791 字
4 分钟
docker rootless 安装失败:slirp4netns or vpnkit
安装
在安装docker-rootless时,输出如下
➜ ~ dockerd-rootless-setuptool.sh install
[INFO] Creating /home/lolli/.config/systemd/user/docker.service
[INFO] starting systemd service docker.service
+ systemctl --user start docker.service
+ sleep 3
+ systemctl --user --no-pager --full status docker.service
● docker.service - Docker Application Container Engine (Rootless)
Loaded: loaded (/home/lolli/.config/systemd/user/docker.service; disabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Fri 2022-05-27 07:09:54 EDT; 919ms ago
Docs: https://docs.docker.com/go/rootless/
Process: 7211 ExecStart=/usr/bin/dockerd-rootless.sh (code=exited, status=1/FAILURE)
Main PID: 7211 (code=exited, status=1/FAILURE)
+ set +x
[ERROR] Failed to start docker.service. Run `journalctl -n 20 --no-pager --user --unit docker.service` to show the error log.
[ERROR] Before retrying installation, you might need to uninstall the current setup: `/usr/bin/dockerd-rootless-setuptool.sh uninstall -f ; /usr/bin/rootlesskit rm -rf /home/lolli/.local/share/docker`
No journal files were opened due to insufficient permissions.
使用journalctl命令检查,发现无输出
随后检查docker.sevice
➜ ~ cat .config/systemd/user/docker.service
[Unit]
Description=Docker Application Container Engine (Rootless)
Documentation=https://docs.docker.com/go/rootless/
[Service]
Environment=PATH=/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/local/go/bin
ExecStart=/usr/bin/dockerd-rootless.sh
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
Type=simple
KillMode=mixed
[Install]
WantedBy=default.target
发现是由/usr/bin/dockerd-rootless.sh启动的,随后执行,输出如下
➜ ~ /usr/bin/dockerd-rootless.sh
+ [ -w /run/user/1000 ]
+ [ -d /home/lolli ]
+ rootlesskit=
+ command -v docker-rootlesskit
+ command -v rootlesskit
+ rootlesskit=rootlesskit
+ break
+ [ -z rootlesskit ]
+ :
+ :
+ : builtin
+ : auto
+ : auto
+ net=
+ mtu=
+ [ -z ]
+ command -v slirp4netns
+ slirp4netns --help
+ [ -z ]
+ command -v vpnkit
+ echo Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed
Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed
+ exit 1
找到了关键问题
+ slirp4netns --help
+ [ -z ]
+ command -v vpnkit
+ echo Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed
Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed
+ exit 1
随后尝试
➜ ~ sudo apt install slirp4netns
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
slirp4netns
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 44.8 kB of archives.
After this operation, 105 kB of additional disk space will be used.
Get:1 http://mirrors.tuna.tsinghua.edu.cn/debian buster/main amd64 slirp4netns amd64 0.2.3-1 [44.8 kB]
Fetched 44.8 kB in 1s (49.4 kB/s)
Selecting previously unselected package slirp4netns.
(Reading database ... 34855 files and directories currently installed.)
Preparing to unpack .../slirp4netns_0.2.3-1_amd64.deb ...
Unpacking slirp4netns (0.2.3-1) ...
Setting up slirp4netns (0.2.3-1) ...
Processing triggers for man-db (2.8.5-2) ...
但是安装的是v0.2.3-1,不符合版本要求,卸载了刚安装的旧版本。
随后在GitHub找到了二进制
前去下载后,chmod +x slirp4netns,再放入/usr/bin
卸载刚刚未完成安装的残留
➜ ~ /usr/bin/dockerd-rootless-setuptool.sh uninstall -f ; /usr/bin/rootlesskit rm -rf /home/lolli/.local/share/docker
+ systemctl --user stop docker.service
+ systemctl --user disable docker.service
[INFO] Uninstalled docker.service
[INFO] This uninstallation tool does NOT remove Docker binaries and data.
[INFO] To remove data, run: `/usr/bin/rootlesskit rm -rf /home/lolli/.local/share/docker`
随后再次尝试安装
➜ ~ dockerd-rootless-setuptool.sh install
[INFO] Creating /home/lolli/.config/systemd/user/docker.service
[INFO] starting systemd service docker.service
+ systemctl --user start docker.service
+ sleep 3
+ systemctl --user --no-pager --full status docker.service
● docker.service - Docker Application Container Engine (Rootless)
Loaded: loaded (/home/lolli/.config/systemd/user/docker.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2022-05-27 07:11:10 EDT; 3s ago
Docs: https://docs.docker.com/go/rootless/
Main PID: 7519 (rootlesskit)
CGroup: /user.slice/user-1000.slice/user@1000.service/docker.service
├─7519 rootlesskit --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
├─7530 /proc/self/exe --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
├─7549 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 7530 tap0
├─7556 dockerd
└─7576 containerd --config /run/user/1000/docker/containerd/containerd.toml --log-level info
+ DOCKER_HOST=unix:///run/user/1000/docker.sock /usr/bin/docker version
Client: Docker Engine - Community
Version: 20.10.16
API version: 1.41
Go version: go1.17.10
Git commit: aa7e414
Built: Thu May 12 09:17:38 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.16
API version: 1.41 (minimum version 1.12)
Go version: go1.17.10
Git commit: f756502
Built: Thu May 12 09:15:44 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.4
GitCommit: 212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
runc:
Version: 1.1.1
GitCommit: v1.1.1-0-g52de29d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
+ systemctl --user enable docker.service
Created symlink /home/lolli/.config/systemd/user/default.target.wants/docker.service → /home/lolli/.config/systemd/user/docker.service.
[INFO] Installed docker.service successfully.
[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger lolli`
[INFO] Creating CLI context "rootless"
Successfully created context "rootless"
[INFO] Make sure the following environment variables are set (or add them to ~/.bashrc):
export PATH=/usr/bin:$PATH
export DOCKER_HOST=unix:///run/user/1000/docker.sock
成功
docker rootless 安装失败:slirp4netns or vpnkit
https://blog.lpkt.cn/posts/docker-slirp4netns/