I installed docker on a Raspberry Pi.
I created the docker group and added my current user (pi) in the new group so I don't have to sudomy docker commands
A volume I want to use is created docker volume create appdemaon_config Created in /var/lib/docker/volumes/appdaemon_config/_data (root:root perms created by default)
Then when I start the container like so
docker run --rm --name=appdaemon -v appdaemon_config:/conf -p 5050:5050\
-e HA_URL="http://192.168.1.105:8123"\
-e ASH_URL="http://$HOSTNAME:5050" 76d1dca80fdaD`
(I also tried docker run with sudo, same result)
The script executed in the container is supposed to create 2 directories in the conf dir (which is the mounted volume) but it throws a permission error.
I'm not even allowed to lsthe volume with my pi user, I have to sudo.
What am I missing about the perms or perms execution of a docker container ?
Related
I have built a docker image to run a jenkins server in and after creating a container for this image, I find that the container remains on exit status, and never starts. Even when I attempt to start the container with the UI.
Here are the steps I have taken, and perhaps I am missing something?
docker pull jenkins/jenkins
sudo mkdir /var/jenkins_home
docker run -p 9080:8080 -d -v /var/jenkins_home:/var/jenkins_home jenkins/jenkins
I already have java running on the port 8080, maybe this is impacting the container status?
java 2968 user 45u IPv6 0xbf254983f0051d87 0t0 TCP *:http-alt (LISTEN)
Not sure why its running on this port, I have attempted to kill the PID but it recreates itself.
Following the comments:
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fc880ccd31ed jenkins/jenkins "/usr/bin/tini -- /u…" 3 seconds ago Exited (1) 2 seconds ago vigorous_lewin
docker logs vigorous_lewin
touch: setting times of '/var/jenkins_home/copy_reference_file.log': No such file or directory
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
The docs say
NOTE: Avoid using a bind mount from a folder on the host machine into
/var/jenkins_home, as this might result in file permission issues (the
user used inside the container might not have rights to the folder on
the host machine). If you really need to bind mount jenkins_home,
ensure that the directory on the host is accessible by the jenkins
user inside the container (jenkins user - uid 1000) or use -u
some_other_user parameter with docker run.
So they recommend using a docker volume rather than a bind mount like you do. If you have to use a bind mount, you need to ensure that UID 1000 can read and write the host directory.
The easiest solution is to run the container as root by adding -u root to your docker run command, like this
docker run -p 9080:8080 -d -v /var/jenkins_home:/var/jenkins_home -u root jenkins/jenkins
That's not as secure though, so depending on what environment you're running your container in, that might not be a good idea.
I am running a docker container with docker mounted inside using :
docker run -v /Path/to/service:/src/service -v /var/run/docker.sock:/var/run/docker.sock --net=host image-name python run.py
This runs a python script that creates a data folder in /src and fills it. When printing os.listdir('/src/data'), I get a list of files.
I then run a container from within this container, mounting the data folder, using docker-py.
volumes = {'/src/data': {'bind': '/src', 'mode': 'rw'}}
client.containers.run(image, command='ls data', name=container_key, network='host', volumes=volumes)
And it prints :
Starting with UID: 0 and HOME: /src\n0\n'
Which means data is mounted, but empty. What am I doing wrong ?
So- mounting docker inside the container means that containers started from in there are running on your HOST machine.
The end result is you have two containers on host- one with
/Path/to/service:/src/service
and one with
/src/data:/src
If you want to share a volume between two containers you should usually use a "named" volume like
docker run -v sharedvolume:/src/data and docker run -v sharedvolume:/src
I am looking for a way to create a Docker volume and put some data on it just before a specific container is started - which needs the configuration on startup.
I do not want to modify the container. I would like to use a vanilla container straight from the Docker Hub.
Any ideas?
Update
I did not mention that all this has to be done in a compose file. If I would do it manually, I could wait for the configuration injecting container to finish.
Absolutely! Just create your volume beforehand, attach it to any container (A base OS like Ubuntu would work great), add your data, and you're good to go!
Create the volume:
docker volume create test_volume
Attach it to an instance where you can add data:
docker run --rm -it --name ubuntu_1 -v test_volume:/app ubuntu /bin/sh
Add some data:
Do this within the container; which you are in from the previous command.
touch /app/my_file
Exit the container:
exit
Attach the volume to your new container:
Of course, replace ubuntu with your real image name.
docker run --rm -it --name ubuntu_2 -v test_volume:/app ubuntu /bin/sh
Verify the data is there:
~> ls app/
my_file
I have the following Dockerfile :
FROM jboss/wildfly
USER jboss
RUN mkdir -p /opt/jboss/wildfly/standalone/log
VOLUME /opt/jboss/wildfly/standalone/log
CMD /bin/bash
# CMD true
This resulting image is started with docker run -ti --name=data_volume data/volume. The next Dockerfile
FROM jboss/wildfly
RUN sed -i 's|<file relative-to="jboss.server.log.dir"
path="server.log"/>|\<file relative-to="jboss.server.log.dir"
path="\${jboss.host.name}-server.log"/\>|'
/opt/jboss/wildfly/standalone/configuration/standalone.xml
overrides the logging of the resulting jboss to log to "servername"-server.log in the logging dir. When I start the resulting image with docker run -ti --name=wild-01 --volumes-from=data_volume my/wildfly and docker run -ti --name=wild-02 --volumes-from=data_volume my/wildfly I have two log files in my data_colume container. So fine so good.
I would like to point my volume to a directory on the host eg. /var/log/wildfly.
How can I achieve this in Dockerfiles and not with the -v parameter when running data/volume
Thanks a lot in advance
Inside dockerfiles you can only define volumes in /var/lib/docker/volumes. This is because every host can be different from the other.
Docker uses /var/lib/docker as "docker area" where it stores all docker-related data. It's the directory that's guaranteed on every host because it gets created on installation.
If you were to point out a volume in the dockerfile, let's say to /home/mbieren/docker_vol, the image would result in multiple errors when executed on a different host, as that directory does not exist and the user probably has insufficient permissions to create it.
Docker goes around that problem by not allowing custom mount-paths to be set in the dockerfile.
I would like to point my volume to a directory on the host eg. /var/log/wildfly.
remove all mention of volumes from your Dockerfile ... launch your container using
docker run -d -v /var/log/wildfly:/var/log/wildfly your-image-name
then in your code just reference the normal path
/var/log/wildfly
Your syntax to launch the container using docker run -ti makes the container shell interactive whereas -d is the normal mode to spin it up as a daemon running in the background
I have jenkins running inside container and project source code on github.
I need to run project in container on the same host as jenkins, but not as docker-in-docker, i want to run them as sibling containers.
My pipeline looks like this:
pull the source from github
build the project image
run the project container
What i do right now is using the docker socket of host from jenkins container:
/var/run/docker.sock:/var/run/docker.sock
I have problem when jenkins container mount the volume with source code from /var/jenkins_home/workspace/BRANCH_NAME to project container:
volumes:
- ./servers/identity/app:/srv/app
i am getting empty folder "/srv/app" in project container
My best guess is that docker tries to mount it from host and not from the jenkins container.
So the question is: how can i explicitly set the container from which i mount the volume?
I got the same issue when using Jenkins docker container to run another container.
Senario 1 - Running container inside Jenkins docker container
This is not a recommended way, explanations goes here. If you still need to use this approach, then this problem is not a problem.
Senario 2 - Running docker client inside Jenkins container
Suppose, we need to run another container (ContainerA) inside Jenkins docker container, docker pipeline plugin will use --volumes-from to mount Jenkins container volume to ContainerA.
If you trying to use --volume or -v to map specific directory in Jenkins container to ContainerA, you will got an unexpected behavior.
That's because --volumes or -v would try to map directories in host to ContainerA, rather than mapping from directories inside Jenkins container. If the directories not found in host, then you will get an empty dir inside ContainerA.
In short, we can not map a specific directory from containerA to containerB, we could only mount the whole volumes from containerA to containerB, and volume alias is not supported.
Solution
If your Jenkins is running with host volume, you can map the host directories to the target container.
Otherwise, you can access the files inside the newly created container with the same location as Jenkins container.
try:
docker run -d --volumes-from <ContainerID> <YourImage>
where container ID is id of container you want for mont data from.
You can also create volume, by:
docker volume create <volname>
and assign it to both containers
volumes:
- <volname>:/srv/app
Sharing the sock between the Host and Jenkins was my problem because "/var/jenkins_home" is most likely a volume for the Jenkins container.
My solution was installing docker inside a systemd container without sharing the sock.
docker run -d --name jenkins \
--restart=unless-stopped \
--privileged \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-v jenkins-vol:/var/lib/jenkins \
--tmpfs /run \
--tmpfs /run/lock \
ubuntu:16.04 /sbin/init
Then install Jenkins, Docker and Docker Compose on it.