DOCKER_OPTS do not work in config file /etc/default/docker

[seanlook]

I have changed /etc/default/docker with DOCKER_OPTS="-H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock" (docker version 1.4.1 in ubuntu 14.04), but it do not take any effect for me. It seems that docker do not read this initital config file because I found export http_proxy enviroment do not work too.

Only sudo docker -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock -d works.

It really confused me!

[phemmer]

What distro are you using (including version), and where did you get the docker package from, and what version is it?

[seanlook]

I have memtioned it within the question. Docker version 1.4.1, ubuntu 14.04. I'm following the installation guides to install latest version $ sudo apt-get install lxc-docker

[acbodine]

$ sudo service docker stop
docker stop/waiting

$ cat /etc/default/docker
# Docker Upstart and SysVinit configuration file

# Customize location of Docker binary (especially for development testing).
#DOCKER="/usr/local/bin/docker"

# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS="-H tcp://127.0.0.1:2375"

# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"

# This is also a handy place to tweak where Docker's temporary files go.
#export TMPDIR="/mnt/bigdrive/docker-tmp"

$ sudo service docker start
$ export DOCKER_HOST=127.0.0.1:2375

$ docker info
Containers: 3
Images: 49
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Dirs: 55
Execution Driver: native-0.2
Kernel Version: 3.13.0-40-generic
Operating System: Ubuntu 14.04.1 LTS
CPUs: 4
Total Memory: 7.679 GiB
Name: thorn
ID: 2MCI:3YT2:XQ4H:AX24:S7BJ:ADF6:L4JT:EKHM:KOIG:CR7N:FOTS:ZCVS

$ docker version
Client version: 1.4.1
Client API version: 1.16
Go version (client): go1.3.3
Git commit (client): 5bc2ff8
OS/Arch (client): linux/amd64
Server version: 1.4.1
Server API version: 1.16
Go version (server): go1.3.3
Git commit (server): 5bc2ff8

I don't seem to be having the same problem. Can you paste the output of your docker info and docker version ?

[stozk]

I have installed docker locally yesterday and (probably) ran into this problem. In my case the problem was, that the new docker version (1.4.1) comes with this new /etc/default/docker file (maybe even earlier versions, but the last version I installed and only updated since then on my server, only had the DOCKER_OPTS variable in it and I think it was just empty and not commented out), which has all that stuff in it, but it's all commented out by default.
I tried for like 2 hours to get it working until I noticed that the options were inactive... :(

[acbodine]

@stozk +1 for figuring it out though!

[seanlook]

I upgrade docker version 1.3.1 to 1.4.1 and run into this problem. Finally I got my problem resolved by reboot my ubuntu server. Maybe, @stozk is right.

[AlexAndrascu]

I'm still having this issue.

sudo docker info
Containers: 3
Images: 67
Storage Driver: devicemapper
 Pool Name: docker-8:33-22287262-pool
 Pool Blocksize: 65.54 kB
 Data file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata
 Data Space Used: 1.543 GB
 Data Space Total: 107.4 GB
 Metadata Space Used: 3.158 MB
 Metadata Space Total: 2.147 GB
 Library Version: 1.02.82-git (2013-10-04)
Execution Driver: native-0.2
Kernel Version: 3.18.0-031800-generic
Operating System: Ubuntu 14.10


Client version: 1.4.1
Client API version: 1.16
Go version (client): go1.3.3
Git commit (client): 5bc2ff8
OS/Arch (client): linux/amd64
Server version: 1.4.1
Server API version: 1.16
Go version (server): go1.3.3
Git commit (server): 5bc2ff8

[fstuess]

got into the same issue.
Ubuntu 14.10 uses systemd instead of sysv-init/upstart
Maybe you should look into /lib/systemd/system/docker.service to change options

[zepalmer]

I've also encountered this problem (Debian Jessie 8.0, lxc-docker=1.6.2). After a look around at the configuration files in /lib/systemd/system/, it seems that the Docker configuration file (/lib/systemd/system/docker.service) is not using /etc/default/docker at all. :( The problem is solved by adding an EnvironmentFile directive and modifying the command line to include the options from the file, e.g.

[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
Requires=docker.socket

[Service]
EnvironmentFile=-/etc/default/docker
ExecStart=/usr/bin/docker -d $DOCKER_OPTS -H fd://
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity

[Install]
WantedBy=multi-user.target

I edited /lib/systemd/system/docker.service to look like the above, ran systemctl daemon-reload, and then restarted the Docker service. This time, it properly launched with the options set in DOCKER_OPTS in my /etc/default/docker.

Again, I'm on Debian Jessie 8.0 with lxc-docker=1.6.2, so YMMV.

[thaJeztah]

Correct, the /etc/default/docker file is only used on systems using "upstart" and "SysVInit", not on systems using systemd.

This is also mentioned at the top of the file;
https://github.com/docker/docker/blob/44fe8cbbd174b5d85d4a063ed270f6b9d2279b70/contrib/init/sysvinit-debian/docker.default#L1

[zepalmer]

Fair point. On my Debian system, however, the systemd services in /lib/systemd/system/ all include an EnvironmentFile directive to point to the appropriate /etc/defaults/ file. It seems that I should interpret this as an indication that the Ubuntu Docker package isn't, in this somewhat minor way, appropriate for Debian systems. I'll bear this in mind. :)

[thaJeztah]

@zepalmer if I'm not mistaken, there's currently some work being done on the installation for those systems, but I'm not 100% clear on what the status is and what changes are made 😊

[eolamey]

@zepalmer, as the latest version of the documentation suggests (http://docs.master.dockerproject.org/articles/systemd/), the proper way to edit systemd service file is to create a file in /etc/systemd/system/docker.service.d/<something>.conf and only override the directives you need. The file in /lib/systemd/system/docker.service is "reserved" for the package vendor.

[zepalmer]

Good to know, thanks. My apologies for cluttering up the bug report. :)

[thaJeztah]

@zepalmer no problem!

[rcousens]

This tripped me up a lot on Ubuntu 15.04 using Docker 1.8.0 experimental via the shell script install process. My assumption is the apt repository package does not provide a proper docker systemd unit file yet?

I ended up having to do a double ExecStart in my override file to clear the original else it would complain about two ExecStart's on a oneshot.

I.e. in /etc/systemd/system/docker.service.d/docker.conf

[Service]
EnvironmentFile=-/etc/default/docker
ExecStart=
ExecStart=docker -d $DOCKER_OPTS ...

[ballPointPenguin]

thanks

for me, my settings were simply located in /etc/systemd/docker file

FYI

[~]$ docker info
Containers: 4
Images: 77
Storage Driver: btrfs
 Build Version: Btrfs v4.1.2+20150724
 Library Version: 101
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.1.6-1-desktop
Operating System: openSUSE 20150823 (Tumbleweed) (x86_64)
CPUs: 8
Total Memory: 15.55 GiB
Name: linux.site
ID: 7JXD:UYXG:ADLO:4DYM:YBSL:GBCO:RGXE:RICT:3WV3:REZX:HIQM:Y773
Username: ____
Registry: https://index.docker.io/v1/
WARNING: No swap limit support

[mattelacchiato]

Hi,

I can't find the commits 5c7fa42 and 0e7fb27 any more. Were they published to a branch which is now deleted?

I think, the should be merged into master and/or to the release branch immediately!

[cpuguy83]

@mattelacchiato no they were not.
systemd has a built-in method called 'drop-ins' to handle customizing unit files.

https://coreos.com/os/docs/latest/using-systemd-drop-in-units.html

[netbrain]

Apparently you can override the entire unit file like so:

sudo cp /lib/systemd/system/docker.service /etc/systemd/system/docker.service

and then replacing whatever you need in the new file located within /etc.

[thaJeztah]

@netbrain also see the documentation, which contains some example to override more fine-grained: https://docs.docker.com/articles/systemd/#custom-docker-daemon-options

[anirudt]

@stozk 👍 for providing the fix.

[jeffjohnston]

@thaJeztah That link fixed my issue too. I could clearly see that adding things to /etc/sysconfig/docker was not doing anything but I wasn't really sure the best way to fix it.

Is there anyone I could notify to let them know the docs are wrong on this page:
https://docs.docker.com/engine/articles/configuring/

Or at least put in a link for systemd (Red Hat) installs so others can figure it out faster:
http://docs.docker.com/engine/articles/systemd/#custom-docker-daemon-options

[JM1]

If you use options that need expansion, e.g.: DOCKER_OPTS="-g $(readlink -f /var/lib/docker)" then this might help:

[ ! -e /etc/systemd/system/docker.service.d/ ] && mkdir -p /etc/systemd/system/docker.service.d/
cat << 'EOF' > /etc/systemd/system/docker.service.d/docker.conf
# Load /etc/default/docker from SystemD init script
# References: 
#  https://github.com/docker/docker/issues/9889#issuecomment-120927382
#  https://gist.github.com/nickjacob/9909574

[Service]
# This line is sufficient if DOCKER_OPTS variable does not have to be expanded:
#EnvironmentFile=-/etc/default/docker
# Use this line to expand DOCKER_OPTS variable:
ExecStartPre=/bin/sh -c ". /etc/default/docker && /bin/systemctl set-environment DOCKER_OPTS=\"$DOCKER_OPTS\""

ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS

EOF

systemctl daemon-reload 
service docker restart

[JazzDeben]

On Ubuntu. If you experience error:

• x509: cannot validate certificate for [IP address or domain name] because it doesn't contain any IP SANs

On the Docker registry the certificate had to be compiled with the subjectAltName as described here:
https://docs.docker.com/engine/security/https/

Here is the code for convenience:
$ echo subjectAltName = IP:10.10.10.20,IP:127.0.0.1 > extfile.cnf
$ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem
-CAcreateserial -out server-cert.pem -extfile extfile.cnf

Note, I was able to check the subject alternative name is present in the certificate using the following command:
openssl x509 -in certificate.crt -text -noout

However, on Ubuntu 14 client (i.e. Docker Engine)
This error was followed suit by
x509: certificate signed by unknown authority

For people using Ubuntu 14.
The config file that is used for the Docker engine (that I want to use to connect to the Docker Registry):
/etc/default/docker

in there, you need to specify the docker options:
DOCKER_OPTS="--insecure-registry myinsecure.com:5000"

Then restart the daemon (add sudo if you user is not allowed to start a docker service):
$ [sudo] service docker restart

The value does not need to be a domain name, it simply has to match what you certificate is registered with; I have an IP address with a port and this works... (i.e. e.g. 100.100.100.100:100)

All this took me a day, so, I am posting this hoping that it will be useful to other people...

[rjarmstrong]

Having gone down this road twice here's my take for Debian Jessie:

Debian GNU/Linux 8 (jessie) / Docker version 1.12.3

vi /lib/systemd/system/docker.service

Change this line:

     ExecStart=/usr/bin/dockerd --label=[co.kwk.dc=sj] -H fd://

systemctl daemon-reload
service docker restart

Check it
docker info

Would be great if /etc/default/docker file wasn't installed on systemd setups.

[thaJeztah]

@rjarmstrong you should not modify the main systemd unit file; doing so will result in the unit file not being updated if you update a newer version of docker, which can result in issues. If you want to change the systemd unit file, use a drop-in file, as explained here; http://docs.docker.com/engine/articles/systemd/#custom-docker-daemon-options

However, the easiest way to make changes to the daemon configuration is to use a daemon.json configuration file; that approach works independent of the init system used (systemd, upstart), and even works if you start the daemon manually. If also allows you to reload some configuration settings without restarting the daemon. See https://docs.docker.com/engine/reference/commandline/dockerd/#/daemon-configuration-file

[rjarmstrong]

Thanks @thaJeztah that works well - I went with editing /etc/docker/daemon.json and restarting the service. I think the documentation on Docker could summarise the configuration options at the top of the page better though, as it stands you kind of have to read most of the page (estimated reading time 47 minutes!) to get a full idea of the options.

[carloscds]

Hi all, I'm using Ubuntu 16.10 and I have same problem: daemon not use DOCKER_OPTS config. Any ideas ?

[thaJeztah]

@carloscds did you take the time to read the discussion above before posting your question?

[carloscds]

@thaJeztah I already read this post and many others, but I can't solve my problem.

[cpuguy83]

@carloscds Don't use /etc/default/docker. It's used only by upstart, which is not used by Ubuntu since 16.04.

Use /etc/docker/daemon.json, which is documented here: https://docs.docker.com/engine/reference/commandline/dockerd/#/linux-configuration-file

[carloscds]

@cpuguy83 Thanks, I change configuration using daemon.json and now it's working!

[et304383]

Why does the docker.io package install a systemd file that DOES source EnvironmentFile for additional config?

Meanwhile docker-engine installs a different systemd file. Which package is correct? Why is docker.io still present if it's wrong?

[vdemeester]

Which package is correct? Why is docker.io still present if it's wrong?

docker-engine is the official one. docker.io package is not maintained by us, it's maintained (probably no more) by Ubuntu developper (see http://packages.ubuntu.com/zesty/docker.io)

[cpuguy83]

@eric-tucker "docker-engine" is the official package provided by Docker Inc, "docker.io" is provided by Canonical.

It's important to note that "EnvironmentFile" is not shell compatible, meanwhile the old "/etc/default/docker" is expected to be sourced by a shell.

The daemon.json file is the right place to put config. It supports hot-reloading of certain parameters and works on any distro, init system, whatever.

[et304383]

@cpuguy83 so how does one define DOCKER_OPTS now then? In /etc/docker/daemon.json here?

    "insecure-registries": [],

I want to make sure I'm doing things correctly now.

Edit: I was editing DOCKER_OPTS to specify an insecure registry.

[cpuguy83]

You don't define "DOCKER_OPTS".
In the old upstart config this is essentially what was happening:

# /etc/default/docker
DOCKER_OPTS="--insecure-registry 1.2.3.4 -s overlay"

# upstart config
source /etc/default/docker
exec docker daemon "$DOCKER_OPTS"

DOCKER_OPTS was not some special env var that Docker uses, it's just set in one file and consumed by the init script in another file and inserted as an inline argument to the docker command.

/etc/docker/daemon.json is the hard-coded default location for daemon configuration in Docker.
To do the equivalent config as above you would put this in /etc/docker/daemon.json:

{
    "insecure-registries": ["1.2.3.4"],
    "storage-driver": "overlay"
}

When docker starts, it reads this file and loads the configuration.

[et304383]

I understood that DOCKER_OPTS was just a way to get command line options onto the daemon call. Hence why I was aware of the EnvironmentFile line in the docker.io version of /lib/systemd/system/docker.service. I know you have to assume we're all dumb in your replies though. :)

Glad to know config has gotten simpler with a simple json file, but yaml would have been a better choice. :(

[thaJeztah]

@eric-tucker it helps for people that arrive on these issues through Google search, and may not be aware of the way things work.

[et304383]

Good point @thaJeztah . The json config is working for me. Thanks @cpuguy83 and @vdemeester .

[imranfawan]

@acbodine - Thanks your post really helped !! In addition to setting DOCKER_OPTS="-H tcp://127.0.0.1:2375". However to get jenkins to pick up the daemon I also had to execute
sudo nohup docker daemon -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock &

[sbwoodside]

The Debian package should not install SysVinit scripts and configuration files (e.g. /etc/default/docker) because they are not used.

I filed this new issue: #30936

Thanks @zepalmer @rjarmstrong

[chucky2305]

I think i have f***ed up my docker.service file. Can someone post me the original file of it?

[thaJeztah]

@chucky2305 latest version is here; https://github.com/moby/moby/tree/master/contrib/init/systemd, depending on if you're using an rpm-based system (CentOS, RHEL, Fedora), you only need the .rpm version, otherwise, you need the other two (for socket activation)

[holms]

Using /etc/docker/daemon.json instead of /etc/default/docker solved my issue! This comments for those who scrolls to the last post 👅