ujust install-docker doesn't work #2130
Comments
|
@ricperry I am also having issue, however when watching the install process it appears to install the docker-cli into bazzite and then install a distrobox container that has docker setup. at the end of the install there is an instruction stating run distrobox enter --root docker and this then completes an install of docker inside the container. However after that if try running docker run hello-wold i get docker run hello-world this issue is caused by the /var/run/docker.sock only being accessible to root. however if you run the docker command with sudo it failes due to docker-cli tools missing. Pretty sure i must be missing / doing something wrong here. |
|
@salty2011 To manage Docker as non-root user you need to add the user to "docker" group and reboot the system. |
|
I am having the same problem. I have a solution that kinda work. I also tried to check with Here is what I do for make it work, with some debug command in between to show what is happening, and yes I did expected that the # Reboot of the computer
brodokk@bazzite:~$ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
brodokk@bazzite:~$ distrobox ls --root
[sudo] password for brodokk:
ID | NAME | STATUS | IMAGE
11bb80f86a30 | docker | Exited (137) 4 minutes ago | ghcr.io/ublue-os/docker-distrobox:latest
brodokk@bazzite:~$ distrobox enter --root docker
Starting container... [ OK ]
Installing basic packages... [ OK ]
Setting up devpts mounts... [ OK ]
Setting up read-only mounts... [ OK ]
Setting up read-write mounts... [ OK ]
Setting up host's sockets integration... [ OK ]
Setting up host's nvidia integration... [ OK ]
Integrating host's themes, icons, fonts... [ OK ]
Setting up distrobox profile... [ OK ]
Setting up sudo... [ OK ]
Setting up user's group list... [ OK ]
Executing init hooks... [ OK ]
Setting up init system... [ OK ]
Firing up init system... [ OK ]
Container Setup Complete!
📦[brodokk@docker ~]$
logout
brodokk@bazzite:~$ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
brodokk@bazzite:~$ distrobox enter --root docker
📦[brodokk@docker ~]$ sudo systemctl status docker-setup.service
○ docker-setup.service - Setup Docker Socket in /var/run/
Loaded: loaded (/usr/lib/systemd/system/docker-setup.service; enabled; preset: enabled)
Active: inactive (dead)
📦[brodokk@docker ~]$ sudo systemctl start docker-setup.service
● docker-setup.service - Setup Docker Socket in /var/run/
Loaded: loaded (/usr/lib/systemd/system/docker-setup.service; enabled; preset: enabled)
Active: active (running) since Mon 2025-01-20 18:10:53 UTC; 1min 55s ago
Main PID: 7172 (bash)
Tasks: 2 (limit: 76644)
Memory: 1.5M (peak: 1.6M)
CPU: 4ms
CGroup: /system.slice/docker-setup.service
├─7172 /usr/bin/bash -c "while true; do sleep 1; /usr/bin/socat UNIX-LISTEN:/run/host/var/run/docker.sock,reuseaddr,fork,group=\${DOCKERGROUP:-docker},umask=007 UNIX-CONNECT:/var/run/docker.sock; done"
└─7175 /usr/bin/socat UNIX-LISTEN:/run/host/var/run/docker.sock,reuseaddr,fork,group=docker,umask=007 UNIX-CONNECT:/var/run/docker.sock
brodokk@bazzite:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES |
This should be added to the ujust script then. Currently the script is broken until a user can type the ujust command and have everything work when they reboot. |
|
Also, isn't docker being installed into a distrobox container like inception? It's basically docker within docker within docker. It all seems unnecessary. Any way to just expose the base level docker service? |
@ricperry As far as I understand, Bazzite use Podman to run containers. The containers that is installed via the
You mean typing the |
|
Seems like this repo is where the docker-toolbox is from https://github.com/ublue-os/toolboxes Looking at that, seems like there should either be a quadlet or systemd one-shot service setup for the container to correctly start and export the mounts. When running ujust install-docker after this is completed neither seem to be created. And the toolboxes repo does have either for this toolbox Playing around i was able to get a systemd service working for it, and correctly remount the docker.socket to the host each time. However on start is going to prompt for you password to start. This is because distrobox does not support being run as root, but wee need to start these containers with --root to mount the socket to the host. I get why this is the case, having something like docker start with root privileges is a bad idea from a security aspect. Assuming the docker image that has been pre-setup followed standard install then its likely running the docker service as root. prolly need to rebuild the image and have it in rootless mode, that should mean you can start container as distrobox enter docker.... without the flag. Not sure if the docker-cli needs adjustment to use docker in rootless.... as never done that before... prolly should though here is the docker rootless mode docs https://docs.docker.com/engine/security/rootless/ |
|
@salty2011 Can you share more detailed on what you have done for the systemd service? I am not sure to follow what you mean when you said |
|
hey @brodokk So took a bit of experimenting. But basically they way this is all working the "ujust install-docker" command launches a predefined distrobox container with docker installed. As part of that launch it should mount So i created the following file in ~.distrobox\docker-distrobox\distrobox.ini However after reading up while composing this reply not sure this is actually doing anything as it appears to be related to dsitrobox assemble (however this might be part of the longer term solution) What i did do is create the following systemd entry Stored in ~/.config/systemd/user/docker-distrobox.service then ran these commands to refresh and enable the service this will prompt for credentials when the service start cause its running the container as root. This is why I am saying we probably should rebuild the docker-distrobox container being used to leverage dockers rootless mode, then you can mound the docker.socket into the users home directory. then you would be able to launch the service using "distrobox enter docker" and the docker cli should pickup the docker socket from the home dir. This also means when registering the distrobox as systemd oneshot service it doesnt ask for a password. Full disclosure Im not super familiar with dsitrobox and haven't ran docker in rootless before... just know its possible. Its possible there may be even better solutions |
|
Thank @salty2011 ! I used your experimentation as the base for mine. I am honestly not familiar with silverblue distribution on top of docker in rootless mode as well as podman. Since I want to use VSCode with devcontainer, which is also something that I never done I am just experimenting different things. But when I did look about podman and system services in the podman documentation about generating systemd from podman it say that this is actually deprecated and they are talking about Quadlet (another new thing to me) and their is something about it in the Bazzite documentation which probably something that would be preferred to be used in this case. And since we are talking about rootful container maybe the part about running rootful container as quadlet in Bazzite would be the more interesting here.
[Container]
ContainerName=docker
Image=ghcr.io/ublue-os/docker-distrobox:latest
# Bind Docker resources between host and container
Volume=/var/lib/docker:/var/lib/docker:rslave
[Unit]
Description=Start Docker Distrobox
[Service]
Type=oneshot
RemainAfterExit=true
[Install]
WantedBy=default.targetSadly the problem I am facing for now is that my user is not in the And yes I don't think the file |
|
I can't imagine the Fedora Silverblue group hasn't figured out how to get docker running correctly. So this must primarily be a ujust script problem. https://discussion.fedoraproject.org/t/installing-docker-on-silverblue/119610/4 and |
|
This issue should be fixed by now with #2287, basically it setups the podman socket to be used from docker as a "context" as they call it. |
|
@Zeglius correct me if im wrong but isnt that just aliasing the docker command to podman? |
In a way? Yeah, though compared to just aliasing, you retain certain functionality, like |
|
Hmm I tried it out by manually running as a shell script. But was running into allot of issues after with VScode trying to launch dev containers etc Although I did have the exisiting implementation setup but was broken. Might give another go on my happy then |
|
podman is great, but it is not 1-1 api compatible, leading to issues with terraform tools |
|
Yeah completely agree, when I've used madman it's been pretty amazing. But for things like development right now you hit odd issues like you mentioned with terraform or me with dev containers for vscode. I wonder how of this is to do with the rootless nature,wonder if we set docker into rootless mode how many of the issues we still have... realise won't fix the compose api issues |
|
You guys should just add docker to the base image at this point |
I was starting with rootless docker and it was working ok, there are quirks, but most dev workflows should not need root for running postgres... but one day it stopped working and I wasn't able to figure out why, and found out about ujust install docker, but here we are, so I might try going back having an immutable base requires quite a lot of adapting for dev workflows it is quite upsetting virtualization is another thing that isn't easy on ublue oob |
Describe the bug
When I run 'ujust install-docker' and then reboot, the docker service isn't running. When I attempt to start the service with 'systemctl start docker' I get the error message "Failed to start docker.service: Unit docker.service not found."
What did you expect to happen?
I expected the docker service to be installed, and to start automatically after it's installed, thus allowing me to run docker images.
Output of
rpm-ostree statusState: idle Deployments: ● ostree-image-signed:docker://ghcr.io/ublue-os/bazzite-gnome:stable Digest: sha256:fd884c23497e08b860aa4c12763d17584a45641d05b6bff6c76c698c32254b53 Version: 41.20250106.3 (2025-01-07T04:22:09Z) LayeredPackages: dnfdragora ostree-image-signed:docker://ghcr.io/ublue-os/bazzite-gnome:stable Digest: sha256:fd884c23497e08b860aa4c12763d17584a45641d05b6bff6c76c698c32254b53 Version: 41.20250106.3 (2025-01-07T04:22:09Z)Hardware
AMD 5900X + 6900X, AM4 x570, 32GB DDR4, NVME storage
Extra information or context
I need docker to be up and running for some testing, and I don't want to test outside of a container. When I saw the ujust menu entry 'ujust install-docker' I thought I was golden. But then it just doesn't work, and there aren't any error messages. And when I try to invoke docker from the command line, it just can't find the program. The weird thing is that the whole system seems to be dependent on docker, so it must be available. Am I going crazy?
The text was updated successfully, but these errors were encountered: