moby: can't create unix socket /var/run/docker.sock: is a directory
Description
Steps to reproduce the issue:
- Restart Docker
Describe the results you received:
Docker can’t boot up after a restart. An error from journal:
dockerd[30701]: time="2017-01-22T08:38:55.077780858Z" level=fatal msg="can't create unix socket /var/run/docker.sock: is a directory"
At this point /var/run/docker.sock is indeed, a directory. (wut?)
$ ls -lah /var/run/docker.sock
total 0
drwxr-xr-x 2 root root 40 Jan 22 08:37 .
drwxr-xr-x 30 root root 1.2K Jan 22 08:38 ..
Describe the results you expected:
To restart Docker without an error
Additional information you deem important (e.g. issue happens only occasionally):
This happened from time to time upon restart of dockerd daemon. After I removed this directory manually, Docker boots up easily creating a socket, but after several restarts, this issue came back.
Output of docker version:
Client:
Version: 1.12.6
API version: 1.24
Go version: go1.6.4
Git commit: 78d1802
Built: Wed Jan 11 00:23:16 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Go version: go1.6.4
Git commit: 78d1802
Built: Wed Jan 11 00:23:16 2017
OS/Arch: linux/amd64
Output of docker info:
Containers: 42
Running: 20
Paused: 0
Stopped: 22
Images: 14
Server Version: 1.12.6
Storage Driver: overlay
Backing Filesystem: xfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: overlay bridge null host
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: apparmor seccomp
Kernel Version: 4.4.0-57-generic
Operating System: Ubuntu 16.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.795 GiB
Name: <node-name>
ID: <id>
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Insecure Registries:
127.0.0.0/8
Additional environment details (AWS, VirtualBox, physical, etc.):
AWS EC2 instance
About this issue
- Original URL
- State: open
- Created 7 years ago
- Reactions: 13
- Comments: 33 (11 by maintainers)
Commits related to this issue
- Don't create source directory while the daemon is being shutdown, fix #30348 If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket w... — committed to coolljt0725/docker by coolljt0725 7 years ago
- Merge pull request #33330 from coolljt0725/fix_sock_is_dir Don't create source directory while the daemon is being shutdown, fix #30348 — committed to clnperez/moby by AkihiroSuda 7 years ago
- Don't create source directory while the daemon is being shutdown, fix #30348 If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket w... — committed to seemethere/docker-ce by coolljt0725 7 years ago
- Don't create source directory while the daemon is being shutdown, fix #30348 If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket w... — committed to docker/docker-ce by coolljt0725 7 years ago
- Don't create source directory while the daemon is being shutdown If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket will not exis... — committed to liusdu/moby by coolljt0725 7 years ago
- Merge branch 'fix_sock_is_directory' into 'huawei-1.11.2' Don't create source directory while the daemon is being shutdown If a container mount the socket the daemon is listening on into contai... — committed to liusdu/moby by coolljt0725 7 years ago
- Update git submodules * Update docs/submodules/oom/offline-installer.git from branch 'master' to 05b9001fa01b3f1076a5a21f063ca40421a66333 - Merge "Improving docker restart handler" - Improving ... — committed to onap/doc by deleted user 5 years ago
- Don't create source directory while the daemon is being shutdown, fix #30348 If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket w... — committed to silvin-lubecki/docker-ce by coolljt0725 7 years ago
- Don't create source directory while the daemon is being shutdown, fix #30348 If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket w... — committed to silvin-lubecki/engine-extract by coolljt0725 7 years ago
- Don't create source directory while the daemon is being shutdown, fix #30348 If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket w... — committed to silvin-lubecki/engine-extract by coolljt0725 7 years ago
- Don't create source directory while the daemon is being shutdown, fix #30348 If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket w... — committed to silvin-lubecki/engine-extract by coolljt0725 7 years ago
- Don't create source directory while the daemon is being shutdown, fix #30348 If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket w... — committed to silvin-lubecki/engine-extract by coolljt0725 7 years ago
Hm, what happened here is that when bind-mounting files or directories from the host, the host path is automatically created by docker if it doesn’t exist (we tried deprecating that behavior, but there are many people relying on this; see https://github.com/docker/docker/pull/21666, and issues linked from that). If the path (
/var/run/docker.sockin this case) does not exist, docker assumes it must be a directory, so creates a directory/var/run/docker.sockand bind-mounts that into the container. As an alternative, you could bind-mount/var/runinto the container instead of thedocker.sock.I’m not sure though how the container / bind-mount could be created before the daemon was “up” (and the socket created).
ping @cpuguy83 any idea?
It’s a race condition. The http server is spun up separately from the daemon.
Today I figured out that I had two odd settings in my system, which I was not aware of.
The second point might contribute to the race condition. If docker.sock is enabled systemd will take care of the socket even before dockerd and any container is active. Thus, the socket is there already and there is no chance that a container creates a folder instead.
the standard service and sock files are set-up so that docker.service will get started AFTER docker.socket.
The first point was noticed as the docker.socket file pointed to /run/docker.sock, which is ok, if /var/run is just a symlink of /run. If not dockerd and all the container looking for /var/run/docker.sock (the standard path) will not find it.
I stopped all services, renamed the original folder
mv /var/run/ /var/run_delete_meand symlinkedAfter a reboot all dynamic content was placed into
/runand I could deleteNow I have no problem with the socket creation anymore at boot time. Hope this helps others as well.
I got hit with this issue while upgrading from
20.10.8to20.10.9- so during a routine update.The only container that mounted
/var/run/docker.sockwas the datadog-agent. For now I am going to remove that container again as its not worthy the trouble.Not sure how to solve this, but it seems strange that the containers in “restart-mode” would start before the docker-daemon is listening to the socket?
Maybe something can be built for docker to wait for that prior to launching containers? Or add the workaround mentioned by @stuszynski in the upstream packaging 😃
I ran into the same issue this morning.
We do have containers with
/var/run/docker.sockmounted.All I did was
service docker restartto see the following error messages in the logs.Manually removing the directory was the workaround for me.
The daemon and API are separate bits in the code; the daemon may be up, but the API not yet listening. There’s also scenarios (e.g. the
live-restoreoption) where containers can continue running during daemon restarts.The systemd socket approach (https://github.com/moby/moby/issues/30348#issuecomment-286796717) is already in use in all current versions of docker: https://github.com/docker/docker-ce-packaging/blob/a5db88ae1a64189e79d97f780f91e5c852d0ef3f/systemd/docker.service#L6-L13
The default is for the docker daemon to use
-H fd://(which is the file-descriptor of the socket that’s created by systemd before the docker service starts).There may be one fix for the systemd unit file related to this, that hasn’t shipped yet; https://github.com/docker/docker-ce-packaging/pull/575 (not sure if it addresses this particular issue, but might help)
You can’t remove those if docker is running (or containers) are running (which could be if the daemon has
live-restoreenabled. I’d also not recommend to only removethe /containerssubdirectory, because that could mean that other files inside/var/lib/dockerthat keep track of state now no longer match with what’s there.To fix the issue with
/var/run/docker.sockif you ended up in a situation where it was created as directory, first stop docker (sudo systemctl stop docker) if it’s running, thensudo rm -r/var/run/docker.sock. If you want to remove _all_ docker things (containers, images, volumes, networks, etc), you couldsudo systemctl stop docker, thensudo rm -rf /var/lib/docker`. But (as said) that removes all your docker data.I am still facing this problem, and I am surprised there seems to be no solution yet (or I could not find it). This always catches me cold after an "almost finish, quickly to a reboot"maintenance session…
Disregard my upstart init mod. After talking more about this with @thaJeztah, bad things can happen with that approach. Instead, I am going to make sure any container that needs access to the docker socket, bind-mount /var/run instead of /var/run/docker.sock.