docker-socket-proxy icon indicating copy to clipboard operation
docker-socket-proxy copied to clipboard

Published 20 hours ago verified publisher icon Tecnativa

503 with podman socket

Open com6056 opened this issue 2 years ago • 3 comments

Trying to get this running with the podman socket with the following setup:

  docker-socket-proxy:
    image: tecnativa/docker-socket-proxy
    container_name: docker-socket-proxy
    restart: always
    privileged: true
    environment:
      - SOCKET_PATH=/run/podman/podman.sock
      - CONTAINERS=1
    security_opt:
      - label=disable
    volumes:
      - /run/podman/podman.sock:/run/podman/podman.sock:ro

Seem to be getting a 503 though, not sure why.

HAProxy logs:

10.69.0.155:37856 [27/Feb/2022:07:55:28.777] dockerfrontend dockerbackend/dockersocket 0/0/-1/-1/0 503 213 - - SC-- 1/1/0/0/3 0/0 "GET /containers/baba2851b7771b0603152904c27ac5a354850a10a8414e06fcfa616754e5610b/json HTTP/1.1"
10.69.0.155:37858 [27/Feb/2022:07:55:28.895] dockerfrontend dockerbackend/dockersocket 0/0/-1/-1/0 503 213 - - SC-- 1/1/0/0/3 0/0 "GET /containers/2ef63ee42473922c7e999dd380e81058a212c8e8b67871f61f7645f60958d891/json HTTP/1.1"
10.69.0.155:37862 [27/Feb/2022:07:55:29.013] dockerfrontend dockerbackend/dockersocket 0/0/-1/-1/0 503 213 - - SC-- 1/1/0/0/3 0/0 "GET /containers/2ef63ee42473922c7e999dd380e81058a212c8e8b67871f61f7645f60958d891/json HTTP/1.1"

If I exec into the container and try to access the socket though, it works fine:

/ # curl --unix-socket /var/run/podman/podman.sock docker-socket-proxy:3725/containers/faade8bf2b744d7799623d27ff550da8e257e1aa0142d0b6ab5379481ae07aff/json

{"Id":"faade8bf2b744d7799623d27ff550da8e257e1aa0142d0b6ab5379481ae07aff","Created":"2022-02-20T20:38:48.884569982Z",..........................

com6056 avatar Feb 27 '22 07:02 com6056

I get the same result using a weave SOCKET_PATH: unix://var/run/docker.sock. Would be really interested to see this work, currently we have to modify the permissions in order to run the docker containers via weave.

ewerkema avatar Mar 18 '22 11:03 ewerkema

I did install docker-podman and i used this as rootfull container and it works just fine.

services:
  dockerproxy:
    container_name: dockerproxy
    privileged: true
    environment:
      CONTAINERS: 1
    image: docker.io/tecnativa/docker-socket-proxy
    ports:
      - "2375"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:z

Keltere avatar May 02 '22 13:05 Keltere

You need to mount your user symlinked podman.sock. Like this:

volumes:
  - /var/run/user/$UID/podman/podman.sock:/var/run/docker.sock

Note, that you need to export UID variable, so podman-compose can use it. Also, it is not a good practice to use privileged: true on container, as it disables SELinux for that container. Much better is to use this:

security_opt:
   - label=disable

which kinda gives your container access of a user, who started the container, but does not disable SELinux. And even much better approach is to find out, what labels the container needs and give it just those labels.

Kouba91 avatar Jul 04 '22 07:07 Kouba91