LXD container of 22.04 ubuntu …
Followed this guide
Everything was ok until the Step that says…
Finally, we can install Docker itself:
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
where it fails/errors on installing containerd.io !
> Job for docker.service failed because the control process exited with error code.
> See “systemctl status docker.service” and “journalctl -xeu docker.service” for details.
> invoke-rc.d: initscript docker, action “start” failed.
> ● docker.service - Docker Application Container Engine
> Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
> Active: activating (auto-restart) (Result: exit-code) since Sat 2023-02-25 23:44:49 UTC; 4ms ago
> TriggeredBy: ● docker.socket
> Docs: https://docs.docker.com
> Process: 5010 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
> Main PID: 5010 (code=exited, status=1/FAILURE)
> CPU: 74ms
> dpkg: error processing package docker-ce (–configure):
> installed docker-ce package post-installation script subprocess returned error exit status 1
> Errors were encountered while processing:
> E: Sub-process /usr/bin/dpkg returned an error code (1)
Any ideas what is causing the failure with containerd.io?
NOTE1: my system is BTRFS.
NOTE2: the same caveat about ZFS in the online guide stands.
However… the following Steps did successfully install Docker “nested” in an LXD contiainer…
## Purpose: install Docker" “nested” inside an LXD Container
## Create an LXD container (CN1 in example below) and set its config for nesting etc
## On the Host…
$ lxc launch ubuntu:22.04 CN1
$ lxc config set CN1 security.nesting=true
$ lxc config set CN1 security.syscalls.intercept.mknod=true
$ lxc config set CN1 security.syscalls.intercept.setxattr=true
$ lxc restart CN1
## Enter CN1 container
$ lxc exec CN1 bash
# apt update && apt upgrade -y
## Install Docker “nested” in CN1 container
# apt install docker docker-compose -y
## test that Docker is running in the CN1 container…
## You should see a response “Hello from Docker!”
# docker run hello-world
My memory might be misleading me, but I think I saw @stgraber running docker only with
security.nesting=true. I initially followed the link posted here and set
security.syscalls.intercept.setxattr=true. After seeing @stgraber’s videos, I moved to only setting nesting=true.
I always wondered if those extra settings are really necessary. Are they doing anything?
Hope this is not hijacking the post. I always had this curiosity and never thought about asking and it seemed appropriate here.
As an extra question, I tend to set nesting=true then running snaps. Some apparmor log messages disappear with it. As with docker, I tend to see the Stéphane’s LXD videos running snaps without nesting which seem to work fine. Is it really needed?
Yes… I did those settings also! Thanks.
Okay… I just tried this and it seems to work
1 - create the container
2 - set security.nesting=true
3 - apt update && apt upgrade -y
4 - apt install docker docker-compose -y
5 - reboot
6 - enter the container
7 - docker run hello-world
and it works!
So maybe those other 2 “config set” commands are no longer need??