Docker + Portainer Agent script stopped working

[burgerga]

✅ Have you read and understood the above guidelines?

yes

📜 What is the name of the script you are using?

Docker

📂 What was the exact command used to execute the script?

bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/docker.sh)"

📝 Provide a clear and concise description of the issue.

Worked fine a couple of weeks ago (unsure how many weeks), fails with:

...
Would you like to add Portainer? <y/N> 
Would you like to add the Portainer Agent? <y/N> y
 ⠴ Installing Portainer agent 1.6.1 
[ERROR] in line 44: exit code 0: while executing command "$@" > /dev/null 2>&1

⚙️ What settings are you using?

• Default Settings
• Advanced Settings

🖥️ Which Linux distribution are you using?

Debian 12

🔄 Steps to reproduce the issue.

1. Run community script
2. Answer no to install portainer
3. Answer yes to install portainer-agent

❌ Paste the full error output (if available).

    ____             __            
   / __ \____  _____/ /_____  _____
  / / / / __ \/ ___/ //_/ _ \/ ___/
 / /_/ / /_/ / /__/ ,< /  __/ /    
/_____/\____/\___/_/|_|\___/_/     
                                   
  ⚙️  Using Default Settings on node pve
  🖥️  Operating System: debian
  🌟  Version: 12
  📦  Container Type: Unprivileged
  💾  Disk Size: 4GB
  🧠  CPU Cores: 2
  🛠️  RAM Size: 2048MB
  🆔  Container ID: 104
  🚀  Creating a Docker LXC using the above default settings
  
  ✔️  Using local for Template Storage.
  ✔️  Using local-lvm for Container Storage.
  ✔️  Updated LXC Template List
  ✔️  LXC Container 104 was successfully created.
  ✔️  Started LXC Container
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
  ✔️  Set up Container OS
  ✔️  Network Connected: 192.168.2.196 
  ✔️  IPv4 Internet Connected
  ✖️  IPv6 Internet Not Connected
  ✔️  DNS Resolved github.com to 140.82.121.4
  ✔️  Updated Container OS
  ✔️  Installed Dependencies
  ✔️  Installed Docker v27.4.1
Would you like to add Portainer? <y/N> 
Would you like to add the Portainer Agent? <y/N> y
 ⠴ Installing Portainer agent 1.6.1 
[ERROR] in line 44: exit code 0: while executing command "$@" > /dev/null 2>&1

🖼️ Additional context (optional).

No response

[burgerga]

Full error (verbose mode):

docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: unable to join session keyring: unable to create session key: disk quota exceeded: unknown.

This is not a script issue, but is an issue when running a large number of unprivileged LXCs. Can be solved by setting a larger number of maxkeys in the proxmox host, for example with echo "20000" > /proc/sys/kernel/keys/maxkeys. See https://discuss.linuxcontainers.org/t/error-with-docker-inside-lxc-container/922 for details.

[cricalix]

This is not a script issue, but is an issue when running a large number of unprivileged LXCs. Can be solved by setting a larger number of maxkeys in the proxmox host, for example with echo "20000" > /proc/sys/kernel/keys/maxkeys. See https://discuss.linuxcontainers.org/t/error-with-docker-inside-lxc-container/922 for details.

Seems like something the scripting could do as a pre-flight check; it checks OS, usage as root, etcetera already. The default is 2000 (on my node at least, Proxmox 8), so you must have quite a few containers :)

[burgerga]

Yeah, that would probably be nice to check. And I have 40 LXCs, I didn't think that would be too many...

[cricalix]

This is not a script issue, but is an issue when running a large number of unprivileged LXCs. Can be solved by setting a larger number of maxkeys in the proxmox host, for example with echo "20000" > /proc/sys/kernel/keys/maxkeys. See https://discuss.linuxcontainers.org/t/error-with-docker-inside-lxc-container/922 for details.

Seems like something the scripting could do as a pre-flight check; it checks OS, usage as root, etcetera already. The default is 2000 (on my node at least, Proxmox 8), so you must have quite a few containers :)

Oh, here's why. Every container uses about 30 - sample size of two containers; one from ubuntu.sh, the other from docker.sh.

At 40 containers, you're using at minimum, 1200.

grep 100000: /proc/key-users (or cat /proc/key-users) would tell you how many you're using.

[cricalix]

Oh, here's why. Every container uses about 30 - sample size of two containers; one from ubuntu.sh, the other from docker.sh.

At 40 containers, you're using at minimum, 1200.

grep 100000: /proc/key-users (or cat /proc/key-users) would tell you how many you're using.

Though, alpine container only seems to use one key. So it's going to be a function of the base OS of the container. Regardless, it seems like something the scripting should do. Let me see what I can offer up as a PR.

[burgerga]

Awesome!

And it also seems I needed to increase max-bytes :O

root@pve:~# grep 100000: /proc/key-users 
100000:  1017 1017/1017 1017/20000 19629/20000

[MickLesk]

Merged to "dev_maxkeys" for testing