I have created this simple docker-compose.yml where there are two services. One is the main service (ubuntu) which I want to execute docker commands isolated from docker host. The other one is the docker dind service without TLS, which should act as docker daemon for the Ubuntu container.
docker-compose.yml
version: '3.9'
services:
dind:
image: docker:dind
container_name: dind
privileged: true
restart: unless-stopped
ubuntu:
build: .
container_name: ubuntu
privileged: true
stdin_open: true
tty: true
environment:
DOCKER_HOST: tcp://dind:2375
depends_on:
- dind
This is also the Dockerfile needed to build ubuntu service:
Dockerfile
FROM ubuntu:focal
ARG DEBIAN_FRONTEND=noninteractive
# Configure APT
RUN apt-get update \
&& apt-get -y install \
apt-utils \
dialog \
fakeroot \
software-properties-common
RUN apt-get update && apt-get -y install \
ca-certificates \
curl \
gnupg \
lsb-release \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
&& echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update && apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin
I'm trying to use docker-compose up and the exec docker ps into the container. But it cannot connect to the docker daemon running on dind service:
eduardo#pc:~$ docker-compose up -d
dind is up-to-date
ubuntu is up-to-date
eduardo#pc:~$ docker exec -it ubuntu docker ps
Cannot connect to the Docker daemon at tcp://dind:2375. Is the docker daemon running?
What I don't understand is why it doesn't detect the daemon running in dind from the Ubuntu container.
Is there any solution to this problem? If there is no request without TLS, it can also be done with TLS, I don't care.
Edit: I checked if DinD container is running at the time I execute docker ps in ubuntu container and yes is running.
eduardo#pc:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fdc141223f33 docker:dind "dockerd-entrypoint.…" About a minute ago Up About a minute 2375-2376/tcp dind
bb68d3298522 docker-compose-example_ubuntu "bash" 3 minutes ago Up 3 minutes ubuntu
Here is a working example with more recent versions (it does use TLS):
version: '3'
services:
docker:
image: docker:20.10.17-dind-alpine3.16
privileged: yes
volumes:
- certs:/certs
docker-client:
image: docker:20.10.17-cli
command: sh -c 'while [ 1 ]; do sleep 1; done'
environment:
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: /certs/client
volumes:
- certs:/certs
volumes:
certs:
It seems that using docker:18.09-dind as base image instead of docker:dind works:
version: '3.9'
services:
dind:
image: docker:18.09-dind
container_name: dind
privileged: true
restart: unless-stopped
ubuntu:
build: .
container_name: ubuntu
privileged: true
stdin_open: true
tty: true
environment:
DOCKER_HOST: tcp://dind:2375
depends_on:
- dind
Output:
eduardo#pc:~$ docker-compose up -d
dind is up-to-date
ubuntu is up-to-date
eduardo#pc:~$ docker exec -it ubuntu docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Related
I can access to the target with ssh password and with the private key from Jenkins bash, I configured SSH sites on jenkins with the same host, User and private key I get the next error:
Docker logs:
2022-09-23 05:06:52.357+0000 [id=71] SEVERE o.j.h.p.SSHBuildWrapper$DescriptorImpl#doLoginCheck: Auth fail 2022-09-23 05:06:52.367+0000 [id=71] SEVERE o.j.h.p.SSHBuildWrapper$DescriptorImpl#doLoginCheck: Can't connect to server
Docker-compose:
version: '3'
services:
jenkins:
container_name: jenkins
image: jenkins/jenkins
ports:
- "8080:8080"
volumes:
- $PWD/jenkins_home:/var/jenkins_home
networks:
- net
remote_host:
container_name: remote-host
image: remote-host
build:
context: fedora
dockerfile: Dockerfile
networks:
- net
db_host:
container_name: db
image: mysql:5.7
environment:
- "MYSQL_ROOT_PASSWORD=PASSWORD"
volumes:
- "$PWD/db:/var/lib/mysql"
networks:
- net
networks:
net:
DockerFile:
FROM fedora
RUN yum update -y
RUN yum -y install unzip
RUN yum -y install openssh-server
RUN useradd RemoteUser && \
echo "RemoteUser:Password"| chpasswd && \
mkdir /home/madchabelo/.ssh && \
chmod 700 /home/madchabelo/.ssh
COPY remote-ki.pub /home/madchabelo/.ssh/authorized_keys
RUN chown madchabelo:madchabelo -R /home/madchabelo/.ssh/ && \
chmod 600 /home/madchabelo/.ssh/authorized_keys
RUN ssh-keygen -A
RUN yum -y install mysql
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
unzip awscliv2.zip && \
sudo ./aws/install
RUN yum -y install vim
CMD /usr/sbin/sshd -D
I try with the IP and I get the same.
regards
When creating a private key, you should create a code with the following command after version ubuntu 20.04.
ssh-keygen -t ecdsa -m PEM -f remote-key
For a more detailed explanation, see the link below:
https://community.jenkins.io/t/ssh-connection-auth-fail/4121/7
Yesterday I created 1 network and 3 containers for prestashop, phpmyadmin and mysql.
I saved them by running a docker save command and today when I came back my containers are still working on the specified ports however I can't see the containers by running docker ps -a. Also the prestashop folder is not writable anymore.
How can I see where my docker containers that are running ?
docker ps -a :
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
docker network ls :
NETWORK ID NAME DRIVER SCOPE
e03870bf5fec bridge bridge local
63cfaacfbb2e chrono bridge local
c23a0b85edb9 host host local
1ae1b68b12c0 none null local
docker images :
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 5fab8d650e42 4 hours ago 657MB
prestadock_apache latest 740c640530f3 2 days ago 657MB
phpmyadmin latest f7fd780fedba 7 days ago 469MB
php 7.4-apache 899ab23566b7 7 days ago 414MB
mysql latest c8562eaf9d81 10 days ago 546MB
docker-compose.yml :
version: "3.8"
services:
db:
image: mysql:latest
command: --default-authentication-plugin=mysql_native_password
container_name: chrono_db
restart: always
volumes:
- db-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=root
networks:
- dev
phpmyadmin:
image: phpmyadmin:latest
container_name: chrono_phpmyadmin
restart: always
depends_on:
- db
ports:
- 8081:80
environment:
PMA_HOST: db
networks:
- dev
apache:
build: php
container_name: chrono_prestashop
ports:
- 8080:80
volumes:
- ./php/vhosts:/etc/apache2/sites-enabled
- ./:/var/www/html
restart: always
networks:
- dev
networks:
dev:
volumes:
db-data:
Dockerfile :
FROM php:7.4-apache
RUN echo "ServerName localhost" >> /etc/apache2/apache2.conf
RUN apt-get update \
&& apt-get install -y --no-install-recommends locales apt-utils git libicu-dev g++ libpng-dev libxml2-dev libzip-dev libonig-dev libxslt-dev;
RUN echo "en_US.UTF8 UTF8" > /etc/locale.gen && \
echo "fr_FR.UTF-8 UTF-8" >> /etc/locale.gen && \
locale-gen
RUN curl -sSk https://getcomposer.org/installer | php -- --disable-tls && \
mv composer.phar /usr/local/bin/composer
RUN docker-php-ext-configure intl
RUN docker-php-ext-install pdo pdo_mysql gd opcache intl zip calendar dom mbstring zip gd xsl
RUN pecl install apcu && docker-php-ext-enable apcu
RUN a2enmod rewrite && service apache2 restart
RUN chown -R www-data:w
Here is the error after running docker-compose up -d :
ERROR: for chrono_prestashop Cannot start service apache: driver failed programming external connectivity on endpoint chronopiles_prestashop (11458be3c31e5f1107770b98ec5e56c645ac9e68b742fd4eb41ad965bd641e9c): Error starting userland proxy: listen tcp 0.0.0.0:8080: bind: address already in use
Can anybody help me? This docker-compose file worked for me a few days ago with docker command available inside the container, but now it throws: docker: not found inside.
The docker daemon on the host is on /usr/local/bin/docker. It's a mac.
Any idea? Could you help me to try this on yours guys? Thks
version: '3'
services:
jenkins:
container_name: jenkins
image: jenkins
build:
context: jenkins
# entrypoint: /var/jenkins_home/entrypoint
ports:
- "8080:8080"
volumes:
- $PWD/jenkins_home:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
environment:
- AWS_ACCESS_KEY_ID=xxxxx
- AWS_SECRET_ACCESS_KEY=xxxxx
networks:
- net
remote_host:
container_name: remote-host
image: remote-host
build:
context: centos
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- net
db_host:
container_name: db
image: mysql:5.7
environment:
- MYSQL_ROOT_PASSWORD=1234
networks:
- net
networks:
net:
Dockerfile for remote_host service is the following:
RUN yum install -y openssh-server
RUN useradd remote_user && \
echo "1234" | passwd remote_user --stdin && \
mkdir /home/remote_user/.ssh && \
chmod 700 /home/remote_user/.ssh
COPY remote-key.pub /home/remote_user/.ssh/authorized_keys
RUN chown remote_user:remote_user -R /home/remote_user && \
chmod 600 /home/remote_user/.ssh/authorized_keys
RUN /usr/sbin/sshd-keygen > /dev/null 2>&1
RUN yum install -y mysql
RUN yum install -y epel-release && \
yum install -y python-pip && \
pip install --upgrade pip && \
pip install awscli
# CMD /usr/sbin/sshd-keygen -D
CMD tail -f /dev/null
I have a docker-compose file that runs a few services.
services:
cli:
build:
context: .
dockerfile: docker/cli/Dockerfile
volumes:
- ./drupal8site:/var/www/html/drupal8site
drupal:
container_name: drupal
build:
context: .
dockerfile: docker/DockerFile.drupal
args:
DOC_ROOT: /var/www/html/drupal8site
ports:
- 80:80
volumes:
- ./drupal8site:/var/www/html/drupal8site
restart: always
environment:
APACHE_DOCUMENT_ROOT: /var/www/html/drupal8site/web
mysql:
image: mysql:5.7
ports:
- 3306:3306
volumes:
- ./mysql:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
I would like to add another service which will be a container in which I could run CLI commands (composer, drush for drupal, php, etc).
The following Dockerfile was how I initially defined the cli service but it stops right after it is run. How do I define it so it is part of my docker-compose, shares my mounted volume, and I can interactively connect to it and run CLI commands on it ?
FROM php:7.2-cli
#various programs
RUN apt-get update \
&& apt-get install vim --assume-yes \
&& apt-get install git --assume-yes \
&& apt-get install mysql-client --assume-yes
CMD ["bash"]
Thanks,
Yaron
If you want to run automated scripts on docker images this is obviously a job for a ci-pipeline. You can use CloudFoundry or OpenStack to do this.
But there are many other questions in this post:
1.) How can i share my mounted volume:
You can pass a volume with the -v option to a container. e.g.:
docker run -it -d -v $(pwd)/localFolder:/exposedFolderFromDocker mydockerhub/myawesomeimage
2.) Can I interactively connect to it and run CLI commands on it
docker exec -it docker_cli_1 bash
I recommend to implement features of an docker-image to the individual docker-images Dockerfile. For example copying and running a prepared shell-script:
# your Dockerfile
FROM php:7.2-cli
#various programs
RUN apt-get update \
&& apt-get install vim --assume-yes \
&& apt-get install git --assume-yes \
&& apt-get install mysql-client --assume-yes
# individual changes
COPY your_script.sh /
RUN chown root:root /your_script.sh && \
chmod 0755 /your_script.sh
CMD ["/your_script.sh"]
# a folder to expose
VOLUME /exposedFolderFromDocker
CMD ["bash"]
I'm new to docker and try to convert my actual web stack in it.
Currently I use this configuration:
varnish -> nginx -> php-fpm -> mysql
I have already convert php-fpm and nginx and now tries varnish.
When I run my image with a command, all is fine but when I put it in docker-compose my container restart indefinitely.
Command:
name="varnish"
cd $installDirectory/$name
docker build -t $name .
docker rm -f $(docker ps -a | grep $name | cut -d' ' -f1)
docker run -d -P --name $name \
-p 80:80 \
--link nginx:nginx \
-v /home/webstack/varnish/:/etc/varnish/ \
-t $name
My docker-compose.yml:
php-fpm:
restart: always
build: ./php-fpm
volumes:
- "/home/webstack/www/:/var/www/"
nginx:
restart: always
build: ./nginx
ports:
- "8080:8080"
volumes:
- "/home/webstack/nginx/:/etc/nginx/"
- "/home/webstack/log/:/var/log/nginx/"
- "/home/webstack/www/:/var/www/"
links:
- "php-fpm:php-fpm"
varnish:
restart: always
build: ./varnish
ports:
- "80:80"
volumes:
- "/home/webstack/varnish/:/etc/varnish/"
links:
- "nginx:nginx"
I have no result with docker logs webstack_varnish_1 and docker ps -a result show:
688c5aace1b3 webstack_varnish "/bin/bash" 16 seconds ago Restarting (0) 5 seconds ago 0.0.0.0:80->80/tcp
Here you can see my Dockerfile:
FROM debian:jessie
# Update apt sources
RUN apt-get -qq update
RUN apt-get install -y curl apt-transport-https
RUN sh -c "curl https://repo.varnish-cache.org/GPG-key.txt | apt-key add -"
RUN echo "deb https://repo.varnish-cache.org/debian/ jessie varnish-4.1" > /etc/apt/sources.list.d/varnish-cache.list
# Update the package repository
RUN apt-get -qq update
# Install varnish
RUN apt-get install -y varnish
# Expose port 80
EXPOSE 80
What I am doing wrong please?
Regards.
Your varnish Dockerfile seems to be missing ENTRYPOINT and/or CMD directives that would actually launch Varnish.
We have found the solution here :
https://github.com/docker/compose/issues/2563
I have to add tty: true to my varnish config.
Regards.