I want to launch a Docker container in a host from a rootless container.
Example:
I have an Ubuntu VM running: gcr.io/news-ml-257304/mycontainer:latest which is rootless.
From this container I want to be able to execute this command:
docker run --network=host -v {connection_file}:/connection-spec gcr.io/news-ml-257304/mycontainer2
and mycontainer2 should start in Ubuntu VM . (Outside mycontainer). Is it possible?
I installed Docker rootless successfully. I can run a rootless container mycontainer successfully.
I'm currently following this guide:
https://docs.docker.com/engine/security/rootless/#prerequisites
docker -v
Docker version 20.10.12, build e91ed57
lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
In Host machine:
echo $DOCKER_HOST
unix:///run/user/1000/docker.sock
systemctl --user status docker
● docker.service - Docker Application Container Engine (Rootless)
Loaded: loaded (/home/gogasca/.config/systemd/user/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-02-13 01:16:14 UTC; 9min ago
Docs: https://docs.docker.com/go/rootless/
Main PID: 28166 (rootlesskit)
CGroup: /user.slice/user-1000.slice/user#1000.service/docker.service
├─28166 rootlesskit --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propaga
├─28177 /proc/self/exe --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --prop
├─28195 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 28177 tap0
├─28202 dockerd
├─28217 containerd --config /run/user/1000/docker/containerd/containerd.toml --log-level info
├─29019 fuse-overlayfs -o lowerdir=/home/gogasca/.local/share/docker/fuse-overlayfs/l/QJ2Y7NAKB4N3ABA4CVINPOT64L:/home/gogasca/.local/share/docker/fuse-overlayfs/l/ZDXAGGP2VO2K7FWWEZYSJ2FK5
├─29026 /usr/bin/rootlesskit-docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 8080 -container-ip 172.17.0.2 -container-port 8080
├─29031 docker-proxy -container-ip 172.17.0.2 -container-port 8080 -host-ip 127.0.0.1 -host-port 8080 -proto tcp
├─29047 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 624b2dbfc5f54272ef8fdf8a5a59da9d3be0d1292e2fdd2f2b22bd0ac0aee21b -address /run/user/1000/docker/containerd/containerd.sock
└─29068 /opt/conda/bin/python3.7 /opt/conda/bin/jupyter-lab --ip=0.0.0.0 --port=8080 --no-browser --allow-root --NotebookApp.token= --NotebookApp.password= --ServerApp.allow_origin=*
Feb 13 01:16:14 a-experiment-debian dockerd-rootless.sh[28166]: time="2022-02-13T01:16:14.516248592Z" level=info msg="Loading containers: start."
Feb 13 01:16:14 a-experiment-debian dockerd-rootless.sh[28166]: time="2022-02-13T01:16:14.889430212Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon opti
Feb 13 01:16:14 a-experiment-debian dockerd-rootless.sh[28166]: time="2022-02-13T01:16:14.977066622Z" level=info msg="Loading containers: done."
Feb 13 01:16:14 a-experiment-debian dockerd-rootless.sh[28166]: time="2022-02-13T01:16:14.992309698Z" level=info msg="Docker daemon" commit=459d0df graphdriver(s)=fuse-overlayfs version=20.10.12
Feb 13 01:16:14 a-experiment-debian dockerd-rootless.sh[28166]: time="2022-02-13T01:16:14.992798123Z" level=info msg="Daemon has completed initialization"
Feb 13 01:16:15 a-experiment-debian dockerd-rootless.sh[28166]: time="2022-02-13T01:16:15.023274713Z" level=info msg="API listen on /run/user/1000/docker.sock"
Feb 13 01:19:20 a-experiment-debian dockerd-rootless.sh[28166]: time="2022-02-13T01:19:20.515794206Z" level=info msg="starting signal loop" namespace=moby path=/run/.ro729122400/user/1000/docker/conta
This is how I start mycontainer
docker run -d -p 127.0.0.1:8080:8080/tcp gcr.io/news-ml-257304/mycontainer:latest -v /home/gogasca/local/:/home/jupyter -e DOCKER_HOST=$DOCKER_HOST
When I access mycontainer and check docker I get:
docker exec -it 624b2dbfc5f5 /bin/bash
docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
In Host:
echo $DOCKER_HOST
unix:///run/user/1000/docker.sock
In mycontainer DOCKER_HOST shows empty
echo $DOCKER_HOST
This post is five months old, so you've probably already figured this out, but:
Try adding
-v /run/user/1000/docker.sock:/var/run/docker.sock
Related
I am trying to use docker compose with inellij but it does not connect. Here is the out of
sudo systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-05-30 22:57:39 +04; 17min ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 3820 (dockerd)
Tasks: 27 (limit: 9308)
Memory: 53.9M
CPU: 3.267s
CGroup: /system.slice/docker.service
├─ 3820 /usr/bin/dockerd -H fd://
└─ 3832 containerd --config /var/run/docker/containerd/containerd.toml --log-level info
May 30 22:57:39 albert-80nv dockerd[3820]: time="2022-05-30T22:57:39.578835983+04:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///v>
May 30 22:57:39 albert-80nv dockerd[3820]: time="2022-05-30T22:57:39.578850600+04:00" level=info msg="ClientConn switching balancer to \"pick_first\"" modu>
May 30 22:57:39 albert-80nv dockerd[3820]: time="2022-05-30T22:57:39.580713487+04:00" level=info msg="[graphdriver] using prior storage driver: btrfs"
May 30 22:57:39 albert-80nv dockerd[3820]: time="2022-05-30T22:57:39.584726242+04:00" level=info msg="Loading containers: start."
May 30 22:57:39 albert-80nv dockerd[3820]: time="2022-05-30T22:57:39.678110934+04:00" level=info msg="Default bridge (docker0) is assigned with an IP addre>
May 30 22:57:39 albert-80nv dockerd[3820]: time="2022-05-30T22:57:39.716490285+04:00" level=info msg="Loading containers: done."
May 30 22:57:39 albert-80nv dockerd[3820]: time="2022-05-30T22:57:39.725192175+04:00" level=info msg="Docker daemon" commit=f756502055 graphdriver(s)=btrfs>
May 30 22:57:39 albert-80nv dockerd[3820]: time="2022-05-30T22:57:39.725256842+04:00" level=info msg="Daemon has completed initialization"
May 30 22:57:39 albert-80nv systemd[1]: Started Docker Application Container Engine.
May 30 22:57:39 albert-80nv dockerd[3820]: time="2022-05-30T22:57:39.748038554+04:00" level=info msg="API listen on /run/docker.sock"
id
id=1000(albert) gid=1000(albert) groups=1000(albert),3(sys),90(network),98(power),961(docker),991(lp),998(wheel)
and
ps aux | grep docker
root 3820 0.0 0.5 1742604 46792 ? Ssl 22:57 0:00 /usr/bin/dockerd -H fd://
root 3832 0.2 0.3 1639784 30568 ? Ssl 22:57 0:03 containerd --config /var/run/docker/containerd/containerd.toml --log-level info
albert 5144 0.0 0.0 7012 2560 pts/1 S+ 23:21 0:00 grep --colour=auto docker
As you can see docker daemon is not among the running processes, but the docker. service is active and I am pretty sure all permissions have been set correctly. So what can I do here?
I run
systemctl status docker
and get
docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-05-22 01:13:39 EDT; 2min 58s ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 29937 (dockerd)
Tasks: 16
Memory: 44.2M
CGroup: /system.slice/docker.service
└─29937 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
May 22 01:13:38 mbfgdell dockerd[29937]: time="2021-05-22T01:13:38.546418221-04:00" level=warning msg="Your kernel>
May 22 01:13:38 mbfgdell dockerd[29937]: time="2021-05-22T01:13:38.546439612-04:00" level=warning msg="Your kernel>
May 22 01:13:38 mbfgdell dockerd[29937]: time="2021-05-22T01:13:38.546456513-04:00" level=warning msg="Your kernel>
May 22 01:13:38 mbfgdell dockerd[29937]: time="2021-05-22T01:13:38.546810704-04:00" level=info msg="Loading contai>
May 22 01:13:38 mbfgdell dockerd[29937]: time="2021-05-22T01:13:38.865868481-04:00" level=info msg="Default bridge>
May 22 01:13:39 mbfgdell dockerd[29937]: time="2021-05-22T01:13:39.027302568-04:00" level=info msg="Loading contai>
May 22 01:13:39 mbfgdell dockerd[29937]: time="2021-05-22T01:13:39.173496789-04:00" level=info msg="Docker daemon">
May 22 01:13:39 mbfgdell dockerd[29937]: time="2021-05-22T01:13:39.173625360-04:00" level=info msg="Daemon has com>
May 22 01:13:39 mbfgdell systemd[1]: Started Docker Application Container Engine.
May 22 01:13:39 mbfgdell dockerd[29937]: time="2021-05-22T01:13:39.258181088-04:00" level=info msg="API listen on >
but when i do
docker info
I get
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc., v0.7.0)
Server:
ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
errors pretty printing info
Does anyone know what's wrong here?
(i do see a docker.pid in /var/run, however i do NOT see a docker.sock in /var/run)
After further discovery, the socket file is here
/run/docker.sock
not /var/run/docker.sock
the systemd unit file for docker.socket looks like
cat docker.socket
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
not sure if the daemon or the client is wrong, and how to fix it???
UPDATE: hmm it seems if i create a symlink from /var/run/docker.sock to /run/docker.sock it works. Not great, but i guess i'll live with it
Use host and br to start two containers
docker run -d --name="nginx_host" --net="host" nginx
docker run -d --name nginx_br -p 8000:80 nginx
View the container list
[root#docker_base ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2754b6f0d93e nginx "/docker-entrypoint.…" 2 hours ago Up 2 hours 0.0.0.0:8000->80/tcp nginx_br
cb73872caa94 nginx "/docker-entrypoint.…" 2 hours ago Up 2 hours nginx_host
Show the problem
[root#docker_base ~]# curl localhost:8000
curl: (56) Recv failure: Connection reset by peer
[root#docker_base ~]# curl localhost:80
<!DOCTYPE html>
<html>
<head>
Why nginx_br can not be accessed?
========================
Some information
[root#docker_base ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since 二 2021-03-16 17:12:51 CST; 1h 49min ago
Docs: https://docs.docker.com
Main PID: 2278 (dockerd)
CGroup: /system.slice/docker.service
├─2278 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
└─2975 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8000 -container-ip 172.17.0.2 -container-port 80
3月 16 17:12:50 docker_base dockerd[2278]: time="2021-03-16T17:12:50.364215347+08:00" level=warning msg="[graphdriver] WARNING: the devicemapper storage-dr...e release"
3月 16 17:12:51 docker_base dockerd[2278]: time="2021-03-16T17:12:50.999168695+08:00" level=warning msg="Unable to find pids cgroup in mounts"
3月 16 17:12:51 docker_base dockerd[2278]: time="2021-03-16T17:12:51.000925360+08:00" level=info msg="Loading containers: start."
3月 16 17:12:51 docker_base dockerd[2278]: time="2021-03-16T17:12:51.298066663+08:00" level=info msg="Loading containers: done."
3月 16 17:12:51 docker_base dockerd[2278]: time="2021-03-16T17:12:51.754027070+08:00" level=info msg="Docker daemon" commit=363e9a8 graphdriver(s)=devicema...on=20.10.4
3月 16 17:12:51 docker_base dockerd[2278]: time="2021-03-16T17:12:51.754707862+08:00" level=info msg="Daemon has completed initialization"
3月 16 17:12:51 docker_base systemd[1]: Started Docker Application Container Engine.
3月 16 17:12:51 docker_base dockerd[2278]: time="2021-03-16T17:12:51.869090242+08:00" level=info msg="API listen on /var/run/docker.sock"
3月 16 17:19:45 docker_base dockerd[2278]: time="2021-03-16T17:19:45.903746502+08:00" level=info msg="ignoring event" container=3edc61d736b71ba79f5ed3b09fe...askDelete"
3月 16 18:51:45 docker_base dockerd[2278]: time="2021-03-16T18:51:45.978054059+08:00" level=info msg="ignoring event" container=c5959e50dfa8524bfefe60f8a01...askDelete"
Hint: Some lines were ellipsized, use -l to show in full.
[root#docker_base ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.000000000000 no vetha8d3493
[root#docker_base ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Here are some environment and network details
I could not solve it by restarting docker.
but,I set docker0 to promiscuous mode.This problem is solved
ifconfig docker0 promisc
Try to run the server in your Docker Container with ip 0.0.0.0 instead of localhost
Following this article on Jhipster, I build the project. I, however, can't run docker-compose. So, I try to figure out the problem. I walk step by step with this Docker-Compose article without luck.
$ sudo service docker status
docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-12-27 15:40:22 PST; 2 days ago
Docs: https://docs.docker.com
Main PID: 1960 (dockerd)
Tasks: 20 (limit: 4440)
Memory: 68.2M
CGroup: /system.slice/docker.service
├─1960 /usr/bin/dockerd -H fd://
└─2093 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --s
Dec 27 15:40:10 tk-PC dockerd[1960]: time="2018-12-27T15:40:10.493340278-08:00" level=warning msg="Your kernel does not support swap memory li
Dec 27 15:40:10 tk-PC dockerd[1960]: time="2018-12-27T15:40:10.493612101-08:00" level=warning msg="Your kernel does not support cgroup rt peri
Dec 27 15:40:10 tk-PC dockerd[1960]: time="2018-12-27T15:40:10.493681034-08:00" level=warning msg="Your kernel does not support cgroup rt runt
Dec 27 15:40:10 tk-PC dockerd[1960]: time="2018-12-27T15:40:10.496381656-08:00" level=info msg="Loading containers: start."
Dec 27 15:40:17 tk-PC dockerd[1960]: time="2018-12-27T15:40:17.498415923-08:00" level=info msg="Default bridge (docker0) is assigned with an I
Dec 27 15:40:19 tk-PC dockerd[1960]: time="2018-12-27T15:40:19.646853084-08:00" level=info msg="Loading containers: done."
Dec 27 15:40:22 tk-PC dockerd[1960]: time="2018-12-27T15:40:22.512083092-08:00" level=info msg="Daemon has completed initialization"
Dec 27 15:40:22 tk-PC dockerd[1960]: time="2018-12-27T15:40:22.512266914-08:00" level=info msg="Docker daemon" commit=89658be graphdriver=aufs
Dec 27 15:40:22 tk-PC dockerd[1960]: time="2018-12-27T15:40:22.553322342-08:00" level=info msg="API listen on /var/run/docker.sock"
Dec 27 15:40:22 tk-PC systemd[1]: Started Docker Application Container Engine.
$ sudo ls -la /var/run/docker.sock
srw-rw---- 1 root docker 0 Dec 27 15:39 /var/run/docker.sock
$ sudo usermod -aG docker ${USER}
$ docker-compose -f docker-compose.yml build --build-arg UID=$(id -u)
ERROR: Couldn't connect to Docker daemon at http+docker://localhost - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
The result of the last step is the same as "docker-compose up -d". According to the article, it would be a permission problem if the problem still exists at this point. How can I find what permission issue?
There are multiple ways you can solve this problem. Firstly try to export environment variable of docker host with command:
export DOCKER_HOST=/var/run/docker.sock
If it works you can add the same line to your bashrc config to save this export permanently.
If it doesn't work you can try to modify docker daemon config. It located in
/etc/docker/daemon.json
You'll need to append the localhost to your hosts like that:
"hosts": ["old_hosts_not_modified_only_append_new_one", "tcp://localhost:2376"],
and restart docker daemon using command:
service docker restart
Hope it gonna help ya
I configured docker daemon socket.I am able to start docker engine by "service docker start".If I try to check the status it display the content as
**
> **" docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor
> preset: disabled) Active: active (running) since Thu 2016-08-25
> 17:55:35 IST; 49s ago
> Docs: https://docs.docker.com Main PID: 13942 (dockerd) Memory: 22.7M CGroup: /system.slice/docker.service
> ├─13942 /usr/bin/dockerd
> ├─13948 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim
> docker-containerd-shim --metrics-interval=0 --start-timeout 2m
> --state-dir /var/run/docker/libcontainerd/containerd --runtime docker-runc
> └─14069 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5000 -container-ip 172.17.0.2 -container-port 5000 Aug 25 17:55:35 www.procifynow.com dockerd[13942]:
> time="2016-08-25T17:55:35.316805330+05:30" level=info msg="Daemon has
> completed initialization" Aug 25 17:55:35 www.procifynow.com
> dockerd[13942]: time="2016-08-25T17:55:35.316818523+05:30" level=info
> msg="Docker daemon" commit=23cf638 graphdriver=devicemapper
> version=1.12.1 Aug 25 17:55:35 www.procifynow.com dockerd[13942]:
> time="2016-08-25T17:55:35.321199525+05:30" level=info msg="API listen
> on /var/run/docker.sock" Aug 25 17:55:35 www.procifynow.com
> systemd[1]: Started Docker Application Container Engine. "**
**
but if i try to hit other commands like docker ps or info
It shows docker daemon is not running.
You can try to run those commands with sudo.
Or if you don't want to do that add your user to the docker group like this:
sudo groupadd docker
sudo gpasswd -a ${USER} docker
sudo service docker restart
That's what solved it for me at least.