search

cruizba / ubuntu-dind

A docker image based in ubuntu to run docker containers inside docker containers
Apache License 2.0
169 stars 76 forks source link

Using volumes is broken: cgroups: cgroup mountpoint does not exist: unknown. #4

Closed JohannesBe closed 1 year ago

JohannesBe commented 3 years ago 
[docker@CACTUS johannes]$ docker run -it --privileged cruizba/ubuntu-dind
[Tue Apr 13 14:21:11 UTC 2021] [INFO] [/usr/local/bin/startup.sh] Starting supervisor
[Tue Apr 13 14:21:11 UTC 2021] [INFO] [/usr/local/bin/startup.sh] Waiting for processes to be running
[Tue Apr 13 14:21:11 UTC 2021] [INFO] [/usr/local/bin/startup.sh] Process dockerd is not running yet. Retrying in 1 seconds
[Tue Apr 13 14:21:11 UTC 2021] [INFO] [/usr/local/bin/startup.sh] Waited 0 seconds of 30 seconds
[Tue Apr 13 14:21:12 UTC 2021] [INFO] [/usr/local/bin/startup.sh] Process dockerd is not running yet. Retrying in 1 seconds
[Tue Apr 13 14:21:12 UTC 2021] [INFO] [/usr/local/bin/startup.sh] Waited 1 seconds of 30 seconds
[Tue Apr 13 14:21:13 UTC 2021] [INFO] [/usr/local/bin/startup.sh] dockerd is running
root@67596c7b7c2f:/# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
root@67596c7b7c2f:/# docker run -v /mnt:/mnt -it alpine
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
ca3cd42a7c95: Pull complete 
Digest: sha256:ec14c7992a97fc11425907e908340c6c3d6ff602f5f13d899e6b7027c9b4133a
Status: Downloaded newer image for alpine:latest
docker: Error response from daemon: cgroups: cgroup mountpoint does not exist: unknown.
ERRO[0004] error waiting for container: context canceled 
root@67596c7b7c2f:/#
rzadp commented 2 years ago

@JohannesBe Did you ever find a workaround for this?

JohannesBe commented 2 years ago

Unfortunately not if I recall.

I think I solved the problem by reconsidering my architecture: orignally I wanted a safe dind container for running gitlab runner jobs.

In the end I solved this using VM's + a hypervisor which in turn run a docker sysbox runtime (very interesting project imo).

This allows for rootless and safer dind containers to be started by gitlab runners, guaranteeing inter-pipeline safety and segregation. They (sysbox) have a blogpost on the subject iirc.

Kind reg, J

From: Przemyslaw Rzad @.> Sent: Friday, May 27, 2022 12:41:12 PM To: cruizba/ubuntu-dind @.> Cc: JohannesBe @.>; Mention @.> Subject: Re: [cruizba/ubuntu-dind] Using volumes is broken: cgroups: cgroup mountpoint does not exist: unknown. (#4)

@JohannesBehttps://github.com/JohannesBe Did you ever find a workaround for this?

— Reply to this email directly, view it on GitHubhttps://github.com/cruizba/ubuntu-dind/issues/4#issuecomment-1139499687, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AFCRAD3JR4WCPKPTNZXHCPDVMCRERANCNFSM423ONWVQ. You are receiving this because you were mentioned.Message ID: @.***>

cruizba commented 2 years ago

@JohannesBe @rzadp

Correct. This is just a dirty hacky experiment which takes people attention for some reason. But the Good way is to use (https://github.com/nestybox/sysbox

I mention that this is an experiment in the end of the README.md