My goal is to be able to remote debug from Atom.io. into a docker container running go in dlv debugger. This is the first problem:
Update:1. I am running Docker container on a mac, but that should not influence the code signing thing as I am running in a container, right?
Update:2. Codesignig the host, did not help.
Error:
1. root#...:/go/src/app# go get github.com/derekparker/delve/cmd/dlv
2. root#...:/go/src/app# dlv debug hello.go
could not launch process: fork/exec ./debug: operation not permitted
Then tried to
1. root#...:/go/src/app# sudo
2. bash: sudo: command not found
According Delve Issue #515
Docker has security settings preventing ptrace(2) operations by
default with in the container. Pass --security-opt seccomp:unconfined
to docker run when starting.
*confirmation of this in official docker bug tracker https://github.com/docker/docker/issues/21051
It seems to work if you start the container with --privileged. I've tried to figure out if there is a more fine-grained capability but failed.
Also I just found https://github.com/steeve/homebrew-delve which should make things easier on OSX.
Docker has security settings preventing ptrace(2)
See how i fixed it.
if using a docker-compose file to run the container then append seccomp:unconfined in the services section like below
api:
security_opt:
- seccomp:unconfined
if using docker run ...passing seccomp:unconfined works as well
Run Docker container as a command:
docker run -itd -p 2028:22 -p 2345:2345 --dns=10.236.8.8 --privileged=true --name=golang centos7-golang /usr/bin/supervisord
it works for me~
Related
I have Ubuntu 22.04,
I have Java Spring-boot project, I run Idea, then run docker-compose.yml and get this message:
Cannot connect to the docker daemon at unix:///var/run/docker.sock.
Is the docker daemon running? (Details:[13] Permission denied)
What should I check?
You can take this perfect Tutorial: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-22-04
The important section for you is: Step 2 — Executing the Docker Command Without Sudo (Optional)
Your Problem is that you try to use docker without sudo. You have no permission for that.
I have vm environment which i have created using Microsoft azure cloud. I have installed docker in this vm. I can run docker image without specifying the any terminal like sh or bash and it is working. when i say
docker run -it hello-world --->> it works
docker run -it hello-world sh ---->>> it don't works.
actually i am working on a networking tool kathara where i have to start a virtual lab using many pcs and router and then i have to specify the terminal for them when i want to open any pc or router.
this is the actual error i am getting wheni start conatiner
"critical - 400 client error: bad request ("oci runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown")"
docker run -it hello-world runs the container's default command: ./hello. That works, because that's what the container is designed to do.
docker run -it hello-world /bin/bash tries to run /bin/bash inside the container. That doesn't work, because that's not what the container is designed to do. That command does not exist within the container.
If you want to run /bin/bash, choose a container that has /bin/bash.
This is even suggested in the output of docker run -it hello-world:
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
I try to run docker in bash ubuntu on windows. But every time I get this message
"Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?". If i run it in powershell - it work. Can somebody help?
Connecting to the docker deamon requires some privilidges that you don't have when starting the bash terminal.
You can however use the docker command terminal which will allow you to interact with the docker deamon.
Found the solution on this post: https://blog.jayway.com/2017/04/19/running-docker-on-bash-on-windows/
Connect Docker on WSL to Docker on Windows
Running docker against an engine on a different machine is actually quite easy, as Docker can expose a TCP endpoint which the CLI can attach to.
This TCP endpoint is turned off by default; to activate it, right-click the Docker icon in your taskbar and choose Settings, and tick the box next to “Expose daemon on tcp://localhost:2375 without TLS”.
With that done, all we need to do is instruct the CLI under Bash to connect to the engine running under Windows instead of to the non-existing engine running under Bash, like this:
$ docker -H tcp://0.0.0.0:2375 images
REPOSITORY TAG IMAGE ID CREATED SIZE
There are two ways to make this permanent – either add an alias for the above command, or better yet, export an environment variable which instructs Docker where to find the host engine:
$ echo "export DOCKER_HOST='tcp://0.0.0.0:2375'" >> ~/.bashrc
$ source ~/.bashrc
Now, running docker commands from Bash works just like they’re supposed to.
$ docker run hello-world
Hello from Docker!This message shows that your installation appears to be working correctly.
I'm trying to run the Hetionet v1.0 docker container mentioned in this SO post.
I've setup a digitalocean droplet with Docker
I ran docker pull dhimmel/hetionet and it worked
Now I run docker run dhimmel/hetionet and the following happens (and never returns to the interactive shell prompt).
If that completed successfully I think the last thing I'm supposed to do is run sh ~/run-docker.sh. Furthermore nothing is live at my droplet's ip_address:7474.
The error in the screenshot above looks a lot like it could be related to some redundant #Path("/") annotation, as described in this SO post's comment, buried in the docker container but I'm not sure.
Is the output from running docker run dhimmel/hetionet supposed to hang my shell? I'm running a 2 GB Memory / 40 GB Disk Droplet on Ubuntu 16.04 with Docker 1.12.5.
Thanks for your interest in the Hetionet Docker.
The output in 3 is expected. It looks like a Docker container successfully launched, downloaded the Hetionet database, and launched the Neo4j server. I'll look into fixing the warnings, but they're not errors, as Neo4j is still launching.
For production, we use a more advanced Docker run command. Depending on your use case, you may want to use the development docker run command:
docker run \
--publish=7474:7474 \
--publish=7687:7687 \
--volume=$HOME/neo4j/hetionet-data:/data \
--volume=$HOME/neo4j/hetionet-logs:/var/lib/neo4j/logs \
dhimmel/hetionet
Both the production and development command map ports. This will make it so the Neo4j server running inside your Docker container is available at http://localhost:7474/. This is most likely what you want. If you're doing this on DigitalOcean, you would replace http://localhost with the IP address of your droplet.
For an interactive shell session in a dhimmel/hetionet container, you can use:
docker run --interactive --tty dhimmel/hetionet bash
However, that command does not launch the Neo4j server -- it just let's you explore the image.
Does this clear things up?
I am trying to push some image to my registry, but when i tried to do:
sudo docker push myreg:5000\image
i got some error that told me that i need to start docker daemon with
docker -d --insecure-registry myreg:5000
So i stopped the docker service, and started it using the command above, once i do that the current shell window(ssh) is stuck with docker output, and if i close it the docker service is stopped.
I know this is an easy one, and i searched for hours and couldn't find anything.
Thank you
The problem is that when i run the command, i get all the docker output to the shell, and if i close it, the docker service stopped, usually the -d should take care of it, but it wont work
I think there's a confusion here; the top-level -d (docker -d) flag starts docker in daemon mode, in the foreground. This is different from the docker run -d <image> flag, which means "start a container from <image>, in detached mode". What you're seeing on your screen, is the daemon output / logs, waiting for connections from a docker client.
Back to your original issue;
The instructions to run docker -d --insecure-registry myreg:5000 could be clearer, but they illustrate that you should change the daemon options of your docker service to include the --insecure-registry myreg:5000 option.
Depending on the process manager your system users (e.g., upstart or systemd), this means you'll have to edit the /etc/default/docker file (see the documentation), or adding a "drop-in" file to override the default systemd service options; see SystemD custom daemon options
Some notes;
The top-level -d option is deprecated in docker 1.8 in favor of the new docker daemon command
Using --insecure-registry is discouraged for security reasons as it allows both unencrypted and untrustworthy communication with the registry. It's preferable to add your CA to the trusted list of your system.