Unable to start Docker service on RHEL 7.1 after upgrade from RHEL 7.0
Environment
- Red Hat Enterprise Linux (RHEL) 7.1
Issue
- The docker service enters
failedstate after upgrading to RHEL 7.1. It was running fine on RHEL 7.0. - The journal shows the following error when trying to start docker:
Mar 11 17:21:01 rhel7 systemd[1]: Starting Docker Application Container Engine...
Mar 11 17:21:01 rhel7 docker[948]: Warning: '-r' is deprecated, it will be removed soon. See usage.
Mar 11 17:21:01 rhel7 docker[948]: time="2015-03-11T17:21:01+01:00" level="info" msg="+job serveapi(fd://)"
Mar 11 17:21:01 rhel7 docker[948]: time="2015-03-11T17:21:01+01:00" level="info" msg="Listening for HTTP on fd ()"
Mar 11 17:21:01 rhel7 docker[948]: No sockets found
Mar 11 17:21:01 rhel7 docker[948]: time="2015-03-11T17:21:01+01:00" level="info" msg="-job serveapi(fd://) = ERR (1)"
Mar 11 17:21:01 rhel7 docker[948]: time="2015-03-11T17:21:01+01:00" level="fatal" msg="No sockets found"
Mar 11 17:21:01 rhel7 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 11 17:21:01 rhel7 systemd[1]: Failed to start Docker Application Container Engine.
Mar 11 17:21:01 rhel7 systemd[1]: Unit docker.service entered failed state.
Resolution
- Check
/etc/sysconfig/dockerfor the following line:
OPTIONS=--selinux-enabled -H fd://
- Remove the flag
-H fd://
OPTIONS=--selinux-enabled
- Also check the differences from
/etc/sysconfig/docker.rpmnewas they provide some additional security settings. - Restart the
dockerservice
# systemctl restart docker
Root Cause
- As docker has been secured by disabling systemd-sockets, the option
-H fd://to connect to the local socket will no longer work - The update does not overwrite the
/etc/sysconfig/dockerfile to reflect these changes, in case docker has been used already. A file/etc/sysconfig/docker.rpmnewis created instead.
Diagnostic Steps
- After upgrading to RHEL 7 check that docker has not been started:
[root@rhel7 ~]# systemctl status docker
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled)
Active: failed (Result: exit-code) since Wed 2015-03-11 17:09:56 CET; 3min 27s ago
Docs: http://docs.docker.com
Process: 946 ExecStart=/usr/bin/docker -d $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY (code=exited, status=1/FAILURE)
Main PID: 946 (code=exited, status=1/FAILURE)
CGroup: /system.slice/docker.service
Mar 11 17:09:56 rhel7 docker[946]: Warning: '-r' is deprecated, it will be removed soon. See usage.
Mar 11 17:09:56 rhel7 docker[946]: time="2015-03-11T17:09:56+01:00" level="info" msg="+job serveapi(fd://)"
Mar 11 17:09:56 rhel7 docker[946]: time="2015-03-11T17:09:56+01:00" level="info" msg="Listening for HTTP on fd ()"
Mar 11 17:09:56 rhel7 docker[946]: No sockets found
Mar 11 17:09:56 rhel7 docker[946]: time="2015-03-11T17:09:56+01:00" level="info" msg="-job serveapi(fd://) = ERR (1)"
Mar 11 17:09:56 rhel7 docker[946]: time="2015-03-11T17:09:56+01:00" level="fatal" msg="No sockets found"
Mar 11 17:09:56 rhel7 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 11 17:09:56 rhel7 systemd[1]: Failed to start Docker Application Container Engine.
Mar 11 17:09:56 rhel7 systemd[1]: Unit docker.service entered failed state.
[root@rhel7 ~]# journalctl -xn
-- Logs begin at Mon 2014-11-17 13:17:38 CET, end at Wed 2015-03-11 17:13:39 CET. --
Mar 11 17:13:39 rhel7 systemd[1]: Starting Docker Application Container Engine...
-- Subject: Unit docker.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has begun starting up.
Mar 11 17:13:39 rhel7 docker[12434]: Warning: '-r' is deprecated, it will be removed soon. See usage.
Mar 11 17:13:39 rhel7 docker[12434]: time="2015-03-11T17:13:39+01:00" level="info" msg="+job serveapi(fd://)"
Mar 11 17:13:39 rhel7 docker[12434]: time="2015-03-11T17:13:39+01:00" level="info" msg="Listening for HTTP on fd ()"
Mar 11 17:13:39 rhel7 docker[12434]: No sockets found
Mar 11 17:13:39 rhel7 docker[12434]: time="2015-03-11T17:13:39+01:00" level="info" msg="-job serveapi(fd://) = ERR (1)"
Mar 11 17:13:39 rhel7 docker[12434]: time="2015-03-11T17:13:39+01:00" level="fatal" msg="No sockets found"
Mar 11 17:13:39 rhel7 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 11 17:13:39 rhel7 systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is failed.
Mar 11 17:13:39 rhel7 systemd[1]: Unit docker.service entered failed state.
[root@rhel7 ~]#
- Check journalctl for more details:
[root@rhel7 ~]# journalctl -u docker
-- Logs begin at Mon 2014-11-17 13:17:38 CET, end at Wed 2015-03-11 17:48:09 CET. --
Mar 11 17:09:55 rhel7 systemd[1]: Starting Docker Application Container Engine...
Mar 11 17:09:56 rhel7 docker[946]: Warning: '-r' is deprecated, it will be removed soon. See usage.
Mar 11 17:09:56 rhel7 docker[946]: time="2015-03-11T17:09:56+01:00" level="info" msg="+job serveapi(fd://)"
Mar 11 17:09:56 rhel7 docker[946]: time="2015-03-11T17:09:56+01:00" level="info" msg="Listening for HTTP on fd ()"
Mar 11 17:09:56 rhel7 docker[946]: No sockets found
Mar 11 17:09:56 rhel7 docker[946]: time="2015-03-11T17:09:56+01:00" level="info" msg="-job serveapi(fd://) = ERR (1)"
Mar 11 17:09:56 rhel7 docker[946]: time="2015-03-11T17:09:56+01:00" level="fatal" msg="No sockets found"
Mar 11 17:09:56 rhel7 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 11 17:09:56 rhel7 systemd[1]: Failed to start Docker Application Container Engine.
Mar 11 17:09:56 rhel7 systemd[1]: Unit docker.service entered failed state.
Mar 11 17:13:39 rhel7 systemd[1]: Starting Docker Application Container Engine...
Mar 11 17:13:39 rhel7 docker[12434]: Warning: '-r' is deprecated, it will be removed soon. See usage.
Mar 11 17:13:39 rhel7 docker[12434]: time="2015-03-11T17:13:39+01:00" level="info" msg="+job serveapi(fd://)"
Mar 11 17:13:39 rhel7 docker[12434]: time="2015-03-11T17:13:39+01:00" level="info" msg="Listening for HTTP on fd ()"
Mar 11 17:13:39 rhel7 docker[12434]: No sockets found
Mar 11 17:13:39 rhel7 docker[12434]: time="2015-03-11T17:13:39+01:00" level="info" msg="-job serveapi(fd://) = ERR (1)"
Mar 11 17:13:39 rhel7 docker[12434]: time="2015-03-11T17:13:39+01:00" level="fatal" msg="No sockets found"
Mar 11 17:13:39 rhel7 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 11 17:13:39 rhel7 systemd[1]: Failed to start Docker Application Container Engine.
Mar 11 17:13:39 rhel7 systemd[1]: Unit docker.service entered failed state.
- If something like the following lines are observed, ypu should change your
/etc/sysconfig/dockerfile accordingly:
Mar 11 17:21:01 rhel7 systemd[1]: Starting Docker Application Container Engine...
Mar 11 17:21:01 rhel7 docker[948]: time="2015-03-11T17:21:01+01:00" level="info" msg="+job serveapi(fd://)"
Mar 11 17:21:01 rhel7 docker[948]: time="2015-03-11T17:21:01+01:00" level="info" msg="Listening for HTTP on fd ()"
Mar 11 17:21:01 rhel7 docker[948]: No sockets found
Mar 11 17:21:01 rhel7 docker[948]: time="2015-03-11T17:21:01+01:00" level="info" msg="-job serveapi(fd://) = ERR (1)"
Mar 11 17:21:01 rhel7 docker[948]: time="2015-03-11T17:21:01+01:00" level="fatal" msg="No sockets found"
Mar 11 17:21:01 rhel7 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 11 17:21:01 rhel7 systemd[1]: Failed to start Docker Application Container Engine.
Mar 11 17:21:01 rhel7 systemd[1]: Unit docker.service entered failed state.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments