Im trying to host web app inside docker container and for it i need docker-compose in docker. I installed docker-compose inside ubuntu image and that solution worked! (im running container with privileged mode)
Image file:
FROM ubuntu:20.04
RUN apt-get update && \
apt-get -qy full-upgrade && \
apt-get -qy install sudo && \
apt-get install -qy curl && \
apt-get install -qy nginx && \
apt-get install -qy ca-certificates curl gnupg lsb-release && \
mkdir -p /etc/apt/keyrings && \
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
apt-get update && \
apt-get install -qy docker-ce docker-ce-cli containerd.io && \
curl -L "https://github.com/docker/compose/releases/download/1.28.6/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && \
chmod +x /usr/local/bin/docker-compose && \
rm /etc/nginx/sites-enabled/default
WORKDIR /home
COPY ****secret****
COPY ****secret****
COPY ****secret****
COPY docker /home/docker
COPY ****secret****
COPY ****secret****
COPY ****secret****
EXPOSE 3000 7777
COPY dockerized_build/entrypoint.sh /entrypoint.sh
RUN ["chmod", "+x", "/entrypoint.sh"]
ENTRYPOINT ["/entrypoint.sh"]
Entrypoint:
#!/bin/bash
sudo service docker start
sudo nginx -g daemon off;
sudo service nginx restart
cd /home/docker && sudo docker-compose up
All working fine after container creation, but if i want to restart container with docker restart or sudo docker restart it throws this error(its full container log):
mount: /sys/fs/cgroup/cpuset: permission denied.
mount: /sys/fs/cgroup/cpu: permission denied.
mount: /sys/fs/cgroup/cpuacct: permission denied.
mount: /sys/fs/cgroup/blkio: permission denied.
mount: /sys/fs/cgroup/memory: permission denied.
mount: /sys/fs/cgroup/devices: permission denied.
mount: /sys/fs/cgroup/freezer: permission denied.
mount: /sys/fs/cgroup/net_cls: permission denied.
mount: /sys/fs/cgroup/perf_event: permission denied.
mount: /sys/fs/cgroup/net_prio: permission denied.
mount: /sys/fs/cgroup/hugetlb: permission denied.
mount: /sys/fs/cgroup/pids: permission denied.
mount: /sys/fs/cgroup/rdma: permission denied.
mount: /sys/fs/cgroup/misc: permission denied.
* Starting Docker: docker [ OK ]
nginx: invalid option: "off"
* Restarting nginx nginx [ OK ]
Traceback (most recent call last):
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1277, in request
File "http/client.py", line 1323, in _send_request
File "http/client.py", line 1272, in endheaders
File "http/client.py", line 1032, in _send_output
File "http/client.py", line 972, in send
File "docker/transport/unixconn.py", line 43, in connect
ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "requests/adapters.py", line 449, in send
File "urllib3/connectionpool.py", line 727, in urlopen
File "urllib3/util/retry.py", line 410, in increment
File "urllib3/packages/six.py", line 734, in reraise
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1277, in request
File "http/client.py", line 1323, in _send_request
File "http/client.py", line 1272, in endheaders
File "http/client.py", line 1032, in _send_output
File "http/client.py", line 972, in send
File "docker/transport/unixconn.py", line 43, in connect
urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionRefusedError(111, 'Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "docker/api/client.py", line 214, in _retrieve_server_version
File "docker/api/daemon.py", line 181, in version
File "docker/utils/decorators.py", line 46, in inner
File "docker/api/client.py", line 237, in _get
File "requests/sessions.py", line 543, in get
File "requests/sessions.py", line 530, in request
File "requests/sessions.py", line 643, in send
File "requests/adapters.py", line 498, in send
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionRefusedError(111, 'Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "docker-compose", line 3, in <module>
File "compose/cli/main.py", line 81, in main
File "compose/cli/main.py", line 198, in perform_command
File "compose/cli/command.py", line 70, in project_from_options
File "compose/cli/command.py", line 153, in get_project
File "compose/cli/docker_client.py", line 43, in get_client
File "compose/cli/docker_client.py", line 170, in docker_client
File "docker/api/client.py", line 197, in __init__
File "docker/api/client.py", line 222, in _retrieve_server_version
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', ConnectionRefusedError(111, 'Connection refused'))
[128] Failed to execute script docker-compose
Any suggestions? I really got stuck on that problem :(
Its working finally!! For everyone else solution was to shutdown docker inside docker before container shutdown.
Entrypoint:
#!/usr/bin/env bash
sudo service docker start
sudo service nginx restart
cd /home/docker && sudo docker-compose up -d
onContainerStop() {
echo "Container stopped, performing docker restart procedure..."
# shellcheck disable=SC2046
sudo docker stop $(docker ps -aq)
sudo service docker stop
sudo service nginx stop
}
trap 'onContainerStop' SIGTERM
while true; do :; done
Related
I'm using a docker image on AWS lambda. In my dockerfile, I've installed an executable (the pulumi cli tool) and confirmed successful installation by running RUN pulumi -version.
When I try to invoke this executable through my lambda, I get permission denied errors from python Popen:
2023-01-25T14:41:45 ws = pulumi.automation.LocalWorkspace(work_dir="/tmp/", pulumi_home="/tmp/.pulumi")
2023-01-25T14:41:45 File "/var/lang/lib/python3.9/site-packages/pulumi/automation/_local_workspace.py", line 125, in __init__
2023-01-25T14:41:45 pulumi_version = self._get_pulumi_version()
2023-01-25T14:41:45 File "/var/lang/lib/python3.9/site-packages/pulumi/automation/_local_workspace.py", line 411, in _get_pulumi_version
2023-01-25T14:41:45 result = self._run_pulumi_cmd_sync(["version"])
2023-01-25T14:41:45 File "/var/lang/lib/python3.9/site-packages/pulumi/automation/_local_workspace.py", line 430, in _run_pulumi_cmd_sync
2023-01-25T14:41:45 return _run_pulumi_cmd(args, self.work_dir, envs, on_output)
2023-01-25T14:41:45 File "/var/lang/lib/python3.9/site-packages/pulumi/automation/_cmd.py", line 55, in _run_pulumi_cmd
2023-01-25T14:41:45 with subprocess.Popen(
2023-01-25T14:41:45 File "/var/lang/lib/python3.9/site-packages/sentry_sdk/integrations/stdlib.py", line 193, in sentry_patched_popen_init
2023-01-25T14:41:45 rv = old_popen_init(self, *a, **kw) # type: ignore
2023-01-25T14:41:45 File "/var/lang/lib/python3.9/subprocess.py", line 951, in __init__
2023-01-25T14:41:45 self._execute_child(args, executable, preexec_fn, close_fds,
2023-01-25T14:41:45 File "/var/lang/lib/python3.9/subprocess.py", line 1821, in _execute_child
2023-01-25T14:41:45 raise child_exception_type(errno_num, err_msg, err_filename)
2023-01-25T14:41:45 PermissionError: [Errno 13] Permission denied: 'pulumi'[INFO]
I think this is a generic lambda permissions issue, but some extra context in case it is helpful: I'm using the pulumi-python library, which invokes this pulumi cli app via subprocess.
How can I ensure that things I install in my Dockerfile are executable by the lambda user?
Directions I tried:
chmod -R a+wrx /root/.pulumi - this command runs ok but I still get the permission error when trying to invoke the executable
I notice that my lambda user is sbx_user1051, so I tried to chown -R sbx_user1051 /root/.pulumi - this fails, saying there is no such user. That makes it seem like the lambda user is created after I deploy my docker image
In the end I resolved this by moving the installation out of the /root folder into the folder lambda uses as the workspace for task execution:
FROM public.ecr.aws/lambda/python:3.9-x86_64
RUN yum install -y \
tar \
gzip \
ca-certificates \
curl \
which \
&& yum clean all
# install pulumi - this will go to the current user's home: /root
RUN curl -fsSL https://get.pulumi.com | sh
# move pulumi to the lambda function's task root folder
RUN mv /root/.pulumi/ ${LAMBDA_TASK_ROOT}
# grant appropriate permissions
RUN chmod -R a+wrx ${LAMBDA_TASK_ROOT}/.pulumi
RUN chmod a+x ${LAMBDA_TASK_ROOT}/.pulumi/bin/pulumi
# add to path
ENV PATH="${PATH}:${LAMBDA_TASK_ROOT}/.pulumi/bin"
...
This is my application structure:
project/
├── Dockerfile
├── example_api
│ └── main.py
└── requirements.txt
Here is the Dockerfile
FROM python:3.9-slim
COPY ./example_api /app/src
COPY ./requirements.txt /app
WORKDIR /app
RUN pip3 install -r requirements.txt
EXPOSE 8000
CMD ["uvicorn", "example_api.main:app", "--host=0.0.0.0", "--reload"]
building with
docker build -t siddesh-fastapi:0.1 .
running with
docker run -p 8000:8000 --name siddesh-test-api siddesh-fastapi:0.1
error message
INFO: Will watch for changes in these directories: ['/app']
INFO: Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit)
INFO: Started reloader process [1] using watchgod
Process SpawnProcess-1:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/local/lib/python3.9/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/usr/local/lib/python3.9/site-packages/uvicorn/subprocess.py", line 76, in subprocess_started
target(sockets=sockets)
File "/usr/local/lib/python3.9/site-packages/uvicorn/server.py", line 68, in run
return asyncio.run(self.serve(sockets=sockets))
File "/usr/local/lib/python3.9/asyncio/runners.py", line 44, in run
return loop.run_until_complete(main)
File "uvloop/loop.pyx", line 1501, in uvloop.loop.Loop.run_until_complete
File "/usr/local/lib/python3.9/site-packages/uvicorn/server.py", line 76, in serve
config.load()
File "/usr/local/lib/python3.9/site-packages/uvicorn/config.py", line 448, in load
self.loaded_app = import_from_string(self.app)
File "/usr/local/lib/python3.9/site-packages/uvicorn/importer.py", line 24, in import_from_string
raise exc from None
File "/usr/local/lib/python3.9/site-packages/uvicorn/importer.py", line 21, in import_from_string
module = importlib.import_module(module_str)
File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
File "<frozen importlib._bootstrap>", line 972, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
File "<frozen importlib._bootstrap>", line 984, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'example_api'
I guess I am missing something in the Dockerfile?
I'm running Ansible in a container and getting:
ansible-playbook --version
Unhandled error:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/ansible/utils/path.py", line 85, in makedirs_safe
os.makedirs(b_rpath, mode)
File "/usr/lib/python3.8/os.py", line 213, in makedirs
makedirs(head, exist_ok=exist_ok)
File "/usr/lib/python3.8/os.py", line 223, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: b'/.ansible'
and more errors including
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/ansible-playbook", line 62, in <module>
import ansible.constants as C
File "/usr/local/lib/python3.8/dist-packages/ansible/constants.py", line 174, in <module>
config = ConfigManager()
File "/usr/local/lib/python3.8/dist-packages/ansible/config/manager.py", line 291, in __init__
self.update_config_data()
File "/usr/local/lib/python3.8/dist-packages/ansible/config/manager.py", line 571, in update_config_data
raise AnsibleError("Invalid settings supplied for %s: %s\n" % (config, to_native(e)), orig_exc=e)
ansible.errors.AnsibleError: Invalid settings supplied for DEFAULT_LOCAL_TMP: Unable to create local directories(/.ansible/tmp): [Errno 13] Permission denied: b'/.ansible'
This is the Dockerfile I'm using:
FROM ubuntu
ENV ANSIBLE_VERSION 2.9.9
# Install Ansible.
RUN apt-get update && apt-get install -y curl unzip ca-certificates python3 python3-pip \
&& pip3 install ansible==${ANSIBLE_VERSION} \
&& apt-get clean all
# Define default command.
CMD ["/usr/bin/bash"]
This works locally. But it does not inside a docker container in EKS.
Any idea what's wrong?
I was having the same problem. I am running Jenkins in a docker container. I tried three different GitHub ansible images. None of that mattered. What worked was changing this ...
stage('Execute AD Hoc Ansible.') {
steps {
script {
sh """
ansible ${PATTERN} -i ${INVENTORY} -l "${LIMIT}" -m ${MODULE} -a ${DASH_A} ${EXTRA_PARAMS}
"""
}
}
}
... to this ...
stage('Execute AD Hoc Ansible.') {
steps {
script {
env.DEFAULT_LOCAL_TMP = env.WORKSPACE_TMP
env.HOME = env.WORKSPACE
sh """
ansible ${PATTERN} -i ${INVENTORY} -l "${LIMIT}" -m ${MODULE} -a ${DASH_A} ${EXTRA_PARAMS}
"""
}
}
}
Note I had to set env vars with these lines:
env.DEFAULT_LOCAL_TMP = env.WORKSPACE_TMP
env.HOME = env.WORKSPACE
Following this thread, I have solved it successfully.
https://stackoverflow.com/a/35180089/17758190
I have edited ansible.cfg in your ansible
remote_tmp = /tmp/.ansible/tmp
I have the following Python script, example.py:
import redis
r = redis.Redis()
r.set('a','b')
and the following Dockerfile:
FROM ubuntu:18.04
# Install system-wide dependencies
RUN apt-get -yqq update
RUN apt-get -yqq install python3-dev python3-pip
RUN apt-get -yqq install redis-tools redis-server
RUN pip3 install redis
# Copy application code
ADD . /usr/local/example
WORKDIR /usr/local/example
# Start application
CMD /etc/init.d/redis-server restart \
&& python3 example.py
After I build the container (docker build -t redis-example .) and run it (docker run -P -it -d redis-example), the following stack trace is printed:
Stopping redis-server: redis-server.
Starting redis-server: redis-server.
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/redis/connection.py", line 484, in connect
sock = self._connect()
File "/usr/local/lib/python3.6/dist-packages/redis/connection.py", line 541, in _connect
raise err
File "/usr/local/lib/python3.6/dist-packages/redis/connection.py", line 529, in _connect
sock.connect(socket_address)
OSError: [Errno 99] Cannot assign requested address
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/redis/client.py", line 667, in execute_command
connection.send_command(*args)
File "/usr/local/lib/python3.6/dist-packages/redis/connection.py", line 610, in send_command
self.send_packed_command(self.pack_command(*args))
File "/usr/local/lib/python3.6/dist-packages/redis/connection.py", line 585, in send_packed_command
self.connect()
File "/usr/local/lib/python3.6/dist-packages/redis/connection.py", line 489, in connect
raise ConnectionError(self._error_message(e))
redis.exceptions.ConnectionError: Error 99 connecting to localhost:6379. Cannot assign requested address.
I'm not sure why this very simple example is failing in Docker. I'd like to run an instance of a Redis server local to the Docker container.
It does not need to be reachable outside of the container and should be unique to the container.
How can I resolve this exception?
Running Raku (previously aka Perl 6) kernel in Jupyter notebook would be great for reproducibility and ease of use (personal view).
I wanted to run the Perl 6 notebook in a docker container and access it in my web browser. For this I created this docker image.
The code to create the docker image was:
FROM sumankhanal/rakudo:2019.07.1
RUN apt-get update \
&& apt-get install -y ca-certificates python3-pip && pip3 install jupyter notebook \
&& zef install Jupyter::Kernel --force-test
ENV TINI_VERSION v0.6.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/bin/tini
RUN chmod +x /usr/bin/tini
ENTRYPOINT ["/usr/bin/tini", "--"]
EXPOSE 8888
CMD ["jupyter", "notebook", "--port=8888", "--no-browser", "--ip=0.0.0.0"]
I am on Windows 10 64 bit and IP address of my docker is 192.168.99.100.
When I tried to run the container with this code:
docker run -it -p 8888:8888 sumankhanal/raku-notebook in the docker terminal
I get this error:
$ docker run -it -p 8888:8888 sumankhanal/raku-notebook
[I 14:26:43.598 NotebookApp] Writing notebook server cookie secret to /root/.local/share/jupyter/runtime/notebook_cookie_secret
Traceback (most recent call last):
File "/usr/local/bin/jupyter-notebook", line 11, in <module>
sys.exit(main())
File "/usr/local/lib/python3.5/dist-packages/jupyter_core/application.py", line 267, in launch_instance
return super(JupyterApp, cls).launch_instance(argv=argv, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/traitlets/config/application.py", line 657, in launch_instance
app.initialize(argv)
File "<decorator-gen-7>", line 2, in initialize
File "/usr/local/lib/python3.5/dist-packages/traitlets/config/application.py", line 87, in catch_config_error
return method(app, *args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/notebook/notebookapp.py", line 1296, in initialize
self.init_webapp()
File "/usr/local/lib/python3.5/dist-packages/notebook/notebookapp.py", line 1120, in init_webapp
self.http_server.listen(port, self.ip)
File "/usr/local/lib/python3.5/dist-packages/tornado/tcpserver.py", line 142, in listen
sockets = bind_sockets(port, address=address)
File "/usr/local/lib/python3.5/dist-packages/tornado/netutil.py", line 197, in bind_sockets
sock.bind(sockaddr)
OSError: [Errno 99] Cannot assign requested address
Any help ?
You need to add --allow-root in the CMD of your Dockerfile. Also you need to link the kernel with jupyter in your dockerfile
jupyter-kernel.p6 --generate-config
Once you do that you will be able to see the dockerfile. I also noticed that your images size is very huge, you should try and find a better base image for jupyter rather than the one you have.
For more details about installing kernels refer to the below link
https://jupyter.readthedocs.io/en/latest/install-kernel.html