페도라42에서 docker 오류

리눅스 중에 최신 버전을 사용하는 페도라 리눅스42에 docker를 설치하면 에러가 발생하면서 실행되지 않는다. 결론만 말하면 iptables-legacy 패키지를 설치하고 리부트하면 손쉽게 해결 된다. 그러면 Fedora42에서 docker 의 오류 증상과 해결법에 대해서 살펴보도록 하겠다.

참고로 페도라 리눅스 42는 2025년 4월 16일에 출시되었다.

Docker on Fedora 42

 

1. Fedora Linux 42에서 docker 오류

페도라 리눅스 42에 docker-ce를 설치하고, enable and start를 하면 다음과 같이 에러가 발생한다. 아래는 명령어 실행시 발생하는 에러 상황을 캡쳐한 것이다.

$ sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

$ sudo systemctl enable --now docker
Created symlink '/etc/systemd/system/multi-user.target.wants/docker.service' → '/usr/lib/systemd/system/docker.service'.
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xeu docker.service" for details.

$ sudo systemctl status docker
× docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: failed (Result: exit-code) since Thu 2025-07-10 15:22:14 KST; 17s ago
 Invocation: 226f2df11c4e4b67bdd829aa732b9f1d
TriggeredBy: × docker.socket
       Docs: https://docs.docker.com
    Process: 177352 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
   Main PID: 177352 (code=exited, status=1/FAILURE)

Jul 10 15:22:14 fedora systemd[1]: docker.service: Scheduled restart job, restart counter is at 3.
Jul 10 15:22:14 fedora systemd[1]: docker.service: Start request repeated too quickly.
Jul 10 15:22:14 fedora systemd[1]: docker.service: Failed with result 'exit-code'.
Jul 10 15:22:14 fedora systemd[1]: Failed to start docker.service - Docker Application Container Engine.

먼저 dnf로 docker-ce를 비롯한 5개의 패키지를 설치한 뒤에, systemctl enable --now docker로 실행하였다. 그런데 systemctl status docker로 확인해보니 Active 상태에 failed (Result: exit-code)로 표시되어있다.

좀 더 자세한 정보를 얻기 위해 journalctl로 최근 30개의 docker unit 관련 로그를 살펴보았다.

$ sudo journalctl -u docker -rn 30
Jul 10 15:22:14 fedora systemd[1]: Failed to start docker.service - Docker Application Container Engine.
Jul 10 15:22:14 fedora systemd[1]: docker.service: Failed with result 'exit-code'.
Jul 10 15:22:14 fedora systemd[1]: docker.service: Start request repeated too quickly.
Jul 10 15:22:14 fedora systemd[1]: docker.service: Scheduled restart job, restart counter is at 3.
Jul 10 15:22:12 fedora systemd[1]: Failed to start docker.service - Docker Application Container Engine.
Jul 10 15:22:12 fedora systemd[1]: docker.service: Failed with result 'exit-code'.
Jul 10 15:22:12 fedora systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Jul 10 15:22:12 fedora dockerd[177352]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: COMMAND_FAILED: INVALID_IPV: 'ipv4' is not a valid backend or is unavailable
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.245077759+09:00" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.221133353+09:00" level=warning msg="failed to find iptables" error="exec: \"iptables\": executable file not found in $PATH"
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.219303872+09:00" level=info msg="Firewalld: docker zone already exists, returning"
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.185940349+09:00" level=error msg="failed to load container" container=docker-mysqld-auth.log error="lstat /var/lib/docker/containers/docker-mysqld-auth.log/config.v2.json: not a directory"
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.185855977+09:00" level=info msg="Loading containers: start."
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.179171737+09:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.125838950+09:00" level=info msg="Creating a containerd client" address=/run/containerd/containerd.sock timeout=1m0s
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.117090429+09:00" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.116958491+09:00" level=info msg="CDI directory does not exist, skipping: failed to monitor for changes: no such file or directory" dir=/etc/cdi
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.116944136+09:00" level=info msg="CDI directory does not exist, skipping: failed to monitor for changes: no such file or directory" dir=/var/run/cdi
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.116850954+09:00" level=info msg="OTEL tracing is not configured, using no-op tracer provider"
Jul 10 15:22:12 fedora dockerd[177352]: time="2025-07-10T15:22:12.116388190+09:00" level=info msg="Starting up"
Jul 10 15:22:12 fedora systemd[1]: Starting docker.service - Docker Application Container Engine...
Jul 10 15:22:12 fedora systemd[1]: docker.service: Scheduled restart job, restart counter is at 2.
Jul 10 15:22:09 fedora systemd[1]: Failed to start docker.service - Docker Application Container Engine.
Jul 10 15:22:09 fedora systemd[1]: docker.service: Failed with result 'exit-code'.
Jul 10 15:22:09 fedora systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
==> 여기 아래 부분이 중요한 로그
Jul 10 15:22:09 fedora dockerd[177328]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: COMMAND_FAILED: INVALID_IPV: 'ipv4' is not a valid backend or is unavailable
Jul 10 15:22:09 fedora dockerd[177328]: time="2025-07-10T15:22:09.980772122+09:00" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
Jul 10 15:22:09 fedora dockerd[177328]: time="2025-07-10T15:22:09.954760374+09:00" level=warning msg="failed to find iptables" error="exec: \"iptables\": executable file not found in $PATH"
Jul 10 15:22:09 fedora dockerd[177328]: time="2025-07-10T15:22:09.952882578+09:00" level=info msg="Firewalld: docker zone already exists, returning"
Jul 10 15:22:09 fedora dockerd[177328]: time="2025-07-10T15:22:09.933501286+09:00" level=error msg="failed to load container" container=docker-mysqld-auth.log error="lstat /var/lib/docker/containers/docker-mysqld-auth.log/config.v2.json: not a directory"

뒤에서 3번째 로그에 failed to find iptables" error="exec: \"iptables\": executable file not found in $PATH" 이라는 부분이 보인다. 그대로 해석하면 $PATH에서 iptables 실행 파일을 찾지 못했다는 뜻이다. 즉 시스템에 iptables 바이너리 파일이 없는 것이다. 이는 페도라 42가 nft (netfilter) 필터 기반의 방화벽을 사용하기 때문에 iptables는 호환성을 위해서만 제공되며 기본적으로는 설치하지 않기 때문에 발생한다. 그래서 iptables-legacy 패키지를 설치하면 iptables 명령어가 제공되면서 해결되는 것이다.

 

2. 해결방법 : iptables-legacy의 설치

해결 방법은 앞서 서두에 밝힌 것처럼 iptables-legacy를 설치하면 된다. 설치 방법은 아래처럼 dnf 명령을 사용한다.

$ sudo dnf -y install iptables-legacy

설치 후 which iptables 명령을 내려서 iptables가 PATH에 걸려있는지 확인해본다. docker를 재시작하고 iptables의 초기화 같은 것들을 해줘야 하는데, 귀찮으니까 그냥 재부팅하는 것이 편하다.

재부팅 후에 systemctl status docker로 다시 한번 Active 상태를 확인해보도록 한다. 대부분은 문제없이 잘 실행될 것이다.

 

3. 해결방법2 : iptables-nft의 설치

iptables-legacy대신에 iptables-nft를 설치해도 되는 것 같다.

 

히스토리

2025-08-17 iptables-nft 내용 추가

2025-08-14 처음 글 올림