Docker support

I got Vero 4K for some time now and its great.
Altough there are some things that Im missing from OSMC on RPI2.
The bigest one is docker support.
Docker is not officially supported yet for aarch64 but it can be compiled from source.
Whats blocking me are some missing kernel modules/config.

Bellow Im pasting output of dockers check-config script.
Is it possible in foreseeable future to add those missing parts?

osmc@osmc:~/code$ sudo ./check-config.sh
warning: /proc/config.gz does not exist, searching other paths for kernel config …
info: reading kernel config from /boot/config-3.14.29-8-osmc …

Generally Necessary:

• cgroup hierarchy: properly mounted [/sys/fs/cgroup]
• CONFIG_NAMESPACES: enabled
• CONFIG_NET_NS: enabled
• CONFIG_PID_NS: enabled
• CONFIG_IPC_NS: enabled
• CONFIG_UTS_NS: enabled
• CONFIG_CGROUPS: enabled
• CONFIG_CGROUP_CPUACCT: enabled
• CONFIG_CGROUP_DEVICE: enabled
• CONFIG_CGROUP_FREEZER: enabled
• CONFIG_CGROUP_SCHED: enabled
• CONFIG_CPUSETS: enabled
• CONFIG_MEMCG: enabled
• CONFIG_KEYS: enabled
• CONFIG_VETH: enabled (as module)
• CONFIG_BRIDGE: enabled (as module)
• CONFIG_BRIDGE_NETFILTER: enabled
• CONFIG_NF_NAT_IPV4: enabled (as module)
• CONFIG_IP_NF_FILTER: enabled (as module)
• CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
• CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
• CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
• CONFIG_NETFILTER_XT_MATCH_IPVS: missing
• CONFIG_IP_NF_NAT: missing
• CONFIG_NF_NAT: enabled (as module)
• CONFIG_NF_NAT_NEEDED: enabled
• CONFIG_POSIX_MQUEUE: enabled
• CONFIG_DEVPTS_MULTIPLE_INSTANCES: enabled

Optional Features:

• CONFIG_USER_NS: enabled
• CONFIG_SECCOMP: missing
• CONFIG_CGROUP_PIDS: missing
• CONFIG_MEMCG_SWAP: enabled
• CONFIG_MEMCG_SWAP_ENABLED: enabled
  (cgroup swap accounting is currently enabled)
• CONFIG_MEMCG_KMEM: enabled
• CONFIG_RESOURCE_COUNTERS: enabled
• CONFIG_BLK_CGROUP: enabled
• CONFIG_BLK_DEV_THROTTLING: enabled
• CONFIG_IOSCHED_CFQ: missing
• CONFIG_CFQ_GROUP_IOSCHED: missing
• CONFIG_CGROUP_PERF: missing
• CONFIG_CGROUP_HUGETLB: missing
• CONFIG_NET_CLS_CGROUP: missing
• CONFIG_CGROUP_NET_PRIO: missing
• CONFIG_CFS_BANDWIDTH: missing
• CONFIG_FAIR_GROUP_SCHED: enabled
• CONFIG_RT_GROUP_SCHED: missing
• CONFIG_IP_VS: missing
• CONFIG_IP_VS_NFCT: missing
• CONFIG_IP_VS_RR: missing
• CONFIG_EXT3_FS: missing
• CONFIG_EXT3_FS_XATTR: missing
• CONFIG_EXT3_FS_POSIX_ACL: missing
• CONFIG_EXT3_FS_SECURITY: missing
  (enable these ext3 configs if you are using ext3 as backing filesystem)
• CONFIG_EXT4_FS: enabled
• CONFIG_EXT4_FS_POSIX_ACL: enabled
• CONFIG_EXT4_FS_SECURITY: enabled
• Network Drivers:
  • “overlay”:
    • CONFIG_VXLAN: missing
      Optional (for encrypted networks):
      • CONFIG_CRYPTO: enabled
      • CONFIG_CRYPTO_AEAD: enabled (as module)
      • CONFIG_CRYPTO_GCM: missing
      • CONFIG_CRYPTO_SEQIV: enabled (as module)
      • CONFIG_CRYPTO_GHASH: missing
      • CONFIG_XFRM: missing
      • CONFIG_XFRM_USER: missing
      • CONFIG_XFRM_ALGO: missing
      • CONFIG_INET_ESP: missing
      • CONFIG_INET_XFRM_MODE_TRANSPORT: missing
  • “ipvlan”:
    • CONFIG_IPVLAN: missing
  • “macvlan”:
    • CONFIG_MACVLAN: missing
    • CONFIG_DUMMY: missing
  • “ftp,tftp client in container”:
    • CONFIG_NF_NAT_FTP: enabled (as module)
    • CONFIG_NF_CONNTRACK_FTP: enabled (as module)
    • CONFIG_NF_NAT_TFTP: missing
    • CONFIG_NF_CONNTRACK_TFTP: missing
• Storage Drivers:
  • “aufs”:
    • CONFIG_AUFS_FS: missing
  • “btrfs”:
    • CONFIG_BTRFS_FS: enabled (as module)
    • CONFIG_BTRFS_FS_POSIX_ACL: missing
  • “devicemapper”:
    • CONFIG_BLK_DEV_DM: enabled
    • CONFIG_DM_THIN_PROVISIONING: enabled
  • “overlay”:
    • CONFIG_OVERLAY_FS: missing
  • “zfs”:
    • /dev/zfs: missing
    • zfs command: missing
    • zpool command: missing

Limits:

• /proc/sys/kernel/keys/root_maxkeys: 200
  This should be set to at least 10000, for example set: sysctl -w kernel/keys/root_maxkeys=1000000

I think you just need AUFS for this to work, correct?

Sam

Hi Sam,

I think aufs or overlay would be nice to have.
But from what I see there are also things missing in other sections.
Bellow I will paste the output only with missing values to be easier to read:

Generally Necessary:
- CONFIG_NETFILTER_XT_MATCH_IPVS: missing
- CONFIG_IP_NF_NAT: missing

Optional Features:
- CONFIG_SECCOMP: missing
- CONFIG_CGROUP_PIDS: missing
- CONFIG_IOSCHED_CFQ: missing
- CONFIG_CFQ_GROUP_IOSCHED: missing
- CONFIG_CGROUP_PERF: missing
- CONFIG_CGROUP_HUGETLB: missing
- CONFIG_NET_CLS_CGROUP: missing
- CONFIG_CGROUP_NET_PRIO: missing
- CONFIG_CFS_BANDWIDTH: missing
- CONFIG_RT_GROUP_SCHED: missing
- CONFIG_IP_VS: missing
- CONFIG_IP_VS_NFCT: missing
- CONFIG_IP_VS_RR: missing
- CONFIG_EXT3_FS: missing
- CONFIG_EXT3_FS_XATTR: missing
- CONFIG_EXT3_FS_POSIX_ACL: missing
- CONFIG_EXT3_FS_SECURITY: missing

- Network Drivers:
  - "overlay":
    - CONFIG_VXLAN: missing
      Optional (for encrypted networks):
      - CONFIG_CRYPTO_GCM: missing
      - CONFIG_CRYPTO_GHASH: missing
      - CONFIG_XFRM: missing
      - CONFIG_XFRM_USER: missing
      - CONFIG_XFRM_ALGO: missing
      - CONFIG_INET_ESP: missing
      - CONFIG_INET_XFRM_MODE_TRANSPORT: missing
  - "ipvlan":
    - CONFIG_IPVLAN: missing
  - "macvlan":
    - CONFIG_MACVLAN: missing
    - CONFIG_DUMMY: missing
  - "ftp,tftp client in container":
    - CONFIG_NF_NAT_TFTP: missing
    - CONFIG_NF_CONNTRACK_TFTP: missing
- Storage Drivers:
  - "aufs":
    - CONFIG_AUFS_FS: missing
  - "btrfs":
    - CONFIG_BTRFS_FS_POSIX_ACL: missing
  - "overlay":
    - CONFIG_OVERLAY_FS: missing
  - "zfs":
    - /dev/zfs: missing
    - zfs command: missing
    - zpool command: missing
Limits:
- /proc/sys/kernel/keys/root_maxkeys: 200

Okay – I can build a kernel with some additional features if you’d be willing to try it

Sam

Sure, I can try it out

IPVS is only needed for Docker Swarm I believe, which is a little experimental at the moment.

Kernel is patched to 10000

I’ve added AUFS and updated the kernel to include most of the options you’ve asked for. I’d appreciate it if you could build and test Docker out now.

To test this update:

1. Login via the command line
2. Edit the file /etc/apt/sources.list
3. Add the following line: deb http://apt.osmc.tv jessie-devel main
4. Run the following commands to update: sudo apt-get update && sudo apt-get dist-upgrade && reboot
5. Your system should have have received the update.

Please see if the issue is resolved.

I also recommend you edit /etc/apt/sources.list again and remove the line that you added after updating. This will return you to the normal update channel.

Cheers

Sam

Hi Sam,

Thanks, I just checked it.
To make it faster I installed ready deb package: docker-hypriot_1.10.3-1_armhf.deb that I was using on RPi.
Only modification on my side was to make it to use aufs instead of overlay.

The result is that docker service started and I was able to execute docker run aarch64/hello-world without any errors.
To fully test if everything works (network etc) I will need some time to prepare new containers. The one that I was using was for armhf and I think I need to change them to aarch64 version.

Thanks for your help.

OSMC’s userland is armhf, but the kernel is arm64, so you should be able to run both types of containers without issue.

Let me know if you run in to any problems

Cheers

Sam

Yes, you are right.
Previously I tried to run some random hello-world container that was described as armhf and it gave me bad exec format error. I think there was something wrong with this container. When I tried my old containers from rpi they started without any issues.

It looks like everything works for me.

Thanks again for your support.

Just a quick question - if I remove jessie-devel from sources - will I loose your changes on next “main” OSMC update?

No – it’s fine to remove this repository now unless you need to test something bleeding edge in the future.

Thanks for testing and confirming all is working as expected.

Sam

Just wanted to left a note for anyone that will try to setup docker on Vero 4K.

There is no need to compile sources to get latest docker version.
It is possible to use official docker installation script available here: https://get.docker.com/

Until they add support for aarch64 there is only one small hack needed:
In this script find line:
architecture=$(uname -m)
and change it to:
architecture="armv7l"

Thats it.

I installed dokcer-ce (docker isn’t supported on Debian Jessie anymore) using the following commands.

Install https curl prerequisites:

 sudo apt-get install      apt-transport-https      ca-certificates      curl      gnupg2      software-properties-common

Add docker gpg

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -

Add docker to sources

echo "deb [arch=armhf] https://download.docker.com/linux/debian \
 $(lsb_release -cs) stable" |     sudo tee /etc/apt/sources.list.d/docker.list

Apt-get update

sudo apt-get update

Install docker-ce

sudo apt-get install docker-ce

Run an Hello World test

sudo docker run armhf/hello-world

osmc@osmc:/usr/share/menu$ sudo docker run armhf/hello-world

Hello from Docker on armhf!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

Hi Sam,

I’m running into aufs/auplink errors. Can I use this solution too?

Kind regards,

Duncan.

Hi @Duncan

AUFS is merged in the kernel for some time:

I’m not sure how much it’s been tested though. What errors are you seeing?

Sam

Hi Sam,

Good to know. Here the complete log from the systemctl.

root@osmc:/usr/share/menu# systemctl status docker -l

• docker.service - Docker Application Container Engine
  Loaded: loaded (/lib/systemd/system/docker.service; enabled)
  Active: active (running) since Sat 2017-10-07 17:20:20 CEST; 3h 43min ago
  Docs: https://docs.docker.com
  Main PID: 19583 (dockerd)
  CGroup: /system.slice/docker.service
  |-19583 /usr/bin/dockerd -H fd://
  `-19590 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc

Oct 07 17:20:19 osmc dockerd[19583]: , error: exit status 1"
Oct 07 17:20:19 osmc dockerd[19583]: time=“2017-10-07T17:20:19.856333362+02:00” level=warning msg=“Could not load necessary modules for IPSEC rules: Running modprobe xfrm_user failed with message: modprobe: WARNING: Module xfrm_user not found., error: exit status 1”
Oct 07 17:20:19 osmc dockerd[19583]: time=“2017-10-07T17:20:19.870744107+02:00” level=info msg=“Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address”
Oct 07 17:20:20 osmc dockerd[19583]: time=“2017-10-07T17:20:20.142142824+02:00” level=info msg=“Loading containers: done.”
Oct 07 17:20:20 osmc dockerd[19583]: time=“2017-10-07T17:20:20.147452732+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/tmp/docker-aufs-union698455484: exec: "auplink": executable file not found in $PATH”
Oct 07 17:20:20 osmc dockerd[19583]: time=“2017-10-07T17:20:20.253623777+02:00” level=info msg=“Docker daemon” commit=afdb6d4 graphdriver(s)=aufs version=17.09.0-ce
Oct 07 17:20:20 osmc dockerd[19583]: time=“2017-10-07T17:20:20.254136451+02:00” level=info msg=“Daemon has completed initialization”
Oct 07 17:20:20 osmc dockerd[19583]: time=“2017-10-07T17:20:20.304331119+02:00” level=info msg=“API listen on /var/run/docker.sock”
Oct 07 17:20:20 osmc systemd[1]: Started Docker Application Container Engine.
Oct 07 17:20:20 osmc systemd[1]: [/lib/systemd/system/docker.service:25] Unknown lvalue ‘Delegate’ in section ‘Service’
Oct 07 17:22:08 osmc dockerd[19583]: time=“2017-10-07T17:22:08.182297640+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/979f90bc1fea2832022e6f39fd7d5fc7de296f9c285663cbaaf73eeda65504ae-init: exec: "auplink": executable file not found in $PATH”
Oct 07 17:22:08 osmc dockerd[19583]: time=“2017-10-07T17:22:08.506322684+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/979f90bc1fea2832022e6f39fd7d5fc7de296f9c285663cbaaf73eeda65504ae: exec: "auplink": executable file not found in $PATH”
Oct 07 17:22:10 osmc dockerd[19583]: time=“2017-10-07T17:22:10.843541133+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/979f90bc1fea2832022e6f39fd7d5fc7de296f9c285663cbaaf73eeda65504ae: exec: "auplink": executable file not found in $PATH”
Oct 07 17:32:56 osmc dockerd[19583]: time=“2017-10-07T17:32:56.789800997+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/63fc19cca16bc18d547d82716428bd2eb84d6aec68ce7d0f42312a2adc1d4927-init: exec: "auplink": executable file not found in $PATH”
Oct 07 17:32:57 osmc dockerd[19583]: time=“2017-10-07T17:32:57.151532859+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/63fc19cca16bc18d547d82716428bd2eb84d6aec68ce7d0f42312a2adc1d4927: exec: "auplink": executable file not found in $PATH”
Oct 07 17:32:59 osmc dockerd[19583]: time=“2017-10-07T17:32:59.003504279+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/63fc19cca16bc18d547d82716428bd2eb84d6aec68ce7d0f42312a2adc1d4927: exec: "auplink": executable file not found in $PATH”
Oct 07 17:48:34 osmc dockerd[19583]: time=“2017-10-07T17:48:34.823929119+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/4aada9c24b2cac804183494023d8915b26836c0d2331aa56db1c1ee5c77be5fd-init: exec: "auplink": executable file not found in $PATH”
Oct 07 17:48:35 osmc dockerd[19583]: time=“2017-10-07T17:48:35.571962486+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/4aada9c24b2cac804183494023d8915b26836c0d2331aa56db1c1ee5c77be5fd: exec: "auplink": executable file not found in $PATH”
Oct 07 17:48:45 osmc dockerd[19583]: time=“2017-10-07T17:48:45.303504222+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/4aada9c24b2cac804183494023d8915b26836c0d2331aa56db1c1ee5c77be5fd: exec: "auplink": executable file not found in $PATH”
Oct 07 17:55:57 osmc dockerd[19583]: time=“2017-10-07T17:55:57.533646091+02:00” level=error msg=“Error setting up exec command in container 91eadf060eebb2401b68240cb4c33468262183939fb44499a023d2fb391fa1b5: Container 91eadf060eebb2401b68240cb4c33468262183939fb44499a023d2fb391fa1b5 is not running”
Oct 07 17:56:10 osmc dockerd[19583]: time=“2017-10-07T17:56:10.553691565+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/4aada9c24b2cac804183494023d8915b26836c0d2331aa56db1c1ee5c77be5fd: exec: "auplink": executable file not found in $PATH”
Oct 07 17:56:12 osmc dockerd[19583]: time=“2017-10-07T17:56:12.507712125+02:00” level=error msg=“Error setting up exec command in container 91eadf060eebb2401b68240cb4c33468262183939fb44499a023d2fb391fa1b5: Container 91eadf060eebb2401b68240cb4c33468262183939fb44499a023d2fb391fa1b5 is not running”
Oct 07 17:56:17 osmc dockerd[19583]: time=“2017-10-07T17:56:17.472743037+02:00” level=error msg=“Error setting up exec command in container 91eadf060eebb2401b68240cb4c33468262183939fb44499a023d2fb391fa1b5: Container 91eadf060eebb2401b68240cb4c33468262183939fb44499a023d2fb391fa1b5 is not running”
Oct 07 17:59:54 osmc dockerd[19583]: time=“2017-10-07T17:59:54.713514135+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/4aada9c24b2cac804183494023d8915b26836c0d2331aa56db1c1ee5c77be5fd: exec: "auplink": executable file not found in $PATH”
Oct 07 18:01:21 osmc dockerd[19583]: time=“2017-10-07T18:01:21.733606096+02:00” level=warning msg=“Couldn’t run auplink before unmount /var/lib/docker/aufs/mnt/4aada9c24b2cac804183494023d8915b26836c0d2331aa56db1c1ee5c77be5fd: exec: "auplink": executable file not found in $PATH”

Seems like auplink isn’t default present when you install docker.

ausfs messages seem to be warnings.

Oct 07 17:20:19 osmc dockerd[19583]: , error: exit status 1"
Oct 07 17:20:19 osmc dockerd[19583]: time=“2017-10-07T17:20:19.856333362+02:00” level=warning msg=“Could not load necessary modules for IPSEC rules: Running modprobe xfrm_user failed with message: modprobe: WARNING: Module xfrm_user not found., error: exit status 1”

This is probably what it is crashing on.

root@osmc:/usr/share/menu# modprobe -va xfrm_user
modprobe: WARNING: Module xfrm_user not found.

Something IPsec’y

Another user, @inahike seems to have got Docker to work without problems. Maybe he can share his solution.

@Duncan Can you give this a go?

I’m attempting to install Docker on Vero running OSMC 2018.08-2 and followed the guide posted by @inahike, which failed. Log here.

Since there isn’t a raspbian stretch distro in the dockerproject repo, I replaced raspbian-jessie with debian-stretch in docker.list but it also failed. Log here.

Any suggestions?