search

Mirantis / cri-dockerd

dockerd as a compliant Container Runtime Interface for Kubernetes
https://mirantis.github.io/cri-dockerd/
Apache License 2.0
1.11k stars 290 forks source link

Does not work if there is no `docker` group #48

Open MikeSpreitzer opened 2 years ago

MikeSpreitzer commented 2 years ago

I just installed Ubuntu 22.04 server on a new VM. The install process offered to "install" "docker", and I took the offer. Later I found out this install was done with snap. It turns out that snap install docker, at least on Ubuntu 22.04, does NOT create a usergroup named docker. But the cri-docker.socket systemd unit here assumes the existence of such a group.

afbjorklund commented 2 years ago

I don't think it has been tested with anything, except for the regular installation from a deb.

https://docs.docker.com/engine/install/ubuntu/

It might be supported with "docker.io", not sure ? (system, as in sudo apt install docker.io)

https://packages.ubuntu.com/jammy/docker.io

afbjorklund commented 2 years ago

If it comes to it, it would be possible to remove "cri-docker.socket" and modify "cri-docker.service" to run without it.

Requires=cri-docker.socket

ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=

That would make cri-dockerd start on boot, and not on demand, but might work better with odd docker installations.

evol262 commented 2 years ago

This is probably something to speak to the snap maintainer about. How do users get permissions to run docker commands with the snap?

folarinmartins commented 2 years ago

@evol262 Good point. That's an issue you can raise over at snap

criscola commented 1 year ago

FYI this happened to me as well on ubuntu 20.04, I had to add group docker (no snap installation)

afbjorklund commented 1 year ago

How did you install docker? The (deb) packages should have added the "docker" group

criscola commented 1 year ago

Should have mentioned I didn't yet install it :) probably makes sense to do that before installing the cri.

afbjorklund commented 1 year ago

It seems that the cri-dockerd packages have a dependency on containerd instead of dockerd...

evol262 commented 1 year ago

Yes, they do, which is typically provided by docker. The reason there isn't a dependency on Docker is that there is no metapackage/requirement shared by docker-ce/docker-ee/docker-io/etc. We could at least create the group if it isn't present, because cri-docker.service depends on docker.service (which is consistent across packages), which still provides a runtime dependency.