I am new to Docker, so I am trying to learn and build a docker image for my Spring Boot application.
My Dockerfile currently is very basic. I will add to it, once I figure out more about it.
# AS <NAME> to name this stage as maven
FROM eclipse-temurin:11-jdk-alpine as jdk
FROM maven:3.8.4 as maven
My Docker info is:
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.17-ce
Storage Driver: btrfs
Build Version: Btrfs v4.15
Library Version: 102
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux oci runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.4-0-ga916309fff0f
init version:
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.14.21-150400.24.28-default
Operating System: openSUSE Leap 15.4
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 9.714GiB
Name: localhost.localdomain
ID: CHSH:Q5ZQ:5MPU:X5MR:FG7M:IFV7:RG5Z:MKNO:KWG6:ZM4L:QX6E:QMNE
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://MY_DOCKER_URL/
Live Restore Enabled: false
My /etc/docker/daemon.json file looks like this:
{
"log-level": "warn",
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "5"
},
"registry-mirrors": ["https://MY_DOCKER_URL/"]
}
I added the registry-mirror myself
My /usr/lib/systemd/system/docker.service looks like this:
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target lvm2-monitor.service SuSEfirewall2.service
[Service]
EnvironmentFile=/etc/sysconfig/docker
Environment=“HTTP_PROXY=MY_COMPANYS_PROXY”
Environment=“HTTPS_PROXY=MY_COMPANYS_PROXY”
Environment=“NO_PROXY=localhost,127.0.0.1”
# While Docker has support for socket activation (-H fd://), this is not
# enabled by default because enabling socket activation means that on boot your
# containers won't start until someone tries to administer the Docker daemon.
Type=notify
ExecStart=/usr/bin/dockerd --add-runtime oci=/usr/sbin/docker-runc $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this property.
TasksMax=infinity
# Set delegate yes so that systemd does not reset the cgroups of docker containers
# Only systemd 218 and above support this property.
Delegate=yes
# Kill only the docker process, not all processes in the cgroup.
KillMode=process
# Restart the docker process if it exits prematurely.
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
I did login with the command:
sudo docker login -u MY_USERNAME -p MY_PASSWORD MY_CORPORATE_REGISTRY
But when I do a docker pull, it still tries to fetch from the docker hub registry:
Sending build context to Docker daemon 547.3kB
Step 1/3 : FROM eclipse-temurin:11-jdk-alpine as jdk
Get "https://registry-1.docker.io/v2/": net/http: TLS handshake timeout
Any help on this would be really nice. I am struggling with this for two days!
You have to add
{
"registry-mirrors": ["<your-registry-url>"]
}
to your /etc/docker/daemon.json and restart the docker daemon.
Related
I've been struggling to deploy my containers to Docker swarm on Ubuntu server 20.04.
I'm trying to use Docker swarm on a single VPS host for zero-downtime deployments.
Running containers with docker-compose everything works.
Now trying to deploy the same docker-compose file to docker swarm.
# docker swarm init
Swarm initialized: current node (wlshyv0s1n5c85mao8jt9wo5j) is now a manager.
To add a worker to this swarm, run the following command:
...
# docker stack deploy --compose-file docker-compose.yml dash
Ignoring unsupported options: build
Creating network dash_default
Creating service dash_db
Creating service dash_nginx
...
After finishing the deploy command, with docker ps i see that there are no running containers.
Now checking with docker ps -a I see a lot of containers and all their statuses say "Created".
Next when i inspect one container, then it's state shows that:
"State": {
"Status": "created",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 128,
"Error": "error creating external connectivity network: cannot restrict inter-container communication: please ensure that br_netfilter kernel module is loaded",
"StartedAt": "0001-01-01T00:00:00Z",
"FinishedAt": "0001-01-01T00:00:00Z"
}
Checking for loaded modules:
# lsmod | grep br_netfilter
br_netfilter 4242 -2
bridge 4242 -2 br_netfilter,ebtable_broute
After running docker info i saw 2 warnings:
# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 40
Server Version: 20.10.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: active
NodeID: ij25ein3xvcr8p5ky765ol8t0
Is Manager: true
ClusterID: mdb2r7vnngw62lg8uoj5ef55k
Managers: 1
Nodes: 1
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
...
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 5.4.0
Operating System: Ubuntu 20.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 4GiB
...
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Searching for a solution I found that I should call the sysctl command, but I still get an error.
# sysctl net.bridge.bridge-nf-call-ip6tables=1
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory
Now searching solution for that I found the next command, but that does not work as well.
# modprobe br_netfilter
modprobe: FATAL: Module br_netfilter not found in directory /lib/modules/5.4.0
I don't know anymore what to do, to make swarm work.
Everything works on my Windows machine while using swarm mode.
Any suggestions on what should I do/check next?
That problem was in the hosting provider.
Provider told us that other customers have tried to configure Docker Swarm on their VPS too, but no one has figured out how to get it to work.
The provider didn't allow any kernel modification or anything else on the lower level.
Now we are using another hosting provider and everything works fine.
After reinstalling my Kubuntu 18 I try to install docker-ce
and running app I got error :
$ docker-compose up
ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
serge#AtHome:/mnt/_work_sdb8/wwwroot/lar/PerlerWealth/master$ export DOCKER_HOST=127.0.0.1
serge#AtHome:/mnt/_work_sdb8/wwwroot/lar/PerlerWealth/master$ docker-compose up -d --build
Traceback (most recent call last):
File "/usr/bin/docker-compose", line 11, in <module>
load_entry_point('docker-compose==1.17.1', 'console_scripts', 'docker-compose')()
File "/usr/lib/python2.7/dist-packages/compose/cli/main.py", line 68, in main
command()
...
File "/usr/lib/python2.7/dist-packages/docker/utils/utils.py", line 373, in parse_host
"Bind address needs a port: {0}".format(addr))
docker.errors.DockerException: Bind address needs a port: 127.0.0.1
Why errors and how to fix this error ?
Related app versions and config info :
root#AtHome:~/Downloads# docker --version
Docker version 19.03.13, build 4484c46d9d
root#AtHome:~/Downloads# docker-compose --version
docker-compose version 1.17.1, build unknown
root#AtHome:~/Downloads# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root#AtHome:~/Downloads# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.13
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-20-generic
Operating System: Ubuntu 18.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.711GiB
Name: AtHome
ID: FGEV:TTKB:COS7:VUEW:7C2T:UJWK:2L66:Y6UE:APLU:M5HG:R5DG:3RN7
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
MODIFIED :
root#AtHome:~/Downloads# docker --version
Docker version 19.03.13, build 4484c46d9d
root#AtHome:~/Downloads# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root#AtHome:~/Downloads# sudo usermod -aG docker $USER
root#AtHome:~/Downloads# sudo newgrp - docker
root#AtHome:/root# sudo systemctl enable docker
Synchronizing state of docker.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable docker
root#AtHome:/root# sudo systemctl start docker
root#AtHome:/root# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
I have all /etc files from prior working installation, but which config
files have I to look at or some missing options or permissions lacking ?
Thanks in advance!
I am trying to run a container as daemon as follows :
$docker run --privileged --net=host -d d34f188005c4
34045723709f3553533a1c823800697e55d43a7e676499310751f7116d3a1068
$docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
As seen from above, docker run cmd returns a long string, but it fails to run as seen from the docker ps output. Further, I get following from the syslog while the docker run cmd as above executes:
kernel: [281942.173389] aufs au_opts_verify:1597:dockerd[21361]: dirperm1 breaks the protection by the permission bits on the lower branch
Kernel/docker version and other required info is as follows:
# docker info
Containers: 3
Running: 0
Paused: 0
Stopped: 3
Images: 1
Server Version: 17.03.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 8
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 977c511eda0925a723debdc94d09459af49d082a
runc version: a01dafd48bc1c7cc12bdb01206f9fea7dd6feb70
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-116-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.67 GiB
Name: ubuntu1604
ID: B35S:GX2J:VTYF:HKJ2:KMIP:SU35:YCSV:YHM2:R6L5:K7CW:4ZUV:EYGX
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Can anyone please let me know how to fix this? Can we get any clue from the syslog above? If any other info is required, please let me know.
Adding additional info based on comments below :
$docker logs 34045723709f3553533a1c823800697e55d43a7e676499310751f7116d3a1068
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Access to docker on host failed!!`
$ps -aux | grep dockerd
root 21836 0.4 0.2 436168 42920 ? Ssl 10:39 0:00 /usr/bin/dockerd -H fd://
After running docker container,docker run -d --name nginx nginx, I cannot use "docker exec", docker exec nginx echo 123, on this container.
I'm receiving an error:
ERRO[2018-08-19T11:09:10.909894729+03:00] stream copy error: reading from a closed fifo
ERRO[2018-08-19T11:09:10.909988081+03:00] stream copy error: reading from a closed fifo
ERRO[2018-08-19T11:09:10.931102317+03:00] Error running exec 19c6ae3c5d796180e02577f037f6a1bd1453b70393098643719dea3537933ae2 in container: OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "process_linux.go:86: executing setns process caused \"exit status 22\"": unknown`
OS: ubuntu 14.04
Kernel: 3.13.0-153-generic
Docker: Docker version 18.06.0-ce, build 0ffa825
Docker Info:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 18.06.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/165536.165536/aufs
Backing Filesystem: extfs
Dirs: 5
Dirperm1 Supported: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d64c661f1d51c48782c9cec8fda7604785f93587
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
apparmor
userns
Kernel Version: 3.13.0-153-generic
Operating System: Ubuntu 14.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.86GiB
Name: **************
ID: OL25:ISXX:RWR7:EY76:OQ6O:XLWG:ETWJ:FV2A:MC6A:ROP7:6DWD:DJX4
Docker Root Dir: /var/lib/docker/165536.165536
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Thanks!
That can happen when them use ENTRYPOINT instead of CMD. Check your image/container with "docker inspect". Your commandline argument becomes a CMD of ENTRYPOINT.
https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact
I could reproduce this issue whenever I executed docker run -it opensuse/leap followed by exit command. The container is actually stopped after exit command, but still showed running in docker ps.
Solution: Restart your docker daemon. And then try running your containers once again. If they stop, they won't show running status.
command: service docker restart
This worked in my case.
Please update your Kernel. Although Docker should work with most Kernel 3.10+ versions, there are often low level issues with older Kernels. See also https://github.com/moby/moby/issues/36084#issuecomment-364886573 for a seemingly same issue with a working solution:
updated to HWE ( 4.13.0-32-generic) and exec works again, however keep in mind that stock 16.04 uses 4.4.0 kernels - there should some kind of warning (at least) that specific versions combination will not work
I recently installed Docker 18.04.0-ce on my Ubuntu 17.10 VM. While working behind a proxy I got stuck trying to log in into the Docker Hub registry. So when I run:
docker login -u <username> -p <cool password>
And I get this message:
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http:
request canceled while waiting for connection (Client.Timeout exceeded while
awaiting headers)
As far as my understanding goes from the research I did is that when you are behind a proxy and you want to use Docker you need to configure it accordingly even though having set your environment variable like so:
http_proxy=<my_proxy>
https_proxy=<my_proxy>
HTTP_PROXY=<my_proxy>
HTTPS_PROXY=<my_proxy>
Second, it looks like that Docker has multiple levels of proxy configurations meaning different configuration for build, containers, and the daemon.
I went and configured all of those to match my proxy, but I still get that message. YES, I DID RESTART the service and the daemon.
UPDATE:
$ docker info
Containers: 8
Running: 0
Paused: 0
Stopped: 8
Images: 12
Server Version: 18.04.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.13.0-39-generic
Operating System: Ubuntu 17.10
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 7.79GiB
Name: docker-vb
ID: 447I:6DFI:JZ7V:F6SZ:BUCB:IFB2:4HGT:MXK2:Y5H5:EECC:FIQN:SZOH
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
HTTP Proxy: http://<proxy_ip>:<proxy_port>
HTTPS Proxy: http://<proxy_ip>:<proxy_port>
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
The docker login typically needs to be run with sudo priviledges, so ensure that the HTTPS_PROXY environment is actually preserved. Simply done by
export HTTPS_PROXY=<your proxy>
Or simply pass it on the command line:
sudo HTTPS_PROXY=<your proxy> docker login -u <user> <registry>
The docker daemon doesn't need to be restarted.
The above works fine (we use extensivelye proxies at work).
There may be some issues with your network reachability, proxy, and possibly the registry. The docker log can provide some clues:
Ubuntu: sudo journalctl -fu docker.service
RHEL: /var/log/messages | grep docker