cannot connect to the docker daemon at unix:///var/run/docker.sock. is the docker daemon running?

Cannot connect to the docker daemon at unix:///var/run/docker.sock. is the docker daemon running?

The above error is very common in docker as there any many factors that cause this and we will see the practical use cases of then and the explanation with solutions.

Firstly the socket file is the main Unix/Linux pipe that is used by the dockerd which provides a self-sufficient runtime environment for the docker containers.

We generally come across the issues with the following error stating "Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock” as the aprticular user executing docker cli is not authorized

We have a simple fix for this issue, As a Best practice on linux server running docker daemon, we need to update the following file /etc/sysconfig/docker with relevant docker group as shown below:

# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false -G dockerroot'

We have added the new Value of -G dockerroot to the OPTIONS= in /etc/sysconfig/docker
-G is the Flag to add the linux group and dockerroot is the privileged docker linux group for the docker daemon on centos/RHEL systems.
We now need to save the file and restart the docker daemon as we have modified the configuration file for the Docker daemon.

[vamshi@node01 ~]$ sudo systemctl restart docker

We now need to ensure the user accessing the docker command is part of the group dockerroot using usermod command as shown below.

[root@node01 ~]# sudo usermod -aG dockerroot vamshi

We now verify the user group information and verify the user is part of the group dockerroot.

[root@node01 ~]# id vamshi
uid=1001(vamshi) gid=1001(vamshi) groups=1001(vamshi),10(wheel),994(dockerroot)

You need relogin back if you are using the username to apply the linux group changes and once you login back you will be able to access the docker with the user account.

This process works for centos systems as we have modified the file /etc/sysconfig/docker and
The same approach can be implemented on Debian/Ubuntu systems by modifying /etc/default/docker which we will look at another post.

Now lets look at the second approach to the problem which is more of getting your hands dirty..
You will now modify the socket file by Hand as we will demonstrate in the following demonstration.

For us to be able to access this, we have to be have a read permission to this socket.
The permissions on /var/run/docker.sock will be as follows:

[vamshi@node02 ~]$ ls -l /var/run/docker.sock
srw-rw----. 1 root root 0 Apr 07 14:02 /var/run/docker.sock

As I mentioned earlier this being a socket file, as the symbol s is indicated at the start of the file permission attributes in the above output.

To overcome this issue, we have to create a docker group on the docker server as follows:

[vamshi@node02 ~]$ sudo groupadd docker

We check the group entity with the following command:

[vamshi@node02 ~]$ sudo getent group docker
docker:x:1009:

Now applying the docker group ownership to /var/run/docker.sock

[vamshi@node02 ~]$ sudo chgrp docker /var/run/docker.sock

And Here is the socket file attributes with updated group ownership:

[vamshi@node01 ~]$ ls -l /var/run/docker.sock 
srw-rw----. 1 root docker 0 Apr 07 14:09 /var/run/docker.sock

Now we have to add our user to the docker group to gain the rw permissions.
We do that in the following steps:

# sudo usermod -aG docker vamshi

Now we confirm the group members as below:

[vamshi@node02 ~]$ sudo getent group docker
docker:x:1009:vamshi

Now we need to logout and login back to this system and we will be able to access the docker command with the user.

The Other issues you might face while accessing the docker cli is probably accessing the docker server over a network where in the connection is established over the TCP connection with the docker server.

The docker server is also capable of handling the requests over the network provided it is exposed over a TCP port.
In most of the docker client server architecture, The Docker server listens on a tcp port over the network and This will be the second scenario where you have to access the docker server over the tcp socket and have to enable to the DOCKER_HOST with the docker server details over tcp.

You can try to connect to the docker server as follows

[user@docker-client ~]$ docker -H tcp://<Your-Docker-Server-IP>:<Port> version

Below is a practical command example:

[vamshi@jenkins-slave01 ~]$ docker -H tcp://10.100.0.10:4243 version

This scenario is most common with build agents like the jenkins slave and containers which run the post build and perform deployments. and is more common in the jenkins build environment..

The third most probable cause being that the actual docker server is not running if you have a local only setup and you can confirm by running the simple troubleshooting steps below by checking the process list and grep for docker process
ps -ef | grep docker and ensure that you have the docker services is started sudo systemctl status docker and ensure that its enabled on startup with sudo systemctl enable docker

Please refer our other Devops documents and do share your best practices in comments.

How do you fix Docker Cannot connect to the Docker daemon at Unix VAR run Docker sock is the Docker daemon running?

How to Resolve the “cannot connect to the Docker daemon” Error

  1. Method 1: Check the Docker Engine.
  2. Method 2: Assign Ownership to the Docker Unix Socket.
  3. Method 3: Check the Ownership of Used Files.
  4. Method 4: Add Your User to the Docker Group.
  5. Method 5: Add Environment Tables on OS X.

How do I connect to a Docker daemon?

How to Connect to a Remote Docker Daemon

  1. sudo mkdir -p /etc/systemd/system/docker.service.d.
  2. sudo nano /etc/systemd/system/docker.service.d/options.conf.
  3. [Service] ExecStart= ExecStart=/usr/bin/dockerd -H unix:// -H tcp://0.0.0.0:2375.
  4. # Reload the systemd daemon.

How do I make sure Docker daemon is running?

Another way to check for a running Docker daemon is by inspecting its process ID file. The daemon writes its process ID to /var/run/docker. pid each time it starts up. When this file exists, Docker should be running and ready for CLI connections.

Is the Docker daemon running Docker in Docker?

Docker daemon by default listens to docker. sock. If you are on the same host where Docker daemon is running, you can use the / var/run/docker. … To run docker inside docker, all you have to do it just run docker with the default Unix socket docker.

Is the Docker daemon running MacOS?

On macOS the docker binary is only a client and you cannot use it to run the docker daemon, because Docker daemon uses Linux-specific kernel features, therefore you can’t run Docker natively in OS X.

What is Unix VAR run?

A new TMPFS-mounted file system, /var/run , is the repository for temporary system files that are not needed across system reboots in this Solaris release and future releases. For security reasons, /var/run is owned by root.

What is Unix VAR run Docker sock?

sock is basically the Unix socket the Docker daemon listens on by default. It is also a tool used to communicate with the Docker daemon from within a container. The image shows how container can access the features of docker daemon without being part of the interface itself.

What is Docker daemon and Docker?

Docker Daemon is simply a part of Docker Engine. Quoting the Docker engine overview page: Docker Engine is an open source containerization technology for building and containerizing your applications. Docker Engine acts as a client-server application with: A server with a long-running daemon process dockerd.

What is Docker daemon?

Docker daemon is a persistent background process that manages the containers on a single host. It is a self-sufficient runtime that manages Docker objects such as images, containers, network, and storage. … By default, Docker daemon creates a non-networked Unix domain socket at /var/run/docker.

How do I shutdown a docker daemon?

To stop the docker process that is already running you can just press ctrl + c or send a kill signal to it.

Where is Docker daemon port?

Check your Docker daemon. After restarting docker service, you can see the port in the output of systemctl status docker. service like /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock

Leave a Comment