CentOS7 Docker Install Failing

bobcdockerid · January 2, 2022, 9:25pm

I’m new to Docker, and this forum. I posted this topic on Stackoverflow, before learning about this forum. No replies at SO, so thought I’d try here.

Following https://docs.docker.com/engine/install/centos, I installed docker using:$ sudo yum install docker-ce docker-ce-cli containerd.io which generated INSTALL OUTPUT below.

I had no errors until I tried to start it$ sudo systemctl start docker, which resulted in the STATUS ERROR below.

Looks like there’s something wrong with containerd. You can see in my HOST DETAILS below that the kernel is Linux 3.10.0-1160.21.1.vz7.174.13, which seems like it should be OK with this docker version.

Any ideas on a fix?

Thanks!

INSTALL OUTPUT

    Installed:
    containerd.io.x86_64 0:1.4.12-3.1.el7   docker-ce.x86_64 3:20.10.12-3.el7    docker-ce-cli.x86_64 1:20.10.12-3.el7

    Dependency Installed:
    container-selinux.noarch 2:2.119.2-1.911c772.el7_8  docker-ce-rootless-extras.x86_64 0:20.10.12-3.el7    docker-scan-plugin.x86_64 0:0.12.0-3.el7  fuse-overlayfs.x86_64 0:0.7.2-6.el7_8  fuse3-libs.x86_64 0:3.6.1-4.el7
    libseccomp.x86_64 0:2.3.1-4.el7                     selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2  slirp4netns.x86_64 0:0.4.3-4.el7_8

STATUS ERROR

    $ sudo systemctl start docker
      Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
    $ systemctl status docker.service
    ? docker.service - Docker Application Container Engine
       Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
       Active: failed (Result: start-limit) since Sat 2022-01-01 17:08:51 EST; 1min 7s ago
         Docs: https://docs.docker.com
      Process: 17038 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
     
     Main PID: 17038 (code=exited, status=1/FAILURE)
    Jan 01 17:08:49 systemd[1]: docker.service failed.
    Jan 01 17:08:51 systemd[1]: docker.service holdoff time over, scheduling restart.
    Jan 01 17:08:51 systemd[1]: Stopped Docker Application Container Engine.
    Jan 01 17:08:51 systemd[1]: start request repeated too quickly for docker.service
    Jan 01 17:08:51 systemd[1]: Failed to start Docker Application Container Engine.
    Jan 01 17:08:51 systemd[1]: Unit docker.service entered failed state.

HOST DETAILS

    $ hostnamectl
       Static hostname: dev.mydomain.com
         Icon name: computer-container
           Chassis: container
        Machine ID: 3cdd9d9813d14b4f841caa5044ebf2d4
           Boot ID: ced3a3b21e324b998482d48d33ecd5e6
    Virtualization: openvz
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-1160.21.1.vz7.174.13
      Architecture: x86-64

JOURNAL OUTPUT

    $ journalctl -xe
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.776526285-05:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.783818364-05:00" level=info msg="parsed scheme: \"unix\"" module=grpc
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.783838324-05:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.783867689-05:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.783884096-05:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.826677601-05:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.840494316-05:00" level=info msg="Loading containers: start."
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.842323256-05:00" level=warning msg="Running iptables --wait -t nat -L -n failed with message: `iptables v1.4.21: can't initialize iptables table `nat': Ta
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.871019291-05:00" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
    Jan 02 17:46:18 dockerd[7057]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables --wait -t nat -N DO
    Jan 02 17:46:18 dockerd[7057]: Perhaps iptables or your kernel needs to be upgraded.
    Jan 02 17:46:18 dockerd[7057]: (exit status 3)
    Jan 02 17:46:18 dockerd[7057]: time="2022-01-02T17:46:18.871236114-05:00" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby
    Jan 02 17:46:18 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
    Jan 02 17:46:18 systemd[1]: Failed to start Docker Application Container Engine.
    -- Subject: Unit docker.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit docker.service has failed.
    --
    -- The result is failed.
    Jan 02 17:46:18 systemd[1]: Unit docker.service entered failed state.
    Jan 02 17:46:18 systemd[1]: docker.service failed.
    Jan 02 17:46:21 systemd[1]: docker.service holdoff time over, scheduling restart.
    Jan 02 17:46:21 systemd[1]: Stopped Docker Application Container Engine.
    -- Subject: Unit docker.service has finished shutting down
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit docker.service has finished shutting down.
    Jan 02 17:46:21 systemd[1]: start request repeated too quickly for docker.service
    Jan 02 17:46:21 systemd[1]: Failed to start Docker Application Container Engine.
    -- Subject: Unit docker.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit docker.service has failed.
    --
    -- The result is failed.
    Jan 02 17:46:21 systemd[1]: Unit docker.service entered failed state.
    Jan 02 17:46:21 systemd[1]: docker.service failed.

rimelek · January 2, 2022, 9:37pm

Have you tried journalctl -xe too?

It is possible, but why do you think? I don’t see any error message which tells me that.

bobcdockerid · January 2, 2022, 11:02pm

Thanks @rimelek. I added JOURNAL OUTPUT. It does show that the problem is due to iptables. I’ll have to look into that, unless you know off-hand.

BTW: The reason I didn’t include JOURNAL OUTPUT originally is because when I looked at it there was nothing to do with docker. I didn’t realize journalctl only outputs the most recent activity. I re-ran systemctl, then journalctl, and there it is! Lesson to others

rimelek · January 3, 2022, 7:19am

Next time you can run journalctl -xe -u docker but in that case you won’t see other relevant error messages, so your method was better in this case

I have a VM with Centos 7 and Docker 20.10. It has an older kernel and the same iptables.

Maybe the problem is something else, like a missing or not supported kernel module: docker - can't initialize iptables table 'nat' under qemu - Server Fault

terpz · January 4, 2022, 9:10pm

you can try and run “dockerd” as root and see what error that provides, is easier some times.