Skip to content

Instantly share code, notes, and snippets.

@lukasheinrich
Last active October 10, 2019 17:34
Show Gist options
  • Save lukasheinrich/e23c00240afed83066978dab8c354f52 to your computer and use it in GitHub Desktop.
Save lukasheinrich/e23c00240afed83066978dab8c354f52 to your computer and use it in GitHub Desktop.
Generating RSA private key, 4196 bit long modulus (2 primes)
............++++
.................++++
e is 65537 (0x010001)
Generating RSA private key, 4196 bit long modulus (2 primes)
............................................................................................................................................................................................................................................................................................................................++++
.++++
e is 65537 (0x010001)
Signature ok
subject=CN = docker:dind server
Getting CA Private Key
/certs/server/cert.pem: OK
Generating RSA private key, 4196 bit long modulus (2 primes)
.........................................++++
.........................................................................................................................................................................................................................++++
e is 65537 (0x010001)
Signature ok
subject=CN = docker:dind client
Getting CA Private Key
/certs/client/cert.pem: OK
find: /run/secrets/rhsm: Permission denied
time="2019-10-10T17:18:52Z" level=warning msg="\"builtin\" port driver is experimental"
mount: permission denied (are you root?)
time="2019-10-10T17:18:52Z" level=warning msg="failed to mount sysfs ([[mount -t sysfs none /sys]]), falling back to read-only mount ([[mount -t sysfs -o ro none /sys]]): exit status 1"
time="2019-10-10T17:18:52.809863006Z" level=info msg="Starting up"
time="2019-10-10T17:18:52.810713280Z" level=warning msg="Running experimental build"
time="2019-10-10T17:18:52.810741745Z" level=warning msg="Running in rootless mode. Cgroups, AppArmor, and CRIU are disabled."
time="2019-10-10T17:18:52.810751949Z" level=info msg="Running with RootlessKit integration"
time="2019-10-10T17:18:52.817326496Z" level=warning msg="could not change group /run/user/1000/docker.sock to docker: group docker not found"
time="2019-10-10T17:18:52.820232709Z" level=info msg="libcontainerd: started new containerd process" pid=98
time="2019-10-10T17:18:52.820374777Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2019-10-10T17:18:52.820390686Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2019-10-10T17:18:52.820427932Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/user/1000/docker/containerd/containerd.sock 0 <nil>}] }" module=grpc
time="2019-10-10T17:18:52.820478683Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2019-10-10T17:18:52.820666806Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc00005d5f0, CONNECTING" module=grpc
time="2019-10-10T17:18:52.865983284Z" level=info msg="starting containerd" revision=894b81a4b802e4eb2a91d1ce216b8817763c29fb version=v1.2.6
time="2019-10-10T17:18:52.869796717Z" level=info msg="loading plugin "io.containerd.content.v1.content"..." type=io.containerd.content.v1
time="2019-10-10T17:18:52.870065701Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.btrfs"..." type=io.containerd.snapshotter.v1
time="2019-10-10T17:18:52.873368582Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.btrfs" error="path /home/rootless/.local/share/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
time="2019-10-10T17:18:52.873398762Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.aufs"..." type=io.containerd.snapshotter.v1
time="2019-10-10T17:18:52.882090546Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.aufs" error="modprobe aufs failed: "Device \"aufs\" does not exist.\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1"
time="2019-10-10T17:18:52.882128290Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.native"..." type=io.containerd.snapshotter.v1
time="2019-10-10T17:18:52.882314759Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.overlayfs"..." type=io.containerd.snapshotter.v1
time="2019-10-10T17:18:52.882628838Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1
time="2019-10-10T17:18:52.883077559Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.zfs" error="path /home/rootless/.local/share/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter"
time="2019-10-10T17:18:52.883100465Z" level=info msg="loading plugin "io.containerd.metadata.v1.bolt"..." type=io.containerd.metadata.v1
time="2019-10-10T17:18:52.883207903Z" level=warning msg="could not use snapshotter zfs in metadata plugin" error="path /home/rootless/.local/share/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter"
time="2019-10-10T17:18:52.883226068Z" level=warning msg="could not use snapshotter btrfs in metadata plugin" error="path /home/rootless/.local/share/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
time="2019-10-10T17:18:52.883233545Z" level=warning msg="could not use snapshotter aufs in metadata plugin" error="modprobe aufs failed: "Device \"aufs\" does not exist.\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1"
time="2019-10-10T17:18:52.995782100Z" level=info msg="loading plugin "io.containerd.differ.v1.walking"..." type=io.containerd.differ.v1
time="2019-10-10T17:18:52.995844397Z" level=info msg="loading plugin "io.containerd.gc.v1.scheduler"..." type=io.containerd.gc.v1
time="2019-10-10T17:18:52.995981307Z" level=info msg="loading plugin "io.containerd.service.v1.containers-service"..." type=io.containerd.service.v1
time="2019-10-10T17:18:52.996032024Z" level=info msg="loading plugin "io.containerd.service.v1.content-service"..." type=io.containerd.service.v1
time="2019-10-10T17:18:52.996051365Z" level=info msg="loading plugin "io.containerd.service.v1.diff-service"..." type=io.containerd.service.v1
time="2019-10-10T17:18:52.996070993Z" level=info msg="loading plugin "io.containerd.service.v1.images-service"..." type=io.containerd.service.v1
time="2019-10-10T17:18:52.996105650Z" level=info msg="loading plugin "io.containerd.service.v1.leases-service"..." type=io.containerd.service.v1
time="2019-10-10T17:18:52.996124279Z" level=info msg="loading plugin "io.containerd.service.v1.namespaces-service"..." type=io.containerd.service.v1
time="2019-10-10T17:18:52.996136196Z" level=info msg="loading plugin "io.containerd.service.v1.snapshots-service"..." type=io.containerd.service.v1
time="2019-10-10T17:18:52.996155919Z" level=info msg="loading plugin "io.containerd.runtime.v1.linux"..." type=io.containerd.runtime.v1
time="2019-10-10T17:18:52.996637394Z" level=info msg="loading plugin "io.containerd.runtime.v2.task"..." type=io.containerd.runtime.v2
time="2019-10-10T17:18:52.999498778Z" level=info msg="loading plugin "io.containerd.monitor.v1.cgroups"..." type=io.containerd.monitor.v1
time="2019-10-10T17:18:53.002005632Z" level=info msg="loading plugin "io.containerd.service.v1.tasks-service"..." type=io.containerd.service.v1
time="2019-10-10T17:18:53.002129347Z" level=info msg="loading plugin "io.containerd.internal.v1.restart"..." type=io.containerd.internal.v1
time="2019-10-10T17:18:53.002289492Z" level=info msg="loading plugin "io.containerd.grpc.v1.containers"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.002330538Z" level=info msg="loading plugin "io.containerd.grpc.v1.content"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.002391762Z" level=info msg="loading plugin "io.containerd.grpc.v1.diff"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.002441344Z" level=info msg="loading plugin "io.containerd.grpc.v1.events"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.002478228Z" level=info msg="loading plugin "io.containerd.grpc.v1.healthcheck"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.002531992Z" level=info msg="loading plugin "io.containerd.grpc.v1.images"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.002565616Z" level=info msg="loading plugin "io.containerd.grpc.v1.leases"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.002646400Z" level=info msg="loading plugin "io.containerd.grpc.v1.namespaces"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.002728672Z" level=info msg="loading plugin "io.containerd.internal.v1.opt"..." type=io.containerd.internal.v1
time="2019-10-10T17:18:53.002945669Z" level=warning msg="failed to load plugin io.containerd.internal.v1.opt" error="mkdir /opt/containerd: permission denied"
time="2019-10-10T17:18:53.003052484Z" level=info msg="loading plugin "io.containerd.grpc.v1.snapshots"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.003121013Z" level=info msg="loading plugin "io.containerd.grpc.v1.tasks"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.003169009Z" level=info msg="loading plugin "io.containerd.grpc.v1.version"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.003200399Z" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1
time="2019-10-10T17:18:53.005948726Z" level=info msg=serving... address="/run/user/1000/docker/containerd/containerd-debug.sock"
time="2019-10-10T17:18:53.006214587Z" level=info msg=serving... address="/run/user/1000/docker/containerd/containerd.sock"
time="2019-10-10T17:18:53.006287789Z" level=info msg="containerd successfully booted in 0.141835s"
time="2019-10-10T17:18:53.019743774Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc00005d5f0, READY" module=grpc
time="2019-10-10T17:18:53.027858569Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2019-10-10T17:18:53.027918097Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2019-10-10T17:18:53.028052178Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/user/1000/docker/containerd/containerd.sock 0 <nil>}] }" module=grpc
time="2019-10-10T17:18:53.028075249Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2019-10-10T17:18:53.028192346Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc00005de80, CONNECTING" module=grpc
time="2019-10-10T17:18:53.029799232Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc00005de80, READY" module=grpc
time="2019-10-10T17:18:53.033363683Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2019-10-10T17:18:53.033384311Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2019-10-10T17:18:53.033400051Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/user/1000/docker/containerd/containerd.sock 0 <nil>}] }" module=grpc
time="2019-10-10T17:18:53.033411020Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2019-10-10T17:18:53.033497700Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc0007bc3c0, CONNECTING" module=grpc
time="2019-10-10T17:18:53.035008438Z" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc0007bc3c0, READY" module=grpc
time="2019-10-10T17:18:53.296202698Z" level=warning msg="Your kernel does not support cgroup rt period"
time="2019-10-10T17:18:53.296259078Z" level=warning msg="Your kernel does not support cgroup rt runtime"
time="2019-10-10T17:18:53.296802080Z" level=info msg="Loading containers: start."
time="2019-10-10T17:18:53.316324455Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: Device \"bridge\" does not exist.\nbridge 188416 1 br_netfilter\nstp 16384 1 bridge\nllc 16384 2 bridge,stp\nDevice \"br_netfilter\" does not exist.\nbr_netfilter 24576 0 \nbridge 188416 1 br_netfilter\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n, error: exit status 1"
time="2019-10-10T17:18:53.326539287Z" level=warning msg="Running modprobe nf_nat failed with message: `Device \"nf_nat\" does not exist.\nnf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE\nnf_nat_ipv4 16384 1 iptable_nat\nnf_nat 36864 3 xt_nat,nf_nat_masquerade_ipv4,nf_nat_ipv4\nnf_conntrack 151552 8 nf_conntrack_netlink,xt_nat,ipt_MASQUERADE,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat_ipv4,xt_conntrack,nf_nat\nlibcrc32c 16384 3 nf_nat,nf_conntrack,xfs\nmodprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1"
time="2019-10-10T17:18:53.334843224Z" level=warning msg="Running modprobe xt_conntrack failed with message: `Device \"xt_conntrack\" does not exist.\nxt_conntrack 16384 5 \nnf_conntrack 151552 8 nf_conntrack_netlink,xt_nat,ipt_MASQUERADE,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat_ipv4,xt_conntrack,nf_nat\nmodprobe: can't change directory to '/lib/modules': No such file or directory`, error: exit status 1"
time="2019-10-10T17:18:53.979798826Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
time="2019-10-10T17:18:54.252460485Z" level=info msg="Loading containers: done."
time="2019-10-10T17:18:54.276525483Z" level=info msg="Docker daemon" commit=74b1e89e8a graphdriver(s)=vfs version=19.03.1
time="2019-10-10T17:18:54.277745351Z" level=info msg="Daemon has completed initialization"
time="2019-10-10T17:18:54.594227252Z" level=info msg="API listen on [::]:2376"
time="2019-10-10T17:18:54.594282290Z" level=info msg="API listen on /run/user/1000/docker.sock"
time="2019-10-10T17:19:45.464187056Z" level=info msg="shim containerd-shim started" address="/containerd-shim/moby/1a7bb3167a9db9ca7382821e30914fae24bcfd68487e4d654d4f85e51465304f/shim.sock" debug=false pid=264
time="2019-10-10T17:19:45.510621386Z" level=info msg="shim reaped" id=1a7bb3167a9db9ca7382821e30914fae24bcfd68487e4d654d4f85e51465304f
time="2019-10-10T17:19:45.514060258Z" level=error msg="stream copy error: reading from a closed fifo"
time="2019-10-10T17:19:45.565181305Z" level=warning msg="1a7bb3167a9db9ca7382821e30914fae24bcfd68487e4d654d4f85e51465304f cleanup: failed to unmount IPC: umount /home/rootless/.local/share/docker/containers/1a7bb3167a9db9ca7382821e30914fae24bcfd68487e4d654d4f85e51465304f/mounts/shm, flags: 0x2: no such file or directory"
time="2019-10-10T17:19:45.566781082Z" level=error msg="1a7bb3167a9db9ca7382821e30914fae24bcfd68487e4d654d4f85e51465304f cleanup: failed to delete container from containerd: no such container"
time="2019-10-10T17:19:45.597602550Z" level=error msg="Handler for POST /v1.40/containers/1a7bb3167a9db9ca7382821e30914fae24bcfd68487e4d654d4f85e51465304f/start returned error: OCI runtime create failed: container_linux.go:345: starting container process caused \"process_linux.go:303: getting the final child's pid from pipe caused \\\"EOF\\\"\": unknown"
time="2019-10-10T17:21:50.191087768Z" level=info msg="shim containerd-shim started" address="/containerd-shim/moby/e4746d94a5425e3247b0056aaa7ebb48a346900fc1536fdcd4ce5f7a71a73401/shim.sock" debug=false pid=297
time="2019-10-10T17:21:50.250611927Z" level=info msg="shim reaped" id=e4746d94a5425e3247b0056aaa7ebb48a346900fc1536fdcd4ce5f7a71a73401
time="2019-10-10T17:21:50.261822574Z" level=error msg="stream copy error: reading from a closed fifo"
time="2019-10-10T17:21:50.364998509Z" level=warning msg="e4746d94a5425e3247b0056aaa7ebb48a346900fc1536fdcd4ce5f7a71a73401 cleanup: failed to unmount IPC: umount /home/rootless/.local/share/docker/containers/e4746d94a5425e3247b0056aaa7ebb48a346900fc1536fdcd4ce5f7a71a73401/mounts/shm, flags: 0x2: no such file or directory"
time="2019-10-10T17:21:50.367373940Z" level=error msg="e4746d94a5425e3247b0056aaa7ebb48a346900fc1536fdcd4ce5f7a71a73401 cleanup: failed to delete container from containerd: no such container"
time="2019-10-10T17:21:50.417706778Z" level=error msg="Handler for POST /v1.40/containers/e4746d94a5425e3247b0056aaa7ebb48a346900fc1536fdcd4ce5f7a71a73401/start returned error: OCI runtime create failed: container_linux.go:345: starting container process caused \"process_linux.go:303: getting the final child's pid from pipe caused \\\"EOF\\\"\": unknown"
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: rootless
name: rootless
spec:
replicas: 1
selector:
matchLabels:
run: rootless
template:
metadata:
labels:
run: rootless
spec:
containers:
- image: docker:19.03.1-dind-rootless
name: rootless
command:
- sh
- -c
- dockerd-entrypoint.sh --experimental --storage-driver=vfs
securityContext:
runAsUser: 1000
allowPrivilegeEscalation: true
privileged: true
resources: {}
status: {}
@lukasheinrich
Copy link
Author

this does not work yet for me on CERN k8s clusters. Gives:

lheinric@lxplus740:/tmp/lheinric% k exec -it rootless-7c94dcc5d7-gplvm sh
/ $ export DOCKER_HOST=unix:///run/user/1000/docker.sock
/ $ docker run --rm -it  busybox sh
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:303: getting the final child's pid from pipe caused \"EOF\"": unknown.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment