I am trying to get nomad to run on my mac with colima.
Colima seems to work just fine :
I can run and portforward to my host containers using docker with colima.
docker run --rm -p8080:80 nginx
I also configured nomad docker plugin to use the correct containerd socket :
plugin "docker" {
config {
// endpoint = "unix:///var/run/docker.sock"
// use colima
endpoint = "unix:///Users/antonin/.colima/default/docker.sock"
But nomad dev setup seems to be incorrect
I tried the sample application from nomad (a redis cache in a container), nomad agent fails to start the container. I guess there is too much network indirection ...
Here is my command to start nomad (according to nomad FAQ) :
sudo nomad agent -dev -config=docker.nomad -bind=0.0.0.0 -network-interface=en0
Here is the message logged by the nomad agent :
2023-02-15T22:57:24.796+0100 [DEBUG] client.driver_mgr.docker: failed to start container: driver=docker container_id=196030610c2795d6876386e799e03dd9f9afa3b391d6c093ab1d03616daf1949 attempt=5 error="API error (500): driver failed programming external connectivity on endpoint redis-bc2b6d1d-9241-ccb8-c5ad-3e649f018208 (df95904fed93d4be70fc0c3bf1682dbead84ba71f2a321443fba09ff0c43dd69): Error starting userland proxy: listen tcp4 192.168.1.120:28033: bind: cannot assign requested address"
192.168.1.120 is my host ip on my LAN.
additional information :
Here is the nomad job spec :
job "example" {
type = "service"
update {
max_parallel = 1
min_healthy_time = "10s"
healthy_deadline = "3m"
progress_deadline = "10m"
auto_revert = false
canary = 0
}
migrate {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
}
group "cache" {
count = 1
network {
port "db" {
to = 6379
}
}
service {
name = "redis-cache"
tags = ["global", "cache"]
port = "db"
provider = "nomad"
check {
name = "alive"
type = "tcp"
interval = "10s"
timeout = "2s"
}
}
restart {
interval = "30m"
delay = "15s"
mode = "fail"
}
ephemeral_disk {
size = 300
}
task "redis" {
driver = "docker"
config {
image = "redis:7"
ports = ["db"]
auth_soft_fail = true
}
resources {
cpu = 200 # 500 MHz
memory = 100 # 256MB
}
}
}
}
Here is the output of docker info:
Client:
Context: colima
Debug Mode: false
Server:
Images: 2
Server Version: 20.10.20
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
runc version: 5fd4c4d144137e991c4acebb2146ab1483a97925
init version:
Security Options:
seccomp
Profile: default
Kernel Version: 5.15.82-0-virt
Operating System: Alpine Linux v3.16
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 3.828GiB
Name: colima
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: antonin42
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Related
When using docker build, pulling the base image from a private registry fails with
http: server gave HTTP response to HTTPS client
It should not a problem of setting insecure-registries however, because
insecure-registries is set
docker pull and push are working without problems
I can workaround it by pulling the base image first and then calling docker build, but I would prefer to get to the root of the problem.
The problem occurred on Mac as well as Windows.
Any idea what might be the problem?
Edit: The solution of Dockerfile FROM Insecure Registry doesn't work for me.
For my insecure-registries entry I use ip:port. When I try to enter http://ip:port I get an error message:
Error invoking remote method 'desktop-backend': Error: "invalid daemon settings: \"insecure-registries\":\n Must be host[:port] or CIDR"
Output of docker info on the Mac:
Client:
Context: default
Debug Mode: false
Plugins:
buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
compose: Docker Compose (Docker Inc., v2.0.0-rc.2)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 4
Running: 0
Paused: 0
Stopped: 4
Images: 23
Server Version: 20.10.8
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e25210fe30a0a703442421b0f60afac609f950a3
runc version: v1.0.1-0-g4144b63
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 5.10.47-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.94GiB
Name: docker-desktop
ID: K4NV:OOUS:LNWC:BE2D:W75R:I3AH:CD5B:OFIJ:QFGT:57TT:SXEY:JP3C
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 43
Goroutines: 45
System Time: 2021-09-16T13:31:24.174487976Z
EventsListeners: 4
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
images:5000
127.0.0.0/8
Live Restore Enabled: false
daemon.json
{
"builder" : {
"gc" : {
"defaultKeepStorage" : "20GB",
"enabled" : true
}
},
"features" : {
"buildkit" : true
},
"insecure-registries" : [
"<dns-name>:<port>"
],
"registry-mirrors" : [
],
"experimental" : true,
"debug" : true
}
Dockerfile
FROM <dns-name>:<port>/java-base:latest
ADD sedexclient /opt/sedexclient
ENV SCS_USER scs
RUN useradd -M -g nogroup $SCS_USER
RUN chown -R $SCS_USER: /opt/sedexclient
RUN cp /opt/sedexclient/jce/oracle_java8/* $JAVA_HOME/jre/lib/security/
EXPOSE 8000
CMD ["/opt/sedexclient/bin/sedex-client-start.sh"]
I'm learning docker and installing it in my VPS by this post. But it don't work
when I run
docker pull hello-world it causes errors like this.
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
And this is result when i run docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1062.4.3.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.7GiB
Name: vps24129.sdns.vn
ID: 3L4E:BKSU:F2PQ:BGCX:L77Z:TJJ7:CVJD:EZHQ:HCNW:SEL2:2IRR:ZHSF
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http://:::443
HTTPS Proxy: http://10.0.0.0:3128
No Proxy: localhost,127.0.0.0/8,docker-registry.somecorporation.com
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: API is accessible on http://127.0.0.1:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
I tried some ways on google like disable firewall, setup proxy, reset vps, reinstall docker but it still didn't work. Hope everyone help me
I am trying to learn docker so i installed official docker application from it's site and after installing i installed kitematic.I am using windows 10:
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.184-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.952GiB
Name: docker-desktop
ID: VABX:P63L:ONMD:575Z:O4HT:WEZJ:RBNK:VB3G:4DC7:LI7T:YGX6:E4JL
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 29
Goroutines: 44
System Time: 2019-08-21T11:22:46.4753036Z
EventsListeners: 2
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
PS D:\Software\Windows\Docker\Kitematic-Windows>
After running kitamatic and search busybox and clicked on create after a few second i got this error:
(HTTP code 500) server error - Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 192.168.65.1:53: read udp 192.168.65.3:57485->192.168.65.1:53: i/o timeout
to test i used terminal to create container :
PS D:\Software\Windows\Docker\Kitematic-Windows> docker run busybox
Unable to find image 'busybox:latest' locally
C:\Program Files\Docker\Docker\Resources\bin\docker.exe: Error response from daemon: Get https://registry-1.docker.io/v2/library/busybox/manifests/latest: Get https://auth.docker.io/token?account=731364&scope=repository%3Alibrary%2Fbusybox%3Apull&service=registry.docker.io: dial tcp: lookup auth.docker.io on 192.168.65.1:53: read udp 192.168.65.3:53973->192.168.65.1:53: i/o timeout.
See 'C:\Program Files\Docker\Docker\Resources\bin\docker.exe run --help'.
PS D:\Software\Windows\Docker\Kitematic-Windows>
What's happen ?
Your machine is using 192.168.65.1 as DNS server to resolve the IP for registry-1.docker.io.
In a lot of places, it's suggested to go in the settings and change the DNS from Automatic to Fixed: 8.8.8.8
I would like to test some docker swarm features and for that I have a windows PC and a mac book pro, both in my private Network.
I installed Docker for Windows (Windows 10 pro, using linux containers) and also Docker for mac.
Then I started both of them and also configured my router to allow the ports they need for TCP and UDP:
Port 2377 TCP for node communication
Port 7946 TCP/UDP for container network discovery.
Port 4789 UDP for the container ingress network.
Also I deactivated the firewall both on my pc and on my mac.
Then I ran docker swarm init on my macbook, which gave me a join token.
On my windows PC I entered that join command in the console and....... it failed!
I got an error message that ends with "... connection refused".
So, can you give me some advise or links to how to properly connect to local machines via docker swarm? I would LOVE to test it and use it for local development and testing of my apps. thanks!
Docker Info from Mac
$ docker info
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 185
Server Version: 18.03.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: v3fhiinezmdbbn98l0s6bgqzo
Is Manager: true
ClusterID: o9mcdlgtq37t5r86ganupstez
Managers: 1
Nodes: 1
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 192.168.65.3
Manager Addresses:
192.168.65.3:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.87-linuxkit-aufs
Operating System: Docker for Mac
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 4.095GiB
Name: linuxkit-025000000001
ID: 2D57:Q3QP:6UZ2:S6JV:WXLG:JN4H:TR6G:V3C3:P6ZP:2ENA:L7ES:OIJD
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
HTTP Proxy: docker.for.mac.http.internal:3128
HTTPS Proxy: docker.for.mac.http.internal:3129
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Docker Info from Windows
$ docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.09.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 09c8266bf2fcf9519a651b04ae54c967b9ab86ec
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.125-linuxkit
Operating System: Docker for Windows
OSType: linux
Architecture: x86_64
CPUs: 3
Total Memory: 7.768GiB
Name: linuxkit-00155d674805
ID: S7LD:PA6I:QGZR:YFQH:BR62:JS5C:DZLS:C6O3:RZUL:7ZXE:PRI6:HPRD
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 22
Goroutines: 46
System Time: 2019-04-11T13:28:11.3484452Z
EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
Docker swarm join command output
$ docker swarm join --token SWMTKN-1-5rp7ownwv3ob27vl52ogo8z6d3mbxasdfasdfsadfkrf8hqjk1b5-bi2p5u7i7blk5wepw389sba0w 192.168.x.x:2377
Error response from daemon: rpc error: code = Unavailable desc = all
SubConns are in TransientFailure, latest connection error:
connection error:
desc = "transport: Error while dialing dial tcp 192.168.x.x:2377:
connect: connection refused"
The problem is that netiher docker Desktop for Mac nor for Windows with Linux containers are "true" dockers. Both are using virtual machines with Linux os where true docker engine works.
If I'm correct, 192.162.65.3 is not the IP of your Mac but the IP of vm within some virtual mac network.
Basing on this article https://docs.docker.com/docker-for-mac/docker-toolbox/ and this sentence "Also note that Docker Desktop for Mac can’t route traffic to containers, so you can’t directly access an exposed port on a running container from the hosting machine." Connecting Mac and Windows on Linux containers might not be easy.
I'd recommend for testing either get some cloud VMs or on Windows you can use docker-machine command to spawn multiple Linux VMs on which you can setup local swarm to test features you wish.
Not able to use docker run in Amazon Linux AMI
docker run hello-world
docker:
Error response from daemon: unable to find "pids" in controller set:
unknown. ERRO[0000] error waiting for container: context canceled
docker info
{ # docker info
Containers: 6
Running: 0
Paused: 0
Stopped: 6
Images: 2
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version:
runc version:
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.14.72-68.55.amzn1.x86_64
Operating System: Amazon Linux AMI 2018.03
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.79GiB
Name: ip-172-31-0-234
ID: AGTD:BUGU:RDRN:CSHC:INSH:HCMG:QFYT:OUNC:NCVZ:UDAM:PJYS:3ZQM
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: magsgfin
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
}
Currently, Amazon Linux is not supported distribution. There are't any official packages for that distro moreover, docker it is not tested on it.
It seems this error is raised by cgroups package
You can try to run this script to check if anything is missing or misconfigured.