I am trying to configure docker-compose to use different network range by default, so I follow instructions from https://github.com/moby/moby/pull/29376
However, I get following error:
unable to configure the Docker docker daemon with file
/etc/docker/daemon.json: the following directives don't match any
configuration option: default-address-pools
Here is the content of daemon.json - it is the sample taken from the #29376.
{
"default-address-pools": [
{
"scope": "local",
"base": "172.80.0.0/16",
"size": 24
},
{
"scope": "global",
"base": "172.90.0.0/16",
"size": 24
}
]
}
Please advise.
My env:
# uname -a
Linux gfn-classroom 4.4.0-109-generic #132-Ubuntu SMP Tue Jan 9 19:52:39 UTC
2018 x86_64 x86_64 x86_64 GNU/Linux
# docker --version
Docker version 17.12.0-ce, build c97c6d6
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
This is merged in https://github.com/moby/moby/pull/36396 and (hopefully) will be available in 18.06. [Reference]
Also note changing default address pool is also available as a cli argument, e.g.:
/usr/bin/dockerd -H ... --default-address-pool base=172.29.0.0,size=16
Pull-request https://github.com/moby/moby/pull/29376 was closed, not merged, so that feature is not available (yet) in Docker
Related
In case of docker, this can be achieved by mounting docker.sock inside container.
But since there is no daemon in podman. What's the replacement for docker.sock?
I want to typically check the podman images presents on host and start a new container.
I'm using Podman with --privileged=true and root.
There is a new API (status: experimental) that was announced in a blog post in January 2020.
[root#fedora31 ~]# podman --version
podman version 1.8.0
[root#fedora31 ~]# podman system service --timeout 500000 unix://root/foobar.sock
This function is EXPERIMENTAL.
As the API is still experimental this might change but right now you could make a query like this:
[root#fedora31 ~]# curl -s --unix-socket /root/foobar.sock http://d/v1.24/images/json | python3 -m json.tool
[
{
"Containers": 0,
"Created": 1572319417,
"Id": "f0858ad3febdf45bb2e5501cb459affffacef081f79eaa436085c3b6d9bd46ca",
"Labels": {
"maintainer": "Clement Verna <cverna#fedoraproject.org>"
},
"ParentId": "",
"RepoDigests": [
"sha256:8fa60b88e2a7eac8460b9c0104b877f1aa0cea7fbc03c701b7e545dacccfb433"
],
"RepoTags": [
"docker.io/library/fedora:latest"
],
"SharedSize": 0,
"Size": 201095865,
"VirtualSize": 201095865,
"CreatedTime": "0001-01-01T00:00:00Z"
},
null
]
[root#fedora31 ~]#
The command python3 -m json.tool was added to pretty-print the JSON output.
I think the UNIX socket can be accessed from inside a container by using the bind-mounting technique (that was mentioned in the question).
According to the man page, the command podman system service also accepts the flag --varlink.
Using Varlink instead of the new API might be a better solution right now as it is more mature but it will be deprecated in the future.
I have a Raspberry Pi 3 B+ with Docker installed on it. I'm trying to pull the latest ARMv7 edition of the golang container image, linked below.
https://hub.docker.com/u/arm32v7/
https://hub.docker.com/r/arm32v7/golang/
When I run the docker pull command on the image, I get the generic error below.
pi#trevorpi:~ $ docker pull arm32v7/golang:latest
Pulling repository docker.io/arm32v7/golang
Tag latest not found in repository docker.io/arm32v7/golang
Here's the version of Docker I'm running:
pi#trevorpi:~ $ docker version
Client:
Version: 1.8.3
API version: 1.20
Go version: go1.4.3
Git commit: f4bf5c7
Built:
OS/Arch: linux/arm
Server:
Version: 1.8.3
API version: 1.20
Go version: go1.4.3
Git commit: f4bf5c7
Built:
OS/Arch: linux/arm
Here's the output from uname -a, which indicates it's ARMv7:
Linux trevorpi 4.14.71-v7+ #1145 SMP Fri Sep 21 15:38:35 BST 2018 armv7l GNU/Linux
Obviously, the x86 Docker image for golang doesn't work, because it's not ARM-compatible. I can pull the image, but it won't run due to processor architecture:
pi#trevorpi:~ $ docker pull golang:latest
latest: Pulling from library/golang
836de16dcbe9: Already exists
490028bf21ec: Already exists
b9aece5a7acf: Already exists
e5bf67252042: Already exists
a221240e1da3: Already exists
efcf11bc5c78: Already exists
32d2d4bbdbd3: Already exists
599e9bccee8b: Already exists
b77bfa353366: Already exists
dc799d5ef217: Already exists
cb12e793d3e1: Already exists
c984412a4f12: Already exists
Digest: sha256:ce05c9f8151cc4ff3ce508509720597d103b630aa024bcfb012107149abfa361
Status: Image is up to date for golang:latest
pi#trevorpi:~ $ docker run --rm -it golang
WARNING: Your kernel does not support memory swappiness capabilities, memory swappiness discarded.
exec format error
Error response from daemon: Cannot start container 0c04cb7f7192f2059b029637bd6306c0a4ff83299e3a20df920b3ea56339ab7a: [8] System error: exec format error
Question: I manually verified that the latest tag is valid. What do I need to do to pull this image?
Maybe you are trying to download an image not available for your system (OS or Architecture).
$ docker manifest inspect -v arm32v7/golang:latest
[
{
"Ref": "docker.io/arm32v7/golang:latest#sha256:faf19ab885f9d0779bbbd615eee610c5aedfdd203ac5fceefbd5fc8afd73a2ac",
"Descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:faf19ab885f9d0779bbbd615eee610c5aedfdd203ac5fceefbd5fc8afd73a2ac",
"size": 1795,
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v7"
}
Are you sure your raspberry uses arm v7 architecture? Unfortunately, I don't have raspberry ow my own, so I can't reproduce this problem.
Have you tried do pull with other tags than latest? Also, You could try to build this image yourself. Golang repo
Maybe try with an official repository for golang:
docker pull golang:latest
they also support your architecture:
Supported architectures: md64, arm32v6, arm32v7, arm64v8,
i386, ppc64le, s390x, windows-amd6
Maybe this is a connection/firewall issue. Can you pull from other repositories?
When I try to run any container on Docker on Windows I get the following error.
docker: Error response from daemon: container
70518b4959aca4092b2f65c0881a6c25851789656e3d7ce2610e6322b32aeffe
encountered an error during CreateContainer: failure in a Windows
system call: The system cannot find the path specified. (0x3) extra
info:
{
"SystemType": "Container",
"Name": "70518b4959aca4092b2f65c0881a6c25851789656e3d7ce2610e6322b32aeffe",
"Owner": "docker",
"IgnoreFlushesDuringBoot": true,
"LayerFolderPath": "C:\\ProgramData\\Docker\\windowsfilter\\70518b4959aca4092b2f65c0881a6c25851789656e3d7ce2610e6322b32aeffe",
"Layers": [
{
"ID": "db3c3c75-2b7c-5d4a-bde3-463ffc817a5b",
"Path": "C:\\ProgramData\\Docker\\windowsfilter\\61ad8a0caffe153621375482f419c592edaade796b909edd8a7edda142818414"
},
{
"ID": "3e2f377e-6c2f-5b95-9e80-fceef67d4b01",
"Path": "C:\\ProgramData\\Docker\\windowsfilter\\54a8c9c1afb96bd64a3dd69f0f84aee1eaf18644791cf2812caeab26adf12632"
}
],
"HostName": "70518b4959ac",
"HvPartition": true,
"EndpointList": [
"36bbd687-56fb-4281-a9ee-4f81dcb5a795"
],
"HvRuntime": {
"ImagePath": "C:\\ProgramData\\Docker\\windowsfilter\\61ad8a0caffe153621375482f419c592edaade796b909edd8a7edda142818414\\UtilityVM"
},
"AllowUnqualifiedDNSQuery": true
}.
I believe the error could be related to the underlying hyper-v settings as I received the same error with a brand new vanilla Hyper-V VM set with just a mounted bootable iso disc.
Here is the docker info
Version: 17.11.0-ce-rc3-win38 (14052)
Channel: edge
Sha1: 32de2331204faa0f33731efe56df79e713ee0fba
Started on: 2017/11/15 22:37:53.300
Resources: C:\Program Files\Docker\Docker\Resources
OS: Windows 10 Enterprise
Edition: Enterprise
Id: 1709
Build: 16299
BuildLabName: 16299.15.amd64fre.rs3_release.170928-1534
Steps I have tried all resulting in the same:
1) Install Docker Edge
2) Uninstall and Reinstall Docker
3) Uninstall Hyper-V and reinstall
4) Changing the Hyper-V Storage locations
Code : container.yml
version: '2'
settings:
conductor_base: centos:7
services:
ansible.play_container:
from: "play:8_jre_security"
roles:
- play_container
ports:
- "9000:9000"
user: play
command: ['app/xxx/docker-entrypoint.sh']
registries: {}
OS / ENVIRONMENT Details :
Ansible Container, version 0.9.2
Linux, 3.10.0-327.13.1.el7.x86_64, #1 SMP Mon Feb 29 13:22:02 EST 2016, x86_64
2.7.5 (default, May 3 2017, 07:55:04)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] /usr/bin/python
Command Used : sudo ansible-container --debug build
Error Log:
Fatal: [ansible.play_container]: FAILED! => {
"changed": false,
"module_stderr": "/_usr/bin/python: relocation error: /_usr/lib64/libc.so.6: symbol _dl_starting_up, version GLIBC_PRIVATE not defined in file ld-linux-x86-64.so.2 with link time reference\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 0
}
to retry, use: --limit #/tmp/tmpXAGeVC/playbook.retry
PLAY RECAP *********************************************************************
ansible.play_container : ok=0 changed=0 unreachable=0 failed=1
2017-11-28T06:09:14.110001 Error applying role! [container.core] caller_file=/_ansible/container/core.py caller_func=apply_role_to_container caller_line=699 engine=<container.docker.engine.Engine object at 0x7fbcfd43ce90> exit_code=2 playbook=[{'hosts': u'ansible.play_container', 'roles': ['play_container'], 'vars': {}}]
Please check and help on steps to resolve the relocation error
The conductor base image and the target container base image need to derive from the same distro. I'm guessing whatever play:8_jre_security is, it's not a CentOS 7 derived image.
I am seeing the same problem as described here and here. I have tried everything that worked in those two cases to no avail - I still see the same behavior. Can someone offer alternatives I might try?
My setup:
I am running 3 Centos 7.2 boxes. Network Time Protocol (ntpd) running on all machines. All have been yum updated. Here is some detailed info:
Linux version 3.10.0-327.28.2.el7.x86_64 (builder#kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) )
Docker version:
# docker version
Client:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built:
OS/Arch: linux/amd64
Server:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built:
OS/Arch: linux/amd64
Setup the swarm manager:
>docker swarm init --advertise-addr 10.1.1.40:2377 --force-new-cluster
// on some retry attempts (after 'docker swarm leave --force') I ran:
>docker swarm init --advertise-addr 10.1.1.40:2377 --force-new-cluster
Manager status:
>docker node inspect self
[
{
"ID": "3x5q1n9v956g3ptdle2eve856",
"Version": {
"Index": 10
},
"CreatedAt": "2016-08-27T13:01:13.400345797Z",
"UpdatedAt": "2016-08-27T13:01:13.580143388Z",
"Spec": {
"Role": "manager",
"Availability": "active"
},
"Description": {
"Hostname": "mymanagerhost.mycompany.com",
"Platform": {
"Architecture": "x86_64",
"OS": "linux"
},
"Resources": {
"NanoCPUs": 4000000000,
"MemoryBytes": 16659128320
},
"Engine": {
"EngineVersion": "1.12.1",
"Plugins": [
{
"Type": "Network",
"Name": "bridge"
},
{
"Type": "Network",
"Name": "host"
},
{
"Type": "Network",
"Name": "null"
},
{
"Type": "Network",
"Name": "overlay"
},
{
"Type": "Volume",
"Name": "local"
}
]
}
},
"Status": {
"State": "ready"
},
"ManagerStatus": {
"Leader": true,
"Reachability": "reachable",
"Addr": "10.1.1.40:2377"
}
}
]
On the worker node (I have two, but they both behave the same).
Join Swarm:
>docker swarm join --token SWMTKN-1-4fjh7kncdpwjvxnxisamhldgenmmnqyvhnx9qdi8d4hkkfuacv-168gs9okd5ck0r4lokdgpef92 10.1.1.40:2377
Error response from daemon: Timeout was reached before node was joined. Attempt to join the cluster will continue in the background. Use "docker info" command to see the current swarm status of your node.
Output of Docker info command:
>docker info
Plugins:
Volume: local
Network: null host bridge overlay
Swarm: pending
NodeID:
Error: rpc error: code = 1 desc = context canceled
Is Manager: false
Node Address: 10.1.1.50
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-327.28.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.52 GiB
Name: myWorkerNode.mycompany.com
ID: DAWE:VDRA:ZUVS:P7PH:ADCP:MFNU:2LOS:C6TG:XSIS:Y7EX:I46S:KFXT
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
127.0.0.0/8
Edit per first answer below
So I tried leaving with stop/start surrounding commands. I did:
# docker swarm leave --force
Node left the swarm.
# service docker stop
Redirecting to /bin/systemctl stop docker.service
#
# service docker start
Redirecting to /bin/systemctl start docker.service
# docker swarm init --advertise-addr 10.1.1.40:2377
Swarm initialized: current node (0e0y2k2hngnwyeg86ilzbrjmu) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join \
--token SWMTKN-1-2ggj60tnbppgjlg63a58oe5pqtv0vfrpj81hheawanf76x7cjc-7v48qak22wd03y3jyv903a9if \
10.1.1.40:2377
Then on the worker I did:
# docker swarm leave
Node left the swarm.
# service docker stop
Redirecting to /bin/systemctl stop docker.service
# service docker start
Redirecting to /bin/systemctl start docker.service
# docker swarm join \
> --token SWMTKN-1-2ggj60tnbppgjlg63a58oe5pqtv0vfrpj81hheawanf76x7cjc- 7v48qak22wd03y3jyv903a9if \
> 10.1.1.40:2377
Error response from daemon: Timeout was reached before node was joined. Attempt to join the cluster will continue in the background. Use "docker info" command to see the current swarm status of your node.
Which is obviously the same behavior...
UPDATE
I have tried all the steps outlined by #Miad Abrin. I still get the same behavior. I am guessing the cause is related to the CERTS errors I see when I do:
# journalctl -xe
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.554904435-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.555400400-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.555478782-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.555528929-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.555685464-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc
Does anyone know the cause of this and how to correct?
You need to restart your docker daemon service before leaving the swarm and after it. do it both for the swarm leader and the works. This is a bug in 1.12 version and it is fixed in 1.12.1 since I had the same problems.
My Results when trying this
In the two sections below I numbered the steps with (num) to show the order between the worker and the manager:
On the worker:
(1)# docker swarm leave --force
Error response from daemon: This node is not part of a swarm
(2)# service docker stop
Redirecting to /bin/systemctl stop docker.service
(6)# service docker start
Redirecting to /bin/systemctl start docker.service
#
(7)# docker swarm join \
> --token SWMTKN-1-4gsdy8jshxmd58mvpcm0tlmbbnrrqdrf51ggcwvdv0bvkltxmy-am9o4dsl4ovx6b4lbsabn0fc7 \
> 10.1.1.40:2377
Error response from daemon: Timeout was reached before node was joined. The attempt to join the swarm will continue in the background. Use the "docker info" command to see the current swarm status of your node.
(8)# nmap -p2377 10.1.1.40
Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-29 10:32 EDT
Nmap scan report for (10.1.0.123)
Host is up (0.00085s latency).
PORT STATE SERVICE
2377/tcp filtered unknown
MAC Address: 00:50:56:B9:76:32
On the manager node:
(3)# docker swarm leave --force
Error response from daemon: This node is not part of a swarm
(4)# service docker stop
Redirecting to /bin/systemctl stop docker.service
(5)# service docker start
Redirecting to /bin/systemctl start docker.service
(7)# docker swarm init --advertise-addr 10.1.1.40 --force-new-cluster
Swarm initialized: current node (7z52d3bcoiou61ltgike42dnn) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join \
--token SWMTKN-1-4gsdy8jshxmd58mvpcm0tlmbbnrrqdrf51ggcwvdv0bvkltxmy-am9o4dsl4ovx6b4lbsabn0fc7 \
10.1.1.40:2377