Docker experimental version on Red Hat - docker

I have a Red Hat machine on an AWS cloud. I installed Ansible and Docker (experimental version as the community edition cannot be installed now on Red Hat). Now I am runnig a simple command to check whether Docker works:
ansible local -m shell -a "docker pull hello-world"
I'm getting the following error:
localhost | FAILED | rc=1 >>
Using default tag: latest
Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon. Is the docker daemon running on this host?). Using system default: https://index.docker.io/v1/Cannot connect to the Docker daemon. Is the docker daemon running on this host?
When I use
sudo ansible local -m shell -a "docker pull hello-world"
localhost | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
I have tested Ansible by copying a file into local host and it works fine whereas with Docker I'm facing this issue. Is there anything I am missing or anything that needs to be setup for Docker's experimental version?

You don't want to run ansible through sudo but tell ansible that it should run the command using sudo. That can be done by adding the -s flag
ansible local -s -m shell -a "docker pull hello-world"

Related

Problems with Microk8s registry

I have two virtual machines: one with microk8s and another without microk8s. In order to build containers, I use the Microk8s registry to save my docker image. To ahieve this, I execute this commands:
microk8s enable registry
docker build . -t dirIPoftheVM:32000/vnf-image:registry
echo '{"insecure-registries": ["dirIPoftheVM"]}' | sudo tee /etc/docker/daemon.json
sudo service docker restart
docker push :32000/vnf-image:registry
In the other machine, I execute:
docker run dirIPoftheMV:32000/vnf-image:registry
and it returns the following error:
docker: Error response from daemon: Get "https://dirIPoftheVM:32000/v2/": http: server gave HTTP response to HTTPS client
How can I solve this?

permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

we are getting this error while trying to run docker commands. E.g.:
$ docker image ls
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.38/images/json: dial unix /var/run/docker.sock: connect: permission denied
So we followed the steps here but the problem remains. Then we saw this question where it is advised
You have to restart the docker daemon, otherwise it won't let members
of the docker group to control the docker daemon
but are having trouble restarting the service
$ sudo service docker restart
Failed to restart docker.service: Unit docker.service not found.
we are using
$ docker -v
Docker version 18.06.1-ce, build e68fc7a
on
$ uname -a
Linux jnj 4.15.0-1036-azure #38-Ubuntu SMP Fri Dec 7 02:47:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
the docker group has been successfully created and we are member of it
$ grep docker /etc/group
docker:x:1001:siddjain
Also we did log out and log back in. we are able to run docker commands with sudo. Also
$ sudo snap services
Service Startup Current Notes
docker.dockerd enabled active -
can anyone help us?
The solution was to restart docker daemon using snap (since that is how we installed docker)
siddjain#jnj:~$ sudo snap stop docker
Stopped.
siddjain#jnj:~$ snap start docker
error: access denied (try with sudo)
siddjain#jnj:~$ sudo snap start docker
Started.
After that we are able to run docker commands without having to sudo
siddjain#jnj:~$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
siddjain#jnj:~$
Our joy was shortlived as we immediately ran into another error after this one when we tried to run another container.
mkdir /var/lib/docker: read-only file system
To fix it we had to uninstall and reinstall docker again - this time from the official documentation as described here

Packer Docker Builder with remote docker daemon

I'm using packer docker builder with ansible to create docker image (https://www.packer.io/docs/builders/docker.html)
I have a machine(client) which is meant to run build scripts. The packer docker is executed with ansible from this machine. This machine has docker client. It's connected to a remote docker daemon. The environment variable DOCKER_HOST is set to point to the remote docker host. I'm able to test the connectivity and things are working good.
Now the problem is, when I execute packer docker to build the image, it errors out saying:
docker: Run command: docker run -v /root/.packer.d/tmp/packer-docker612435850:/packer-files -d -i -t ubuntu:latest /bin/bash
==> docker: Error running container: Docker exited with a non-zero exit status.
==> docker: Stderr: docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
==> docker: See 'docker run --help'.
It seems the packer docker is stuck looking at local daemon.
Workaround: I renamed docker binary and introduced a script called "docker" which sets DOCKER_HOST and invokes the original docker binary with parameters passed on.
Is there a better way to deal this?
Packers Docker builder doesn't work with remote hosts since packer uses the /packer-files volume mount to communicate with the container. This is vaguely expressed in the docs with:
The Docker builder must run on a machine that has Docker installed.
And explained in Overriding the host directory.

docker: not found when using docker command using Docker Jenkins container

jenkins is running in a Docker container.
Docker is using in a Mac OS. So I marked out these lines in jenkins.yml:
# mount docker sock and binary for docker in docker (only works on linux)
#- /var/run/docker.sock:/var/run/docker.sock
#- /usr/bin/docker:/usr/bin/docker
in Jenkinsfile which is generated by JHipster and includes two tasks int he pipeline:
Perform the build in a Docker container
Analyze code with Sonar
List item
node {
stage('checkout') {
checkout scm
}
docker.image('openjdk:8').inside('-u root -e MAVEN_OPTS="-Duser.home=./"') {
stage('check java') {
sh "java -version"
}
checkout from bitbucket was successful. the pipeline stopped and got an error at docker "pull openjdk:8". Console Output is:
[AAAAApp] Running shell script
+ docker inspect -f . openjdk:8
/var/jenkins_home/workspace/GeneticsDB#tmp/durable-21459aca/script.sh:
2: /var/jenkins_home/workspace/GeneticsDB#tmp/durable-21459aca/script.sh: docker: not found
[Pipeline] sh
[AAAAApp] Running shell script
+ docker pull openjdk:8
/var/jenkins_home/workspace/GeneticsDB#tmp/durable-d5590370/script.sh:
2: /var/jenkins_home/workspace/GeneticsDB#tmp/durable-d5590370/script.sh: docker: not found
but this command could be run successfully in the command line, like below:
docker pull openjdk:8
8: Pulling from library/openjdk
Digest: sha256:18c9622a8dc67b608a2dd0178b4c5aebc0e2da9a656072c6e799cfc46cb96422
Status: Image is up to date for openjdk:8
I know there is a similar question: Docker not found when building docker image using Docker Jenkins container pipeline
But my docker is running in Mac OS.
The problem actually is How to run Docker inside a container running on Docker for Mac. It is fixed by
brew install docker
and update jenkins.yml to
# mount docker sock and binary for docker in docker
- /var/run/docker.sock:/var/run/docker.sock
- /usr/local/bin/docker:/usr/local/bin/docker
got an error:
Warning: failed to get default registry endpoint from daemon (Got
permission denied while trying to connect to the Docker daemon socket
at unix:///var/run/docker.sock: Get
http://%2Fvar%2Frun%2Fdocker.sock/v1.35/info: dial unix
/var/run/docker.sock: connect: permission denied). Using system
default: https://index.docker.io/v1/
Got permission denied while trying to connect to the Docker daemon
socket at unix:///var/run/docker.sock: Post
http://%2Fvar%2Frun%2Fdocker.sock/v1.35/images/create?
fromImage=openjdk&tag=8: dial unix /var/run/docker.sock: connect:
permission denied
Solution: update the access permission of /var/run/docker.sock in docker container.
find the container of Jenkins: docker container ps -a
login the container: docker exec -it -u root ec379335d599 /bin/bash
upadte permission: chmod 777 /var/run/docker.sock
If your jenkins is running inside of a docker container, then I'd recommend:
installing docker inside that container
mounting the docker socket so it can run docker commands from inside the container
dynamically adjusting group permissions of the jenkins user in an entrypoint.sh of the jenkins container, so you don't need to change permissions of the docker socket or try to match the host group to the container group
The last part I do with an entrypoint that runs as root, runs a groupmod to adjust the gid of the user's group, and then drops permissions to that user with an exec + gosu which replaces pid 1 with the jenkins server running as the jenkins user. All the code needed to do this is up in the following git repo: https://github.com/sudo-bmitch/jenkins-docker

Error Pulling private docker repository from mac Boot2Docker

From my mac, successfully install Boot2Docker and everything seems to work well...
However when I try to pull a remote private repository using the following command:
sudo docker pull xxxx/yyyy I get this error message:
FATA[0000] Post http:///var/run/docker.sock/v1.16/images/create?fromImage=xxxx%2Fdev%3Alatest: dial unix /var/run/docker.sock: no such file or directory
When I try using this command docker pull xxxx/yyyy I got this error message:
Pulling repository xxxx/yyyy
FATA[0000] Error: image xxxx/yyyy:latest not found
Can anyone already experiment this error message from mac Boot2Docker ? Yes please let me know how to fix it.
Thanks.
Troubleshooting steps
Try restarting boot2docker
boot2docker restart
ssh into boot2docker boot2docker ssh and then see if the docker process is running ps aux | grep -i '/usr/local/bin/docker -d -D' | grep -v grep
Can you do a docker pull nginx from inside boot2docker? This is to test if docker daemon is functional from inside the boot2docker VM
Check if the docker daemon unix socket file exists inside the boot2docker VM ls /var/run/docker.sock
These steps should help you figure out whats wrong.

Resources