Service stuck on activating (start) and never starts
Jan 02 08:35:49 kail dockerd[1337]: time="2021-01-02T08:35:49.254338338Z" level=info msg="Loading containers: start."
Jan 02 08:35:59 kail dockerd[1337]: time="2021-01-02T08:35:59.327638653Z" level=info msg="Container f34db773beee2371244dbcf3d75ded7fed932b2eed8d038b0f8113ab6a19e0ea failed to exit within 10 seconds of signal 15 - using the force"
How to resolve this ?
resolved by deleting the container from the system
rm -rf /var/lib/docker/containers/<container>
Related
I'm trying to install Kubernetes on CentOS 7.7, therefore, I have to install docker first.
I followed Kubernetes Documentation to install docker-ce and modify daemon.json file.
$ yum install yum-utils device-mapper-persistent-data lvm2
$ yum-config-manager --add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
$ yum update && yum install \
containerd.io-1.2.10 \
docker-ce-19.03.4 \
docker-ce-cli-19.03.4
$ mkdir /etc/docker
$ cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
$ mkdir -p /etc/systemd/system/docker.service.d
$ systemctl daemon-reload
$ systemctl start docker
When started docker service, it said:
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
$ systemctl status -l docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Tue 2020-01-07 14:44:11 UTC; 7min ago
Docs: https://docs.docker.com
Process: 9879 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
Main PID: 9879 (code=exited, status=1/FAILURE)
Jan 07 14:44:09 love61y2222c.mylabserver.com systemd[1]: Failed to start Docker Application Container Engine.
Jan 07 14:44:09 love61y2222c.mylabserver.com systemd[1]: Unit docker.service entered failed state.
Jan 07 14:44:09 love61y2222c.mylabserver.com systemd[1]: docker.service failed.
Jan 07 14:44:11 love61y2222c.mylabserver.com systemd[1]: docker.service holdoff time over, scheduling restart.
Jan 07 14:44:11 love61y2222c.mylabserver.com systemd[1]: Stopped Docker Application Container Engine.
Jan 07 14:44:11 love61y2222c.mylabserver.com systemd[1]: start request repeated too quickly for docker.service
Jan 07 14:44:11 love61y2222c.mylabserver.com systemd[1]: Failed to start Docker Application Container Engine.
Jan 07 14:44:11 love61y2222c.mylabserver.com systemd[1]: Unit docker.service entered failed state.
Jan 07 14:44:11 love61y2222c.mylabserver.com systemd[1]: docker.service failed.
$ journalctl -xe
.
.
-- Unit docker.service has begun starting up.
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.722780008Z" level=info msg="Starting up"
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.728447514Z" level=info msg="parsed scheme: \"unix\"" module=grpc
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.728479813Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.728510943Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.728526075Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.732325726Z" level=info msg="parsed scheme: \"unix\"" module=grpc
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.733844225Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.733880664Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.733898044Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: time="2020-01-07T15:28:25.743421350Z" level=warning msg="Using pre-4.0.0 kernel for overlay2, mount failures may require
Jan 07 15:28:25 love61y2223c.mylabserver.com dockerd[29628]: failed to start daemon: error initializing graphdriver: overlay2: the backing xfs filesystem is formatted without d_type
Jan 07 15:28:25 love61y2223c.mylabserver.com systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Jan 07 15:28:25 love61y2223c.mylabserver.com systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is failed.
Jan 07 15:28:25 love61y2223c.mylabserver.com systemd[1]: Unit docker.service entered failed state.
Jan 07 15:28:25 love61y2223c.mylabserver.com systemd[1]: docker.service failed.
Could anyone tell me why docker service start failed after modifying daemon.json file? And how to specify cgroupdriver, default log-driver and default storage-driver in the right way?
Any suggestion will be greatly appreciated.
Thanks.
This error is pointing to an issue forcing docker to use overlay2 without the proper backing filesystem:
failed to start daemon: error initializing graphdriver: overlay2: the backing xfs filesystem is formatted without d_type
See docker's table for details on backing filesystem requirements for the different storage drivers: https://docs.docker.com/storage/storagedriver/#supported-backing-filesystems
The fix is to remove the storage driver settings, or fix the backing filesystem with the needed options to support overlay2:
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
}
}
For details on changing the xfs options, that appears to require rebuilding the filesystem. See this answer for more details on the needed steps.
Following this article on Jhipster, I build the project. I, however, can't run docker-compose. So, I try to figure out the problem. I walk step by step with this Docker-Compose article without luck.
$ sudo service docker status
docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-12-27 15:40:22 PST; 2 days ago
Docs: https://docs.docker.com
Main PID: 1960 (dockerd)
Tasks: 20 (limit: 4440)
Memory: 68.2M
CGroup: /system.slice/docker.service
├─1960 /usr/bin/dockerd -H fd://
└─2093 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --s
Dec 27 15:40:10 tk-PC dockerd[1960]: time="2018-12-27T15:40:10.493340278-08:00" level=warning msg="Your kernel does not support swap memory li
Dec 27 15:40:10 tk-PC dockerd[1960]: time="2018-12-27T15:40:10.493612101-08:00" level=warning msg="Your kernel does not support cgroup rt peri
Dec 27 15:40:10 tk-PC dockerd[1960]: time="2018-12-27T15:40:10.493681034-08:00" level=warning msg="Your kernel does not support cgroup rt runt
Dec 27 15:40:10 tk-PC dockerd[1960]: time="2018-12-27T15:40:10.496381656-08:00" level=info msg="Loading containers: start."
Dec 27 15:40:17 tk-PC dockerd[1960]: time="2018-12-27T15:40:17.498415923-08:00" level=info msg="Default bridge (docker0) is assigned with an I
Dec 27 15:40:19 tk-PC dockerd[1960]: time="2018-12-27T15:40:19.646853084-08:00" level=info msg="Loading containers: done."
Dec 27 15:40:22 tk-PC dockerd[1960]: time="2018-12-27T15:40:22.512083092-08:00" level=info msg="Daemon has completed initialization"
Dec 27 15:40:22 tk-PC dockerd[1960]: time="2018-12-27T15:40:22.512266914-08:00" level=info msg="Docker daemon" commit=89658be graphdriver=aufs
Dec 27 15:40:22 tk-PC dockerd[1960]: time="2018-12-27T15:40:22.553322342-08:00" level=info msg="API listen on /var/run/docker.sock"
Dec 27 15:40:22 tk-PC systemd[1]: Started Docker Application Container Engine.
$ sudo ls -la /var/run/docker.sock
srw-rw---- 1 root docker 0 Dec 27 15:39 /var/run/docker.sock
$ sudo usermod -aG docker ${USER}
$ docker-compose -f docker-compose.yml build --build-arg UID=$(id -u)
ERROR: Couldn't connect to Docker daemon at http+docker://localhost - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
The result of the last step is the same as "docker-compose up -d". According to the article, it would be a permission problem if the problem still exists at this point. How can I find what permission issue?
There are multiple ways you can solve this problem. Firstly try to export environment variable of docker host with command:
export DOCKER_HOST=/var/run/docker.sock
If it works you can add the same line to your bashrc config to save this export permanently.
If it doesn't work you can try to modify docker daemon config. It located in
/etc/docker/daemon.json
You'll need to append the localhost to your hosts like that:
"hosts": ["old_hosts_not_modified_only_append_new_one", "tcp://localhost:2376"],
and restart docker daemon using command:
service docker restart
Hope it gonna help ya
I have updated docker in my OpenSUSE 13.2.
After some tests I see that -H flag in /etc/sysconfig/docker is causing dockerd not to start, but I need it to enable port 2375 or 2376 (as it has been working OK for months). With it, TSL or not TSL, all or any port, docker will not start. I have tried binding to 0.0.0.0, localhost, ...
-- Logs begin at Tue 2016-10-25 12:48:00 CEST, end at Thu 2017-02-02 23:02:35 CET. --
Feb 02 23:01:35 ezequiel dockerd[22661]: time="2017-02-02T23:01:35.134216922+01:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Feb 02 23:01:35 ezequiel dockerd[22661]: time="2017-02-02T23:01:35.247510727+01:00" level=info msg="Loading containers: done."
Feb 02 23:01:35 ezequiel dockerd[22661]: time="2017-02-02T23:01:35.247659069+01:00" level=info msg="Daemon has completed initialization"
Feb 02 23:01:35 ezequiel dockerd[22661]: time="2017-02-02T23:01:35.247709386+01:00" level=info msg="Docker daemon" commit=78d1802 graphdriver=btrfs version=1.12.6
Feb 02 23:01:35 ezequiel dockerd[22661]: time="2017-02-02T23:01:35.267370317+01:00" level=info msg="API listen on 192.168.100.1:2375"
Feb 02 23:02:35 ezequiel docker_service_helper.sh[22662]: Docker is dead
Feb 02 23:02:35 ezequiel systemd[1]: docker.service: control process exited, code=exited status=1
Feb 02 23:02:35 ezequiel dockerd[22661]: time="2017-02-02T23:02:35.810756005+01:00" level=info msg="Processing signal 'terminated'"
Feb 02 23:02:35 ezequiel systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is failed.
Feb 02 23:02:35 ezequiel systemd[1]: Unit docker.service entered failed state.
If I remove it, docker starts, but I can't access it from outside the host (I used to use TSL through port 2376)
I have tried dockerd directly and it binds to tcp port:
# /usr/bin/dockerd --containerd /run/containerd/containerd.sock --add-runtime oci=/usr/bin/docker-runc --label provider=generic -g /optLVM/varLibDocker -H tcp://127.0.0.1:2375
WARN[0000] [!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]
INFO[0000] [graphdriver] using prior storage driver "btrfs"
INFO[0000] Graph migration to content-addressability took 0.00 seconds
WARN[0000] Your kernel does not support swap memory limit.
WARN[0000] Your kernel does not support kernel memory limit.
WARN[0000] mountpoint for pids not found
INFO[0000] Loading containers: start.
.................INFO[0000] Firewalld running: false
INFO[0000] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address
INFO[0000] Loading containers: done.
INFO[0000] Daemon has completed initialization
INFO[0000] Docker daemon commit=78d1802 graphdriver=btrfs version=1.12.6
INFO[0000] API listen on 127.0.0.1:2375
So it seems something has changed in the configuration.
My old version was:
docker-1.12.1-152.3.x86_64
And new one:
docker-1.12.6-176.1.x86_64
Thanks for any help... I do need TCP, with or without TSL, to access docker remotely.
I got the same Problem after updating.
From 1.12.1 to 1.12.6 they changed somthing with the "fd://". For me it did not work anymore. I'm using tcp with tls.
In my config file (/etc/docker/daemon.json)
{
"tls" : true,
"tlsverify": true,
"tlscacert": "/etc/docker/ca.pem",
"tlscert" : "/etc/docker/server/server-cert.pem",
"tlskey" : "/etc/docker/server/server-key.pem",
"hosts" : ["unix:///var/run/docker.sock", "tcp://10.10.1.1:2376"]
}
I am adding the "host": unix:///var/run/docker.sock
I think the local communication is handled via the unix socket and remote connection runs over tcp.
You can find the Infos here ...
I use ubuntu 16.04.
Suddenly (sorry), I can't run docker.
When I run command in the terminal I only have this (expected output was info about client and daemon versions):
$ sudo docker --version
Docker version 1.12.3, build 6b644ec
When I run commands line this
$ sudo docker ps
I have nothing for long time:
How can I overcome this problem?
$ sudo service docker status
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Ср 2017-01-04 18:14:48 MSK; 12s ago
Docs: https://docs.docker.com
Process: 9534 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
Main PID: 9534 (code=exited, status=1/FAILURE)
янв 04 18:14:47 kenenbek dockerd[9534]: time="2017-01-04T18:14:47.446210980+03:00" level=warning msg="Your kernel does not support swap memory limit."
янв 04 18:14:47 kenenbek dockerd[9534]: time="2017-01-04T18:14:47.447160673+03:00" level=info msg="Loading containers: start."
янв 04 18:14:47 kenenbek dockerd[9534]: .................time="2017-01-04T18:14:47.469385119+03:00" level=info msg="Firewalld running: false"
янв 04 18:14:47 kenenbek dockerd[9534]: time="2017-01-04T18:14:47.881263583+03:00" level=info msg="Default bridge (docker0) is assigned with an IP addr
янв 04 18:14:48 kenenbek dockerd[9534]: time="2017-01-04T18:14:48.736641043+03:00" level=info msg="Loading containers: done."
янв 04 18:14:48 kenenbek dockerd[9534]: time="2017-01-04T18:14:48.790061315+03:00" level=fatal msg="Error creating cluster component: error while loadi
янв 04 18:14:48 kenenbek systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
янв 04 18:14:48 kenenbek systemd[1]: Failed to start Docker Application Container Engine.
янв 04 18:14:48 kenenbek systemd[1]: docker.service: Unit entered failed state.
янв 04 18:14:48 kenenbek systemd[1]: docker.service: Failed with result 'exit-code'.
When I get such output when I run:
$ sudo service docker restart
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
This looks like a docker swarm certificate related issue as reported here
A solution to this problem will be released in version 1.13. For now you can try forcing recreating the swarm as explained here.
I am using Ubuntu 16.04 with docker 1.11.2. I have configured systemd to automatically restart docker daemon. When I kill the docker daemon, docker daemon restarts, but container will not even it has RestartPolicy set to always. From the logs I can read that it failed to create directory because it exists. I personally think that it related to stopping containerd.
Any help would be appreciated.
Aug 25 19:20:19 api-31 systemd[1]: docker.service: Main process exited, code=killed, status=9/KILL
Aug 25 19:20:19 api-31 docker[17617]: time="2016-08-25T19:20:19Z" level=info msg="stopping containerd after receiving terminated"
Aug 25 19:21:49 api-31 systemd[1]: docker.service: State 'stop-sigterm' timed out. Killing.
Aug 25 19:21:49 api-31 systemd[1]: docker.service: Unit entered failed state.
Aug 25 19:21:49 api-31 systemd[1]: docker.service: Failed with result 'timeout'.
Aug 25 19:21:49 api-31 systemd[1]: docker.service: Service hold-off time over, scheduling restart.
Aug 25 19:21:49 api-31 systemd[1]: Stopped Docker Application Container Engine.
Aug 25 19:21:49 api-31 systemd[1]: Closed Docker Socket for the API.
Aug 25 19:21:49 api-31 systemd[1]: Stopping Docker Socket for the API.
Aug 25 19:21:49 api-31 systemd[1]: Starting Docker Socket for the API.
Aug 25 19:21:49 api-31 systemd[1]: Listening on Docker Socket for the API.
Aug 25 19:21:49 api-31 systemd[1]: Starting Docker Application Container Engine...
Aug 25 19:21:49 api-31 docker[19023]: time="2016-08-25T19:21:49.913162167Z" level=info msg="New containerd process, pid: 19029\n"
Aug 25 19:21:50 api-31 kernel: [87066.742831] audit: type=1400 audit(1472152910.946:23): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="docker-default" pid=19043 comm="apparmor_parser"
Aug 25 19:21:50 api-31 docker[19023]: time="2016-08-25T19:21:50.952073973Z" level=info msg="[graphdriver] using prior storage driver \"overlay\""
Aug 25 19:21:50 api-31 docker[19023]: time="2016-08-25T19:21:50.956693893Z" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Aug 25 19:21:50 api-31 docker[19023]: time="2016-08-25T19:21:50.961641996Z" level=info msg="Firewalld running: false"
Aug 25 19:21:51 api-31 docker[19023]: time="2016-08-25T19:21:51.016582850Z" level=info msg="Removing stale sandbox 66ef9e1af997a1090fac0c89bf96c2631bea32fbe3c238c4349472987957c596 (547bceaad5d121444ddc6effbac3f472d0c232d693d8cc076027e238cf253613)"
Aug 25 19:21:51 api-31 docker[19023]: time="2016-08-25T19:21:51.046227326Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Aug 25 19:21:51 api-31 docker[19023]: time="2016-08-25T19:21:51.081106790Z" level=warning msg="Your kernel does not support swap memory limit."
Aug 25 19:21:51 api-31 docker[19023]: time="2016-08-25T19:21:51.081650610Z" level=info msg="Loading containers: start."
Aug 25 19:22:01 api-31 kernel: [87076.922492] docker0: port 1(vethbbc1192) entered disabled state
Aug 25 19:22:01 api-31 kernel: [87076.927128] device vethbbc1192 left promiscuous mode
Aug 25 19:22:01 api-31 kernel: [87076.927131] docker0: port 1(vethbbc1192) entered disabled state
Aug 25 19:22:03 api-31 docker[19023]: .time="2016-08-25T19:22:03.085800458Z" level=warning msg="error locating sandbox id 66ef9e1af997a1090fac0c89bf96c2631bea32fbe3c238c4349472987957c596: sandbox 66ef9e1af997a1090fac0c89bf96c2631bea32fbe3c238c4349472987957c596 not found"
Aug 25 19:22:03 api-31 docker[19023]: time="2016-08-25T19:22:03.085907328Z" level=warning msg="failed to cleanup ipc mounts:\nfailed to umount /var/lib/docker/containers/547bceaad5d121444ddc6effbac3f472d0c232d693d8cc076027e238cf253613/shm: invalid argument"
Aug 25 19:22:03 api-31 kernel: [87078.882836] device veth5c6999c entered promiscuous mode
Aug 25 19:22:03 api-31 kernel: [87078.882984] IPv6: ADDRCONF(NETDEV_UP): veth5c6999c: link is not ready
Aug 25 19:22:03 api-31 systemd-udevd[19128]: Could not generate persistent MAC address for veth5c6999c: No such file or directory
Aug 25 19:22:03 api-31 systemd-udevd[19127]: Could not generate persistent MAC address for veth39fb4d3: No such file or directory
Aug 25 19:22:03 api-31 kernel: [87078.944218] docker0: port 1(veth5c6999c) entered disabled state
Aug 25 19:22:03 api-31 kernel: [87078.948636] device veth5c6999c left promiscuous mode
Aug 25 19:22:03 api-31 kernel: [87078.948640] docker0: port 1(veth5c6999c) entered disabled state
Aug 25 19:22:03 api-31 docker[19023]: time="2016-08-25T19:22:03.219677059Z" level=error msg="Failed to start container 547bceaad5d121444ddc6effbac3f472d0c232d693d8cc076027e238cf253613: rpc error: code = 6 desc = \"mkdir /run/containerd/547bceaad5d121444ddc6effbac3f472d0c232d693d8cc076027e238cf253613: file exists\""
Aug 25 19:22:03 api-31 docker[19023]: time="2016-08-25T19:22:03.219750430Z" level=info msg="Loading containers: done."
Aug 25 19:22:03 api-31 docker[19023]: time="2016-08-25T19:22:03.219776593Z" level=info msg="Daemon has completed initialization"
Aug 25 19:22:03 api-31 docker[19023]: time="2016-08-25T19:22:03.219847738Z" level=info msg="Docker daemon" commit=b9f10c9 graphdriver=overlay version=1.11.2
Aug 25 19:22:03 api-31 systemd[1]: Started Docker Application Container Engine.
Aug 25 19:22:03 api-31 docker[19023]: time="2016-08-25T19:22:03.226116336Z" level=info msg="API listen on /var/run/docker.sock"
#VonC - Thank you for pointing me at the right direction. I researched the thread, but in my case the apparmor is not an issue. There are some other issues mentioned in the thread, so I followed them and I found the solution.
SOLUTION:
On Ubuntu 16.04 the problem is that systemd kills process containerd with the docker daemon process. In order to prevent it, you need to add
KillMode=process
to /lib/systemd/system/docker.service and that fixes the issue.
Here are the sources I used:
https://github.com/docker/docker/issues/25246
https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.service#L25
That seems to be followed by issue 25487 (August 2016), and was reported even before (April 2016) in issue 22195.
Check if you are in the situation mentioned in issue 21702 by Tõnis Tiigi:
This seems to be caused by the apparmor profile for docker daemon we have in docker/contrib/apparmor.
If this profile is applied in v1.11 (at least ubuntu wily) then container starting does not work.
I'm not sure if users have just manually enforced this profile or apparently we also accidentally installed this profile in 1.10.0-rc1 (#19707).
So the workaround, until we figure out how to deal with this, is to unload the profile with something like apparmor_parser -R /etc/apparmor.d/docker-engine ,delete it and restart daemon.
/etc/apparmor.d/docker is the profile for the containers and does not need to be changed.