docker-machine boot2docker root password - docker

Haven't found an answer anywhere... I created a VM (boot2docker) using docker-machine. I need to edit some files using root.
What is the root password in boot2docker?

If you only have a single docker machine, you simply do:
$ docker-machine ssh
If you have multiple machines, you need to find your "machine name" first:
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default * virtualbox Running tcp://192.168.99.101:2376 v1.10.2
From the above, you can see that default is the name of your machine and you can ssh as follows:
$ docker-machine ssh default
When you're in, it's a simple case of sudo-ing to root
docker#default:~$ sudo -i
Boot2Docker version 1.10.2, build master : 611be10 - Mon Feb 22 22:47:06 UTC 2016
Docker version 1.10.2, build c3959b1
root#default:~#
Edited: Also, as #MediaVince mentioned you can use the following credentials:
user: docker
pwd: tcuser

just type
$ docker-machine ssh your_environment
and then to be root
$ sudo -i
hope it helps

Login via ssh as docker user:
$ ssh docker#<docker-machine-ip>
Password: tcuser
Then you can change on root user, just run sudo su root

Ok the key was not to do "su root" but rather "su sudo". It then doesn't ask for root password.

Related

minikube does not start on ubuntu 20.04 LTS. Exiting due to GUEST_PROVISION

I am trying to setup minikube in a VM with ubuntu desktop 20.04 LTS installed, using docker driver.
I've followed the steps here, and also taken into consideration the limitations for the docker driver (reported here), that have to do with runtime security options. And when I try to start minikube the error I get is : Failed to start host: creating host: create: creating: prepare kic ssh: copying pub key.
This is what I have done to have my brand new VM with minikube installed.
Install docker
Add my user to the docker group, otherwise minkube start would fail because dockerd runs as root (aka Rootless mode in docker terminology).
Install kubectl (that is not necessary, but I opted for this instead of the embedded kubectl in minikube)
Install minikube
When I start minikube, this is what I get:
ubuntuDesktop:~$ minikube start
😄 minikube v1.16.0 on Ubuntu 20.04
✨ Using the docker driver based on user configuration
👍 Starting control plane node minikube in cluster minikube
🔥 Creating docker container (CPUs=2, Memory=4500MB) ...
✋ Stopping node "minikube" ...
🛑 Powering off "minikube" via SSH ...
🔥 Deleting "minikube" in docker ...
🤦 StartHost failed, but will try again: creating host: create: creating: prepare kic ssh: copying pub key: docker copy /tmp/tmpf-memory-asset051825440 into minikube:/home/docker/.ssh/authorized_keys, output: lstat /tmp/tmpf-memory-asset051825440: no such file or directory
: exit status 1
🔥 Creating docker container (CPUs=2, Memory=4500MB) ...
😿 Failed to start docker container. Running "minikube delete" may fix it: creating host: create: creating: prepare kic ssh: copying pub key: docker copy /tmp/tmpf-memory-asset544814591 into minikube:/home/docker/.ssh/authorized_keys, output: lstat /tmp/tmpf-memory-asset544814591: no such file or directory
: exit status 1
❌ Exiting due to GUEST_PROVISION: Failed to start host: creating host: create: creating: prepare kic ssh: copying pub key: docker copy /tmp/tmpf-memory-asset544814591 into minikube:/home/docker/.ssh/authorized_keys, output: lstat /tmp/tmpf-memory-asset544814591: no such file or directory
: exit status 1
😿 If the above advice does not help, please let us know:
👉 https://github.com/kubernetes/minikube/issues/new/choose
I suspect that the error has to do with the security settings issues with the docker driver, but this seems to be like a dog chasing its tail: if I don't use rootless mode in docker and I attempt to start minikube with sudo (so that docker can also start up with a privileged user), then I get this:
ubuntuDesktop:~$ sudo minikube start
[sudo] password for alberto:
😄 minikube v1.16.0 on Ubuntu 20.04
✨ Automatically selected the docker driver. Other choices: virtualbox, none
🛑 The "docker" driver should not be used with root privileges.
💡 If you are running minikube within a VM, consider using --driver=none:
📘 https://minikube.sigs.k8s.io/docs/reference/drivers/none/
❌ Exiting due to DRV_AS_ROOT: The "docker" driver should not be used with root privileges.
So, or either I am missing something or minikube doesn't work at all with docker driver, which I doubt.
Here is my environment info:
ubuntuDesktop:~$ docker version
Client:
Version: 19.03.11
API version: 1.40
Go version: go1.13.12
Git commit: dd360c7
Built: Mon Jun 8 20:23:26 2020
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 19.03.11
API version: 1.40 (minimum version 1.12)
Go version: go1.13.12
Git commit: 77e06fd
Built: Mon Jun 8 20:24:59 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit:
docker-init:
Version: 0.18.0
GitCommit: fec3683
ubuntuDesktop:~$ minikube version
minikube version: v1.16.0
commit: 9f1e482427589ff8451c4723b6ba53bb9742fbb1-dirty
If someone has minikube working on ubuntu 20.04 and could share versions and driver, I would appreciate. with the info in minikube and docker sites I don't know what else to check to make this work.
Solution:
As I mentioned in my comment you may just need to run:
docker system prune
then:
minikube delete
and finally:
minikube start --driver=docker
This should help.
Explanation:
Although as I already mentioned in my comment, it's difficult to say what was the issue in your specific case, such situation may happen as a consequence of previous unseccessful attempt to run your Minikube instance.
It happens sometimes also when different driver is used and it is run as a VM and basically deleting such VM may help. Usually running minikube delete && minikube start is enough.
In this case, when --driver=docker is used, your Minikube instance is configured as a container in your docker runtime but apart from container itself other things like networking or storage are configured.
docker system prune command removes all unused containers, networks, images (both dangling and unreferenced), and optionally, volumes. So what we can say for sure it was one of the above.
Judging by the exact error message:
❌ Exiting due to GUEST_PROVISION: Failed to start host: creating host: create: creating: prepare kic ssh: copying pub key: docker copy /tmp/tmpf-memory-asset544814591 into minikube:/home/docker/.ssh/authorized_keys, output: lstat /tmp/tmpf-memory-asset544814591: no such file or directory
: exit status 1
I guess it could be simply clearing some cached data that helped in your case and removing broken references to non-existing files. The above message explains quite clearly what couldn't be done, namely docker couldn't copy a public ssh key to the destination minikube:/home/docker/.ssh/authorized_keys as the source file /tmp/tmpf-memory-asset544814591, it attempted to copy it from, simply didn't exist. So it's actually very simple to say what happend but to be able to tell why it happened might require diving a bit deeper in both Docker and Minikube internals and analyze step by step how Minikube instance is provisioned when using --driver=docker.
It's a good point that you may try to analyze your docker logs but I seriously doubt that you will find there the exact reason why non-existing temporary file /tmp/tmpf-memory-asset544814591 was referenced or why it didn't exsist.
minikube start --force --driver=docker fixed it for me
The issue is that the docker driver should not be used with root privileges. And by default, the docker daemon always runs as the root user. To run the docker daemon not as root user, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.
Run the following commands to fix this issue
Create the docker group if not exist
sudo groupadd docker
Add user to the docker group
sudo usermod -aG docker [user]
To activate changes to the group
newgrp docker
start minikube cluster
minikube start
This worked for me
minikube start --driver=docker --container-runtime=containerd
if you use Linux Desktop OS with docker and minikube already installed, just run
sudo usermod -aG docker $USER
and restart your computer.
It worked for me.
I was running into the same issue when I attempted to install Minikube on an Ubuntu 20.04 system.
The "docker system prune" didn't help in my case, but I figured out the cause for my issue was that /var was mounted with the nosuid option and I had to remove that and remount /var. The minikube cluster initialization then worked.
I might be too ignorant but I didn't find that info stated as a requirement.
Restarting my mac helped me.
I was getting below error earlier:
❌ Exiting due to DRV DOCKER NOT RUNNING: Found docker, but the docker service isn't running. Try restarting the docker service.
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo systemctl enable docker
systemctl status docker
sudo systemctl start/stop docker
sudo groupadd docker
sudo usermod -aG docker user_name --- to add the user to docker group.
newgrp docker -- to activate the grp
minikube start or minikube start --driver=docker ---to start minikube
On my Raspberry Pi this problem was resolved with:
sudo usermod -aG docker $USER && newgrp docker
Try the following:
minikube delete
Then try to delete all docker images with name like k8s... and minikube:
docker rmi <container id> <container id2> <container id3>
Finally:
minikube start
On my end just a docker system prune did the job (Ubuntu).
I had a few configurations I did not want to lose on my minikube profile and it recreated the container accordinlgy and booted fine.
So before the minikube profile deletion it is something to try first.
It's worth checking to see if it's running in Docker desktop on a Mac. If it is then run the kubectl command. If that returns the commands screen then you're good to go.

Error Connecting to Docker hub

I have created a docker hub account and trying to connect on it to push an image. I am getting the following error:
>>>docker login -u <username> -p <password>
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I run this and i got the following message:
>>>curl https://registry-1.docker.io/v2/
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
Also:
>>> env | grep -i proxy
gave no result(means that i dont have proxy settings??)
>>> docker version
Client:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built: Wed Oct 26 22:01:48 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built: Wed Oct 26 22:01:48 2016
OS/Arch: linux/amd64
Any idea how to overpass that?
Modified DNS server setting to 8.8.8.8 and it worked.
In my case (Ubuntu 16.04, Docker 18.01.0), I could solve it by setting the proxy like below.
$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ sudo vi /etc/systemd/system/docker.service.d/http_proxy.conf
[Service]
Environment="HTTP_PROXY=http://<your_proxy_ip>:<your_proxy_port>/"
$ sudo vi /etc/systemd/system/docker.service.d/https_proxy.conf
[Service]
Environment="HTTPS_PROXY=http://<your_proxy_ip>:<your_proxy_port>/"
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
This issue sometimes reoccurs randomly on docker:
If you get this error and are not blocked by a proxy, perform the following steps:
Restart docker-machine
docker-machine restart default
Reset to default env
eval $(docker-machine env default)
If you try again, you may find that everything just works fine.
If you are in Linux. You can change nameserver in /etc/resolv.conf.
Set the nameserver to 8.8.8.8.
Restart the docker demon. sudo systemctl restart docker.
I have the same issue and then resolved the issue by configured the docker environment http_proxy, because i'm behind a corp proxy:
https://docs.docker.com/engine/admin/systemd/#http-proxy
I faced the same issue for win 10 pro. After both changes, I was able to log-in and pull images.
If you want to use windows as a container. Right-click docker whale icon and -> switch to windows container.
If you want to use Linux as a container. (Your machine must have a
password for login)
Right-click docker whale icon and -> switch to Linux container.
Go to Settings click shared drives and select D or C or both.
Enter the windows user password and save changes.
Mac High Sierra / Docker 18:
In my case I had to sign out my Docker User (directly in the Docker menu).
I just switched from Mac to corporate Windows 10 machine, so getting to the Docker GUI was not obvious, I had to expand the carret ("^"), then right click on Docker icon:
I chose Settings in the right click menu to bring up the Docker GUI. In the Docker GUI, I clicked on Proxies and added the (actual) address of my company proxy:
Also of note, I was able to login to our internal repository and Docker Hub so that I could pull images from both places - so my config.json file looked (something) like this:
{
"auths": {
"company.internal.rep.com:9000": {},
"https://index.docker.io/v1/": {}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.2 (windows)"
},
"credsStore": "wincred"
}
I had the same issue. My solution was to specify the correct repository parameter. I've registered at hub.docker.com. So I've added it as parameter to docker login command:
docker login -u username -p password hub.docker.com
If you still have an error, please check that it is not a network issue with your proxy by using the following command:
curl -I -x PROXY_USERID:PROXY_PASSWORD#YOUR_PROXY:PROXY_PORT http://google.com
As well I've used ip address instead of host name to specify my proxy to exclude DNS errors.
If you got error with curl, then you need configure docker http_proxy and https_proxy.
Docker 18 / Windows 10:
In Settings > Network > DNS Sever - Select fixed and enter your DNS Server IP.
In Docker settings -> Network, I switched the DNS Server setting to "Fixed" as in the screenshot below and it worked!
In Linux (Ubuntu)
Edit network interface
nano /etc/network/interfaces
Replace dns-nameservers some_ip_address to dns-nameservers 8.8.8.8
dns-nameservers 8.8.8.8
Restart networking
sudo systemctl restart networking
Note: If google dns (dns-nameservers 8.8.8.8
) is not working use open dns (dns-nameservers 208.67.222.222)
I got the same issue, i just restarted the docker service and it works fine for me
$ sudo service docker restart
$ docker login
Open the docker whale icon and restart docker.
There's no proxy in my setup so this was resolved with a simple docker restart. This can be done easily via cli or gui
Define in your host operating system's network configuration a standard gateway for the docker adapter and also one for DNS. This solved the problem for me.

How to modify the `--registry-mirror` of a running docker machine?

We can create a docker machine with --registry-mirror, e.g.:
docker-machine create -d virtualbox --engine-registry-mirror http://111222.m.daocloud.io mymachine
We will find the mirror url is in the boot2docker if we logged into the machine:
$ docker-machine ssh mymachine
$ cat /mnt/sda1/var/lib/boot2docker/profile
EXTRA_ARGS='
--label provider=virtualbox
--registry-mirror http://111222.m.daocloud.io
'
CACERT=/var/lib/boot2docker/ca.pem
DOCKER_HOST='-H tcp://0.0.0.0:2376'
DOCKER_STORAGE=aufs
DOCKER_TLS=auto
SERVERKEY=/var/lib/boot2docker/server-key.pem
SERVERCERT=/var/lib/boot2docker/server.pem
And it will use this mirror when pulling images.
But how to change the mirror after the machine is created?
I tried to midify this boot2docker/profile file, but it seems not take effect. How to do it?
After modifying boot2docker/profile, you need to restart the daemon (or the VM).
A command like docker-machine ssh mymachine sudo /etc/init.d/docker restart ought to be enough, but if not, just restart the VM (docker-machine restart mymachine) and your change should take.

allow insecure registry in host provisioned with docker-machine

Is there anyway to configure --allow-insecure-ssl for docker's deamon created with docker-machine.
commands:
docker-machine create --driver virtualbox dev
eval "$(docker-machine env dev)"
docker run myregistry:5000/busybox:latest echo 'hello world'
output:
Unable to find image 'myregistry:5000/busybox:latest' locally
2015/06/04 16:54:17 Error: v1 ping attempt failed with error: Get
https://myregistry:5000/v1/_ping: EOF. If this private
registry supports only HTTP or HTTPS with an unknown CA certificate,
please add `--insecure-registry myregistry:5000` to the
daemon's arguments. In the case of HTTPS, if you have access to the
registry's CA certificate, no need for the flag; simply place the CA
certificate at /etc/docker/certs.d/myregistry:5000/ca.crt
If you are running docker-machine version v0.2 stable, you can't set docker option in light way. But in next version v0.3 this problem was resolved with the creation parameters.
At this moment this feature it's on RC1,then you can use a version v0.3.0-RC-1 or wait for delivery the next stable version v0.3.0(tentatively Jun.16).
Then use parameter --engine-insecure-registry to set --allow-insecure-ssl for docker's daemon, for example:
docker-machine create --driver virtualbox --engine-insecure-registry myregistry:5000 dev
After that you can execute:
docker run myregistry:5000/busybox:latest echo 'hello world'
Additionally you can read about it on project doc.
If you want to add insecure registries to a docker-machine that is already created you can update the profile in the running docker VM.
Steps
SSH into your local docker VM.
note: if 'default' is not the name of your docker machine then substitute 'default' with your docker machine name
$ docker-machine ssh {machineName}
Open Docker profile
$ sudo vi /var/lib/boot2docker/profile
Add this line to the bottom of the profile file. If EXTRA_ARGS already exists, add the insecure registry flag to the EXTRA_ARGS. Substitute in the path[s] to your registries.
EXTRA_ARGS="
--insecure-registry myserver.pathTo.registry1:5000
--insecure-registry myserver.pathTo.registry2:5000
--insecure-registry myserver.pathTo.registry3:5000
"
Save the profile changes and 'exit' out of the docker-machine bash back to your machine. Then Restart Docker VM substituting in your docker-machine name
$ docker-machine restart {machineName}
Pull or push something from your registry to ensure it works
My Setup
docker-machine version : 0.6.0, build e27fb87
docker-machine driver : virtualbox
In case you want to add another registry once your docker-machine has already been created you will have to edit the configuration file:
vim ~/.docker/machine/machines/dev/config.json
Explained here: https://akrambenaissi.com/2015/11/17/addingediting-insecure-registry-to-docker-machine-afterwards/
env :
docker daemon :1.12.3
docker client :1.12.2
docker api :1.24
docker-machine :0.8.2
Before create machine
you can use the args to set one or multi insecure registry and registry mirrors .eg:
one registry
docker-machine create -d virtualbox --engine-insecure-registry hostname:5000 --engine-registry-mirror http://hostname:5000 n1
multi registrys
docker-machine create -d virtualbox --engine-insecure-registry hostname:5000 --engine-insecure-registry hostname:5001 --engine-registry-mirror http://hostname:5000 n1
After create the machine
you can edit the /var/lib/boot2docker/profile to add the registrys and mirrors
docker-machine ssh [machine-name]
vi /var/lib/boot2docker/profile
add the registry and mirrors to the EXTRA_ARGS
EXTRA_ARGS='
--label provider=virtualbox
--insecure-registry hostname:5000
--insecure-registry hostname:5001
--registry-mirror http://hostname:5000
--registry-mirror http://hostname:5001
now you need to restart the machine and check it
docker-machine restart [machine-name]
docker info
this method doesn`t work after create the machine
edit $USER/.docker/machine/machines/default/config.json
"EngineOptions": {
"InsecureRegistry": [
"XXX.XXX.virtual"
],
}
edit $USER/.docker/machine/machines/default/config.json
"EngineOptions": {
"InsecureRegistry": [
"XXX.XXX.virtual"
],
}

Docker daemon config file on boot2docker / docker-machine / Docker Toolbox

Where can I find docker daemon config file on boot2docker machine?
According to this topic: Dockerfile: Docker build can't download packages: centos->yum, debian/ubuntu->apt-get behind intranet
I want to set '--dns' in DOCKER_OPTS, but I can't find this config file either at /etc/default or anywhere else.
Inside boot2docker (boot2docker ssh) / docker-machine (docker-machine ssh default) , open or create the file /var/lib/boot2docker/profile and add the following line:
EXTRA_ARGS="--dns 192.168.1.145"
Also works for:
EXTRA_ARGS="--insecure-registry myinternaldocker"
After the change you need to restart the docker daemon:
sudo /etc/init.d/docker restart
Or leave boot2docker / docker-machine and restart the entire virtual machine:
boot2docker restart
# for docker machine
docker-machine restart default
Information taken from: https://groups.google.com/d/msg/docker-user/04pAX57WQ7g/_LI-z8iknxYJ
If you are using a mac you have to go to a fresh terminal and run:
boot2docker ssh
This will open a new terminal, from there you have to edit or create a file
sudo vi /var/lib/boot2docker/profile
and add the DNS that you would like to add, for example:
DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4"
After that you need to restart boot2docker. Here I had some issues at the beginning so I close everything and run in a terminal:
boot2docker down
boot2docker up
you can also use:
boot2docker restart
I had to do it twice. After that I started again using the normal boot2docker icon and everything worked.
If you want to script things, you can do these steps on one ugly line:
boot2docker ssh 'sudo sh -c "echo \"EXTRA_ARGS=\\\"--dns 1.2.3.4\\\"\" > /var/lib/boot2docker/profile && sudo /etc/init.d/docker restart"'

Resources