I've just tried to install Docker via the instructions from their site. After starting the service a call to docker version reports the daemon isn't running. Doing a ps -ef | grep docker and I can see that Docker was run using /usr/bin/docker daemon -H fd://. If I and try to run that manually, I get FATA[0000] No sockets found.
There's an issue about this in Fedora and it recommended removing the -H fd:// option. But I can't spot that anywhere (not in /etc/init.d/docker, /etc/default/docker, etc).
Can anyone help me get past this issue please?
Right, found it. Following the advice from the Docker docs, I ran:
sudo systemctl status docker | grep Loaded
That showed me the defaults came from /lib/systemd/system/docker.service. After that I copied the contents of that file to /etc/system.d/system/docker.service, overriding the bits I wanted (and removing the items that remained the same). After that, I ran sudo systemctl daemon-reload and now the Docker service is using the right command.
Still doesn't solve why my Docker instance doesn't appear to be running though...
Related
I'm trying to kill a docker container, but I got permission denied. I use Ubuntu 20.04, my docker version for client is 20.10.7 and the one for the server is 20.10.11.
This is the log I got:
Error response from daemon: Cannot kill container: fastapi_server: permission denied
I read that I should use this comand for restarting docker.
sudo systemctl restart docker.socket docker.service
But the thing is that when I execute this command, all my containers and images dissapear, but If I try on localhost:8000 my port is occupied by the container that I wanted to delete. And if I run sudo netstat -anp | grep 8000, I get:
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 2493/docker-proxy
tcp6 0 0 :::8000 :::* LISTEN 2500/docker-proxy
So this confirms that my port is already taken by a docker container, but when I run docker ps -a, I get no container. I also tried docker kill, but it did not work.
How should I kill this container & get my 8000 port free?
Please think twice before removing AppArmor. To my understanding this is central to application security for instance on recent major Ubuntu versions.
It seems the rights problem is specific to a Docker version. Assuming yours is also installed via snap, please attempt upgrading your Docker version to at least the current beta, e.g. with
snap refresh docker --beta
20.10.12 seems to work fine.
(In fact I fell for the suggestion and did remove my AppArmor - snaps went away. Then reinstalled ASAP, the settings of relevant snaps are still with me - afterwards installed docker back, had the problem, upgraded it: seems to work like a charm.)
It appeared that I had installed docker with snap as well as using the docker repository:
sudo snap list
So:
sudo snap remove docker --purge
sudo aa-remove-unknown
Along with re-installing Docker using the method described here solved my issues! No need to disable or remove apparmor.
Try these steps:
docker inspect
Find the PID AND kill that process.
If that does not work check with
dmesg
everything related to Docker. You can put output here that we can help you.
Ok,from you png ist seems that you have problem with AppArmor. Try this:
sudo apt purge --auto-remove apparmor
sudo service docker restart
docker system prune --all --volumes
what works for me in these cases:
sudo systemctl restart docker.socket docker.service
sudo docker image rm -f $(sudo docker image ls -q)
I installed Docker from snap and experienced the permission denied error response. After reading many users experiencing more problems with the apparmor suggestion, I uninstalled Docker from snap, then used digitalocean's Docker installation tutorial.
It worked for me, posting here as reference for others experiencing the same problem.
In my case it was also apparmor on Ubuntu 20.04 after upgrade from Bionic. By running dmesg I got error message:
[1113458.482007] audit: type=1400 audit(1672134271.112:1718): apparmor="DENIED" operation="signal" profile="docker-default" pid=1654 comm="dockerd" requested_mask="receive" denied_mask="receive" signal=kill peer="snap.docker.dockerd
To fix this please edit /etc/apparmor.d/docker and add to the beginning (however, after the 'profile docker-default .... {' ) the following line:
signal,
Then reload apparmor
sudo systemctl reload apparmor
This fixed it at least on my computer.
See more https://manpages.ubuntu.com/manpages/xenial/man5/apparmor.d.5.html under section signal:
Example AppArmor signal rules:
# Allow all signal access
signal,
I have been working with Docker for about two months now, working on Windows/WSL. The other day I needed to restart my machine and once it restarted I tried setting up my docker containers again and ran into an issue that I have had before, however. All the solutions I used last time do not work, and none on google work either.
I have tried a lot of things, every single possibility on the internet I could fine and I have been stuck on this for at least 8 hours already and wish to waste no more time on it. I will list a few I have already tried but do not work:
sudo usermod -aG docker $USER
sudo ln -s /mnt/c/Program\ Files/Docker/Docker/resources/bin/docker.exe /usr/bin/docker
using sudo
restarted docker
reinstalled docker desktop (windows)
The command within our make file runs this:
docker-compose up -d
We use a MakeFile to make our lives a lot easier in terms of docker commands so usually I would run this command and it should just bring the container up and work fine. But instead I get this:
ERROR: Couldn't connect to Docker daemon at http+docker://localhost - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
Makefile:13: recipe for target 'up' failed
make: *** [up] Error 1
I was then recommended trying sudo dockerd which I then get this error, which does half explain the issue but I could not find a clear answer on how to fix my issue:
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
I am really hoping someone is able to help me with this as I am so stuck and need to get this to work.
It turns out the issue was to do with the groups. The solution that I found worked was to remove the user group "docker" using:
sudo groupadd docker
sudo usermod -aG docker $(whoami)
Then I ran the command for my make file and it worked!
I hope this benefits some of you!
From this github issue:
Try running dockerd or sudo dockerd if required first to start daemon. If you start dockerd with sudo you may want to run docker-compose up with sudo also. otherwise it's fine.
I had the same issue. I managed to fix this by upgrading to WSL 2 from version 1.
To get your current version in powershell :
wsl -l -v
For me it was written version 1.
To upgrade from 1 to 2 :
wsl --set-version <NAME-FROM-PREVIOUS-COMMAND> 2
For me it was Ubuntu :
wsl --set-version Ubuntu 2
And then the docker daemon could be started as expected inside wsl. (with sudo in my case)
sudo dockerd
sudo docker-compose up
I hope it could help.
I get following error when starting Docker daemon from command line:
Error starting daemon: error while opening volume store metadata database: timeout
OS is Linux.
Any pointer how can I resolve this?
(Google search didn't yield anything)
It depends on your exact Linux distro, and docker version.
See for instance issue 26022: it has the same error message on Fedora after a
yum -y install docker-engine-1.13.1-1.el7.centos
Try and follow again the full installation procedure for your exact distro.
After investigating a lot and trying many commands, this has worked for me:
*Do not use '&&' to make the most compact command or otherwise it will not work.
sudo rm /var/run/docker.pid
sudo systemctl stop docker.socket
sudo systemctl stop docker
systemctl start docker
systemctl enable docker
sudo systemctl start docker
If this error appears ( running $ docker [command] ):
Cannot connect to the Docker daemon at unix:///home/mg/.docker/desktop/docker.sock. Is the docker daemon running?
The first thing you should do is to have Docker Desktop installed on your pc, of which you can get here https://docs.docker.com/desktop/windows/wsl/
You should also enable wsl2, Just going through the documentation from the link above should be enough.
Also make sure Settings > General > Use the WSL 2 based engine... box is checked.
REFERENCE https://stackoverflow.com/a/72890783/21061651
When trying to stop or restart a docker container I'm getting the following error message:
$ docker restart 5ba0a86f36ea
Error response from daemon: Cannot restart container 5ba0a86f36ea: [2] Container does not exist: container destroyed
Error: failed to restart containers: [5ba0a86f36ea]
But when I run
$ docker logs -f 5ba0a86f36ea
I can see the logs, so obviously the container does exist. Any ideas?
Edit:
sorry, I forgot to mention this:
When I run docker ps -a I see the container as up and running. However the application inside it is malfunctioning so I want to restart it, or just get a fresh version of that application online. But when I can't stop and remove the container, I also can't get a new application up and running, which would be listening to the same port.
I couldn't locate boot2docker in my machine. So, I came up with something that worked for me.
$ sudo systemctl restart docker.socket docker.service
$ docker rm -f <container id>
Check if it helps you as well.
All the docker:
start | restart | stop | rm --force | kill commands
may not work if the container is stuck. You can always restart the docker daemon. However, if you have other containers running, that may not be the option. What you can do is:
ps aux | grep <<container id>> | awk '{print $1 $2}'
The output contains:
<<user>><<process id>>
Then kill the process associated with the container like so:
sudo kill -9 <<process id from above command>>
That will kill the container and you can start a new container with the right image.
That looks like docker/docker/issues/12738, seen with docker 1.6 or 1.7:
Some container fail to stop properly, and the restart
We are seeing this issue a lot in our users hosts when they upgraded from 1.5.0 to 1.6.0.
After the upgrade, some containers cannot be stopped (giving 500 Server Error: Internal Server Error ("Cannot stop container xxxxx: [2] Container does not exist: container destroyed")) or forced destroyed (giving 500 Server Error: Internal Server Error ("Could not kill running container, cannot remove - [2] Container does not exist: container destroyed")).
The processes are still running on the host.
Sometimes, it works after restarting the docker daemon.
There are some workarounds:
I've tried all remote API calls for that unkillable container and here are results:
json, stats, changes, top, logs returned valid responses
stop, pause, wait, kill reported 404 (!)
After I finished with remote API, I double-checked docker ps (the container was still there), but then I retried docker kill and it worked! The container got killed and I could remove it.
Or:
What worked was to restart boot2docker on my host. Then docker rm -f
$ boot2docker stop
$ boot2docker start
$ docker rm -f 1f061139ba04
Worth knowing:
If you are running an ENTRYPOINT script ... the script will work with the shebang
#!/bin/bash -x
But will stop the container from stopping with
#!/bin/bash -xe
Enjoy
sudo aa-remove-unknown
This is what worked for me.
Check if there is any zombie process using "top" command.
docker ps | grep <<container name>>
Get the container id.
ps -ef | grep <<container id>>
ps -ef|grep defunct | grep java
And kill the container by Parent PID .
For anyone on a Mac who has Docker Desktop installed. I was able to just click the tray icon and say Restart Docker. Once it restarted was able to delete the containers.
If you're on a Mac and try this via Terminal: Use killall Docker to quit Docker.
Restart it in the Applications folder or with open /Applications/Docker.app.
Subsequently you can run a docker rm <id> for the concerned container.
I had the same problem on a windows host machine and none of the other options here worked for me. I ended up just needing to delete the physical container folder, which was located here:
C:\ProgramData\Docker\containers\[container guid]
I had stopped the docker service first just to be safe and when I restarted it, the broken containers were now gone and I was able to create new ones. I suspect the same will work on a linux host machine, but I do not know where the container folders are kept on that OS.
Ubuntu
Stop the container by using its system process ID.
Get the main process ID using:
docker inspect -f '{{.State.Pid}}' container-id
This will return an id as ´25430´.
Kill this with the command
sudo kill -9 25430
in my case, i couldn't delete container created with nomad jobs,
there's no output for the docker logs <ContainerID> and, in general, it looks like frozen.
until now the solution is: sudo service docker restart, may someone suggest better one?
i forgot that i had made the container start as a system service.
so if i stopped or killed the container, the service would bring it back.
if you are using systemctl, you can list all the running services with systemctl | grep running and find the name of the service.
then use
sudo systemctl disable <your_service_name> to stop it.
If you're on Ubuntu, make sure docker-compose isn't installed as a snap. This will cause all kinds of random issues, including the above.
Remove the snap:
sudo snap remove docker-compose
And install manually from the compose repository:
Docker compose installation instruction
Sometimes this is caused by problem of the docker daemon.
I solved the problem by restarting the docker service.
On Linux:
systemctl restart docker
In my case, docker rm $(docker ps -aq) works for me.
I have installed docker in Linux Mint 17 Qiana (which is based on Ubuntu 14.04) present in the Oracle VM. If I tries to start, it shows the following error,
FATA[0000] Get http:///var/run/docker.sock/v1.18/containers/json: dial unix /var/run/docker.sock: no such file or directory. Are you trying to connect to a TLS-enabled daemon without TLS?
I couldn't find any useful information regarding this when I tried googling regarding the same. This stackoverflow question suggesting to restart my system, but it doesn't work.
I'm seeing the following related questions which are unhelpful.
/var/run/docker.sock: no such file or directory. Are you trying to connect to a TLS-enabled daemon without TLS?
Docker: Are you trying to connect to a TLS-enabled daemon without TLS?
So, any help on this would be greatly helpful.
I don't know how it comes with .deb package (I'm using Fedora), but TLS shouldn't be set by default, so I would suggest following some basic steps to see if it is running correctly.
1. Check if docker daemon is running
ps aux | grep docker
root 4215 0.1 0.1 440156 17332 ? Ssl 15:48 0:00 /usr/bin/docker -d -D --bip=172.17.42.1/16 --dns=172.17.42.1 --dns-search=docker -s overlay
wololock 8986 0.0 0.0 113024 2304 pts/1 S+ 15:50 0:00 /usr/bin/grep docker
I the docker process is not running, try sudo /etc/init.d/docker start or sudo service docker start
2. Check if /var/run/docker.sock exists
ls -la /var/run/docker.*
-rw-r--r--. 1 root root 4 04-23 15:48 /var/run/docker.pid
srw-rw----. 1 root docker 0 04-23 15:48 /var/run/docker.sock
The important part here is that file need to be own by group docker, so you can connect to it without root permissions.
If docker.sock does not exist, you can try running docker from the command line with debug mode on to see what causes the problem:
sudo docker -d -D
3. Check if your user is added to docker group
id -a
uid=1000(wololock) gid=1000(wololock) grupy=1000(wololock),0(root),10(wheel),100(users),977(docker),989(pkg-build)
If you wont find your user in docker group, try adding yourself to it by:
sudo gpasswd -a [username] docker
4. Get the latest docker version
If the previous attempts wont help, try getting the latest docker version from https://docs.docker.com/installation/ubuntulinux/#installing-docker-on-ubuntu I'm not sure, but this line:
FATA[0000] Get http:///var/run/docker.sock/v1.18/containers/json:
suggests that you're using docker v1.18. I might be wrong, but if it's true, this is not the most recent docker version and it should be upgraded. I use currently docker v1.5.0, it works well on Fedora 21
IMPORTANT: UBUNTU / LINUX MINT USERS
The problem we discussed here was caused by missing (or not running) apparmor package in the ubuntu/linuxmint distribution. The easiest way to fix it is to install apparmor:
sudo apt-get install apparmor
If it's installed yet not running, start it with:
sudo service apparmor start
https://wiki.ubuntu.com/AppArmor
https://github.com/docker/docker/issues/9745
I hope my answer will help you in resolving your problem. If you have any questions, feel free to ask. I will try to help you as much as I can.