I'm trying to have docker container stored in a luks device, but using the below command it is not working.
I'm also trying to have a docker container to use (and maybe open) a luks file as a volume data, but I don't know how to bind it to the container
I have done the following :
pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created
vgcreate vgluks /dev/sdb
Volume group "vgluks" successfully created
lvcreate -l 90%FREE -n lvdocker-data vgluks
WARNING: crypto_LUKS signature detected on /dev/vgluks/lvdocker-data at offset 0. Wipe it? [y/n]: y
Wiping crypto_LUKS signature on /dev/vgluks/lvdocker-data.
Logical volume "lvdocker-data" created.
lvcreate -l 100%FREE -n lvdocker-metadata vgluks
Logical volume "lvdocker-metadata" created.
created a key
dd if=/dev/urandom of=/tmp/key bs=4K count=1
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.00126301 s, 3.2 MB/s
cryptsetup luksFormat --batch-mode --key-file=/tmp/key /dev/vgluks/lvdocker-data
cryptsetup luksFormat --batch-mode --key-file=/tmp/key /dev/vgluks/lvdocker-metadata
cryptsetup luksOpen --key-file=/tmp/key /dev/vgluks/lvdocker-data cryptfs-data
cryptsetup luksOpen --key-file=/tmp/key /dev/vgluks/lvdocker-metadata cryptfs-metadata
formated in ext4
mkfs.ext4 /dev/mapper/cryptfs-data
mkfs.ext4 /dev/mapper/cryptfs-metadata
my docker.service looks like this :
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
ExecStart=/usr/bin/docker daemon -H fd:// $OPTIONS
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
[Install]
WantedBy=multi-user.target
and the /etc/sysconfig/docker is like :
OPTIONS="--storage-driver=devicemapper --storage-opt dm.datadev=/dev/vgluks/lvdocker-data --storage-opt dm.metadatadev=/dev/vgluks/lvdocker-metadata --insecure-registry myregistryhost:443 -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"
The output of systemctl is :
systemctl status -l docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2015-12-23 16:05:28 CET; 25min ago
Docs: https://docs.docker.com
Main PID: 6544 (code=exited, status=1/FAILURE)
Dec 23 16:05:28 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
Dec 23 16:05:28 localhost.localdomain docker[6544]: time="2015-12-23T16:05:28.457356524+01:00" level=warning msg="/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\"
Dec 23 16:05:28 localhost.localdomain docker[6544]: time="2015-12-23T16:05:28.478448525+01:00" level=fatal msg="Error starting daemon: error initializing graphdriver: Error running deviceCreate (CreatePool) dm_task_run failed"
Dec 23 16:05:28 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Dec 23 16:05:28 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
Dec 23 16:05:28 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
Dec 23 16:05:28 localhost.localdomain systemd[1]: docker.service failed.
Related
When I using this script to start docker on CentOS 7.4:
systemctl start docker.service
It shows this error:
[root#ops001 docker]# systemctl start docker.service
JJob for docker.service failed because a configured resource limit was exceeded. See "systemctl status docker.service" and "journalctl -xe" for details.
Then I use this command to check docker status:
systemctl status docker.service -l
It show me like this:
[root#ops001 docker]# systemctl status docker.service -l
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Sun 2020-04-12 21:31:35 CST; 3min 17s ago
Docs: https://docs.docker.com
Apr 12 21:31:33 ops001.example.com systemd[1]: docker.service failed to run 'start' task: No such file or directory
Apr 12 21:31:33 ops001.example.com systemd[1]: Failed to start Docker Application Container Engine.
Apr 12 21:31:33 ops001.example.com systemd[1]: Unit docker.service entered failed state.
Apr 12 21:31:33 ops001.example.com systemd[1]: docker.service failed.
Apr 12 21:31:35 ops001.example.com systemd[1]: docker.service holdoff time over, scheduling restart.
Apr 12 21:31:35 ops001.example.com systemd[1]: Stopped Docker Application Container Engine.
Apr 12 21:31:35 ops001.example.com systemd[1]: start request repeated too quickly for docker.service
Apr 12 21:31:35 ops001.example.com systemd[1]: Failed to start Docker Application Container Engine.
Apr 12 21:31:35 ops001.example.com systemd[1]: Unit docker.service entered failed state.
Apr 12 21:31:35 ops001.example.com systemd[1]: docker.service failed.
where is going wrong? What should I do to make docker work?
I am check the docker service define file vim /usr/lib/systemd/system/docker.service:
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
EnvironmentFile=/run/docker_opts.env
ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
that using file /run/docker_opts.env, but do not find the file in the path. so using this command to generate the file:
/opt/k8s/bin/mk-docker-opts.sh -d /run/docker_opts.env -c
then using this command to start:
systemctl start docker
works.
After I install the docker, I have set the selinux status to Permissive, still can not run docker.
In my /etc/selinux/config, I have edit the SELINUX=disabled.
and setenforce 0, check with:
# getenforce
Permissive
I use systemctl start docker, but failed, get bellow error:
# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 五 2018-06-29 09:05:47 CST; 14s ago
Docs: http://docs.docker.com
Process: 21615 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 21615 (code=exited, status=1/FAILURE)
6月 29 09:05:46 123.xyz systemd[1]: Starting Docker Application Container Engine...
6月 29 09:05:46 123.xyz dockerd-current[21615]: time="2018-06-29T09:05:46.451911058+08:00" level=warning msg="could not ch...found"
6月 29 09:05:46 123.xyz dockerd-current[21615]: time="2018-06-29T09:05:46.453472267+08:00" level=info msg="libcontainerd: ...21626"
6月 29 09:05:47 123.xyz dockerd-current[21615]: time="2018-06-29T09:05:47.463085812+08:00" level=warning msg="overlay2: the back...
6月 29 09:05:47 123.xyz dockerd-current[21615]: Error starting daemon: SELinux is not supported with the overlay2 graph dr...false)
6月 29 09:05:47 123.xyz systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
6月 29 09:05:47 123.xyz systemd[1]: Failed to start Docker Application Container Engine.
6月 29 09:05:47 123.xyz systemd[1]: Unit docker.service entered failed state.
6月 29 09:05:47 123.xyz systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
Why there still says:
Error starting daemon: SELinux is not supported with the overlay2 graph dr...false)
My linux is CentOS 7.2
I find the solution.
in the /etc/sysconfig/docker:
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
set the -selinux-enabled to --selinux-enabled=false.
I mount a hard drive on /mnt/data with mount /dev/vdb /mnt/data
Change default docker folder inside : /etc/docker/daemon.json by
{
"graph": "/mnt/data/docker"
}
Everything work fine.
but after a computer restart :
docker daemon can't restart
I got these error :
$ service docker start
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
and
$ systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Thu 2017-10-05 13:58:58 UTC; 45s ago
Docs: https://docs.docker.com
Process: 5896 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
Main PID: 5896 (code=exited, status=1/FAILURE)
Oct 05 13:58:58 mycomputer systemd[1]: Failed to start Docker Application Container Engine.
Oct 05 13:58:58 mycomputer systemd[1]: docker.service: Unit entered failed state.
Oct 05 13:58:58 mycomputer systemd[1]: docker.service: Failed with result 'exit-code'.
Oct 05 13:58:58 mycomputer systemd[1]: docker.service: Service hold-off time over, scheduling restart.
Oct 05 13:58:58 mycomputer systemd[1]: Stopped Docker Application Container Engine.
Oct 05 13:58:58 mycomputer systemd[1]: docker.service: Start request repeated too quickly.
Oct 05 13:58:58 mycomputer systemd[1]: Failed to start Docker Application Container Engine.
Docker is starting before your non-OS disk (mnt/data/docker) is mounted. You can ask docker to wait for a successful mount before starting docker.
Find the mount, edit your Docker systemd service file to require and wait for the mount before starting.
systemctl list-units --type==mount # Lists all the mounts.
systemctl status <example.mount> # Get details about mount. Find the one which matches your mount directory
sudo nano /lib/systemd/system/docker.service # Edit your systemd service file
Add the <example.mount> name at the end of the "After" and "Requires" row.
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service <example.mount>
Wants=network-online.target
Requires=docker.socket <example.mount>
...
sudo systemctl daemon-reload
sudo systemctl restart docker.service
centos7 via vmware workstation player, and
[root#localhost Desktop]# uname -r
3.10.0-229.14.1.el7.x86_64
first, yum install docker-engine
then, other_args="--selinux-enabled" >> /etc/sysconfig/docker
when service docker start,I got error:
[root#localhost Desktop]# systemctl status docker.service -l
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled)
Active: activating (start) since 日 2015-10-25 19:49:32 PDT; 46s ago
Docs: https://docs.docker.com
Main PID: 14387 (docker)
CGroup: /system.slice/docker.service
└─14387 /usr/bin/docker daemon -H fd://
10月 25 19:49:32 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
10月 25 19:49:32 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
10月 25 19:49:32 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
10月 25 19:49:33 localhost.localdomain docker[14387]: time="2015-10-25T19:49:33.092885953-07:00" level=info msg="[graphdriver] using prior storage driver \"devicemapper\""
10月 25 19:49:33 localhost.localdomain docker[14387]: time="2015-10-25T19:49:33.093697949-07:00" level=info msg="Option DefaultDriver: bridge"
10月 25 19:49:33 localhost.localdomain docker[14387]: time="2015-10-25T19:49:33.093729432-07:00" level=info msg="Option DefaultNetwork: bridge"
10月 25 19:49:33 localhost.localdomain docker[14387]: time="2015-10-25T19:49:33.108983655-07:00" level=warning msg="Running modprobe bridge nf_nat br_netfilter failed with message: modprobe: WARNING: Module br_netfilter not found.\n, error: exit status 1"
who can help me ? thanks.
After executing yum install docker on centos7, I want to start docker by executing service docker start, then i can see the error:
Redirecting to /bin/systemctl start docker.service
Job for docker.service failed. See 'systemctl status docker.service' and 'journalctl -xn' for details.
then I execute systemctl status docker.service -l, then the error is:
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled)
Active: failed (Result: exit-code) since Sun 2015-03-15 03:49:49 EDT; 12min ago
Docs: http://docs.docker.com
Process: 11444 ExecStart=/usr/bin/docker -d $OPTIONS $DOCKER_STORAGE_OPTIONS (code=exited, status=1/FAILURE)
Main PID: 11444 (code=exited, status=1/FAILURE)
Mar 15 03:49:48 localhost.localdomain docker[11444]: 2015/03/15 03:49:48 docker daemon: 1.3.2 39fa2fa/1.3.2; execdriver: native; graphdriver:
Mar 15 03:49:48 localhost.localdomain docker[11444]: [a25f748b] +job serveapi(fd://)
Mar 15 03:49:48 localhost.localdomain docker[11444]: [info] Listening for HTTP on fd ()
Mar 15 03:49:48 localhost.localdomain docker[11444]: [a25f748b] +job init_networkdriver()
Mar 15 03:49:48 localhost.localdomain docker[11444]: [a25f748b] -job init_networkdriver() = OK (0)
Mar 15 03:49:49 localhost.localdomain docker[11444]: 2015/03/15 03:49:49 write /var/lib/docker/init/dockerinit-1.3.2: no space left on device
Mar 15 03:49:49 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 15 03:49:49 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
Mar 15 03:49:49 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
I really have no idea, looking forward to your response, I will be very appreciative!
this error usually occurs because of missing device-mapper-event-libs package.
# yum install device-mapper-event-libs
Thanks for Ben Whaley's advice,When I check my disk space,Indeed it's not enough.I extend my disk space and solve the problem. It's the first time I put forward questions,It's really of help. thanks again.
I upgraded the CentOS 7 kernel from 3 to 4.
NOTE: I upgraded Kernel for other reasons also, first try without upgrading kernel.
delete the folder docker under /var/lib
go to cd /etc/sysconfig
vi docker (before editing copy docker docker.org)
see Line there you find OPTIONS='--selinux-disabled --log-driver=journald'
Remove --selinux-disabled should like OPTIONS='--log-driver=journald'
Now un-comment # setsebool -P docker_transition_unconfined 1 to setsebool -P docker_transition_unconfined 1
reboot the machine or you try only docker start to check for me it works :)