Docker Community Forums

Share and learn in the Docker community.

Docker Engine and Docker Trusted Registry could not start after executing "docker daemon --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \ -H=0.0.0.0:2376" command on RHEL7


(Barczba1) #1

Hi All,

I’m new here and learning Docker since last week. I have installation of Docker engine 1.11 and I also installed Docker Trusted Registry from that link sudo bash -c “$(sudo docker run docker/trusted-registry install)” a week ago. All was working well, but I could not push and pull images from the linux console, because I had cert issue. I wanted to add a cert and followed the instruction from docker site (docs.docker.com/engine/security/https/) , but after running that command - “docker daemon --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem
-H=0.0.0.0:2376” All went down and could not start it now.

What I get after executing that command was:
[root@D-L-TOOLS d-l-tools.ocnet.local]# docker daemon --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \

-H=10.190.27.11:2376
INFO[0000] New containerd process, pid: 20540

WARN[0000] containerd: low RLIMIT_NOFILE changing to max current=1024 max=4096
WARN[0001] devmapper: Usage of loopback devices is strongly discouraged for production use. Please use --storage-opt dm.thinpooldev or use man docker to refer to dm.thinpooldev section.
WARN[0001] devmapper: Base device already exists and has filesystem xfs on it. User specified filesystem will be ignored.
INFO[0001] [graphdriver] using prior storage driver "devicemapper"
INFO[0001] Graph migration to content-addressability took 0.00 seconds
INFO[0001] Firewalld running: false
INFO[0001] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address
WARN[0001] mountpoint for pids not found
INFO[0001] Loading containers: start.
…ERRO[0002] containerd: start container error=oci runtime error: could not synchronise with container process: not a directory id=d9b99a4302c6585fbe7e004d74460e0737b5f8f4e6c5af299cc896b7c1f7a463
ERRO[0004] Failed to start container d9b99a4302c6585fbe7e004d74460e0737b5f8f4e6c5af299cc896b7c1f7a463: rpc error: code = 2 desc = "oci runtime error: could not synchronise with container process: not a directory"
ERRO[0005] containerd: start container error=oci runtime error: could not synchronise with container process: not a directory id=648cface925f981e1f1733fa8426cd670ad149075bdda7272346de0eb3246355
ERRO[0005] Failed to start container 648cface925f981e1f1733fa8426cd670ad149075bdda7272346de0eb3246355: rpc error: code = 2 desc = “oci runtime error: could not synchronise with container process: not a directory”

INFO[0005] Loading containers: done.
INFO[0005] Daemon has completed initialization
INFO[0005] Docker daemon commit=5604cbe graphdriver=devicemapper version=1.11.1
INFO[0005] API listen on 10.190.27.11:2376

When I’m doing systemctl start docker I’m getting this:

May 02 09:05:48 D-L-TOOLS.OCNET.LOCAL sudo[22198]: root : TTY=pts/2 ; PWD=/etc/docker/certs.d/d-l-tools.ocnet.local ; USER=root ; COMMAND=/bin/systemctl start docker
May 02 09:05:48 D-L-TOOLS.OCNET.LOCAL polkitd[12237]: Registered Authentication Agent for unix-process:22199:374669687 (system bus name :1.23356 [/usr/bin/pkttyagent --notify-fd 5 --fallback], obje
May 02 09:05:48 D-L-TOOLS.OCNET.LOCAL systemd[1]: docker.socket failed to listen on sockets: Address already in use
May 02 09:05:48 D-L-TOOLS.OCNET.LOCAL systemd[1]: Failed to listen on Docker Socket for the API.
– Subject: Unit docker.socket has failed
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit docker.socket has failed.

– The result is failed.
May 02 09:05:48 D-L-TOOLS.OCNET.LOCAL systemd[1]: Dependency failed for Docker Application Container Engine.
– Subject: Unit docker.service has failed
– Defined-By: systemd

– Unit docker.service has failed.

– The result is dependency.
May 02 09:05:48 D-L-TOOLS.OCNET.LOCAL systemd[1]: Job docker.service/start failed with result ‘dependency’.
May 02 09:05:48 D-L-TOOLS.OCNET.LOCAL systemd[1]: Starting Docker Socket for the API.
– Subject: Unit docker.socket has begun start-up
– Defined-By: systemd

– Unit docker.socket has begun starting up.

Seems something is blocking 2376 port, but I’ve checked firewalls and added the policies. Netstat and lsof seems do not have any other program running on that port, but telnet is refusing connection to it even on localhost.

Do you know how to make it running with certificate or how can I rollback changes (when docker isn’t running) to make it running back again? I could not erase all the stuff and start from beginning, because other people have something on simple docker engine to which I have installed Docker Trusted Registry.