Closed hhlp closed 4 years ago
I also moved firewalld back to
iptables
while upstream(s) work out how to handle this, and I'm not seeing any issues (also using cgroups v1.)
Same for me. Using the fedora 31 packages, switching to cgroups v1 and switching the firewalld backend to iptables seems to have resolved all my issues. I think switching firewalld to iptables is a much better solution then any of the above mentioned suggestions (including those that I've mentioned).
Any news regarding RPM repositories for fedora 32?
I also moved firewalld back to
iptables
while upstream(s) work out how to handle this, and I'm not seeing any issues (also using cgroups v1.)Same for me. Using the fedora 31 packages, switching to cgroups v1 and switching the firewalld backend to iptables seems to have resolved all my issues. I think switching firewalld to iptables is a much better solution then any of the above mentioned suggestions (including those that I've mentioned).
Correct, I tried the moby-engine package instead of the docker for fedora 31, but that didn't fit my needs. An example docker-compose setup which works fine with regular docker, gave multiple errors on moby engine (e.g. unrecognized logging opts configuration and permission errors).
docker-compose reference :
services:
....
servicename:
...
logging:
options:
max-file: "3"
max-size: "10m"
With regular docker I tried the firewalld zones as mentioned, but switching the firewalld backend seemed to be the easiest and most effective solution.
Fresh Fedora 32, fresh user of Linux, was hoping to be a fresh user of Docker but I am getting this:
Errors during downloading metadata for repository 'docker-ce-stable':
- Status code: 404 for https://download.docker.com/linux/fedora/32/x86_64/stable/repodata/repomd.xml (IP: 2600:9000:202a:9800:3:db06:4200:93a1)
Error: Failed to download metadata for repo 'docker-ce-stable': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: docker-ce-stable
Last metadata expiration check: 0:10:26 ago on Mon 08 Jun 2020 22:15:50 BST.
No match for argument: docker-ce
No match for argument: docker-ce-cli
No match for argument: containerd.io
Error: Unable to find a match: docker-ce docker-ce-cli containerd.io
Presume this is the same problem everyone else here has?
Presume this is the same problem everyone else here has?
Yes.
You can modify /etc/yum.repos.d/docker-ce.repo
and replace $releasever
with 31, so the Docker packages for Fedora 31 will be installed. Also, make sure you read the whole discussion because there are other problems to take into account: cgroups
and firewalld
.
Or you can just use podman instead of Docker.
You can use:
sudo dnf install --releasever=31 docker-ce docker-ce-cli containerd.io
@awfm that seems to have worked great — I can finally try Docker out!
@vincent-olivert-riera I'd not heard of podman, I'll endeavour to take a look at that
I don't remember any specific docker-compose related hacks. I think all I had to do (F32) was: [...]
firewall-cmd --permanent --zone=FedoraWorkstation --add-masquerade
[...] Anddocker-compose build
&docker-compose up
work with my docker-compose.yml
Just chiming in to mention that this allowed me to get docker-compose
back up and working after installing F32 (keeping in mind the caveats from @lwhitty ).
It's a simple setup but the two containers (app+postgresql db) were not able to talk to each other before that. Thanks much!
Edit: version info below
$ docker-compose version
docker-compose version 1.26.0, build d4451659
docker-py version: 4.2.1
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
$ docker version
Client:
Version: 19.03.8
API version: 1.40
Go version: go1.14.2
Git commit: afacb8b
Built: Thu May 7 18:59:17 2020
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.14.2
Git commit: afacb8b
Built: Thu May 7 00:00:00 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.3.3
GitCommit:
runc:
Version: 1.0.0-rc10+dev
GitCommit: fbdbaf85ecbc0e077f336c03062710435607dbf1
docker-init:
Version: 0.18.0
GitCommit:
$ sudo grep nftables /etc/firewalld/firewalld.conf
# - nftables (default)
FirewallBackend=nftables
$ cat /etc/redhat-release
Fedora release 32 (Thirty Two)
i can't get past dnf system-upgrade because the repo is missing, and i'm not going to uninstall docker in order to get the update. why this is still an issue months later is confusing.
Just use the same package you used for 31. It is the same package.
i can't get past dnf system-upgrade because the repo is missing, and i'm not going to uninstall docker in order to get the update. why this is still an issue months later is confusing.
Use the Software GUI app, I upgraded to Fedora 32 (from 31) with Docker already installed.
i can't get past dnf system-upgrade because the repo is missing, and i'm not going to uninstall docker in order to get the update. why this is still an issue months later is confusing.
@dajester2013 Just remove the yum/dnf configuration, do the update, then re-store it. That is what I had to do and it "worked".
why this is still an issue months later is confusing.
This is a problem on every Fedora release.
my earlier posts made it seem I had success with using 31 for 32. I didn’t!
Even once I managed to get Docker down on a fresh 32 install nothing seemed to work correctly. For example, a basic ‘Wordpress’ compose file couldn’t start MySQL etc
I’m not sure how much of the problem is my own ineptitude and how much any issues lie elsewhere but I can tell you with certainty that setup of Docker on F32 fresh install is far from smooth!
This is a problem on every Fedora release.
Fedora provides the Docker package as well, it’s just called differently (moby-engine
) but gives you “Docker”. It’s also relatively up to date (a 19.03.x version).
So there’s no real need to add the Docker repo from Docker Inc.
dnf install moby-engine
I don't know how upgrading from GUI helps as https://download.docker.com/linux/fedora/32 is still absent.
I don't know how upgrading from GUI helps as https://download.docker.com/linux/fedora/32 is still absent.
From the command line you are unable to upgrade due to docker repo error. Through the UI you will upgrade but will receive the error when running dnf update after the reboot.
Then change the docker yum config file to use 31 as fedora release version and you are good.
Then change the docker yum config file to use 31 as fedora release version and you are good.
Thanks! Your comment will help people coming from google to this issue to use docker-ce repo on Fedora 32 for now, but the issue title is "Please provide repo for docker-ce on Fedora 32" not "How to temporary fix using docker-ce repo on Fedora 32".
All of these bandaid fixes are fine, but how come there's no word from repo maintainers as to why there's no official release?
but how come there's no word from repo maintainers as to why there's no official release?
Cause it is literally the same download and a while ago they still fixed cgroupv2 issues.
I have written an official article on Fedora Megazine, detailing the main steps necessary to run Docker on Fedora 32: https://fedoramagazine.org/docker-and-fedora-32/
Most of the information in the article is based on information in this thread, so it's only fair to give you a heads up.
I have written an official article on Fedora Megazine, detailing the main steps necessary to run Docker on Fedora 32: https://fedoramagazine.org/docker-and-fedora-32/
Most of the information in the article is based on information in this thread, so it's only fair to give you a heads up.
I think the article kind of treats Moby as a fully compatible drop-in-replacement for docker, but I believe there are some differences/shortcomings in Moby, probably making it not suitable for everyone?
Is an official docker image for Fedora 32 still expected or is Moby the definitive "replacement" ? For now I'll stick to the Fedora 31 repo on Fedora 32 as a workaround
I have written an official article on Fedora Magazine, detailing the main steps necessary to run Docker on Fedora 32: https://fedoramagazine.org/docker-and-fedora-32/
Most of the information in the article is based on information in this thread, so it's only fair to give you a heads up.
From the Moby web site:
Moby is NOT recommended for the following use cases:
- Application developers looking for an easy way to run their applications in containers. We recommend Docker CE instead. […]
Thus it looks like Moby is not a 100% replacement for Docker.
If I develop docker images on F32 and my colleagues run containers from them on Mac or Window or Debian, will they work? Will we get some strange and edge cases bugs that will cost us hours of tedious debugging? Asking in earnest here, neither hidden agenda nor sarcasm intended.
Thus it looks like Moby is not a 100% replacement for Docker.
Please see it in context. Docker and Moby are not identical, when you're talking about the Mac OS X or Windows version of Docker. Those versions have a lot of scaffolding underneath, that make Moby work: Docker is also a Virtual Machine and a desktop application.
Since developers on Linux do not need that scaffolding, the product differences between Moby and Docker are minimal.
RPM spec for Fedora 32 is here: https://github.com/docker/docker-ce-packaging/tree/master/rpm
I have written an official article on Fedora Megazine, detailing the main steps necessary to run Docker on Fedora 32: https://fedoramagazine.org/docker-and-fedora-32/
Most of the information in the article is based on information in this thread, so it's only fair to give you a heads up.
good to see the article.
but moby
is NOT docker
.
the Docker official defines here (via https://www.docker.com/blog/introducing-the-moby-project/):
Moby is designed for system builders, who want to build their own container based systems, not for application developers, who can use Docker or other container platforms. Participants in the Moby project can choose from the library of components derived from Docker or they can elect to “bring your own components” (BYOC) packaged as containers with the option to mix and match among all of the components to create a customized container system.
and another article https://www.cio.com/article/3191344/why-docker-created-the-moby-project.html :
“Essentially, Docker is building a LEGO club for the ecosystem with Docker at the center of it,” said Docker's VP of marketing David Messina.
The Moby Project will become a place where experimental, bleeding edge features of Docker will take shape. It will be the place where you will see the next release of Docker. The Moby Project is to Docker what Fedora is to Red Hat Enterprise Linux
@ttys3 @ygworldr I think @KevinAtSesam is trying to say that moby provides the docker
command and service as you are used to interacting with it. If you just use docker
and docker-compose
commands, it seems to suggest it is a drop-in replacement.
@jsg2021 yeah, I think we get that. maybe it is "a drop-in replacement", or maybe not.
podman also can do most of the work which docker does. but when I need docker, it is because an exists project that requires docker, it can not work with podman with out any modification. in this situation, "a drop-in replacement" is not enough
I don't know the tech diffs between moby and docker under Linux in details, so I think I can not just use moby and think it will works the same or hope that it will works good.
I appreciate that the Fedora Megazine posted an article about this issue.
but still waiting for the official F32 docker repo.
podman also can do most of the work which docker does. but when I need docker, it is because an exists project that requires docker, it can not work with podman with out any modification. in this situation, "a drop-in replacement" is not enough
by drop-in-replacement, we mean literally docker
and docker-compose
commands are available. So you can use docker in your project just as you normally would.
podman also can do most of the work which docker does. but when I need docker, it is because an exists project that requires docker, it can not work with podman with out any modification. in this situation, "a drop-in replacement" is not enough
by drop-in-replacement, we mean literally
docker
anddocker-compose
commands are available. So you can use docker in your project just as you normally would.
If so, why does the Mody web site states:
Application developers looking for an easy way to run their applications in containers. We recommend Docker CE instead.
If Mody is a drop-in replacement it should be able to do everything that docker CE does. It Moby developers themselves recommend not using it for "easy way to run their applications in containers" then how can it be a drop-in replacement?
My rationale is that I am unwilling to use Moby unless there are solid assurances that I will not break docker images for my co-workers working with Docker CE in different OSes. The reverse is true as well. If my co-workers use some feature of Docker (say ssh forwarding) and moby does not support it, I cannot do my work.
I am genuinely trying to understand this debate. Evidence would go a long way to alleviate my concerns.
This is getting off-topic, (adding fedora 32 repo) but just to try to help fill in some gaps:
The container image format is a standard and compatible across all of these suggestions. (docker/moby engine are the same thing) SSH forwarding during the build is a feature of the tool used to build the image. (docker, buildah, podman, etc) Moby gives you a "docker" command and service. docker build
, docker-compose up
all the things just as you normally would.
Once your container is built, the image is independent, and if you forward an SSH port from within the container, that will not change.
Moby is the bare framework that the Docker CE suite is based on. (Think Moby as Chromium, and Docker as Chrome) The reason they "don't recommend" it is because Moby is not a manicured suite with all tools you may want to use. You have to pick and choose the tools you want to use. https://github.com/moby/moby#relationship-with-docker
Here is another article saying basically the same as the fedora magazine article: https://linuxconfig.org/how-to-install-and-configure-docker-ce-moby-engine-on-fedora-32
@jsg2021 Thank you very much for that explanation.
I tried to install moby as per the fedora magazine entry but the docker process would not run. I reverted to docker-ce which works. /sighs
The error was:
√ yum.repos.d # systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-06-27 15:40:00 BST; 2min 35s ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 1405 (code=exited, status=1/FAILURE)
Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: docker.service: Scheduled restart job, restart counter is at 3.
Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: Stopped Docker Application Container Engine.
Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: docker.service: Start request repeated too quickly.
Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: docker.service: Failed with result 'exit-code'.
Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: Failed to start Docker Application Container Engine.
Something in my system is probably at fault. It has been updated since F20 so there might be some lurking monsters in there.
@KevinAtSesam I'm on a fresh F32 and just followed your instructions through. Install went fine but I am still having problems with my first Docker compose file (beyond the hello world one).
Here's a Wordpress docker-compose.yml file that works fine on Mint and it just doesn't seem to work here. Could you or anyone else possibly try running it and let me know if it works for anyone else — when it finishes its thing you should be able browser to localhost:8001 and not see a database error!
Here's the docker-compose.yml file I am using: https://gist.github.com/benfrain/5ba581fad914b8c75eb100b9b2a7aa4a
@benfrain Ive replied on your gist to continue your trouble shooting off this ticket, since the point of this ticket is just to add a f32 repo for docker-ce
@jsg2021 thanks :+1:
27 June 2020 - still a problem
@benfrain: it works for me on F32 (i.e. I can see the Wordpress login page where you setup the title, password, etc). Thanks for posting your file btw, this allowed easy reproduction here.
I think this is because you are lacking the 2nd part of the setup which is specifically needed for Docker Compose, see my post above (courtesy of @jpopelka), with the need to have the firewall-cmd
invocation adding the masquerading rule
@vrubiolo thanks, I have tried that but I still get the same exited with code 1
so given that Docker seems to be doing what it should, and that compose file works for you on F32 I think I'd better refrain from posting further here. I have added more info to the gist I mentioned a few posts back!
@benfrain : thanks for the feedback. I am also moving to your gist for the discussion.
hi everyone, I just tried the docker-compose.yml from @benfrain 's gist (thanks for sharing!) on a vanilla Fedora 32 Digital Ocean Droplet on which I installed Docker as described in this blogpost, that I wrote some weeks before the Fedora magazine article was published, and it worked fine. Sharing this in case it's useful to others.
In short (all run as root):
create & ssh to the droplet:
doctl compute droplet create fedoratest --size s-1vcpu-1gb --region fra1 --ssh-keys ******** --image fedora-32-x64
ssh $(doctl compute droplet list fedoratest --no-header --format PublicIPv4)
in the droplet:
dnf -y install firewalld #firewalld not present by default in the DO cloudimage
systemctl enable firewalld --now
prep + install of Docker on Fedora 32:
grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
sed -i --follow-symlinks "s|FirewallBackend=nftables|FirewallBackend=iptables|g" /etc/firewalld/firewalld.conf
systemctl restart firewalld
dnf -y install moby-engine docker-compose
systemctl enable docker.service --now
reboot
then try the docker-compose gist:
dnf -y install git
git clone https://gist.github.com/5ba581fad914b8c75eb100b9b2a7aa4a.git gist
cd gist
docker compose up
this shows log output like:
...
mysql | 2020-06-29T17:19:58.308085Z 0 [Note] mysqld: ready for connections.
mysql | Version: '5.7.30' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server (GPL)
wordpress | [Mon Jun 29 17:20:00.364924 2020] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.7 configured -- resuming normal operations
wordpress | [Mon Jun 29 17:20:00.367108 2020] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
and wordpress seems to be running:
$ curl -Lks http://localhost:8001 | grep Welcome -A 2
<h1>Welcome</h1>
<p>Welcome to the famous five-minute WordPress installation process!
(Haven't tried the setup from the Fedora magazine article yet - at a first look the only difference seems that it doesn't switch to iptables as firewalld backend. I have no intention to "shadow" this excellent official article, but I personally had a good experience with switching from nftables back to iptables, especially because I've also had trouble with other container tools using "legacy" interfaces like k3s).
I don't know if this is the right place, but the aforementioned grubby command also fails, which makes it user docker(or moby) on Fedora 31+ almost impossible
[root@localhost arjen]# grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
grub2-editenv: error: environment block too small.
@duikboot sounds like a corrupted grubenv file (/boot/grub2/grubenv
). It should be possible to recreate it with grub-editenv create
(after renaming it).
@christian-korneck : it is a known bug in Redhat and Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1625124
Do you know how I can recreate it with the right systemd.unified_cgroup_hierarchy setting?
Do you know how I can recreate it with the right systemd.unified_cgroup_hierarchy setting?
@duikboot if you can't use grubby
you can add the new arg to the kernel cmdline like this:
/etc/default/grub
and append to the GRUB_CMDLINE_LINUX=...
the new arg systemd.unified_cgroup_hierarchy=0
grub2-mkconfig -o "$(readlink -e /etc/grub2.conf)"
cat /proc/cmdline
any update on possible support in the future?
I uploaded RPMS for Fedora 32 here: https://github.com/AkihiroSuda/moby-snapshot
$ tar xjvf moby-snapshot-fedora-32-x86_64-rpm.tbz
containerd.io-0.20200706.182234~68b9b8f-0.fc32.x86_64.rpm
moby-snapshot-0.0.0.20200706131654.66ea6250a1-0.fc32.x86_64.rpm
moby-snapshot-cli-0.0.0.20200706131654.66ea6250a1-0.fc32.x86_64.rpm
$ sudo dnf install ./*.rpm
Works on cgroup v2 hosts by default. No need to tweak the systemd.unified_cgroup_hierarchy
kernel cmdline.
I uploaded RPMS for Fedora 32 here: https://github.com/AkihiroSuda/moby-snapshot
$ tar xjvf moby-snapshot-fedora-32-x86_64-rpm.tbz containerd.io-0.20200706.182234~68b9b8f-0.fc32.x86_64.rpm moby-snapshot-0.0.0.20200706131654.66ea6250a1-0.fc32.x86_64.rpm moby-snapshot-cli-0.0.0.20200706131654.66ea6250a1-0.fc32.x86_64.rpm $ sudo dnf install ./*.rpm
Works on cgroup v2 hosts by default. No need to tweak the
systemd.unified_cgroup_hierarchy
kernel cmdline.
こんにちは @AkihiroSuda ,
does that mean the work for supporting cgrpups v2 in Docker is now complete? I can see the TODO list is not fully green.
Yes almost complete, non-green items are usually negligible
@jsg2021 Thank you very much for that explanation.
I tried to install moby as per the fedora magazine entry but the docker process would not run. I reverted to docker-ce which works. /sighs
The error was:
√ yum.repos.d # systemctl status docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2020-06-27 15:40:00 BST; 2min 35s ago TriggeredBy: ● docker.socket Docs: https://docs.docker.com Main PID: 1405 (code=exited, status=1/FAILURE) Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: docker.service: Scheduled restart job, restart counter is at 3. Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: Stopped Docker Application Container Engine. Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: docker.service: Start request repeated too quickly. Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: docker.service: Failed with result 'exit-code'. Jun 27 15:40:00 nightwatch.neverness.org systemd[1]: Failed to start Docker Application Container Engine.
Something in my system is probably at fault. It has been updated since F20 so there might be some lurking monsters in there.
After some invaluable debugging help from @AkihiroSuda, we tracked the problems to docker-proxy
and docker-init
not being in my PATH
and /etc/docker/daemon.json
having old garbage that should no longer have been there.
Now, moby is working fine.
I am afraid I spoke too soon: docker works fine. However, docker-compose
cannot bind any of the persistent volumes I use due to "permissions denied". /sighs/ This, right there, is what I was afraid off…
Note that I have changed nothing in those compose files, in the docker files that build the images, or the permissions/ownership of those volumes.
The Docker-CE Fedora repository is the recommend way to install recommended way. It has many benefits over installing from a package or any other method.
Fedora also releases a new version every six months. The Fedora repository also takes a very long time to become ready after the release of a new version, with many issues being opened after each recent Fedora is release.
Fedora has officially branched Version 32 February 11/2020 and might have a beta release on March 17/2020.
I'm filing this issue to hopefully put this task on the radar, so that there might be a repository set up in time for the Fedora 32 release cycle....
NOTE
Some of us migrate when the beta version is ready so we have to disable the repository and wait for it to be ready
Release Schedule: https://fedorapeople.org/groups/schedule/f-32/f-32-key-tasks.html
Regards.,