loading...
Cover image for Squid in docker, help please

Squid in docker, help please

suntong profile image suntong ・3 min read

Well, I was planning a splashy introduction of the squid in docker that I use, but unfortunately, I wasn't able to make it working, from the time that I started the whole squid caching server series. So~~~ embarrassing... So, now, let me proudly present, after such long suspension,

.

.

.

my~~~ failure. :-) Sorry, I'm still unable to get the thing working. Here is the error that I get:

$ docker-compose up
Creating network "squidalpinessl_default" with the default driver
Pulling squid-alpine-ssl (alatas/squid-alpine-ssl:latest)...
latest: Pulling from alatas/squid-alpine-ssl
c67f3896b22c: Pull complete440e6ed511b8: Pull complete847023064f29: Pull completea9feff2a3c77: Pull complete76bf3e160a3a: Pull complete24048ab52d48: Pull complete39519a455c0c: Pull completeDigest: sha256:9c80c62244e3c703b6870d39d95b1bfd3c9c4906a7011bc6563701bc63af81e6
Status: Downloaded newer image for alatas/squid-alpine-ssl:latest
Creating squidalpinessl_squid-alpine-ssl_1 ... 
Creating squidalpinessl_squid-alpine-ssl_1 ... error

ERROR: for squidalpinessl_squid-alpine-ssl_1  Cannot start service squid-alpine-ssl: OCI runtime create failed: /var/lib/docker/overlay2/1fd063e74f933d24df8530b72dfaea6d4db76aebe42d95bd93bb9f952b2f607c/merged is not an absolute path or is a symlink: unknown

ERROR: for squid-alpine-ssl  Cannot start service squid-alpine-ssl: OCI runtime create failed: /var/lib/docker/overlay2/1fd063e74f933d24df8530b72dfaea6d4db76aebe42d95bd93bb9f952b2f607c/merged is not an absolute path or is a symlink: unknown
ERROR: Encountered errors while bringing up the project.

Note that,

  • The above is pulling the "last-good" version of it, when it was supposed to work -- otherwise, people won't upload broken images to docker hub. But still, it is not working.
  • I tried to update everything to latest, but it is still failing on me.
  • In fact, I trimmed it down to the following simple docker file, and it is still Not.Working!:
$ cat Dockerfile 
FROM alpine:latest

RUN apk add --no-cache \
    squid \

$ docker build -t squid-alpine . 
Sending build context to Docker daemon  2.048kB
Step 1/2 : FROM alpine:latest
 ---> 4d90542f0623
Step 2/2 : RUN apk add --no-cache     squid
 ---> Running in 190963a80f2d
failed to update store for object type *libnetwork.endpointCnt: Key not found in store

So now I declare my failure, and will move on to Ubuntu based solution instead.

Of course, anyone who is reading this, and knows the solution, I'll be more than happy to hear from you. Thanks!

UPDATE:

Thanks to all the help from @andrelinslima , which stirred me into the right direction for troubleshooting, I've now solved all the problems, including the problem from Ubuntu based solution:

$ sudo docker-compose up
Pulling Squid (sameersbn/squid:3.5.27-2)...
3.5.27-2: Pulling from sameersbn/squid
5b7339215d1d: Pull complete14ca88e9f672: Pull completea31c3b1caad4: Pull completeb054a26005b7: Pull completeb75c98eb6264: Pull completeb2b9f1f84321: Pull completeDigest: sha256:e98299069f0c6e3d9b9188903518e2f44ac36b1fa5007e879af518e1c0a234af
Status: Downloaded newer image for sameersbn/squid:3.5.27-2
Creating dockersquid_Squid_1 ... 
Creating dockersquid_Squid_1 ... error

ERROR: for dockersquid_Squid_1  Cannot start service Squid: failed to update store for object type *libnetwork.endpointCnt: Key not found in store

ERROR: for Squid  Cannot start service Squid: failed to update store for object type *libnetwork.endpointCnt: Key not found in store
ERROR: Encountered errors while bringing up the project.

I'm including all the error messages here in hoping that the next person looking for them might find the solution here.

It has nothing to do with the docker base, whether alpine or ubuntu.
As @andrelinslima has pointed out that, it is a local config problem. As for the solution, the hints comes from here:

  • "It's internal docker daemon error"
  • "I moved my docker images folder when I faced this problem."
  • "For those suffering this issue, I reset my docker twice and it started working."

Indeed, it was caused by me moving my docker images folder, and the solution is simple to restart the docker service:

% /etc/init.d/docker restart
[ ok ] Restarting docker (via systemctl): docker.service.

Posted on by:

Discussion

markdown guide
 

The docker-compose yml you link to is working fine. You can clone the git repo and start it using labs.play-with-docker.com/ for example.

Sounds like you have problems with your permissions for your docker-compose setup. Try using sudo when invoking docker-compose

 

Thanks a lot for the help.

I'm still having problem when using sudo to invoke docker-compose:

$ sudo docker-compose up
Starting squidalpinessl_squid-alpine-ssl_1 ... 
Starting squidalpinessl_squid-alpine-ssl_1 ... error

ERROR: for squidalpinessl_squid-alpine-ssl_1  Cannot start service squid-alpine-ssl: OCI runtime create failed: /var/lib/docker/overlay2/1fd063e74f933d24df8530b72dfaea6d4db76aebe42d95bd93bb9f952b2f607c/merged is not an absolute path or is a symlink: unknown

ERROR: for squid-alpine-ssl  Cannot start service squid-alpine-ssl: OCI runtime create failed: /var/lib/docker/overlay2/1fd063e74f933d24df8530b72dfaea6d4db76aebe42d95bd93bb9f952b2f607c/merged is not an absolute path or is a symlink: unknown
ERROR: Encountered errors while bringing up the project.

$ lsb_release -a 
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.2 LTS
Release:        18.04
Codename:       bionic

Maybe we have a different host system?

Anyway, thx for the introduction of Play with Docker (PWD). I will give it a try next...

 

Tried on the exact same ubuntu build, works fine to me... so I would still guess it's a local config problem

Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-54-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

 * MicroK8s 1.15 is out! Thanks to all 40 contributors, you get the latest
   greatest upstream Kubernetes in a single package.

     https://github.com/ubuntu/microk8s

user@nuc:~$ git clone https://github.com/suntong/squid-alpine-ssl.git
Cloning into 'squid-alpine-ssl'...
remote: Enumerating objects: 7, done.
remote: Counting objects: 100% (7/7), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 50 (delta 1), reused 4 (delta 0), pack-reused 43
Unpacking objects: 100% (50/50), done.

user@nuc:~$ cd squid-alpine-ssl/
user@nuc:squid-alpine-ssl$ docker-compose up

Creating network "squidalpinessl_default" with the default driver
Pulling squid-alpine-ssl (alatas/squid-alpine-ssl:latest)...
latest: Pulling from alatas/squid-alpine-ssl
c67f3896b22c: Pull complete
440e6ed511b8: Pull complete
847023064f29: Pull complete
a9feff2a3c77: Pull complete
76bf3e160a3a: Pull complete
24048ab52d48: Pull complete
39519a455c0c: Pull complete
Digest: sha256:9c80c62244e3c703b6870d39d95b1bfd3c9c4906a7011bc6563701bc63af81e6
Status: Downloaded newer image for alatas/squid-alpine-ssl:latest
Creating squidalpinessl_squid-alpine-ssl_1 ...
Creating squidalpinessl_squid-alpine-ssl_1 ... done
Attaching to squidalpinessl_squid-alpine-ssl_1
squid-alpine-ssl_1  | Starting squid...
squid-alpine-ssl_1  | Preparing folders...
squid-alpine-ssl_1  | Creating certificate...
squid-alpine-ssl_1  | Generating a 2048 bit RSA private key
squid-alpine-ssl_1  | .......................................................+++++
squid-alpine-ssl_1  | ..........................+++++
squid-alpine-ssl_1  | writing new private key to '/etc/squid-cert/private.pem'
[...etc...]

Oh, thanks a lot for the confirmation! Didn't realize that the same ubuntu build can have so different results. Now I know which direction to look for problems. Thanks again.

Oh, 

What version is your docker? Mine:

$ apt-cache policy docker.io
docker.io:
  Installed: 18.09.7-0ubuntu1~18.04.3
  Candidate: 18.09.7-0ubuntu1~18.04.3
  Version table:
 *** 18.09.7-0ubuntu1~18.04.3 500
        500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages
        500 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
        100 /var/lib/dpkg/status
     17.12.1-0ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages

$ docker version
Client:
 Version:           18.09.7
 API version:       1.39
 Go version:        go1.10.1
 Git commit:        2d0083d
 Built:             Wed Jul  3 12:13:59 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.09.7
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.1
  Git commit:       2d0083d
  Built:            Mon Jul  1 19:31:12 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 

Also, notice that it didn't create the container again. it just started a stopped one. you can try sudo docker-compose up --force-recreate

 

Hello,

Use my config.This work fine.

Dockerfile


FROM alpine:latest
LABEL maintainer="linux8a@gmail.com"

RUN apk update \
&& apk add squid curl bash which \
&& rm -rf /var/cache/apk/*

COPY start-squid.sh /usr/local/bin/
RUN chmod 755 /usr/local/bin/start-squid.sh
EXPOSE 3128/tcp
ENTRYPOINT ["/usr/local/bin/start-squid.sh"]


start-squid.sh


!/bin/bash

set -e

if [[ ${1:0:1} = '-' ]]; then
EXTRA_ARGS="$@"
set --
elif [[ ${1} == squid || ${1} == $(which squid) ]]; then
EXTRA_ARGS="${@:2}"
set --
fi

if [[ -z ${1} ]]; then
if [[ ! -d ${SQUID_CACHE_DIR}/00 ]]; then
echo "Initializing cache..."
$(which squid) -N -f /etc/squid/squid.conf -z
fi
echo "Starting squid..."
exec $(which squid) -f /etc/squid/squid.conf -NYCd 1 ${EXTRA_ARGS}
else
exec "$@"
fi


Squid.conf


acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12

acl localnet src 192.168.0.0/16
acl localnet src fc00::/7

acl localnet src fe80::/10

acl SSL_ports port 443
acl Safe_ports port 80

acl Safe_ports port 21

acl Safe_ports port 443
acl Safe_ports port 70

acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280

acl Safe_ports port 488

acl Safe_ports port 591

acl Safe_ports port 777

acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_mem 512 MB
coredump_dir /var/cache/squid

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

dns_nameservers 1.1.1.1 8.8.8.8


Docker-compose.yml


version: '3.1'

services:
squid:
image: squid
container_name: squid
ports:
- "3128:3128"
volumes:
- ./squid/cache:/var/spool/squid
- ./etc/squid.conf:/etc/squid/squid.conf:ro
- ./squid/log:/var/log/squid:rw
restart: always
volumes:
squid:


Regards