docker with device-mapper and luks

I’m trying to have docker container stored in a luks device, but using the below command it is not working.

I’m also trying to have a docker container to use (and maybe open) a luks file as a volume data, but I don’t know how to bind it to the container

  • Run multiple services inside one docker container [closed]
  • Docker local registry : push fails
  • AWS ECS container logs design pattern
  • how to ssh docker container
  • Docker private repo with multiple images
  • How can I set $PS1 with Dockerfile?
  • I have done the following :

    pvcreate /dev/sdb
    Physical volume "/dev/sdb" successfully created
    vgcreate vgluks /dev/sdb
    Volume group "vgluks" successfully created
    lvcreate -l 90%FREE -n lvdocker-data vgluks
    WARNING: crypto_LUKS signature detected on /dev/vgluks/lvdocker-data at offset 0. Wipe it? [y/n]: y
    Wiping crypto_LUKS signature on /dev/vgluks/lvdocker-data.
    Logical volume "lvdocker-data" created.
    lvcreate -l 100%FREE -n lvdocker-metadata vgluks
    Logical volume "lvdocker-metadata" created.

    created a key

    dd if=/dev/urandom of=/tmp/key bs=4K count=1
    1+0 records in
    1+0 records out
    4096 bytes (4.1 kB) copied, 0.00126301 s, 3.2 MB/s
    cryptsetup luksFormat --batch-mode --key-file=/tmp/key /dev/vgluks/lvdocker-data 
    cryptsetup luksFormat --batch-mode --key-file=/tmp/key /dev/vgluks/lvdocker-metadata
    cryptsetup luksOpen --key-file=/tmp/key /dev/vgluks/lvdocker-data cryptfs-data
    cryptsetup luksOpen --key-file=/tmp/key /dev/vgluks/lvdocker-metadata cryptfs-metadata

    formated in ext4

    mkfs.ext4 /dev/mapper/cryptfs-data
    mkfs.ext4 /dev/mapper/cryptfs-metadata

    my docker.service looks like this :

    Description=Docker Application Container Engine
    Documentation= docker.socket
    ExecStart=/usr/bin/docker daemon -H fd:// $OPTIONS

    and the /etc/sysconfig/docker is like :

    OPTIONS="--storage-driver=devicemapper --storage-opt dm.datadev=/dev/vgluks/lvdocker-data --storage-opt dm.metadatadev=/dev/vgluks/lvdocker-metadata --insecure-registry myregistryhost:443 -H tcp:// -H unix:///var/run/docker.sock"

    The output of systemctl is :

    systemctl status -l docker.service
    ‚óŹ docker.service - Docker Application Container Engine
       Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
       Active: failed (Result: exit-code) since Wed 2015-12-23 16:05:28 CET; 25min ago
     Main PID: 6544 (code=exited, status=1/FAILURE)
    Dec 23 16:05:28 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
    Dec 23 16:05:28 localhost.localdomain docker[6544]: time="2015-12-23T16:05:28.457356524+01:00" level=warning msg="/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\"
    Dec 23 16:05:28 localhost.localdomain docker[6544]: time="2015-12-23T16:05:28.478448525+01:00" level=fatal msg="Error starting daemon: error initializing graphdriver: Error running deviceCreate (CreatePool) dm_task_run failed"
    Dec 23 16:05:28 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
    Dec 23 16:05:28 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
    Dec 23 16:05:28 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
    Dec 23 16:05:28 localhost.localdomain systemd[1]: docker.service failed.

  • my docker-compose is picking up files from another folder, not from where I'm running the command
  • How to manage command line arguments in docker run command?
  • How to configure GWT debugging with docker?
  • Linux - Docker MySQL Image - CREATE MYSQL_USER
  • Running mysql in the foreground in centos
  • What are the best practices for tagging Docker Hub versions
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.