moby: IPv6 documentation wrong, causing Docker crash

Reposting here the following issues:

Description The IPv6 documentation on https://docs.docker.com/config/daemon/ipv6/ seems wrong, i.e. does not actually enable IPv6 and also prevents Docker from restarting.

See https://github.com/docker/distribution/issues/2526 for a description by another user ( @igarny ).

The bug seems to have been introduced by version 1.12.6 https://github.com/moby/moby/commit/5e28d20e638346897225923d86cf1b0455ace501

Steps to reproduce the issue:

  1. Install Docker from https://get.docker.com
  2. Follow the documentation https://docs.docker.com/config/daemon/ipv6/
  • i.e. create file /etc/docker/daemon.json with content { "ipv6": true }
  1. Restart Docker with sudo service docker restart

Describe the results you received: Docker fails to restart. Crash on startup.

sudo service docker start
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.

sudo systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: inactive (dead) (Result: exit-code) since tor 2018-04-26 17:18:13 CEST; 43s ago
     Docs: https://docs.docker.com
  Process: 6042 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
 Main PID: 6042 (code=exited, status=1/FAILURE)

apr 26 17:18:13 alexandre-VirtualBox systemd[1]: Failed to start Docker Application Container Engine.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Unit entered failed state.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Failed with result 'exit-code'.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Service hold-off time over, scheduling restart.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: Stopped Docker Application Container Engine.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Start request repeated too quickly.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: Failed to start Docker Application Container Engine.
apr 26 17:18:33 alexandre-VirtualBox systemd[1]: docker.service: Unit cannot be reloaded because it is inactive.
apr 26 17:18:47 alexandre-VirtualBox systemd[1]: docker.service: Start request repeated too quickly.
apr 26 17:18:47 alexandre-VirtualBox systemd[1]: Failed to start Docker Application Container Engine.

See https://github.com/docker/distribution/issues/2571#issue-313793456 for more debug information from another user ( @jean-christophe-manciot ).

Describe the results you expected: Docker restarting without crash, and IPv6 enabled.

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

Test on Virtualbox:

Client:
 Version:	18.04.0-ce
 API version:	1.37
 Go version:	go1.9.4
 Git commit:	3d479c0
 Built:	Tue Apr 10 18:20:32 2018
 OS/Arch:	linux/amd64
 Experimental:	false
 Orchestrator:	swarm

Server:
 Engine:
  Version:	18.04.0-ce
  API version:	1.37 (minimum version 1.12)
  Go version:	go1.9.4
  Git commit:	3d479c0
  Built:	Tue Apr 10 18:18:40 2018
  OS/Arch:	linux/amd64
  Experimental:	false

Test on Raspberry Pi:

Client:
 Version:       18.04.0-ce
 API version:   1.37
 Go version:    go1.9.4
 Git commit:    3d479c0
 Built: Tue Apr 10 18:25:24 2018
 OS/Arch:       linux/arm
 Experimental:  false
 Orchestrator:  swarm

Server:
 Engine:
  Version:      18.04.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   3d479c0
  Built:        Tue Apr 10 18:21:25 2018
  OS/Arch:      linux/arm
  Experimental: false

Output of docker info:

Test on Virtualbox:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 18.04.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.4.0-121-generic
Operating System: Ubuntu 16.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.859GiB
Name: alexandre-VirtualBox
ID: IP7G:KW3X:6JQM:YTQG:FKJO:6V4J:PDQQ:C4KO:KSKA:L3XP:QP3Z:WNFZ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

Additional environment details (AWS, VirtualBox, physical, etc.):

Tested on Virtualbox and on Raspberry Pi.

About this issue

  • Original URL
  • State: open
  • Created 6 years ago
  • Reactions: 39
  • Comments: 15

Commits related to this issue

Most upvoted comments

Faced the same issue. To make it work the same way as ipv4 and considering example from documentation the following helped:

/etc/docker/daemon.json:

{
      "ipv6": true,
      "fixed-cidr-v6": "2001:db8:1::/64"
}

Setup forwarding and ip -6 route

ip -6 route add 2001:db8:1::/64 dev docker0
sysctl net.ipv6.conf.default.forwarding=1
sysctl net.ipv6.conf.all.forwarding=1

enable MASQUERADE for outgoing packets: sudo ip6tables -t nat -A POSTROUTING -s 2001:db8:1::/64 -j MASQUERADE

+25
EgorDuplensky on Jul 17, 2019

Another documentation page https://docs.docker.com/v17.09/engine/userguide/networking/default_network/ipv6/ that looks better (still wrong though, because fixed-cidr-v6 seems mandatory and not optional), but not as easy to find than https://docs.docker.com/config/daemon/ipv6/

+20
Alkarex on Apr 26, 2018

May I ask whether this is an issue with the documentation or the software? We would like to just provide a IPv6 link-local address to the containers, without the fixed-cidr-v6 option, since IPv6 is currently no option for our setup. Thanks.

+10
jan-dickhut on Feb 5, 2019

Why is this documentation still there to enable ipv6 when all it does is cause the docker service to not start?

+9
miwagner1 on Mar 8, 2019

I met this issue today, workaround it successfully by changing content of /etc/docker/daemon.json from

{
      "ipv6": true
}

to

{
      "ipv6": true,
      "fixed-cidr-v6": "fe80::42:e0ff:fe36:174c/64"
}
+5
slxiao on Jul 17, 2019

Is there any workaround for this? I just need my containers to be able to access ipv6 (outgoing). I don’t need to route to my containers via ipv6 (incoming).

+5
anirbanmu on Apr 4, 2019

来信已经收到,谢谢!~   肖

+1
slxiao on Aug 16, 2022
Read more comments on GitHub
← moby: IPv6 address pool subnet smaller than /80 causes dockerd to consume all available RAM
moby: ISSUE: Can't get systemd to run with 1.11 →