I am trying to run a container as daemon as follows :
$docker run --privileged --net=host -d d34f188005c4
34045723709f3553533a1c823800697e55d43a7e676499310751f7116d3a1068
$docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
As seen from above, docker run cmd returns a long string, but it fails to run as seen from the docker ps output. Further, I get following from the syslog while the docker run cmd as above executes:
kernel: [281942.173389] aufs au_opts_verify:1597:dockerd[21361]: dirperm1 breaks the protection by the permission bits on the lower branch
Kernel/docker version and other required info is as follows:
# docker info
Containers: 3
Running: 0
Paused: 0
Stopped: 3
Images: 1
Server Version: 17.03.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 8
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 977c511eda0925a723debdc94d09459af49d082a
runc version: a01dafd48bc1c7cc12bdb01206f9fea7dd6feb70
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-116-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.67 GiB
Name: ubuntu1604
ID: B35S:GX2J:VTYF:HKJ2:KMIP:SU35:YCSV:YHM2:R6L5:K7CW:4ZUV:EYGX
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Can anyone please let me know how to fix this? Can we get any clue from the syslog above? If any other info is required, please let me know.
Adding additional info based on comments below :
$docker logs 34045723709f3553533a1c823800697e55d43a7e676499310751f7116d3a1068
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Access to docker on host failed!!`
$ps -aux | grep dockerd
root 21836 0.4 0.2 436168 42920 ? Ssl 10:39 0:00 /usr/bin/dockerd -H fd://
Related
I'm having problems getting a listing of images from a specific registry that I've set up on a local server, or, maybe, I'm having issues publishing them to that registry in the first place, as this is my first adventure into docker registries, I may just be confused with the terms used.
There's an old question, here, that kind of looks like what I want to achieve, but it appears that docker has gained built-in support for this, in the meanwhile, so the methods mentioned here are no longer relevant.
I have 2 servers (for the purpose of this question):
rancher-server: This server has a rancher:v2.6.0 container running and a registry:2 container.
k8s-server: This is just a freshly installed server, with the docker and kubernetes packages installed, that I want the rancher server to administer.
On k8s-server, I'm trying to spin up a docker image rancher/rancher-agent:v2.6.0 with a few arguments, that should let it relinquish control to the rancher server.
The trick here is, that this is all required to work without internet access (currently there IS internet access, but it's a PoC for a task that requires to be air-gapped). For the purposes of this question, I really just want to be able to spin up docker containers on k8s-server, using the registry on rancher-server.
Currently, this is the state of rancher-server:
# docker ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b9a15ea00d5e registry:2 "/entrypoint.sh /e..." About an hour ago Up About an hour 0.0.0.0:5000->5000/tcp local-registry
1b6bc6b88a8e 08c9693b4357 "entrypoint.sh 08c..." 26 hours ago Up 2 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp goofy_minsky
# docker image ls --all (the list is big, this is just a sample):
REPOSITORY TAG IMAGE ID CREATED
rancher/rancher-agent v2.6.0 9c35a790aa16 2 weeks ago
rancher-server.example.com:5000/rancher/rancher-agent v2.6.0 9c35a790aa16 2 weeks ago
# docker info
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 225
Server Version: 1.13.1
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: journald
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: docker-runc runc
Default Runtime: docker-runc
Init Binary: /usr/libexec/docker/docker-init-current
containerd version: (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: 66aedde759f33c190954815fb765eedc1d782dd9 (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: fec3683b971d9c3ef73f284f176672c44b448662 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
seccomp
WARNING: You're not using the default seccomp profile
Profile: /etc/docker/seccomp.json
selinux
Kernel Version: 3.10.0-1160.41.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 2
Total Memory: 3.701 GiB
Name: rancher-server
ID: SA2T:G2IA:CGER:6BC5:HIV2:4T6T:LF3Q:2YVS:SYU7:SQ5V:ACUS:BMEX
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
rancher-server.example.com:5000
127.0.0.0/8
Live Restore Enabled: false
Registries: docker.io (secure)
On the k8s-server, I try to list the contents of that registry:
# docker image ls --all rancher-server.example.com:5000
REPOSITORY TAG IMAGE ID CREATED SIZE
# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 1.13.1
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: journald
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: docker-runc runc
Default Runtime: docker-runc
Init Binary: /usr/libexec/docker/docker-init-current
containerd version: (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: 66aedde759f33c190954815fb765eedc1d782dd9 (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: fec3683b971d9c3ef73f284f176672c44b448662 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
seccomp
WARNING: You're not using the default seccomp profile
Profile: /etc/docker/seccomp.json
selinux
Kernel Version: 3.10.0-1160.41.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 2
Total Memory: 3.701 GiB
Name: k8s-server
ID: QETJ:QSPQ:VS36:OOOA:ZPYL:CDHK:AJ5G:N4BD:ZQUH:UL6O:PHAB:5UOE
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
rancher-server.example.com:5000
127.0.0.0/8
Live Restore Enabled: false
Registries: docker.io (secure)
I had to jump through a few hoops to get there, in the first place, marking the registry as unsafe in /etc/docker/daemon.json on the k8s-server and disabling selinux on the rancher-server, for example.
I've tried to docker login rancher-server.example.com:5000 first, but that made no difference. It does look like, to me, that the k8s-server is configured correctly, but that the images on rancher-server haven't been tagged/pushed properly, but when I look back at the registry, I don't know how to do it differently, and, as far as I understand the registry, it looks fine to me?
I've changed the server names for anonymity and the output has been lightly edited for presentation.
EDIT:
I think I found a clue to what's happening here, it turns out that I can actually run the images from this registry remotely, just fine, it just so happens that I have no way to discover the names of the images, however, if I do a docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher-server.example.com:5000/rancher/rancher-agent:v2.6.0 --server https://rancher-server.example.com:5000 --token <token> --ca-checksum <ca-checksum> --etcd --controlplane it actually pulls and runs the container, so it looks like the registry itself is fine, but maybe the index isn't?
After reinstalling my Kubuntu 18 I try to install docker-ce
and running app I got error :
$ docker-compose up
ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
serge#AtHome:/mnt/_work_sdb8/wwwroot/lar/PerlerWealth/master$ export DOCKER_HOST=127.0.0.1
serge#AtHome:/mnt/_work_sdb8/wwwroot/lar/PerlerWealth/master$ docker-compose up -d --build
Traceback (most recent call last):
File "/usr/bin/docker-compose", line 11, in <module>
load_entry_point('docker-compose==1.17.1', 'console_scripts', 'docker-compose')()
File "/usr/lib/python2.7/dist-packages/compose/cli/main.py", line 68, in main
command()
...
File "/usr/lib/python2.7/dist-packages/docker/utils/utils.py", line 373, in parse_host
"Bind address needs a port: {0}".format(addr))
docker.errors.DockerException: Bind address needs a port: 127.0.0.1
Why errors and how to fix this error ?
Related app versions and config info :
root#AtHome:~/Downloads# docker --version
Docker version 19.03.13, build 4484c46d9d
root#AtHome:~/Downloads# docker-compose --version
docker-compose version 1.17.1, build unknown
root#AtHome:~/Downloads# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root#AtHome:~/Downloads# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.13
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-20-generic
Operating System: Ubuntu 18.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.711GiB
Name: AtHome
ID: FGEV:TTKB:COS7:VUEW:7C2T:UJWK:2L66:Y6UE:APLU:M5HG:R5DG:3RN7
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
MODIFIED :
root#AtHome:~/Downloads# docker --version
Docker version 19.03.13, build 4484c46d9d
root#AtHome:~/Downloads# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root#AtHome:~/Downloads# sudo usermod -aG docker $USER
root#AtHome:~/Downloads# sudo newgrp - docker
root#AtHome:/root# sudo systemctl enable docker
Synchronizing state of docker.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable docker
root#AtHome:/root# sudo systemctl start docker
root#AtHome:/root# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
I have all /etc files from prior working installation, but which config
files have I to look at or some missing options or permissions lacking ?
Thanks in advance!
I am getting the below error message:
{"changed": false, "msg": "Error creating container: 500 Server Error:
Internal Server Error ("error creating overlay mount to
/var/lib/docker/overlay2/e17accf17aa46c9d12dbc4da10e399121b476698039cdcf54a5bb42443ffc260-init/merged:
invalid argument")"}
docker info shows below:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 1.13.1
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: false
Logging Driver: journald
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Authorization: rhel-push-plugin
Swarm: inactive
Runtimes: oci runc
Default Runtime: oci
Init Binary: /usr/libexec/docker/docker-init-current
containerd version: 1556cce7e5c5349fdffeb123c092a7681769866a (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: 1556cce7e5c5349fdffeb123c092a7681769866a-dirty (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
seccomp
WARNING: You're not using the default seccomp profile
Profile: /etc/docker/seccomp.json
selinux
Kernel Version: 4.18.7-200.fc28.x86_64
Operating System: Fedora 28 (Server Edition)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 2
CPUs: 24
Total Memory: 94.34 GiB
Name: xxxxxx.com
ID: U63T:T7ZF:HWDJ:4NKZ:YUW2:KO6W:7RI5:Y6MY:VKSQ:DJSL:FGD5:QMZS
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: true
Registries: docker.io (secure), registry.fedoraproject.org (secure), quay.io (secure), registry.access.redhat.com (secure), registry.centos.org (secure), docker.io (secure)
Here Backing filesystem shows unknown here. How to change it to xfs or somerelevant to work?
I was able to resolve this by doing a factory reset in Docker.
Docker for Mac -> Troubleshooting (it is the "bug" icon next to the Settings icon) -> Reset Factory Defaults
$ vim /etc/docker/daemon.json
{
"max-concurrent-uploads": 1
}
$ service docker restart
Posting it in case it helps someone.
I had the same issue with the docker. It was not able to push images to GCR. The above was able to solve my issue.
First, I think you can check the /var/lib/docker/overlay2 directory using xfs_info whether or not it can be supported the overlay2.
For instance,
$ xfs_info /var/lib/docker/overlay2 | grep ftype
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
If the output is ftype=1, then it can be supported the overlay2.
I hope it help you. :^)
I have just meet the same issue. And I fixed it by change the disk volume type used by docker into Ext4 or change the path into a Ext4 volume by this command in docker.service
ExecStart=/usr/bin/dockerd --graph /new-path/docker
It might happen because daemon.json doesn't exist. For create it you can do following steps: open "Docker Desktop" > "Preferences" > "Docker Engine" > edit the texteditor under "Configure the Docker daemon by typing a json Docker daemon configuration file" > "Apply & Restart".
After running docker container,docker run -d --name nginx nginx, I cannot use "docker exec", docker exec nginx echo 123, on this container.
I'm receiving an error:
ERRO[2018-08-19T11:09:10.909894729+03:00] stream copy error: reading from a closed fifo
ERRO[2018-08-19T11:09:10.909988081+03:00] stream copy error: reading from a closed fifo
ERRO[2018-08-19T11:09:10.931102317+03:00] Error running exec 19c6ae3c5d796180e02577f037f6a1bd1453b70393098643719dea3537933ae2 in container: OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "process_linux.go:86: executing setns process caused \"exit status 22\"": unknown`
OS: ubuntu 14.04
Kernel: 3.13.0-153-generic
Docker: Docker version 18.06.0-ce, build 0ffa825
Docker Info:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 18.06.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/165536.165536/aufs
Backing Filesystem: extfs
Dirs: 5
Dirperm1 Supported: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d64c661f1d51c48782c9cec8fda7604785f93587
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
apparmor
userns
Kernel Version: 3.13.0-153-generic
Operating System: Ubuntu 14.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.86GiB
Name: **************
ID: OL25:ISXX:RWR7:EY76:OQ6O:XLWG:ETWJ:FV2A:MC6A:ROP7:6DWD:DJX4
Docker Root Dir: /var/lib/docker/165536.165536
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Thanks!
That can happen when them use ENTRYPOINT instead of CMD. Check your image/container with "docker inspect". Your commandline argument becomes a CMD of ENTRYPOINT.
https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact
I could reproduce this issue whenever I executed docker run -it opensuse/leap followed by exit command. The container is actually stopped after exit command, but still showed running in docker ps.
Solution: Restart your docker daemon. And then try running your containers once again. If they stop, they won't show running status.
command: service docker restart
This worked in my case.
Please update your Kernel. Although Docker should work with most Kernel 3.10+ versions, there are often low level issues with older Kernels. See also https://github.com/moby/moby/issues/36084#issuecomment-364886573 for a seemingly same issue with a working solution:
updated to HWE ( 4.13.0-32-generic) and exec works again, however keep in mind that stock 16.04 uses 4.4.0 kernels - there should some kind of warning (at least) that specific versions combination will not work
In my scenario I use "consul" as the key-value store backend, and two more VMs with docker installed on them. The command I am running the docker daemon on these two VMs is:
sudo docker daemon -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock \
--cluster-store consul://{CONSUL_IP}:8500 --cluster-advertise eth0:2376
Also the command for running the consul is :
sudo docker daemon -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
After this, I try to create a network using:
sudo docker network create -d overlay --subnet=192.168.3.0/24 my-overlay
And in each of VMs I run a busybox container:
sudo docker run -itd --name containerX --net my-overlay busybox
Where X is A for one of them and B for another.
here is "docker info" from the first VM:
$ sudo docker info
Containers: 4
Running: 2
Paused: 0
Stopped: 2
Images: 3
Server Version: 1.12.3
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 17
Dirperm1 Supported: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: overlay bridge host null
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: apparmor
Kernel Version: 3.13.0-76-generic
Operating System: Ubuntu 14.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.955 GiB
Name: cs-webserving-4
ID: ESSZ:WBCV:W6NU:ODJ6:3ZIW:QHMH:TEXP:M66M:NYF5:MNWB:H4M7:Z3L6
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Cluster Store: consul://10.254.1.92:8500
Cluster Advertise: 10.254.1.123:2376
Insecure Registries:
127.0.0.0/8
And here is the other VM:
$ sudo docker info
Containers: 4
Running: 2
Paused: 0
Stopped: 2
Images: 3
Server Version: 1.12.3
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 17
Dirperm1 Supported: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: overlay host bridge null
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: apparmor
Kernel Version: 3.13.0-76-generic
Operating System: Ubuntu 14.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.955 GiB
Name: cs-webserving-3
ID: BTAL:L3LE:BHSX:DQRD:HTC4:KXJE:T772:47TU:4KJZ:NIY4:7WTY:Q6TO
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Cluster Store: consul://10.254.1.92:8500
Cluster Advertise: 10.254.1.122:2376
Insecure Registries:
127.0.0.0/8
Problem
When I try to ping containerB from containerA, I get no answer:
sudo docker exec containerB ping -w 5 192.168.3.5
PING 192.168.3.5 (192.168.3.5): 56 data bytes
--- 192.168.3.5 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
Where 192.168.3.5 is the IP of containerA in overlay network.
**Note: ** I also tried the name "containerA" instead of the IP, it didn't work neither.
What is the problem in my scenario? any hint or solutions would be appreciated.
Try linking containers.
Ex:
$ docker run -ti --name containerA --link containerB:containerB_alias ubuntu bash
You can ping: [root#cad0fef8c778]$ ping containerB_alias
What version of Docker are you using? Currently, traditional containers are not allowed to connect to overlay networks, only services are. That will be fixed in version 1.13 with the --attachable keyword for overlay network creation.
What may make more sense is to create two services on the same overlay network. Then they'll be able to refer to each other directly by service name.