I’m using Juju 2.7.0-bionic-amd64. I have a Bionic Vagrant VM that I am doing development in. I have Juju installed in that VM and I am using the localhost LXD cloud.
I’m attempting to deploy a charm that installs the Docker snap and then runs docker containers. Docker installs fine, but containers fail to run with the message above.
LXD is installed with the snap, too.
To test, I created a new LXD container with lxc launch ubuntu:18.04 test, I exec'ed into it and install the docker.io Apt package and I had a similar permission denied error message when running containers.
Thanks for the details! I am out of office so don’t have any solutions but I just want to confirm that I am running the same setup with Juju inside Vagrant, only difference is my Vagrant box is 16.04 and I install LXD via apt from xenial backports. I don’t have to tweak anything so I think you might be on the right track with LXD.
OK, I’ve verified that you can set the security.nesting=true ( and the security.privileged=true, but I don’t think that one is required ) and Docker can be used inside of LXD, but it only works with the Apt docker package and not the Docker snap.
I don’t know what the problem the snap has is coming from. I’ll probably open a topic on the snapcraft forum for that.
Also, you can set the LXD profile for a charm in lxd-profile.yaml in the charm directory ( reference ) so doing this should work ( not fully tested by me yet ):
lxd-profile.yaml:
config:
security.nesting: "true"
# Shouldn't be need but I haven't tested without yet
security.privileged: "true"
Yes, you can set the lxd-profile. One note is that Juju encourages best practices and so you might find some settings cause Juju to not allow it without a --force flag on deploy.