docker rootless 安装失败:slirp4netns or vpnkit

安装

在安装docker-rootless时,输出如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
➜  ~ dockerd-rootless-setuptool.sh install
[INFO] Creating /home/lolli/.config/systemd/user/docker.service
[INFO] starting systemd service docker.service
+ systemctl --user start docker.service
+ sleep 3
+ systemctl --user --no-pager --full status docker.service
● docker.service - Docker Application Container Engine (Rootless)
   Loaded: loaded (/home/lolli/.config/systemd/user/docker.service; disabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Fri 2022-05-27 07:09:54 EDT; 919ms ago
     Docs: https://docs.docker.com/go/rootless/
  Process: 7211 ExecStart=/usr/bin/dockerd-rootless.sh (code=exited, status=1/FAILURE)
 Main PID: 7211 (code=exited, status=1/FAILURE)
+ set +x
[ERROR] Failed to start docker.service. Run `journalctl -n 20 --no-pager --user --unit docker.service` to show the error log.
[ERROR] Before retrying installation, you might need to uninstall the current setup: `/usr/bin/dockerd-rootless-setuptool.sh uninstall -f ; /usr/bin/rootlesskit rm -rf /home/lolli/.local/share/docker`
No journal files were opened due to insufficient permissions.

使用journalctl命令检查,发现无输出
随后检查docker.sevice

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
➜  ~ cat .config/systemd/user/docker.service 
[Unit]
Description=Docker Application Container Engine (Rootless)
Documentation=https://docs.docker.com/go/rootless/

[Service]
Environment=PATH=/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/local/go/bin
ExecStart=/usr/bin/dockerd-rootless.sh 
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
Type=simple
KillMode=mixed

[Install]
WantedBy=default.target

发现是由/usr/bin/dockerd-rootless.sh启动的,随后执行,输出如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
➜  ~ /usr/bin/dockerd-rootless.sh
+ [ -w /run/user/1000 ]
+ [ -d /home/lolli ]
+ rootlesskit=
+ command -v docker-rootlesskit
+ command -v rootlesskit
+ rootlesskit=rootlesskit
+ break
+ [ -z rootlesskit ]
+ : 
+ : 
+ : builtin
+ : auto
+ : auto
+ net=
+ mtu=
+ [ -z  ]
+ command -v slirp4netns
+ slirp4netns --help
+ [ -z  ]
+ command -v vpnkit
+ echo Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed
Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed
+ exit 1

找到了关键问题

1
2
3
4
5
6
+ slirp4netns --help
+ [ -z  ]
+ command -v vpnkit
+ echo Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed
Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed
+ exit 1

随后尝试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
➜  ~ sudo apt install slirp4netns                                 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  slirp4netns
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 44.8 kB of archives.
After this operation, 105 kB of additional disk space will be used.
Get:1 http://mirrors.tuna.tsinghua.edu.cn/debian buster/main amd64 slirp4netns amd64 0.2.3-1 [44.8 kB]
Fetched 44.8 kB in 1s (49.4 kB/s)      
Selecting previously unselected package slirp4netns.
(Reading database ... 34855 files and directories currently installed.)
Preparing to unpack .../slirp4netns_0.2.3-1_amd64.deb ...
Unpacking slirp4netns (0.2.3-1) ...
Setting up slirp4netns (0.2.3-1) ...
Processing triggers for man-db (2.8.5-2) ...

但是安装的是v0.2.3-1,不符合版本要求,卸载了刚安装的旧版本。

随后在GitHub找到了二进制

前去下载后,chmod +x slirp4netns,再放入/usr/bin

卸载刚刚未完成安装的残留

1
2
3
4
5
6
➜  ~ /usr/bin/dockerd-rootless-setuptool.sh uninstall -f ; /usr/bin/rootlesskit rm -rf /home/lolli/.local/share/docker
+ systemctl --user stop docker.service
+ systemctl --user disable docker.service
[INFO] Uninstalled docker.service
[INFO] This uninstallation tool does NOT remove Docker binaries and data.
[INFO] To remove data, run: `/usr/bin/rootlesskit rm -rf /home/lolli/.local/share/docker`

随后再次尝试安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
➜  ~ dockerd-rootless-setuptool.sh install
[INFO] Creating /home/lolli/.config/systemd/user/docker.service
[INFO] starting systemd service docker.service
+ systemctl --user start docker.service
+ sleep 3
+ systemctl --user --no-pager --full status docker.service
● docker.service - Docker Application Container Engine (Rootless)
   Loaded: loaded (/home/lolli/.config/systemd/user/docker.service; disabled; vendor preset: enabled)
   Active: active (running) since Fri 2022-05-27 07:11:10 EDT; 3s ago
     Docs: https://docs.docker.com/go/rootless/
 Main PID: 7519 (rootlesskit)
   CGroup: /user.slice/user-1000.slice/[email protected]/docker.service
           ├─7519 rootlesskit --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
           ├─7530 /proc/self/exe --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh
           ├─7549 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 7530 tap0
           ├─7556 dockerd
           └─7576 containerd --config /run/user/1000/docker/containerd/containerd.toml --log-level info
+ DOCKER_HOST=unix:///run/user/1000/docker.sock /usr/bin/docker version
Client: Docker Engine - Community
 Version:           20.10.16
 API version:       1.41
 Go version:        go1.17.10
 Git commit:        aa7e414
 Built:             Thu May 12 09:17:38 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.16
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.10
  Git commit:       f756502
  Built:            Thu May 12 09:15:44 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.4
  GitCommit:        212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
 runc:
  Version:          1.1.1
  GitCommit:        v1.1.1-0-g52de29d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
+ systemctl --user enable docker.service
Created symlink /home/lolli/.config/systemd/user/default.target.wants/docker.service → /home/lolli/.config/systemd/user/docker.service.
[INFO] Installed docker.service successfully.
[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger lolli`

[INFO] Creating CLI context "rootless"
Successfully created context "rootless"

[INFO] Make sure the following environment variables are set (or add them to ~/.bashrc):

export PATH=/usr/bin:$PATH
export DOCKER_HOST=unix:///run/user/1000/docker.sock

成功