User Tools

Site Tools


wiki:docker_troubleshooting

Docker troubleshooting

DOCKER-ISOLATION-STAGE-1

An unexpected docker error occurred: 500 Server Error: Internal Server Error ("unable to insert jump to DOCKER-ISOLATION-STAGE-1 rule in FORWARD chain:  (iptables failed: iptables --wait -I FORWARD -j DOCKER-ISOLATION-STAGE-1: iptables v1.8.7 (nf_tables): Chain 'DOCKER-ISOLATION-STAGE-1' does not exist
  Try `iptables -h' or 'iptables --help' for more information.
   (exit status 2))")
An exception occurred during task execution. To see the full traceback, use -vvv. The error was:  (exit status 2))")

Restart the docker service:

systemctl restart docker.service

Or create that chain in filter table

iptables -t filter -N DOCKER-ISOLATION-STAGE-1

This is supposed to be fixed in version 5.2.3.7

Tested on

  • Docker 20.10.12
  • Debian 11
  • shorewall 5.2.3.4

Volume shadowing

This is a tricky behaviour from Docker. Say you have a volume /app/my_data with some preexisting content which you mount in the container in the Dockerfile. This volume has some files there and folders

a.txt
b.txt
private/
private/c.txt
private/d.txt

Your Dockerfile might look like this:

FROM python:3-alpine

# create folders
RUN mkdir -p /app/my_data/public && \
    mkdir -p /app/my_data/backup && \
    mkdir -p /app/my_data/private && \


WORKDIR /app
VOLUME /app/my_data

When you run this dockerfile everything under the private/ directory will be shadowed from the volume meaning let's say you want to create another folder in Dockerfile, you add a line

mkdir -p /app/my_data/private/extra && \

like so

FROM python:3-alpine

# create folders
RUN mkdir -p /app/my_data/public && \
    mkdir -p /app/my_data/backup && \
    mkdir -p /app/my_data/private && \
    mkdir -p /app/my_data/private/extra && \

WORKDIR /app
VOLUME /app/my_data

When the container builds now there won't be a directory called “extra” under the private/ directory because the contents of the volume will be shown inside the container! There is no extra directory in the volume so it won't be in the container also.

To get around this you will have to create this extra directory on the host and change it's permissions accordingly or define a new volume for this extra directory only.

See also

References

wiki/docker_troubleshooting.txt · Last modified: 2022/07/29 10:40 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki