Unable to connect to docker.sock when it exist with permissions running inside docker container
Question
I'm setting up a base image that has docker installed and configured so when I run my jenkins pipeline I can do anchore scanning. I have to pull the anchore image inside the docker image because my pipeline is running on a docker agent. However, even running locally trying to build a docker image and just run a simple hello-world docker container or do a docker pull fails to connect to the docker socket. I added the root user to the docker group, I even chmod 777 and a+xX to the docker.sock. For some reason its in both /run/docker.sock and /var/run/docker.sock it seems it gets symlinked. I'm using ubuntu:18.04-bionic release to build from and installing from the ubuntu repository. The Ubuntu image doesn't have systemd installed and when I install systemd it says it wasn't started with boot which means it has to be installed on boot when the image starts up. I start it with service docker start.
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for dbus (1.12.2-1ubuntu1) ...
/usr/bin/docker
/usr/share/bash-completion/completions/docker
/etc/init.d/docker
/etc/default/docker
/etc/docker
* Starting Docker: docker
...done.
/run/docker.sock
total 32K
drwxr-xr-x 1 root root 4.0K Oct 31 17:49 .
drwxr-xr-x 1 root root 4.0K Oct 31 17:49 ..
drwxr-xr-x 2 dnsmasq nogroup 4.0K Oct 31 17:49 dnsmasq
drwx------ 4 root root 4.0K Oct 31 17:49 docker
-rw-r--r-- 1 root root 6 Oct 31 17:49 docker-ssd.pid
srwxrwxrwx 1 root docker 0 Oct 31 17:49 docker.sock
drwxrwxrwt 2 root root 4.0K Oct 18 21:02 lock
drwxr-xr-x 2 root root 4.0K Oct 18 21:02 mount
drwxr-xr-x 2 root root 4.0K Oct 19 00:47 systemd
-rw-rw-r-- 1 root utmp 0 Oct 18 21:02 utmp
total 32K
drwxr-xr-x 1 root root 4.0K Oct 31 17:49 .
drwxr-xr-x 1 root root 4.0K Oct 31 17:49 ..
drwxr-xr-x 2 dnsmasq nogroup 4.0K Oct 31 17:49 dnsmasq
drwx------ 4 root root 4.0K Oct 31 17:49 docker
-rw-r--r-- 1 root root 6 Oct 31 17:49 docker-ssd.pid
srwxrwxrwx 1 root docker 0 Oct 31 17:49 docker.sock
drwxrwxrwt 2 root root 4.0K Oct 18 21:02 lock
drwxr-xr-x 2 root root 4.0K Oct 18 21:02 mount
drwxr-xr-x 2 root root 4.0K Oct 19 00:47 systemd
-rw-rw-r-- 1 root utmp 0 Oct 18 21:02 utmp
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
My Dockerfile
FROM ubuntu:bionic
#requirements
#docker
#kubectl
#terraform
#kops
#mysql
#systemd
ENV DEBIAN_FRONTEND=noninteractive \
NVM_VERSION=0.33.11 \
NODE_VERSION=9.11.1
RUN set -e && \
echo "NODE_VERSION: $NODE_VERSION" && \
apt-get update --yes && \
apt-get install git \
gnupg \
wget \
curl \
apt-utils \
gcc \
g++ \
make \
build-essential \
nginx \
python \
vim \
gnupg \
gnupg2 \
net-tools \
software-properties-common \
npm \
curl \
libxss1 \
libappindicator1 \
libindicator7 \
apt-utils \
fonts-liberation \
xfonts-cyrillic \
xfonts-100dpi \
xfonts-75dpi \
xfonts-base \
xfonts-scalable \
libappindicator3-1 \
libasound2 \
libatk-bridge2.0-0 \
libgtk-3-0 \
libnspr4 \
libnss3 \
libx11-xcb1 \
libxtst6 \
xdg-utils \
lsb-release \
xvfb \
python-pip \
default-jre \
gtk2-engines-pixbuf -y && \
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb && \
dpkg -i google-chrome*.deb && \
NVM_DIR="$HOME/.nvm" && \
PROFILE="$HOME/.profile" && \
git clone --branch "v$NVM_VERSION" --depth 1 https://github.com/creationix/nvm.git "$NVM_DIR" && \
echo >> "$PROFILE" && \
echo 'export NVM_DIR="$HOME/.nvm"' >> "$PROFILE" && \
echo '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm' >> "$PROFILE" && \
echo '[ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion" # This loads nvm bash_completion' >> "$PROFILE" && \
. $NVM_DIR/nvm.sh && \
nvm install $NODE_VERSION && \
apt-get install npm --yes && \
rm -rf /usr/lib/openssh/ssh-keysign && \
mkdir -p /tmp/nginx && \
pip install awscli && \
wget https://github.com/kubernetes/kops/releases/download/1.10.0/kops-linux-amd64 && \
wget https://storage.googleapis.com/kubernetes-release/release/v1.8.4/bin/linux/amd64/kubectl && \
cp kops-linux-amd64 /usr/local/bin/kops && \
cp kubectl /usr/local/bin/kubectl && \
chmod a+xX /usr/local/bin/kubectl && \
chmod a+xX /usr/local/bin/kops && \
apt install docker.io -y && \
find / -name 'docker' && \
usermod -aG docker root && \
service docker start && \
find / -name 'docker.sock' && \
chmod a+xX /run/docker.sock && \
chmod 777 /run/docker.sock && \
# this doens't work because it exists in var/run as well which doesn't make sense because its not there in the find command. ln -s /run/docker.sock /var/run/docker.sock && \
ls -lah /run/ && \
ls -lah /var/run/ && \
docker run hello-world
RUN npm install --global lerna
EXPOSE 80
Tried everything I can think of. Looking for ideas...
1 answers
solution1
0 2018-10-31 18:59:00
If you're just trying to access the Docker daemon on the host, you don't need to also (attempt to) start the daemon inside the container; you just need a compatible /usr/bin/docker , and to use docker run -v to bind-mount the host's Docker socket into the container at startup time.
If you need to do basic Docker operations ( docker pull , docker build , docker push ) then the usual approach is to use the host's Docker daemon and not try to run your own. There are a couple of old blog posts advising against running Docker inside Docker; it's theoretically possible but leads to confusing questions about “which Docker am I talking to” and the setup is difficult in any case.
(All of the following statements are about 80% true: you can't start a background daemon in a Dockerfile; you can't service or systemctl anything inside Docker ever; you can't run the Docker daemon inside a Docker container. Trying to work around these usually isn't a best practice.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.