docker服务起不来原因及解决
报错 关键词:
Failed to start Docker Application Container Engine.
Failed to find iptables: exec: "iptables": executable file not found in $PATH
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: Iptables not found
问题
docker指令无法使用,docker服务未正确运行。
执行docker images,报错
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
无法连接docker daemon守护程序,无法连接服务socket,docker服务启动失败。
原因排查
查看docker服务的状态
执行 systemctl status docker 查看docker服务的状态
报错
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2024-03-11 20:34:54 CST; 6 days ago
Docs: https://docs.docker.com
Main PID: 3548 (code=exited, status=1/FAILURE)
Mar 11 20:34:54 test systemd[1]: docker.service: Service hold-off time over, scheduling restart.
Mar 11 20:34:54 test systemd[1]: docker.service: Scheduled restart job, restart counter is at 3.
Mar 11 20:34:54 test systemd[1]: Stopped Docker Application Container Engine.
Mar 11 20:34:54 test systemd[1]: docker.service: Start request repeated too quickly.
Mar 11 20:34:54 test systemd[1]: docker.service: Failed with result 'exit-code'.
Mar 11 20:34:54 test systemd[1]: Failed to start Docker Application Container Engine.
显示启动 Docker Application Container Engine失败。
尝试重启docker service
执行:systemctl restart docker.service, 尝试重启docker service。
root@test:/lib/systemd/system# systemctl restart docker.service
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
无法启动。
查看 log分析原因
执行:journalctl -xe
Mar 18 13:28:40 test dockerd[24951]: time="2024-03-18T13:28:40.215890146+08:00" level=warning msg="Failed to find iptables: exec: "iptables": executable file not found in $PATH"
Mar 18 13:28:40 test dockerd[24951]: time="2024-03-18T13:28:40.218084167+08:00" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
Mar 18 13:28:40 test dockerd[24951]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: Iptables not found
Mar 18 13:28:40 test systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Mar 18 13:28:40 test systemd[1]: docker.service: Failed with result 'exit-code'.
-- Subject: Unit docker.service has failed
-- Unit docker.service has failed.
可以看出来是iptables找不到,这个服务没开起来,导致docker服务起不来。
执行systemctl status iptables
root@test:/lib/systemd/system# systemctl status iptables
Unit iptables.service could not be found.
无法找到 iptables.service;有可能是该服务没起来,没安装,或者 iptables 实际上未作为服务运行,而是系统调用。
解决方案参考
参考chatgpt3.5答案:
如果系统中找不到 iptables 服务单元(Unit),这可能意味着 iptables 实际上未作为服务运行。在某些系统上,iptables 配置可能直接由系统调用而不是通过单独的服务。 在这种情况下,您可以尝试按照以下步骤解决Docker无法启动的问题:
- 检查
iptables是否安装:首先,请确保iptables 工具已安装在系统中。您可以使用以下命令检查iptables的安装状态:
which iptables
如果该命令返回路径,则表示 iptables 已安装。如果没有返回任何内容,您可能需要安装 iptables。
- 手动加载
iptable_nat 模块:有时,即使iptables安装了,其相关内核模块也可能未加载。您可以尝试手动加载iptable_nat内核模块:
modprobe iptable_nat
- 启用 IP 转发:确保在
sysctl配置中启用了IP 转发。您可以编辑/etc/sysctl.conf文件并确保以下行未被注释(去掉前面的 # 符号),(在后面追加下面的代码)
net.ipv4.ip_forward = 1
保存文件后,运行以下命令以使更改生效:
sudo sysctl -p
- 重新启动
Docker服务:一旦您已确保iptables正常工作并将所需的内核模块加载到系统中,尝试重新启动Docker 服务:
sudo systemctl restart docker
解决过程
尝试按照上述方案进行修改:
执行:
apt-get update && apt install iptables
显示已经安装
再次执行 systemctl status iptables
显示
root@test:/lib/systemd/system# systemctl status iptables
Unit iptables.service could not be found.
说明iptables 配置可能直接由系统调用,而不是服务
执行
root@test:/lib/systemd/system# which iptables
/sbin/iptables
root@test:/lib/systemd/system# modprobe iptable_nat
root@test:/lib/systemd/system# vi /etc/sysctl.conf
root@test:/lib/systemd/system# sysctl -p
fs.file-max = 2097152
net.ipv4.ip_forward = 1
root@test:/lib/systemd/system# systemctl status iptables
Unit iptables.service could not be found.
root@test:/lib/systemd/system# systemctl restart docker.service
root@test:/lib/systemd/system# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-03-18 13:33:44 CST; 7s ago
Docs: https://docs.docker.com
Main PID: 28879 (dockerd)
Tasks: 20
CGroup: /system.slice/docker.service
└─28879 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
运行成功