Docker Hub Permissions Question

Hello,

I am testing 5.11.90 on centos 8 and I have an issue with docker/docker hub permissions for the oneadmin user. It isn’t until I chmod 666 the socket that it works as expected, even though my oneadmin user is in the docker group. Has anyone else got this running? Am I doing something wrong?

After setting up docker service and adding oneadmin to the docker group, I am receiving the following:

Mon Jun 15 08:39:37 2020 [Z0][ImM][I]: cp: Copying local image docker://silverpeas?size=2048&filesystem=ext4&format=raw to the image repository
Mon Jun 15 08:39:37 2020 [Z0][ImM][E]: cp: Command "set -e -o pipefail; /var/lib/one/remotes/datastore/fs/../downloader.sh   'docker://silverpeas?size=2048&filesystem=ext4&format=raw' '/var/lib/one//datastores/105/a1e1228c774682ea9ca1f588152aba46'" failed: docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
Mon Jun 15 08:39:37 2020 [Z0][ImM][I]: See 'docker run --help'.
Mon Jun 15 08:39:37 2020 [Z0][ImM][I]: Error copying
Mon Jun 15 08:39:37 2020 [Z0][ImM][E]: Error copying docker://silverpeas?size=2048&filesystem=ext4&format=raw to /var/lib/one//datastores/105/a1e1228c774682ea9ca1f588152aba46
Mon Jun 15 08:39:37 2020 [Z0][ImM][E]: Error copying image in the datastore: Error copying docker://silverpeas?size=2048&filesystem=ext4&format=raw to /var/lib/one//datastores/105/a1e1228c774682ea9ca1f588152aba46
Mon Jun 15 08:39:37 2020 [Z0][InM][D]: Monitoring datastore docker images (105)

cat /etc/group | grep docker

docker:x:985:oneadmin

ls -l /var/run/docker.sock

srw-rw----. 1 root docker 0 Jun 15 08:39 /var/run/docker.sock

To get opennebula to create a template from dockerhub I have to…
chmod 666 /var/run/docker.sock
ls -l /var/run/docker.sock

srw-rw-rw-. 1 root docker 0 Jun 15 08:39 /var/run/docker.sock

tail -f /var/log/one/oned.log

Mon Jun 15 15:34:08 2020 [Z0][ReM][D]: Req:6896 UID:2 IP:127.0.0.1 one.image.allocate invoked , “DRIVER=“raw”
DEV_PRE…”, 105, true
Mon Jun 15 15:34:08 2020 [Z0][ImM][I]: Copying docker://silverpeas?size=2048&filesystem=ext4&format=raw to repository for image 44
Mon Jun 15 15:34:08 2020 [Z0][ReM][D]: Req:6896 UID:2 one.image.allocate result SUCCESS, 44
Mon Jun 15 15:38:54 2020 [Z0][ImM][I]: Image (44) copied and ready to use.

Hello @IowaOrganics,

Can you confirm if you restarted OpenNebula after adding oneadmin to docker group?

Note that you need to create a new session in order to this change to take effect, so if the OpenNebula service was started before oneadmin was added to the docker group it will keep failing until the process is restarted with new permissions.

Thanks for the suggestion, though I am confident I restarted opennebula as I restarted to get my cluster leader back to the node i was testing on. I will try again on the 5.12 release.