Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

503 with podman socket #66

Open
com6056 opened this issue Feb 27, 2022 · 3 comments
Open

503 with podman socket #66

com6056 opened this issue Feb 27, 2022 · 3 comments

Comments

@com6056
Copy link

com6056 commented Feb 27, 2022

Trying to get this running with the podman socket with the following setup:

  docker-socket-proxy:
    image: tecnativa/docker-socket-proxy
    container_name: docker-socket-proxy
    restart: always
    privileged: true
    environment:
      - SOCKET_PATH=/run/podman/podman.sock
      - CONTAINERS=1
    security_opt:
      - label=disable
    volumes:
      - /run/podman/podman.sock:/run/podman/podman.sock:ro

Seem to be getting a 503 though, not sure why.

HAProxy logs:

10.69.0.155:37856 [27/Feb/2022:07:55:28.777] dockerfrontend dockerbackend/dockersocket 0/0/-1/-1/0 503 213 - - SC-- 1/1/0/0/3 0/0 "GET /containers/baba2851b7771b0603152904c27ac5a354850a10a8414e06fcfa616754e5610b/json HTTP/1.1"
10.69.0.155:37858 [27/Feb/2022:07:55:28.895] dockerfrontend dockerbackend/dockersocket 0/0/-1/-1/0 503 213 - - SC-- 1/1/0/0/3 0/0 "GET /containers/2ef63ee42473922c7e999dd380e81058a212c8e8b67871f61f7645f60958d891/json HTTP/1.1"
10.69.0.155:37862 [27/Feb/2022:07:55:29.013] dockerfrontend dockerbackend/dockersocket 0/0/-1/-1/0 503 213 - - SC-- 1/1/0/0/3 0/0 "GET /containers/2ef63ee42473922c7e999dd380e81058a212c8e8b67871f61f7645f60958d891/json HTTP/1.1"

If I exec into the container and try to access the socket though, it works fine:

/ # curl --unix-socket /var/run/podman/podman.sock docker-socket-proxy:3725/containers/faade8bf2b744d7799623d27ff550da8e257e1aa0142d0b6ab5379481ae07aff/json

{"Id":"faade8bf2b744d7799623d27ff550da8e257e1aa0142d0b6ab5379481ae07aff","Created":"2022-02-20T20:38:48.884569982Z",..........................
@ewerkema
Copy link

I get the same result using a weave SOCKET_PATH: unix://var/run/docker.sock. Would be really interested to see this work, currently we have to modify the permissions in order to run the docker containers via weave.

@Keltere
Copy link

Keltere commented May 2, 2022

I did install docker-podman and i used this as rootfull container and it works just fine.

services:
  dockerproxy:
    container_name: dockerproxy
    privileged: true
    environment:
      CONTAINERS: 1
    image: docker.io/tecnativa/docker-socket-proxy
    ports:
      - "2375"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:z

@Kouba91
Copy link

Kouba91 commented Jul 4, 2022
edited
Loading

You need to mount your user symlinked podman.sock.
Like this:

volumes:
  - /var/run/user/$UID/podman/podman.sock:/var/run/docker.sock

Note, that you need to export UID variable, so podman-compose can use it.
Also, it is not a good practice to use privileged: true on container, as it disables SELinux for that container.
Much better is to use this:

security_opt:
   - label=disable

which kinda gives your container access of a user, who started the container, but does not disable SELinux.
And even much better approach is to find out, what labels the container needs and give it just those labels.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@com6056 @Keltere @ewerkema @Kouba91