SafeLine
SafeLine copied to clipboard
Published
20 hours ago •
chaitin
chaitin
[Suggestion] Docker 启用用户命名空间(user namespace) 安装失败
trafficstars
What happened?
当Docker Engine 启用用户命名空间(user namespace) 后
执行 docker compose up -d安装时返回
Error response from daemon: cannot share the host's network namespace when user namespaces are enabled
How we reproduce?
- docker version
Client: Docker Engine - Community
Version: 27.3.1
API version: 1.47
Go version: go1.22.7
Git commit: ce12230
Built: Fri Sep 20 11:41:11 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 27.3.1
API version: 1.47 (minimum version 1.24)
Go version: go1.22.7
Git commit: 41ca978
Built: Fri Sep 20 11:41:11 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.23
GitCommit: 57f17b0a6295a39009d861b89e3b3b87b005ca27
runc:
Version: 1.1.14
GitCommit: v1.1.14-0-g2c9f560
docker-init:
Version: 0.19.0
GitCommit: de40ad0
- docker compose version
Docker Compose version v2.29.7 - 启用用户命名空间
/etc/docker/daemon.json
{
"userns-remap": "default",
"ip": "127.0.0.1",
"icc": false,
"experimental": false,
"live-restore": true,
"ipv6": false,
"no-new-privileges": false,
"registry-mirrors": [
"https://***.***.***"
]
}
- 执行safeline安装 4.1 wget "https://waf-ce.chaitin.cn/release/latest/compose.yaml"
--2024-11-29 09:24:47-- https://waf-ce.chaitin.cn/release/latest/compose.yaml
Resolving waf-ce.chaitin.cn (waf-ce.chaitin.cn)... 240e:940:60a:3:3::3f9, 36.102.212.117
Connecting to waf-ce.chaitin.cn (waf-ce.chaitin.cn)|240e:940:60a:3:3::3f9|:443... failed: Connection timed out.
Connecting to waf-ce.chaitin.cn (waf-ce.chaitin.cn)|36.102.212.117|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4305 (4.2K) [application/octet-stream]
Saving to: ‘compose.yaml’
compose.yaml 100%[==================================================================>] 4.20K --.-KB/s in 0s
2024-11-29 09:26:58 (61.4 MB/s) - ‘compose.yaml’ saved [4305/4305]
4.2 touch .env && vi ./.env
IMAGE_TAG=latest
MGT_PORT=9443
POSTGRES_PASSWORD=yourpassword
SUBNET_PREFIX=172.22.222
IMAGE_PREFIX=chaitin
ARCH_SUFFIX=
RELEASE=-lts
4.3 安装
docker compose up -d
[+] Running 62/7
✔ fvm Pulled 235.0s
✔ mgt Pulled 286.9s
✔ chaos Pulled 126.6s
✔ postgres Pulled 99.0s
✔ tengine Pulled 209.8s
✔ detect Pulled 248.9s
✔ luigi Pulled 206.7s
[+] Running 1/6
✔ Network safeline-ce Created 0.2s
⠋ Container safeline-tengine Creating 0.1s
⠋ Container safeline-fvm Creating 0.1s
⠋ Container safeline-pg Creating 0.1s
⠋ Container safeline-detector Creating 0.1s
⠋ Container safeline-chaos Creating 0.1s
**Error response from daemon: cannot share the host's network namespace when user namespaces are enabled**
Expected behavior
fixed:
各个 service 节点添加 以下配置禁用 user namespaces
userns_mode: host
example:
cat compose.yaml
networks:
safeline-ce:
name: safeline-ce
driver: bridge
ipam:
driver: default
config:
- gateway: ${SUBNET_PREFIX:?SUBNET_PREFIX required}.1
subnet: ${SUBNET_PREFIX}.0/24
driver_opts:
com.docker.network.bridge.name: safeline-ce
services:
postgres:
container_name: safeline-pg
**userns_mode: host**
restart: always
image: ${IMAGE_PREFIX}/safeline-postgres${ARCH_SUFFIX}:15.2
volumes:
- ${SAFELINE_DIR}/resources/postgres/data:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
- POSTGRES_USER=safeline-ce
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?postgres password required}
networks:
safeline-ce:
ipv4_address: ${SUBNET_PREFIX}.2
command: [postgres, -c, max_connections=600]
healthcheck:
test: pg_isready -U safeline-ce -d safeline-ce
mgt:
...
Error log
Error response from daemon: cannot share the host's network namespace when user namespaces are enabled
