I've defined the following container:
containers.abc123 = {
config = { config, pkgs, ... }:
{
systemd.user.services = {
finder = {
description = "finder";
enable = true;
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.coreutils}/bin/mkdir /tmp/hello";
Restart = "always";
RestartSec = 50;
};
wantedBy = [ "default.target" ];
};
};
};
};
Essentially a test finder service defined. However, this does not seem to work according to the output from:
sudo nixos-container run abc123 -- systemctl status finder
Unit finder.service could not be found.
sudo nixos-container run abc123 -- systemctl status --user finder
Failed to connect to bus: No such file or directory
I thought perhaps these 'user' services don't run for the root user. But after adding a user and logging in, still no change.
sudo nixos-container root-login abc123
[root#abc123:~]# systemctl status --user finder
Failed to connect to bus: No such file or directory
[root#abc123:~]# su test123
[test123#abc123:/root]$ systemctl status --user finder
Failed to connect to bus: No such file or directory
[test123#abc123:/root]$ systemctl status finder
Unit finder.service could not be found.
Why isn't this service working? Is it not supported in nixos containers?
nixos-container root-login does the bare minimum to give you a shell; nsenter and su
The command nixos-container login should work. That's backed by machinectl login, which can set things up properly so systemctl can do its job.
Related
Installed the lxc container via lxc-create:
sudo lxc-create -t download -n dos1
I chose debian buster arm64 and run it:
sudo lxc-start -n dos1 -d
Outputs an error:
lxc-start: dos1: tools/lxc_start.c: main: 290 No container config specified
What is the problem? Am I doing something wrong?
PS: configs are configured /etc/lxc/default.conf:
lxc.net.0.type = veth
lxc.net.0.link = virbr0
lxc.net.0.flags = up
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
~/.config/lxc/default.conf:
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
UPD
The problem is solved. You had to specify the path to the configuration file directly. For example:
sudo lxc-start -n dos1 -f /var/lib/lxc/dos1/config -d
Then all lxc-* commands must be executed with sudo
I got this error because I didn’t specify sudo. Without root permissions, lxc-start couldn’t find and read the container config to start it.
I get the following error when I try to ping another docker container I setup as a remote:
"changed": false,
"msg": "Failed to connect to the host via ssh: bind: File name too long\r\nunix_listener: cannot bind to path: /var/jenkins_home/.ansible/cp/jenkins_remote-22-remote_user.15sibyvAohxbTCvh",
"unreachable": true
}
However, when I run the same command using the root user, it works.
I have tried to add add the following command to my ansible.cfg file, but it still fails.
control_path = %(directory)s/%%h-%%p-%%r
Please what could be the issue?
I had the same issue it worked with root user and printed the same error otherwise. What did help was to add the following:
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
control_path = /dev/shm/cp%%h-%%p-%%r
to /etc/ansible/ansible.cfg file (create it if it doesn't exist).
I'm able to run a command in my instance using ssh directly:
ssh -o StrictHostKeyChecking=no -i myid_rsa centos#x.x.x.x sudo docker exec samdom samba-tool user create myuser Passw0rd
Warning: Permanently added 'x.x.x.x' (ECDSA) to the list of known hosts.
User 'myuser' created successfully
I would like to do the same thing using a remote-exec provisioner:
provisioner "remote-exec" {
connection {
type = "ssh"
user = "centos"
...
}
inline = [
...
"sudo docker exec samdom samba-tool user create myuser Passw0rd",
...
However, I get an error:
aws_instance.ad_server[0] (remote-exec): ERROR(<type 'exceptions.ValueError'>): Failed to add user 'myuser': - unable to parse dn string
aws_instance.ad_server[0] (remote-exec): File "/usr/lib/python2.7/dist-packages/samba/netcmd/user.py", line 197, in run
aws_instance.ad_server[0] (remote-exec): gecos=gecos, loginshell=login_shell)
aws_instance.ad_server[0] (remote-exec): File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 356, in newuser
aws_instance.ad_server[0] (remote-exec): dnsdomain = ldb.Dn(self, self.domain_dn()).canonical_str().replace("/", "")
I'm assuming its just that the environments are different for each approach, but I'm not sure how to correct this for the terraform provisioner.
I installed docker on nixos, using:
nix-env -i docker
after that, dockerd was not running, so I started the daemon manually with:
dockerd
and in the logs, I see:
WARN[2019-06-26T01:02:31.784701442Z] could not change group
/var/run/docker.sock to docker: group docker not found
should I care about this warning?
When installing docker on NixOS, it's best to enable it in the NixOS configuration. Doing so will install docker as a system service.
Snippet for /etc/nixos/configuration.nix:
virtualisation.docker.enable = true;
# ...
users.users.YOU = { # merge this with your unix user definition, "YOU" is for illustration
isNormalUser = true;
# ...
extraGroups = [
# ...
"docker"
];
};
created a group docker. Docker needs that user group to start as a service.
Im trying to get a docker-machine up and running on a Ubuntu 14.04TSL server in our network. I have installed docker+docker-machine on the server and im able to create the docker-machine on the server with this command from my computer:
docker-machine create --driver generic --generic-ip-address 10.10.3.76 --generic-ssh-key "/Users/username/Documents/keys/mysshkey.pem" --generic-ssh-user ubuntuuser dockermachinename
The command above creates the docker-machine and im able to list it with
docker-machine ls
Im able to SSH to it by running
docker-machine ssh dockermachinename
but when i try to connect the server with (-D for debug information)
docker-machine -D env dockermachinename
I get the following message
Docker Machine Version: 0.5.2 ( 0456b9f )
Found binary path at /usr/local/bin/docker-machine-driver-generic
Launching plugin server for driver generic
Plugin server listening at address 127.0.0.1:54213
() Calling .GetVersion
Using API Version 1
() Calling .SetConfigRaw
() Calling .GetMachineName
(dockermachinename) Calling .GetState
(dockermachinename) Calling .GetURL
Reading CA certificate from /Users/username/.docker/machine/certs/ca.pem
Reading server certificate from /Users/username/.docker/machine/machines/dockermachinename/server.pem
Reading server key from /Users/username/.docker/machine/machines/dockermachinename/server-key.pem
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "10.10.3.76:2376": dial tcp 10.10.3.76:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.
I really need to solve this so all help is appreciated!
On Ubuntu you will need to do following steps:
1. Create user which don't require password
sudo visudo
at the end of file add following line (make sure to specify your username):
username ALL=(ALL:ALL) NOPASSWD: ALL
and then save and exit. And after that add your username to docker group like this (change username with your actual username):
usermod -aG docker username
2. Edit docker config to open 2375 and 2376 ports
sudo systemctl edit docker.service
add following snippet to that file:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2376 -H tcp://0.0.0.0:2375
then save and exit. After that reload config and restart docker deamon with:
sudo systemctl daemon-reload
sudo systemctl restart docker.service
3. Create docker-machine
Remove existing machine which is failing with:
docker-machine rm machine1
and try to create it one more time like this:
docker-machine create -d generic --generic-ip-address ip --generic-ssh-key ~/.ssh/key --generic-ssh-user username --generic-ssh-port 22 machine1
please change ip, key, username and machine1 with you actual values.
If this produce error like this:
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.0.26:2376": tls: oversized record received with length 20527
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
then SSH to your machine and cd into following directory:
cd /etc/systemd/system/docker.service.d/
list all files in it with:
ls -l
you will probably have something like this:
-rw-r--r-- 1 root root 274 Jul 2 17:47 10-machine.conf
-rw-r--r-- 1 root root 101 Jul 2 17:46 override.conf
you will need to delete all files except 10-machine.conf with sudo rm.
After that remove machine you created and create it again. It should now work. I hope this helps. Maybe you already steps 1 and 2 if so then skip them and just try to remove override.conf file or any file in that dir which is not 10-machine.conf.