I installed docker on a CentOS server but it failed while starting.
Below is the error which i got after typing systemctl start docker
Job for docker.service failed because the control process exited with
error code. See "systemctl status docker.service" and "journalctl -xe"
for details.
enter image description here
Me too faced the same error and below worked for me.
Edit the /etc/systemd/system/docker.service.d/10-machine.conf file
Change the ExecStart to be /usr/bin/dockerd instead of /user/bin/docker daemon, restart the systemctl daemon-reload, and run sudo systemctl -f start docker again.
Funnily enough only today we started having this issue with our dev env. Our version of docker that was provisioned wasn't pinned, and it looks like the most recent version available (1.13.1-53.git774336d.el7.centos) is causing problems as per your question. Targeting a previous version seems to get it back into a working state:
yum install docker-1.12.6-71.git3e8e77d.el7.centos
Be sure to remove the previous version first
yum remove docker
It Worked for me:
yum remove containerd
And remove previous docker and reinstall docker < of course >
Related
I'm trying to kill a docker container, but I got permission denied. I use Ubuntu 20.04, my docker version for client is 20.10.7 and the one for the server is 20.10.11.
This is the log I got:
Error response from daemon: Cannot kill container: fastapi_server: permission denied
I read that I should use this comand for restarting docker.
sudo systemctl restart docker.socket docker.service
But the thing is that when I execute this command, all my containers and images dissapear, but If I try on localhost:8000 my port is occupied by the container that I wanted to delete. And if I run sudo netstat -anp | grep 8000, I get:
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 2493/docker-proxy
tcp6 0 0 :::8000 :::* LISTEN 2500/docker-proxy
So this confirms that my port is already taken by a docker container, but when I run docker ps -a, I get no container. I also tried docker kill, but it did not work.
How should I kill this container & get my 8000 port free?
Please think twice before removing AppArmor. To my understanding this is central to application security for instance on recent major Ubuntu versions.
It seems the rights problem is specific to a Docker version. Assuming yours is also installed via snap, please attempt upgrading your Docker version to at least the current beta, e.g. with
snap refresh docker --beta
20.10.12 seems to work fine.
(In fact I fell for the suggestion and did remove my AppArmor - snaps went away. Then reinstalled ASAP, the settings of relevant snaps are still with me - afterwards installed docker back, had the problem, upgraded it: seems to work like a charm.)
It appeared that I had installed docker with snap as well as using the docker repository:
sudo snap list
So:
sudo snap remove docker --purge
sudo aa-remove-unknown
Along with re-installing Docker using the method described here solved my issues! No need to disable or remove apparmor.
Try these steps:
docker inspect
Find the PID AND kill that process.
If that does not work check with
dmesg
everything related to Docker. You can put output here that we can help you.
Ok,from you png ist seems that you have problem with AppArmor. Try this:
sudo apt purge --auto-remove apparmor
sudo service docker restart
docker system prune --all --volumes
what works for me in these cases:
sudo systemctl restart docker.socket docker.service
sudo docker image rm -f $(sudo docker image ls -q)
I installed Docker from snap and experienced the permission denied error response. After reading many users experiencing more problems with the apparmor suggestion, I uninstalled Docker from snap, then used digitalocean's Docker installation tutorial.
It worked for me, posting here as reference for others experiencing the same problem.
In my case it was also apparmor on Ubuntu 20.04 after upgrade from Bionic. By running dmesg I got error message:
[1113458.482007] audit: type=1400 audit(1672134271.112:1718): apparmor="DENIED" operation="signal" profile="docker-default" pid=1654 comm="dockerd" requested_mask="receive" denied_mask="receive" signal=kill peer="snap.docker.dockerd
To fix this please edit /etc/apparmor.d/docker and add to the beginning (however, after the 'profile docker-default .... {' ) the following line:
signal,
Then reload apparmor
sudo systemctl reload apparmor
This fixed it at least on my computer.
See more https://manpages.ubuntu.com/manpages/xenial/man5/apparmor.d.5.html under section signal:
Example AppArmor signal rules:
# Allow all signal access
signal,
The Docker command is not working after restarting (using sudo reboot) the Ubuntu (20.04) server.
Now, for any command with docker, it gives me an error. For example,
$ docker --help
cannot update snap namespace: cannot create symlink in "/etc/docker": existing file in the way
snap-update-ns failed with code 1
When I manually check, there is a file called key.json in the /etc/docker folder which has a json dictionary.
Before restarting, I have had few docker containers running in the background with volume connected. When I run systemctl start docker as mentioned in one StackOverflow answer, I am getting
Failed to start docker.service: Unit docker.service not found.
It would be great at least to recover the docker images that were there before restarting.
-- Edit --
For some reason, docker is working now. I have restarted once again after the initial restart which resulted in the error. But there was no improvement. However, it is working fine now. I do not know what solved the issue, maybe the cmd journalctl -u docker.service (as suggested in a comment) help in some way, or some other reason.
So, It would be great if someone can answer what was the initial reason for the trouble? It might help us to avoid this in the future.
It looks like a Snap-related Issue.
I Found a fix on the SnapCraft forum here :
https://forum.snapcraft.io/t/layouts-still-brittle-when-refreshing-snaps/26252/5
sudo rm -rf /etc/docker
sudo snap refresh
Works in both Ubuntu 18.04.5 and 20.04.5 LTS.
I am trying to configure auditing for docker daemon as follows:
Add the line below to the /etc/audit/audit.rules file:
-w /usr/bin/dockerd -k docker
Then, restart the audit daemon using the following command:
service auditd restart
This gives the following error:
Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only.
Using systemctl also doesn't work. Is there a workaround or a fix for this?
Updating RefuseManualStop to no in the /usr/lib/systemd/system/auditd.service
RefuseManualStop=no
Then reload the daemon as follows:
systemctl daemon-reload
Probably 2 years too late but for anyone facing the same on redhat 7. Run;
service auditd condrestart|try-restart
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-starting_the_audit_service
Found a solution here. The method to use is
sudo systemctl kill auditd
sudo systemctl start auditd
I get following error when starting Docker daemon from command line:
Error starting daemon: error while opening volume store metadata database: timeout
OS is Linux.
Any pointer how can I resolve this?
(Google search didn't yield anything)
It depends on your exact Linux distro, and docker version.
See for instance issue 26022: it has the same error message on Fedora after a
yum -y install docker-engine-1.13.1-1.el7.centos
Try and follow again the full installation procedure for your exact distro.
After investigating a lot and trying many commands, this has worked for me:
*Do not use '&&' to make the most compact command or otherwise it will not work.
sudo rm /var/run/docker.pid
sudo systemctl stop docker.socket
sudo systemctl stop docker
systemctl start docker
systemctl enable docker
sudo systemctl start docker
If this error appears ( running $ docker [command] ):
Cannot connect to the Docker daemon at unix:///home/mg/.docker/desktop/docker.sock. Is the docker daemon running?
The first thing you should do is to have Docker Desktop installed on your pc, of which you can get here https://docs.docker.com/desktop/windows/wsl/
You should also enable wsl2, Just going through the documentation from the link above should be enough.
Also make sure Settings > General > Use the WSL 2 based engine... box is checked.
REFERENCE https://stackoverflow.com/a/72890783/21061651
Running service docker start presents:
Job for docker.service failed. See 'systemctl status docker.service' and 'journalctl -xn' for details.
Both of those yield this error:
Failed to start Docker Application Container Engine.
I do not have internet access on this machine, and all the similar issues were resolved with a "yum reinstall docker" or "yum install device-mapper-event-libs" or "yum install docker-selinux". I've tried commenting out selinux under docker options but nothing changes.
What can I do? Should I download docker-selinux for my architecture and transfer it over and manually install?
Thanks for any help.
Edit: Adding some information, this is CentOS 7 Atomic Host & Docker version 1.71
In my case I tried to create a conf file, /etc/systemd/system/docker.service.d/hosts.conf with extra options but still didn't work. Finally, a reboot started docker service without any issues.
Hope this helps someone.