I tried to enable jmx to check on cache statistics, I tried to do this in local setup with following command
docker run -it --rm --name keycloak
--cap-add SYS_ADMIN
-p 8080:8080
-p 8787:8787
-p 8999:8999
-e KEYCLOAK_ADMIN="keycloak"
-e KEYCLOAK_ADMIN_PASSWORD="keycloak"
-e DEBUG="true"
-e DEBUG_PORT="*:8787"
-e JAVA_OPTS_APPEND="-Xmx1g
-Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.rmi.port=8999
-Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=false -Djava.rmi.server.hostname="$(hostname)"
-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp/keycloak.hprof"
quay.io/keycloak/keycloak:17.0.0 start-dev
--log-level=INFO
Jmx is enabled but not getting connected from jconsole
You should take a look in the log-files. Are there error messages or can you see, wheter the ARGS reach the startup process?
I had some trouble to add the JMX Options on keycloak-16, the ser failed to start afterward. Then I found this article. This works for me.
If you run the docker image on a remote host, you can copy the jboss-cli-client.jar to your local maschine. And after each startof the container you have to add the user again.
Microsoft Windows [Version 10.0.17134.285],
Ubuntu 16.04 (WSL),
docker-ce (stable)
I am following the instructions here - https://nickjanetakis.com/blog/setting-up-docker-for-windows-and-wsl-to-work-flawlessly. I opted for "stable" rather than "edge". I mounted the c drive mapping manually with
sudo mkdir /c
sudo mount --bind /mnt/c /c
rather than the WSL config file way, because I wasn't sure if I wanted it for ALL my WSL instances. Other than that, I followed the instructions.
I have started the Docker daemon with
sudo cgroupfs-mount
sudo dockerd -H tcp://0.0.0.0:2375 --tls=false
When I try to start my container with
docker run -d -p 27017:27017 --name testDB mongo:3.4
I get
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:46: preparing rootfs caused \\\"invalid argument\\\"\"": unknown.
and I cannot connect to the MongoDB on the container using localhost:27017.
docker ps -a
shows
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e115d1c409a3 mongo:3.4 "docker-entrypoint.s…" 6 seconds ago Created 0.0.0.0:27017->27017/tcp testDB
and
docker info
shows
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Kernel Version: 4.4.0-17134-Microsoft
Operating System: Ubuntu 16.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.9GiB
Name: DESKTOP-4F100D9
ID: EFH2:O3RT:3OO4:27P5:ZNK7:N5JW:WE5M:4VSK:QREN:YCV4:GSYG:ZDTR
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory limit support
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No cpu shares support
WARNING: No cpuset support
Any ideas what I did wrong and how to fix it?
(I need to run Docker under Linux(WSL) - I cannot use Docker for Windows because we are using VirtualBox, and Hyper-V is disabled)
Currently, you cannot use docker daemon directly from WSL. There are several issues, mostly with networking. It works only for simple images like hello world (Reddit topic)
What you can do, is connect from WSL to docker daemon in windows. So following the tutorial, you mentioned is fine, but if you're running it with VirtualBox you have to either start default machine or create and start a new one. This docker machine will be your daemon.
By default docker-machine command is not working correctly in WSL, but you can make it works by putting this code to e.g. ~/.bashrc file
# Ability to run docker-machine command properly from WSL
function docker-machine()
{
if [ $1 == "env" ]; then
docker-machine.exe $1 $2 --shell bash | sed 's/C:/\/c/' | sed 's/\\/\//g' | sed 's:#.*$::g' | sed 's/"//g'
printf "# Run this command to configure your shell:\n"
printf "# eval \"\$(docker-machine $1 $2)\"\n"
else
docker-machine.exe "$#"
fi
}
export -f docker-machine
After running source ~/.bashrc or reopening the bash you can run:
docker-machine start default - will start machine
eval $(docker-machine env default) - will connect your bash session to the machine
and then you should be able to run all the docker stuff like
docker ps
docker run -it alpine sh
docker build
etc
The docker machine will run until you either stop it or you shut down your PC. If you open a new bash session (window), you have to run just eval $(docker-machine env default) in order to connect your new session to the machine.
Hope it helps. :)
This is a simple solution which is to use Docker on windows in WSL instead.
Just add the following to your WSL .bashrc file.
export PATH="$HOME/bin:$HOME/.local/bin:$PATH"
export PATH="$PATH:/mnt/c/Program\ Files/Docker/Docker/resources/bin"
alias docker=docker.exe
alias docker-compose=docker-compose.exe
Reference: https://blog.jayway.com/2017/04/19/running-docker-on-bash-on-windows/
I have 3 containers running on my docker, and I need to stop all of them using the following:
sudo docker stop $(docker ps -q)
When a run the command I got this message:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.32/containers/json: dial unix /var/run/docker.sock: connect: permission denied
See 'docker stop --help'.
Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
Stop one or more running containers
I made some search, and the cases that message show does not apply to my environment. I'm using Ubuntu 16.04 LTS with Docker version 17.09.0-ce, build afdb6d4
What does this message mean?
sudo usermod -a -G docker $USER
Reboot then run:
docker container run hello-world
it worked for me on ubuntu 18.2
If you are getting "permission denied" that probably means you haven't added yourself in users group which can operate upon docker. To fix that, go to your terminal and type:
sudo usermod -aG docker <name-of-user-to-grant-permission>
The 'docker' parameter is group created upon installing docker, and you can check that by typing:
getent group | grep docker
And the second parameter is the user you are adding to the group. The list of users you can check by typing:
getent passwd
For more information about command usermod you can find here.
UPDATED:
I installed docker again and just remembered that when you apply this command you need to restart your machine.
It seems your user cannot use docker command, so you need to run it via sudo in parentheses as well:
sudo docker stop $(sudo docker ps -q)
With the advent of
docker volume create
for storage only containers, I'm still using the old way for running postgres on my machine for small applications without a dockerfile:
# MAKE MY DATA STORE
STORAGE_DIR=/home/username/mydockerdata/pgdata
docker create -v $STORAGE_DIR:/var/lib/postgresql/data --name mypgdata ubuntu true
# CREATE THE PG
docker run --name mypg -e POSTGRES_PASSWORD=password123 -d -p 5432:5432 --volumes-from mypgdata library/postgres:9.5.4
# RUN IT
docker start mypg
# docker stop mypg
I have 4 questions:
How could I move the old way to store my data in a local, persistent container to modern volumes?
The permissions my way have always seemed whacky:
$ ls -lah $STORAGE_DIR/..
drwx------ 19 999 root 4.0K Aug 28 10:04 pgdata
Should I do this differently?
Does my networking look correct here? This will be visible only on the machine hosting docker, or is this also published to all machines on my wifi network?
Besides the weak password, standard ports, default usernames, for example here, are there other security fears in doing this for personal use only that I should be aware of?
Create a new volume and copy the data over. Then run your container with the new volume definition.
docker volume create --name mypgdata
docker run --rm \
-v $STORAGE_DIR:/data \
-v mypgdata:/datanew ubuntu \
sh -c 'tar -C /data -cf - . | tar -C /datanew -xvf -'
docker run --rm -v mypgdata:/data ubuntu ls -l /data
The permissions are normal. UID 999 is the postgres user that the postgres image creates.
Port 5432 will be accessible on all your docker hosts interfaces. If you only want it to be available on localhost use --port 127.0.0.1:5432:5432
Moving to listening on localhost mitigates most security issues, until someone gains access to your docker host. General security is a bit too broad a topic for a dot point.
I need to set docker to listen to tcp://0.0.0.0/4243 on my host machine running amazon linux (centos). All the documentation I have seen has told me to run the following command
echo DOCKER_OPTS="-H=tcp://127.0.0.1:4243" >> /etc/default/docker
Which will write the correct docker_opts to /etc/default/docker. I've done this, but when I restart docker it does not listen to 127.0.0.1
I can make docker run correctly by typing
sudo /usr/bin/docker -H tcp://0.0.0.0:4243 -d &
That works, but I want the default option to be listening on tcp://0.0.0.0:4243 without having to specify it every time.
It seems that docker is completely ignoring my /etc/default/docker file so the settings are being ignored. I also tried writing the file to /etc/default/docker.io and /etc/default/docker-io (didn't really expect much to happen)
I need to be able to start docker with just
service docker start
or it will cause issues in my current deployment playbook.
Any thoughts on what I can do to set DOCKER_OPTS and not have to do it every time I restart docker?
In RHEL7, instead of modifying your docker.service unit file, you can also just edit your /etc/sysconfig/docker file:
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS=--selinux-enabled -H unix:///var/run/docker.sock -H tcp://0.0.0.0:4243
and then restart your docker service.
To me, this is more reliable than modifying the service script.
For CentOS 7 (RHEL 7):
Find the systemd docker.service unit file. Mine is located at: /usr/lib/systemd/system/docker.service
In this file, edit the line in the [Service] section beginning with ExecStart=. Add the "-H tcp://0.0.0.0:4243" into the line. (notice there's no "=" between the -H and the IP address as in your example DOCKER_OPTS line above.)
On my system, the entire contents of docker.service then looks like:
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
ExecStart=/usr/bin/docker -d -H tcp://127.0.0.1:4243 -H fd:// $OPTIONS
LimitNOFILE=1048576
LimitNPROC=1048576
[Install]
Also=docker.socket
(I only need Docker to listen on the loopback, instead of all IP addresses.)
After making this edit to the systemd unit file and restarting the Docker service via systemctl restart docker, I see the following process:
root 8574 0.0 0.2 321708 10564 ? Ssl 00:42 0:00 /usr/bin/docker -d -H tcp://127.0.0.1:4243 -H fd:// --selinux-enabled
As you can see, it does now listen on the configured TCP address, and will persist over reboots and service stop/starts.
I cannot believe how many answers there are for this. So here is another one for:
CentOS 7.3
Docker Version = 17.03.1-ce, API Version = 1.27
This answer is built upon an unbelievable playing around combination of this answer and this one and this one.
sudo vim /usr/lib/systemd/system/docker.service
insert " -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"
sudo systemctl daemon-reload //refresh your file changes above
sudo systemctl restart docker
netstat -l | grep 4243 //verify port is open
connect to your docker host from somewhere, like Jenkins Docker Plugin, i.e. tcp://[server_ip]:4243
Editing /etc/docker/daemon.json seems to be the new, supported way.
With Docker 1.7.1 on CentOS 7 neither modifying /usr/lib/systemd/system/docker.service or /etc/sysconfig/docker worked for me. It seems that in systemd sets up the socket, so in order to change the group you have to edit SocketGroup in /usr/lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=jenkins
[Install]
WantedBy=sockets.target
I Think on CentOS, you can try setting the options as below in the file /etc/sysconfig/docker
other_args="-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"
Then restart the docker and try checking if the port is opening using
netstat -plt | grep 4243
This should list if listening
I needed to change the default bridge interface docker0 to use my own bridge interface br0 and putting the following content in that file solved my issue:
CentOS 7.2 and docker 1.10.3
/usr/lib/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon --bridge=br0 -H fd://
and of course the following need to be performed after:
sudo systemctl daemon-reload
sudo systemctl restart docker
ip link del docker0
It worked for me when I followed how its shown in the posts above with drop-in replacement files in: /etc/systemd/system/docker.service.d
I am working on centos 7.
I just want to add insecure-registry in docker config file then I changed "DOCKER_OPTS=--insecure-registry=...." in /etc/sysconfig/docker while it did not work.
While I saw a INSECURE_REGISTRY in the config so I changed this variable and it WORKS!
So I guess DOCKER_OPTS does not work here!
But it worked on my unbuntu 14!
It is really frustrating when using docker!
Based on https://docs.docker.com/engine/admin/configuring/
sudo mkdir /etc/systemd/system/docker.service.d
sudo vi /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// -D -H tcp://127.0.0.1:4243
sudo systemctl daemon-reload
sudo systemctl restart docker
1、edit /usr/lib/systemd/system/docker.service to add two param in the service section:
# vim /usr/lib/systemd/system/docker.service
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
2、reload the configuration,and then restart docker。
# systemctl daemon-reload
# systemctl restart docker
3、to check for success, see if the return the following response。
# ps -ef|grep docker
root 26208 1 0 23:51 ? 00:00:00 /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
reference from Expose the Docker Remote API on Centos 7?
I believe things have changed now, this answer by Brian Ogden had worked for me earlier but didn't work on my environment today, probably with the updated versions of the docker, kernel, and OS.
CentOS 7.4.1708 (on AWS)
Docker 17.03.2-ce
API 1.27
This is what worked after few hit and trials. I could not find it documented anywhere.
In file /etc/systemd/system/docker.service.d/execstart.conf, replace the last ExecStart (there are two) with below
ExecStart=/usr/bin/dockerd --graph=/var/lib/docker --storage-driver=overlay -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock
Now, my files looks like this
# cat /etc/systemd/system/docker.service.d/execstart.conf
[Service]
Restart=always
StartLimitInterval=0
RestartSec=15
ExecStartPre=-/sbin/ip link del docker0
ExecStart=
ExecStart=/usr/bin/dockerd --graph=/var/lib/docker --storage-driver=overlay -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock
#
Once, the above file is changed just the run the below command to activate the changes.
# systemctl daemon-reload && systemctl stop docker && rm -f /var/run/docker.sock && systemctl start docker
To verify if everything is working fine, you can run any (or all) of below commands
# systemctl status docker.service | grep tcp
├─21812 /usr/bin/dockerd --graph=/var/lib/docker --storage-driver=overlay -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock
#
# netstat -an | grep 4243
tcp6 0 0 :::4243 :::* LISTEN
#
# ps aux | grep [4]243
root 21812 1.0 0.8 1017512 67876 ? Ssl 15:11 0:06 /usr/bin/dockerd --graph=/var/lib/docker --storage-driver=overlay -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock
#
# docker -H :4243 info