I'm trying to kill a docker container, but I got permission denied. I use Ubuntu 20.04, my docker version for client is 20.10.7 and the one for the server is 20.10.11.
This is the log I got:
Error response from daemon: Cannot kill container: fastapi_server: permission denied
I read that I should use this comand for restarting docker.
sudo systemctl restart docker.socket docker.service
But the thing is that when I execute this command, all my containers and images dissapear, but If I try on localhost:8000 my port is occupied by the container that I wanted to delete. And if I run sudo netstat -anp | grep 8000, I get:
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 2493/docker-proxy
tcp6 0 0 :::8000 :::* LISTEN 2500/docker-proxy
So this confirms that my port is already taken by a docker container, but when I run docker ps -a, I get no container. I also tried docker kill, but it did not work.
How should I kill this container & get my 8000 port free?
Please think twice before removing AppArmor. To my understanding this is central to application security for instance on recent major Ubuntu versions.
It seems the rights problem is specific to a Docker version. Assuming yours is also installed via snap, please attempt upgrading your Docker version to at least the current beta, e.g. with
snap refresh docker --beta
20.10.12 seems to work fine.
(In fact I fell for the suggestion and did remove my AppArmor - snaps went away. Then reinstalled ASAP, the settings of relevant snaps are still with me - afterwards installed docker back, had the problem, upgraded it: seems to work like a charm.)
It appeared that I had installed docker with snap as well as using the docker repository:
sudo snap list
So:
sudo snap remove docker --purge
sudo aa-remove-unknown
Along with re-installing Docker using the method described here solved my issues! No need to disable or remove apparmor.
Try these steps:
docker inspect
Find the PID AND kill that process.
If that does not work check with
dmesg
everything related to Docker. You can put output here that we can help you.
Ok,from you png ist seems that you have problem with AppArmor. Try this:
sudo apt purge --auto-remove apparmor
sudo service docker restart
docker system prune --all --volumes
what works for me in these cases:
sudo systemctl restart docker.socket docker.service
sudo docker image rm -f $(sudo docker image ls -q)
I installed Docker from snap and experienced the permission denied error response. After reading many users experiencing more problems with the apparmor suggestion, I uninstalled Docker from snap, then used digitalocean's Docker installation tutorial.
It worked for me, posting here as reference for others experiencing the same problem.
In my case it was also apparmor on Ubuntu 20.04 after upgrade from Bionic. By running dmesg I got error message:
[1113458.482007] audit: type=1400 audit(1672134271.112:1718): apparmor="DENIED" operation="signal" profile="docker-default" pid=1654 comm="dockerd" requested_mask="receive" denied_mask="receive" signal=kill peer="snap.docker.dockerd
To fix this please edit /etc/apparmor.d/docker and add to the beginning (however, after the 'profile docker-default .... {' ) the following line:
signal,
Then reload apparmor
sudo systemctl reload apparmor
This fixed it at least on my computer.
See more https://manpages.ubuntu.com/manpages/xenial/man5/apparmor.d.5.html under section signal:
Example AppArmor signal rules:
# Allow all signal access
signal,
I have been working with Docker for about two months now, working on Windows/WSL. The other day I needed to restart my machine and once it restarted I tried setting up my docker containers again and ran into an issue that I have had before, however. All the solutions I used last time do not work, and none on google work either.
I have tried a lot of things, every single possibility on the internet I could fine and I have been stuck on this for at least 8 hours already and wish to waste no more time on it. I will list a few I have already tried but do not work:
sudo usermod -aG docker $USER
sudo ln -s /mnt/c/Program\ Files/Docker/Docker/resources/bin/docker.exe /usr/bin/docker
using sudo
restarted docker
reinstalled docker desktop (windows)
The command within our make file runs this:
docker-compose up -d
We use a MakeFile to make our lives a lot easier in terms of docker commands so usually I would run this command and it should just bring the container up and work fine. But instead I get this:
ERROR: Couldn't connect to Docker daemon at http+docker://localhost - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
Makefile:13: recipe for target 'up' failed
make: *** [up] Error 1
I was then recommended trying sudo dockerd which I then get this error, which does half explain the issue but I could not find a clear answer on how to fix my issue:
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
I am really hoping someone is able to help me with this as I am so stuck and need to get this to work.
It turns out the issue was to do with the groups. The solution that I found worked was to remove the user group "docker" using:
sudo groupadd docker
sudo usermod -aG docker $(whoami)
Then I ran the command for my make file and it worked!
I hope this benefits some of you!
From this github issue:
Try running dockerd or sudo dockerd if required first to start daemon. If you start dockerd with sudo you may want to run docker-compose up with sudo also. otherwise it's fine.
I had the same issue. I managed to fix this by upgrading to WSL 2 from version 1.
To get your current version in powershell :
wsl -l -v
For me it was written version 1.
To upgrade from 1 to 2 :
wsl --set-version <NAME-FROM-PREVIOUS-COMMAND> 2
For me it was Ubuntu :
wsl --set-version Ubuntu 2
And then the docker daemon could be started as expected inside wsl. (with sudo in my case)
sudo dockerd
sudo docker-compose up
I hope it could help.
What am I trying to achieve:
I'm starting 2 containers on 2 different instances in AWS.
I also have a route53 local domain to hold the records of these instances.
When I ping from 'web' instance to 'db' instance I use "ping db.domain.local" and cannot use only "ping db" (and vice versa).
What I did so far:
Changed the file /etc/resolv.conf from
search domain.local
nameserver 127.0.0.11
options ndots:0
to (changed the "options")
search domain.local
nameserver 127.0.0.11
options ndots:1
What I got:
Got it to work.
Error I got:
When I try to change the /etc/resolv.conf file in the Dockerfile or the docker-compose process I get the error
can't move '/etc/resolv.confOobcMn' to '/etc/resolv.conf': Resource busy.
Workaround for now:
Don't have one because I'm trying to get it to work with the Dockerfile build or the docker-compose up process
My infrastructure is:
Containers OS: Alpine Linux 3.4 based
Docker: 18.09.2
Docker-Compose: 1.23.2
Host OS: ubuntu \ MacOS
Apparently changing the docker command in the systemd unit file works.
All you have to do is to add --dns-opt=ndots:15 to the ExecStart line inside /lib/systemd/system/docker.service (depending on your distro) as one of the arguments to the command line and restart docker.
As suggested at the following issue on github.
You cannot overwrite the resolv.conf in a docker container. Docker does some interesting things with resolv.conf to get a lot of their internal networking (GWBridge, Overlays) working.
You may want to try using their --dns-opt=OPTIONS flag when starting the container, or updating your docker-compose to handle the dns flags:
https://docs.docker.com/v17.09/engine/userguide/networking/default_network/configure-dns/
I am getting the below error while building an image
Step 1/10 : FROM ubuntu:14.04
Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I think the issue is that you are behind the proxy which in which case you need to write a manual configuration in Docker systemd service file. That will override the default docker.service file.
If you are using Docker for Windows, then simply set the default DNS to 8.8.8.8 on the "vEthernet (DockerNAT)" network adapter. But remember, this is not the best practice as you will be exposing from your office network.
In linux environment, you could add the environment variable as you are behind HTTP_PROXY or HTTPS_PROXY, as you are using port 80 or 443 respectively. As shown below in /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
as for HTTTP_PROXY in /etc/systemd/system/docker.service.d/https-proxy.conf
[Service]
Environment="HTTPS_PROXY=https://proxy.example.com:443/"
Then just restart docker after deamon reload:
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
Hope this works.
Reference: https://docs.docker.com/engine/admin/systemd/#httphttps-proxy
I had the same problem and the following fix has worked for me:
https://github.com/moby/moby/issues/22635#issuecomment-260063252
In my case I've added the following 2 nameserver lines to /etc/resolv.conf file.
before:
nameserver 127.0.0.53
after:
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 127.0.0.53
I was facing the same issue when trying to build or pull an image with Docker on Win10. Changing the DNS of the Docker vEthernet(DockerNAT) network adapter to 8.8.8.8 fixed it for me, as described in this GitHub issue.
To change the DNS go to Docker (TrayIcon) -> Settings -> Resources -> Network and set a fixed DNS server ip = 8.8.8.8.
Changing the DNS server in the configuration of the windows network adapter worked too.
After restarting Docker is able to pull and build images again.
Version Info:
Windows 10 x64 Enterprise Version 1709
$ docker version
Client:
Version: 17.12.0-ce
API version: 1.35
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:05:22 2017
OS/Arch: windows/amd64
Server:
Engine:
Version: 17.12.0-ce
API version: 1.35 (minimum version 1.12)
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:12:29 2017
OS/Arch: linux/amd64
Experimental: true
On Mac OS X, I fixed this issue by not using the experimental virtualization framework.
Preferences -> Experimental Features
I got the same error and it was resolved by
docker logout registry-1.docker.io
I had the same issue and only found out after 30 minutes that I was on a VPN network for work which blocks other sites. I went off the VPN, and it worked :) This is definitely a network issue. When it said "not authenticated", I thought perhaps I needed some login credentials or so.
I face this problem when performing Ansible AWX installation.
I had my own private DNS :192.168.0.254 & 192.168.0.253 but was receiving same error.
Issue got resolved after change my DNS back to 8.8.8.8 & 8.8.4.4.
This error occurs on Big Sur 11.3.1, Intel when you check the box for "Use new virtualization framework" under the Experimental Features tab. Unchecking the box and restarting Docker fixed this problem for me.
This may be the old one, but fixed available here
https://success.docker.com/article/i-get-x509-certificate-signed-by-unknown-authority-error-when-i-try-to-login-to-my-dtr-with-default-certificates
run following commands on each server
export DOMAIN_NAME=bootstrap.node1.local
export TCP_PORT=5000
openssl s_client -connect $DOMAIN_NAME:$TCP_PORT -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM | tee /etc/pki/ca-trust/source/anchors/$DOMAIN_NAME.crt
update-ca-trust
/bin/systemctl restart docker.service
I have same issue with registry deployed in swarm. Restart docker helps but after some time it occurs again.
Redeploy registry with docker-compose
sudo docker-compose up -d
and all works fine
I also had problems with pull requests timing out.
with both
docker pull hello-world
kubeadm config images pull
Perhaps this problem started for me when upgrading the VM from ubuntu 18 to 20, but there were also many kubernetes related config changes I made, so not sure.
anyway this solution resolved it for me.
https://stackoverflow.com/a/51648635/11416610
thanks #nils!
incase the above link brakes, here is a quote:
I had the same issue yesterday. Since I am behind a company proxy, I
had to define the http-proxy for the docker daemon in:
/etc/systemd/system/docker.service.d/http-proxy.conf
The problem was, that I misconfigured the https_proxy, how it is
described here. I used https:// in the https_proxy environment
variable, which caused this error.
This configuration works for me:
cat /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment=http_proxy=http://IP:PORT/
Environment=no_proxy=localhost,127.0.0.1
Environment=https_proxy=http://IP:PORT/
Remember that you have to restart the docker daemon after changing
this configuration. You can achieve this by using:
systemctl daemon-reload
systemctl restart docker
I was getting the same error. I am using a ubuntu 20.04 system
Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I added the missing lines inside /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
sudo nano /etc/resolv.conf
This is how it looks now.
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 127.0.0.53
options edns0 trust-ad
I faced this issue on ubuntu when I am trying to build elasticsearch:
And I got this error:
ERROR: Get https://docker.elastic.co/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
It was my network connection problem. I was using VPN.
so I disconnect my VPN connection and it's working fine.
for some reasons, it's trying to look up the domain it seems trying to search for the domain inside the local network after I disconnect the VPN everything worked fine.
Windows 10 - home PC. none of the solution worked for me. what worked is un-install docker, restart PC, "run as administrator" while installing exe. worked!!
For my case, my company needed to define my IP in the White list in order to access the cloud.docker files. So do not hesitate to tell the responsible person if you have such error.
My issue was with Windows WSL, not only do you have to set the static dns servers as mentioned above in both the Docker Desktop client, and your containers, but you also need to add
[network]
generateResolvConf = false
to the /etc/wsl.conf in your linux containers. You will need to reboot your container as outlined in https://superuser.com/questions/1126721/rebooting-ubuntu-on-windows-without-rebooting-windows, or you can reboot your pc.
None of those solutions worked for me.
I finally make it work simply by doing an update of docker. (MAC OS)
I experienced this issue when trying to push to Docker.
I updated Docker Desktop (via the GUI)
I also ran docker system prune which prompts:
WARNING! This will remove:
- all stopped containers
- all volumes not used by at least one container
- all networks not used by at least one container
- all dangling images
Confirm this by entering yes
It could be temporary network issue. I had same issue. I would these two
Re-run the command again
Restart the Docker Desktop
I had the same issue. I was getting this error while following the Udemy course. Since I was new to Docker I was actually building image by giving incorrect repository name( I was using Instructor username instead of mine docker repository username). When we push the image to Docker hub, use your docker repository name. Hence build image using your username.
docker build . -t docker_username/example:latest
where . represent current directory where your Dockerfile resides.
Please first logged in your docker repository by using Docker desktop in your system
Hope this will solve someone's problem.
my solution was :
docker image prune and docker volume prune
Experienced this Error while I was trying to : docker pull odoo
and my solution was: sudo systemctl restart docker
Just log in through the terminal and use the below command
docker login
Enter username and password
I was stuck too, tried everything I could then I tried
these:
https://fedingo.com/how-to-uninstall-docker-in-ubuntu/
Make sure you repeat step 1 and 2 mentioned in link untill step 1 shows nothing
then procceed with step 3 and the next steps
then delete docker folder from here
/etc/systemd/system/docker.service.d/
then follow :
https://docs.docker.com/engine/install/ubuntu/
I have faced this error sometimes, my docker image is built smoothly before but when I have to remove all images ( even I do not make any change with the docker configuration files or any error in code). this still happens.
so I think that it may cause by the connection for it does a "Get https://registry-1.docker.io/v2/:....."
I have change DNS to google DNS 8.8.8.8 and 8.8.4.4 then it 's worked.
good luck!
Just add at the end of your shell command --dns 8.8.8.8
I got this error from my own Internet connection. Switched to another provider, all good.
Check in case VPN is blocking..
i have a little problem. I am using Windows in the company and have to install docker. That's why i have installed Oracle Virtual Box and CentOS 7.
Now i need to install Docker. I am reading the following instructions from this site: https://www.kinamo.be/en/support/faq/installing-docker-engine-on-centos-7
But i have the first problem at step 1 and this command: $ sudo yum update
I get this error message immediately:
Of course i googled a bit, and i found that i should add a DNS, and i tried it with "sudo sh -c "echo nameserver 8.8.8.8 > /etc/resolv.conf"".
I entered it, but nothing happened.
With "sudo yum update" i always get the same error.
I have also tried "dhclient" before, but it seems, that nothing happened
Thank you in advance!
Possible Reason for the issue and Resolution.
Ethernet Interface is disabled.
Check ethernet status, if its disconnected then you need to enable it.
Steps to enable ethernet in your CentOS machine.
Step 1. Edit /etc/sysconfig/network-scripts/ifcfg-eth0 file and change ONBOOT value from no to “yes”
vi /etc/sysconfig/network-scripts/ifcfg-eth0s3
ONBOOT=yes
Step 2: Restart Network Service
/etc/init.d/network restart
Try “yum update” command now. If it worked then your problem is solved now.
There might be issue due to missing nameserver in /etc/resolv.conf . Check nameserver entry in /etc/resolv.conf . If its blank then defined nameserver
vi /etc/resolv.conf
nameserver 9.9.9.9
Step 3: validate
http://techieroop.com/could-not-resolve-host-mirrorlist-centos-org-centos-7/
If there is a proxy, follow the steps described in this link https://docs.docker.com/engine/admin/systemd/#httphttps-proxy
You might also need to export the environment variables http_proxy and https_proxy
For the DNS configuration also consider adding the follow in /etc/systemd/system/docker.service.d/dns.conf:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd daemon -H fd:// --dns 8.8.8.8 --dns x.x.x.x --dns x.x.x.x
https://github.com/moby/moby/issues/19481#issuecomment-173469374