You are not logged in.
system is up to date, however docker service wont start
docker 1:18.05.0-2
firewalld 0.6.0-1
iptables 1.6.2-2
journalctl -xe 1 ↵ 946 13:39:11
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10.919897906-04:00" level=info msg="libcontainerd: started new docker-containerd process" pid=10495
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="starting containerd" module=containerd revision=773c489c9c1b21a6d78b5c538>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.content.v1.content"..." module=containerd t>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.snapshotter.v1.btrfs"..." module=containerd>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.btrfs" error="path >
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.snapshotter.v1.overlayfs"..." module=contai>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.metadata.v1.bolt"..." module=containerd typ>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=warning msg="could not use snapshotter btrfs in metadata plugin" error="path /var/l>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.differ.v1.walking"..." module=containerd ty>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.gc.v1.scheduler"..." module=containerd type>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.containers"..." module=containerd t>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.content"..." module=containerd type>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.diff"..." module=containerd type=io>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.events"..." module=containerd type=>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.healthcheck"..." module=containerd >
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.images"..." module=containerd type=>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.leases"..." module=containerd type=>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.namespaces"..." module=containerd t>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.snapshots"..." module=containerd ty>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.monitor.v1.cgroups"..." module=containerd t>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.runtime.v1.linux"..." module=containerd typ>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.tasks"..." module=containerd type=i>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.version"..." module=containerd type>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." module=container>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg=serving... address="/var/run/docker/containerd/docker-containerd-debug.soc>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg=serving... address="/var/run/docker/containerd/docker-containerd.sock" mod>
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10-04:00" level=info msg="containerd successfully booted in 0.002698s" module=containerd
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10.935011434-04:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10.973785397-04:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10.974383604-04:00" level=warning msg="Your kernel does not support cgroup rt period"
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10.974427087-04:00" level=warning msg="Your kernel does not support cgroup rt runtime"
Aug 12 13:39:10 dev01.home.jsaba.net dockerd[10484]: time="2018-08-12T13:39:10.975351922-04:00" level=info msg="Loading containers: start."
Aug 12 13:39:10 dev01.home.jsaba.net firewalld[9822]: WARNING: COMMAND_FAILED: '/usr/bin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION' failed: iptables v1.6.2: Couldn>
Try `iptables -h' or 'iptables --help' for more information.
Aug 12 13:39:11 dev01.home.jsaba.net tracker-extract[10467]: Could not insert metadata for item "file:///home/js02sixty/Pictures/Firefox_wallpaper.png": Unable to insert multi>
Aug 12 13:39:11 dev01.home.jsaba.net tracker-extract[10467]: If the error above is recurrent for the same item/ID, consider running "tracker-extract" in the terminal with the >
Aug 12 13:39:11 dev01.home.jsaba.net firewalld[9822]: WARNING: COMMAND_FAILED: '/usr/bin/iptables -w2 -t nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' failed: ipta>
Perhaps iptables or your kernel needs to be upgraded.
Aug 12 13:39:11 dev01.home.jsaba.net firewalld[9822]: WARNING: COMMAND_FAILED: '/usr/bin/iptables -w2 -t nat -D OUTPUT -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j DOCK>
Perhaps iptables or your kernel needs to be upgraded.
Aug 12 13:39:11 dev01.home.jsaba.net firewalld[9822]: WARNING: COMMAND_FAILED: '/usr/bin/iptables -w2 -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables>
Perhaps iptables or your kernel needs to be upgraded.and i tried this...
js02sixty@dev01 ~ sudo dockerd ✔ 947 13:45:29
WARN[2018-08-12T13:45:29.951809848-04:00] Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior dir=/var/lib/docker error="error getting daemon root's parent mount: Could not find source mount of /var/lib/docker"
INFO[2018-08-12T13:45:29.952801003-04:00] libcontainerd: started new docker-containerd process pid=11368
INFO[0000] starting containerd module=containerd revision=773c489c9c1b21a6d78b5c538cd395416ec50f88 version=v1.0.3
INFO[0000] loading plugin "io.containerd.content.v1.content"... module=containerd type=io.containerd.content.v1
INFO[0000] loading plugin "io.containerd.snapshotter.v1.btrfs"... module=containerd type=io.containerd.snapshotter.v1
WARN[0000] failed to load plugin io.containerd.snapshotter.v1.btrfs error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter" module=containerd
INFO[0000] loading plugin "io.containerd.snapshotter.v1.overlayfs"... module=containerd type=io.containerd.snapshotter.v1
INFO[0000] loading plugin "io.containerd.metadata.v1.bolt"... module=containerd type=io.containerd.metadata.v1
WARN[0000] could not use snapshotter btrfs in metadata plugin error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter" module="containerd/io.containerd.metadata.v1.bolt"
INFO[0000] loading plugin "io.containerd.differ.v1.walking"... module=containerd type=io.containerd.differ.v1
INFO[0000] loading plugin "io.containerd.gc.v1.scheduler"... module=containerd type=io.containerd.gc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.containers"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.content"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.diff"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.events"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.healthcheck"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.images"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.leases"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.namespaces"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.snapshots"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.monitor.v1.cgroups"... module=containerd type=io.containerd.monitor.v1
INFO[0000] loading plugin "io.containerd.runtime.v1.linux"... module=containerd type=io.containerd.runtime.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.tasks"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.version"... module=containerd type=io.containerd.grpc.v1
INFO[0000] loading plugin "io.containerd.grpc.v1.introspection"... module=containerd type=io.containerd.grpc.v1
INFO[0000] serving... address="/var/run/docker/containerd/docker-containerd-debug.sock" module="containerd/debug"
INFO[0000] serving... address="/var/run/docker/containerd/docker-containerd.sock" module="containerd/grpc"
INFO[0000] containerd successfully booted in 0.004176s module=containerd
INFO[2018-08-12T13:45:29.978138358-04:00] [graphdriver] using prior storage driver: overlay2
INFO[2018-08-12T13:45:30.017901731-04:00] Graph migration to content-addressability took 0.00 seconds
WARN[2018-08-12T13:45:30.018575834-04:00] Your kernel does not support cgroup rt period
WARN[2018-08-12T13:45:30.018631810-04:00] Your kernel does not support cgroup rt runtime
INFO[2018-08-12T13:45:30.020171139-04:00] Loading containers: start.
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: COMMAND_FAILED: '/usr/bin/iptables -w2 -t nat -N DOCKER' failed: iptables v1.6.2: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.Offline
Had the same problem; tried rolling back kernel to 4.17.13 and 4.17.12 with no effect. The regression was introduced some time between 31 July ~0000Z and 7 August ~0000Z based on reviewing logs. libvirtd.service reports a similar error (missing the nat chain).
> uname -a && pacman -Qi linux
Linux alphonse 4.17.14-arch1-1-ARCH #1 SMP PREEMPT Thu Aug 9 11:56:50 UTC 2018 x86_64 GNU/Linux
Name : linux
Version : 4.17.14.arch1-1
Description : The Linux kernel and modules
Architecture : x86_64
URL : https://github.com/archlinux/linux/commits/v4.17.14-arch1
Licenses : GPL2
Groups : base
Provides : None
Depends On : coreutils linux-firmware kmod mkinitcpio
Optional Deps : crda: to set the correct wireless channels of your country [installed]
Required By : acpi_call
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 67.41 MiB
Packager : Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Build Date : 2018-08-09T07:56:08 EDT
Install Date : 2018-08-12T12:39:44 EDT
Install Reason : Explicitly installed
Install Script : Yes
Validated By : SignatureLast edited by backerman (2018-08-12 18:11:14)
Offline
So it's definitely a firewalld thing; I tried changing the backend to iptables and blacklisting some nftables modules (eth0:1's post in this thread) which appears to solve the problem.
Last edited by backerman (2018-08-12 18:41:23)
Offline
yes using iptables and nftables at the same time is probably a bad idea, systemd auto loads iptables so need blacklist iptables for nftables to work properly.
Last edited by kevku (2018-08-12 19:11:40)
Offline
In my case, firewalld had problems creating NAT chains after updating it to 0.6.0. Updating the kernel to 4.18.1 fixed this and Docker started to work normally. I didn't need to change backends and blacklist nftables modules. Apparently firewalld's new default nftables backend requires kernel 4.18 or greater.
$ uname -a
Linux x 4.18.1-arch1-1-ARCH #1 SMP PREEMPT Wed Aug 15 21:11:55 UTC 2018 x86_64 GNU/LinuxOffline