Tutorial Docker on armbian!

[vinser]

Few simple steps to install docker and docker compose on clean Armbian_20.05.4_Odroidxu4_focal_current_5.4.41 ODROID-HC1

Thanks to official docs https://docs.docker.com/engine/install/ubuntu/

 

    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

    # Verify that you now have the key with the fingerprint 9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88 - you may skip this

    apt-key fingerprint 0EBFCD88

    # add-apt-repository "deb [arch=armhf] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

    add-apt-repository "deb [arch=armhf] https://download.docker.com/linux/ubuntu bionic stable" # there is no repository for focal :(

    apt-get update

    apt-get install docker-ce docker-ce-cli containerd.io

    docker run --rm hello-world # test - you may skip

    docker --version

 

    apt install python3-pip

    apt install python3-dev

    apt install libffi-dev

    apt install libssl-dev

    pip3 install docker-compose

    docker-compose --version

 

That's all, enjoy

Sorry for necroposting

[gounthar]

As the documentation is now marked as obsolete, what is the correct way to install Docker on a recent Armbian Buster?

  ___                             ____  _   _  _
 / _ \ _ __ __ _ _ __   __ _  ___|  _ \(_) | || |
| | | | '__/ _` | '_ \ / _` |/ _ \ |_) | | | || |_
| |_| | | | (_| | | | | (_| |  __/  __/| | |__   _|
 \___/|_|  \__,_|_| |_|\__, |\___|_|   |_|    |_|
                       |___/
Welcome to Armbian 20.08.17 Buster with Linux 5.8.17-rockchip64

 

I think at one time, it was available in armbian-config, but I may be wrong.. And I'm trying that on an unsupported board (OrangePi4).

Here is what I have done:

sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88
sudo add-apt-repository "deb [arch=arm64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
sudo apt update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo docker run hello-world

Thanks.

[Werner]

I think I marked that point as outdated as it has not been revisited for a long time but also have no experience with docker whatsoever to change it.

So of anyone wants to change that please go ahead:https://github.com/armbian/documentation/edit/master/docs/User-Guide_Advanced-Features.md

[gounthar]

Done, thanks.

[lanefu]

the distro natively packaged versions are new enough for my use these days.. I just do apt install docker.io

[gounthar]

Thanks for the tip.

I will try it on another machine with a fresh install, as I get :

apt install docker.io
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 docker.io : Depends: runc (>= 1.0.0~rc6~)
E: Unable to correct problems, you have held broken packages.

 

[ajkelsey]

Hi. I am attempting to install  docker and I've hit a snag in the installation. I followed the instructions here: https://docs.docker.com/engine/install/ubuntu/

 

For some reason the docker service did not start. Here is the error from installation and the systemctl status:

 

Setting up docker-ce (5:20.10.18~3-0~ubuntu-jammy) ...
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xeu docker.service" for details.
invoke-rc.d: initscript docker, action "start" failed.
● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Mon 2022-10-10 19:40:40 EDT; 39ms ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
    Process: 15936 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
   Main PID: 15936 (code=exited, status=1/FAILURE)
        CPU: 367ms
dpkg: error processing package docker-ce (--configure):
 installed docker-ce package post-installation script subprocess returned error exit status 1
Processing triggers for man-db (2.10.2-1) ...
Errors were encountered while processing:
 docker-ce
E: Sub-process /usr/bin/dpkg returned an error code (1)


admin@lepotato:~$ sudo systemctl status docker.service
× docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2022-10-10 19:40:49 EDT; 2min 0s ago
TriggeredBy: × docker.socket
       Docs: https://docs.docker.com
    Process: 16057 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
   Main PID: 16057 (code=exited, status=1/FAILURE)
        CPU: 473ms

Oct 10 19:40:49 lepotato systemd[1]: docker.service: Scheduled restart job, restart counter is at 3.
Oct 10 19:40:49 lepotato systemd[1]: Stopped Docker Application Container Engine.
Oct 10 19:40:49 lepotato systemd[1]: docker.service: Start request repeated too quickly.
Oct 10 19:40:49 lepotato systemd[1]: docker.service: Failed with result 'exit-code'.
Oct 10 19:40:49 lepotato systemd[1]: Failed to start Docker Application Container Engine.

 

[gounthar]

I'm afraid the official documentation for Armbian is there: https://docs.armbian.com/User-Guide_Advanced-Features/#how-to-run-docker

 

[Alligator427]

I have the same issue than ajkelsey with installation of Docker on an Orange Pi zero2 under Armbian_23.02.3_Orangepizero2_bullseye_legacy_4.9.318.

 

I tried the two methods described in the official documentation (https://docs.armbian.com/User-Guide_Advanced-Features/#how-to-run-docker), but the docker service refuses to load.

 

Is there anything I'm missing? I was planning to try it on a fresh Armbian installation. I did not try to install Docker on Jammy and Bookworm because wifi does not work properly with these systems (available at https://www.armbian.com/orange-pi-zero-2/)

[Werner]

22 minutes ago, Alligator427 said:

Is there anything I'm missing?

Docker needs some kernel stuff that has been introduced after 4.9.y was released. So the only way is to run a more recent kernel which probably does not support all hw features the board has to offer.

[Alligator427]

Thanks, Werner!

The official Armbian documentation states that the version should be 20.08.17 or newer, with Kernel 3.10 or higher.

I thought I was in the clear with Armbian_23.02.3_Orangepizero2_bullseye_legacy_4.9.318.

https://docs.armbian.com/User-Guide_Advanced-Features/#how-to-run-docker

Perhaps this requirement applies to an older version of Docker. I'm considering trying a 1-2-year-old version of Docker to see if it works. Not sure if it makes sense.

 

I've attempted to install three different versions of Bullseye (edge and current) with a kernel >4.9 (5.15.x or 6.2), but none of them boot up on the Orange Pi Zero 2. Unfortunately, The only versions that boot up have kernel 4.9.

https://www.armbian.com/orange-pi-zero-2/

Edited July 11, 2023 by Alligator427

[Werner]

docs are most likely behind due to lack of maintenance (feel free to contribute!).

Docker wants cgroupsv2 which have been introduced in kernel 4.15.y

4.9.y is vendor kernel which might work better but is outdated and unmaintained:https://docs.armbian.com/User-Guide_FAQ/#why-does-hardware-feature-xy-work-in-old-kernel-but-not-in-more-recent-one

[ALIGMSTEN]

The only solution for legacy images is to downgrade to cgroups v1 with kernel parameter 

 

You add this in armbianEnv.txt

 

extraargs=systemd.unified_cgroup_hierarchy=0

 

 

To use cgroup v2, you need to have kernel 4.15 or later https://github.com/opencontainers/runc/blob/v1.0.0-rc95/docs/cgroup-v2.md#host-requirements.

 

Other requirements you might need to set iptables debian os

 

The docker installer uses iptables for nat. Unfortunately Debian uses nftables. 
You can convert the entries over to nftables or just setup Debian to use the legacy iptables.

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

 

 

As for non booting zero2 images please check latest, builds are working fine for me at this point, although I will check, (limited time atm, also 'not sure about mirrors synching').

[Alligator427]

Wow! Thanks ALIGMSTEN! This solve the issue completely. The last docker version is now working on Armbian bullseye kernel 4.9 on Orange pi zero2.

Thanks for your help and for what you are doing!

Here is the detailed procedure for the people that may experience the same issue.

 

-Fresh install of Armbian_23.02.3_Orangepizero2_bullseye_legacy_4.9.318.img.xz

http://xogium.performanceservers.nl/archive/orangepizero2/archive/Armbian_23.02.3_Orangepizero2_bullseye_legacy_4.9.318.img.xz

 

sudo apt-get update

sudo apt-get upgrade

 

-add the following to /boot/armbianEnv.txt

extraargs=systemd.unified_cgroup_hierarchy=0

 

-return to prompt

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy

sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

 

-reboot

 

-install docker according to https://docs.docker.com/engine/install/debian/ (below)

sudo apt-get update

sudo apt-get install ca-certificates curl gnupg

sudo install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

sudo chmod a+r /etc/apt/keyrings/docker.gpg

 

-Then

echo \

  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \

  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \

  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

 

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

sudo reboot

 

-Test docker with

sudo docker run hello-world

 

Edited July 13, 2023 by Alligator427

[PeterRies]

Hi there,

 

I revived my BananaPi M1 (ARM7 32bit) last week. I installed a fresh armbian and just docker like this:

 

sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo gpasswd -a $USER docker
newgrp docker
docker run hello-world

 

The "Hello world" worked.

 

But when I tried to run anything useful things failed. Seafile installed okay, but calling the UI timed out. Paperless-ngx complained that paperless-webserver cannot find route to redis. Stuff like this. I just want to use the machine in my internal Network at home.

 

To investigate further I installed a simple httpd docker to see if I can reach that one. No luck. Neither from another machine in my LAN, nor via lynx  on BananaPi calling localhost. The request goes out as the port seems to be open, but it never reaches the daemon inside the container or cannot respond. Same commands on my "production box" (a HP t630 with debian bookworm) work fine.

 

So my conclusion is that it must be something in the OS.

 

I compared iptables on BananaPi and t630 and checked the output of 'sudo /usr/sbin/sysctl -a | grep forwarding | grep ipv4' - they are the same.

 

I'm a little bit clueless where to check, what commands to use as I'm quite new to docker. Do you have any suggestions?

 

Thanks, Peter.

[Igor]

 

1 hour ago, PeterRies said:

The "Hello world" worked.

 

This means Docker works.

 

1 hour ago, PeterRies said:

To investigate further I installed a simple httpd docker to see if I can reach that one. No luck. Neither from another machine in my LAN, nor via lynx  on BananaPi calling localhost.

Minimal Armbian images comes with very minimal systemd-networking since several weeks. This brought much smaller OS images, but could cause this kind of troubles.

 

1 hour ago, PeterRies said:

Do you have any suggestions?

 

Try to do some research into this direction.

 

[Igor]

"systemd-network doesn’t quite play well with docker."

Perhaps this https://blog.kylemanna.com/linux/docker-systemd-network-surprise/ is the problem.

[dziekon]

For anyone struggling with Docker connectivity issues on latest Arbian minimal images, I've found solution (although, can't say if it's a good or bad solution, I'm not a sysops wizard or whatever) which does seem to work fine for my use case.

 

Tested on "Armbian_community 24.8.0-trunk.399 Bookworm with Linux 6.6.36-current-sunxi64"

 

By following this stackoverflow answer (https://stackoverflow.com/a/76440642/951007), I've modified netplan's default configuration file (currently "/etc/netplan/10-dhcp-all-interfaces.yaml" file) from:

(...)
all-eth-interfaces:
  match:
    name: '*'
(...)

to

(...)
all-eth-interfaces:
  match:
    name: 'en*'
(...)

 

and restarted the entire SBC.

 

With this change applied, docker network adapters changed their SETUP from "configuring" to "unmanaged", as it apparently should be in the first place (although please do note that other adapters have been changed as well, so proceed with caution):

$ sudo networkctl list

IDX LINK            TYPE     OPERATIONAL SETUP     
  1 lo              loopback carrier     unmanaged
  2 end0            ether    routable    configured
  3 wlan0           wlan     off         unmanaged
  4 docker0         bridge   no-carrier  unmanaged
  5 br-xxxxxxxxxxxx bridge   no-carrier  unmanaged
  6 br-xxxxxxxxxxxy bridge   no-carrier  unmanaged

 

After that, Docker was able to communicate with the outside world:

$ docker run busybox ping -c 1 1.1.1.1

PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=57 time=4.741 ms
(...)

 

and was able to communicate with other docker-based services in the same network - in my case, a Spoolman instance was not able to communicate with Postgresql instance started using one docker compose file.

 

---

 

Again, please do note that I'm no expert in this regard, so if you decide to follow this solution, I would recommend verifying whether other services (that require connectivity in any way) still work as expected.

[Werner]

5 hours ago, dziekon said:

minimal

 

5 hours ago, dziekon said:

netplan

I wonder how this works out since AFAIK there is no netplan installed on minimal images.

[Igor]

5 minutes ago, Werner said:

I wonder how this works out since AFAIK there is no netplan installed on minimal images.

It is, since moving network bits into extensions. Here it is installed:

https://github.com/armbian/build/blob/main/extensions/network/net-systemd-networkd.sh#L11

[PeterRies]

Thanks Igor for the explanation and dziekon for the 2 bytes change that did the job!! Excellent description. 😀

[TRS-80]

I am going to go back to basics, so apologies if this is too obvious.

 

Are you guys opening ports between the container and the host?

 

I am still learning Docker myself, but isn't the default to limit containers to their own little Docker network, where they can only reach each other?

 

For example, when I started running Home Assistant as a Docker container, I had to allow `--net=host` option (well, the equivalent in my `docker-compose` file, but you get the idea).