This is an old revision of the document!
Table of Contents
Docker troubleshooting
DOCKER-ISOLATION-STAGE-1
An unexpected docker error occurred: 500 Server Error: Internal Server Error ("unable to insert jump to DOCKER-ISOLATION-STAGE-1 rule in FORWARD chain: (iptables failed: iptables --wait -I FORWARD -j DOCKER-ISOLATION-STAGE-1: iptables v1.8.7 (nf_tables): Chain 'DOCKER-ISOLATION-STAGE-1' does not exist Try `iptables -h' or 'iptables --help' for more information. (exit status 2))") An exception occurred during task execution. To see the full traceback, use -vvv. The error was: (exit status 2))")
Restart the docker service:
systemctl restart docker.service
This is supposed to be fixed in version 5.2.3.7
Tested on
- Docker 20.10.12
- Debian 11
- shorewall 5.2.3.4
Volume shadowing
This is a tricky behaviour from Docker. Say you have a volume /app/my_data with some preexisting content which you mount in the container in the Dockerfile. This volume has some files there and folders
a.txt b.txt private/ private/c.txt private/d.txt
Your Dockerfile might look like this:
FROM python:3-alpine # create folders RUN mkdir -p /app/my_data/public && \ mkdir -p /app/my_data/backup && \ mkdir -p /app/my_data/private && \ WORKDIR /app VOLUME /app/my_data
When you run this dockerfile everything under the private/ directory will be shadowed from the volume meaning let's say you want to create another folder in Dockerfile, you add a line
mkdir -p /app/my_data/private/extra && \
like so
FROM python:3-alpine # create folders RUN mkdir -p /app/my_data/public && \ mkdir -p /app/my_data/backup && \ mkdir -p /app/my_data/private && \ mkdir -p /app/my_data/private/extra && \ WORKDIR /app VOLUME /app/my_data
When the container builds now there won't be a directory called “extra” under the private/ directory because the contents of the volume will be shown inside the container! There is no extra directory in the volume so it won't be in the container also.