I ran a command like this in a docker-in-docker (dind) scenario:
docker daemon --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay
And I got this in the logs:
INFO[0000] libcontainerd: new containerd process, pid: 18
FATA[0000] Failed to connect to containerd. Please make sure containerd is installed in your PATH or you have specificed the correct address. Got error: write /proc/18/oom_score_adj: permission denied
Be sure to run the container in privileged mode.
docker run --privileged ...
This should fix the problem; you should now be able to install and run Docker inside this Docker image.
Related
2 days I try to run the docker inside an ubuntu container:
docker run -it ubuntu bash
Install docker by instruction of https://docs.docker.com/engine/install/ubuntu/ or/and https://phoenixnap.com/kb/how-to-install-docker-on-ubuntu-18-04
Finally I have installed docker:
root#e65411d2b70a:/# docker -v
Docker version 19.03.6, build 369ce74a3c
But when I try to run docker run hello-world have some problem
root#5ac21097b6f6:/# docker run hello-world
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
In service list not docker:
root#5ac21097b6f6:/# service docker start
docker: unrecognized service
root#5ac21097b6f6:/# service --status-all
[ - ] apparmor
[ + ] cgroupfs-mount
[ - ] dbus
[ ? ] hwclock.sh
[ - ] procps
[ ? ] ubuntu-fan
When try to run dockerd:
root#5ac21097b6f6:/# dockerd
INFO[2020-04-23T07:01:11.622627006Z] Starting up
INFO[2020-04-23T07:01:11.624389266Z] libcontainerd: started new containerd process pid=154
INFO[2020-04-23T07:01:11.624460438Z] parsed scheme: "unix" module=grpc
INFO[2020-04-23T07:01:11.624477203Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2020-04-23T07:01:11.624532871Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>} module=grpc
INFO[2020-04-23T07:01:11.624560679Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2020-04-23T07:01:11.664827037Z] starting containerd revision= version="1.3.3-0ubuntu1~18.04.2"
ERRO[2020-04-23T07:01:11.664943052Z] failed to change OOM score to -500 error="write /proc/154/oom_score_adj: permission denied"
...
INFO[2020-04-23T07:01:11.816951247Z] stopping event stream following graceful shutdown error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
Not understand why Permission denied if user root.
Install sudo and add root to the group, but it's not help.
apt-get install sudo
usermod -a -G sudo root
- sudo dockerd have the save problem.
How to make work docker inside ubuntu container? Do you have ideas?
ps. I know about docker-in-docker, I need exactly docker inside ubuntu-container
pss. I know about -v /var/run/docker.sock:/var/run/docker.sock - but needed independent the docker service inside ubuntu-container.
When running docker in docker, the container must use the docker engine on your host.
Here is a simple working setup:
1) Create a dockerfile with docker CLI installed. I am using the official compose image, so you also have docker-compose
FROM docker/compose:1.25.5
WORKDIR /app
ENTRYPOINT ["/bin/sh"]
2) When running it, mount the docker sock
$ docker build -t dind .
$ docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock dind
Form within the container, you now have docker. Try running docker ps
If you want to do docker in docker without -v /var/run/docker.sock:/var/run/docker.sock then I am afraid that there is no good way to do this.
Sharing the docker socket from host is the classic way to make docker containers run within another docker container.
I was trying my best to run containers within containers just like you for the past few days. Wasted many hours. So far most of the people advise me to do stuff like using the docker's DIND image which is not applicable for my case, as I need the main container to be Ubuntu OS, or to run some privilege command and map the daemon socket into container, like -v /var/run/docker.sock:/var/run/docker.sock
(Which never ever works for me, or for any Ubuntu OS I tried. Reason being, the main container which is based on Ubuntu OS does not comes with systemd which is important to run docker containers conveniently like a usual local machine)
The solution I found was to use Nestybox on my Ubuntu 20.04 system and it works best. Its also extremely simple to execute, provided your local system is ubuntu (which they support best), as the container runtime are specifically deigned for such application. It also has the most flexible options.
The free edition of Nestybox is perhaps the best method as of Nov 2022. Highly recommends you to try it without bothering all the tedious setup other people suggest. They have many pre-constructed solutions to address such specific needs with a simple command line.
The Nestybox provide special runtime environment for newly created docker container, they also provides some ubuntu/common OS images with docker and systemd in built.
Their goal is to make the main container function exactly the same as a virtual machine securely. You can literally ssh into your ubuntu main container as well without the ability to access anything in the main machine. From your main container you may create all kinds of containers like a normal local system does. That systemd is very important for you to setup docker conveniently inside the container.
One simple common command to execute sysbox:
dock run --runtime=sysbox-runc -it any_image
If you think thats what you are looking for, you can find out more at their github:
https://github.com/nestybox/sysbox
Quicklink to instruction on how to deploy a simple sysbox runtime environment container:
https://github.com/nestybox/sysbox/blob/master/docs/quickstart/README.md
In my use-case, I want to backup a Docker volume using SystemD before docker-daemon is stopped.
I got a working version using Docker 17.03.2. The SystemD service is defined as follows:
[Unit]
Description=Backup some Docker volume
Requires=network-online.target docker.service
After=docker.service
[Service]
Type=oneshot
ExecStop=/bin/sh /var/dobackup.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
The content of /var/dobackup.sh is not that important here. It includes a docker command, which uses a given Docker volume and does a tar on it.
It might be important, that I am running this in the Google cloud compute engine, in a container optimized OS. In special, in milestone 69 (, which includes Docker v17.03.2).
Updating to Docker v18.09.3
Now, I want to update to Docker v18.09.3 (in special, I am updating the running OS to Container Optimized OS milestone 73).
The service from above does not work any more. I get the following error, when my docker-command in /var/dobackup.sh is running:
docker: Error response from daemon: all SubConns are in
TransientFailure, latest connection error: connection error: desc =
"transport: Error while dialing dial
unix:///var/run/containerd/containerd.sock: timeout": unavailable.
The problem is obviously in ContainerD not being available any more. I tried
Requires=network-online.target containerd.service docker.service
without success.
How can I adapt my service to Docker v18.09?
Some users have reported similar issues with containerd.server in previous Docker versions (17.12 and 18.03). The workaround applied was:
killall -9 dockerd
sudo service docker restart
In this link is mentioned a similar error and how users sorted it out the problem after restarting docker service.
Likely this is caused by a containerd/docker integration issue fixed in cos-73-11647-192-0. Could you try it on cos-73-11647-192-0?
we are getting this error while trying to run docker commands. E.g.:
$ docker image ls
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.38/images/json: dial unix /var/run/docker.sock: connect: permission denied
So we followed the steps here but the problem remains. Then we saw this question where it is advised
You have to restart the docker daemon, otherwise it won't let members
of the docker group to control the docker daemon
but are having trouble restarting the service
$ sudo service docker restart
Failed to restart docker.service: Unit docker.service not found.
we are using
$ docker -v
Docker version 18.06.1-ce, build e68fc7a
on
$ uname -a
Linux jnj 4.15.0-1036-azure #38-Ubuntu SMP Fri Dec 7 02:47:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
the docker group has been successfully created and we are member of it
$ grep docker /etc/group
docker:x:1001:siddjain
Also we did log out and log back in. we are able to run docker commands with sudo. Also
$ sudo snap services
Service Startup Current Notes
docker.dockerd enabled active -
can anyone help us?
The solution was to restart docker daemon using snap (since that is how we installed docker)
siddjain#jnj:~$ sudo snap stop docker
Stopped.
siddjain#jnj:~$ snap start docker
error: access denied (try with sudo)
siddjain#jnj:~$ sudo snap start docker
Started.
After that we are able to run docker commands without having to sudo
siddjain#jnj:~$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
siddjain#jnj:~$
Our joy was shortlived as we immediately ran into another error after this one when we tried to run another container.
mkdir /var/lib/docker: read-only file system
To fix it we had to uninstall and reinstall docker again - this time from the official documentation as described here
When I run "docker run -it python:3" in a Ubuntu 18.04.1 LTS server, I got the following error. What does this mean and how do I fix this?
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"process_linux.go:385: running prestart hook 0 caused \\\"fork/exec /usr/bin/dockerd (deleted): no such file or directory\\\"\"": unknown.
Restart docker service.
I was also facing same issue. Solve it by restarting docker service:
sudo systemctl restart docker
Same described here,
https://github.com/moby/moby/issues/29640#issuecomment-273617532
For those of you who might have installed using snap, this will restart all docker services:
sudo snap restart docker
Or, for just the daemon, use:
sudo snap restart docker.dockerd
I am using docker version Docker version 18.09.0, build 4d60db4 in a Ubuntu 16.04 system. I am unable to stop a docker container. My docker image contains a spring boot application. I am using the following command to stop the container:
sudo docker stop 0c6b70fcb25e
And I am getting the following error:
Error response from daemon: cannot stop container: 0c6b70fcb25e:
Cannot kill container 0c6b70fcb25e0b0c55f123853654cd2611e3702fdf5622bd07e12a92efa3df46:
unknown error after kill: runc did not terminate sucessfully:
container_linux.go:393: signaling init process caused "permission denied": unknown
I have tried running docker stop with and without sudo.
Try this:
docker kill --signal=SIGHUP my_container
You can find more information here.
Also, if you are on Linux, AppArmor may prevent stopping the containers. Disable AppArmor temporarily and try to stop the container again. For configuring the AppArmor check this link.
Follow this link. docker on ubuntu 16.04 error when killing container
I used the following commands and it worked.
sudo killall docker-containerd-shim
sudo docker-compose down