search

hashicorp / vagrant

Vagrant is a tool for building and distributing development environments.
https://www.vagrantup.com
Other
26.27k stars 4.43k forks source link

Docker build fails as vagrant user because /var/lib/docker is owned by root, has permissions set 700 #6822

Open kevinburkeshyp opened 8 years ago

kevinburkeshyp commented 8 years ago

Hi, I'm trying to build a Ubuntu VM that contains two Docker containers. When I run "vagrant up --no-parallel", I get the following error message:

Jan 07 13:13:34 A Docker command executed by Vagrant didn't complete successfully!
Jan 07 13:13:34 The command run along with the output from the command is shown
Jan 07 13:13:34 below.
Jan 07 13:13:34
Jan 07 13:13:34 Command: "docker" "build" "/var/lib/docker/docker_build_92612b9fa30fb42cbc8d72b57f7c697e"
Jan 07 13:13:34
Jan 07 13:13:34 Stderr: unable to prepare context: unable to evaluate symlinks in context path: lstat /var/lib/docker/docker_build_92612b9fa30fb42cbc8d72b57f7c697e: permission denied

Further evaluation reveals that Vagrant is attempting to run docker build as the vagrant user. However, /var/lib/docker is owned by root and has permissions set to 700, so the vagrant user does not have permission to run it. As far as I can tell, the 700 permissions on the folder are established by the Docker daemon.

# ls -al /var/lib | grep docker
drwx------  9 root    root    4096 Jan  7 21:13 docker

I'm confused about how things got in this state, but happy to help, I can reproduce this incredibly reliably.

The full contents of vagrant up with debug logging enabled are available here: https://gist.github.com/kevinburkeshyp/3750a21adefe12a01e91

Let me know if this issue is more appropriate on the Docker project.

kevinburkeshyp commented 8 years ago

It seems like the troublesome commit is https://github.com/mitchellh/vagrant/commit/2e659bf12c787ce2d19bc712352b63ad61873f7d, which moves the build directory from /mnt to /var/lib/docker. I was able to build my configuration by reverting to Vagrant 1.7.2; all newer versions failed.

kevinburkeshyp commented 8 years ago

From the #docker IRC channel: "/var/lib/docker is for the docker daemon and no one else."

cfrancois7 commented 8 years ago

Dear everyone,

I met the same problem.

$ vagrant version
Installed Version: 1.8.1
Latest Version: 1.8.1

Vagrantfile:

Vagrant.require_version ">= 1.6.0"
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  #############################
  # DOCKER CONTAINER SETTINGS #
  #############################
  config.vm.define "tuleap" do |a|
    a.vm.provider "docker" do |d|
      d.build_dir = "./docker/dockerfile/docker-tuleap-aio-master"
      #d.image = "docker pull enalean/tuleap-aio:latest"
      #d.build_args = ['-t=tuleap']
      d.name = "tuleap"
      d.remains_running = true
      d.vagrant_machine = "dockerhost"
      d.vagrant_vagrantfile = "./host/Vagrantfile"
      d.has_ssh = true
      d.ports = ["8080:8080"]
    end
  end

Vagrantfile host

Vagrant.require_version ">= 1.6.0"
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  #You can define the name of your vagrant machine:
  config.vm.define "dockerhost"
  config.vm.hostname = "dockerhost"
  config.vm.box = "ubuntu/trusty64"
  config.vm.box_check_update = false

  # Always use Vagrant's default insecure key
  # config.ssh.insert_key = false
  # To avoid useless error message
  config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'"

  ################
  # PROVISIONER #
  ################
  config.vm.provider :virtualbox do |vb|
      vb.name = "dockerhost"
  end

  ################
  # PROVISIONING #
  ################
  config.vm.provision "shell", inline: <<-SHELL
    sudo apt-get update
    sudo apt-get install -y docker.io
    sudo usermod -aG docker vagrant
  SHELL
end

Error message after vagrant up

==> tuleap: Docker host is required. One will be created if necessary...
    tuleap: Docker host VM is already ready.
tuleap: Building the container from a Dockerfile...
    tuleap: time="2016-01-11T11:45:07Z" level=fatal msg="stat /var/lib/docker/docker_build_bb20de7ada3b168bf7b073b20ecebddd: permission denied" 
==> tuleap: An error occurred. The error will be shown after all tasks complete.

An error occurred while executing the action on the 'tuleap'
machine. Please handle this error then try again:

A Docker command executed by Vagrant didn't complete successfully!
The command run along with the output from the command is shown
below.

Command: "docker" "build" "/var/lib/docker/docker_build_bb20de7ada3b168bf7b073b20ecebddd"

Stderr: time="2016-01-11T11:45:07Z" level=fatal msg="stat /var/lib/docker/docker_build_bb20de7ada3b168bf7b073b20ecebddd: permission denied"

Indeed access and rights are root:

$ sudo ls -l /var/lib/ | grep "docker"
drwx------ 20 root    root    4096 Jan 11 11:33 docker

$ sudo ls -l /var/lib/docker/ | grep "docker_build"
drwxr-xr-x  1 vagrant vagrant  272 May 11  2015 docker_build_652405c3364c878f2ee3db8baf302e68
drwxr-xr-x  1 vagrant vagrant  544 Jan  7 05:50 docker_build_bb20de7ada3b168bf7b073b20ecebddd
rajiff commented 8 years ago

Hi

I had same issue, so added vagrant to sudoers group

  config.vm.provision "shell", inline: "sudo grouped docker && sudo gpasswd -a ${USER} docker && sudo service docker.io restart"

But that still not helped, I guess the permission on /var/lib/docker needs some correction

Permission when i got the error

 drwx------ 14 root    root    4096 Jan 21 00:10 docker

I provided simply 777 for now, after which permission looked like this

  drwxrwxrwx 14 root    root    4096 Jan 21 00:10 docker

And did a 

  vagrant up

After that my container got created

I am not sure what is the correct permission for the /var/lib/docker but i guess its the permission which is problem

Please check and correct what is needed and help me fix this properly