Proxmox LXC Docker Pull Issues

Discussion in 'Proxmox VE: Installation and configuration' started by lastb0isct, Oct 13, 2016.

  1. lastb0isct

    lastb0isct Member

    Joined:
    Dec 29, 2015
    Messages:
    61
    Likes Received:
    0
    Hi All,

    Looks like i'm having issues with a CT with Docker installed. The Error i'm receiving is as follows:

    [​IMG]

    Does anyone have any advise?
     
  2. 1nerdyguy

    1nerdyguy Member

    Joined:
    Apr 17, 2014
    Messages:
    118
    Likes Received:
    2
    I don't think putting a container in a container is adviseable.

    Spin up a basic *buntu or Debian of CentOS KVM host, and then put your docker stuff on that.
     
  3. lastb0isct

    lastb0isct Member

    Joined:
    Dec 29, 2015
    Messages:
    61
    Likes Received:
    0
    According to https://github.com/docker/docker/issues/6783 it should be able to, shouldn't it? I saw some discussion on the forum regarding this, but not sure. Just to be clear, I'm able to get docker running in the LXC, i'm just getting that error when attempting to use docker to pull an image down.
     
  4. 1nerdyguy

    1nerdyguy Member

    Joined:
    Apr 17, 2014
    Messages:
    118
    Likes Received:
    2
    Not saying it isn't possible, but I don't see the benefit personally. It's another layer of abstraction that isn't officially 'the way' of doing it, so possible support issue.

    docker on KVM, on the other hand, is supported, known, and easy.
     
  5. lastb0isct

    lastb0isct Member

    Joined:
    Dec 29, 2015
    Messages:
    61
    Likes Received:
    0
    Just want things to be running on Baremetal whenever possible. I see the reasoning why it makes sense on KVM, but would be nice to try on CT as well.
     
  6. LnxBil

    LnxBil Well-Known Member

    Joined:
    Feb 21, 2015
    Messages:
    3,168
    Likes Received:
    266
    What about the syslog on the Proxmox VE host around the time of the failure?
     
  7. lastb0isct

    lastb0isct Member

    Joined:
    Dec 29, 2015
    Messages:
    61
    Likes Received:
    0
    Aha! That is where the logs would be!! I was looking for them for a while, definitely makes sense. This is the error it shows:

    [​IMG]
     
  8. LnxBil

    LnxBil Well-Known Member

    Joined:
    Feb 21, 2015
    Messages:
    3,168
    Likes Received:
    266
    You need to change the your profile to allow mounts. I've never done it, so I cannot help but I suggest you google for the error with apparmor. You normally need to change the used profile or extend it be able to do such things. (e.g. running NFS inside LXC also needs changes to profile and loosen the security).
     
  9. HeroCC

    HeroCC New Member

    Joined:
    May 6, 2016
    Messages:
    4
    Likes Received:
    0
    Same issue here, same error: Error response from daemon: ApplyLayer exit status 1 stdout: stderr: permission denied. Using http://askubuntu.com/a/380000/353466 helped to solve it.
     
  10. Alban Staehli

    Alban Staehli Member

    Joined:
    May 7, 2015
    Messages:
    41
    Likes Received:
    0
    Hey, thx for this!
    Tried to set the below within the /etc/pve/lxc/<CTID>.conf file of the container having docker:
    lxc.aa_profile: unconfined
    lxc.cgroup.devices.allow: b 7:* rwm
    lxc.cgroup.devices.allow: c 10:237 rwm

    I don't get the
    Error response from daemon: ApplyLayer exit status 1 stdout: stderr: permission denied
    But I then get another type of error:
    Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:291: setting cgroup config for ready process caused \"failed to write c 10:200 rwm to devices.allow: write /sys/fs/cgroup/devices/docker/*/devices.allow: operation not permitted\"".

    How did you make it work @HeroCC ?
     
  11. HeroCC

    HeroCC New Member

    Joined:
    May 6, 2016
    Messages:
    4
    Likes Received:
    0
    It's been a while since I did this, but after this fix I ran `docker run -d -p 38001:8001 --security-opt apparmor=lxc-container-default DOCKER/URLHERE` and it starts fine. I may have tried to install `apparmor` inside the container but I'm not 100% sure. It is a Ubuntu 16.04 container.
     
  12. tripflex

    tripflex New Member

    Joined:
    Jan 18, 2013
    Messages:
    10
    Likes Received:
    0
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice