我创建了一个Dockerfile来在Docker中运行Docker:
FROM ubuntu:16.04
RUN apt-get update && \
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common && \
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - &&\
apt-key fingerprint 0EBFCD88
RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
apt-get update && \
apt-get install -y docker-ce && \
systemctl enable docker在我启动容器并运行docker ps之后,我得到了:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"我在容器中执行了命令dockerd,结果如下:
Error starting daemon: Error initializing network controller: error obtaining controller instance:
failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.0: can't initialize iptables table nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
2条答案
按热度按时间vxf3dgd41#
我收到的建议是在docker run中使用-v参数来Map容器之间的docker套接字,如下所示:
okxuctiv2#
如果你真的想在另一个Docker容器中运行一个Docker容器,你应该使用Docker提供的现有镜像(https://hub.docker.com/_/docker),而不是创建你自己的基础镜像:选择标记为
dind(dockerin****docker)或<docker_version>-dind(如18.09.0-dind)的图像。如果你想运行你自己的镜像(不推荐),不要忘记使用--privileged选项运行它(这就是为什么你会得到错误)。docker官方图片示例:尽管如此,我同意@DavidMaze的评论和他提到的参考博客文章(Do not use Docker-in-Docker for CI):Docker-in-Docker应该尽可能避免。