Docker daemon fails with following output

[HanJoHibender]

This bug-tracker is monitored by developers and other technical types. We like detail! So please use this form and tell us, concisely but precisely, what's up. Please fill out ALL THE FIELDS!

If you have a feature request, please post to the UserVoice. If you're reporting a BSOD, don't post here! Instead, e-mail "secure@microsoft.com", and if possible attach the minidump from "C:\Windows\minidump\".

• Your Windows build number: (Type ver at a Windows Command Prompt)

• What you're doing and what's happening: (Copy&paste specific commands and their output, or include screen shots)

• What's wrong / what should be happening instead:

• Strace of the failing command, if applicable: (If <cmd> is failing, then run strace -o strace.txt -ff <cmd>, and post the strace.txt output here)

See our contributing instructions for assistance.

[HanJoHibender]

Microsoft Windows [Version 10.0.15063]

Within the Bash on Ubuntu on Windows environment I successfuly installed docker.io with apt.

Subsequently I try to activate a docker container following https://github.com/tensorflow/tensorflow/tree/master/tensorflow/examples/udacity

Thereafter I get bash telling me the docker daemon is not running. Trying to run dockerd (the daemon) result in the following output:

INFO[0000] libcontainerd: new containerd process, pid: 124
WARN[0001] Failed to configure golang's threads limit: open /proc/sys/kernel/threads-max: no such file or directory
ERRO[0001] 'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded.
INFO[0001] Graph migration to content-addressability took 0.00 seconds
WARN[0001] Your kernel does not support cgroup memory limit
WARN[0001] Unable to find cpu cgroup in mounts
WARN[0001] Unable to find blkio cgroup in mounts
WARN[0001] Unable to find cpuset cgroup in mounts
WARN[0001] mountpoint for pids not found
FATA[0001] Error starting daemon: Devices cgroup isn't mounted``

[MikeGitb]

Please fill out the issue template above (especially what version of Windows you are using and what where the exact command that failed. That being said, I believe docker is not yet supported by wsl

[tr-dev]

Are there any plans to add support for docker to wsl?

Here's my information if it can be any help.

ver - Microsoft Windows [Version 10.0.15063] strace -o strace.txt -ff service docker start - stacktace /var/log/docker.log

[fruch]

seeing the exact same issue as @HanJoHibender, I know it's not simple, but having docker run like that on windows, is a game changer. it would be amazing. (I don't have the Pro version on my home computer, and the vm based docker is a pain, and slow)

[chadacaldwell]

+1

[siddhpant]

The version of docker you're using is obsolete. It's version 1.something. The current version is 17.something. I'm having a problem with ivoke-rc.d though.

[onomatopellan]

I'm glad to say Docker daemon finally runs on WSL. I'm testing on build 17134.

The most important part is dockerd will only run on an elevated console (run as Admin) and cgroup should be always mounted before running the docker daemon.

The steps to install docker on Ubuntu Xenial are:

sudo apt install docker.io
sudo usermod -aG docker $USER

And every time you need to run the daemon, always on an elevated ubuntu.exe:

sudo cgroupfs-mount
sudo service docker start

After that I tried these and did work:

docker run --rm hello-world

docker run --rm -it alpine sh

docker run -p 8888:8888 --name tensorflow-udacity -it gcr.io/tensorflow/udacity-assignments:1.0.0

It's important to note that docker version in Xenial repositories is moby 1.13.1 which would be docker-ce 17.02. The last docker-ce version that works right now on build 17134 is 17.09.0. Anything after that fails on extracting the docker images.

Thanks to @targat1982's post on reddit

[DzeryCZ]

That's great news!

Unfortunately, docker-compose still doesn't work. I'm getting :

jerry@PC:/mnt/c/Users/jerry/projects/my-project$ docker-compose up -d
Creating network "project_project" with driver "bridge"
ERROR: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.20.0.0/16 ! -o br-9e8373fca539 -j MASQUERADE: iptables: No chain/target/match by that name.
 (exit status 1))

There is a problem with iptables which is not fully supported via WSL yet.

Please upvote here: https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/32025199-support-iptables

[stevefan1999-personal]

I tried to run a hello world example in the latest version of docker provided by Ubuntu Bionic (using lxrunoffline yes) and I strace'd the result, I have the data boiled down to the core:

...
write(2, "9bb5a5d4561a: ", 149bb5a5d4561a: )          = 14
ioctl(1, TIOCGWINSZ, {ws_row=30, ws_col=120, ws_xpixel=0, ws_ypixel=0}) = 0
write(2, "Extracting [===================="..., 79Extracting [==================================================>]     9) = 795B
futex(0xc4204d2148, FUTEX_WAKE, 1)      = 1
write(2, "\33[1B", 4)                   = 4
read(3, 0xc420084000, 4096)             = -1 EAGAIN (Resource temporarily unavailable)
futex(0x1693c08, FUTEX_WAIT, 0, NULL)   = 0
docker: failed to register layer: Error processing tar file(exit status 1): invalid argument.
See 'docker run --help'.
epoll_pwait(4,  <unfinished ...>
+++ exited with 125 +++

Perhaps it has some diagnostic?

EDIT: Nevermind, I overlooked the solution above, by completely wiping docker and install 17.09.0 did work for me.

Then I added cgroupfs-mount to ~/.bashrc. You still have to manually start docker tho, not sure why...

[onomatopellan]

@stevefan1999 Are you on build 17134? That problem was due non supported MS_SLAVE flag on mount. It was fixed in build 17666

Running docker from Bionic (docker-ce 17.12.1) on latest insider builds works but containerd-shim shows high CPU usage on idle. Probably some syscall that was stubbed but not implemented yet.

[stevefan1999-personal]

@onomatopellan Exactly! I'm not using insider build though, nor will I be tempted to, as it's too risky to take but I can tolerate manually starting docker every time I start bash (better yet I can use an alias for one character boot). I wouldn't mind waiting till November for Autumn update for a better workaround.

By the way, how do I switch another docker engine connection on my native windows? localhost:4243 is open and receiving, but docker keeps connecting to //./pipe/docker_engine, scratching my head for that...

EDIT: Setting DOCKER_HOST in environment variable, just like usual *nix setup, did work.

[onomatopellan]

@stevefan1999 Even in latest builds running Dockerd inside WSL is right now for kicks and giggles. It's just not ready for normal usage (there are some problems with overlay2 driver) and it's just for testing where is the limit. Some scenarios work surprisingly well though, like the process of compiling docker from docker-ce repo which pulls and runs debian/ubuntu containers in order to create the binaries.

[WSLUser]

@onomatopellan Can you document (in some blog or something) everything that has lit up with native Docker? Also, if there are several scenarios working then new issues should be opened for the fine-tune tweaking (such as eliminating high cpu usage) to get a fully functional docker engine in WSL. I wouldn't mind alittle more slowness compared to Windows if it was made to be not so unbearable but if not all scenarios are working yet, as you said, no point in running it other than giggles.

[stevefan1999-personal]

@DarthSpock Portainer, for example, didn't work. I don't know the exact reason but docker ps -a shows it's dead instantly.

[onomatopellan]

@DarthSpock The reddit thread already has some issues people are finding out. Since I'm not a Docker expert and I can't compare it to Docker for Windows (no Hyper-V support) I just like to follow Docker tutorials and see how far I can get in WSL on latest insider builds. So far only the tutorial for compiling Docker-ce worked for me.

I'd really love to see a fully functional docker engine in WSL. It looks like there is more work to do to fully implement iptables and cgroups. This tweet was a bit discouraging though, and It explains why sometimes the file system inside containers is erratic.

[WSLUser]

Yeah, I recently mentioned it on Twitter and got a major "we aren't supporting this, we highly advise against it" message from our former WSL PM. Still if enough of it lights up, it would only make logical sense to put on the final touches. I'm curious where the cgroup implementation is coming from though since Docker obviously isn't the use-case (that they want to admit to anyways).

As far as iptables go, yeah that would be great to have regardless of Docker. We can use it in a VM (even with Hyper-V) so WSL ought to be able to handle it but still have to wait for full-implementation.

@stevefan1999 good to know. Glad there's some people out there able to use Insiders to test this.

[stevefan1999-personal]

@DarthSpock Perhaps it is for the compliance to the Linux kernel, you know, cgroups is still in mainline after all, and that also means only a minimal viable set of functionalities are available.

Also, I didn't expect overlay(2) in WSL could be this slow, my Rock64 ARM docker host can be faster by tens of margin...

Is there something wrong in the implementation or was that the syscall was delayed in Windows kernel translation level?

But I'm more hyped to see /dev/kvm someday🙃

[therealkenc]

I'm curious where the cgroup implementation is coming from though since Docker obviously isn't the use-case (that they want to admit to anyways).

Control groups are used extensively by a very large, popular, and highly requested package that doesn't run (well) in WSL right now. You could... almost... call it the number 1 application.

[bmayen]

What is "chrome"?

[WSLUser]

What is "chrome"?

I don't think that's it. Would that be snap by any chance? Otherwise, not entirely sure.

[Rondom]

Systemd is PID1. Right now WSL uses a closed-source custom init due to that.

[onomatopellan]

Build 17723 fixes the high CPU usage problem I had with latest Docker-ce probably because of #3276. Now every docker-ce version out there runs well on WSL and I'd even say in a more stable manner.

[zz80]

I have this error: sudo docker run hello-world docker: failed to register layer: Error processing tar file(exit status 1): invalid argument.

root@DESKTOP-QCFF5NJ:~# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 17.12.1-ce Storage Driver: overlay2 Backing Filesystem: Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 9b55aab90508bd389d7654c4baf173a981477d55 runc version: 9f9c96235cc97674e935002fc3d78361b696a69e init version: v0.13.0 (expected: 949e6facb77383876aeff8a6944dde66b3089574) Kernel Version: 4.4.0-17134-Microsoft Operating System: Ubuntu 18.04.1 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 7.863GiB Name: DESKTOP-QCFF5NJ ID: R2BY:OOEG:SKAT:AWS2:5V5B:UIYU:XWZM:63N6:355T:77B4:VQ4D:2SX5 Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

WARNING: No memory limit support WARNING: No swap limit support WARNING: No kernel memory limit support WARNING: No oom kill disable support WARNING: No cpu cfs quota support WARNING: No cpu cfs period support WARNING: No cpu shares support WARNING: No cpuset support

[onomatopellan]

@zz80 As I said earlier in this thread.

It's important to note that docker version in Xenial repositories is moby 1.13.1 which would be docker-ce 17.02. The last docker-ce version that works right now on build 17134 is 17.09.0. Anything after that fails on extracting the docker images.

Install docker-ce 17.09.0 OR Install latest Windows Insider build OR wait for next feature Update in September.

[ctaggart]

Hi @onomatopellan, I'm really looking forward to the feature update in September. For now, I followed the install docs and installed that specific docker-ce version:

sudo apt-get install docker-ce=17.09.0~ce-0~ubuntu

You mentioned this earlier:

And every time you need to run the daemon, always on an elevated ubuntu.exe:

sudo cgroupfs-mount
sudo service docker start

I get an error when I run it:

$ sudo /usr/bin/cgroupfs-mount
mount: unknown filesystem type 'cgroup'

I'm a little confused what that means, but I'm googling...

[onomatopellan]

@ctaggart Hi, what's your Windows build version and which Ubuntu version are you running on WSL?

[ctaggart]

@onomatopellan, sorry, I should have provided that. Here it is:

PS C:\Users\taggac> cmd /c ver

Microsoft Windows [Version 10.0.15063]
PS C:\Users\taggac> bash
cameron@USENTAGGACL1C:/mnt/c/Users/taggac$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenial

[onomatopellan]

@ctaggart Thanks. Yep, build 15063 (Creators Update) is too old. Docker engine didn't start working until build 17134 (April 2018 Update).

[ctaggart]

@onomatopellan Thank you. That makes sense. I didn't realize this laptop was locked in on an older version. I'm sad that I can't change it.

[jgoux]

@onomatopellan

Install docker-ce 17.09.0 OR Install latest Windows Insider build OR wait for next feature Update in September.

I'm on the latest insider release (17730) with docker-ce 18.06.0-ce. When I run the daemon with the elevated terminal, it says that docker is started, but if I verify the service status it's on stop.

sudo cgroupfs-mount
sudo service docker start
 * Starting Docker: docker                                                               [ OK ]
docker run --rm hello-world
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
sudo service docker status
 * Docker is not running

Any idea? I feel I'm close 😄

[fg-dev]

@jgoux read carefully the comment https://github.com/Microsoft/WSL/issues/2291#issuecomment-383698720 The last docker-ce version that works right now on WSL is 17.09.0

[onomatopellan]

@jgoux I just tested build 17733 and it works. It seems in your case the Docker daemon is never launched. Instead of sudo service docker start use sudo dockerd -D to see what's happening. Latest line should be API listen on /var/run/docker.sock

@fg-dev The 17.09.0 limit is only for build 17134. I'll update my post so no more people gets confused.

[jgoux]

@onomatopellan Thanks for your help! My issue is now solved!

I got this error :

Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)

I tried following this : https://github.com/docker/for-linux/issues/123#issuecomment-346546953 but when I enter the commands using sudo I got this error : RTNETLINK answers: Permission denied

The solution was to run the sudo service docker start inside a bash terminal elevated as admin (windows side)! 👍

EDIT : Too bad my next step was to use docker-compose! 😢 I hit this exact problem : https://github.com/Microsoft/WSL/issues/2291#issuecomment-396570242

[Alphapage]

Docker on wsl is working great for hello-world example. But I tried to build a nodejs dockerfile and I can't install any packages because I don't have internet access from inside the container during build. I think I probably missed something because I have internet access from wsl. Thank you in advance for your help.

[nicolas-albert]

Hi, I also try to get docker inside WSL. I have Windows 10 - 1803 / 17134.345 and a fresh Ubuntu 18.04 installed. I have added docker-ce repository and installed the default (latest) version :

$ docker --version
Docker version 18.09.0, build 4d60db4

But the service doesn't start (see in docker.log) :

time="2018-11-13T11:38:29.077042500+01:00" level=warning msg="Your kernel does not support cgroup memory limit"
time="2018-11-13T11:38:29.077067400+01:00" level=warning msg="Unable to find cpu cgroup in mounts"
time="2018-11-13T11:38:29.077084000+01:00" level=warning msg="Unable to find blkio cgroup in mounts"
time="2018-11-13T11:38:29.077099000+01:00" level=warning msg="Unable to find cpuset cgroup in mounts"
time="2018-11-13T11:38:29.077148400+01:00" level=warning msg="mountpoint for pids not found"
time="2018-11-13T11:38:29.096337700+01:00" level=warning msg="Running modprobe nf_nat failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17134-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.4.0-17134-Microsoft`, error: exit status 1"
time="2018-11-13T11:38:29.116342900+01:00" level=warning msg="Running modprobe xt_conntrack failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-17134-Microsoft/modules.dep.bin'\nmodprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.4.0-17134-Microsoft`, error: exit status 1"
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)
time="2018-11-13T11:46:13.667046400+01:00" level=warning msg="Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior" dir=/var/lib/docker error="could not setup daemon root propagation to shared: invalid argument"

I hope their will be a true support in WSL one day :)

[tara-raj]

Thanks for starting this thread. WSL PM here. As mentioned in the above comment, we have improved Docker support in recent builds of WSL. Most (if not all) versions of docker-ce work with WSL. We're working on a large set of changes for WSL currently. As part of those changes, we are looking at adding native Docker support in WSL. I will add to this thread and other issues on Docker support when I have additional updates to share

[fedme]

We are looking at adding native Docker support in WSL.

This is amazing! The absence of a native Linux docker is the only thing stopping many of us from developing on Windows.

Please also consider supporting docker-compose, which requires iptables from what I read.

[aghArdeshir]

Thanks @onomatopellan . Could you please edit your post, making the part The most important part is dockerd will only run on an elevated console (run as Admin) as bold, or any other way that can be more eye-catching

thanks

[miszyman]

@tara-raj is there any rough timeline for this that you could share? I would like to know whether we are talking about weeks, months or years from now:)

[Almenon]

@onomatopellan @jgoux I feel like this is a stupid question .... but how do you run WSL as admin? When I try running it as admin it thinks I don't have any distribution installed and tries to install a distribution (I installed ubuntu under my non-admin account). Is there a way to access my non-admin ubuntu instance from the admin user?

Also when I try right clicking bash in the start menu there is no run as admin option.

https://puu.sh/Cqqav/17cf77cd89.png

And control-shift results in this error:

C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuOnWindows_1804.2018.817....\ubuntu.exe

The request is not supported.

[WSLUser]

@Almenon If they are 2 different accounts then you'll need to install on your admin account. Distro's are installed on a per user basis, not per computer. Also, you can do runas admin in PS or CMD and type in the distro name. For example, wsl.exe or wlinux.exe. The elevated state will remain but will still require sudo for some things.

[sunnychanwork]

What is the reason behind having to run the WSL as admin as a prerequisite for running Docker? In enterprise environment this is normally not possible and if we can do away with it, it would be good.

[lygstate]

@tara-raj Docker works on WSL fine for me, be I have a problem when running nodejs in multiarch/debian-debootstrap:armhf-stretch, this is an armhf docker that running with qemu-arm-static. And this works fine if I was running it in VMware guest that running on Win10. My version is Win10 1809 Update.

[berknam]

@onomatopellan @jgoux I'm not able to start the docker daemon. It keeps giving me this error: Error starting daemon: Error initializing network controller: Error creating default "bridge" network: Failed to Setup IP tables: Unable to enable NAT rule: (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.18.0.0/16 ! -o docker0 -j MASQUERADE: iptables: Invalid argument. Run 'dmesg' for more information. (exit status 1))

I'm on an elevated console, I tried the latest docker-ce version and the version 17.09.0 and always get that error.

My system: Microsoft Windows [Version 10.0.17763.253] Ubuntu 18.04.1 LTS

Can anyone give me some help?

EDIT: After a complete restart of the system it started working, I tried restarting the lxssManager service, but apparently it wasn't enough. (Might be the first time WindowsUpdate automatically restarting actually helped me 😄)

[Downchuck]

Got dockerd started up with the cgroups mount but run is failing:

Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Extracting [==================================================>]     977B/977B
docker: failed to register layer: Error processing tar file(exit status 1): invalid argument.

[nicolas-albert]

@Downchuck you have to install docker 17.09.0 in order to work (got the same error before).

But with the 17.09.0, I failed to launch a tomcat based image, like if docker freeze WSL : no response, cannot break, even in a new terminal.

[Downchuck]

@nicolas-albert @tara-raj suggested that docker-ce should work in current versions.

[Jurigag]

Any news about docker-compose? Is it working on latest builds?

[PetarKirov]

On Ubuntu 18.04.2 on Windows 10 1809 17763.316, I was only able to get 18.03.1-ce 9ee9f40 version working, docker 18.09 didn't work. By using the official install install script for docker, version 17.09 is no longer available.

[huan086]

To add to @ZombineDev

Docker 18.06.3 and 18.09.2 results in errors like the following docker: Error response from daemon: transport is closing: unavailable.

docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:301: running exec setns process for init caused \"exit status 23\"": unknown.