Error starting Docker container (WSL, docker-ce, Ubuntu 16.04) - ubuntu-16.04

Microsoft Windows [Version 10.0.17134.285],
Ubuntu 16.04 (WSL),
docker-ce (stable)
I am following the instructions here - https://nickjanetakis.com/blog/setting-up-docker-for-windows-and-wsl-to-work-flawlessly. I opted for "stable" rather than "edge". I mounted the c drive mapping manually with
sudo mkdir /c
sudo mount --bind /mnt/c /c
rather than the WSL config file way, because I wasn't sure if I wanted it for ALL my WSL instances. Other than that, I followed the instructions.
I have started the Docker daemon with
sudo cgroupfs-mount
sudo dockerd -H tcp://0.0.0.0:2375 --tls=false
When I try to start my container with
docker run -d -p 27017:27017 --name testDB mongo:3.4
I get
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:46: preparing rootfs caused \\\"invalid argument\\\"\"": unknown.
and I cannot connect to the MongoDB on the container using localhost:27017.
docker ps -a
shows
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e115d1c409a3 mongo:3.4 "docker-entrypoint.s…" 6 seconds ago Created 0.0.0.0:27017->27017/tcp testDB
and
docker info
shows
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Kernel Version: 4.4.0-17134-Microsoft
Operating System: Ubuntu 16.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.9GiB
Name: DESKTOP-4F100D9
ID: EFH2:O3RT:3OO4:27P5:ZNK7:N5JW:WE5M:4VSK:QREN:YCV4:GSYG:ZDTR
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory limit support
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No cpu shares support
WARNING: No cpuset support
Any ideas what I did wrong and how to fix it?
(I need to run Docker under Linux(WSL) - I cannot use Docker for Windows because we are using VirtualBox, and Hyper-V is disabled)

Currently, you cannot use docker daemon directly from WSL. There are several issues, mostly with networking. It works only for simple images like hello world (Reddit topic)
What you can do, is connect from WSL to docker daemon in windows. So following the tutorial, you mentioned is fine, but if you're running it with VirtualBox you have to either start default machine or create and start a new one. This docker machine will be your daemon.
By default docker-machine command is not working correctly in WSL, but you can make it works by putting this code to e.g. ~/.bashrc file
# Ability to run docker-machine command properly from WSL
function docker-machine()
{
if [ $1 == "env" ]; then
docker-machine.exe $1 $2 --shell bash | sed 's/C:/\/c/' | sed 's/\\/\//g' | sed 's:#.*$::g' | sed 's/"//g'
printf "# Run this command to configure your shell:\n"
printf "# eval \"\$(docker-machine $1 $2)\"\n"
else
docker-machine.exe "$#"
fi
}
export -f docker-machine
After running source ~/.bashrc or reopening the bash you can run:
docker-machine start default - will start machine
eval $(docker-machine env default) - will connect your bash session to the machine
and then you should be able to run all the docker stuff like
docker ps
docker run -it alpine sh
docker build
etc
The docker machine will run until you either stop it or you shut down your PC. If you open a new bash session (window), you have to run just eval $(docker-machine env default) in order to connect your new session to the machine.
Hope it helps. :)

This is a simple solution which is to use Docker on windows in WSL instead.
Just add the following to your WSL .bashrc file.
export PATH="$HOME/bin:$HOME/.local/bin:$PATH"
export PATH="$PATH:/mnt/c/Program\ Files/Docker/Docker/resources/bin"
alias docker=docker.exe
alias docker-compose=docker-compose.exe
Reference: https://blog.jayway.com/2017/04/19/running-docker-on-bash-on-windows/

Related

selinux not working under containerd with selinux-enable=true

I have two k8s cluster, one using docker and another using containerd directly, both with selinux enabled.
but I found selinux not actually working on the containerd one, although this two cluster have the same version of containerd and runc.
did i miss some setting with containerd?
docker: file label is container_file_t, and process runs as container_t, selinux works fine
K8s version: 1.17
Docker version: 19.03.6
Containerd version: 1.2.10
selinux enable by adding ["selinux-enabled": true] to /etc/docker/daemon.json
// create pod using tomcat official image then check the process and file label
# kubectl exec tomcat -it -- ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:container_t:s0:c655,c743 1 ? 00:00:00 java
# ls -Z /usr/local/openjdk-8/bin/java
system_u:object_r:container_file_t:s0:c655,c743 /usr/local/openjdk-8/bin/java
containerd: file label is container_var_lib_t, and process runs as spc_t, selinux makes no sense
K8s version: 1.15
Containerd version: 1.2.10
selinux enable by setting [enable_selinux = true] in /etc/containerd/config.toml
// create pod using tomcat official image then check the process and file label
# kubectl exec tomcat -it -- ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:spc_t:s0 1 ? 00:00:00 java
# ls -Z /usr/local/openjdk-8/bin/java
system_u:object_r:container_var_lib_t:s0 /usr/local/openjdk-8/bin/java
// seems run as spc_t is correct
# sesearch -T -t container_var_lib_t | grep spc_t
type_transition container_runtime_t container_var_lib_t : process spc_t;
From this issue we can read:
Containerd includes minimal support for SELinux. More accurately, it
contains support to run ON systems using SELinux, but it does not make
use of SELinux to improve container security.
All containers run with the
system_u:system_r:container_runtime_t:s0 label, but no further
segmentation is made
There is no full support for what you are doing using Containerd. Your approach is correct but the problem is lack of support to this functionality.

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:

I tried this
docker run --rm -it -p 2181:2181 -p 8081:8081 -p 8082:8082 -p 8083:8083 -p 9092:9092 -e ADV_HOST=127.0.0.1 landoop/fast-data-dev
I got error
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
I have checked if daemon is running
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since уто 2018-01-23 10:52:50 CET; 2h 14min ago
Docs: https://docs.docker.com
Main PID: 11082 (dockerd)
This is my /etc/default/docker
# Customize location of Docker binary (especially for development testing).
#DOCKERD="/usr/local/bin/dockerd"
# Use DOCKER_OPTS to modify the daemon startup options.
#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"
# This is also a handy place to tweak where Docker's temporary files go.
#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp"
How to edit docker_opts to solve the problem I have?
Try adding your user to the docker group:
Run usermod -aG docker "${USER}", then
either log out and log back in, or run newgrp docker.
After this you have to restart your docker daemon: sudo service docker restart.
If you are running on an Azure virtual machine or similar, try running the Docker command with sudo, e.g.:
sudo tensorflow/tools/ci_build/ci_build.sh CPU bazel test //tensorflow/...

CentOS with Systemd on Docker

I am actually working on automated testing of my playbooks with Gitlab-CI, Ubuntu is working very well and getting no issues.
The Problem actually I have is with CentOS and Systemd, first of all the Playbook ( installing Postgres 9.5 inside CentOS7):
- name: Ensure PostgreSQL is running
service:
name: postgresql-9.5
state: restarted
ignore_errors: true
when:
- ansible_os_family == 'RedHat'
so, and this is what I get if i want to start postgres inside the container:
Failed to get D-Bus connection: Operation not permitted\nFailed to get D-Bus connection: Operation not permitted\nFailed to get D-Bus connection: Operation not permitted\nFailed to get D-Bus connection: Operation not permitted\nFailed to get D-Bus connection: Operation not permitted\n
I already had to run the Container in privileged mode, with c-groups and anything else. Already tried differend Docker Containers but nothing is working.
When using docker, i think it would be better just use postgres to start the server.
Command like
postgres -D /opt/postgresql/data/ > /var/log/postgresql/pg_server.log 2>&1 &
When you use docker, you don't have a fully functional systemd.
You can use the solution suggested by #KJocker to make a postgresql functional container. Or instead you can configure systemd to work inside the container here is a document check
I had the same thing when using Ansible on a Docker container.... and I have written a docker-systemctl-replacement for that. It works for PostgreSQL - no need to change the Ansible script, it can stay that way for a deployment on a real machine.
Edit the conf of your gitlab runner instance /etc/gitlab-runner/config.toml
From :
[runners.docker]
privileged = false
volumes = ["/cache"]
To :
[runners.docker]
privileged = true
volumes = ["/sys/fs/cgroup:/sys/fs/cgroup:ro", "/cache"]
Add :
[runners.docker.tmpfs]
"/run" = "rw"
"/tmp" = "rw"
[runners.docker.services_tmpfs]
"/run" = "rw"
"/tmp" = "rw"
Restart gitlab-runner.
On your docker image, edit getty tty1 service to permit autologin of user root after systemd boot up
sed -e 's|/sbin/agetty |/sbin/agetty -a root |g' -i /etc/systemd/system/getty.target.wants/getty\#tty1.service
Use that docker image in image name section of .gitlab-ci.yml and add the following to start systemd. Do not edit entrypoint
script:
- /lib/systemd/systemd --system --log-target=kmsg &
- sleep 5
- systemctl start postgresql-9.5

What is the difference between docker-machine and docker-compose?

I think I don't get it. First, I created docker-machine:
$ docker-machine create -d virtualbox dev
$ eval $(docker-machine env dev)
Then I wrote Dockerfile and docker-compose.yml:
FROM python:2.7
ENV PYTHONUNBUFFERED 1
RUN mkdir /code
WORKDIR /code
ADD requirements.txt /code/
RUN pip install -r requirements.txt
ADD . /code/
version: '2'
services:
db:
image: postgres
web:
build: .
restart: always
command: python manage.py runserver 0.0.0.0:8000
volumes:
- .:/code
ports:
- "8000:8000"
links:
- db
Finally, I built and started the image:
$ docker-compose build --no-cache
$ docker-compose start
I checked ip of my virtual machine
$ docker-machine ip dev
and successfully opened the site in my browser. But when I made some changes in my code - nothing happened. So I logged to the "dev" machine:
$ docker-machine ssh dev
and I didn't find my code! So I logged to the docker "web" image:
$ docker exec -it project_web_1 bash
and there was a code, but unchanged.
What is the docker-machine for? What is the sense? Why docker doesn't syncing files after changes? It looks like docker + docker-machine + docker-compose are pain in the a...s for local development :-)
Thanks.
Docker is the command-line tool that uses containerization to manage multiple images and containers and volumes and such -- a container is basically a lightweight virtual machine. See https://docs.docker.com/ for extensive documentation.
Until recently Docker didn't run on native Mac or Windows OS, so another tool was created, Docker-Machine, which creates a virtual machine (using yet another tool, e.g. Oracle VirtualBox), runs Docker on that VM, and helps coordinate between the host OS and the Docker VM.
Since Docker isn't running on your actual host OS, docker-machine needs to deal with IP addresses and ports and volumes and such. And its settings are saved in environment variables, which means you have to run commands like this every time you open a new shell:
eval $(docker-machine env default)
docker-machine ip default
Docker-Compose is essentially a higher-level scripting interface on top of Docker itself, making it easier (ostensibly) to manage launching several containers simultaneously. Its config file (docker-compose.yml) is confusing since some of its settings are passed down to the lower-level docker process, and some are used only at the higher level.
I agree that it's a mess; my advice is to start with a single Dockerfile and get it running either with docker-machine or with the new beta native Mac/Windows Docker, and ignore docker-compose until you feel more comfortable with the lower-level tools.

Docker: Mongo exits on run

Using:
https://registry.hub.docker.com/_/mongo/
I did this to pull in all tags:
docker pull mongo
Then, when I try to run it with
docker run -v /data:/data --name mongodb -p 4000:27017 mongo:2.6.6
The status shows
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5959d3f79243 mongo:2.6.6 "/entrypoint.sh mong 4 seconds ago Exited (1) 3 seconds ago mongodb
Logs show:
numactl: This system does not support NUMA policy
How do I keep mongo running while using docker? I am using Docker 1.4.1 on OSX (boot2docker).
Indeed, the boot2docker VM doesn't support NUMA, and the current Dockerfile executes mongod through numactl. A possible workaround:
$ docker run -v /data:/data --name mongodb -p 4000:27017 --entrypoint=mongod mongo:2.6.6
This uses --entrypoint to override the image defined ENTRYPOINT and execute mongod directly.