:6379 redis redis-server /usr/local/etc/redis/redis.conf --appendonly yes
I need to get redis data (which is in /data inside the container) to the host directory (/usr/local/etc/redis/data) (-v $PWD/data:/data). So when I run following command I'm getting the below error.
Note $PWD = /usr/local/etc/redis/
sudo docker run -d -v $PWD/redis.conf:/usr/local/etc/redis/redis.conf -v $PWD/data:/data --name redis-persistance --net tyk -p 7070:6379 redis redis-server /usr/local/etc/redis/redis.conf --appendonly yes
Error in docker logs:
journal: chown: changing ownership of '.': Permission denied
level=warning msg="05ce842f052e28566aed0e2eab32281138462cead771033790266ae145fce116 cleanup: failed to unmount secrets: invalid argument"
Also I tried changing the ownership of the data folder in the host to following as well. chown redis:redis data
drwxrwxrwx. 2 redis redis 6 May 3 07:11 data
Can someone help me out on this. Thanks.
First create a volume:
docker volume create redis_data
Check the volume is created (note the Mountpoint):
docker volume inspect redis_data
Then use this volume to start your container:
sudo docker run -d -v $PWD/redis.conf:/usr/local/etc/redis/redis.conf -v redis_data:/data --name redis-persistance --net tyk -p 7070:6379 redis redis-server /usr/local/etc/redis/redis.conf --appendonly yes
You can then check the contents of the "Mountpoint" that should be the redis data.
I'm building a Docker image for an application which requires to ssh into localhost (i.e ssh user#localhost)
I'm working on a Ubuntu desktop machine and started with a basic ubuntu:16.04 container.
Following is the content of my Dockerfile:
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y \
openjdk-8-jdk \
ssh && \
groupadd -r custom_group && useradd -r -g custom_group -m user1
USER user1
RUN ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && \
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Then I build this container using the command:
docker build -t test-container .
And run it using:
docker run -it test-container
The container opens with the following prompt and the keys are generated correctly to enable ssh into localhost:
user1#0531c0f71e0a:/$
user1#0531c0f71e0a:/$ cd ~/.ssh/
user1#0531c0f71e0a:~/.ssh$ ls
authorized_keys id_rsa id_rsa.pub
Then ssh into localhost and greeted by the error:
user1#0531c0f71e0a:~$ ssh user1#localhost
ssh: connect to host localhost port 22: Cannot assign requested address
Is there anything I'm doing wrong or any additional network settings that needs to be configured? I just want to ssh into localhost within the running container.
First you need to install the ssh server in the image building script:
RUN sudo apt-get install -y openssh-server
Then you need to start the ssh server:
RUN sudo /etc/init.d/ssh start
or probably even in the last lines of the Dockerfile ( you must have one binary instantiated to keep the container running ... )
USER root
CMD [ "sh", "/etc/init.d/ssh", "start"]
on the host than
# init a container from an the image
run -d --name my-ssh-container-name-01 \
-v /opt/local/dir:/opt/container/dir my-image-01
As #user2915097 stated in the OP comments, this was due to the ssh instance in the container was attempting to connect to the host using IPv6.
Forcing connection over IPv4 using -4 solved the issue.
$ docker run -it ubuntu ssh -4 user#hostname
For Docker Compose I was able to add the following to my .yml file:
network_mode: "host"
I believe the equivalent in Docker is:
--net=host
Documentation:
https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode
https://docs.docker.com/network/#network-drivers
host: For standalone containers, remove network isolation between the
container and the Docker host, and use the host’s networking directly.
See use the host network.
I also faced this error today, here's how to fix it:
If(and only if) you are facing this error inside a running container that isn't in production.
Do this:
docker exec -it -u 0 [your container id here] /bin/bash
then when you entered the container in god mode, run this:
service ssh start
then you can run your ssh based commands.
Of course it is best practice to do it in your Dockerfile before all these, but no need to sweat if you are not done with your image built process just yet.
Start Docker Daemon
docker daemon -g /u01/docker
Docker Info
[bu#bu ~]$ docker version
Client:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built:
OS/Arch: linux/amd64
Server:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built:
OS/Arch: linux/amd64
Dockerfile
FROM nginxmagento
MAINTAINER Bilal
ENTRYPOINT service ssh restart && service nginx restart && service mysql restart && service cron restart && service php7.0-fpm restart && bash
Build Image
docker build -t magento .
Create Container
docker run -it -d --name magento -h host.name -v /u01/Bilal/test/_data:/var/www/html -p 3020:80 --net mynetwork --ip 172.18.0.51 --privileged magento
It successfully start service in ENTRYPOINT but it randomly shutdown the docker daemon, In docker daemon too no error thrown it just exit from terminal. I searched docker daemon log file by find linux command and this link but I can't find where it is located.
please give suggestions about why it is behave like this?
If I follow any bad practice, please mention?