Set the selinux status to `Permissive`, still can not run docker - docker

After I install the docker, I have set the selinux status to Permissive, still can not run docker.
In my /etc/selinux/config, I have edit the SELINUX=disabled.
and setenforce 0, check with:
# getenforce
Permissive
I use systemctl start docker, but failed, get bellow error:
# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 五 2018-06-29 09:05:47 CST; 14s ago
Docs: http://docs.docker.com
Process: 21615 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 21615 (code=exited, status=1/FAILURE)
6月 29 09:05:46 123.xyz systemd[1]: Starting Docker Application Container Engine...
6月 29 09:05:46 123.xyz dockerd-current[21615]: time="2018-06-29T09:05:46.451911058+08:00" level=warning msg="could not ch...found"
6月 29 09:05:46 123.xyz dockerd-current[21615]: time="2018-06-29T09:05:46.453472267+08:00" level=info msg="libcontainerd: ...21626"
6月 29 09:05:47 123.xyz dockerd-current[21615]: time="2018-06-29T09:05:47.463085812+08:00" level=warning msg="overlay2: the back...
6月 29 09:05:47 123.xyz dockerd-current[21615]: Error starting daemon: SELinux is not supported with the overlay2 graph dr...false)
6月 29 09:05:47 123.xyz systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
6月 29 09:05:47 123.xyz systemd[1]: Failed to start Docker Application Container Engine.
6月 29 09:05:47 123.xyz systemd[1]: Unit docker.service entered failed state.
6月 29 09:05:47 123.xyz systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
Why there still says:
Error starting daemon: SELinux is not supported with the overlay2 graph dr...false)
My linux is CentOS 7.2

I find the solution.
in the /etc/sysconfig/docker:
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
set the -selinux-enabled to --selinux-enabled=false.

Related

Docker could not start after install on CentOS 7

I install docker on CentOS7(Linux version 3.10.0-327.el7.x86_64) with command yum install -y docker, but when I try to start docker with systemctl start docker, the docker failed to start, below is the error message
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2018-03-15 16:38:37 CST; 10s ago
Docs: http://docs.docker.com
Process: 5166 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 5166 (code=exited, status=1/FAILURE)
Mar 15 16:38:36 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
Mar 15 16:38:36 localhost.localdomain dockerd-current[5166]: time="2018-03-15T16:38:36.570661801+08:00" level=info msg="libcontainerd... 5171"
Mar 15 16:38:37 localhost.localdomain dockerd-current[5166]: time="2018-03-15T16:38:37.585565695+08:00" level=warning msg="overlay2: the ba...
Mar 15 16:38:37 localhost.localdomain dockerd-current[5166]: Error starting daemon: SELinux is not supported with the overlay2 graph ...false)
Mar 15 16:38:37 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 15 16:38:37 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
Mar 15 16:38:37 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
Mar 15 16:38:37 localhost.localdomain systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
How to solve this issue?

Can't start working with docker

I use ubuntu 16.04.
Suddenly (sorry), I can't run docker.
When I run command in the terminal I only have this (expected output was info about client and daemon versions):
$ sudo docker --version
Docker version 1.12.3, build 6b644ec
When I run commands line this
$ sudo docker ps
I have nothing for long time:
How can I overcome this problem?
$ sudo service docker status
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Ср 2017-01-04 18:14:48 MSK; 12s ago
Docs: https://docs.docker.com
Process: 9534 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
Main PID: 9534 (code=exited, status=1/FAILURE)
янв 04 18:14:47 kenenbek dockerd[9534]: time="2017-01-04T18:14:47.446210980+03:00" level=warning msg="Your kernel does not support swap memory limit."
янв 04 18:14:47 kenenbek dockerd[9534]: time="2017-01-04T18:14:47.447160673+03:00" level=info msg="Loading containers: start."
янв 04 18:14:47 kenenbek dockerd[9534]: .................time="2017-01-04T18:14:47.469385119+03:00" level=info msg="Firewalld running: false"
янв 04 18:14:47 kenenbek dockerd[9534]: time="2017-01-04T18:14:47.881263583+03:00" level=info msg="Default bridge (docker0) is assigned with an IP addr
янв 04 18:14:48 kenenbek dockerd[9534]: time="2017-01-04T18:14:48.736641043+03:00" level=info msg="Loading containers: done."
янв 04 18:14:48 kenenbek dockerd[9534]: time="2017-01-04T18:14:48.790061315+03:00" level=fatal msg="Error creating cluster component: error while loadi
янв 04 18:14:48 kenenbek systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
янв 04 18:14:48 kenenbek systemd[1]: Failed to start Docker Application Container Engine.
янв 04 18:14:48 kenenbek systemd[1]: docker.service: Unit entered failed state.
янв 04 18:14:48 kenenbek systemd[1]: docker.service: Failed with result 'exit-code'.
When I get such output when I run:
$ sudo service docker restart
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
This looks like a docker swarm certificate related issue as reported here
A solution to this problem will be released in version 1.13. For now you can try forcing recreating the swarm as explained here.

docker with device-mapper and luks

I'm trying to have docker container stored in a luks device, but using the below command it is not working.
I'm also trying to have a docker container to use (and maybe open) a luks file as a volume data, but I don't know how to bind it to the container
I have done the following :
pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created
vgcreate vgluks /dev/sdb
Volume group "vgluks" successfully created
lvcreate -l 90%FREE -n lvdocker-data vgluks
WARNING: crypto_LUKS signature detected on /dev/vgluks/lvdocker-data at offset 0. Wipe it? [y/n]: y
Wiping crypto_LUKS signature on /dev/vgluks/lvdocker-data.
Logical volume "lvdocker-data" created.
lvcreate -l 100%FREE -n lvdocker-metadata vgluks
Logical volume "lvdocker-metadata" created.
created a key
dd if=/dev/urandom of=/tmp/key bs=4K count=1
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.00126301 s, 3.2 MB/s
cryptsetup luksFormat --batch-mode --key-file=/tmp/key /dev/vgluks/lvdocker-data
cryptsetup luksFormat --batch-mode --key-file=/tmp/key /dev/vgluks/lvdocker-metadata
cryptsetup luksOpen --key-file=/tmp/key /dev/vgluks/lvdocker-data cryptfs-data
cryptsetup luksOpen --key-file=/tmp/key /dev/vgluks/lvdocker-metadata cryptfs-metadata
formated in ext4
mkfs.ext4 /dev/mapper/cryptfs-data
mkfs.ext4 /dev/mapper/cryptfs-metadata
my docker.service looks like this :
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
ExecStart=/usr/bin/docker daemon -H fd:// $OPTIONS
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
[Install]
WantedBy=multi-user.target
and the /etc/sysconfig/docker is like :
OPTIONS="--storage-driver=devicemapper --storage-opt dm.datadev=/dev/vgluks/lvdocker-data --storage-opt dm.metadatadev=/dev/vgluks/lvdocker-metadata --insecure-registry myregistryhost:443 -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"
The output of systemctl is :
systemctl status -l docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2015-12-23 16:05:28 CET; 25min ago
Docs: https://docs.docker.com
Main PID: 6544 (code=exited, status=1/FAILURE)
Dec 23 16:05:28 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
Dec 23 16:05:28 localhost.localdomain docker[6544]: time="2015-12-23T16:05:28.457356524+01:00" level=warning msg="/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\"
Dec 23 16:05:28 localhost.localdomain docker[6544]: time="2015-12-23T16:05:28.478448525+01:00" level=fatal msg="Error starting daemon: error initializing graphdriver: Error running deviceCreate (CreatePool) dm_task_run failed"
Dec 23 16:05:28 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Dec 23 16:05:28 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
Dec 23 16:05:28 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
Dec 23 16:05:28 localhost.localdomain systemd[1]: docker.service failed.

Docker can't start on centos7: failed to start docker application container engine

centos7 via vmware workstation player, and
[root#localhost Desktop]# uname -r
3.10.0-229.14.1.el7.x86_64
first, yum install docker-engine
then, other_args="--selinux-enabled" >> /etc/sysconfig/docker
when service docker start,I got error:
[root#localhost Desktop]# systemctl status docker.service -l
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled)
Active: activating (start) since 日 2015-10-25 19:49:32 PDT; 46s ago
Docs: https://docs.docker.com
Main PID: 14387 (docker)
CGroup: /system.slice/docker.service
└─14387 /usr/bin/docker daemon -H fd://
10月 25 19:49:32 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
10月 25 19:49:32 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
10月 25 19:49:32 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
10月 25 19:49:33 localhost.localdomain docker[14387]: time="2015-10-25T19:49:33.092885953-07:00" level=info msg="[graphdriver] using prior storage driver \"devicemapper\""
10月 25 19:49:33 localhost.localdomain docker[14387]: time="2015-10-25T19:49:33.093697949-07:00" level=info msg="Option DefaultDriver: bridge"
10月 25 19:49:33 localhost.localdomain docker[14387]: time="2015-10-25T19:49:33.093729432-07:00" level=info msg="Option DefaultNetwork: bridge"
10月 25 19:49:33 localhost.localdomain docker[14387]: time="2015-10-25T19:49:33.108983655-07:00" level=warning msg="Running modprobe bridge nf_nat br_netfilter failed with message: modprobe: WARNING: Module br_netfilter not found.\n, error: exit status 1"
who can help me ? thanks.

After installing docker on centos7,Failed to start docker."Job for docker.service failed."

After executing yum install docker on centos7, I want to start docker by executing service docker start, then i can see the error:
Redirecting to /bin/systemctl start docker.service
Job for docker.service failed. See 'systemctl status docker.service' and 'journalctl -xn' for details.
then I execute systemctl status docker.service -l, then the error is:
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled)
Active: failed (Result: exit-code) since Sun 2015-03-15 03:49:49 EDT; 12min ago
Docs: http://docs.docker.com
Process: 11444 ExecStart=/usr/bin/docker -d $OPTIONS $DOCKER_STORAGE_OPTIONS (code=exited, status=1/FAILURE)
Main PID: 11444 (code=exited, status=1/FAILURE)
Mar 15 03:49:48 localhost.localdomain docker[11444]: 2015/03/15 03:49:48 docker daemon: 1.3.2 39fa2fa/1.3.2; execdriver: native; graphdriver:
Mar 15 03:49:48 localhost.localdomain docker[11444]: [a25f748b] +job serveapi(fd://)
Mar 15 03:49:48 localhost.localdomain docker[11444]: [info] Listening for HTTP on fd ()
Mar 15 03:49:48 localhost.localdomain docker[11444]: [a25f748b] +job init_networkdriver()
Mar 15 03:49:48 localhost.localdomain docker[11444]: [a25f748b] -job init_networkdriver() = OK (0)
Mar 15 03:49:49 localhost.localdomain docker[11444]: 2015/03/15 03:49:49 write /var/lib/docker/init/dockerinit-1.3.2: no space left on device
Mar 15 03:49:49 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 15 03:49:49 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
Mar 15 03:49:49 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
I really have no idea, looking forward to your response, I will be very appreciative!
this error usually occurs because of missing device-mapper-event-libs package.
# yum install device-mapper-event-libs
Thanks for Ben Whaley's advice,When I check my disk space,Indeed it's not enough.I extend my disk space and solve the problem. It's the first time I put forward questions,It's really of help. thanks again.
I upgraded the CentOS 7 kernel from 3 to 4.
NOTE: I upgraded Kernel for other reasons also, first try without upgrading kernel.
delete the folder docker under /var/lib
go to cd /etc/sysconfig
vi docker (before editing copy docker docker.org)
see Line there you find OPTIONS='--selinux-disabled --log-driver=journald'
Remove --selinux-disabled should like OPTIONS='--log-driver=journald'
Now un-comment # setsebool -P docker_transition_unconfined 1 to setsebool -P docker_transition_unconfined 1
reboot the machine or you try only docker start to check for me it works :)

Resources