I'm trying to change daemon.json on Docker Desktop for Windows (Windows 10 Aniversary latest updates installed) 1.13.0-rc5 so I can change the "hosts": [] setting like this:
{
"hosts": [
"tcp://0.0.0.0",
"http://0.0.0.0"
]
}
However, after change the settings using the settings app I got this error:
Docker daemon failed with message: unable to configure the Docker
daemon with file C:\ProgramData\docker\config\daemon.json: the
following directives are specified both as a flag and in the
configuration file: hosts: (from flag:
[npipe:////./pipe/docker_engine_windows], from file: [tcp://0.0.0.0
http://0.0.0.0])
Looks like the daemon is already started with -H flag and the json config isn't merged with it.
So, how can we change those settings by either json file or change the dockerd startup parameters?
You have a similar case with issue 22339:
This is expected; you cannot specify options both as a flag and in the configuration file (daemon.json).
If you change your DOCKER_OPTS to DOCKER_OPTS="" and restart, then it should work. We explicitly don't "merge" these configurations.
Or add in docker.conf
[Service]
ExecStart=
ExecStart=/path/to/dockerd
# or
ExecStart=/path/to/dockerd daemon
But the official stance remains:
There's no bug in the systemd configuration, to override defaults in a systemd unit file, you can use a drop-in file, as described in "Custom Docker daemon options".
Producing an error if both a flag and an option in daemon.json are provided was a design decision when implementing that (in general, flags should always have precedence over configuration files); automatically merging options was not an option, as this would lead to unexpected results (was the intent to override an option, or to add to an option?)
PR 27473 was rejected, for issue 21559.
Related
I saw this post with different solutions for standard docker installation:
How to change the default location for "docker create volume" command?
At first glance I struggle to repeat the steps to change the default mount point for the rootless installation.
Should it be the same? What would be the procedure?
I just got it working. I had some issues because I had the service running while trying to change configurations. Key takeaways:
The config file is indeed stored in ~/.config/docker/. One must make a daemon.json file here in order to change preferences. We would like to change the data-root option (and storage-driver, in case the drive does not have capabilities
To start and stop the headless service one runs systemctl --user [start | stop] docker.
a. Running the systemwide service starts a parallel and separate instance of docker, which is not rootless.
b. When stopping make sure to stop the docker.socketfirst.
Sources are (see Useage section for rootless)
and (config file information)
We ended up with the indirect solution. We have identified the directory where the volumes are mounted by default and created a symbolic link which points to the place where we actually want to store the data. In our case it was enough. Something like that:
sudo ln -s /data /home/ubuntu/.local/share/docker/volumes"
I'm trying to add a mirror to my docker in order to use my server
to cache images from docker hub using the following syntax:
/etc/docker/daemon.json
{
"registry-mirrors": ["https://myserver.com"]
}
I have seen the above config even docker's official documentation.
but my ubuntu 20.04 does not read that file at all. Even if I restart the
docker service.
You should rewrite the configuration file as follow:
{
"registry-mirrors": ["myserver.com"]
}
Remove the protocol!
Intro
Added a directive to daemon.json which was just being ignored when I restarted Docker. Docker was restarting without error, it was just ignoring my change.
Problem
I was attempting to change the default log target to syslog from json-file by APPENDING the log-driver directive to the end of /etc/docker/daemon.json (I was scripting my Docker install and so was building this file incrementally).
But no matter WHAT I did, I could not get the change read. The output of docker info --format '{{.LoggingDriver}}' was always json-file.
Troubleshooting
Investigated the potential of a formatting error like the accepted answer, but this bore no fruit. Reading, re-reading of the Docker docs. Googling. Nothing could clear the error.
Solution
The Problem? Looks like Docker was really finicky about the ORDER the logging directive "log-driver" appeared. After wasting hours and beating my brains in, I changed the order the directive appeared in the file by PREPENDING it to the top of daemon.json like so:
{
"log-driver": "syslog",
"default-address-pools":
[
{"base":"192.168.X.X/24","size":28}
]
}
With the directive at the TOP, the change was recognized after restarting Docker and the output of docker info --format '{{.LoggingDriver}}' was now as expected: syslog. Go figure...
Conclusion
It was a silly problem, but wow did it waste some cycles figuring out how things were broken. Hope this get folks like myself out of a hole who couldn't find this solution Googling-
I'm trying to run docker in a partially locked-down environment, with /etc on a read-only mount point and a "/data" folder in a read/write mount point. I've added an /etc/docker/daemon.json file:
{
"data-root": "/data/docker"
}
but dockerd is failing on startup with this error:
failed to start daemon: Error saving key file: open /etc/docker/.tmp-key.json128868007: read-only file system
Can I stop dockerd from trying to write into /etc? Are there best practices for running docker on a host with read-only mounts?
EDIT: Turns out there was only one file being written: /etc/docker/key.json which is talked about in detail here. The .tmp-key.json bit is likely a part of some atomic file write code.
Looks like only the "key.json" file is written to /etc. After some digging, I found this PR which talks about making it configurable. As of docker 19.03.6, the option is still available for use in the daemon.json file as "deprecated-key-path": "/path/to/file".
While setting up and configure some docker containers I asked myself how I could automatically edit some config files inside the container after the containerized service finished installing (since the config files are created at the installation).
I have tried that using a shell file and adding it as the entrypoint in the Dockerfile. However, as I have said the config file does not exist right at the beginning and hence the sed commands in the script fail.
Linking an config files with - ./myConfig.conf:/xy/myConfig.conf is also not an option because the config contains some installation dependent options.
The most reasonable solution I have found was running a script, which edits the config, manually after the installation has finished with docker exec -i mycontainer sh < editconfig.sh
EDIT
My question is formulated in general terms. However, the question arose while working with Nextcloud in a docker-compose setup similar to the official example. That container contains a config.php file which is the general config file of Nextcloud and is generated during the installation. Certain properties of that files have to be changed (there are only a very limited number of environmental variables to specify). Since I am conducting some tests with this container I have to repeatedly reinstall it and thus reedit the config file.
Maybe you can try another approach and have your config file/application pick its settings from the environmental variables. That would be consistent with the 12factor app methodology see here
How I understand your case you need to start your container from creating config by some template.
I see a number of options to do it:
Use some script that generates a config from template and arguments from a command line or environment variables. (Jinja2 and python for example or Mustache and node.js ). In this case, your entrypoint generate the template and after this start application. For change config, you will be forced restart service (container).
Run some service can save the configuration and render you configuration in run time. Personally, I like consul template, we active use this engine in our environment, and have no problems for while. In this case, config is more dynamic and able to be changed "on the fly". In your container, you will have two processes, application, and consul-template daemon. Obviously, you will need to run and maintain consul. For reloading config restart of an application process is enough.
Run a custom script to create the config. :)
When I do a docker login to a private repository using docker 1.10.1, an entry is created in my ~/.docker/config.json file. Is this file in the same format as what I see being called a .dockercfg file? Is the config.json file interchangeable with a .dockercfg file?
I assume config.json is the new .dockercfg file.
See "docker/cliconfig/config.go"
// ConfigFileName is the name of config file
ConfigFileName = "config.json"
oldConfigfile = ".dockercfg"
The new config file is now documented under man/config-json.5.md
That was introduced in commit 18c9b6c in docker 1.7.0 (April 2015)
Add .docker/config.json and support for HTTP Headers
This PR does the following:
migrated ~/.dockerfg to ~/.docker/config.json.
The data is migrated but the old file remains in case its needed.
Note: since 2016:
config-json.5 to docker-config-json.5 (commit a596d3d, docker docs-v1.12.0-2016-07-28 )
the documentation was moved to docker/cli (commit b5579a4, Docker v17.07.0-ce-rc1)
It differs from docker-daemon.8.md which uses by default /etc/docker/daemon.json, the daemon configuration file introduced with Docker v1.10.
So:
config.json is for the docker CLI
daemon.json is for the dockerd (daemon) CLI
But the config.json (which applies to all containers) does not include docker run network settings: --net=host could not be specified in that config file.
Update 2021 (since 2017), as noted by slm in the comments:
The credentials are now stored in whatever your OS makes use of for managing secrets.
On MacOS they get stored under Keychain, you can find them by looking for "Docker Credentials" under All Items
You can see the project docker/docker-credential-helpers: a suite of programs to use native stores to keep Docker credentials safe.
See docker login/Credentials Store for more.