Im running a vServer with Ubuntu 16.04 installed. All packages seems up-to-date. My kernel-version is the following: Linux 4.4.0-042stab130.1 x86_64.
I want to install docker-ce for development purposes. Now everytime I try to install it via apt, it crashes because it cannot start docker.
journalctl -u docker shows me the following error messages:
level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.
level=warning msg="Your kernel does not support oom control
level=warning msg="Your kernel does not support memory swappiness
level=warning msg="Your kernel does not support kernel memory limit
level=warning msg="Unable to find cpu cgroup in mounts
level=warning msg="Unable to find cpuset cgroup in mounts
level=warning msg="mountpoint for pids not found
Error starting daemon: Devices cgroup isn't mounted
So I have no experience with the features provided by overlay or overlay2. I just barely read about it, and that it should be supported by the linux kernel as version 4 and above.
I do not know what to do, to make docker work.
Help is appreciated, thanks in advance.
Related
Tried: restart, upgrade
no warning on docker info
journalctl -u docker.service:
level=warning msg="Your kernel does not support swap memory limit"
level=warning msg="Your kernel does not support CPU realtime scheduler"
level=warning msg="Your kernel does not support cgroup blkio weight"
level=warning msg="Your kernel does not support cgroup blkio weight_device"
...
level=error msg="collecting stats for ... wrong wireType = 0 for field Hugetlb"
I am running docker on GCP's container optimized os (through a VM). Is there any way to increase docker container disk space limitation?
Here is the results of uname -a
Linux instance-1 4.19.197+ #1 SMP Thu Jul 22 21:10:38 PDT 2021 x86_64 Intel(R) Xeon(R) CPU # 2.80GHz GenuineIntel GNU/Linux
Due to lack of permission I could not implement previous solutions on SO.
I was facing issues installing docker on cloud server according to the official guide(Install Docker Engine on Ubuntu). I finished old version's uninstallation, the repository setting up and docker engine installation (sudo apt-get install docker-ce docker-ce-cli containerd.io). However, I got an error when running hello-world.
wyf#VM1103-Timi:~$ sudo docker run hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"proc\\\" to rootfs \\\"/var/lib/docker/overlay2/e9fedf64e8983aa01e513cee591cdfd7fc60962466a476b51fc1ead682ec8022/merged\\\" at \\\"/proc\\\" caused \\\"permission denied\\\"\"": unknown.
ERRO[0000] error waiting for container: context canceled
I tried restart docker and server, but the problem still exists.
So, it would be great if someone can guide me in fixing this error.
Please let me know if you have any idea about this issue.
Thank you very much!
Ps:
My system is Ubuntu 18.04. Thus, I did not have selinux. Instead of selinux, I checked AppArmor log.
May 19 21:14:55 VM1103-Timi networkd-dispatcher[155]: WARNING:Unknown index 37 seen, reloading interface list
May 19 21:14:55 VM1103-Timi systemd-networkd[126]: veth71cf495: Link UP
May 19 21:14:55 VM1103-Timi containerd[170]: time="2020-05-19T21:14:55.679793295+08:00" level=info msg="shim containerd-shim started" address="/containerd-shim/moby/4c207ce1273d2c863ee419c5ebb271163a031394bd4c17ee75d44267d631954d/shim.sock" debug=false pid=106265
May 19 21:14:55 VM1103-Timi containerd[170]: time="2020-05-19T21:14:55.767796543+08:00" level=info msg="shim reaped" id=4c207ce1273d2c863ee419c5ebb271163a031394bd4c17ee75d44267d631954d
May 19 21:14:55 VM1103-Timi dockerd[15100]: time="2020-05-19T21:14:55.776863367+08:00" level=error msg="stream copy error: reading from a closed fifo"
May 19 21:14:55 VM1103-Timi dockerd[15100]: time="2020-05-19T21:14:55.776953910+08:00" level=error msg="stream copy error: reading from a closed fifo"
May 19 21:14:55 VM1103-Timi systemd-networkd[126]: veth71cf495: Link DOWN
May 19 21:14:55 VM1103-Timi dockerd[15100]: time="2020-05-19T21:14:55.927805156+08:00" level=error msg="4c207ce1273d2c863ee419c5ebb271163a031394bd4c17ee75d44267d631954d cleanup: failed to delete container from containerd: no such container"
The strange thing is that there is no record of permission-denied error.
Here are my ubuntu version, kernal version and docker info:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
5.3.18-3-pve
Client:
Debug Mode: false
Server:
Containers: 8
Running: 0
Paused: 0
Stopped: 8
Images: 1
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.3.18-3-pve
Operating System: Ubuntu 18.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 4GiB
Name: VM1103-Timi
ID: 3G3F:LTVZ:NO25:C7LA:XKQV:ETMB:B6QU:3ZFJ:KBA5:R3KK:QZEA:ZONC
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
It seemed that the AppArmor Profile "docker-default" was lost. "docker-default" was not correctly generated. Check as follows:
root#VM1103-Timi:/etc/apparmor.d# aa-status
apparmor module is loaded.
12 profiles are loaded.
12 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/lightdm/lightdm-guest-session
/usr/lib/lightdm/lightdm-guest-session//chromium
/usr/sbin/mysqld
/usr/sbin/tcpdump
docker-default
man_filter
man_groff
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
/usr/sbin/mysqld (258)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
Solution is probably to open ports needed. Your system might be running selinux and (ufw or firewalld or iptables) ?and/or others?. Read up a bit on linux firewall tools, in particular the ones running on your system.
For the selinux case, you need to check selinux logs, is it blocking access? Add exceptions using selinux commands.
https://wiki.centos.org/HowTos/SELinux These tools are well worth learning but can be complicated. A quick test disabling selinux and firewalld can confirm that this is the source of problem and you can enable selinux and firewalld later and allow/open ports in a secure way.
Simple test: disable selinux and firewalld, e.g. on CentOS
systemctl stop firewalld;
setenforcing 0;
If you can create containers with selinux disabled then you have confirmed selinux is your problem. You can enable firewall and selinux and then add exceptions and open ports as needed later.
This looks good (specific to ubuntu but general enough IMHO), It details ufw commands, firewalld commands and iptables commands needed for opening ports to allow docker swarm to work) https://www.digitalocean.com/community/tutorials/how-to-configure-the-linux-firewall-for-docker-swarm-on-ubuntu-16-04
I originally got useful info on ufw commands to open ports needed from here:
Error response from daemon: attaching to network failed, make sure your network options are correct and check manager logs: context deadline exceeded
ufw allow 2376/tcp
ufw allow 2377/tcp
ufw allow 7946/tcp
ufw allow 7946/udp
ufw allow 4789/udp
ufw enable #maybe
ufw reload
systemctl restart docker
This is a common enough problem where something usually selinux is not allowing access to ports needed.
e.g.
https://github.com/google/cadvisor/issues/333
docker.log
time="2020-02-18T10:05:51.740757000+08:00" level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded." storage-driver=overlay2
time="2020-02-18T10:05:51.747446000+08:00" level=error msg="AUFS was not found in /proc/filesystems" storage-driver=aufs
time="2020-02-18T10:05:51.758181000+08:00" level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded." storage-driver=overlay
time="2020-02-18T10:05:51.990661000+08:00" level=error msg="Udev sync is not supported. This will lead to data loss and unexpected behavior. Install a more recent version of libdevmapper or select a different storage driver. For more information, see https://docs.docker.com/engine/reference/commandline/dockerd/#storage-driver-options" storage-driver=devicemapper
time="2020-02-18T10:05:52.146274000+08:00" level=warning msg="Your kernel does not support cgroup memory limit"
time="2020-02-18T10:05:52.146389000+08:00" level=warning msg="Unable to find cpu cgroup in mounts"
time="2020-02-18T10:05:52.146445000+08:00" level=warning msg="Unable to find blkio cgroup in mounts"
time="2020-02-18T10:05:52.146504000+08:00" level=warning msg="Unable to find cpuset cgroup in mounts"
time="2020-02-18T10:05:52.146553000+08:00" level=warning msg="mountpoint for pids not found"
time="2020-02-18T10:05:52.149506000+08:00" level=info msg="stopping healthcheck following graceful shutdown" module=libcontainerd
time="2020-02-18T10:05:52.160535000+08:00" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Devices cgroup isn't mounted
docker version
Client: Docker Engine - Community
Version: 19.03.6
API version: 1.40
Go version: go1.12.16
Git commit: 369ce74
Built: Thu Feb 13 01:40:25 2020
OS/Arch: linux/arm
Experimental: false
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
I have this literally bookmarked, and I go here every time I need to start docker on my netbooting Alpine. Single command to mount the cgroup pseudofs, w/o touching fstab:
sudo mount -t cgroup cgroup /sys/fs/cgroup
FYI: this may be also caused by your kernel not having cgroup support compiled in, but it's highly unlikely.
I am trying to install docker on an Ubuntu 16.04 on a remote webserver. However, I get an error that is really frustrating me. I have been installing docker a lot of times already, also on this OS, but this never happened.
I am stuck at sudo apt-get install -y docker-engine, when docker-engine cannot be installed:
~# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since So 2017-03-05 17:47:20 CET; 32s ago
Docs: https://docs.docker.com
Main PID: 18194 (code=exited, status=1/FAILURE)
dockerd[18194]: time="2017-03-05T17:47:20.567753592+01:00" level=error msg="'overlay' not found as a supported filesystem on this host. Please e
dockerd[18194]: time="2017-03-05T17:47:20.569299675+01:00" level=error msg="'overlay' not found as a supported filesystem on this host. Please e
dockerd[18194]: time="2017-03-05T17:47:20.591796895+01:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
dockerd[18194]: time="2017-03-05T17:47:20.592394882+01:00" level=warning msg="Your kernel does not support oom control"
dockerd[18194]: time="2017-03-05T17:47:20.592410368+01:00" level=warning msg="Your kernel does not support memory swappiness"
dockerd[18194]: time="2017-03-05T17:47:20.592421460+01:00" level=warning msg="Your kernel does not support kernel memory limit"
dockerd[18194]: time="2017-03-05T17:47:20.592427398+01:00" level=warning msg="Unable to find cpu cgroup in mounts"
dockerd[18194]: time="2017-03-05T17:47:20.592458649+01:00" level=warning msg="Unable to find cpuset cgroup in mounts"
dockerd[18194]: time="2017-03-05T17:47:20.592490516+01:00" level=warning msg="mountpoint for pids not found"
dockerd[18194]: Error starting daemon: Devices cgroup isn't mounted
I added root to the group, also I found the advice to add GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" to the file /etc/default/grub, but that file does not exist!
I also tried sudo apt-get install cgroupfs-mount but without success :-(
Thank you for your help!
So, folks. There is no solution, unfortunately. The reason is the architecture of the remote webserver, a hosted VM.
My provider told me all VMs use the same kernels in one environment and therefore dokker can't access it.
The only option now is to switch to another server.