Error initializing network controller: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.4 (legacy): can’t initialize iptables table `nat’: Permission denied (you must be root)

ziomario · April 28, 2023, 12:50pm

Hello to everyone.

This is the continuation of this post : #1749

Yesterday I have installed ubuntu 20.04 within one lxc container (lxc installed via snap) because I want to run Docker. Infact Docker works under Ubuntu 20.04,but not on the ubuntu 22.04 that I have installed on the jetson nano as default. The commands that I have issued are the following ones :

lxc launch ubuntu:20.04 focal
lxc start focal
lxc exec focal -- dhclient

as you can see it is running correctly :

# lxc list

+-------+---------+----------------------+------+-----------+-----------+---------------------|
| NAME  |  STATE  |         IPV4         | IPV6 |   TYPE    | SNAPSHOTS       |
+-------+---------+----------------------+------+-----------+-----------+---------------------|
| focal | RUNNING | 10.234.85.232 (eth0) |      | CONTAINER | 0         |
+-------+---------+----------------------+------+-----------+-----------+---------------------|

root@marietto-nano:/home/marietto/Scaricati/Docker/ub20# lxc exec focal -- bash

root@focal:/etc/apt# apt update

Metadata [116 B]
Fetched 21.4 MB in 8s (2743 kB/s)                                                                                                     
Reading package lists... Done
Building dependency tree       
Reading state information... Done
4 packages can be upgraded. Run 'apt list --upgradable' to see them.

root@focal:/etc/apt# apt upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done

At this point I have copied all the content of the directory /etc/apt and of the directory /var/cache ; /var/cuda-repo-l4t-10-2-local ; /var/visionworks-repo ; /var/visionworks-sfm-repo ; /var/visionworks-tracking-repo inside the same directories within the ubuntu 20.04 container. At this point,I have installed docker with the command : apt-install nvidia-docker2 and I have launched it like this :

root@focal:/boot# dockerd

Unfortunately Docker does not work even with ubuntu 20.04 installed in this way :

INFO[2023-04-28T11:20:25.153282538+02:00] Starting up                                  

INFO[2023-04-28T11:20:25.155370083+02:00] detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf 

INFO[2023-04-28T11:20:25.157191112+02:00] parsed scheme: "unix"                         module=grpc

INFO[2023-04-28T11:20:25.157263718+02:00] scheme "unix" not registered, fallback to default scheme  module=grpc

INFO[2023-04-28T11:20:25.157341532+02:00] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc

INFO[2023-04-28T11:20:25.157378043+02:00] ClientConn switching balancer to "pick_first"  module=grpc

WARN[2023-04-28T11:20:26.158403160+02:00] grpc: addrConn.createTransport failed to connect to {unix:///run/containerd/containerd.sock  <nil> 0 <nil>}: didn't receive server preface in time. Reconnecting...  module=grpc

INFO[2023-04-28T11:20:27.408201347+02:00] parsed scheme: "unix"                         module=grpc

INFO[2023-04-28T11:20:27.408272963+02:00] scheme "unix" not registered, fallback to default scheme  module=grpc

INFO[2023-04-28T11:20:27.408341298+02:00] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc

INFO[2023-04-28T11:20:27.408387132+02:00] ClientConn switching balancer to "pick_first"  module=grpc

WARN[2023-04-28T11:20:27.485812984+02:00] Unable to find cpu controller

rimelek · April 29, 2023, 9:49am

I am not sure how that installs Docker. Have you tried installing from the official documentation?

ziomario · April 29, 2023, 1:27pm

thanks for your simply but effective suggestion. I will try to follow this tutorial :

and I will let you know…

rimelek · April 29, 2023, 2:53pm

Always use the official documentation

Use other sources only when the official instructions doesn’t work, for example when you want to install Docker on a system which is not supported.

The issue also could be caused by the fact that you want to run Docker inside an LXC container. I would at least use a virtual machine created by LXD, but LXC containers could work too. My point is that the best way to find the reason is trying to install the official way first, figuring out if that works and make changes only when you know which step worked and which isn’t.

ziomario · April 30, 2023, 4:22pm

I know man,but I have cut half the problem,otherwise it would have been more complicated and confused to explain. In short,I’m trying to run docker within an lxc container because docker does not work on ubuntu 22.04. I’m trying to find a workaround for the main problem. So,the idea is to run docker on a previous version of ubuntu,like 18 and 20,where it works without problems and at the same time we want to use a fresh release of ubuntu for the rest of the jobs,except for the tasks that will require to have the access to the gpu,that will be executed on a previous release of ubuntu 22.04 where they will work.

rimelek · April 30, 2023, 5:49pm

I am not sure how that contradicts my suggestion using the official documentation. You can use it to install Docker on previous versions of Ubuntu, although as I wrote in the other topic Docker works on Ubuntu 22.04 too. We can continue the discussion about that there if you want to, but you can choose to install Docker on previous supported Ubuntu versions. If you are interested in LXC, I can recommend you the following topic where I wrote about that too

It was about a different issue, but it might be related somehow. Note that although we mentioned “proxmox” multiple times, when I installed Docker in LXC container, I used a simple LXC on my laptop.