在 ubuntu 容器内运行 docker

Question

2 days I try to run the docker inside an ubuntu container:

1. docker run -it ubuntu bash
2. Install docker by instruction of https://docs.docker.com/engine/install/ubuntu/ or/andhttps://phoenixnap.com/kb/how-to-install-docker-on-ubuntu-18-04
3. Finally I have installed docker:

root@e65411d2b70a:/# docker -v
Docker version 19.03.6, build 369ce74a3c

4. But when I try to run docker run hello-world have some problem

root@5ac21097b6f6:/# docker run hello-world
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.

In service list not docker:

root@5ac21097b6f6:/# service docker start
docker: unrecognized service
root@5ac21097b6f6:/# service  --status-all
 [ - ]  apparmor
 [ + ]  cgroupfs-mount
 [ - ]  dbus
 [ ? ]  hwclock.sh
 [ - ]  procps
 [ ? ]  ubuntu-fan

When try to run dockerd :

root@5ac21097b6f6:/# dockerd    
INFO[2020-04-23T07:01:11.622627006Z] Starting up                                  
INFO[2020-04-23T07:01:11.624389266Z] libcontainerd: started new containerd process  pid=154
INFO[2020-04-23T07:01:11.624460438Z] parsed scheme: "unix"                         module=grpc
INFO[2020-04-23T07:01:11.624477203Z] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2020-04-23T07:01:11.624532871Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0  <nil>}] <nil>}  module=grpc
INFO[2020-04-23T07:01:11.624560679Z] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2020-04-23T07:01:11.664827037Z] starting containerd                           revision= version="1.3.3-0ubuntu1~18.04.2"
ERRO[2020-04-23T07:01:11.664943052Z] failed to change OOM score to -500            error="write /proc/154/oom_score_adj: permission denied"
...
INFO[2020-04-23T07:01:11.816951247Z] stopping event stream following graceful shutdown  error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)

Not understand why Permission denied if user root .

Install sudo and add root to the group, but it's not help.

apt-get install sudo
usermod -a -G sudo root

- sudo dockerd have the save problem.

How to make work docker inside ubuntu container? Do you have ideas?

ps. I know about docker-in-docker, I need exactly docker inside ubuntu-container

pss. I know about -v /var/run/docker.sock:/var/run/docker.sock - but needed independent the docker service inside ubuntu-container.

Answer 1

When running docker in docker, the container must use the docker engine on your host.

Here is a simple working setup:

1) Create a dockerfile with docker CLI installed. I am using the official compose image, so you also have docker-compose

FROM docker/compose:1.25.5
WORKDIR /app
ENTRYPOINT ["/bin/sh"]

2) When running it, mount the docker sock

$ docker build -t dind .
$ docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock dind

Form within the container, you now have docker. Try running docker ps

Answer 2

If you want to do docker in docker without -v /var/run/docker.sock:/var/run/docker.sock then I am afraid that there is no good way to do this. Sharing the docker socket from host is the classic way to make docker containers run within another docker container.

Answer 3

I was trying my best to run containers within containers just like you for the past few days. Wasted many hours. So far most of the people advise me to do stuff like using the docker's DIND image which is not applicable for my case, as I need the main container to be Ubuntu OS, or to run some privilege command and map the daemon socket into container, like -v /var/run/docker.sock:/var/run/docker.sock (Which never ever works for me, or for any Ubuntu OS I tried. Reason being, the main container which is based on Ubuntu OS does not comes with systemd which is important to run docker containers conveniently like a usual local machine)

The solution I found was to use Nestybox on my Ubuntu 20.04 system and it works best. Its also extremely simple to execute, provided your local system is ubuntu (which they support best), as the container runtime are specifically deigned for such application. It also has the most flexible options. The free edition of Nestybox is perhaps the best method as of Nov 2022. Highly recommends you to try it without bothering all the tedious setup other people suggest. They have many pre-constructed solutions to address such specific needs with a simple command line.

The Nestybox provide special runtime environment for newly created docker container, they also provides some ubuntu/common OS images with docker and systemd in built. Their goal is to make the main container function exactly the same as a virtual machine securely. You can literally ssh into your ubuntu main container as well without the ability to access anything in the main machine. From your main container you may create all kinds of containers like a normal local system does. That systemd is very important for you to setup docker conveniently inside the container.

One simple common command to execute sysbox:

    dock run --runtime=sysbox-runc -it any_image

If you think thats what you are looking for, you can find out more at their github: https://github.com/nestybox/sysbox

Quicklink to instruction on how to deploy a simple sysbox runtime environment container: https://github.com/nestybox/sysbox/blob/master/docs/quickstart/README.md