Docker start Service error after fresh configuration on centos7

  • Unit docker.service has begun starting up.
    Feb 04 02:04:41 secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.353355443-07:00” level=info msg=“parsed scheme: “unix”” module=grpc
    Feb 04 02:04:41 secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.353450239-07:00” level=info msg=“scheme “unix” not registered, fallback to default scheme” module=grpc
    Feb 04 02:04:41 secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.353533564-07:00” level=info msg=“parsed scheme: “unix”” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.353542770-07:00” level=info msg=“scheme “unix” not registered, fallback to default scheme” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.356233279-07:00” level=info msg=“ccResolverWrapper: sending new addresses to cc: [{unix:///run/containerd/containerd.sock 0 }]” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.356284889-07:00” level=info msg=“ClientConn switching balancer to “pick_first”” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.356363360-07:00” level=info msg=“pickfirstBalancer: HandleSubConnStateChange: 0xc420044320, CONNECTING” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.356717428-07:00” level=info msg=“pickfirstBalancer: HandleSubConnStateChange: 0xc420044320, READY” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.360445569-07:00” level=info msg=“ccResolverWrapper: sending new addresses to cc: [{unix:///run/containerd/containerd.sock 0 }]” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.360465141-07:00” level=info msg=“ClientConn switching balancer to “pick_first”” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.360495326-07:00” level=info msg=“pickfirstBalancer: HandleSubConnStateChange: 0xc420044610, CONNECTING” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.360660766-07:00” level=info msg=“pickfirstBalancer: HandleSubConnStateChange: 0xc420044610, READY” module=grpc
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.366517554-07:00” level=info msg="[graphdriver] using prior storage driver: overlay2"
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.369757305-07:00” level=info msg=“Graph migration to content-addressability took 0.00 seconds”
    Feb 04 02:04:41 s148-72-210-154.secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.370808203-07:00” level=info msg=“Loading containers: start.”
    Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION’ failed: iptables v1.4.21: Couldn’t load target `DOCKER-ISOLATION’:No such file or directory

                                                                Try `iptables -h' or 'iptables --help' for more information.
    

Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t nat -D PREROUTING’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t nat -D OUTPUT’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -X DOCKER’ failed: iptables: Too many links.
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -X DOCKER-ISOLATION-STAGE-1’ failed: iptables: Too many links.
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -F DOCKER-ISOLATION’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -X DOCKER-ISOLATION’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t nat -n -L DOCKER’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -n -L DOCKER-ISOLATION-STAGE-2’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C DOCKER-ISOLATION-STAGE-1 -j RETURN’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41 s148-72-210-154.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C DOCKER-ISOLATION-STAGE-2 -j RETURN’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t nat -C DOCKER -i docker0 -j RETURN’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41.secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t nat -C PREROUTING -m addrtype --dst-type LOCAL -j DOCKER’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --dst 127.0.0.0/8’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41 secureservernet dockerd[17446]: time=“2019-02-04T02:04:41.864420834-07:00” level=info msg=“Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address”
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t nat -C POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t nat -C DOCKER -i docker0 -j RETURN’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C FORWARD -i docker0 -o docker0 -j ACCEPT’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C FORWARD -i docker0 ! -o docker0 -j ACCEPT’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -j DOCKER’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:41 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:42 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2’ failed: iptables: No chain/target/match by that name.
Feb 04 02:04:42 secureservernet firewalld[2589]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w2 -t filter -C DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP’ failed: iptables: Bad rule (does a matching rule exist in that chain?).
Feb 04 02:04:42 secureservernet dockerd[17446]: time=“2019-02-04T02:04:42.059637851-07:00” level=info msg=“Loading containers: done.”
Feb 04 02:04:42 secureservernet dockerd[17446]: time=“2019-02-04T02:04:42.095328886-07:00” level=info msg=“Docker daemon” commit=4c52b90 graphdriver(s)=overlay2 version=18.09.1
Feb 04 02:04:42 secureservernet dockerd[17446]: time=“2019-02-04T02:04:42.095446665-07:00” level=info msg=“Daemon has completed initialization”
Feb 04 02:04:42 secureservernet dockerd[17446]: time=“2019-02-04T02:04:42.103255110-07:00” level=info msg=“API listen on /var/run/docker.sock”
Feb 04 02:04:42 secureservernet configure-snat[17579]: mount: /dev/sr0 is write-protected, mounting read-only
Feb 04 02:04:42 secureservernet kernel: ISO 9660 Extensions: Microsoft Joliet Level 3
Feb 04 02:04:42 secureservernet kernel: ISO 9660 Extensions: RRIP_1991A
Feb 04 02:04:42 .secureservernet configure-snat[17579]: + iptables -t nat -D POSTROUTING -s 172.17.0.1/16 ‘!’ -o docker0 -j SNAT --to
Feb 04 02:04:42secureservernet configure-snat[17579]: iptables v1.4.21: option “–to” requires an argument
Feb 04 02:04:42 secureservernet configure-snat[17579]: Try iptables -h' or 'iptables --help' for more information. Feb 04 02:04:42 secureservernet configure-snat[17579]: + iptables -t nat -I POSTROUTING -s 172.17.0.1/16 '!' -o docker0 -j SNAT --to Feb 04 02:04:42 configure-snat[17579]: iptables v1.4.21: option "--to" requires an argument Feb 04 02:04:42 configure-snat[17579]: Tryiptables -h’ or ‘iptables --help’ for more information.
Feb 04 02:04:42 systemd[1]: docker.service: control process exited, code=exited status=2
Feb 04 02:04:42 dockerd[17446]: time=“2019-02-04T02:04:42.235573399-07:00” level=info msg=“Processing signal ‘terminated’”
Feb 04 02:04:42 systemd[1]: Failed to start Docker Application Container Engine.
– Subject: Unit docker.service has failed
– Defined-By: systemd
– Support: –
– Unit docker.service has failed.

– The result is failed.
Feb 04 02:04:42.secureserver.net systemd[1]: Unit docker.service entered failed state.
Feb 04 02:04:42.secureserver.net systemd[1]: docker.service failed.

What version of Docker did you install and how did you install it?

Dear Gary,

docker version is 18.09 and installation command is “$ curl -fsSL https://get.docker.com/ | sh”

and pl find the docker info details

[spade@s ~]$ docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.09.1
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 96ec2177ae841256168fcf76954f7177af9446eb
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.1.3.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.701GiB
Name: secureservernet
ID: SNM5:P3YZ:G4HQ:F7WU:SZ2C:YDNA:2DMH:WM64:VIIT:LCNH:OGP4:4M2E
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

I ran a docker system info on my CentOS server and my output is identical to yours, including the Linux Kernel version. What version of CentOS are you running and what are the package versions for firewalld and iptables on your system? I’m thinking maybe you need to update some packages on your machine.

Here’s what I have:

🐳  root@172.28.128.13:[~] # cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
🐳  root@172.28.128.13:[~] # yum list installed | grep firewalld
firewalld.noarch                0.5.3-5.el7                     @base
firewalld-filesystem.noarch     0.5.3-5.el7                     @base
🐳  root@172.28.128.13:[~] # yum list installed | grep iptables
iptables.x86_64                 1.4.21-28.el7                   @base

This is the details of our system.

[spade@s148-72-210-154 ~]$ cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)

[spade@s148-72-210-154 ~]$ yum list installed | grep firewalld
firewalld.noarch 0.5.3-5.el7 @base
firewalld-filesystem.noarch 0.5.3-5.el7 @base

[spade@s148-72-210-154 ~]$ yum list installed | grep iptables
iptables.x86_64 1.4.21-28.el7 @base

I have encountered the same issue. Has anyone fixed it?

Nov 02 11:19:10 xxx systemd[1]: Starting Docker Application Container Engine…
Nov 02 11:19:10 xxx dockerd[1059]: time=“2019-11-02T11:19:10.878296526Z” level=info msg=“Starting up”
Nov 02 11:19:10 xxx dockerd[1059]: time=“2019-11-02T11:19:10.930469940Z” level=info msg=“parsed scheme: “unix”” module=grpc
Nov 02 11:19:10 xxx dockerd[1059]: time=“2019-11-02T11:19:10.930539797Z” level=info msg=“scheme “unix” not registered, fallback to default scheme” module=grpc
Nov 02 11:19:10 xxx dockerd[1059]: time=“2019-11-02T11:19:10.930596542Z” level=info msg=“ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock 0 }] }” module=grpc
Nov 02 11:19:10 xxx dockerd[1059]: time=“2019-11-02T11:19:10.930621923Z” level=info msg=“ClientConn switching balancer to “pick_first”” module=grpc
Nov 02 11:19:10 xxx dockerd[1059]: time=“2019-11-02T11:19:10.981128356Z” level=info msg=“parsed scheme: “unix”” module=grpc
Nov 02 11:19:10 xxx dockerd[1059]: time=“2019-11-02T11:19:10.981167718Z” level=info msg=“scheme “unix” not registered, fallback to default scheme” module=grpc
Nov 02 11:19:10 xxx dockerd[1059]: time=“2019-11-02T11:19:10.981190341Z” level=info msg=“ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock 0 }] }” module=grpc
Nov 02 11:19:10 xxx dockerd[1059]: time=“2019-11-02T11:19:10.981202686Z” level=info msg=“ClientConn switching balancer to “pick_first”” module=grpc
Nov 02 11:19:11 xxx dockerd[1059]: time=“2019-11-02T11:19:11.074191900Z” level=info msg="[graphdriver] using prior storage driver: overlay2"
Nov 02 11:19:11 xxx dockerd[1059]: time=“2019-11-02T11:19:11.157844953Z” level=info msg=“Loading containers: start.”
Nov 02 11:19:12 xxx dockerd[1059]: time=“2019-11-02T11:19:12.159329593Z” level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred Nov 02 11:19:12 xxx dockerd[1059]: time=“2019-11-02T11:19:12.297096462Z” level=info msg=“Loading containers: done.”
Nov 02 11:19:12 xxx dockerd[1059]: time=“2019-11-02T11:19:12.646584626Z” level=info msg=“Docker daemon” commit=9013bf583a graphdriver(s)=overlay2 version=19.03.4
Nov 02 11:19:12 xxx dockerd[1059]: time=“2019-11-02T11:19:12.646760510Z” level=info msg=“Daemon has completed initialization”
Nov 02 11:19:12 xxx dockerd[1059]: time=“2019-11-02T11:19:12.848425893Z” level=info msg=“API listen on /var/run/docker.sock”
Nov 02 11:19:12 xxx configure-snat[1517]: mount: /dev/sr0 is write-protected, mounting read-only
Nov 02 11:19:13 xxx configure-snat[1517]: + iptables -t nat -D POSTROUTING -s 172.17.0.1/16 ‘!’ -o docker0 -j SNAT --to
Nov 02 11:19:13 xxx configure-snat[1517]: iptables v1.4.21: option “–to” requires an argument
Nov 02 11:19:13 xxx configure-snat[1517]: Try iptables -h' or 'iptables --help' for more information. Nov 02 11:19:13 xxx configure-snat[1517]: + iptables -t nat -I POSTROUTING -s 172.17.0.1/16 '!' -o docker0 -j SNAT --to Nov 02 11:19:13 xxx configure-snat[1517]: iptables v1.4.21: option "--to" requires an argument Nov 02 11:19:13 xxx configure-snat[1517]: Try iptables -h’ or ‘iptables --help’ for more information.
Nov 02 11:19:13 xxx systemd[1]: docker.service: control process exited, code=exited status=2
Nov 02 11:19:13 xxx dockerd[1059]: time=“2019-11-02T11:19:13.296514020Z” level=info msg=“Processing signal ‘terminated’”
Nov 02 11:19:13 xxx dockerd[1059]: time=“2019-11-02T11:19:13.297279527Z” level=info msg=“Daemon shutdown complete”
Nov 02 11:19:13 xxx systemd[1]: Failed to start Docker Application Container Engine.
Nov 02 11:19:13 xxx systemd[1]: Unit docker.service entered failed state.
Nov 02 11:19:13 xxx systemd[1]: docker.service failed.
Nov 02 11:19:15 xxx systemd[1]: docker.service holdoff time over, scheduling restart.
Nov 02 11:19:15 xxx systemd[1]: Stopped Docker Application Container Engine.
Nov 02 11:19:15 xxx systemd[1]: Starting Docker Application Container Engine…