newsletter
Cadet 4th Year
- Registriert
- Okt. 2014
- Beiträge
- 66
Moin,
Ich möchte gerne Docker rootless betreiben.
So sieht es momentan bei mir aus:
User "dev" ist in docker-gruppe:
Id 1002 ist der dev:
bashrc vom user "dev" ganz unten neu:
( nano ~/.bashrc ):
Test von diesem docker compose File unter /srv/Testumgebung/Docker/heimdall:
Fehlermeldungen:
Nach entfernen von dieser Zeile innerhalb der ~/.bashrc von dev
Kann ich heimdall installieren:
docker compose up -d
... funktioniert auch.
... Nur nicht ohne Root:
docker exec heimdall id
docker exec heimdall ps aux
inspect heimdall:
Logs
....was mache ich falsch?
Ich möchte gerne Docker rootless betreiben.
So sieht es momentan bei mir aus:
Code:
dev@docker:~ $ docker --version
Docker version 24.0.7, build afdd53b
User "dev" ist in docker-gruppe:
Code:
dev@docker:/srv/Testumgebung/Docker/heimdall $ cat /etc/group | grep docker
docker:x:992:dev
Id 1002 ist der dev:
Code:
dev@docker:/srv/Testumgebung/Docker/heimdall $ id dev
uid=1002(dev) gid=1002(dev) groups=1002(dev),100(users),992(docker),1003(share)
bashrc vom user "dev" ganz unten neu:
( nano ~/.bashrc ):
Code:
export DOCKER_CLI_AKV2_ROOTLESS_EXPERIMENTAL=enabled
export PATH=/srv/Testumgebung/Docker:$PATH
export DOCKER_HOST=unix:///run/user/1002/docker.sock
Test von diesem docker compose File unter /srv/Testumgebung/Docker/heimdall:
XML:
---
version: "2.1"
services:
heimdall:
image: lscr.io/linuxserver/heimdall:2.5.6
container_name: heimdall
environment:
- PUID=1002
- PGID=1002
- TZ=Europe/Berlin
volumes:
- /srv/Testumgebung/Docker/heimdall/data:/config
ports:
- 3000:80
- 3001:443
restart: unless-stopped
Fehlermeldungen:
Code:
dev@docker:/srv/Testumgebung/Docker/heimdall $ docker compose up -d
Cannot connect to the Docker daemon at unix:///run/user/1002/docker.sock. Is the docker daemon running?
Nach entfernen von dieser Zeile innerhalb der ~/.bashrc von dev
Code:
export DOCKER_HOST=unix:///run/user/1002/docker.sock
Kann ich heimdall installieren:
docker compose up -d
Code:
dev@docker:/srv/Testumgebung/Docker/heimdall $ docker compose up -d
[+] Running 10/10
✔ heimdall 9 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 41.5s
✔ 6dfc71ecd6ee Pull complete 1.9s
✔ 07a0e16f7be1 Pull complete 0.4s
✔ efbf43c6653c Pull complete 0.5s
✔ 757becd0c00b Pull complete 2.4s
✔ 7afeddcdf0d2 Pull complete 1.1s
✔ b4d37ceee8d2 Pull complete 5.6s
✔ 87ef6e75a017 Pull complete 2.7s
✔ 9d6571547a46 Pull complete 7.1s
✔ 8574d7774a56 Pull complete 3.3s
... funktioniert auch.
... Nur nicht ohne Root:
docker exec heimdall id
Code:
dev@docker:/srv/Testumgebung/Docker/heimdall $ docker exec heimdall id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
docker exec heimdall ps aux
Code:
dev@docker:/srv/Testumgebung/Docker/heimdall $ docker exec heimdall ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 200 64 ? Ss 13:26 0:00 /package/admin/s6/command/s6-svscan -d4 -- /run/service
root 15 0.0 0.0 204 68 ? S 13:26 0:00 s6-supervise s6-linux-init-shutdownd
root 17 0.0 0.0 192 4 ? Ss 13:26 0:00 /package/admin/s6-linux-init/command/s6-linux-init-shutdownd -c /run/s6/basedir -g 3000 -C -B
root 38 0.0 0.0 204 64 ? S 13:26 0:00 s6-supervise svc-queue
root 39 0.0 0.0 204 64 ? S 13:26 0:00 s6-supervise svc-php-fpm
root 40 0.0 0.0 204 68 ? S 13:26 0:00 s6-supervise svc-cron
root 41 0.0 0.0 204 64 ? S 13:26 0:00 s6-supervise svc-nginx
root 42 0.0 0.0 204 68 ? S 13:26 0:00 s6-supervise s6rc-fdholder
root 43 0.0 0.0 204 68 ? S 13:26 0:00 s6-supervise s6rc-oneshot-runner
root 51 0.0 0.0 180 48 ? Ss 13:26 0:00 /package/admin/s6/command/s6-ipcserverd -1 -- /package/admin/s6/command/s6-ipcserver-access -v0 -E -l0 -i data/rules -- /package/admin/s6/command/s6-sudod -t 30000 -- /package/admin/s6-rc/command/s6-rc-oneshot-run -l ../.. --
root 285 0.2 2.1 45716 20052 ? Ss 13:26 0:00 php-fpm: master process (/etc/php82/php-fpm.conf)
abc 286 1.2 5.0 69124 46788 ? Ss 13:26 0:01 php /app/www/artisan queue:work database --sleep=3 --tries=3
root 287 0.0 0.6 18104 6344 ? Ss 13:26 0:00 nginx: master process /usr/sbin/nginx
root 288 0.0 0.1 1696 956 ? Ss 13:26 0:00 /usr/sbin/crond -f -S -l 5
abc 315 0.0 0.2 18552 2276 ? S 13:27 0:00 nginx: worker process
abc 316 0.0 0.2 18552 2276 ? S 13:27 0:00 nginx: worker process
abc 317 0.0 0.2 18552 2276 ? S 13:27 0:00 nginx: worker process
abc 318 0.0 0.2 18552 2276 ? S 13:27 0:00 nginx: worker process
abc 319 0.0 0.6 45724 5724 ? S 13:27 0:00 php-fpm: pool www
abc 320 0.0 0.6 45724 5664 ? S 13:27 0:00 php-fpm: pool www
root 341 100 0.1 2728 1764 ? Rs 13:29 0:00 ps aux
inspect heimdall:
Code:
Inspect
49fcba5b69a7d6e866bcdd1549de1fe73f13f7a5a8dbd3074ef8bde2b1fe4581
AppArmorProfile
Args
Config
AttachStderr true
AttachStdin false
AttachStdout true
Cmd
Domainname
Entrypoint [ /init ]
Env [ PGID=1002, TZ=Europe/Berlin, PUID=1002, PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin, PS1=$(whoami)@$(hostname):$(pwd)\$ , HOME=/root, TERM=xterm, S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0, S6_VERBOSITY=1, S6_STAGE2_HOOK=/docker-mods, VIRTUAL_ENV=/lsiopy, LSIO_FIRST_PARTY=true, S6_BEHAVIOUR_IF_STAGE2_FAILS=2 ]
ExposedPorts { 443/tcp: [object Object], 80/tcp: [object Object] }
Hostname 49fcba5b69a7
Image lscr.io/linuxserver/heimdall:2.5.6
Labels { build_version: Linuxserver.io version:- v2.5.6-ls236 Build-date:- 2023-10-20T18:30:44+00:00, com.docker.compose.config-hash: 13e018d0dbd37bd2d86221e94d4d2a40e9316be7a58478b4a722d34825f47a82, com.docker.compose.container-number: 1, com.docker.compose.depends_on: , com.docker.compose.image: sha256:24cf9ed80be58fd492af419dafc52e39acba70c99604057c95ec03ab89a3cfeb, com.docker.compose.oneoff: False, com.docker.compose.project: heimdall, com.docker.compose.project.config_files: /srv/Testumgebung/Docker/heimdall/docker-compose.yml, com.docker.compose.project.working_dir: /srv/Testumgebung/Docker/heimdall, com.docker.compose.service: heimdall, com.docker.compose.version: 2.21.0, maintainer: aptalca, org.opencontainers.image.authors: linuxserver.io, org.opencontainers.image.created: 2023-10-20T18:30:44+00:00, org.opencontainers.image.description: [Heimdall](https://heimdall.site) is a way to organise all those links to your most used web sites and web applications in a simple way. Simplicity is the key to Heimdall. Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo. , org.opencontainers.image.documentation: https://docs.linuxserver.io/images/docker-heimdall, org.opencontainers.image.licenses: GPL-3.0-only, org.opencontainers.image.ref.name: 10c24c4e6c674b29104a081f4dda09f56d334c1c, org.opencontainers.image.revision: 10c24c4e6c674b29104a081f4dda09f56d334c1c, org.opencontainers.image.source: https://github.com/linuxserver/docker-heimdall, org.opencontainers.image.title: Heimdall, org.opencontainers.image.url: https://github.com/linuxserver/docker-heimdall/packages, org.opencontainers.image.vendor: linuxserver.io, org.opencontainers.image.version: v2.5.6-ls236 }
OnBuild
OpenStdin false
StdinOnce false
Tty false
User
Volumes { /config: [object Object] }
WorkingDir /
Created 2023-11-18T12:26:03.493649996Z
Driver overlay2
ExecIDs
GraphDriver
Data { LowerDir: /var/lib/docker/overlay2/b55aa0d5d5970b98ae73893357528e342d2c0365a66395da56310a3cdceaa60d-init/diff:/var/lib/docker/overlay2/395ad0eea4086ccf7491a6f0ee1f561e68dbec30ea87001ea7dda2175a858ae8/diff:/var/lib/docker/overlay2/96eb64693b6d709e3a508d3a7d45acc9d5117ce3ca4e6e881f3831d9428aa676/diff:/var/lib/docker/overlay2/b00f1418ee3b45042c3f52064cff1bfc029369024d9e37084f7a7dfb4ab42b7d/diff:/var/lib/docker/overlay2/70f00b005c5c09db6c1f0569a1c252d31916b7916a7578794925398f2168eff5/diff:/var/lib/docker/overlay2/843c622c5aaa62541432f670c01de2bd730993990eca1a0685da3d1a20dd2811/diff:/var/lib/docker/overlay2/186697fe70b05514784715df390b1e5c63a404ac1f9f9d21018b64e4722ef52e/diff:/var/lib/docker/overlay2/b20f5372eec8c5ef7aa30051d0dc38fd1d63242324b8f75a0519ec8f33359617/diff:/var/lib/docker/overlay2/83c659717ba668a2da4aa1d542af44d7aecff98c87bf47f75a26b7e039d6b2bc/diff:/var/lib/docker/overlay2/e5a4f7a40b40e8155f4f74946d9ba9b489d0fbffe872ffa2dbd7e42f0c0f9dce/diff, MergedDir: /var/lib/docker/overlay2/b55aa0d5d5970b98ae73893357528e342d2c0365a66395da56310a3cdceaa60d/merged, UpperDir: /var/lib/docker/overlay2/b55aa0d5d5970b98ae73893357528e342d2c0365a66395da56310a3cdceaa60d/diff, WorkDir: /var/lib/docker/overlay2/b55aa0d5d5970b98ae73893357528e342d2c0365a66395da56310a3cdceaa60d/work }
Name overlay2
HostConfig
AutoRemove false
Binds [ /srv/Testumgebung/Docker/heimdall/data:/config:rw ]
BlkioDeviceReadBps
BlkioDeviceReadIOps
BlkioDeviceWriteBps
BlkioDeviceWriteIOps
BlkioWeight 0
BlkioWeightDevice
CapAdd
CapDrop
Cgroup
CgroupParent
CgroupnsMode private
ConsoleSize [ 0, 0 ]
ContainerIDFile
CpuCount 0
CpuPercent 0
CpuPeriod 0
CpuQuota 0
CpuRealtimePeriod 0
CpuRealtimeRuntime 0
CpuShares 0
CpusetCpus
CpusetMems
DeviceCgroupRules
DeviceRequests
Devices
Dns
DnsOptions
DnsSearch
ExtraHosts [ ]
GroupAdd
IOMaximumBandwidth 0
IOMaximumIOps 0
IpcMode private
Isolation
Links
LogConfig { Config: [object Object], Type: json-file }
MaskedPaths [ /proc/asound, /proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/timer_list, /proc/timer_stats, /proc/sched_debug, /proc/scsi, /sys/firmware, /sys/devices/virtual/powercap ]
Memory 0
MemoryReservation 0
MemorySwap 0
MemorySwappiness
NanoCpus 0
NetworkMode heimdall_default
OomKillDisable
OomScoreAdj 0
PidMode
PidsLimit
PortBindings { 443/tcp: [object Object], 80/tcp: [object Object] }
Privileged false
PublishAllPorts false
ReadonlyPaths [ /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger ]
ReadonlyRootfs false
RestartPolicy { MaximumRetryCount: 0, Name: unless-stopped }
Runtime runc
SecurityOpt
ShmSize 67108864
UTSMode
Ulimits
UsernsMode
VolumeDriver
VolumesFrom
HostnamePath /var/lib/docker/containers/49fcba5b69a7d6e866bcdd1549de1fe73f13f7a5a8dbd3074ef8bde2b1fe4581/hostname
HostsPath /var/lib/docker/containers/49fcba5b69a7d6e866bcdd1549de1fe73f13f7a5a8dbd3074ef8bde2b1fe4581/hosts
Id 49fcba5b69a7d6e866bcdd1549de1fe73f13f7a5a8dbd3074ef8bde2b1fe4581
Image sha256:24cf9ed80be58fd492af419dafc52e39acba70c99604057c95ec03ab89a3cfeb
LogPath /var/lib/docker/containers/49fcba5b69a7d6e866bcdd1549de1fe73f13f7a5a8dbd3074ef8bde2b1fe4581/49fcba5b69a7d6e866bcdd1549de1fe73f13f7a5a8dbd3074ef8bde2b1fe4581-json.log
MountLabel
Mounts
0 { Destination: /config, Mode: rw, Propagation: rprivate, RW: true, Source: /srv/Testumgebung/Docker/heimdall/data, Type: bind }
Name /heimdall
NetworkSettings
Bridge
EndpointID
Gateway
GlobalIPv6Address
GlobalIPv6PrefixLen 0
HairpinMode false
IPAddress
IPPrefixLen 0
IPv6Gateway
LinkLocalIPv6Address
LinkLocalIPv6PrefixLen 0
MacAddress
Networks { heimdall_default: [object Object] }
Ports { 443/tcp: [object Object],[object Object], 80/tcp: [object Object],[object Object] }
SandboxID 82d6a9a72d7eed8128c0372fe240e9f03c20c4deda7aa491eea7ceaff9ca0930
SandboxKey /var/run/docker/netns/82d6a9a72d7e
SecondaryIPAddresses
SecondaryIPv6Addresses
Path /init
Platform linux
ProcessLabel
ResolvConfPath /var/lib/docker/containers/49fcba5b69a7d6e866bcdd1549de1fe73f13f7a5a8dbd3074ef8bde2b1fe4581/resolv.conf
RestartCount 0
State
Dead false
Error
ExitCode 0
FinishedAt 0001-01-01T00:00:00Z
OOMKilled false
Paused false
Pid 2410
Restarting false
Running true
StartedAt 2023-11-18T12:26:13.883057523Z
Status running
Logs
Code:
[migrations] started
[migrations] 01-nginx-site-confs-default: executing...
[migrations] 01-nginx-site-confs-default: succeeded
[migrations] 02-default-location: executing...
[migrations] 02-default-location: succeeded
[migrations] done
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1002
User GID: 1002
───────────────────────────────────────
Setting resolver to 127.0.0.11
Setting worker_processes to 4
generating self-signed keys in /config/keys, you can replace these with your own keys if required
....+...+...+....+...+........+...+....+......+..+++++++++++++++++++++++++++++++++++++++*........+...+....+...+.....+....+...........+....+...+...+...+..+....+.....+.+...+.....+......+....+.....+.+++++++++++++++++++++++++++++++++++++++*........+................+..+.......+.....++++++
..........+.....+++++++++++++++++++++++++++++++++++++++*............+......+.+.........+..+....+...+..+.+..+............+...+++++++++++++++++++++++++++++++++++++++*..+...+....+..............+.....................................+..+...+...+.+...+..+..........+.....+.+.................+......+.......+........+.........+.+..++++++
-----
New container detected, installing Heimdall
chown: cannot dereference '/app/www/database/app.sqlite': No such file or directory
chown: cannot dereference '/app/www/.env': No such file or directory
Creating app key. This may take a while on slower systems
Application key set successfully.
[custom-init] No custom files found, skipping...
[ls.io-init] done.
....was mache ich falsch?