Start docker using systemctl fail but can not find reason

The failure reason says “docker.service: Start request repeated too quickly.” I dont get this message and there is nothing else.
O/S Centos 9 stream

**base) [nonroot@localhost fbk]$ sudo systemctl start docker**
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xeu docker.service" for details.
**(base) [nonroot@localhost fbk]$ journalctl -xeu docker.service**
░░ Automatic restarting of the unit docker.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Jan 25 17:19:52 localhost.localdomain systemd[1]: Stopped Docker Application Container Engine.
░░ Subject: A stop job for unit docker.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit docker.service has finished.
░░
░░ The job identifier is 162320 and the job result is done.
Jan 25 17:19:52 localhost.localdomain systemd[1]: docker.service: Start request repeated too quickly.
Jan 25 17:19:52 localhost.localdomain systemd[1]: docker.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit docker.service has entered the 'failed' state with result 'exit-code'.
Jan 25 17:19:52 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
░░ Subject: A start job for unit docker.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit docker.service has finished with a failure.
░░
░░ The job identifier is 162320 and the job result is failed.

When you see “Start request repeated too quickly”, scroll back to earlier logs where you can see the actual rason before it started restarting too quickly because of the original problem. Could be a wrong config.

That is what i was able to, how do i scroll back? This is all i see from journal or systemctl stattus.

SEeing this during boot, not sure if this matters.

With the arrow keys :slight_smile: But if it does not allow you to go back more, ther are parameters to see odler logs. A blogpost is on the way about this, but here are some older topics:

https://forums.docker.com/search?q=%40rimelek%20%22Start%20request%20repeated%20too%20quickly%22%20order%3Alatest

I shared tips which I will also include in the blog post.

Strange, but it is not about Docker so you should find logs of the docker service.

update:

You can also stop docker, wait some minutes, start it and stop immediately so it will not restart too quickly too many times and you will see the actual error.

I THINK my system messed up, not sure what happened, possibly crit file(s) are corrupted. Reimaging. If I see docker issue, will try to extend the log. I do recall being managed to be able to see that few times in the past but not this time. I need to recall what i did. Arrows did not seem to work.

found and probably workaround-d myself, not sure if this ultimate good fix.
As a record; journal status showing following, something related to NAT:

░░ The job identifier is 43220.
Feb 06 08:09:03 localhost.localdomain dockerd[538789]: time="2025-02-06T08:09:03.041828633-08:00" level=
info msg="Starting up"
Feb 06 08:09:03 localhost.localdomain dockerd[538789]: time="2025-02-06T08:09:03.042372778-08:00" level=
info msg="OTEL tracing is not configured, using no-op tracer provider"
Feb 06 08:09:03 localhost.localdomain dockerd[538789]: time="2025-02-06T08:09:03.090190148-08:00" level=
info msg="[graphdriver] trying configured driver: overlay2"
Feb 06 08:09:03 localhost.localdomain dockerd[538789]: time="2025-02-06T08:09:03.097250900-08:00" level=
info msg="Loading containers: start."
Feb 06 08:09:03 localhost.localdomain dockerd[538789]: time="2025-02-06T08:09:03.114772971-08:00" level=
info msg="unable to detect if iptables supports xlock: 'iptables --wait -L -n': `iptables v1.8.10 (nf_ta
bles): Could not fetch rule set generation id: Invalid argument`" error="exit status 4"
Feb 06 08:09:03 localhost.localdomain dockerd[538789]: time="2025-02-06T08:09:03.150071578-08:00" level=
info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespac
e=moby
Feb 06 08:09:03 localhost.localdomain dockerd[538789]: failed to start daemon: Error initializing networ
k controller: error obtaining controller instance: failed to register "bridge" driver: failed to create
NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.10 (nf_tables): Could not fe
tch rule set generation id: Invalid argument
Feb 06 08:09:03 localhost.localdomain dockerd[538789]:  (exit status 4)

Resolved by:

sudo nano /usr/lib/systemd/system/docker.service --> in this file , add --iptables=false as below
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=false
sudo systemctl daemon-reload
sudo systemctl start docker.service

If you disable IPTables rules, you will have other issues later

https://docs.docker.com/engine/network/packet-filtering-firewalls/#prevent-docker-from-manipulating-iptables

I have the same IPTables version and it works, so maybe it is your kernel which is too old. What is the output of this command on your machine?

uname -a 

Also what does any of these commands return?

realpath /usr/sbin/iptables

or

readlink -f /usr/sbin/iptables

For example mine on an Ubuntu 24.04

/usr/sbin/xtables-nft-multi

The installer guide for Ubuntu mentions that

Docker is only compatible with iptables-nft and iptables-legacy

Sicne it is not mentioned in the guide for Centos 9 Stream, it shouldn’t be a problem, but if anything was changed on your system or broken, iptables still could be incompatible.