I am writing ansible playbook for the Ansible.Galaxy that will install nginx on any Linux distros.
But I felt to test it with Travis CI and Docker on images that include Systemd. Because SystemD gives an error:
Failed to get D-Bus connection: No connection to service manager.
As you can see https://travis-ci.org/weldpua2008/ansible-nginx/jobs/78864352
There were errors.
So I try to represent it:
~# git clone https://github.com/weldpua2008/ansible-nginx.git
~# cd ansible-nginx
~# docker run -ti --rm=true -v `pwd`:/ansible-nginx:rw centos:7 /bin/bash ^C
~# cd ansible-nginx/
~/ansible-nginx# docker run -ti --rm=true -v `pwd`:/ansible-nginx:rw centos:7 /bin/bash
[root#2f6955a46b42 /]# /ansible-nginx/tests/test-on-rpm.sh
TASK: [ansible-nginx | create document root directory if needed] **************
ok: [localhost]
TASK: [ansible-nginx | Starting nginx service] ********************************
failed: [localhost] => {"failed": true}
msg: no service or tool found for: nginx
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit #/root/test.retry
localhost : ok=5 changed=2 unreachable=0 failed=1
Maybe there isn't this service?
[root#2f6955a46b42 /]# systemctl enable nginx.service
[root#2f6955a46b42 /]# systemctl -t service -a
Failed to get D-Bus connection: No connection to service manager.
[root#2f6955a46b42 /]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
It's how I try to start service in ansible: https://github.com/weldpua2008/ansible-nginx/blob/master/tasks/main-centos.yml#L24
- name: Starting nginx service
service: name=nginx state=started
tags:
- nginx
I tied to solve with https://github.com/docker/docker/issues/7459
This is caused by the fact that Docker (normal "unprivileged") containers don't have the permissions to run systemd (as it wants access to the /sys/fs/cgroup filesystem).
But this is really because Docker containers prefer to run one process, the process you are trying to use them for - think of them as "a Unix process with a bunch of supporting utilities", rather than as "mini-VMs".
You need a simple Dockerfile inheriting from the Centos one, which installs nginx and then has a final CMD as something like:
CMD /usr/sbin/nginx -g "daemon off;"
For tips, here's the official nginx Dockerfile https://github.com/nginxinc/docker-nginx/blob/7f3ef0927ec619d20181e677c97f991df0d7d446/Dockerfile
Related
I have a server with Truenas scale in it. I tried to follow this tutorial.
The concept goes within this lines:
Server: Truenas Scale, vm(ubuntu server) in truenas, docker inside the vm.
The goal is to create docker containers in the vm but use the nfs shared folders to save the data from the containers. Al thought the process is intimidating with a number of nonsense here and there, i manage to deploy the nfs and the vm and make the vm to "talk" to the host machine(truenas) following the guide above.
Truenas:
ip: 192.168.2.144
user:docker(1000)
group:docker(1000)
pool:main
datasheet:docker-vm
shared-path: ":/mnt/main/docker-vm/docker"
VM(Ubuntu):
ip:192.168.2.143
uid:docker(1000)
gid:docker(1000)
The proces to mount the shared path to the VM is:
$ sudo mkdir /nfs
$ sudo mount 192.168.2.144:/mnt/main/docker-vm/docker
$ sudo touch /nfs/hello_world // Output: Permission denied.
To solve this problem we have to do the next step:
After that you have to go to the true nas UI and add the user "docker" as Maproot User and the group "docker" as Maproot Group and the host ip(in this case 192.168.2.143) to the UNIX (NFS) Shares.
After that i am able to:
$ touch /nfs/hello_world
$ ls /nfs //Output : -rw-rw-rw- 1 docker docker 0 Oct 9 12:36 helo_wold
The next step is to create the Portainer container and store the files in the nfs:
$ mkdir /nsf/portainer_data
$ docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v
/var/run/docker.sock:/var/run/docker.sock -v /nfs/portainer_data:/data
portainer/portainer-ce:latest
The docker run command return this error:
docker: Error response from daemon: error while creating mount source path
'/nfs/portainer_data': mkdir /nfs: read-only file system.
I am frustrated cuz i am able to create files and folders to the /nfs as user but the docker can't? I hope i covered the problem enough and someone can help me.
I try to install docker but I cannot start docker daemons. I'm on Debian bullseye.
I was following this tutorial: https://docs.docker.com/desktop/install/debian/
However, when I type the command to start or enable the service I got the following error.
# sudo systemctl --user start docker-desktop
Failed to connect to bus: No file or directory of this type
# sudo systemctl --user enable docker-desktop
Failed to connect to bus: No file or directory of this type
I tried to search docker services with sudo service --status-all but I found none of them.
Does someone have an idea?
2 days I try to run the docker inside an ubuntu container:
docker run -it ubuntu bash
Install docker by instruction of https://docs.docker.com/engine/install/ubuntu/ or/and https://phoenixnap.com/kb/how-to-install-docker-on-ubuntu-18-04
Finally I have installed docker:
root#e65411d2b70a:/# docker -v
Docker version 19.03.6, build 369ce74a3c
But when I try to run docker run hello-world have some problem
root#5ac21097b6f6:/# docker run hello-world
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
In service list not docker:
root#5ac21097b6f6:/# service docker start
docker: unrecognized service
root#5ac21097b6f6:/# service --status-all
[ - ] apparmor
[ + ] cgroupfs-mount
[ - ] dbus
[ ? ] hwclock.sh
[ - ] procps
[ ? ] ubuntu-fan
When try to run dockerd:
root#5ac21097b6f6:/# dockerd
INFO[2020-04-23T07:01:11.622627006Z] Starting up
INFO[2020-04-23T07:01:11.624389266Z] libcontainerd: started new containerd process pid=154
INFO[2020-04-23T07:01:11.624460438Z] parsed scheme: "unix" module=grpc
INFO[2020-04-23T07:01:11.624477203Z] scheme "unix" not registered, fallback to default scheme module=grpc
INFO[2020-04-23T07:01:11.624532871Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>} module=grpc
INFO[2020-04-23T07:01:11.624560679Z] ClientConn switching balancer to "pick_first" module=grpc
INFO[2020-04-23T07:01:11.664827037Z] starting containerd revision= version="1.3.3-0ubuntu1~18.04.2"
ERRO[2020-04-23T07:01:11.664943052Z] failed to change OOM score to -500 error="write /proc/154/oom_score_adj: permission denied"
...
INFO[2020-04-23T07:01:11.816951247Z] stopping event stream following graceful shutdown error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
Not understand why Permission denied if user root.
Install sudo and add root to the group, but it's not help.
apt-get install sudo
usermod -a -G sudo root
- sudo dockerd have the save problem.
How to make work docker inside ubuntu container? Do you have ideas?
ps. I know about docker-in-docker, I need exactly docker inside ubuntu-container
pss. I know about -v /var/run/docker.sock:/var/run/docker.sock - but needed independent the docker service inside ubuntu-container.
When running docker in docker, the container must use the docker engine on your host.
Here is a simple working setup:
1) Create a dockerfile with docker CLI installed. I am using the official compose image, so you also have docker-compose
FROM docker/compose:1.25.5
WORKDIR /app
ENTRYPOINT ["/bin/sh"]
2) When running it, mount the docker sock
$ docker build -t dind .
$ docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock dind
Form within the container, you now have docker. Try running docker ps
If you want to do docker in docker without -v /var/run/docker.sock:/var/run/docker.sock then I am afraid that there is no good way to do this.
Sharing the docker socket from host is the classic way to make docker containers run within another docker container.
I was trying my best to run containers within containers just like you for the past few days. Wasted many hours. So far most of the people advise me to do stuff like using the docker's DIND image which is not applicable for my case, as I need the main container to be Ubuntu OS, or to run some privilege command and map the daemon socket into container, like -v /var/run/docker.sock:/var/run/docker.sock
(Which never ever works for me, or for any Ubuntu OS I tried. Reason being, the main container which is based on Ubuntu OS does not comes with systemd which is important to run docker containers conveniently like a usual local machine)
The solution I found was to use Nestybox on my Ubuntu 20.04 system and it works best. Its also extremely simple to execute, provided your local system is ubuntu (which they support best), as the container runtime are specifically deigned for such application. It also has the most flexible options.
The free edition of Nestybox is perhaps the best method as of Nov 2022. Highly recommends you to try it without bothering all the tedious setup other people suggest. They have many pre-constructed solutions to address such specific needs with a simple command line.
The Nestybox provide special runtime environment for newly created docker container, they also provides some ubuntu/common OS images with docker and systemd in built.
Their goal is to make the main container function exactly the same as a virtual machine securely. You can literally ssh into your ubuntu main container as well without the ability to access anything in the main machine. From your main container you may create all kinds of containers like a normal local system does. That systemd is very important for you to setup docker conveniently inside the container.
One simple common command to execute sysbox:
dock run --runtime=sysbox-runc -it any_image
If you think thats what you are looking for, you can find out more at their github:
https://github.com/nestybox/sysbox
Quicklink to instruction on how to deploy a simple sysbox runtime environment container:
https://github.com/nestybox/sysbox/blob/master/docs/quickstart/README.md
I try to connect Docker-container with inner-resource by Unit-socket.
For this purpose I add to Dockerfile the following command:
RUN -v /var/run/docker.sock:/var/run/postgresql/.s.PGSQL.5432
But on the stage of docker build I receive: /bin/sh: illegal option -
ERROR: Service 'webapp' failed to build: The command '/bin/sh -c -v /var/run/docker.sock:/var/run/postgresql/.s.PGSQL.5432' returned a non-zero code: 2
What am I doing wrong?
RUN instruction in a Dockerfile is used to run a command inside container during build, not to run your container. Refer to it's documentation.
To make a Unix socket available inside your container, specify a bind mount when you start the container:
docker run -v /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432 yourapp:latest
This will make /var/run/postgresql/.s.PGSQL.5432 socket on your host available inside the container.
You may also specify different host and container path:
docker run -v /var/run/postgresql/.s.PGSQL.5432:/tmp/postgresql yourapp:latest
Note: /var/run/docker.sock is used to communicate with Docker
daemon. Be careful with it, since access to Docker daemon provides root access to your machine.
I have a Red Hat machine on an AWS cloud. I installed Ansible and Docker (experimental version as the community edition cannot be installed now on Red Hat). Now I am runnig a simple command to check whether Docker works:
ansible local -m shell -a "docker pull hello-world"
I'm getting the following error:
localhost | FAILED | rc=1 >>
Using default tag: latest
Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon. Is the docker daemon running on this host?). Using system default: https://index.docker.io/v1/Cannot connect to the Docker daemon. Is the docker daemon running on this host?
When I use
sudo ansible local -m shell -a "docker pull hello-world"
localhost | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
I have tested Ansible by copying a file into local host and it works fine whereas with Docker I'm facing this issue. Is there anything I am missing or anything that needs to be setup for Docker's experimental version?
You don't want to run ansible through sudo but tell ansible that it should run the command using sudo. That can be done by adding the -s flag
ansible local -s -m shell -a "docker pull hello-world"