Develop Reference

How to build from docker file inside another docker container?

When I run:
docker build -t random-letter .
I get error:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
I tried running dockerd but got some other errors
Running iptables --wait -t nat -L -n failed with message: `iptables v1.8.4 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.`, error: exit status 3
INFO[2022-04-13T14:32:13.795289191Z] stopping event stream following graceful shutdown error="<nil>" module=libcontainerd namespace=moby
INFO[2022-04-13T14:32:13.795587753Z] stopping event stream following graceful shutdown error="context canceled" module=libcontainerd namespace=plugins.moby
INFO[2022-04-13T14:32:13.795630880Z] stopping healthcheck following graceful shutdown module=libcontainerd
WARN[2022-04-13T14:32:14.796355453Z] grpc: addrConn.createTransport failed to connect to {unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial unix:///var/run/docker/containerd/containerd.sock: timeout". Reconnecting... module=grpc
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.4 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Here's a link to a similar question may help you to get a good answer since I believe DinD should be avoided to reduce complexity

Docker - Unable to join swarm as manager, able to join as worker

When executing a docker swarm join command (as manager), I face the following error:
Error response from daemon: manager stopped: can't initialize raft node: rpc error: code = Internal desc = connection error: desc = "transport: x509: certificate is not valid for any names, but wanted to match swarm-manager"
Joining the same swarm, but as worker, works flawless.
The logfiles show me the following items:
kmo#GETSTdock-app01 ~ $ sudo tail -f /var/log/upstart/docker.log
time="2018-07-06T09:18:17.890620199+02:00" level=info msg="Listening for connections" addr="[::]:2377" module=node node.id=7j75bmugpf8k2o0onta1yp4zy proto=tcp
time="2018-07-06T09:18:17.892234469+02:00" level=info msg="manager selected by agent for new session: { 10.130.223.107:2377}" module=node/agent node.id=7j75bmugpf8k2o0onta1yp4zy
time="2018-07-06T09:18:17.892364019+02:00" level=info msg="waiting 0s before registering session" module=node/agent node.id=7j75bmugpf8k2o0onta1yp4zy
time="2018-07-06T09:18:18.161362606+02:00" level=error msg="fatal task error" error="cannot create a swarm scoped network when swarm is not active" module=node/agent/taskmanager node.id=7j75bmugpf8k2o0onta1yp4zy service.id=p3ng4om2m8rl7ygoef18ayohp task.id=weaubf3qj5goctlh2039sjvdg
time="2018-07-06T09:18:18.162182077+02:00" level=error msg="fatal task error" error="cannot create a swarm scoped network when swarm is not active" module=node/agent/taskmanager node.id=7j75bmugpf8k2o0onta1yp4zy service.id=6sl9y5rcov6htwbyvm504ewh2 task.id=j3foc6rjszuqszj41qyqb6mpe
time="2018-07-06T09:18:18.184847516+02:00" level=info msg="Stopping manager" module=node node.id=7j75bmugpf8k2o0onta1yp4zy
time="2018-07-06T09:18:18.184993569+02:00" level=info msg="Manager shut down" module=node node.id=7j75bmugpf8k2o0onta1yp4zy
time="2018-07-06T09:18:18.185020917+02:00" level=info msg="shutting down certificate renewal routine" module=node/tls node.id=7j75bmugpf8k2o0onta1yp4zy node.role=swarm-manager
time="2018-07-06T09:18:18.185163663+02:00" level=error msg="cluster exited with error: manager stopped: can't initialize raft node: rpc error: code = Internal desc = connection error: desc = \"transport: x509: certificate is not valid for any names, but wanted to match swarm-manager\""
time="2018-07-06T09:18:18.185492995+02:00" level=error msg="Handler for POST /v1.37/swarm/join returned error: manager stopped: can't initialize raft node: rpc error: code = Internal desc = connection error: desc = \"transport: x509: certificate is not valid for any names, but wanted to match swarm-manager\""
I face similar problems when I join as worker, and then attempt to promote the node to a manager node.
Docker version = 18.03.1
OS = Ubuntu 14.04 LTS
Anybody an idea how to resolve this?

For me, I had to open port 2377 in the joining manager node's firewall; that seemed to do the trick. I'm not sure if this is best practice, as I'm still a noob with Docker Swarm: but add it to the list of things to try if you have this issue.

This may or may not work, but you can try
On manager run:
docker swarm leave --force
Recreate the swarm using:
docker swarm init --advertise-addr [ip-address for initial manager]
Then try to add managers using the advertised address
Also you can try:
Comment out the proxy from the docker proxy define file /etc/systemd/system/docker.service.d/docker.conf or /etc/systemd/system/docker.service.d/docker_proxy.conf
reload the deamon with
systemctl daemon-reload
Re-excute docker swarm join --token manager

How to fix docker daemon that will not restart due to hns error

Docker for Windows Server
Windows Server version 1709, with containers
Docker version 17.06.2-ee-6, build e75fdb8
Swarm mode (worker node, part of swarm with ubuntu masters)
After containers connected to an overlay network started intermittently losing their network adapters, I restarted the machine. Now daemon will not start. Below is the last lines of output from running docker -D.
Please let me know how to fix this.
time="2018-05-15T15:10:06.731160000Z" level=debug msg="Option Experimental: false"
time="2018-05-15T15:10:06.731160000Z" level=debug msg="Option DefaultDriver: nat"
time="2018-05-15T15:10:06.731160000Z" level=debug msg="Option DefaultNetwork: nat"
time="2018-05-15T15:10:06.734183700Z" level=info msg="Restoring existing overlay networks from HNS into docker"
time="2018-05-15T15:10:06.735174400Z" level=debug msg="[GET]=>[/networks/] Request : "
time="2018-05-15T15:12:06.789120400Z" level=debug msg="Network (d4d37ce) restored"
time="2018-05-15T15:12:06.796122200Z" level=debug msg="Endpoint (4114b6e) restored to network (d4d37ce)"
time="2018-05-15T15:12:06.796122200Z" level=debug msg="Endpoint (819eb70) restored to network (d4d37ce)"
time="2018-05-15T15:12:06.797124900Z" level=debug msg="Endpoint (ade55ea) restored to network (d4d37ce)"
time="2018-05-15T15:12:06.798125600Z" level=debug msg="Endpoint (d0054fc) restored to network (d4d37ce)"
time="2018-05-15T15:12:06.798125600Z" level=debug msg="Endpoint (e2af8d8) restored to network (d4d37ce)"
time="2018-05-15T15:12:06.854118500Z" level=debug msg="[GET]=>[/networks/] Request : "
time="2018-05-15T15:14:06.860654000Z" level=debug msg="start clean shutdown of all containers with a 15 seconds timeout..."
Error starting daemon: Error initializing network controller: hnsCall failed in Win32: Server execution failed (0x80080005)

Here is complete set of steps to completely rebuild all docker issues withing swarm host. Sometimes only some steps are sufficient (specifically hns part), so you can try those first.
Remove all docker services and user-defined networks (so all docker networks except `nat` and `none`
Leave the swarm cluster (docker swarm leave --force)
Stop the docker service (PS C:\> stop-service docker)
Stop the HNS service (PS C:\> stop-service hns)
In regedit, delete all of the registry keys under these paths:
HKLM:\SYSTEM\CurrentControlSet\Services\vmsmp\parameters\SwitchList
HKLM:\SYSTEM\CurrentControlSet\Services\vmsmp\parameters\NicList
Now go to Device Manager, and disable then remove all network adapters that are “Hyper-V Virtual Ethernet…” adapters
Now rename your HNS.data file (the goal is to effectively “delete” it by renaming it):
C:\ProgramData\Microsoft\Windows\HNS\HNS.data
Also rename C:\ProgramData\docker folder (the goal is to effectively “delete” it by renaming it)
C:\ProgramData\docker
Now reboot your machine

Docker fails to start after install with "loopback attach failed"

I have installed docker-ce from repository following instructions at:
https://docs.docker.com/install/linux/docker-ce/centos/
I receive an error attempting to start docker:
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
journalctl has the following:
...
dockerd[3647]: time="2018-02-05T14:47:05-08:00" level=info msg="containerd successfully booted in 0.002946s" module=containerd
dockerd[3647]: time="2018-02-05T14:47:05.456552594-08:00" level=error msg="There are no more loopback devices available."
dockerd[3647]: time="2018-02-05T14:47:05.456585240-08:00" level=error msg="[graphdriver] prior storage driver devicemapper failed: loopback attach failed"
dockerd[3647]: Error starting daemon: error initializing graphdriver: loopback attach failed
systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
systemd[1]: Failed to start Docker Application Container Engine.
I have seen articles about using something other than loopback devices, but as far as I can tell, those indicate an optimization to be made - and do not imply that the initial startup should fail.
CentOS Linux release 7.4.1708 (Core)

If you run Linux in a VM on Xen, you need to install the kernel and use pygrub (see https://wiki.debian.org/PyGrub) and update to docker version 19.03.0.
install pygrub
1. In your VM execute:
mkdir /boot/grub
apt-get install -y linux-image-amd64
cat > /boot/grub/menu.lst << EOF
default 0
timeout 2
title Debian GNU/Linux
root (hd0,0)
kernel /vmlinuz root=/dev/xvda2 ro
initrd /initrd.img
title Debian GNU/Linux (recovery mode)
root (hd0,0)
kernel /vmlinuz root=/dev/xvda2 ro single
initrd /initrd.img
EOF
2. halt your VM, for example:
xen destroy vm01
3. edit your xen config
for example for your VM /etc/xen/vm01.cfg in your DOM0 (comment out the first two lines and add the last three):
#kernel = '/boot/vmlinuz-4.9.0-9-amd64'
#ramdisk = '/boot/initrd.img-4.9.0-9-amd64'
extra = 'elevator=noop'
bootloader = '/usr/lib/xen-4.8/bin/pygrub'
bootloader_args = [ '--kernel=/vmlinuz', '--ramdisk=/initrd.img', ]
4. start your vm:
xen create /etc/xen/vm01.cfg

I have the same problem in a Debian 9 VM and the same in Debian 8 VM both on the same Debian XEN 4.8 host.
loopback seems not to exist:
# losetup -f
losetup: cannot find an unused loop device: No such device
You can create those with
#!/bin/bash
ensure_loop(){
num="$1"
dev="/dev/loop$num"
if test -b "$dev"; then
echo "$dev is a usable loop device."
return 0
fi
echo "Attempting to create $dev for docker ..."
if ! mknod -m660 $dev b 7 $num; then
echo "Failed to create $dev!" 1>&2
return 3
fi
return 0
}
ensure_loop 0
ensure_loop 0
But this is just a tip to find the right solution, it didn't solve it completely, now since /dev/loop0 exists, I have the error:
Error opening loopback device: open /dev/loop0: no such device or address
[graphdriver] prior storage driver devicemapper failed: loopback attach failed
Update:
I installed apt-get install docker-ce docker-ce-cli containerd.io like described in the latest docs and now with the latest version:
$ docker --version
Docker version 19.03.0, build aeac9490dc
still the same issue:
failed to start daemon: error initializing graphdriver: loopback attach failed
This is the full log:
level=info msg="Starting up"
level=warning msg="failed to rename /var/lib/docker/tmp for background deletion: rename /var/lib/docker/tmp
/var/lib/docker/tmp-old: file exists. Deleting synchronously"
level=info msg="parsed scheme: \"unix\"" module=grpc
level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock 0 <nil>}
] }" module=grpc
level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc0005e8660, CONNECTING" module=grpc
level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc0005e8660, READY" module=grpc
level=info msg="parsed scheme: \"unix\"" module=grpc
level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock 0 <nil>}
] }" module=grpc
level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc0007f5b10, CONNECTING" module=grpc
level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc0007f5b10, READY" module=grpc
level=error msg="There are no more loopback devices available."
level=error msg="[graphdriver] prior storage driver devicemapper failed: loopback attach failed"
failed to start daemon: error initializing graphdriver: loopback attach failed
Update 2:
In the end I found out, that pygrub was missing in the VM, which seems to be a new dependency since some version.
This answer was a dead end path, I added another answer, but I leave this here for other users, that have a different problem to get some hints.

I have meet this issue too. I resolved this issue!
In my VMWare workstation, the VM have TWO virtual network interfaces.
I removed one of the virtual network interfaces, and reserved only one.
Start VMWare workstation,start docker service, it works successfully!
I installed docker on CentOS7.6(1810),but when I start docker:
#systemctl start docker
Docker starts failed.
#journalctl -xe
It show some messages like "start daemon: error initializing graphdriver: loopback attach failed".

Rancher : Failed to find rancher-agent container

Im trying to create a new host (DigitalOccean) using rancher UI, every thing was Good but at the end i got this error :
"Failed to find rancher-agent container"
Logs :
time="2017-07-20T09:55:57Z" level=info msg="stdout: Running pre-create checks..." resourceId: =1ph86 service=gms
time="2017-07-20T09:55:58Z" level=info msg="stdout: Creating machine..." resourceId: =1ph86 service=gms
time="2017-07-20T09:55:58Z" level=info msg="stdout: (oo) Creating SSH key..." resourceId: =1ph86 service=gms
time="2017-07-20T09:55:59Z" level=info msg="stdout: (oo) Creating Digital Ocean droplet..." resourceId: =1ph86 service=gms
time="2017-07-20T09:56:00Z" level=info msg="stdout: (oo) Waiting for IP address to be assigned to the Droplet..." resourceId: =1ph86 service=gms
...
time="2017-07-20T09:57:31Z" level=info msg="pulling rancher/agent:v1.2.5 image." service=gms
time="2017-07-20T09:57:43Z" level=info msg="Container created for machine" containerId=5bef89f75de6fc256f0adbe1cc9c7138292aaa4bd7d8446546d208823cd8b22f machineId=1ph86 resourceId=1ph86 service=gms
time="2017-07-20T09:58:46Z" level=error msg="Failed to find rancher-agent container" machineId=1ph86 resourceId=1ph86 service=gms
time="2017-07-20T09:58:46Z" level=error msg="Error processing event" err="Failed to find rancher-agent container" eventId=08649e06-ddcd-445d-b120-91c0e7498835 eventName="physicalhost.bootstrap;handler=goMachineService" resourceId=1ph86
any idea ?

You should make sure that the NEW HOST has the Docker Image of rancher/agent:v1.2.5.
By using the command below:
# sudo docker images|grep rancher/agent
rancher/agent v1.2.2 6777bc8a1147 3 months ago 233.7 MB
If the host does not has the docker image, get it by using sudo docker pull rancher/agent:v1.2.5
Then checking the container logs of rancher agent.
By using the command below:
# sudo docker ps -a |grep rancher/agent
1c03d064165c rancher/agent:v1.2.2 "/run.sh run" 5 days ago Up 5 days rancher-agent
# sudo docker logs 1c03d064165c
If you find that container, even its status is Exited\Created\Dead, read its logs carefully and find the solutions of that BUG by asking for Google\Github;
IF you can NOT find that container, read the file of docker-compose.yml and rancher-compose.yml, make sure that you get the right docker image, include the right image version.