Docker Install Offline

I apologize now as I am very new to docker so it could easily be something I do not know about docker

I have a local instance(not docker) of ziti up and working and I have been requested to look into docker. On an online machine I pulled quickstart latest and I ran docker save openziti/quickstart > quickstart.tar this allowed me to be able to pull to an offline environment. I was able to load the docker image using docker load quickstart.tar. when I run the following command i get the corresponding errors and the machine will not run. I am running everything as root currently

Command:
docker run
–network myFirstZitiNetwork
–network-alias ziti-controller
–network-alias ziti-edge-controller
-p 1280:1280
-it
–rm
-v ~/docker-volume/myFirstZitiNetwork:/persistent/pki
-v ~/docker-volume/myFirstZitiNetwork/ziti.env:/persistent/ziti.env
openziti/quickstart:0.27.2
/var/openziti/scripts/run-controller.sh

Error Log(Only Included snipts of the logs that seemed important:
/var/openziti/scripts/ziti-cli-functions.sh: line 1141: /persistent/ziti.env: Permission denied
/var/openziti/scripts/ziti-cli-functions.sh: line 1142: /persistent/ziti.env: Permission denied
/var/openziti/scripts/ziti-cli-functions.sh: line 1142: /persistent/ziti.env: Permission denied
/var/openziti/scripts/ziti-cli-functions.sh: line 1142: /persistent/ziti.env: Permission denied
/var/openziti/scripts/ziti-cli-functions.sh: line 1142: /persistent/ziti.env: Permission denied
/var/openziti/scripts/ziti-cli-functions.sh: line 1142: /persistent/ziti.env: Permission denied
/var/openziti/scripts/ziti-cli-functions.sh: line 1142: /persistent/ziti.env: Permission denied
/var/openziti/scripts/ziti-cli-functions.sh: line 1142: /persistent/ziti.env: Permission denied
/var/openziti/scripts/ziti-cli-functions.sh: line 1142: /persistent/ziti.env: Permission denied
/var/openziti/scripts/ziti-cli-functions.sh: line 1142: /persistent/ziti.env: Permission denied

Creating server cert from ca: ziti-edge-controller-intermediate for ziti-controller,localhost,ziti,ziti-edge-controller / 127.0.0.1
runtime/cgo: pthread_create failed: Operation not permitted
SIGABRT: abort
PC=0x7f6864dc726b m=0 sigcode=18446744073709551610

Creating intermediate: ziti-edge-controller-root-ca ziti-edge-controller-intermediate 1
runtime/cgo: pthread_create failed: Operation not permitted
SIGABRT: abort
PC=0x7efc6863b26b m=0 sigcode=18446744073709551610

goroutine 1 [running]:
runtime.systemstack_switch()
runtime/asm_amd64.s:459 fp=0xc000084780 sp=0xc000084778 pc=0x1131960
runtime.main()
runtime/proc.go:170 +0x6d fp=0xc0000847e0 sp=0xc000084780 pc=0x110084d
runtime.goexit()
runtime/asm_amd64.s:1594 +0x1 fp=0xc0000847e8 sp=0xc0000847e0 pc=0x1133b81

I'm like, 95% sure that is a Docker thing... Docker won't expand your tilde use. Replace that with either $HOME or use the fully qualified path.

mmmm. No, I think I’m thinking of something else. It actually seems like you have a couple of issues in there. First is the ziti.env and second is that cgo issue.

Maybe we can take a step back - can you tell me what you’re trying to do here? :slight_smile: From a higher level I mean, are you trying to be able to make your own quickstart image for “offline”/“air gapped” type of use?

Of course I am trying to replicate our local instance that was created a few months back to be docker instance at the request of higher ups who want docker. The install is required to be offline/air gapped from the external internet I was able to figure out the process for getting docker images offline yet my docker knowledge is very basic

A simple answer is yes quickstart image that is offline/airgapped

Gotcha. So now I understand what you did and why and now the title of the post makes more sense to me too! thank you. Let me talk to some people and mull over this and I’ll get back to you. Thanks for the clarity.

1 Like

Thank you for the assistance

Is the base os for this RedHat 7.9?

Yes Red Hat 7.9 is the OS

Hi there @cmbryner , to try to reproduce that problem, I installed Docker in CentOS7 and ran the script to start the Ziti Controller. I didn’t run into the same issue.

I have collected the files I used to build the CentOS7 VM and install things in case it helps you to identify what is different about your environment.

Hello I got the same issue I tried blowing away the VM and running again and the same result occurred

It makes me think your OS has some differences and those differences are probably not going to be particularly easy for us to reproduce/troubleshoot… Do you have a script of “things you do” with a RHEL 7.9 install in order to get things working? For example, how do you install docker? Do you have any antivirus, things like that. We’ve seen odd issues from other linuxes before, we’ve seen SELinux get in the way etc.

Its just a standard Red hat Images download from red hat no changes nothing crazy installed. To setup the VM there is a script to join it to AD and give it an IP but that’s it and I have tried with selinux off and mcafee off.

I installed docker following their install instructions and I can run the hello world docker image just fine

I will add when I tired to run the latest openziti quickstart I get an error that says it does not exist but when I pass a tag of 0.27.2 it runs perfectly fine. I am leaning toward an issue with /var/openziti/scripts/ziti-cli-functions.sh but I am not sure since when I go and try and read the script it says it does not exist

Does the /var/openziti/scripts/ziti-cli-functions.sh get created at docker run time or is pulled from the internet?

Can you share a link to the steps you used? I specifically want to follow whaterver you followed. Also if there's anything else important about the setup lemme know. I also think there's a problem with the setup, but it's odd to me because you're getting the /var/openziti/scripts/ziti-cli-functions.sh: line 1141: /persistent/ziti.env: Permission denied error, which seems like a strange/unexpected permission issue to me.

The script is baked into the image itself.

How to install and setup Docker on RHEL 7/CentOS 7 - nixCraft (cyberciti.biz)

This may be a permissions issue do I have to add myself to any special docker group to be able to run docker images

You do, but if you ran hello-world you should be fine. Generally you add “whatever” user you are to the docker group and that’s all you need to do… I still can’t get docker installed on RHEL7.9 tho … :frowning:

Ok… So here are the two changes you need to perform to make this work. I’ll update our docs accordingly.

Since you’re running as root, when run your docker containers apparently on RHEL you’ll need to also supply the --user root and --privileged flag to the docker commands.

So, for example:

docker run \
  --user root --privileged \
  --network myFirstZitiNetwork \
  --network-alias ziti-controller \
  --network-alias ziti-edge-controller \
  -p 1280:1280 \
  -it \
  --rm \
  -v ~/docker-volume/myFirstZitiNetwork:/persistent/pki \
  -v ~/docker-volume/myFirstZitiNetwork/ziti.env:/persistent/ziti.env \
  openziti/quickstart \
  /var/openziti/scripts/run-controller.sh

If you do that, I think you’ll be good to go.

Also note, the next challenge you’ll probably hit is the advertised addresses. The docker quickstarts make assumptions about all the traffic being routable. I don’t think we have any guides on how to use docker “anywhere” yet.