On Tue, 24 Oct 2017 07:35:35 -0400
Todd Goodman <t...@bonedaddy.net> wrote:
> On 10/23/2017 10:46 PM, tu...@posteo.de wrote:
> >
> >>>> Hi Robert,
> >>>>
> >>>> oh YEAH!
> >>>> Thanks a lot for that quick start!
> >>>>
> >>>> I didi it, but...
> >>>> #>eix -I docker
> >>>> [I] app-emulation/docker
> >>>> Available versions: 17.03.2^si (~)17.06.2^si (~)17.09.0^si
> >>>> **9999^si {apparmor aufs btrfs +container-init +device-mapper
> >>>> hardened overlay pkcs11 seccomp} Installed versions:
> >>>> 17.09.0^si(05:48:14 PM 10/23/2017)(container-init device-mapper
> >>>> seccomp -apparmor -aufs -btrfs -hardened -overlay -pkcs11)
> >>>> Homepage: https://dockerproject.org
> >>>> Description: The core functions you need to create
> >>>> Docker images and run Docker containers
> >>>>
> >>>> [I] app-emulation/docker-proxy
> >>>> Available versions: 0.8.0_p20161111 (~)0.8.0_p20170917^t
> >>>> **9999 Installed versions: 0.8.0_p20170917^t(05:46:10 PM
> >>>> 10/23/2017) Homepage:
> >>>> https://github.com/docker/libnetwork Description: Docker
> >>>> container networking
> >>>>
> >>>> [I] app-emulation/docker-runc
> >>>> Available versions: 1.0.0_rc2_p20170308^t
> >>>> (~)1.0.0_rc3_p20170706^t (~)1.0.0_rc4_p20170917^t {+ambient
> >>>> apparmor hardened +seccomp} Installed versions:
> >>>> 1.0.0_rc4_p20170917^t(05:46:07 PM 10/23/2017)(ambient seccomp
> >>>> -apparmor -hardened) Homepage: http://runc.io
> >>>> Description: runc container cli tools (docker fork)
> >>>>
> >>>>
> >>>> #>groups
> >>>> wheel mail uucp audio cdrom video games cdrw usb users docker
> >>>> wireshark vboxusers vlock realtime ^----^
> >>>>
> >>>> (as root)
> >>>> #>/etc/init.d/docker start
> >>>> * WARNING: docker has already been started
> >>>> (so it is runnig)
> >>>>
> >>>> (as user again)
> >>>> #>docker run --name firefox -e DISPLAY=$DISPLAY
> >>>> --device /dev/snd -v /tmp/.X11-unix:/tmp/.X11-unix -v
> >>>> $XAUTHORITY:/tmp/.host_Xauthority:ro -dti openhs/firefox-ubuntu
> >>>> docker: Cannot connect to the Docker daemon at
> >>>> unix:///var/run/docker.sock. Is the docker daemon running?. See
> >>>> 'docker run --help'. [1] 10401 exit 125 docker run --name
> >>>> firefox -e DISPLAY=$DISPLAY --device /dev/snd -v -v -dti
> >>>>
> >>>> Hmmmm...seems I missed something...
> >>>>
> >>>> Cheers
> >>>> Meino
> >>>>
> >>>>
> >>>>
> >>>>
> >>> Found this in dmesg
> >>>
> >>> [ 1587.391861] device-mapper: table: 254:0: thin-pool: unknown
> >>> target type [ 1587.391863] device-mapper: ioctl: error adding
> >>> target to table
> >>>
> >>> these two lines are added when I try to start /etc/ini.d/docker
> >>> as root.
> >>>
> >>> Cheers
> >>> Meino
> >>>
> >>>
> >>>
> >> I could this problem by defining
> >>
> >> CONFIG_DM_THIN_PROVISIONING=y
> >>
> >> in the kernel, recompile it and the message disappears.
> >> BUT:
> >> still docker does not start...
> >>
> >> How can I fix that?
> >>
> >> Cheers
> >> Meino
> >>
> >>
> > Next fix:
> > Need to activate the complete cgroup features.
> >
> > Now I get this error message in /var/log/docker.log
> >
> > time="2017-10-24T04:42:39.358339658+02:00" level=info msg="Loading
> > containers: start." time="2017-10-24T04:42:39.869600530+02:00"
> > level=error msg="could not get initial namespace: no such file or
> > directory" time="2017-10-24T04:42:39.884438663+02:00" level=error
> > msg="failed to set to initial namespace,
> > readlink /proc/4588/task/4588/ns/net: no such file or directory,
> > initns fd -1: bad file descriptor"
> > time="2017-10-24T04:42:39.885161875+02:00" level=info msg="Default
> > bridge (docker0) is assigned with an IP address 172.17.0.0/16.
> > Daemon option --bip can be used to set a preferred IP address"
> > time="2017-10-24T04:42:39.885339857+02:00" level=error msg="failed
> > to set to initial namespace, readlink /proc/4588/task/4588/ns/net:
> > no such file or directory, initns fd -1: bad file descriptor" Error
> > starting daemon: Error initializing network controller: Error
> > creating default "bridge" network: Failed to program NAT chain:
> > Failed to inject DOCKER in PREROUTING chain: iptables failed:
> > iptables --wait -t nat -A PREROUTING -m addrtype --dst-type LOCAL
> > -j DOCKER: iptables: No chain/target/match by that name.
> >
> > ...and now I really did not know how to hack further...
> >
> > Any help is very appreciated...
> >
> > Cheers
> > Meino
> >
>
> You might need CONFIG_NF_NAT_IPV4 configured in your kernel to get the
> NAT table for iptables (-t nat)
The emerge should print/log which kernel options you do not have and
should have enabled if I am not mistaken. Docker uses some advanced
kernel features. I forgot to mention to check the kernel config in
my quick start, sorry.
Robert
--
Róbert Čerňanský
E-mail: ope...@tightmail.com
Jabber: h...@jabber.sk
