How to bring Docker back to life after an unsuccessful lxc container restore?

T

tea2019-04-22 01:10:53

LXC

tea, 2019-04-22 01:10:53

Docker lived in the lxc container under proxmox (in the company with composer and portainer). At one fine moment, in the container, by root, I missed the dot in the command chown www-data:www-data ./
. there were fresh backups of the lxc container, I decided not to bother, but to restore yesterday's copy of the container. Everything recovered with no errors, except that no docker container is starting. When I try to run I get an error like:

ERROR: for portainer Cannot start service portainer: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:424: container init caused \"rootfs_linux.go:46: preparing rootfs caused \\\"permission denied\\\"\"": unknown
ERROR: Encountered errors while bringing up the project.

Because I’m just starting my journey with docker (I’ve been playing for half a year), then I don’t really understand what went wrong. A cursory googling didn't turn up any results. Please help.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

tea, 2019-04-22
@tea

Some additional information:

pve-хост:

~# uname -a
Linux pve 4.15.18-12-pve #1 SMP PVE 4.15.18-35 (Wed, 13 Mar 2019 08:24:42 +0100) x86_64 GNU/Linux

# docker version
Client:
Version: 18.09.5
API version: 1.39
Go version: go1.10.8
Git commit: e8ff056dbc
Built: Thu Apr 11 04:44:28 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.5
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: e8ff056
Built: Thu Apr 11 04:10:53 2019
OS/Arch: linux/amd64
Experimental: false

# docker info
Containers: 17
Running: 0
Paused: 0
Stopped: 17
Images: 68
Server Version: 18.09.5
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.15.18-12-pve
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 3
Total Memory: 2GiB
Name: docker
ID: LC4T:QSQF:BT6R:T24L:Q5YS:6HBF:TJ3H:5EI7:WICK:TBIW:LOPE:O5ZS
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

Everything turned out to be simple: when restoring the lxc container, for some reason, the settings of this container flew off and it turned out to be without privileges to run docker inside lxc.
I re-added the necessary settings to conf and everything worked.

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

P

Puma Thailand, 2019-04-22
@opium

What for?
Docker article is elementary and also better on kvm
Install from scratch and run