I have a dockerized application that requires the nscd socket from the docker host. So I bind mount the socket at run time. DNS, getpwnam, getpwuid, etc. all work fine. Strangely though, I have found that gethostbyname doesn't work anymore. For example:
docker run --rm -v /var/run/nscd/socket:/var/run/nscd/socket ubuntu hostname -i
hostname: Name or service not known
However, under alpine, it does work:
docker run --rm -v /var/run/nscd/socket:/var/run/nscd/socket alpine hostname -i
172.18.85.4
Does anyone know why this breaksgethostbyname and how to fix it?
Update: if I use the same glibc on the host and container, it still breaks:
ldd --version
ldd (GNU libc) 2.17
docker run --rm centos ldd --version
ldd (GNU libc) 2.17
docker run --rm -v /var/run/nscd/socket:/var/run/nscd/socket centos hostname -i
hostname: Name or service not known
Setting the LOCALDOMAIN to nothing works:
docker run -it --rm -v /var/run/nscd/socket:/var/run/nscd/socket --env LOCALDOMAIN='' centos hostname -i
Related
So, as the title states, I'm a docker newbie.
I downloaded and installed the archlinux/base container which seems to work great so far. I've setup a few things, and installed some packages (including xeyes) and I now would like to launch xeyes. For that I found out the CONTAINER ID by running docker ps and then used that ID in my exec command which looks now like:
$ docker exec -it -e DISPLAY=$DISPLAY 4cae1ff56eb1 xeyes
Error: Can't open display: :0
Why does it still not work though? Also, how can I stop my running instance without losing its configured state? Previously I have exited the container and all my configuration and software installations were gone when I restarted it. That was not desired. How do I handle this correctly?
Concerning the X Display you need to share the xserver socket (note: docker can't bind mount a volume during an exec) and set the $DISPLAY (example Dockerfile):
FROM archlinux/base
RUN pacman -Syyu --noconfirm xorg-xeyes
ENTRYPOINT ["xeyes"]
Build the docker image: docker build --rm --network host -t so:57733715 .
Run the docker container: docker run --rm -it -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=unix$DISPLAY so:57733715
Note: in case of No protocol specified errors you could disable host checking with xhost + but there is a warning to that (man xhost for additional information).
My centos version and docker version(install by yum)
Use docker common error in container
My docker run command:
docker run -it -d -u root --name jenkins3 -v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker docker.io/jenkins/jenkins
but,its error when I exec docker info in jenkins container
/usr/bin/docker: 2: .: Can't open /etc/sysconfig/docker
Exposing the host's docker socket to your jenkins container will work with
-v /var/run/docker.sock:/var/run/docker.sock
but you will need to have the docker executable installed in your jenkins image via a Dockerfile.
It is likely the example you are looking at is already using a docker image. A quick google search brings up https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/ whose example uses a docker image (already has the executable installed):
docker run -v /var/run/docker.sock:/var/run/docker.sock \
-ti docker
Also note from that same post your exact issue with mounting the binary:
Former versions of this post advised to bind-mount the docker binary from the host to the container. This is not reliable anymore, because the Docker Engine is no longer distributed as (almost) static libraries.
I'm on Docker 17.06.0-ce and I'm attempting to mount a CIFS share in a container and only having some luck. If I use --privileged, it works, but that's not desirable for me. I've tried using --cap-add as well as suggested in this answer (even trying with --cap-add ALL with no success.
The same mount command works fine on the host system as well.
Here's a simple docker file I've tried playing with
FROM alpine:latest
RUN apk add --no-cache cifs-utils
Run with many different permutations, all with the same result below:
Works:
docker run --rm -it --privileged cifs-test /bin/sh
Doesn't Work:
docker run --rm -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH cifs-test /bin/sh
Doesn't Work:
docker run --rm -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH --cap-add NET_ADMIN cifs-test /bin/sh
Doesn't Work:
docker run --rm -it --cap-add ALL cifs-test /bin/sh
And the command:
mkdir /test && mount.cifs //myserver/testpath /test -o user=auser,password=somepass,domain=mydomain
And the result from each run command above except the first:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Has something changed in Docker that requires --privileged all the time for these types of mounts now? Or is there something else I'm missing?
I started using docker-volume-netshare so far with good success. There are some minor problems, like volumes created with docker volume create not being persistent, but nevertheless it looks like this volume driver is quite usable. One advantage is that special caps/privileged mode are not necessary. Here are some hints on how to use it.
Install (Ubuntu/Debian)
$ curl -L -o /tmp/docker-volume-netshare_0.34_amd64.deb https://github.com/ContainX/docker-volume-netshare/releases/download/v0.34/docker-volume-netshare_0.34_amd64.deb
$ sudo dpkg -i /tmp/docker-volume-netshare_0.34_amd64.deb
$ rm /tmp/docker-volume-netshare_0.34_amd64.deb
Configure
$ sudo vi /etc/default/docker-volume-netshare
enter as single setting
DKV_NETSHARE_OPTS="cifs --netrc=/root/"
then
$ sudo vi /root/.netrc
enter the following settings per host:
machine <host>
username <user>
password <password>
domain <domain>
Note that <host> must be a host name or an IP address followed by a colon (e.g. 10.20.30.4:)
Enable the volume driver as a systemd service
Note: if your OS does not support systemd, another method to install it as a service is necessary.
$ sudo systemctl enable docker-volume-netshare
Use a volume in docker run and docker service create
$ sudo docker run -it --rm --mount type=volume,volume-driver=cifs,source=<myvol>,destination=<absolute-path-in-container>,volume-opt=share=<ip>:/<share> ubuntu:zesty bash
$ sudo docker service create --name <name> --mount type=volume,volume-driver=cifs,source=<myvol>,destination=<absolute-path-in-container>,volume-opt=share=<host>/<share> <image>
Obviously it is not necessary to use the identical volume in multiple containers, because the volumes only map to a cifs share which in turn is shared among containers mounting it. As mentioned above, don't use docker volume create with this volume driver, as volumes are lost as soon as docker-volume-netshare is stopped and/or restarted (and hence on reboot).
Get help
$ docker-volume-netshare --help
$ docker-volume-netshare cifs --help
Logs
Hint: for debugging use DKV_NETSHARE_OPTS="cifs --netrc=/root/ --verbose" in /etc/default/docker-volume-netshare or stop the service and start docker-volume-netshare cifs --netrc=/root/ --verbose in a shell)
$ dmesg | tail
$ tail -50 /var/log/docker-volume-netshare.log
Resources
github
project
so I have my project which when installed on host makes login page available (via embedded Tomcat server) as
https://127.0.0.1:8443/
Now I installed this in ubuntu container and for installation the command I used was
docker run -it --name lp --dns=122.17.213.214 --dns=122.26.00.10 --dns-search=corp.sfc.san -p 8080:8443 -v ~/Downloads/logs:/logs -v ~/Downloads:/installers ubuntu /bin/bash
When I did that, I was not able to reach this on my host browser, what I tried was
https://my-docker-machine-ip:8443/ # I am using Mac OSX
Next, I thought to provide exact mapping and I tried
docker run -it --name lp --dns=122.17.213.214 --dns=122.26.00.10 --dns-search=corp.sfc.san -p 192.168.99.100:8443:8443 -v ~/Downloads/logs:/logs -v ~/Downloads:/installers ubuntu /bin/bash
and tried the same URL again, but no luck
What I see is HTTP 404 from Apache. What am I missing?
However within the container, I see log that tells me that server is running
11 May 2016 22:19:19,166 [INFO ] [main] EmbeddedWebServer | Starting tomcat server on port 8443 ...
The syntax is -p hostPort:ContainerPort. Your first example had the right syntax but the 'wrong' port (compared to what you were expecting).
Instead of:
docker run -it --name lp --dns=122.17.213.214 --dns=122.26.00.10 --dns-search=corp.sfc.san -p 8080:8443 -v ~/Downloads/logs:/logs -v ~/Downloads:/installers ubuntu /bin/bash
Use:
docker run -it --name lp --dns=122.17.213.214 --dns=122.26.00.10 --dns-search=corp.sfc.san -p 8443:8443 -v ~/Downloads/logs:/logs -v ~/Downloads:/installers ubuntu /bin/bash
Then
https://my-docker-machine-ip:8443/ # I am using Mac OSX
should work.
I am following this docker user guide: Managing Data in Containers
It seem to be a error at "Mount a Host File as a Data Volume" part,
$ sudo docker run --rm -it -v ~/.bash_history:/.bash_history ubuntu /bin/bash
I test it in my mac version docker, it should be like this:
$ sudo docker run --rm -it -v ~/.bash_history:/root/.bash_history ubuntu /bin/bash
I am not sure if am I correct about this.
You can't use -v option with relative path. You need to use absolute path instead:
sudo docker run --rm -it -v /home/<your_user>/.bash_history:/.bash_history ubuntu /bin/bash