Running docker application on Axon

General
1

Hey Guys
I am trying to run docker on the image which was installed with Axon but I found that kernel installed is missing CONFIG_IP_NF_RAW $ zgrep IP_NF_RAW /proc/config.gz

CONFIG_IP_NF_RAW is not set

I can try building the kernel myself but just wanted to check if you have suggestion to fix it without building the kernel

This is the actual error I get when running docker compose:

Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint frigate (a57f39a9fb52d5be0fb7017e6bddc9fbadf1d56fea7cb50d36420c72bce7e02a): Unable to enable DIRECT ACCESS FILTERING - DROP rule:  (iptables failed: iptables --wait -t raw -A PREROUTING -p tcp -d 172.18.0.2 --dport 8554 ! -i br-2beec5707418 -j DROP: iptables v1.8.7 (legacy): can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
2

@abhi, could you please share the kernel version you are using?

3

Hey Pratiksha,

Here is my kernel
Linux vicharak 5.10.160-axon #axon SMP Fri Nov 29 16:15:43 IST 2024 aarch64 aarch64 aarch64 GNU/Linux

Regards
Abhi

4

Hi @Abhi,

Since you are using an older version of the kernel, I recommend flashing a new image with Kernel 6.1.
You can download it from the following link:

:link: Vicharak Axon Ubuntu 24 Noble

Steps to follow after flashing the new image:

  1. Update the system packages:
    sudo apt update && sudo apt upgrade
  2. Reboot the board:
    sudo reboot
  3. Follow the Docker setup instructions from the official documentation:
    :link: Install Docker on Ubuntu

If you prefer not to flash a new image, you can manually update the Linux kernel using .deb packages from:

:link: Linux Upstream Packages

Steps to manually update the kernel:

  1. Remove the existing kernel packages:
    sudo apt purge linux-image-<version> linux-headers-<version>
  2. Install the new kernel packages:
    sudo apt install ./linux-*
  3. Reboot the board:
    sudo reboot
  4. Start the Docker service:
    sudo service docker start

:one: Check Kernel Compatibility

Since your kernel may not support nftables, check the iptables backend:

sudo update-alternatives --display iptables

If it shows nft, switch to legacy mode:

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

Then restart Docker:

sudo systemctl restart docker

You can now start using Docker. If you encounter any issues, feel free to reach out.

Best regards,
Pratiksha

5

No joy!

vicharak@vicharak:~/frigate$ uname -r
6.1.75-axon
vicharak@vicharak:~/frigate$ zgrep IP_NF_RAW /proc/config.gz

CONFIG_IP_NF_RAW is not set

6

Have you installed the new Debian packages from the server?

I suggest following the steps without looking for the CONFIG_IP_NF_RAW flag.

Try starting Docker first. If it fails, update iptables using the following commands:

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
7

Yes I installed from the server as per your suggestion. I am using 22.04 LTS release fyi.

I have seleteted correct iptables:

vicharak@vicharak:~/frigate$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
------------------------------------------------------------
  0            /usr/sbin/iptables-nft      20        auto mode
* 1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode

I am trying to run Installation | Frigate using docker compose. It still throw the following error:

vicharak@vicharak:~/frigate$ docker compose up -d
WARN[0000] /home/vicharak/frigate/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 0/1
 ⠴ Container frigate  Starting                                                                                                                                               0.5s 
Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint frigate (ddad2362a1de4a269c0932d1a0b2691b53c9a9d6b4d7d5e3f3180248c116835d): Unable to enable DIRECT ACCESS FILTERING - DROP rule:  (iptables failed: iptables --wait -t raw -A PREROUTING -p tcp -d 172.18.0.2 --dport 8554 ! -i br-2beec5707418 -j DROP: iptables v1.8.7 (legacy): can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3))

Does your kernel is build with config_ip_raw? Can you help me point to correct kernel config too, I will see if I can build the kernel myself,

8

It’s just purely not about kernel, we are adding support for other dependencies as well. Will reply you tomorrow.

9

Hey @Abhi,

We have updated the kernel support. You can get the new kernel packages from the vicharak apt server.
Check the updated packages, upgrade, and try Frigate with the updated kernel.

We will provide a kernel build guide soon. If you need any other help, let us know!

10

Thank-you both, it seems to work fine now.

1 Like