Code : container.yml
version: '2'
settings:
conductor_base: centos:7
services:
ansible.play_container:
from: "play:8_jre_security"
roles:
- play_container
ports:
- "9000:9000"
user: play
command: ['app/xxx/docker-entrypoint.sh']
registries: {}
OS / ENVIRONMENT Details :
Ansible Container, version 0.9.2
Linux, 3.10.0-327.13.1.el7.x86_64, #1 SMP Mon Feb 29 13:22:02 EST 2016, x86_64
2.7.5 (default, May 3 2017, 07:55:04)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] /usr/bin/python
Command Used : sudo ansible-container --debug build
Error Log:
Fatal: [ansible.play_container]: FAILED! => {
"changed": false,
"module_stderr": "/_usr/bin/python: relocation error: /_usr/lib64/libc.so.6: symbol _dl_starting_up, version GLIBC_PRIVATE not defined in file ld-linux-x86-64.so.2 with link time reference\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 0
}
to retry, use: --limit #/tmp/tmpXAGeVC/playbook.retry
PLAY RECAP *********************************************************************
ansible.play_container : ok=0 changed=0 unreachable=0 failed=1
2017-11-28T06:09:14.110001 Error applying role! [container.core] caller_file=/_ansible/container/core.py caller_func=apply_role_to_container caller_line=699 engine=<container.docker.engine.Engine object at 0x7fbcfd43ce90> exit_code=2 playbook=[{'hosts': u'ansible.play_container', 'roles': ['play_container'], 'vars': {}}]
Please check and help on steps to resolve the relocation error
The conductor base image and the target container base image need to derive from the same distro. I'm guessing whatever play:8_jre_security is, it's not a CentOS 7 derived image.
Related
I am trying to start an nginx container using ansible with docker-compose from one machine to a different machine.
Whenever I include nginx.conf to the volumes, there is an error which I do not understand. The container is only created but not starting.
MACHINE-1
Command to run the playbook: ansible-playbook -v nginx-playbook.yml -l ubuntu_node_1 -u root
my playbook:
- name: nginx-docker_compose
hosts: all
gather_facts: yes
become: yes
tasks:
- community.general.docker_compose:
project_name: nginx
definition:
version: '2'
services:
web:
image: nginx:latest
volumes:
- ./vars/nginx.conf:/etc/nginx/nginx.conf:ro
ports:
- "8080:80"
[EDITED]
Here is the error:
Using /etc/ansible/ansible.cfg as config file
PLAY [nginx-docker_compose] ********************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************
[DEPRECATION WARNING]: Distribution Ubuntu 18.04 on host 172.31.15.176 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior
Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in version 2.12. Deprecation
warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ok: [172.31.15.176]
TASK [community.general.docker_compose] ********************************************************************************************************************************
fatal: [172.31.15.176]: FAILED! => {"changed": false, "errors": [], "module_stderr": "Recreating nginx_web_1 ... \n\u001b[1A\u001b[2K\nRecreating nginx_web_1 ... \n\u001b[1B", "module_stdout": "", "msg": "Error starting project Encountered errors while bringing up the project."}
PLAY RECAP *************************************************************************************************************************************************************
172.31.15.176 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
[root#ip-172-31-12-130 docker_server]# ansible-playbook -v nginx-playbook.yml -l ubuntu_node_1 -u root
Using /etc/ansible/ansible.cfg as config file
PLAY [nginx-docker_compose] ********************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************
[DEPRECATION WARNING]: Distribution Ubuntu 18.04 on host 172.31.15.176 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior
Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in version 2.12. Deprecation
warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ok: [172.31.15.176]
TASK [community.general.docker_compose] ********************************************************************************************************************************
fatal: [172.31.15.176]: FAILED! => {"changed": false, "errors": [], "module_stderr": "Recreating 9b102bbf98c2_nginx_web_1 ... \n\u001b[1A\u001b[2K\nRecreating 9b102bbf98c2_nginx_web_1 ... \n\u001b[1B", "module_stdout": "", "msg": "Error starting project Encountered errors while bringing up the project."}
PLAY RECAP *************************************************************************************************************************************************************
172.31.15.176 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
NOTE: When I try to run nginx container directly using docker-compose with the same config on MACHINE-2, it works.
I believe there are some permission issues happening while trying to execute the playbook from MACHINE-1 to MACHINE-2 but can not figure it out.
It works now. Thanks to #mdaniel.
Things I changed:
I wrote the entire directory in the playbook- /home/some_more_folders/nginx.conf
and copied the same file with same directory structure on the destination machine.
Still open questions:
Any idea why is it necessary to copy any file to the destination machine (such as nginx.conf)?
How this manual process of copying of config files to destination machine for docker-compose be automated?
I have a Raspberry Pi 3 B+ with Docker installed on it. I'm trying to pull the latest ARMv7 edition of the golang container image, linked below.
https://hub.docker.com/u/arm32v7/
https://hub.docker.com/r/arm32v7/golang/
When I run the docker pull command on the image, I get the generic error below.
pi#trevorpi:~ $ docker pull arm32v7/golang:latest
Pulling repository docker.io/arm32v7/golang
Tag latest not found in repository docker.io/arm32v7/golang
Here's the version of Docker I'm running:
pi#trevorpi:~ $ docker version
Client:
Version: 1.8.3
API version: 1.20
Go version: go1.4.3
Git commit: f4bf5c7
Built:
OS/Arch: linux/arm
Server:
Version: 1.8.3
API version: 1.20
Go version: go1.4.3
Git commit: f4bf5c7
Built:
OS/Arch: linux/arm
Here's the output from uname -a, which indicates it's ARMv7:
Linux trevorpi 4.14.71-v7+ #1145 SMP Fri Sep 21 15:38:35 BST 2018 armv7l GNU/Linux
Obviously, the x86 Docker image for golang doesn't work, because it's not ARM-compatible. I can pull the image, but it won't run due to processor architecture:
pi#trevorpi:~ $ docker pull golang:latest
latest: Pulling from library/golang
836de16dcbe9: Already exists
490028bf21ec: Already exists
b9aece5a7acf: Already exists
e5bf67252042: Already exists
a221240e1da3: Already exists
efcf11bc5c78: Already exists
32d2d4bbdbd3: Already exists
599e9bccee8b: Already exists
b77bfa353366: Already exists
dc799d5ef217: Already exists
cb12e793d3e1: Already exists
c984412a4f12: Already exists
Digest: sha256:ce05c9f8151cc4ff3ce508509720597d103b630aa024bcfb012107149abfa361
Status: Image is up to date for golang:latest
pi#trevorpi:~ $ docker run --rm -it golang
WARNING: Your kernel does not support memory swappiness capabilities, memory swappiness discarded.
exec format error
Error response from daemon: Cannot start container 0c04cb7f7192f2059b029637bd6306c0a4ff83299e3a20df920b3ea56339ab7a: [8] System error: exec format error
Question: I manually verified that the latest tag is valid. What do I need to do to pull this image?
Maybe you are trying to download an image not available for your system (OS or Architecture).
$ docker manifest inspect -v arm32v7/golang:latest
[
{
"Ref": "docker.io/arm32v7/golang:latest#sha256:faf19ab885f9d0779bbbd615eee610c5aedfdd203ac5fceefbd5fc8afd73a2ac",
"Descriptor": {
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"digest": "sha256:faf19ab885f9d0779bbbd615eee610c5aedfdd203ac5fceefbd5fc8afd73a2ac",
"size": 1795,
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v7"
}
Are you sure your raspberry uses arm v7 architecture? Unfortunately, I don't have raspberry ow my own, so I can't reproduce this problem.
Have you tried do pull with other tags than latest? Also, You could try to build this image yourself. Golang repo
Maybe try with an official repository for golang:
docker pull golang:latest
they also support your architecture:
Supported architectures: md64, arm32v6, arm32v7, arm64v8,
i386, ppc64le, s390x, windows-amd6
Maybe this is a connection/firewall issue. Can you pull from other repositories?
I am trying to get Docker user namespaces to work with SELinux enabled on Centos 7.5. However, I get this error everytime:
docker run -itd --name temp -p 80:80 httpd
1a83588651b407e547881e15190b6d39692a7a2cf2df73dcaf4f37730ebdca65
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:301: running exec setns process for init caused \"exit status 40\"": unknown.
This does not happen if I turn of SELinux.
Here is my /etc/docker/daemon.json:
{
"userns-remap": "dockerspace",
"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2376"],
"tls": true,
"tlscacert": "/etc/pki/tls/certs/docker-ca.pem",
"tlscert": "/etc/pki/tls/certs/docker-cert.pem",
"tlskey": "/etc/pki/tls/private/docker-key.pem",
"tlsverify": true,
"selinux-enabled": true
}
uname -a output:
Linux atlantis.newtarget.net 3.10.0-862.9.1.el7.x86_64 #1 SMP Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
cat /proc/cmdline output:
BOOT_IMAGE=/vmlinuz-3.10.0-862.9.1.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet LANG=en_US.UTF-8 namespace.unpriv_enable=1 user_namespace.enable=1
Any help is greatly appreciated. Thanks.
You've got a bit more going on than I do when I was getting that error, but here goes!
Based on your cat /proc/cmdline output it looks like you have already done:
sudo grubby --args="namespace.unpriv_enable=1" --update-kernel=/boot/vmlinuz-$(uname -r)
You might need to restart for this to take effect (if you haven't already).
You also need to make sure the value in /proc/sys/user/max_user_namespaces is at least greater than 0:
echo 12345 > /proc/sys/user/max_user_namespaces
These settings along with configuring [/etc/subuid, /etc/subgid, /etc/docker/daemon.json] correctly it worked for me with selinux enabled. docker documentation on user namespacing, how to configure the above files (must be done manually for each on centos/rhel)
I am trying to configure docker-compose to use different network range by default, so I follow instructions from https://github.com/moby/moby/pull/29376
However, I get following error:
unable to configure the Docker docker daemon with file
/etc/docker/daemon.json: the following directives don't match any
configuration option: default-address-pools
Here is the content of daemon.json - it is the sample taken from the #29376.
{
"default-address-pools": [
{
"scope": "local",
"base": "172.80.0.0/16",
"size": 24
},
{
"scope": "global",
"base": "172.90.0.0/16",
"size": 24
}
]
}
Please advise.
My env:
# uname -a
Linux gfn-classroom 4.4.0-109-generic #132-Ubuntu SMP Tue Jan 9 19:52:39 UTC
2018 x86_64 x86_64 x86_64 GNU/Linux
# docker --version
Docker version 17.12.0-ce, build c97c6d6
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
This is merged in https://github.com/moby/moby/pull/36396 and (hopefully) will be available in 18.06. [Reference]
Also note changing default address pool is also available as a cli argument, e.g.:
/usr/bin/dockerd -H ... --default-address-pool base=172.29.0.0,size=16
Pull-request https://github.com/moby/moby/pull/29376 was closed, not merged, so that feature is not available (yet) in Docker
I'm trying to pack an application compiled with Bazel into a Docker image, using Bazel.
I have an empty WORKSPACE file, the following main.cc file:
#include <stdio.h>
int main() { printf("Hello World\n"); }
and the following BUILD file (all in the same folder):
load("#bazel_tools//tools/build_defs/docker:docker.bzl", "docker_build")
cc_binary(
name = "hello",
srcs = ["main.cc"],
)
docker_build(
name = "hello_docker",
files = [":hello"],
cmd = ["./hello"],
)
Gist is available here.
When I run bazel run :hello, I can see "Hello World" successfully printed. Then I run bazel build :hello_docker.tar which is supposed to generate a full image for docker in bazel-bin/hello_docker.tar. Looks like it does.
Then I run:
$ docker load -i bazel-bin/hello_docker.tar
51525b594688: Loading layer [==================================================>] 10.24 kB/10.24 kB
Loaded image ID: sha256:252367f43640968343ecd78b2a3533c8ed99c4be66d73fc3ec6ccb137df19625
Then I list all images:
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 14.04 b969ab9f929b 3 weeks ago 188 MB
docker/whalesay latest 6b362a9f73eb 21 months ago 247 MB
<none> <none> 252367f43640 292 years ago 8.048 kB
Looks like the image which was just loaded does not have any repository or tag associated with it. Why can that be and how do I fix that? The "created" value is huge as expected (Bazel clears timestamps for reproductibility).
When I look inside hello_docker.tar, I see something related to the expected repository/tag inside the repository file:
{
"bazel/": {
"hello_docker": "3d529b3ceeb0d9ef33f6225e655f3f5a0e061888f25cd6a3fac11604778ef6a8"
}
}
Another problem: when I try to run the image in a new container, it fails:
$ docker run -t -i 25236
docker: Error response from daemon: oci runtime error: exec: "./hello": stat ./hello: no such file or directory.
I looked inside the generated tar file one more time and found out that there is an executable here, but it's named o for some reason. Another attempt and a different error:
$ docker run -t -i 25236 ./o
write pipe: bad file descriptor
Strangely enough, if I pack that hello executable with my own Dockerfile like this, "Hello World" is printed as expected:
FROM ubuntu:14.04
ADD hello .
CMD ./hello
Can anyone suggest how to fix any of these three issues? I think that they're interconnect and I have wrong BUILD file (maybe I should somehow specify which Linux image to use as a base?). Recap:
Repository/tag name is not displayed after image generated by Bazel is imported into Docker.
hello file is added to the image under the name o.
Even when run as o, Dockered executable yields "bad file descriptor" message.
My software versions:
$ bazel version
Build label: 0.4.4
Build target: bazel-out/local-fastbuild/bin/src/main/java/com/google/devtools/build/lib/bazel/BazelServer_deploy.jar
Build time: Wed Feb 1 18:54:21 2017 (1485975261)
Build timestamp: 1485975261
Build timestamp as int: 1485975261
$ docker version
Client:
Version: 1.12.3
API version: 1.24
Go version: go1.6.2
Git commit: 6b644ec
Built: Mon, 19 Dec 2016 09:20:48 +1300
OS/Arch: linux/amd64
Server:
Version: 1.12.3
API version: 1.24
Go version: go1.6.2
Git commit: 6b644ec
Built: Mon, 19 Dec 2016 09:20:48 +1300
OS/Arch: linux/amd64