Raspberry Pi 4b and docker issues

Hello,

I am using an rpi4 with recent snapshot, and trying to install a docker container with some debian in order to be able to run ntopng (because there are no opkg's of it, even if some raspbian package exists for arm64). So I installed docker and some other packages:

docker - 20.10.6-1
docker-compose - 1.29.2-1
luci-app-dockerman - v0.5.13
luci-lib-docker - git-20.211.27004-141857a
python3-docker - 5.0.0-1
python3-dockerpty - 0.4.1-3

I do see a new item on luci, Docker > Configuration, but when I open it, the page is empty, only the title "DockerMan is a simple docker manager client for LuCI" and the save buttons.
Can someone give me some tip ? The idea is to install ntopng for arm64 on a container !

Thank you !

ps: Powered by LuCI Master (git-21.151.34755-dece9b0) / OpenWrt SNAPSHOT r16845-507257778c

I did see some weirdness like that in 19.07 (not docker related, though) that would get resolved by either logging out and back in or rebooting.

Sorry about the double-posting of this same topic (had an issue with my connection or browser and thought it wasnt posted yet).
I could manually install dockerman latest ipk, it showed more menus (like image, container management, etc.), but couldnt launch the container of an image I downloaded. Then after a reboot (to see if something didnt load correctly) the menu again only shows overview. This may be related to an error on the dockerd which is failing to launch with below errors related to cgroups:

INFO[2021-06-15T11:52:47.675609670Z] loading plugin "io.containerd.grpc.v1.version"...  type=io.containerd.grpc.v1
INFO[2021-06-15T11:52:47.675649393Z] loading plugin "io.containerd.grpc.v1.introspection"...  type=io.containerd.grpc.v1
INFO[2021-06-15T11:52:47.676526670Z] serving...                                    address=/var/run/docker/containerd/containerd-debug.sock
INFO[2021-06-15T11:52:47.676715967Z] serving...                                    address=/var/run/docker/containerd/containerd.sock.ttrpc
INFO[2021-06-15T11:52:47.676855985Z] serving...                                    address=/var/run/docker/containerd/containerd.sock
INFO[2021-06-15T11:52:47.676918059Z] containerd successfully booted in 0.102068s  
INFO[2021-06-15T11:52:47.695683096Z] parsed scheme: "unix"                         module=grpc
INFO[2021-06-15T11:52:47.695980300Z] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2021-06-15T11:52:47.696159115Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2021-06-15T11:52:47.696295744Z] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2021-06-15T11:52:47.698424726Z] parsed scheme: "unix"                         module=grpc
INFO[2021-06-15T11:52:47.698492152Z] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2021-06-15T11:52:47.698547022Z] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2021-06-15T11:52:47.698607559Z] ClientConn switching balancer to "pick_first"  module=grpc
WARN[2021-06-15T11:52:47.705354393Z] Your kernel does not support cgroup memory limit 
WARN[2021-06-15T11:52:47.705571059Z] Your kernel does not support cgroup blkio weight 
WARN[2021-06-15T11:52:47.705654633Z] Your kernel does not support cgroup blkio weight_device 
INFO[2021-06-15T11:52:47.706430059Z] stopping event stream following graceful shutdown  error="context canceled" module=libcontainerd namespace=plugins.moby
INFO[2021-06-15T11:52:47.706666504Z] stopping healthcheck following graceful shutdown  module=libcontainerd
failed to start daemon: Devices cgroup isn't mounted
root@rpi4:~#

I checked and some cgroups are mounted:

root@rpi4:~# mount
/dev/mmcblk0p2 on / type ext4 (rw,noatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,noatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,noatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noatime)
/dev/mmcblk0p1 on /boot type vfat (rw,noatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,size=512k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,mode=755)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,relatime,net_cls)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,relatime,pids)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,relatime,rdma)
debugfs on /sys/kernel/debug type debugfs (rw,noatime)
none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,noatime,mode=700)
/dev/mmcblk0p2 on /opt/docker type ext4 (rw,noatime)
tmpfs on /tmp/lib/docker type tmpfs (rw,nosuid,nodev,noatime)
root@rpi4:~#

is there something obvious I am missing for dockerd to run ?

Did you google the error message? There is a lot of info available with workarounds. This one https://github.com/docker/cli/issues/2104 hints at group version mismatch.

1 Like

Apparently not a cgroup v1 vs v2 issue: I tried the following commands:

root@rpi4:~# mkdir /tmp/cgroups
root@rpi4:~# mount -t cgroup2 none /tmp/cgroups/
root@rpi4:~# mount
/dev/mmcblk0p2 on / type ext4 (rw,noatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,noatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,noatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noatime)
/dev/mmcblk0p1 on /boot type vfat (rw,noatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,size=512k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,mode=755)
debugfs on /sys/kernel/debug type debugfs (rw,noatime)
none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,noatime,mode=700)
/dev/mmcblk0p2 on /opt/docker type ext4 (rw,noatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,relatime,net_cls)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,relatime,pids)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,relatime,rdma)
tmpfs on /tmp/lib/docker type tmpfs (rw,nosuid,nodev,noatime)
none on /tmp/cgroups type cgroup2 (rw,relatime)
root@rpi4:~# ll /tmp/cgroups/
dr-xr-xr-x    3 root     root             0 Jun 16 16:50 ./
drwxrwxrwt   24 root     root           620 Jun 16 16:49 ../
-r--r--r--    1 root     root             0 Jun 16 16:50 cgroup.controllers
-rw-r--r--    1 root     root             0 Jun 16 16:50 cgroup.max.depth
-rw-r--r--    1 root     root             0 Jun 16 16:50 cgroup.max.descendants
-rw-r--r--    1 root     root             0 Jun 16 16:50 cgroup.procs
-r--r--r--    1 root     root             0 Jun 16 16:50 cgroup.stat
-rw-r--r--    1 root     root             0 Jun 16 16:50 cgroup.subtree_control
-rw-r--r--    1 root     root             0 Jun 16 16:50 cgroup.threads
drwx------    3 root     root             0 Jun 16 16:50 services/
root@rpi4:~# umount /tmp/cgroups/
root@rpi4:~# mount -t cgroup none /tmp/cgroups/
mount: /tmp/cgroups: none already mounted on /sys/fs/bpf.
root@rpi4:~#

it seems to show that cgroups v1 are already mounted on the expected location (/sys/fs/bpf).

I downloaded a checkup script which shows following output:

root@rpi4:~# ./check-config.sh 
info: reading kernel config from /proc/config.gz ...

Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: missing
- CONFIG_CGROUP_FREEZER: missing
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_NF_NAT_IPV4: missing
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: missing
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
- CONFIG_IP_NF_NAT: enabled (as module)
- CONFIG_NF_NAT: enabled (as module)
- CONFIG_NF_NAT_NEEDED: missing
- CONFIG_POSIX_MQUEUE: enabled

Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_MEMCG_SWAP: enabled
- CONFIG_MEMCG_SWAP_ENABLED: missing
    (cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_IOSCHED_CFQ: missing
- CONFIG_CFQ_GROUP_IOSCHED: missing
- CONFIG_CGROUP_PERF: missing
- CONFIG_CGROUP_HUGETLB: missing
- CONFIG_NET_CLS_CGROUP: missing
- CONFIG_CGROUP_NET_PRIO: missing
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: enabled
- CONFIG_IP_VS: enabled (as module)
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_RR: enabled (as module)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: missing
- CONFIG_EXT4_FS_SECURITY: missing
    enable these ext4 configs if you are using ext3 or ext4 as backing filesystem
- Network Drivers:
  - "overlay":
    - CONFIG_VXLAN: enabled (as module)
      Optional (for encrypted networks):
      - CONFIG_CRYPTO: enabled
      - CONFIG_CRYPTO_AEAD: enabled
      - CONFIG_CRYPTO_GCM: enabled (as module)
      - CONFIG_CRYPTO_SEQIV: enabled
      - CONFIG_CRYPTO_GHASH: enabled (as module)
      - CONFIG_XFRM: enabled
      - CONFIG_XFRM_USER: enabled (as module)
      - CONFIG_XFRM_ALGO: enabled (as module)
      - CONFIG_INET_ESP: enabled (as module)
      - CONFIG_INET_XFRM_MODE_TRANSPORT: missing
  - "ipvlan":
    - CONFIG_IPVLAN: enabled (as module)
  - "macvlan":
    - CONFIG_MACVLAN: enabled (as module)
    - CONFIG_DUMMY: enabled (as module)
  - "ftp,tftp client in container":
    - CONFIG_NF_NAT_FTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
    - CONFIG_NF_NAT_TFTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
- Storage Drivers:
  - "aufs":
    - CONFIG_AUFS_FS: missing
  - "btrfs":
    - CONFIG_BTRFS_FS: enabled (as module)
    - CONFIG_BTRFS_FS_POSIX_ACL: missing
  - "devicemapper":
    - CONFIG_BLK_DEV_DM: enabled (as module)
    - CONFIG_DM_THIN_PROVISIONING: missing
  - "overlay":
    - CONFIG_OVERLAY_FS: enabled
  - "zfs":
    - /dev/zfs: missing
    - zfs command: missing
    - zpool command: missing

Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000

root@rpi4:~#

Would it be possible for the snapshots/releases of the RPi4 firmware, to have more kernel options given its high ram and storage capacities ? Say, have at least a kernel able to run docker and some other stuff ? I cant seem to find a way to make dockerd work with baseline kernel, and compiling my own kernel just to enable couple missing options will make me rely on purely locally built packages (I saw there is a kernel checksum that forbids using mods on a modified kernel, pretty understandable). So, can the kernel of more powerful devices have more options enabled on it ?