Am I trying to connect to a TLS-enabled daemon without TLS?

Question

I\'m trying to learn about Docker, but I keep getting cryptic (to me) error messages.

Possibly the simplest example of this is trying to print the version of Docker

Answer 1

Another possible reason is that your BIOS CPU visualization is not enabled. Go and enable it first!

Answer 2

1. Docker calls itself a self-sufficient runtime for Linux containers. In simple terms it acts both as server and client.
2. The $ docker version command query is internal to the Docker executable and not to the daemon/service running.
3. $ docker images or $ docker ps or $ docker pull centos are commands which send queries to the docker daemon/service running.
4. Docker by default supports TLS connections to its daemon/service.
5. Only if the user you are logged in as is part of user group docker or you have used sudo before the command, e.g. $ sudo docker images, does it not require TLS connectivity.

Visit Docker documentation page Protect the Docker daemon socket.

Scroll a little to the top and find warning section for clarity.

Answer 3

In my case (Linux Mint 17) I did various things, and I'm not sure about which of them are totally necessary.

I included missing Ubuntu packages:

$ sudo apt-get install apparmor lxc cgroup-lite

A user was added to group docker:

$ sudo usermod -aG docker ${USER}

Started daemon (openSUSE just needs this)

$ sudo docker -d

---

Thanks\Attribution

---

Thanks Usman Ismail, because maybe it was just that last thing...

Stupid question but have you started the docker daemon? – Usman Ismail Dec 17 '14 at 15:04

---

Thanks also to github@MichaelJCole for the solution that worked for me, because I didn't check for the daemon when I read Usman's comment.

GitHub comment:

sudo apt-get install apparmor lxc cgroup-lite
sudo apt-get  install docker.io
# If you installed docker.io first, you'll have to start it manually
sudo docker -d
sudo docker run -i -t ubuntu /bin/bash

---

Thanks to fredjean.net post for noticing the missing packages and forget about the default Ubuntu installation instructions and google about other ways

It turns out that the cgroup-lite and the lxc packages are not installed by default on Linux Mint. Installing both then allowed me to run bash in the base image and then build and run my image.

---

Thanks to brettof86's comment about openSUSE

Answer 4

TLDR: This got my Python meetup group past this problem when I was running a clinic on installing docker and most of the users were on OS X:

boot2docker init
boot2docker up

run the export commands the output gives you, then

docker info

should tell you it works.

---

The Context (what brought us to the problem)

I led a clinic on installing docker and most attendees had OS X, and we ran into this problem and I overcame it on several machines. Here's the steps we followed:

First, we installed homebrew (yes, some attendees didn't have it):

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Then we got cask, which we used to install virtualbox, and then used brew to install docker and boot2docker (all required for OS X) Don't use sudo for brew.:

brew install caskroom/cask/brew-cask
brew cask install virtualbox
brew install docker
brew install boot2docker

The Solution

That was when we ran into the problem the asker here got. The following fixed it. I understand init was a one-time deal, but you'll probably have to run up every time you start docker:

boot2docker init
boot2docker up

Then when up has been run, it gives several export commands. Copy-paste and run those.

Finally docker info should tell you it's properly installed.

To Demo

The rest of the commands should demo it. (on Ubuntu linux I required sudo.)

docker run hello-world
docker run -it ubuntu bash

Then you should be on a root shell in the container:

apt-get install nano
exit

Back to your native user bash:

docker ps -l

Look for the about 12 digit hexadecimal (0-9 or a-f) identifier under "Container ID", e.g. 456789abcdef. You can then commit your change and name it some descriptive name, like descriptivename:

docker commit 456789abcdef descriptivename`

Answer 5

I had the same issue and tried various things to fix this, amending the .bash_profile file, logging in and out, without any luck. In the end, restarting my machine fixed it.

Answer 6

The underlining problem is simple – lack of permission to /var/run/docker.sock unix domain socket.

From Daemon socket option chapter of Docker Command Line reference for Docker 1.6.0:

By default, a unix domain socket (or IPC socket) is created at /var/run/docker.sock, requiring either root permission, or docker group membership.

Steps necessary to grant rights to users are nicely described in Docker installation instructions for Fedora:

Granting rights to users to use Docker

The docker command line tool contacts the docker daemon process via a socket file /var/run/docker.sock owned by root:root. Though it's recommended to use sudo for docker commands, if users wish to avoid it, an administrator can create a docker group, have it own /var/run/docker.sock, and add users to this group.

$ sudo groupadd docker
$ sudo chown root:docker /var/run/docker.sock
$ sudo usermod -a -G docker $USERNAME

Log out and log back in for above changes to take effect. Please note that Docker packages of some Linux distributions (Ubuntu) do already place /var/run/docker.sock in the docker group making the first two of above steps unnecessary.

In case of OS X and boot2docker the situation is different; the Docker daemon runs inside a VM so the DOCKER_HOST environment variable must be set to this VM so that the Docker client could find the Docker daemon. This is done by running $(boot2docker shellinit) in the shell.