The quickest way to install Elixir is through a distribution or using one of the available installers. If not available, then we recommend the precompiled packages or compiling it.

Note that Elixir v1.11 requires Erlang 21.0 or later. Many of the instructions below will automatically install Erlang for you. In case they do not, read the “Installing Erlang” section below.

Distributions

1. If you are familiar with Docker you can use the official Docker image to get started quickly with Elixir. Enter interactive mode Run: docker run -it -rm elixir; Enter bash within container with installed elixir. Run: docker run -it -rm elixir bash; Those distributions will likely install Erlang automatically for you too.
2. Run inside Docker container. If you prefer containerized processes, we maintain a Docker image with recent snapshot builds from our develop branch on DockerHub. We maintain four different Docker images for running the latest stable or development versions of Geth. Ethereum/client-go:latest is the latest development version of Geth (default).

The preferred option for installing Elixir. Choose your operating system and tool.

If your distribution contains an old Elixir/Erlang version, see the sections below for installing Elixir/Erlang from version managers or from source.

To build pacman: sudo apt-get install -no-install-recommends -y bsdtar. To build snap if and only if you have custom stage packages. Provided Docker Images. $ systemctl status wksmitx State: running Jobs: 0 queued Failed: 0 units Since: Tue 2021-03-23 11:02:04 CET; 1min 3s ago CGroup: / ├─user.slice │ └─user-1000.slice │ ├─user@1000.service │ │ ├─app.slice │ │ │ ├─app-flatpak-com.slack.Slack-3434.scope │ │ │ │ ├─3434 bwrap -args 41 /app/bin/zypak.

macOS

• Using Homebrew:
  • Update your homebrew to latest: brew update
  • Run: brew install elixir
• Using Macports:
  • Run: sudo port install elixir

GNU/Linux

• Alpine Linux (Community repository)
  • Run: apk add elixir
• Arch Linux (Community repository)
  • Run: pacman -S elixir
• Debian
  • See below the instructions for Ubuntu
• Fedora 21 (and older)
  • Run: yum install elixir
• Fedora 22 (and newer)
  • Run dnf install elixir erlang
• Gentoo
  • Run: emerge --ask dev-lang/elixir
• GNU Guix
  • Run: guix package -i elixir
• openSUSE (and SLES)
  • Add Elixir/Erlang repository: zypper ar -f obs://devel:languages:erlang/ Elixir-Factory
  • Run: zypper in elixir
  • Optional: if you want to use the latest Erlang, you can use this repository: zypper ar -f obs://devel:languages:erlang:Factory Erlang-Factory
• Slackware
  • Using Sbopkg:
    • Run: sbopkg -ki 'erlang-otp elixir'
  • Manually:
    • Download, build and install from SlackBuilds.org: erlang-otp, and elixir
• Solus
  • Run: eopkg install elixir
• Ubuntu 14.04/16.04/17.04/18.04/19.04 or Debian 7/8/9/10
  • Add Erlang Solutions repository: wget https://packages.erlang-solutions.com/erlang-solutions_2.0_all.deb && sudo dpkg -i erlang-solutions_2.0_all.deb
  • Run: sudo apt-get update
  • Install the Erlang/OTP platform and all of its applications: sudo apt-get install esl-erlang
  • Install Elixir: sudo apt-get install elixir

BSD

• FreeBSD
  • Using ports:
    • Run: cd /usr/ports/lang/elixir && make install clean
  • Using pkg:
    • Run: pkg install elixir
• OpenBSD
  • Run: pkg_add elixir

Windows

• Using our web installer:
  • Click next, next, …, finish
• Using Chocolatey:
  • Run: cinst elixir

Raspberry Pi

If necessary, replace “buster” with the name of your Raspbian release.

• The Erlang Solutions repository has a prebuilt package for armhf. This saves a significant amount of time in comparison to recompiling natively
• Get Erlang key and add it to the keychain:
  • Run: echo 'deb https://packages.erlang-solutions.com/debian buster contrib' | sudo tee /etc/apt/sources.list.d/erlang-solutions.list
  • Run: wget https://packages.erlang-solutions.com/debian/erlang_solutions.asc
  • Run: sudo apt-key add erlang_solutions.asc
• Install Elixir:
  • Update apt to latest: sudo apt update
  • Run: sudo apt install elixir

Docker

If you are familiar with Docker you can use the official Docker image to get started quickly with Elixir.

• Enter interactive mode
  • Run: docker run -it --rm elixir
• Enter bash within container with installed elixir
  • Run: docker run -it --rm elixir bash

Those distributions will likely install Erlang automatically for you too. In case they don’t, check the Installing Erlang section below.

If you need to programmatically fetch the list of Elixir precompiled packages alongside their checksums, access https://elixir-lang.org/elixir.csv.

Precompiled package

Elixir provides a precompiled package for every release. First install Erlang and then download and unzip the Precompiled.zip file for the latest release.

Once the release is unpacked, you are ready to run the elixir and iex commands from the bin directory, but we recommend you to add Elixir’s bin path to your PATH environment variable to ease development.

Compiling with version managers

There are many tools that allow developers to install and manage multiple Erlang and Elixir versions. They are useful if you have multiple projects running on different Elixir or Erlang versions, can’t install Erlang or Elixir as mentioned above or if the version provided by your package manager is outdated. Here are some of those tools:

• asdf - install and manage different Elixir and Erlang versions
• exenv - install and manage different Elixir versions
• kiex - install and manage different Elixir versions
• kerl - install and manage different Erlang versions

Keep in mind that each Elixir version supports specific Erlang/OTP versions. Check the compatibility table if you have questions or run into issues.

If you would prefer to compile from source manually, don’t worry, we got your back too.

Compiling from source (Unix and MinGW)

You can download and compile Elixir in few steps. The first one is to install Erlang.

Next you should download source code (.zip, .tar.gz) of the latest release, unpack it and then run make inside the unpacked directory (note: if you are running on Windows, read this page on setting up your environment for compiling Elixir).

After compiling, you are ready to run the elixir and iex commands from the bin directory. It is recommended that you add Elixir’s bin path to your PATH environment variable to ease development.

In case you are feeling a bit more adventurous, you can also compile from master:

If the tests pass, you are ready to go. Otherwise, feel free to open an issue in the issues tracker on GitHub.

Installing Erlang

The only prerequisite for Elixir is Erlang, version 21.0 or later. When installing Elixir, Erlang is generally installed automatically for you. However, if you want to install Erlang manually, you might check:

• A general list of installation methods from the Riak documentation.

After Erlang is installed, you should be able to open up the command line (or command prompt) and check the Erlang version by typing erl. You will see some information similar to:

Notice that depending on how you installed Erlang, Erlang binaries might not be available in your PATH. Be sure to have Erlang binaries in your PATH, otherwise Elixir won’t work!

Setting PATH environment variable

It is highly recommended to add Elixir’s bin path to your PATH environment variable to ease development.

On Windows, there are instructions for different versions explaining the process.

On Unix systems, you need to find your shell profile file, and then add to the end of this file the following line reflecting the path to your Elixir installation:

Checking the installed version of Elixir

Once you have Elixir installed, you can check its version by running elixir --version.

Estimated reading time: 17 minutes

Rootless mode allows running the Docker daemon and containers as a non-rootuser to mitigate potential vulnerabilities in the daemon andthe container runtime.

Rootless mode does not require root privileges even during the installation ofthe Docker daemon, as long as the prerequisites are met.

Rootless mode was introduced in Docker Engine v19.03 as an experimental feature.Rootless mode graduated from experimental in Docker Engine v20.10.

How it works

Rootless mode executes the Docker daemon and containers inside a user namespace.This is very similar to userns-remap mode, except thatwith userns-remap mode, the daemon itself is running with root privileges,whereas in rootless mode, both the daemon and the container are running withoutroot privileges.

Rootless mode does not use binaries with SETUID bits or file capabilities,except newuidmap and newgidmap, which are needed to allow multipleUIDs/GIDs to be used in the user namespace.

Prerequisites

• You must install newuidmap and newgidmap on the host. These commands are provided by the uidmap package on most distros.

• /etc/subuid and /etc/subgid should contain at least 65,536 subordinateUIDs/GIDs for the user. In the following example, the user testuser has65,536 subordinate UIDs/GIDs (231072-296607).

Distribution-specific hint

Note: We recommend that you use the Ubuntu kernel.

• No preparation is needed.

• overlay2 storage driver is enabled by default(Ubuntu-specific kernel patch).

• Known to work on Ubuntu 16.04, 18.04, and 20.04.

• Add kernel.unprivileged_userns_clone=1 to /etc/sysctl.conf (or/etc/sysctl.d) and run sudo sysctl --system.

• To use the overlay2 storage driver (recommended), runsudo modprobe overlay permit_mounts_in_userns=1 (Debian-specific kernel patch, introduced in Debian 10). Add the configuration to /etc/modprobe.d for persistence.

• Installing fuse-overlayfs is recommended. Run sudo pacman -S fuse-overlayfs.

• Add kernel.unprivileged_userns_clone=1 to /etc/sysctl.conf (or/etc/sysctl.d) and run sudo sysctl --system

• Installing fuse-overlayfs is recommended. Run sudo zypper install -y fuse-overlayfs.

• sudo modprobe ip_tables iptable_mangle iptable_nat iptable_filter is required.This might be required on other distros as well depending on the configuration.

• Known to work on openSUSE 15.

• Installing fuse-overlayfs is recommended. Run sudo dnf install -y fuse-overlayfs.

• You might need sudo dnf install -y iptables.

• When SELinux is enabled, you may face can't open lock file /run/xtables.lock: Permission denied error.A workaround for this is to sudo dnf install -y policycoreutils-python-utils && sudo semanage permissive -a iptables_t.This issue is tracked in moby/moby#41230.

• Known to work on CentOS 8 and Fedora 33.

• Add user.max_user_namespaces=28633 to /etc/sysctl.conf (or /etc/sysctl.d) and run sudo sysctl --system.

• systemctl --user does not work by default. Run dockerd-rootless.sh directly without systemd.

Known limitations

• Only the following storage drivers are supported:
  • overlay2 (only if running with kernel 5.11 or later, or Ubuntu-flavored kernel, or Debian-flavored kernel)
  • fuse-overlayfs (only if running with kernel 4.18 or later, and fuse-overlayfs is installed)
  • vfs
• Cgroup is supported only when running with cgroup v2 and systemd. See Limiting resources.
• Following features are not supported:
  • AppArmor
  • Checkpoint
  • Overlay network
  • Exposing SCTP ports
• To use the ping command, see Routing ping packets.
• To expose privileged TCP/UDP ports (< 1024), see Exposing privileged ports.
• IPAddress shown in docker inspect and is namespaced inside RootlessKit’s network namespace.This means the IP address is not reachable from the host without nsenter-ing into the network namespace.
• Host network (docker run --net=host) is also namespaced inside RootlessKit.

Install

Note

If the system-wide Docker daemon is already running, consider disabling it:$ sudo systemctl disable --now docker.service

If you installed Docker 20.10 or later with RPM/DEB packages, you should have dockerd-rootless-setuptool.sh in /usr/bin.

Run dockerd-rootless-setuptool.sh install as a non-root user to set up the daemon:

If dockerd-rootless-setuptool.sh is not present, you may need to install the docker-ce-rootless-extras package manually, e.g.,

If you do not have permission to run package managers like apt-get and dnf,consider using the installation script available at https://get.docker.com/rootless.

The binaries will be installed at ~/bin.

See Troubleshooting if you faced an error.

Uninstall

To remove the systemd service of the Docker daemon, run dockerd-rootless-setuptool.sh uninstall:

To remove the data directory, run rootlesskit rm -rf ~/.local/share/docker.

To remove the binaries, remove docker-ce-rootless-extras package if you installed Docker with package managers.If you installed Docker with https://get.docker.com/rootless (Install without packages),remove the binary files under ~/bin:

Usage

Daemon

The systemd unit file is installed as ~/.config/systemd/user/docker.service.

Use systemctl --user to manage the lifecycle of the daemon:

To launch the daemon on system startup, enable the systemd service and lingering:

Starting Rootless Docker as a systemd-wide service (/etc/systemd/system/docker.service)is not supported, even with the User= directive.

To run the daemon directly without systemd, you need to run dockerd-rootless.sh instead of dockerd.

The following environment variables must be set:

• $HOME: the home directory
• $XDG_RUNTIME_DIR: an ephemeral directory that is only accessible by the expected user, e,g, ~/.docker/run.The directory should be removed on every host shutdown.The directory can be on tmpfs, however, should not be under /tmp.Locating this directory under /tmp might be vulnerable to TOCTOU attack.

Remarks about directory paths:

• The socket path is set to $XDG_RUNTIME_DIR/docker.sock by default.$XDG_RUNTIME_DIR is typically set to /run/user/$UID.
• The data dir is set to ~/.local/share/docker by default.The data dir should not be on NFS.
• The daemon config dir is set to ~/.config/docker by default.This directory is different from ~/.docker that is used by the client.

Client

You need to specify the socket path explicitly.

To specify the socket path using $DOCKER_HOST:

To specify the socket path using docker context:

Best practices

Rootless Docker in Docker

To run Rootless Docker inside “rootful” Docker, use the docker:<version>-dind-rootlessimage instead of docker:<version>-dind.

The docker:<version>-dind-rootless image runs as a non-root user (UID 1000).However, --privileged is required for disabling seccomp, AppArmor, and mountmasks.

Expose Docker API socket through TCP

To expose the Docker API socket through TCP, you need to launch dockerd-rootless.shwith DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS='-p 0.0.0.0:2376:2376/tcp'.

Expose Docker API socket through SSH

To expose the Docker API socket through SSH, you need to make sure $DOCKER_HOSTis set on the remote host.

Routing ping packets

On some distributions, ping does not work by default.

Add net.ipv4.ping_group_range = 0 2147483647 to /etc/sysctl.conf (or/etc/sysctl.d) and run sudo sysctl --system to allow using ping.

Exposing privileged ports

To expose privileged ports (< 1024), set CAP_NET_BIND_SERVICE on rootlesskit binary.

Or add net.ipv4.ip_unprivileged_port_start=0 to /etc/sysctl.conf (or/etc/sysctl.d) and run sudo sysctl --system.

Limiting resources

Limiting resources with cgroup-related docker run flags such as --cpus, --memory, --pids-limitis supported only when running with cgroup v2 and systemd.See Changing cgroup version to enable cgroup v2.

If docker info shows none as Cgroup Driver, the conditions are not satisfied.When these conditions are not satisfied, rootless mode ignores the cgroup-related docker run flags.See Limiting resources without cgroup for workarounds.

If docker info shows systemd as Cgroup Driver, the conditions are satisfied.However, typically, only memory and pids controllers are delegated to non-root users by default.

To allow delegation of all controllers, you need to change the systemd configuration as follows:

Note

Delegating cpuset requires systemd 244 or later.

Limiting resources without cgroup

Even when cgroup is not available, you can still use the traditional ulimit and cpulimit,though they work in process-granularity rather than in container-granularity,and can be arbitrarily disabled by the container process.

For example:

• To limit CPU usage to 0.5 cores (similar to docker run --cpus 0.5):docker run <IMAGE> cpulimit --limit=50 --include-children <COMMAND>

• To limit max VSZ to 64MiB (similar to docker run --memory 64m):docker run <IMAGE> sh -c 'ulimit -v 65536; <COMMAND>'

• To limit max number of processes to 100 per namespaced UID 2000(similar to docker run --pids-limit=100):docker run --user 2000 --ulimit nproc=100 <IMAGE> <COMMAND>

Pacman Docker Play

Troubleshooting

Errors when starting the Docker daemon

[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: operation not permitted

This error occurs mostly when the value of /proc/sys/kernel/unprivileged_userns_clone is set to 0:

To fix this issue, add kernel.unprivileged_userns_clone=1 to/etc/sysctl.conf (or /etc/sysctl.d) and run sudo sysctl --system.

[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: no space left on device

This error occurs mostly when the value of /proc/sys/user/max_user_namespaces is too small:

To fix this issue, add user.max_user_namespaces=28633 to/etc/sysctl.conf (or /etc/sysctl.d) and run sudo sysctl --system.

[rootlesskit:parent] error: failed to setup UID/GID map: failed to compute uid/gid map: No subuid ranges found for user 1001 (“testuser”)

This error occurs when /etc/subuid and /etc/subgid are not configured. See Prerequisites.

could not get XDG_RUNTIME_DIR

This error occurs when $XDG_RUNTIME_DIR is not set.

On a non-systemd host, you need to create a directory and then set the path:

Note:You must remove the directory every time you log out.

On a systemd host, log into the host using pam_systemd (see below).The value is automatically set to /run/user/$UID and cleaned up on every logout.

systemctl --user fails with “Failed to connect to bus: No such file or directory”

This error occurs mostly when you switch from the root user to an non-root user with sudo:

Instead of sudo -iu <USERNAME>, you need to log in using pam_systemd. For example:

• Log in through the graphic console
• ssh <USERNAME>@localhost
• machinectl shell <USERNAME>@

The daemon does not start up automatically

You need sudo loginctl enable-linger $(whoami) to enable the daemon to startup automatically. See Usage.

iptables failed: iptables -t nat -N DOCKER: Fatal: can’t open lock file /run/xtables.lock: Permission denied

This error may happen when SELinux is enabled on the host.

A known workaround is to run the following commands to disable SELinux for iptables:

This issue is tracked in moby/moby#41230.

docker pull errors

docker: failed to register layer: Error processing tar file(exit status 1): lchown <FILE>: invalid argument

This error occurs when the number of available entries in /etc/subuid or/etc/subgid is not sufficient. The number of entries required vary acrossimages. However, 65,536 entries are sufficient for most images. SeePrerequisites.

docker: failed to register layer: ApplyLayer exit status 1 stdout: stderr: lchown <FILE>: operation not permitted

This error occurs mostly when ~/.local/share/docker is located on NFS.

A workaround is to specify non-NFS data-root directory in ~/.config/docker/daemon.json as follows:

docker run errors

--cpus, --memory, and --pids-limit are ignored

This is an expected behavior on cgroup v1 mode.To use these flags, the host needs to be configured for enabling cgroup v2.For more information, see Limiting resources.

Networking errors

docker run -p fails with cannot expose privileged port

docker run -p fails with this error when a privileged port (< 1024) is specified as the host port.

When you experience this error, consider using an unprivileged port instead. For example, 8080 instead of 80.

To allow exposing privileged ports, see Exposing privileged ports.

ping doesn’t work

Pacman Docker Games

Ping does not work when /proc/sys/net/ipv4/ping_group_range is set to 1 0:

For details, see Routing ping packets.

IPAddress shown in docker inspect is unreachable

This is an expected behavior, as the daemon is namespaced inside RootlessKit’snetwork namespace. Use docker run -p instead.

--net=host doesn’t listen ports on the host network namespace

This is an expected behavior, as the daemon is namespaced inside RootlessKit’snetwork namespace. Use docker run -p instead.

Network is slow

Pacman Docker

Docker with rootless mode uses slirp4netns as the default network stack if slirp4netns v0.4.0 or later is installed.If slirp4netns is not installed, Docker falls back to VPNKit.

Installing slirp4netns may improve the network throughput.See RootlessKit documentation for the benchmark result.

Also, changing MTU value may improve the throughput.The MTU value can be specified by adding Environment='DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=<INTEGER>'to ~/.config/systemd/user/docker.service and then running systemctl --user daemon-reload.

docker run -p does not propagate source IP addresses

This is because Docker with rootless mode uses RootlessKit’s builtin port driver by default.

The source IP addresses can be propagated by adding Environment='DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns'to ~/.config/systemd/user/docker.service and then running systemctl --user daemon-reload.

Note that this configuration decreases throughput.See RootlessKit documentation for the benchmark result.

Tips for debugging

Entering into dockerd namespaces

The dockerd-rootless.sh script executes dockerd in its own user, mount, and network namespaces.

For debugging, you can enter the namespaces by runningnsenter -U --preserve-credentials -n -m -t $(cat $XDG_RUNTIME_DIR/docker.pid).

security, namespaces, rootless