自己租了一个阿里云服务器,在上面搭建了docker环境,学习docker也有一段时间了,今天想在自己的CentOS7虚拟机中在安装一个docker,问题就随着出现了。这个问题花费了一些时间,不过最后总算解决了。
软件环境:
操作系统: CentOS7
内核版本:3.10.0-514
其他:VMware14
出现的问题:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
我的yum源都是换过的,没有使用CentOS7自带的yum源。替换成阿里云源了
Docker守护进程JSON配置文件: /etc/docker/daemon.json
Docker守护进程数据保存目录: /var/lib/docker
Docker守护进程日志: /var/log/messages
Docker守护进程默认监听的Unix域套接字:/var/run/docker.sock
0x01 安装docker
[admin@localhost ~]$ sudo yum install -y docker
[admin@localhost ~]$ docker -v
Docker version 1.13.1, build 94f4240/1.13.1
[admin@localhost ~]$ sudo docker info
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
这个时候就出现了问题,百度Google了很多,都没有找到合适的解决办法。
0x02 查看docker daemon有没有运行
[admin@localhost ~]$ ps aux | grep docker
admin 4319 0.0 0.0 112664 972 pts/0 R+ 18:57 0:00 grep --color=auto docker
可以判断docker daemon是没有运行的
0x03 手动启动守护程序
[admin@localhost log]$ dockerd
INFO[0000] libcontainerd: new containerd process, pid: 4521
WARN[0000] containerd: low RLIMIT_NOFILE changing to max current=1024 max=4096
INFO[0001] [graphdriver] using prior storage driver: overlay2
INFO[0001] Graph migration to content-addressability took 0.00 seconds
INFO[0001] Loading containers: start.
INFO[0001] Firewalld running: true
INFO[0001] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address
INFO[0001] Loading containers: done.
WARN[0001] Not using native diff for overlay2, this may cause degraded performance for building images: opaque flag erroneously copied up, consider update to kernel 4.8 or later to fix
WARN[0001] failed to retrieve docker-runc version: exec: "docker-runc": executable file not found in $PATH
WARN[0001] failed to retrieve docker-init version
INFO[0001] Daemon has completed initialization
INFO[0001] Docker daemon commit="94f4240/1.13.1" graphdriver=overlay2 version=1.13.1
INFO[0001] API listen on /var/run/docker.sock
这些是之前的记录,然后再开一个终端,再次查看一遍信息,在新开的终端输入:sudo docker info
新终端:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 1.13.1
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: N/A (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-514.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 1
Total Memory: 976.5 MiB
Name: localhost.localdomain
ID: QA5O:XAFA:Y6MT:P7HC:HR6A:YFQ5:QITP:EDNR:6IMA:THF7:UKBE:CUD5
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Registries: docker.io (secure)
守护进程所在终端:
INFO[0000] libcontainerd: new containerd process, pid: 4521
WARN[0000] containerd: low RLIMIT_NOFILE changing to max current=1024 max=4096
INFO[0001] [graphdriver] using prior storage driver: overlay2
INFO[0001] Graph migration to content-addressability took 0.00 seconds
INFO[0001] Loading containers: start.
INFO[0001] Firewalld running: true
INFO[0001] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address
INFO[0001] Loading containers: done.
WARN[0001] Not using native diff for overlay2, this may cause degraded performance for building images: opaque flag erroneously copied up, consider update to kernel 4.8 or later to fix
WARN[0001] failed to retrieve docker-runc version: exec: "docker-runc": executable file not found in $PATH
WARN[0001] failed to retrieve docker-init version
INFO[0001] Daemon has completed initialization
INFO[0001] Docker daemon commit="94f4240/1.13.1" graphdriver=overlay2 version=1.13.1
INFO[0001] API listen on /var/run/docker.sock
WARN[0050] failed to retrieve docker-runc version: exec: "docker-runc": executable file not found in $PATH
WARN[0050] failed to retrieve docker-init version
0x04 查看日志
[admin@localhost ~]$ sudo cat /var/log/messages
May 31 19:21:09 localhost dbus[660]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
May 31 19:21:09 localhost dbus-daemon: dbus[660]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
May 31 19:21:09 localhost systemd: Starting Fingerprint Authentication Daemon...
May 31 19:21:09 localhost dbus[660]: [system] Successfully activated service 'net.reactivated.Fprint'
May 31 19:21:09 localhost dbus-daemon: dbus[660]: [system] Successfully activated service 'net.reactivated.Fprint'
May 31 19:21:09 localhost systemd: Started Fingerprint Authentication Daemon.
May 31 19:21:09 localhost fprintd: Launching FprintObject
May 31 19:21:09 localhost fprintd: ** Message: D-Bus service launched with name: net.reactivated.Fprint
May 31 19:21:09 localhost fprintd: ** Message: entering main loop
May 31 19:21:39 localhost fprintd: ** Message: No devices in use, exit
没有看出什么问题
0x05 启动docker
$ systemctl start docker //没有启动成功
$ journalctl -xe
-- Unit docker.service has begun starting up.
6月 03 11:18:42 localhost.localdomain dockerd-current[50448]: time="2018-06-03T11:18:42.746059974+08:00" level=info msg="libcontainerd: new containerd process, pid: 50453"
6月 03 11:18:44 localhost.localdomain dockerd-current[50448]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either boot into a new
6月 03 11:18:44 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
6月 03 11:18:44 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is failed.
6月 03 11:18:44 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
6月 03 11:18:44 localhost.localdomain systemd[1]: docker.service failed.
6月 03 11:18:44 localhost.localdomain polkitd[648]: Unregistered Authentication Agent for unix-process:50367:23334872 (system bus name :1.1153, object path /org/freedesktop/Policy
6月 03 11:19:07 localhost.localdomain fprintd[50383]: ** Message: No devices in use, exit
SELinux不支持这个内核上的overlay2图形驱动程序,终于找到了问题所在,原来是内核不支持,我用的是3.10.0-514的内核,所以将内核升级就可以了
0x06 升级内核—解决方法
1).导入ELRepo软件仓库的公共秘钥
$ sudo rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
2).安装ELRepo软件仓库的yum源
$ sudo rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
3).安装主线内核(ml=mainline)
$ sudo yum --enablerepo=elrepo-kernel install kernel-ml
4).重启系统
$ reboot
5).选择进入4.16.13-1.e17内核的系统
6).查看内核以及docker信息
$ uname -r
$ systemctl start docker
$ docker info
现在docker就可以正常使用了
0x07 出现该问题的因素
1.docker没有启动
$ systemctl start docker
2.该系统的内核不支持
升级内核
3.用户没有管理docker的权限
$ sudo docker info
或者创建一个docker用户组,将该普通用户加入到docker组中,这样用户就可以管理docker了。
$ sudo groupadd docker
$ sudo usermod -aG docker admin
目前所了解就这三个因素,如果有其他因素以后碰到会再来补充。
0x08 总结
但是没有及时查看Docker的状态,这也是花费这么长时间的原因之一,还有就是对Docker的守护进程以及套接字之间理解的不是很好,所以出现问题才会没有清晰的排查思路,通过这次问题的解决,的确让我对Docker套接字还有守护进程之类的加深了理解。所以我相信,只要能够不断解决问题,在学习上就能学的更多,理解的更透彻。