当 运行 一个 Docker 容器时主机上没有网络
No network on host machine when running a Docker container
我在 Arch Linux 机器上,当 运行 使用此命令的容器时主机上没有网络:
docker run jenkins
停止 Docker 后,网络又恢复了。 欢迎任何建议。
编辑:
似乎当 运行 -p 选项并提供 80 以外的其他端口时,网络可用几分钟,然后再次丢失。
**> docker version**
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.5.1
Git commit: a34a1d5-dirty
Built: Sun Nov 22 00:15:15 UTC 2015
OS/Arch: linux/amd64
Server:
Version: 1.9.1
API version: 1.21
Go version: go1.5.1
Git commit: a34a1d5-dirty
Built: Sun Nov 22 00:15:15 UTC 2015
OS/Arch: linux/amd64
**> docker info**
Containers: 31
Images: 57
Server Version: 1.9.1
Storage Driver: devicemapper
Pool Name: docker-8:5-548039-pool
Pool Blocksize: 65.54 kB
Base Device Size: 107.4 GB
Backing Filesystem:
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 3.584 GB
Data Space Total: 107.4 GB
Data Space Available: 7.741 GB
Metadata Space Used: 7.496 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.14 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.113 (2015-12-05)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.2.5-1-ARCH
Operating System: Arch Linux (containerized)
CPUs: 4
Total Memory: 7.709 GiB
Name: arch
ID: OF5Y:H7O4:M4R6:GCF6:NSEU:LNG6:K7NV:FJDM:DUVI:6KOM:LTRB:EUPP
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
可能是您的 docker 主机网络设置不适合 Docker。试试 Docker 文档中的 Arch Linux specific instructions regarding networking:
If you manually configure your network using systemd-network version 220 or higher, containers you
start with Docker may be unable to access your network. Beginning with version 220, the forwarding
setting for a given network (net.ipv4.conf.<interface>.forwarding) defaults to off. This setting
prevents IP forwarding. It also conflicts with Docker which enables the net.ipv4.conf.all.forwarding
setting within a container.
To work around this, edit the <interface>.network file in /etc/systemd/network/ on your Docker host add > the following block:
[Network]
...
IPForward=kernel
...
This configuration allows IP forwarding from the container as expected.
也可以尝试 Arch Linux wiki 中关于 Docker 的 docker0 Bridge gets no IP / no internet access in containers 部分:
Docker enables IP forwarding by itself, but by default systemd overrides the respective sysctl setting. The following
disables this override (for all interfaces):
# cat > /etc/systemd/network/ipforward.network <<EOF
[Network]
IPForward=ipv4
EOF
# cat > /etc/systemd/network/99-docker.conf <<EOF
net.ipv4.ip_forward = 1
EOF
# sysctl -w net.ipv4.ip_forward=1
Finally restart the systemd-networkd and docker services.
解决方案是使用以下内容创建或编辑 /etc/connman/main.conf:
[General]
NetworkInterfaceBlacklist=vmnet,vboxnet,virbr,ifb,docker,veth,eth,wlan
并重启connman。
我在 Arch Linux 机器上,当 运行 使用此命令的容器时主机上没有网络:
docker run jenkins
停止 Docker 后,网络又恢复了。 欢迎任何建议。
编辑:
似乎当 运行 -p 选项并提供 80 以外的其他端口时,网络可用几分钟,然后再次丢失。
**> docker version**
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.5.1
Git commit: a34a1d5-dirty
Built: Sun Nov 22 00:15:15 UTC 2015
OS/Arch: linux/amd64
Server:
Version: 1.9.1
API version: 1.21
Go version: go1.5.1
Git commit: a34a1d5-dirty
Built: Sun Nov 22 00:15:15 UTC 2015
OS/Arch: linux/amd64
**> docker info**
Containers: 31
Images: 57
Server Version: 1.9.1
Storage Driver: devicemapper
Pool Name: docker-8:5-548039-pool
Pool Blocksize: 65.54 kB
Base Device Size: 107.4 GB
Backing Filesystem:
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 3.584 GB
Data Space Total: 107.4 GB
Data Space Available: 7.741 GB
Metadata Space Used: 7.496 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.14 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.113 (2015-12-05)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.2.5-1-ARCH
Operating System: Arch Linux (containerized)
CPUs: 4
Total Memory: 7.709 GiB
Name: arch
ID: OF5Y:H7O4:M4R6:GCF6:NSEU:LNG6:K7NV:FJDM:DUVI:6KOM:LTRB:EUPP
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
可能是您的 docker 主机网络设置不适合 Docker。试试 Docker 文档中的 Arch Linux specific instructions regarding networking:
If you manually configure your network using
systemd-networkversion 220 or higher, containers you start with Docker may be unable to access your network. Beginning with version 220, the forwarding setting for a given network (net.ipv4.conf.<interface>.forwarding) defaults to off. This setting prevents IP forwarding. It also conflicts with Docker which enables thenet.ipv4.conf.all.forwardingsetting within a container.To work around this, edit the
<interface>.networkfile in/etc/systemd/network/on your Docker host add > the following block:[Network] ... IPForward=kernel ...This configuration allows IP forwarding from the container as expected.
也可以尝试 Arch Linux wiki 中关于 Docker 的 docker0 Bridge gets no IP / no internet access in containers 部分:
Docker enables IP forwarding by itself, but by default systemd overrides the respective sysctl setting. The following disables this override (for all interfaces):
# cat > /etc/systemd/network/ipforward.network <<EOF [Network] IPForward=ipv4 EOF # cat > /etc/systemd/network/99-docker.conf <<EOF net.ipv4.ip_forward = 1 EOF # sysctl -w net.ipv4.ip_forward=1Finally restart the systemd-networkd and docker services.
解决方案是使用以下内容创建或编辑 /etc/connman/main.conf:
[General]
NetworkInterfaceBlacklist=vmnet,vboxnet,virbr,ifb,docker,veth,eth,wlan
并重启connman。