docker:连接期间出错:在Windows的默认守护程序配置中,必须以提升的特权运行docker客户端才能进行连接 [英] docker: error during connect: In the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect
问题描述
我正在尝试在Windows Server 2019上以进程隔离模式运行Docker(Docker Desktop在这里不起作用,我的VPS不支持Hyper-V).我在PowerShell中运行(全部在管理员模式下) docker run -it --isolation = process mcr.microsoft.com/windows/servercore:ltsc2019 cmd.exe/c ping 127.0.0.1 -t
然后我得到了错误:
docker:连接期间出错:在Windows的默认守护程序配置中,必须以提升的特权运行docker客户端才能进行连接.:发表http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/containers/create:打开//.//pipe/docker_engine:系统找不到指定的文件.请参阅"docker run --help".
我运行了命令&'C:\ Program Files \ Docker \ DockerCli.exe'-SwitchDaemon
,如此处建议的那样:
按照
由于我是新手,所以我不确定是否刚刚启动了一个容器,如果是,我只是看到哪个容器,我只是看到了 start.
,但不知道它是从哪里来的或来自何处我可以配置它.
更新1
基于Peter Wishart的建议,我尝试了 uninstall-Package -Name docker
,但随后我得到了
uninstall-Package:找不到"docker"的软件包.在第1行:char:1+卸载软件包-名称泊坞窗+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo:ObjectNotFound:(Microsoft.Power ... ninstallPackage:UninstallPackage)[卸载软件包], 例外+ FullyQualifiedErrorId:NoMatchFound,Microsoft.PowerShell.PackageManagement.Cmdlets.UninstallPackage
这是我尝试过的完整代码:
PS C:\ Users \ Administrator>卸载程序包-名称泊坞窗uninstall-Package:找不到"docker"的软件包.在第1行:char:1+卸载软件包-名称泊坞窗+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo:ObjectNotFound:(Microsoft.Power ... ninstallPackage:UninstallPackage)[卸载软件包], 例外+ FullyQualifiedErrorId:NoMatchFound,Microsoft.PowerShell.PackageManagement.Cmdlets.UninstallPackagePS C:\ Users \ Administrator>码头工人用法:泊坞窗[OPTIONS] COMMAND容器的自足运行时选项:--config字符串客户端配置文件的位置(默认" C:\\ Users \\ Administrator \\.docker")-c,--context字符串用于连接到守护程序(覆盖DOCKER_HOST env var和使用"docker context use"设置的默认上下文)-D,--debug启用调试模式-H,--host列出要连接的守护程序套接字-l,--log-level字符串设置日志记录级别(调试" |信息" |警告" |错误" |致命")(默认为"info")--tls使用TLS;--tlsverify暗示--tlscacert字符串仅由该CA签名的信任证书(默认" C:\\ Users \\ Administrator \\.docker \\ ca.pem)--tlscert字符串TLS证书文件的路径(默认"C:\\ Users \\ Administrator \\.docker \\ cert.pem")--tlskey字符串TLS密钥文件的路径(默认" C:\\ Users \\ Administrator \\.docker \\ key.pem)--tlsverify使用TLS并验证远程-v,--version打印版本信息并退出管理命令:app * Docker应用程序(Docker Inc.,v0.8.0)建造者管理建造群集*管理Mirantis容器云群集(Mirantis Inc.,v1.9.0)配置管理Docker配置容器管理容器上下文管理上下文图像管理图像清单管理Docker映像清单和清单清单网络管理网络节点管理Swarm节点插件管理插件注册表*管理Docker注册表(Docker Inc.,0.1.0)管理Docker机密服务管理服务堆栈管理Docker堆栈群管理群系统管理Docker信任管理对Docker映像的信任音量管理音量命令:将本地标准输入,输出和错误流附加到正在运行的容器从Dockerfile构建映像提交根据容器的更改创建新图像cp在容器和本地文件系统之间复制文件/文件夹创建一个新的容器diff检查容器文件系统上文件或目录的更改事件从服务器获取实时事件exec在正在运行的容器中运行命令导出将容器的文件系统导出为tar存档历史记录显示图像的历史记录图片列表图片import从tarball导入内容以创建文件系统映像info显示系统范围的信息检查关于Docker对象的低级信息杀死一个或多个运行中的容器从tar归档文件或STDIN中加载图像登录到Docker注册表注销从Docker注册表注销日志获取容器的日志暂停暂停一个或多个容器中的所有进程port列出端口映射或容器的特定映射ps列表容器从注册表中拉出映像或存储库推送将映像或存储库推送到注册表重命名容器重新启动重新启动一个或多个容器rm取出一个或多个容器rmi删除一个或多个图像在新容器中运行命令保存将一个或多个图像保存到tar存档中(默认情况下流式传输到STDOUT)搜索Docker Hub中的图像启动启动一个或多个停止的容器统计信息显示容器资源使用情况统计信息的实时流停止停止一个或多个运行中的容器标签创建一个引用了SOURCE_IMAGE的标签TARGET_IMAGE顶部显示容器的运行过程取消暂停取消暂停一个或多个容器中的所有进程更新一个或多个容器的配置版本显示Docker版本信息等待阻止,直到一个或多个容器停止,然后打印其退出代码运行"docker COMMAND --help"以获取有关命令的更多信息.要获得有关Docker的更多帮助,请查看我们的指南,网址为https://docs.docker.com/go/guides/PS C:\ Users \ Administrator>Get-PackageProvider -ListAvailable名称版本DynamicOptions---- ------- --------------DockerMsftProvider 1.0.0.8更新msi 3.0.0.0 AdditionalArgumentsmsu 3.0.0.0NuGet 2.8.5.208目标,排除版本,范围,SkipDependencies,标头,FilterOnTag ...PowerShellGet 1.0.0.1 PackageManagementProvider,类型,范围,AllowClobber,SkipPublisherCheck,...程序3.0.0.0 IncludeWindowsInstaller,IncludeSystemComponentPS C:\ Users \ Administrator>获取软件包-名称Docker -ProviderName DockerMsftProvider名称版本来源提供者名称---- ------- ------ ------------码头工人20.10.0 DockerDefault DockerMsftProviderPS C:\ Users \ Administrator>安装包-名称docker -ProviderName DockerMsftProvider程序包来自未标记为受信任的程序包源.您确定要从"DockerDefault"安装软件吗?[Y]是[A]对所有人[N]否[L]对所有人[S]暂停[?]帮助(默认为"N"):yPS C:\ Users \ Administrator>安装包-名称docker -ProviderName DockerMsftProvider程序包来自未标记为受信任的程序包源.您确定要从"DockerDefault"安装软件吗?[Y]是[A]对所有人[N]否[L]对所有人[S]暂停[?]帮助(默认为"N"):APS C:\ Users \ Administrator>卸载程序包-名称泊坞窗警告:Docker服务不可用.uninstall-Package:在此对象上找不到属性状态".验证该属性存在.在第1行:char:1+卸载软件包-名称泊坞窗+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo:未指定:(Microsoft.Power ... ninstallPackage:UninstallPackage)[Uninstall-Package],例外+ FullyQualifiedErrorId:PropertyNotFoundStrict,Microsoft.PowerShell.PackageManagement.Cmdlets.UninstallPackagePS C:\ Users \ Administrator>
当 docker
客户端由非管理员用户运行时,错误消息所提及的管道访问是一个(可能不相关的)问题(参见这里).
我认为最可能的解释是docker服务无法启动.
当您运行 dockerd
时,您实际上是启动守护程序的一个实例-和 API行侦听//.//pipe/docker_engine
表示该系统服务以前未启动-因为您启动的实例可以创建管道.
如果您停止正在运行的 dockerd
实例并运行:
Get-Service泊坞窗|重新启动服务Get-WinEvent -logname应用程序|其中ProviderName -eq docker |排序TimeCreated
您应该能够将日志输出与 dockerd
的手动启动进行比较,并查看是否有任何错误阻止了该服务的启动.
如果事件日志记录 API监听//.//pipe/docker_engine
,则 Get-Service docker
应该显示服务正在运行,而您的 docker
命令应该可以.
好像卸载docker失败,因为该服务不存在.但是,除服务安装外,安装成功.
您可以使用&'C:\ Program Files \ Docker \ dockerd.exe'--register-service
如果VPS提供商以某种方式停止注册服务,这可能会失败?
另一种选择是使用&'C:\ Program Files \ Docker \ dockerd.exe'--run-service
在一个shell中交互运行docker,然后在另一个shell中运行docker命令
I'm trying to run Docker in process isolation mode on Windows Server 2019 (Docker Desktop does not work here, my VPS does not support Hyper-V).
I run this in PowerShell (all in Administrator mode)
docker run -it --isolation=process mcr.microsoft.com/windows/servercore:ltsc2019 cmd.exe /c ping 127.0.0.1 -t
Then I get error:
docker: error during connect: In the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect.: Post http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/containers/create: open //./pipe/docker_engine: The system cannot find the file specified. See 'docker run --help'.
I ran command & 'C:\Program Files\Docker\DockerCli.exe' -SwitchDaemon
, as suggested here: Docker cannot start on Windows
However, DockerCli.exe
does not exist in a clean Docker install:
As suggested here I tried copying the file DockerCli.exe
from my local Windows 10 Docker Desktop installation and reran, but then I get:
Unhandled Exception: System.IO.FileNotFoundException: Could not load file or assembly 'Docker.Core, Version=3.0.0.50646, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified. at Docker.Cli.MainBackendCli.Run(IReadOnlyCollection`1 args) at Docker.Cli.MainBackendCli.Main(String[] args)
Regardless, copying files from Docker Desktop does not feel like the right approach.
I then ran dockerd
in PowerShell since that's the only other executable in that folder:
Since I'm a newbie, I'm not sure if I just started a container and if so, which one, I just see start.
, but no idea where that comes from or how I can configure it.
UPDATE 1
Based on Peter Wishart's suggestion I tried uninstall-Package -Name docker
, but then I get
uninstall-Package : No package found for 'docker'. At line:1 char:1
+ uninstall-Package -Name docker
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Microsoft.Power...ninstallPackage:UninstallPackage) [Uninstall-Package]
, Exception
+ FullyQualifiedErrorId : NoMatchFound,Microsoft.PowerShell.PackageManagement.Cmdlets.UninstallPackage
Here's the full code of what I tried:
PS C:\Users\Administrator> uninstall-Package -Name docker
uninstall-Package : No package found for 'docker'.
At line:1 char:1
+ uninstall-Package -Name docker
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Microsoft.Power...ninstallPackage:UninstallPackage) [Uninstall-Package]
, Exception
+ FullyQualifiedErrorId : NoMatchFound,Microsoft.PowerShell.PackageManagement.Cmdlets.UninstallPackage
PS C:\Users\Administrator> docker
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default
"C:\\Users\\Administrator\\.docker")
-c, --context string Name of the context to use to connect to the
daemon (overrides DOCKER_HOST env var and
default context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level
("debug"|"info"|"warn"|"error"|"fatal")
(default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default
"C:\\Users\\Administrator\\.docker\\ca.pem")
--tlscert string Path to TLS certificate file (default
"C:\\Users\\Administrator\\.docker\\cert.pem")
--tlskey string Path to TLS key file (default
"C:\\Users\\Administrator\\.docker\\key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
app* Docker Application (Docker Inc., v0.8.0)
builder Manage builds
cluster* Manage Mirantis Container Cloud clusters (Mirantis Inc., v1.9.0)
config Manage Docker configs
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
registry* Manage Docker registries (Docker Inc., 0.1.0)
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Run 'docker COMMAND --help' for more information on a command.
To get more help with docker, check out our guides at https://docs.docker.com/go/guides/
PS C:\Users\Administrator> Get-PackageProvider -ListAvailable
Name Version DynamicOptions
---- ------- --------------
DockerMsftProvider 1.0.0.8 Update
msi 3.0.0.0 AdditionalArguments
msu 3.0.0.0
NuGet 2.8.5.208 Destination, ExcludeVersion, Scope, SkipDependencies, Headers, FilterOnTag...
PowerShellGet 1.0.0.1 PackageManagementProvider, Type, Scope, AllowClobber, SkipPublisherCheck, ...
Programs 3.0.0.0 IncludeWindowsInstaller, IncludeSystemComponent
PS C:\Users\Administrator> Get-Package -Name Docker -ProviderName DockerMsftProvider
Name Version Source ProviderName
---- ------- ------ ------------
docker 20.10.0 DockerDefault DockerMsftProvider
PS C:\Users\Administrator> Install-Package -Name docker -ProviderName DockerMsftProvider
The package(s) come(s) from a package source that is not marked as trusted.
Are you sure you want to install software from 'DockerDefault'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): y
PS C:\Users\Administrator> Install-Package -Name docker -ProviderName DockerMsftProvider
The package(s) come(s) from a package source that is not marked as trusted.
Are you sure you want to install software from 'DockerDefault'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): A
PS C:\Users\Administrator> uninstall-Package -Name docker
WARNING: Docker Service is not available.
uninstall-Package : The property 'Status' cannot be found on this object. Verify that the property exists.
At line:1 char:1
+ uninstall-Package -Name docker
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Microsoft.Power...ninstallPackage:UninstallPackage) [Uninstall-Package],
Exception
+ FullyQualifiedErrorId : PropertyNotFoundStrict,Microsoft.PowerShell.PackageManagement.Cmdlets.UninstallPackage
PS C:\Users\Administrator>
The pipe access that the error message mentions is a (probably unrelated) issue when docker
client is run by non-admin users (see here).
I think the most likely explanation is that the docker service has failed to start.
When you ran dockerd
you were actually starting an instance of the daemon - and the line API listen on //./pipe/docker_engine
means that the system service hadn't started previously - as the instance you started could create the pipe.
If you stop the running dockerd
instance and run:
Get-Service docker | Restart-Service
Get-WinEvent -logname application | where ProviderName -eq docker | sort TimeCreated
You should be able to compare the log output with your manual start of dockerd
, and see if any errors are blocking the service from starting.
If the event log records API listen on //./pipe/docker_engine
then Get-Service docker
should show the service as running, and your docker
commands should be ok.
[Edit]
Looks like the uninstall of docker was failing because the service doesn't exist. Yet, the install is succeeding except for the service installation.
You can re-register the service with &'C:\Program Files\Docker\dockerd.exe' --register-service
Maybe this will fail if the VPS provider is somehow stopping services from being registered?
Another option is to run docker interactively in one shell with &'C:\Program Files\Docker\dockerd.exe' --run-service
, and run your docker commands in another shell.
这篇关于docker:连接期间出错:在Windows的默认守护程序配置中,必须以提升的特权运行docker客户端才能进行连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!