docker-compose fails with "Running modprobe bridge nf_nat failed with message: , error: exit status 1"

[nate-johnston]

I had an issue running docker-compose up on a CentOS 7 box. What should I do to overcome this?

Thanks!

 ---> 63689dc12451
Step 10 : RUN docker -d -b none -s vfs & sleep 1; docker pull cirros
 ---> Running in 9ad27f95fb0b
time="2015-07-24T19:26:51.555390737Z" level=info msg="Listening for HTTP on unix (/var/run/docker.sock)" 
time="2015-07-24T19:26:51.564834062Z" level=warning msg="Running modprobe bridge nf_nat failed with message: , error: exit status 1" 
time="2015-07-24T19:26:51.664574275Z" level=warning msg="Your kernel does not support cgroup memory limit: mountpoint for memory not found" 
time="2015-07-24T19:26:51.665785492Z" level=warning msg="mountpoint for cpu not found" 
time="2015-07-24T19:26:51.666380089Z" level=fatal msg="Error mounting devices cgroup: mountpoint for devices not found" 
Cannot connect to the Docker daemon. Is 'docker -d' running on this host?
Service 'dockenstack' failed to build: The command [/bin/sh -c docker -d -b none -s vfs & sleep 1; docker pull cirros] returned a non-zero code: 1

[lisandrod]

I have same error as well running on Ubuntu 14.04.2 LTS

$ docker version
Client version: 1.7.1
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 786b29d
OS/Arch (client): linux/amd64
Server version: 1.7.1
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 786b29d
OS/Arch (server): linux/amd64

Step 10 : RUN docker -d -b none -s vfs & sleep 1; docker pull cirros
---> Running in 8888556f740b
time="2015-07-24T19:42:15.803283723Z" level=info msg="Listening for HTTP on unix (/var/run/docker.sock)"
time="2015-07-24T19:42:15.803427489Z" level=warning msg="Running modprobe bridge nf_nat failed with message: , error: exit status 1"
time="2015-07-24T19:42:15.939295561Z" level=warning msg="Your kernel does not support cgroup memory limit: mountpoint for memory not found"
time="2015-07-24T19:42:15.939548874Z" level=warning msg="mountpoint for cpu not found"
time="2015-07-24T19:42:15.939841367Z" level=fatal msg="Error mounting devices cgroup: mountpoint for devices not found"
Cannot connect to the Docker daemon. Is 'docker -d' running on this host?
Service 'dockenstack' failed to build: The command '/bin/sh -c docker -d -b none -s vfs & sleep 1; docker pull cirros' returned a non-zero code: 1

[miztiik]

I have hit the same issue,

docker info

[root@dockerHostCentOS7 ~]# docker info
Containers: 3
Images: 79
Storage Driver: btrfs
 Build Version: Btrfs v3.16.2
 Library Version: 101
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.10.0-229.11.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
CPUs: 1
Total Memory: 993.6 MiB
Name: dockerHostCentOS7
ID: TS3Z:67S2:IC4F:TKCM:CGYX:Z6IG:5LR7:JYHK:OUGM:DZZC:4WBW:KGUS

docker version

[root@dockerHostCentOS7 ~]# docker version
Client version: 1.7.1
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 786b29d
OS/Arch (client): linux/amd64
Server version: 1.7.1
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 786b29d
OS/Arch (server): linux/amd64

Host version

[root@dockerHostCentOS7 ~]# uname -a
Linux dockerHostCentOS7 3.10.0-229.11.1.el7.x86_64 #1 SMP Thu Aug 6 01:06:18 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@dockerHostCentOS7 ~]#

[askb]

I am getting the same issue on Ubuntu 14.04:

Step 11 : RUN docker daemon -b none -s vfs & sleep 1; docker pull cirros
 ---> Running in 9b356b01beb8
time="2016-03-08T10:46:15.731937766Z" level=info msg="API listen on /var/run/docker.sock" 
time="2016-03-08T10:46:15.734726334Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.13.0-79-generic/modules.dep.bin'\nmodprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.13.0-79-generic/modules.dep.bin'\n, error: exit status 1" 
time="2016-03-08T10:46:15.736391407Z" level=warning msg="Running modprobe nf_nat failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.13.0-79-generic/modules.dep.bin'`, error: exit status 1"                                                                                                                         
time="2016-03-08T10:46:15.750313007Z" level=fatal msg="Error starting daemon: Error initializing network controller: error obtaining controller instance: Failed to create NAT chain: iptables failed: iptables -t nat -N DOCKER: iptables v1.4.21: can't initialize iptables table `nat': Permission denied (you must be root)\nPerhaps iptables or your kernel needs to be upgraded.\n (exit status 3)"                                                                                                                                                                                          
Using default tag: latest                                                                                                                                                                        
Cannot connect to the Docker daemon. Is the docker daemon running on this host?                                                                                                                  
ERROR: Service 'dockenstack' failed to build: The command '/bin/sh -c docker daemon -b none -s vfs & sleep 1; docker pull cirros' returned a non-zero code: 1 

$ docker --version 
Docker version 1.10.2, build c3959b1
abelur@abelur-i5537:~/git/Dockerfiles/dockenstack$ docker version 
Client:
 Version:      1.10.2
 API version:  1.22
 Go version:   go1.5.3
 Git commit:   c3959b1
 Built:        Mon Feb 22 21:37:01 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.10.2
 API version:  1.22
 Go version:   go1.5.3
 Git commit:   c3959b1
 Built:        Mon Feb 22 21:37:01 2016
 OS/Arch:      linux/amd64

[kbespalov]

I have the same issue with Ubuntu 15.10. At first for starting docker daemon inside docker container we need to run it with privileged mode. If that was not done, your docker daemon will be failure with next error:

INFO[0000] API listen on /var/run/docker.sock FATA[0000] Error starting daemon: Error initializing network controller: error obtaining controller instance: Failed to create NAT chain: iptables failed: iptables -t nat -N DOCKER: iptables v1.4.21: can't initialize iptables table nat: Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. (exit status 3)
It is exactly why we have a problem. As proof - just check last container in the image history for it's running mode (docker inspect <container_id>). In my case it have: "Privileged": false.

[ewindisch]

Thanks. Please make a pull request.

[wofanli]

Looks like docker does not support to RUN container in privileged mode.
moby/moby#1916
Any ideas?

[schatzidogssss]

Same issue, using boot2docker with windows. latest pull doesn't fix.

---

Step 11 : RUN docker daemon -b none -s vfs & sleep 1; docker pull cirros

---> Running in 74e9140c579f
�[91mtime="2016-09-08T23:37:04.309031491Z" level=info msg="API listen on /var/run/docker.sock"
�[0m�[91mtime="2016-09-08T23:37:04.309248772Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.17-boot2docker/modules.dep.bin'\nmodprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.17-boot2docker/modules.dep.bin'\n, error: exit status 1"
�[0m�[91mtime="2016-09-08T23:37:04.311203755Z" level=warning msg="Running modprobe nf_nat failed with message: modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.17-boot2docker/modules.dep.bin', error: exit status 1"
�[0m�[91mtime="2016-09-08T23:37:04.320570447Z" level=fatal msg="Error starting daemon: Error initializing network controller: error obtaining controller instance: Failed to create NAT chain: iptables failed: iptables -t nat -N DOCKER: iptables v1.4.21: can't initialize iptables table `nat': Permission denied (you must be root)\nPerhaps iptables or your kernel needs to be upgraded.\n (exit status 3)"
�[0mUsing default tag: latest
�[91mCannot connect to the Docker daemon. Is the docker daemon running on this host?
�[0m

[leoieggli]

Is it solved? I got the same issue here:
Step 11/35 : RUN docker daemon -b none -s vfs & sleep 1; docker pull cirros
---> Running in 7e9b02dc5fc4
time="2017-05-19T17:38:58.660771350Z" level=info msg="API listen on /var/run/docker.sock"
time="2017-05-19T17:38:58.660873408Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.10.0-514.10.2.el7.x86_64/modules.dep.bin'\nmodprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.10.0-514.10.2.el7.x86_64/modules.dep.bin'\n, error: exit status 1"
time="2017-05-19T17:38:58.661748718Z" level=warning msg="Running modprobe nf_nat failed with message: modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.10.0-514.10.2.el7.x86_64/modules.dep.bin', error: exit status 1"
time="2017-05-19T17:38:58.670330565Z" level=fatal msg="Error starting daemon: Error initializing network controller: error obtaining controller instance: Failed to create NAT chain: iptables failed: iptables -t nat -N DOCKER: iptables v1.4.21: can't initialize iptables table `nat': Permission denied (you must be root)\nPerhaps iptables or your kernel needs to be upgraded.\n (exit status 3)"
Using default tag: latest
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
The command '/bin/sh -c docker daemon -b none -s vfs & sleep 1; docker pull cirros' returned a non-zero code: 1

[mko-x]

Sorry - this error still occurs out of the box.

Thanks. Please make a pull request.

Is not very helpful at that point.

Are you planing to investigate this at any time?