我无法使用 iptables 错误启动 docker 服务
I can't start the docker service with iptables error
这是我的linux版本信息CentOS Linux release 7.0.1406 (Core),
我的 iptables 版本是 v1.4.21
我使用命令 yum install docker 安装 docker 后,
我正在尝试使用命令 service docker start 启动 docker,但我无法启动 docker。
收到的错误信息是
[root@ssd-master ~]# systemctl status docker.service
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled)
Active: failed (Result: exit-code) since Fri 2015-01-30 15:20:28 KST; 7s ago
Docs: http://docs.docker.com
Process: 54831 ExecStart=/usr/bin/docker -d $OPTIONS $DOCKER_STORAGE_OPTIONS (code=exited, status=1/FAILURE)
Main PID: 54831 (code=exited, status=1/FAILURE)
Jan 30 15:20:28 ssd-master docker[54831]: 2015/01/30 15:20:28 docker daemon: 1.3.2 39fa2fa/1.3.2; execdriver: native; graphdriver:
Jan 30 15:20:28 ssd-master docker[54831]: [a20f268b] +job serveapi(fd://)
Jan 30 15:20:28 ssd-master docker[54831]: [a20f268b] +job init_networkdriver()
Jan 30 15:20:28 ssd-master docker[54831]: [info] Listening for HTTP on fd ()
Jan 30 15:20:28 ssd-master docker[54831]: Unable to enable network bridge NAT: iptables failed: iptables --wait -I POSTROUTING -t nat -s 172.17.42.1/16 ! -o ...o insmod?)
Jan 30 15:20:28 ssd-master docker[54831]: Perhaps iptables or your kernel needs to be upgraded.
Jan 30 15:20:28 ssd-master docker[54831]: (exit status 3)
Jan 30 15:20:28 ssd-master docker[54831]: [a20f268b] -job init_networkdriver() = ERR (1)
Jan 30 15:20:28 ssd-master docker[54831]: 2015/01/30 15:20:28 (exit status 3)
Jan 30 15:20:28 ssd-master systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Jan 30 15:20:28 ssd-master systemd[1]: Failed to start Docker Application Container Engine.
Jan 30 15:20:28 ssd-master systemd[1]: Unit docker.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
这是lsmod | grep -E 'iptable|nat|conntrack'
的输出
nf_conntrack_ipv6 18738 4
nf_defrag_ipv6 34841 1 nf_conntrack_ipv6
nf_conntrack_ipv4 14656 0
nf_defrag_ipv4 12758 1 nf_conntrack_ipv4
xt_conntrack 12760 4
nf_conntrack 105026 4 xt_state,xt_conntrack,nf_conntrack_ipv4,nf_conntrack_ipv6
ebtable_nat 12807 0
ebtables 35009 3 ebtable_broute,ebtable_nat,ebtable_filter
iptable_mangle 12695 1
iptable_security 12705 1
iptable_raw 12678 1
iptable_filter 12810 1
ip_tables 27240 4 iptable_security,iptable_filter,iptable_mangle,iptable_raw
iptable_security,iptable_filter,iptable_mangle,iptable_raw
我已经解决了问题。我已经重新编译了带有 'nat' 相关选项的内核,因为在重新编译之前该选项已在内核中删除。
# 制作菜单配置
--> 网络支持
--> 网络选项
--> 网络包过滤框架
打开那些NAT,NF_NAT相关选项
重新编译,重启新内核
#使全部
#使modules_install
# 安装
之后,#lsmod | grep nat ,如果这些模块显示,它应该可以工作。
这是我的linux版本信息CentOS Linux release 7.0.1406 (Core),
我的 iptables 版本是 v1.4.21
我使用命令 yum install docker 安装 docker 后,
我正在尝试使用命令 service docker start 启动 docker,但我无法启动 docker。
收到的错误信息是
[root@ssd-master ~]# systemctl status docker.service
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled)
Active: failed (Result: exit-code) since Fri 2015-01-30 15:20:28 KST; 7s ago
Docs: http://docs.docker.com
Process: 54831 ExecStart=/usr/bin/docker -d $OPTIONS $DOCKER_STORAGE_OPTIONS (code=exited, status=1/FAILURE)
Main PID: 54831 (code=exited, status=1/FAILURE)
Jan 30 15:20:28 ssd-master docker[54831]: 2015/01/30 15:20:28 docker daemon: 1.3.2 39fa2fa/1.3.2; execdriver: native; graphdriver:
Jan 30 15:20:28 ssd-master docker[54831]: [a20f268b] +job serveapi(fd://)
Jan 30 15:20:28 ssd-master docker[54831]: [a20f268b] +job init_networkdriver()
Jan 30 15:20:28 ssd-master docker[54831]: [info] Listening for HTTP on fd ()
Jan 30 15:20:28 ssd-master docker[54831]: Unable to enable network bridge NAT: iptables failed: iptables --wait -I POSTROUTING -t nat -s 172.17.42.1/16 ! -o ...o insmod?)
Jan 30 15:20:28 ssd-master docker[54831]: Perhaps iptables or your kernel needs to be upgraded.
Jan 30 15:20:28 ssd-master docker[54831]: (exit status 3)
Jan 30 15:20:28 ssd-master docker[54831]: [a20f268b] -job init_networkdriver() = ERR (1)
Jan 30 15:20:28 ssd-master docker[54831]: 2015/01/30 15:20:28 (exit status 3)
Jan 30 15:20:28 ssd-master systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Jan 30 15:20:28 ssd-master systemd[1]: Failed to start Docker Application Container Engine.
Jan 30 15:20:28 ssd-master systemd[1]: Unit docker.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
这是lsmod | grep -E 'iptable|nat|conntrack'
nf_conntrack_ipv6 18738 4
nf_defrag_ipv6 34841 1 nf_conntrack_ipv6
nf_conntrack_ipv4 14656 0
nf_defrag_ipv4 12758 1 nf_conntrack_ipv4
xt_conntrack 12760 4
nf_conntrack 105026 4 xt_state,xt_conntrack,nf_conntrack_ipv4,nf_conntrack_ipv6
ebtable_nat 12807 0
ebtables 35009 3 ebtable_broute,ebtable_nat,ebtable_filter
iptable_mangle 12695 1
iptable_security 12705 1
iptable_raw 12678 1
iptable_filter 12810 1
ip_tables 27240 4 iptable_security,iptable_filter,iptable_mangle,iptable_raw
iptable_security,iptable_filter,iptable_mangle,iptable_raw
我已经解决了问题。我已经重新编译了带有 'nat' 相关选项的内核,因为在重新编译之前该选项已在内核中删除。
# 制作菜单配置
--> 网络支持
--> 网络选项
--> 网络包过滤框架
打开那些NAT,NF_NAT相关选项
重新编译,重启新内核
#使全部
#使modules_install
# 安装
之后,#lsmod | grep nat ,如果这些模块显示,它应该可以工作。