docker not working since omv-upgrade

  • i got this error in docker status but no container running in 2 OMV after upgrade docker docker-cli and pve-firmware


    Code
    feb 02 12:44:16 openmediavault dockerd[443191]: time="2023-02-02T12:44:16.162993133+01:00" level=error msg="7382aded0779ba4ddb2b62277bd1491814ef6f545507f5a3ca854e09daadea02 cleanup: failed to delete container from containerd: no such container"
    feb 02 12:44:16 openmediavault dockerd[443191]: time="2023-02-02T12:44:16.163035598+01:00" level=error msg="failed to start container" container=7382aded0779ba4ddb2b62277bd1491814ef6f545507f5a3ca854e09daadea02 error="AppArmor enabled on system but the docker-default profile could not be loaded: running `apparmor_parser apparmor_parser --version` failed with output: \nerror: exec: \"apparmor_parser\": executable file not found in $PATH"
    feb 02 12:44:16 openmediavault dockerd[443191]: time="2023-02-02T12:44:16.320257468+01:00" level=error msg="1bc316e82a8d45bcd5b88b9a72088a8b3da12e79e23a747e961a0bd185cb3c15 cleanup: failed to delete container from containerd: no such container"
    feb 02 12:44:16 openmediavault dockerd[443191]: time="2023-02-02T12:44:16.320302516+01:00" level=error msg="failed to start container" container=1bc316e82a8d45bcd5b88b9a72088a8b3da12e79e23a747e961a0bd185cb3c15 error="AppArmor enabled on system but the docker-default profile could not be loaded: running `apparmor_parser apparmor_parser --version` failed with output: \nerror: exec: \"apparmor_parser\": executable file not found in $PATH"
    feb 02 12:44:16 openmediavault dockerd[443191]: time="2023-02-02T12:44:16.320359444+01:00" level=info msg="Loading containers: done."
    feb 02 12:44:16 openmediavault dockerd[443191]: time="2023-02-02T12:44:16.335688472+01:00" level=info msg="Docker daemon" commit=d7573ab graphdriver=overlay2 version=23.0.0
    feb 02 12:44:16 openmediavault dockerd[443191]: time="2023-02-02T12:44:16.336201164+01:00" level=info msg="Daemon has completed initialization"
    feb 02 12:44:16 openmediavault dockerd[443191]: time="2023-02-02T12:44:16.363219199+01:00" level=info msg="[core] [Server #7] Server created" module=grpc
    feb 02 12:44:16 openmediavault systemd[1]: Started Docker Application Container Engine.
    feb 02 12:44:16 openmediavault dockerd[443191]: time="2023-02-02T12:44:16.375059505+01:00" level=info msg="API listen on /run/docker.sock"

    in a second NAS i got same error then i tried to install apparmor and then containers run but then fail with error in permission denied when trying to bind a TPC socket port

    • Official Post

    Evidently something changed in the latest docker package that is making it think apparmor is configured. I would not install apparmor. I will look for a solution but I am working.

    omv 7.1.0-2 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.2 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.5 | scripts 7.0.7


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Official Post

    Thank you I will wait for your findings

    I hope I'm not the only one looking for a solution.

    omv 7.1.0-2 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.2 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.5 | scripts 7.0.7


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • i notice that who has problem have


    ii docker-ce 5:23.0.0-1~debian.11~bullseye amd64 Docker: the open-source application container engine

    ii docker-ce-cli 5:23.0.0-1~debian.11~bullseye amd64 Docker CLI: the open-source application container engine


    the 5:23.0.0-1 version not the 5:20

  • there are my sources.list:


    • Official Post

    It isn't your sources. This is just a change to the docker-ce package directly from docker.

    omv 7.1.0-2 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.2 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.5 | scripts 7.0.7


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Official Post

    *** This is for amd64 and i386 only ***

    Here is the solution to disable apparmor on the system and it worked on my test system (not harmful since apparmor package is not installed):

    Code
    sudo mkdir -p /etc/default/grub.d
    echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' | sudo tee /etc/default/grub.d/apparmor.cfg
    sudo update-grub
    sudo reboot

    Taken from: https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor


    If you have portainer and/or yacht installed, they will most likely need to be remove and reinstalled. You will not lose settings if this is done with omv-extras.

    omv 7.1.0-2 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.2 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.5 | scripts 7.0.7


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Edited 2 times, last by ryecoaaron ().

  • that was working for me

    Here is the solution to disable apparmor on the system and it worked on my test system (not harmful since apparmor package is not installed):

    Code
    sudo mkdir -p /etc/default/grub.d
    echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' | sudo tee /etc/default/grub.d/apparmor.cfg
    sudo update-grub
    sudo reboot

    Taken from: https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor

  • Here is the solution to disable apparmor on the system and it worked on my test system (not harmful since apparmor package is not installed):

    Code
    sudo mkdir -p /etc/default/grub.d
    echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' | sudo tee /etc/default/grub.d/apparmor.cfg
    sudo update-grub
    sudo reboot

    Taken from: https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor

    Thank you, this worked for me as well.

  • Works perfectly with this mod.


    Thanks for your time.


    Here is the solution to disable apparmor on the system and it worked on my test system (not harmful since apparmor package is not installed):

    Code
    sudo mkdir -p /etc/default/grub.d
    echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' | sudo tee /etc/default/grub.d/apparmor.cfg
    sudo update-grub
    sudo reboot

    Taken from: https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor

  • Portainer doesn't seem to install/start even with that workaround (though the rest of the containers do)


    Edit: I SSH'd into the server and tried to create portainer there. I got this error:


    Code
    $ docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
    049dfdf8d2d99f945f56b76cd7ce15b8626acfd41049b790bb240d97ed41118b
    docker: Error response from daemon: driver failed programming external connectivity on endpoint portainer (4037a0761505758b37c5d8dbb71d4e2f5e0c047ec297531b9cf73e3fe0ee80e2): Error starting userland proxy: listen tcp4 0.0.0.0:8000: bind: address already in use.


    moving the portainer ports to 9001 and 8001 seems to have fixed it. It looks like something new is listening in on port 8000 now. I've not changed any other containers and none of them should have been listening in on port 8000


    Code
    $ sudo lsof -i tcp:8000
    COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    homebridg 9756 root   31u  IPv6  86583      0t0  TCP *:8000 (LISTEN)

    Edit edit: Looks like homebridge was the culperate (it needs netadmin to run correctly and that apparently means it's listening in on port 8000). Maybe something related to the docker patch. I don't know. I guess there's not really much OMV can/should do about that other than maybe switching the default portainer ports. But I suppose that's an OMV Extra change request not OMV itself.

  • Here is the solution to disable apparmor on the system and it worked on my test system (not harmful since apparmor package is not installed):

    Code
    sudo mkdir -p /etc/default/grub.d
    echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' | sudo tee /etc/default/grub.d/apparmor.cfg
    sudo update-grub
    sudo reboot

    Taken from: https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor

    This solved the apparmor issue but now I see the runtime: nvidea is broken and I am not sure how to fix that, the old ways of updating the

    Code
    /etc/docker/daemon.json

    `

    Code
    {
    
        "runtimes": {
            "nvidia": {
                "path": "nvidia-container-runtime",
                "runtimeArgs": []
            }
        }
    }

    is preventing the docker to restart.

    • Official Post

    vm or bare metal should not matter. apparmor is enabled at the grub level either way.

    omv 7.1.0-2 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.2 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.5 | scripts 7.0.7


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!