Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot connect to the Docker daemon after Docker daemon update #2023

Open
brechsteiner opened this issue Sep 16, 2024 · 2 comments
Open

Cannot connect to the Docker daemon after Docker daemon update #2023

brechsteiner opened this issue Sep 16, 2024 · 2 comments
Labels
Priority: Medium Status: Available Type: Bug Unintended behavior

Comments

@brechsteiner
Copy link

Describe the bug

If the Docker daemon on a host is updated by apt, the Watchtower container can no longer communicate with the Docker daemon via the socket.

Steps to reproduce

  1. Run Docker via Compose
  watchtower:
    image: containrrr/watchtower:latest
    container_name: watchtower
    restart: always
    network_mode: bridge
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    environment:
      - WATCHTOWER_WARN_ON_HEAD_FAILURE=never
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_SCHEDULE=0 15 5 * * *
      - WATCHTOWER_INCLUDE_RESTARTING=true
  1. Update Docker Daemon with apt upgrade
  2. Wait for Watchtower check interval

Expected behavior

The Watchtower should still be able to communicate via the socket after the update.

Screenshots

No response

Environment

  • OS: Debian 12
  • Arch: amd64
  • Docker Version: 27.2.1

Your logs

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Additional context

No response
@github-actions GitHub Actions
Copy link

Hi there! 👋🏼 As you're new to this repo, we'd like to suggest that you read our code of conduct as well as our contribution guidelines. Thanks a bunch for opening your first issue! 🙏

@wollomatic
Copy link

Hi @brechsteiner,

do you have "live-restore": true set in the /etc/docker/daemon.json?

It is a common issue that after an update of the Docker daemon the socket connections are dysfuntional, so that the client has to be restarted.

That's one reason I created a socket-proxy with an integrated watchdog, so it can restart when the socket connection fails.

Here is my configuration with Watchtower:

services:

  watchtower:
    image: containrrr/watchtower:1.7.1
    restart: always
    read_only: true
    user: 2000:2000
    command:
      - '--host=tcp://dockerproxy:2375'
      - '--cleanup'
      - '--debug'
      - '--label-enable'
      - '--schedule=0 0 4 * * *'
    networks:
      - watchtower
      - docker_socket

  dockerproxy:
    image: wollomatic/socket-proxy:1.5.0
    restart: unless-stopped
    user: 65534:999 # GID needs to be Docker group
    read_only: true
    mem_limit: 256M
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges
    command:
      - '-loglevel=info'
      - '-allowfrom=watchtower'
      - '-listenip=0.0.0.0'
      - '-allowGET=/v1\..{2}/(containers/.*|images/.*)'
      - '-allowPOST=/v1\..{2}/(containers/.*|images/.*|networks/.*)'
      - '-allowDELETE=/v1\..{2}/(containers/.*|images/.*)'
      - '-watchdoginterval=60'
      - '-stoponwatchdog'
      - '-shutdowngracetime=5'
    labels:
      - com.centurylinklabs.watchtower.enable=false # this is important! Without, an automatic update would break Watchtower and socket-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - docker_socket

networks:
  watchtower:
    driver: bridge
  docker_socket:
    internal: true
    attachable: false

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Medium Status: Available Type: Bug Unintended behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brechsteiner @wollomatic