dockerd: failed to start daemon: Devices cgroup isn't mounted

[lyndalopez544]

Description

The problematic part of dockerd's output:

 
WARN[2019-09-24T16:38:43.968826308Z] Your kernel does not support cgroup memory limit 
WARN[2019-09-24T16:38:43.968902465Z] Unable to find cpu cgroup in mounts          
WARN[2019-09-24T16:38:43.968935049Z] Unable to find blkio cgroup in mounts        
WARN[2019-09-24T16:38:43.969017890Z] Unable to find cpuset cgroup in mounts       
WARN[2019-09-24T16:38:43.969031008Z] mountpoint for pids not found                
failed to start daemon: Devices cgroup isn't mounted

Output of cgroupfs-mount:

mount: /sys/fs/cgroup/cpu: cgroup already mounted on /sys/fs/cgroup/cpuset.
mount: /sys/fs/cgroup/blkio: cgroup already mounted on /sys/fs/cgroup/cpuset.
mount: /sys/fs/cgroup/memory: cgroup already mounted on /sys/fs/cgroup/cpuset.
mount: /sys/fs/cgroup/pids: cgroup already mounted on /sys/fs/cgroup/cpuset.

Output of docker version:

Client: Docker Engine - Community
Version:           19.03.2
API version:       1.40
Go version:        go1.12.8
Git commit:        6a30dfc
Built:             Thu Aug 29 05:29:29 2019
OS/Arch:           linux/amd64
Experimental:      false
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Output of docker info:

Client:
 Debug Mode: false

Server:
ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
errors pretty printing info

Running physically on Debian 10 with kernel 5.3.0-rc5-amd64

[Swiftyhu]

I have the same issue.
However I found a workaround:

service docker stop
service containerd stop
cgroupfs-umount
cgroupfs-mount
service containerd start
service docker start

Sysinfo:

Linux vr 5.2.0-2-amd64 #1 SMP Debian 5.2.9-2 (2019-08-21) x86_64 GNU/Linux
cgroupfs-mount ver 1.4

containerd --version

containerd containerd.io 1.2.6 894b81a4b802e4eb2a91d1ce216b8817763c29fb

docker version

Client: Docker Engine - Community
 Version:           19.03.2
 API version:       1.40
 Go version:        go1.12.8
 Git commit:        6a30dfca03
 Built:             Thu Aug 29 05:29:49 2019
 OS/Arch:           linux/amd64
 Experimental:      false

[Swiftyhu]

Found the "bug"...

I forgot to mention in my previous comment that I use(d) systemd version 243.
With systemd 242 works everything flawlessly... :)

From the systemd changelog:

        * systemd now defaults to the "unified" cgroup hierarchy setup during
          build-time, i.e. -Ddefault-hierarchy=unified is now the build-time
          default. Previously, -Ddefault-hierarchy=hybrid was the default. This
          change reflects the fact that cgroupsv2 support has matured
          substantially in both systemd and in the kernel, and is clearly the
          way forward. Downstream production distributions might want to
          continue to use -Ddefault-hierarchy=hybrid (or even =legacy) for
          their builds as unfortunately the popular container managers have not
          caught up with the kernel API changes.

Sooo... Houston, we have a problem:

1. systemd will (or already did) jump on the cgroupsv2 bandwagon...
2. cgroupfs-mount tools does not work with newer systemd setups.

"Same" issue in kubernetes

[kj54321]

Hi All,

 Seems issue still persist on latest Fedora 31, even with adding extra command  

--exec-opt native.cgroupdriver=systemd

And per upstream workaround, which works temporarily with cgroup v1.

However, the question lays on how do we address/fix this issue permanently as it's kernel API related.

Thanks

[moughamir]

@kj54321
Fixed by the workaround suggested, just add the argument systemd.unified_cgroup_hierarchy=0 in grub

[jnk5y]

Update: installed the community edition and it works now with the added boot argument.

I added the argument but it did not solve the issue on a Fedora 31 install (upgraded from Fedora 30).

Here is my boot command line /proc/cmdline
BOOT_IMAGE=(hd0,gpt2)/vmlinuz-5.3.11-300.fc31.x86_64 root=/dev/mapper/fedora_localhost--live-root ro resume=/dev/mapper/fedora_localhost--live-swap rd.lvm.lv=fedora_localhost-live/root rd.lvm.lv=fedora_localhost-live/swap rhgb quiet systemd.unified_cgroup_hierarchy=0

[omercsp]

@jnk5y, It does work for me on F31. Fresh install though. In the Redhat thread it looks like it worked for other people as well. Did you get the same error?

[nethershaw]

Obviously docker just has to support cgroupsv2.

From the cited distribution bug (which is a downstream workaround, not an upstream workaround):

cgroups v2 isn't exactly new or a surprise to anyone. Docker just dropped a ball as an upstream.

[cpuguy83]

cgroups v2 support is well underway, support first has to be merged into containerd: containerd/containerd#3799

There's also some outstanding PR's on runc it seems.

[whatboxapp]

dnf install -y grubby

grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"

reboot

[narfman0]

Very old fedora install here. I:

1. Added GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=0" to /etc/default/grub
2. Ran grub2-mkconfig -o /boot/grub2/grub.cfg
3. Ran reboot

and everything was happy

[duckinator]

Running this on Fedora 31, after an in-place upgrade from Fedora 30, works:

sudo grubby --args='systemd.unified_cgroup_hierarchy=0' --update-kernel /boot/vmlinuz-5.3.16-300.fc31.x86_64

See a specific comment on the Fedora 31 bug report and the Fedora 31 documentation on using grubby.

[arkaitzmugicaislas]

I can't make it work in Fedora 31 Silverblue. I've tried everything to install and config moby-engine. Terminal copy-paste:
docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/create: dial unix /var/run/docker.sock: connect: permission denied.

[arkaitzmugicaislas]

ok... I've made it run...
The problem was on the way rpm-ostree works and how to change user groups.
grep -E '^docker:' /usr/lib/group >> /etc/group
and then
usermod -aG docker username
just that :-)

[RASPWeather]

Following also worked ...

dnf install -y grubby

grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"

reboot

[jboero]

This has been making my Fedora 30->31 upgrades ugly. Of course Podman works in anti-competitive efforts to push out Docker. A system-wide kernel boot option shouldn't be required for backwards compatibility with a container engine. Hmmm

[jjspace]

@cpuguy83 any update on this? I just ran into the issue on a new install of Fedora 31. Thankfully the workaround mentioned above worked for me. However I noticed that containerd PR was merged so I wanted to check on the progress from Docker's side.

[cpuguy83]

@jjspace This will not be supported until containerd 1.4 is released. I think we have all the bits we need in dockerd for this right now, but again this depends on containerd 1.4. There are also some outstanding pieces in runc.

We are currently planning the next major release of Docker ("20.03" is the placeholder version). I do not think we will be shipping that with containerd 1.4 since that is not ready yet.... but in theory one containerd 1.4 is out once that's upgraded (along with runc) it should work.

[Conan-Kudo]

This has been making my Fedora 30->31 upgrades ugly. Of course Podman works in anti-competitive efforts to push out Docker. A system-wide kernel boot option shouldn't be required for backwards compatibility with a container engine. Hmmm

Seriously? The issue is that Docker has no support for cgroup v2, which is a feature all Linux distributions have had for at least five years. The fact it's now finally being adopted is pushing everyone to add support for it.

[cpuguy83]

None of these comments are helpful.
This is a community effort.
Please keep politics out of it.

[JiangHongTiao]

Is there any update on this? Will it work for upcoming fedora 32 release out of the box?

[cpuguy83]

I gave an update 12 days ago.

Will it work OOTB on Fedora 32? Not unless Fedora switches back to cgroups v1.

Support for cgroups v2 in Docker is still being worked on across the stack.

[ablil]

I've been struggling with this problem myself on fedora 31 for a long time.
I think you should look at the official website Fedora project

The solution suggested by @RASPWeather worked for me.

[coffemate]

I got another solution.
System is CentOS 6.5.
After I installed libcgroup service and started it,docker worked fine.

sudo yum install libcgroup
sudo service cgconfig start

Detail at https://www.digitalocean.com/community/tutorials/how-to-limit-resources-using-cgroups-on-centos-6

[True-ps]

I have the same issue.
However I found a workaround:

service docker stop
service containerd stop
cgroupfs-umount
cgroupfs-mount
service containerd start
service docker start

Sysinfo:

Linux vr 5.2.0-2-amd64 #1 SMP Debian 5.2.9-2 (2019-08-21) x86_64 GNU/Linux
cgroupfs-mount ver 1.4

containerd --version

containerd containerd.io 1.2.6 894b81a4b802e4eb2a91d1ce216b8817763c29fb

docker version

Client: Docker Engine - Community
 Version:           19.03.2
 API version:       1.40
 Go version:        go1.12.8
 Git commit:        6a30dfca03
 Built:             Thu Aug 29 05:29:49 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Thanks. That did the trick for me.

[rajspatel1297]

I'm getting an error following error. Here is a complete output.

Setting up docker-ce (5:20.10.7~3-0~debian-buster) ...
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
invoke-rc.d: initscript docker, action "start" failed.
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Fri 2021-07-09 17:16:20 UTC; 42ms ago
     Docs: https://docs.docker.com
  Process: 15953 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
 Main PID: 15953 (code=exited, status=1/FAILURE)
dpkg: error processing package docker-ce (--configure):
 installed docker-ce package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 docker-ce
E: Sub-process /usr/bin/dpkg returned an error code (1)

Output of dockerd command:

INFO[2021-07-09T17:21:36.659309833Z] Starting up                                  
INFO[2021-07-09T17:21:36.665842184Z] parsed scheme: "unix"                         module=grpc
INFO[2021-07-09T17:21:36.666005302Z] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2021-07-09T17:21:36.666190669Z] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2021-07-09T17:21:36.666289415Z] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2021-07-09T17:21:36.673678480Z] parsed scheme: "unix"                         module=grpc
INFO[2021-07-09T17:21:36.673954093Z] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2021-07-09T17:21:36.674429323Z] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2021-07-09T17:21:36.674563193Z] ClientConn switching balancer to "pick_first"  module=grpc
ERRO[2021-07-09T17:21:36.692853425Z] failed to mount overlay: no such device       storage-driver=overlay2
ERRO[2021-07-09T17:21:36.693232284Z] exec: "fuse-overlayfs": executable file not found in $PATH  storage-driver=fuse-overlayfs
ERRO[2021-07-09T17:21:36.711881877Z] AUFS was not found in /proc/filesystems       storage-driver=aufs
ERRO[2021-07-09T17:21:36.725181068Z] failed to mount overlay: no such device       storage-driver=overlay
WARN[2021-07-09T17:21:36.751497714Z] Your kernel does not support cgroup memory limit 
WARN[2021-07-09T17:21:36.751650208Z] Your kernel does not support CPU CFS scheduler 
WARN[2021-07-09T17:21:36.751721705Z] Your kernel does not support CPU realtime scheduler 
WARN[2021-07-09T17:21:36.751787702Z] Unable to find blkio cgroup in mounts        
WARN[2021-07-09T17:21:36.751852199Z] Unable to find cpuset cgroup in mounts       
WARN[2021-07-09T17:21:36.751918196Z] Unable to find pids cgroup in mounts         
failed to start daemon: Devices cgroup isn't mounted

and output from docker version

Client: Docker Engine - Community
 Version:           20.10.7
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        f0df350
 Built:             Wed Jun  2 11:58:04 2021
 OS/Arch:           linux/arm
 Context:           default
 Experimental:      true
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

I'm using Debian 10 (buster) on armh platform.

Thanks in advance!

[curtisgray]

@rajspatel1297, I used the workaround suggested by @Swiftyhu. I suspect this workaround will become obsolete at some point.

Edit:
On Debian 10 (buster) I first installed cgroupfs-mount:

sudo apt install cgroupfs-mount

[thenewmantis]

Don't know how helpful this will be to anyone else, but I solved the same problem by recompiling my kernel. Run contrib/check_config.sh (in the source code) to check if your kernel supports what Docker needs, recompile accordingly.

[ndeloof]

@thaJeztah shall we close this issue? Should be owned by https://github.com/moby/moby anyway

[phisad]

Came here after an update from Ubuntu 20.04 to 22.04 (still on Docker 19; cannot update easily). The workaround from Swiftyhu helped to start the deamon. Thanks!

cgroupfs-umount
cgroupfs-mount
service containerd start
service docker start

[perlun]

Based on #2104 (comment), the following worked for me on Ubuntu 22.04 as well (trying to run Docker-in-Docker with an old Docker 18.09.9 version).

• Edited GRUB_CMDLINE_LINUX to include systemd.unified_cgroup_hierarchy=0 in /etc/default/grub
• Ran sudo grub-mkconfig -o /boot/grub/grub.cfg
• Ran sudo reboot