Troubleshoot Docker Engine installation (2024)

Unable to connect to the Docker daemon

Cannot connect to the Docker daemon. Is 'docker daemon' running on this host?

This error may indicate:

The Docker daemon isn't running on your system. Start the daemon and tryrunning the command again.
Your Docker client is attempting to connect to a Docker daemon on a differenthost, and that host is unreachable.

To see which host your client is connecting to, check the value of theDOCKER_HOST variable in your environment.

$ env | grep DOCKER_HOST

If this command returns a value, the Docker client is set to connect to a Dockerdaemon running on that host. If it's unset, the Docker client is set to connectto the Docker daemon running on the local host. If it's set in error, use thefollowing command to unset it:

$ unset DOCKER_HOST

You may need to edit your environment in files such as ~/.bashrc or~/.profile to prevent the DOCKER_HOST variable from being set erroneously.

If DOCKER_HOST is set as intended, verify that the Docker daemon is running onthe remote host and that a firewall or network outage isn't preventing you fromconnecting.

If you manually configure your network using systemd-network with systemdversion 219 or later, Docker containers may not be able to access your network.Beginning with systemd version 220, the forwarding setting for a given network(net.ipv4.conf.<interface>.forwarding) defaults to off. This setting preventsIP forwarding. It also conflicts with Docker's behavior of enabling thenet.ipv4.conf.all.forwarding setting within containers.

To work around this on RHEL, CentOS, or Fedora, edit the <interface>.networkfile in /usr/lib/systemd/network/ on your Docker host, for example,/usr/lib/systemd/network/80-container-host0.network.

Add the following block within the [Network] section.

[Network]...IPForward=kernel# ORIPForward=true

DNS resolver issues

DNS resolver found in resolv.conf and containers can't use it

Linux desktop environments often have a network manager program running, thatuses dnsmasq to cache DNS requests by adding them to /etc/resolv.conf. Thednsmasq instance runs on a loopback address such as 127.0.0.1 or127.0.1.1. It speeds up DNS look-ups and provides DHCP services. Such aconfiguration doesn't work within a Docker container. The Docker container usesits own network namespace, and resolves loopback addresses such as 127.0.0.1to itself, and it's unlikely to be running a DNS server on its own loopbackaddress.

If Docker detects that no DNS server referenced in /etc/resolv.conf is a fullyfunctional DNS server, the following warning occurs:

WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containerscan't use it. Using default external servers : [8.8.8.8 8.8.4.4]

If you see this warning, first check to see if you use dnsmasq:

$ ps aux | grep dnsmasq

If your container needs to resolve hosts which are internal to your network, thepublic nameservers aren't adequate. You have two choices:

Specify DNS servers for Docker to use.
Turn off dnsmasq.
Turning off dnsmasq adds the IP addresses of actual DNS nameservers to/etc/resolv.conf, and you lose the benefits of dnsmasq.

You only need to use one of these methods.

The default location of the configuration file is /etc/docker/daemon.json. Youcan change the location of the configuration file using the --config-filedaemon flag. The following instruction assumes that the location of theconfiguration file is /etc/docker/daemon.json.

Create or edit the Docker daemon configuration file, which defaults to/etc/docker/daemon.json file, which controls the Docker daemonconfiguration.
$ sudo nano /etc/docker/daemon.json
Add a dns key with one or more DNS server IP addresses as values.
{ "dns": ["8.8.8.8", "8.8.4.4"]}
If the file has existing contents, you only need to add or edit the dnsline. If your internal DNS server can't resolve public IP addresses, includeat least one DNS server that can. Doing so allows you to connect to DockerHub, and your containers to resolve internet domain names.
Save and close the file.
Restart the Docker daemon.
$ sudo service docker restart
Verify that Docker can resolve external IP addresses by trying to pull animage:
$ docker pull hello-world

If necessary, verify that Docker containers can resolve an internal hostnameby pinging it.

$ docker run --rm -it alpine ping -c4 <my_internal_host>PING google.com (192.168.1.2): 56 data bytes64 bytes from 192.168.1.2: seq=0 ttl=41 time=7.597 ms64 bytes from 192.168.1.2: seq=1 ttl=41 time=7.635 ms64 bytes from 192.168.1.2: seq=2 ttl=41 time=7.660 ms64 bytes from 192.168.1.2: seq=3 ttl=41 time=7.677 ms

Turn off dnsmasq

Ubuntu

If you prefer not to change the Docker daemon's configuration to use a specificIP address, follow these instructions to turn off dnsmasq in NetworkManager.

Edit the /etc/NetworkManager/NetworkManager.conf file.
Comment out the dns=dnsmasq line by adding a # character to the beginningof the line.
```
# dns=dnsmasq
```
Save and close the file.
Restart both NetworkManager and Docker. As an alternative, you can rebootyour system.
$ sudo systemctl restart network-manager$ sudo systemctl restart docker

RHEL, CentOS, or Fedora

To turn off dnsmasq on RHEL, CentOS, or Fedora:

Turn off the dnsmasq service:

$ sudo systemctl stop dnsmasq$ sudo systemctl disable dnsmasq

Configure the DNS servers manually using theRed Hat documentation.

If you run a firewall on the same host as you run Docker, and you want to accessthe Docker Remote API from another remote host, you must configure your firewallto allow incoming connections on the Docker port. The default port is 2376 ifyou're using TLS encrypted transport, or 2375 otherwise.

Two common firewall daemons are:

Uncomplicated Firewall (UFW), oftenused for Ubuntu systems.
firewalld, often used for RPM-based systems.

Consult the documentation for your OS and firewall. The following informationmight help you get started. The settings used in this instruction arepermissive, and you may want to use a different configuration that locks yoursystem down more.

For UFW, set DEFAULT_FORWARD_POLICY="ACCEPT" in your configuration.

For firewalld, add rules similar to the following to your policy. One forincoming requests, and one for outgoing requests.

<direct> [ <rule ipv="ipv6" table="filter" chain="FORWARD_direct" priority="0"> -i zt0 -j ACCEPT </rule> ] [ <rule ipv="ipv6" table="filter" chain="FORWARD_direct" priority="0"> -o zt0 -j ACCEPT </rule> ]</direct>

Make sure that the interface names and chain names are correct.

Kernel cgroup swap limit capabilities

On Ubuntu or Debian hosts, you may see messages similar to the following whenworking with an image.

WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.

If you don't need these capabilities, you can ignore the warning.

You can turn on these capabilities on Ubuntu or Debian by following theseinstructions. Memory and swap accounting incur an overhead of about 1% of thetotal available memory and a 10% overall performance degradation, even whenDocker isn't running.

Log into the Ubuntu or Debian host as a user with sudo privileges.
Edit the /etc/default/grub file. Add or edit the GRUB_CMDLINE_LINUX lineto add the following two key-value pairs:
```
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
```
Save and close the file.
Update the GRUB boot loader.
$ sudo update-grub
An error occurs if your GRUB configuration file has incorrect syntax. In thiscase, repeat steps 2 and 3.
The changes take effect when you reboot the system.