I have below contents in /etc/sysconfig/docker
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --userns-remap=default --log-opt=max-size=10M --log-opt=max-file=30'
DOCKER_CERT_PATH=/etc/docker
# Enable insecure registry communication by appending the registry URL
# to the INSECURE_REGISTRY variable below and uncommenting it
# INSECURE_REGISTRY='--insecure-registry '
# On SELinux System, if you remove the --selinux-enabled option, you
# also need to turn on the docker_transition_unconfined boolean.
# setsebool -P docker_transition_unconfined
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false
# Allow creation of core dumps
GOTRACEBACK=crash
But i can't run any containers with this configuration
[root#server ~]# docker run -ti hello-world
docker: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"mqueue\\\" to rootfs \\\"/var/lib/docker/231072.231072/overlay2/ac28bae7fd341860112089d08b04e54aeeb8b85304be9455c8705ff6d883c4ac/merged\\\" at \\\"/dev/mqueue\\\" caused \\\"operation not permitted\\\"\"".
But when i remove --selinux-enabled from /etc/sysconfig/docker then it works just fine
[root#server ~]# docker run -ti hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
5b0f327be733: Pull complete
Digest: sha256:07d5f7800dfe37b8c2196c7b1c524c33808ce2e0f74e7aa00e603295ca9a0972
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://cloud.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/
Can't these tags co-exist?
docker version
[root#server ~]# docker -v
Docker version 17.03.1-ce, build 276fd32
selinux versions
[root#server ~]# rpm -qa | grep selinux
libselinux-python-2.5-11.el7.x86_64
libselinux-2.5-11.el7.i686
selinux-policy-3.13.1-166.0.2.el7_4.4.noarch
libselinux-2.5-11.el7.x86_64
selinux-policy-targeted-3.13.1-166.0.2.el7_4.4.noarch
libselinux-utils-2.5-11.el7.x86_64
Related
Learning docker following a course in udemy. i have all the prerequisites like docker desktop and switched to windows container. While trying to run a container using
docker container run docker4dotnet/nanoserver hostname
getting error like below
Unable to find image 'docker4dotnet/nanoserver:latest' locally
latest: Pulling from docker4dotnet/nanoserver
b5c97e1d373f: Extracting [==================================================>] 103MB/103MB
docker: failed to register layer: re-exec error: exit status 1: output: hcsshim::ProcessBaseLayer \?\C:\ProgramData\Docker\windowsfilter\90f22cdfe817e491c24b8e26f35b4ec43c6477ce0c86cdbfb95a59e2606762a5: The semaphore timeout period has expired.
unable to figure it out. can some one help on this
NOTE : tried to switch the container to linux but it says
Unable to find image 'docker4dotnet/nanoserver:latest' locally
latest: Pulling from docker4dotnet/nanoserver
b5c97e1d373f: Downloading
docker: image operating system "windows" cannot be used on this platform.
NOTE 2 : Even tried
docker run -d -p 8090:80 docker/getting-started it says below even though windows container is selected
PS C:\WINDOWS\system32> docker run -d -p 8090:80 docker/getting-started
docker: Error response from daemon: operating system on which parent image was created is not Windows.
use this lines in cmd:
docker pull mcr.microsoft.com/windows/nanoserver:20H2
docker container run mcr.microsoft.com/windows/nanoserver:20H2 hostname
I'm getting possibly incorrect behavior and a bad error message if I run an image if a linked container is not found:
# this works:
> docker run --rm -d --name natsserver nats
> docker run --rm -it --name hello-world --link natsserver hello-world
# now stop natsserver again...
> docker stop natsserver
When I run hello-world again with the same command, I don't understand the first part of the error handling - why does docker try to pull?
> docker run --rm -it --name hello-world --link natsserver hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
Digest: sha256:b8ba256769a0ac28dd126d584e0a2011cd2877f3f76e093a7ae560f2a5301c00
Status: Image is up to date for hello-world:latest
docker: Error response from daemon: could not get container for natsserver: No such container: natsserver.
See 'docker run --help'.
And things get even worse if I try to run an image I have built locally:
> docker build -t nats-logger .
[...]
Successfully tagged nats-logger:latest
> docker run --rm -it --name nats-logger --link=natsserver nats-logger
Unable to find image 'nats-logger:latest' locally
docker: Error response from daemon: pull access denied for nats-logger, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
So my questions are:
a) Is docker allowed to try to pull in this case, or is this a bad behavior?
b) Is this really a bad error message, or did I miss something?
P.S.: I'm running Docker version 19.03.2, build 6a30dfc on Windows 10.
Is docker allowed to try to pull in this case
Docker will pull image if it is not available on the machine.
Unable to find image 'hello-world:latest' locally
This warning message is not due to linking, it is because hello-world:latest is not exist in your system local images. so whe run docker run it will look on local then will pull from remote if not exist.
Now First thing, Better to use docker-compose instead of Legacy container links.
You can not link the container if it's not running. verify the container natsserver using docker ps and then if it is running then you can link.
docker run --rm -it --name hello-world --link natsserver:my_natserver_host hello-world
Once up you can then check the linking.
docker inspect hello-world | grep -A 1 Links
Legacy container links
Warning: The --link flag is a legacy feature of Docker. It may
eventually be removed. Unless you absolutely need to continue using
it, we recommend that you use user-defined networks to facilitate
communication between two containers instead of using --link. One
feature that user-defined networks do not support that you can do with
--link is sharing environment variables between containers. However, you can use other mechanisms such as volumes to share environment
variables between containers in a more controlled way.
simply try "docker login".
check if your image name is exist in docker hub
and check correct docker build command -> docker build -t image-name .
review the correctness of Docker file script
we are getting this error while trying to run docker commands. E.g.:
$ docker image ls
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.38/images/json: dial unix /var/run/docker.sock: connect: permission denied
So we followed the steps here but the problem remains. Then we saw this question where it is advised
You have to restart the docker daemon, otherwise it won't let members
of the docker group to control the docker daemon
but are having trouble restarting the service
$ sudo service docker restart
Failed to restart docker.service: Unit docker.service not found.
we are using
$ docker -v
Docker version 18.06.1-ce, build e68fc7a
on
$ uname -a
Linux jnj 4.15.0-1036-azure #38-Ubuntu SMP Fri Dec 7 02:47:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
the docker group has been successfully created and we are member of it
$ grep docker /etc/group
docker:x:1001:siddjain
Also we did log out and log back in. we are able to run docker commands with sudo. Also
$ sudo snap services
Service Startup Current Notes
docker.dockerd enabled active -
can anyone help us?
The solution was to restart docker daemon using snap (since that is how we installed docker)
siddjain#jnj:~$ sudo snap stop docker
Stopped.
siddjain#jnj:~$ snap start docker
error: access denied (try with sudo)
siddjain#jnj:~$ sudo snap start docker
Started.
After that we are able to run docker commands without having to sudo
siddjain#jnj:~$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
siddjain#jnj:~$
Our joy was shortlived as we immediately ran into another error after this one when we tried to run another container.
mkdir /var/lib/docker: read-only file system
To fix it we had to uninstall and reinstall docker again - this time from the official documentation as described here
I'm using packer docker builder with ansible to create docker image (https://www.packer.io/docs/builders/docker.html)
I have a machine(client) which is meant to run build scripts. The packer docker is executed with ansible from this machine. This machine has docker client. It's connected to a remote docker daemon. The environment variable DOCKER_HOST is set to point to the remote docker host. I'm able to test the connectivity and things are working good.
Now the problem is, when I execute packer docker to build the image, it errors out saying:
docker: Run command: docker run -v /root/.packer.d/tmp/packer-docker612435850:/packer-files -d -i -t ubuntu:latest /bin/bash
==> docker: Error running container: Docker exited with a non-zero exit status.
==> docker: Stderr: docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
==> docker: See 'docker run --help'.
It seems the packer docker is stuck looking at local daemon.
Workaround: I renamed docker binary and introduced a script called "docker" which sets DOCKER_HOST and invokes the original docker binary with parameters passed on.
Is there a better way to deal this?
Packers Docker builder doesn't work with remote hosts since packer uses the /packer-files volume mount to communicate with the container. This is vaguely expressed in the docs with:
The Docker builder must run on a machine that has Docker installed.
And explained in Overriding the host directory.
If you launch docker-run by yourself it works, if you do this with docker-compose it doesn't
roman#debian ~/D/O/devops> docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
ca4f61b1923c: Pull complete
Digest: sha256:083de497cff944f969d8499ab94f07134c50bcf5e6b9559b27182d3fa80ce3f7
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://cloud.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/
roman#debian ~/D/O/devops> docker-compose build app
Building app
ERROR: Couldn't connect to Docker daemon - you might need to run `docker-machine start default`.
roman#debian ~/D/O/devops>
Ok it's solved, previously been installing compose from repository, now installed through pip and it's working