Closed StuartIanNaylor closed 1 year ago
This is how I got it running on ROCK 4C+
Radxa Debian Bullseye kernel 4.4
Order is significant!
sudo apt update && sudo apt upgrade
Apply the following fixes before installing docker:
Enable packet forwarding in IPv4 by uncommenting this line in /etc/sysctl.conf net.ipv4.ip_forward = 1
sudo reboot
Update iptables sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
Fix systemd cgroups by setting boot parameter in /boot/extlinux/extlinux.conf systemd.unified_cgroup_hierarchy=0
cat /boot/extlinux/extlinux.conf
label kernel-4.4.194-11-rk3399-rockchip-g1bb08d49cc40 kernel /vmlinuz-4.4.194-11-rk3399-rockchip-g1bb08d49cc40 initrd /initrd.img-4.4.194-11-rk3399-rockchip-g1bb08d49cc40 devicetreedir /dtbs/4.4.194-11-rk3399-rockchip-g1bb08d49cc40 append earlyprintk console=ttyFIQ0,1500000n8 rw init=/sbin/init rootfstype=ext4 rootwait root=UUID=63e973d2-653e-4174-9ac7-63bb03114e2b console=ttyS3,1500000n8 systemd.unified_cgroup_hierarchy=0
sudo reboot
Install docker according to Docker.com https://docs.docker.com/engine/install/debian/#prerequisites
Remove any previous docker installation sudo apt remove docker docker.io containerd runc
sudo apt install \ ca-certificates \ curl \ gnupg \ lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
/dev/null
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin
● docker.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset> Active: active (running) since Thu 2022-11-10 18:05:26 GMT; 10min ago TriggeredBy: ● docker.socket Docs: https://docs.docker.com Main PID: 516 (dockerd) Tasks: 11 Memory: 77.5M CGroup: /system.slice/docker.service └─516 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/conta>
Add user to docker group sudo usermod -aG docker $USER
sudo reboot
On Fri, 18 Nov 2022 at 19:06, StuartIanNaylor @.***> wrote:
Struggling to get docker running on the debian image and from a google we seem to be missing the following.
iptables needs to be installed but also after install run
update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
I can do that but stuck as it would seem I need the kernel conf with CONFIG_BPF_SYSCALL=y but we have
CONFIG_BPF_SYSCALL is not set
CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
CONFIG_USERFAULTFD is not set
CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
Is it possible for the debian image to have kernel with CONFIG_BPF_SYSCALL=y ?
— Reply to this email directly, view it on GitHub https://github.com/radxa/debos-radxa/issues/40, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAVWCUA62XHHT7T727KBLY3WI7HT7ANCNFSM6AAAAAASEZJLYQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
I will give that a go as only thing I have not done is add systemd.unified_cgroup_hierarchy=0 to the /boot/extlinux/extlinux.conf append line
Install iptables update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
/etc/sysctl.conf net.ipv4.ip_forward = 1
reboot install docker
rock@rock-5b:~$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
7050e35b49f5: Pull complete
Digest: sha256:faa03e786c97f07ef34423fccceeec2398ec8a5759259f94d99078f264e9d7af
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(arm64v8)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
I applied the changes as proposed, but still getting the:
rock@rock-5b:~$ sudo docker run hello-world
[sudo] password for rock:
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: bpf_prog_query(BPF_CGROUP_DEVICE) failed: function not implemented: unknown.
ERRO[0000] error waiting for container: context canceled
rock@rock-5b:~$
You need to do the changes reboot and reinstall Docker maybe. Purger docker 1st Reboot and reinstall as works no probs for me on several installs
Tried the purge, the iptables, adding the extlinux.conf
rock@rock-5b:/boot/extlinux$ more extlinux.conf
#timeout 10
#menu title select kernel
label kernel-5.10.66-27-rockchip-gea60d388902d
kernel /vmlinuz-5.10.66-27-rockchip-gea60d388902d
initrd /initrd.img-5.10.66-27-rockchip-gea60d388902d
devicetreedir /dtbs/5.10.66-27-rockchip-gea60d388902d
fdtoverlays /dtbs/5.10.66-27-rockchip-gea60d388902d/rockchip/overlay/rk3588-uart7-m2.dtbo
append root=UUID=29a94882-5add-4f09-8cc5-3f43918624fa earlycon=uart8250,mmio32,0xfeb50000 console=ttyFIQ0 console=tty1 consoleblank=0 loglevel=0 panic=10 rootwait rw init=/sbin/init rootfstype=ext4 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory swapaccount=1 irqchip.gicv3_pseudo_nmi=0 switolb=1 coherent_pool=2M systemd.unified_cgroup_hiearchy=0
Still getting the BPF_CGROUP_DEVICE fail.
Thats the only kernel label as dunno as apols but works for me guessing it something your side as standard Radxa image is no problem.
Struggling to get docker running on the debian image and from a google we seem to be missing the following.
iptables needs to be installed but also after install run
I can do that but stuck as it would seem I need the kernel conf with
CONFIG_BPF_SYSCALL=y
but we haveIs it possible for the debian image to have kernel with
CONFIG_BPF_SYSCALL=y
?