Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IPv6 documentation wrong, causing Docker crash #36954

Open
Alkarex opened this issue Apr 26, 2018 · 15 comments
Open

IPv6 documentation wrong, causing Docker crash #36954

Alkarex opened this issue Apr 26, 2018 · 15 comments

Comments

@Alkarex
Copy link

Alkarex commented Apr 26, 2018

Reposting here the following issues:

Description
The IPv6 documentation on https://docs.docker.com/config/daemon/ipv6/ seems wrong, i.e. does not actually enable IPv6 and also prevents Docker from restarting.

See distribution/distribution#2526 for a description by another user ( @igarny ).

The bug seems to have been introduced by version 1.12.6
5e28d20

Steps to reproduce the issue:

  1. Install Docker from https://get.docker.com
  2. Follow the documentation https://docs.docker.com/config/daemon/ipv6/
  • i.e. create file /etc/docker/daemon.json with content { "ipv6": true }
  1. Restart Docker with sudo service docker restart

Describe the results you received:
Docker fails to restart. Crash on startup.

sudo service docker start
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.

sudo systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: inactive (dead) (Result: exit-code) since tor 2018-04-26 17:18:13 CEST; 43s ago
     Docs: https://docs.docker.com
  Process: 6042 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
 Main PID: 6042 (code=exited, status=1/FAILURE)

apr 26 17:18:13 alexandre-VirtualBox systemd[1]: Failed to start Docker Application Container Engine.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Unit entered failed state.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Failed with result 'exit-code'.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Service hold-off time over, scheduling restart.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: Stopped Docker Application Container Engine.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Start request repeated too quickly.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: Failed to start Docker Application Container Engine.
apr 26 17:18:33 alexandre-VirtualBox systemd[1]: docker.service: Unit cannot be reloaded because it is inactive.
apr 26 17:18:47 alexandre-VirtualBox systemd[1]: docker.service: Start request repeated too quickly.
apr 26 17:18:47 alexandre-VirtualBox systemd[1]: Failed to start Docker Application Container Engine.

See distribution/distribution#2571 (comment) for more debug information from another user ( @jean-christophe-manciot ).

Describe the results you expected:
Docker restarting without crash, and IPv6 enabled.

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

Test on Virtualbox:

Client:
 Version:	18.04.0-ce
 API version:	1.37
 Go version:	go1.9.4
 Git commit:	3d479c0
 Built:	Tue Apr 10 18:20:32 2018
 OS/Arch:	linux/amd64
 Experimental:	false
 Orchestrator:	swarm

Server:
 Engine:
  Version:	18.04.0-ce
  API version:	1.37 (minimum version 1.12)
  Go version:	go1.9.4
  Git commit:	3d479c0
  Built:	Tue Apr 10 18:18:40 2018
  OS/Arch:	linux/amd64
  Experimental:	false

Test on Raspberry Pi:

Client:
 Version:       18.04.0-ce
 API version:   1.37
 Go version:    go1.9.4
 Git commit:    3d479c0
 Built: Tue Apr 10 18:25:24 2018
 OS/Arch:       linux/arm
 Experimental:  false
 Orchestrator:  swarm

Server:
 Engine:
  Version:      18.04.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   3d479c0
  Built:        Tue Apr 10 18:21:25 2018
  OS/Arch:      linux/arm
  Experimental: false

Output of docker info:

Test on Virtualbox:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 18.04.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.4.0-121-generic
Operating System: Ubuntu 16.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.859GiB
Name: alexandre-VirtualBox
ID: IP7G:KW3X:6JQM:YTQG:FKJO:6V4J:PDQQ:C4KO:KSKA:L3XP:QP3Z:WNFZ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

Additional environment details (AWS, VirtualBox, physical, etc.):

Tested on Virtualbox and on Raspberry Pi.

@Alkarex
Copy link
Author

Alkarex commented Apr 26, 2018

Another documentation page https://docs.docker.com/v17.09/engine/userguide/networking/default_network/ipv6/ that looks better (still wrong though, because fixed-cidr-v6 seems mandatory and not optional), but not as easy to find than https://docs.docker.com/config/daemon/ipv6/

@jan-dickhut
Copy link

jan-dickhut commented Feb 5, 2019

May I ask whether this is an issue with the documentation or the software?
We would like to just provide a IPv6 link-local address to the containers, without the fixed-cidr-v6 option, since IPv6 is currently no option for our setup.
Thanks.

@mesaque
Copy link

mesaque commented Mar 7, 2019

there is any news about this problem??? we need IPv6 on Docker!!! plz fix this!!

@miwagner1
Copy link

miwagner1 commented Mar 8, 2019

Why is this documentation still there to enable ipv6 when all it does is cause the docker service to not start?

@laptrinhcomvn
Copy link

laptrinhcomvn commented Mar 13, 2019

Up. I got this too.
I want IPv6 because I run it on my api service for iOS app and they required IPv6

@anirbanmu
Copy link

anirbanmu commented Apr 4, 2019

Is there any workaround for this? I just need my containers to be able to access ipv6 (outgoing). I don't need to route to my containers via ipv6 (incoming).

@parsifallo
Copy link

parsifallo commented Apr 4, 2019

Is there any workaround for this? I just need my containers to be able to access ipv6 (outgoing). I don't need to route to my containers via ipv6 (incoming).

For me it works using a fixed IPv6 address for my containers.

@Chrislevi
Copy link

Chrislevi commented Jun 9, 2019

@parsifallo Can you share your setup? what do you mean by fixed ipv6.. macvlan?

@daiaji
Copy link

daiaji commented Jun 10, 2019

Actually, I don't want to use fixed-cidr-v6. It's too complicated for me to configure the IPv6 address.
I prefer to use traditional port mapping to allow external links to access containers.
Although IPv6 NAT is evil.

@slxiao
Copy link

slxiao commented Jul 17, 2019

I met this issue today, workaround it successfully by changing content of /etc/docker/daemon.json from

{
      "ipv6": true
}

to

{
      "ipv6": true,
      "fixed-cidr-v6": "fe80::42:e0ff:fe36:174c/64"
}

@EgorDuplensky
Copy link

EgorDuplensky commented Jul 17, 2019

Faced the same issue.
To make it work the same way as ipv4 and considering example from documentation the following helped:

/etc/docker/daemon.json:

{
      "ipv6": true,
      "fixed-cidr-v6": "2001:db8:1::/64"
}

Setup forwarding and ip -6 route

ip -6 route add 2001:db8:1::/64 dev docker0
sysctl net.ipv6.conf.default.forwarding=1
sysctl net.ipv6.conf.all.forwarding=1 

enable MASQUERADE for outgoing packets:
sudo ip6tables -t nat -A POSTROUTING -s 2001:db8:1::/64 -j MASQUERADE

tomholford added a commit to tomholford/docker-openvpn that referenced this issue Oct 11, 2019
The directions are currently out of date; this comment in this docker issue helped me figure out how to resolve:

moby/moby#36954 (comment)

In short, when running Docker with systemd, it ignores command line flags, and only uses the JSON config file.
@leifnel
Copy link

leifnel commented Nov 5, 2019

What to do if I have a real ipv6 subnet different from the host network?

@ThaDaVos
Copy link

ThaDaVos commented Mar 26, 2020

I ran into the same issue as everyone else here, got redirected to the documentation, followed it and greeted with a non-starting docker...

I was trying to setup this: https://zerotier.atlassian.net/wiki/spaces/SD/pages/7274520/Using+NDP+Emulated+6PLANE+Addressing+With+Docker

The only reason I want to enable IPv6 is inside a certain docker network - my internet doesn't have IPv6 and I don't/can't enable it

@MarcelWaldvogel
Copy link

MarcelWaldvogel commented Aug 14, 2022

@EgorDuplensky Using the documentation prefix 2001:db8::/32 for anything other than documentation is a bad idea. RFC3849 explicitly states: "it is not a local-use prefix".

@slxiao

This comment was marked as off-topic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests