Debian 下docker 开启远程api失败
系统版本:
Debian 8.3
问题: Debian下增加dcoker的远程api,始终不能打开网络端口。
过程:
修改/etc/default/docker 增加一行
DOCKER_OPTS="-H 0.0.0.0:2376 -H unix:///var/run/docker.sock"
重启docker:
service docker restart
查看端口是否打开:
lsof -i:2376 没有任何返回。
查看日志:
Mar 28 12:44:32 docker1 docker[3491]: time="2016-03-28T12:44:32.665294330-04:00" level=info msg="[graphdriver] using prior storage driver \"aufs\""
Mar 28 12:44:32 docker1 docker[3491]: time="2016-03-28T12:44:32.667332848-04:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Mar 28 12:44:32 docker1 docker[3491]: time="2016-03-28T12:44:32.673179732-04:00" level=info msg="Firewalld running: false"
Mar 28 12:44:34 docker1 docker[3491]: time="2016-03-28T12:44:34.908750963-04:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.035544113-04:00" level=warning msg="Your kernel does not support cgroup memory limit: mountpoint for memory not found"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.035820306-04:00" level=warning msg="Your kernel does not support cgroup cfs period"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.035864016-04:00" level=warning msg="Your kernel does not support cgroup cfs quotas"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.037271326-04:00" level=info msg="Loading containers: start."
Mar 28 12:44:36 docker1 docker[3491]: .
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.039178384-04:00" level=info msg="Loading containers: done."
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.039227903-04:00" level=info msg="Daemon has completed initialization"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.039262276-04:00" level=info msg="Docker daemon" commit=20f81dd execdriver=native-0.2 graphdriver=aufs version=1.10.3
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.059353006-04:00" level=info msg="API listen on /var/run/docker.sock"
可见没有报任何错误,只是打开了/var/run/docker.sock,没有打开2376端口。
接着排查问题
root@docker1:/var/log# /etc/init.d/docker stop
[ ok ] Stopping docker (via systemctl): docker.service.
root@docker1:/var/log# ps -ef |grep docker
avahi 484 1 0 07:23 ? 00:00:00 avahi-daemon: running
root 3723 2314 0 12:53 pts/1 00:00:00 grep docker
root@docker1:/var/log# bash -x /etc/init.d/docker start
+ set -e
+ export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ BASE=docker
。。。。。。省略一部分
+ . /lib/lsb/init-functions
+++ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
++ for hook in ‘$(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)‘
++ ‘[‘ -r /lib/lsb/init-functions.d/20-left-info-blocks ‘]‘
++ . /lib/lsb/init-functions.d/20-left-info-blocks
++ for hook in ‘$(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)‘
++ ‘[‘ -r /lib/lsb/init-functions.d/40-systemd ‘]‘
++ . /lib/lsb/init-functions.d/40-systemd
+++ _use_systemctl=0
。。。。。。省略一部分
+++ ‘[‘ xstart = xstart -o xstart = xstop -o xstart = xrestart -o xstart = xreload -o xstart = xforce-reload -o xstart = xstatus ‘]‘
+++ systemctl_redirect /etc/init.d/docker start
+++ log_daemon_msg ‘Starting docker (via systemctl)‘ docker.service
+++ ‘[‘ -z ‘Starting docker (via systemctl)‘ ‘]‘
+++ log_daemon_msg_pre ‘Starting docker (via systemctl)‘ docker.service
。。。。。。省略一部分
[....] +++ ‘[‘ -z docker.service ‘]‘
+++ echo -n ‘Starting docker (via systemctl): docker.service‘
Starting docker (via systemctl): docker.service+++ log_daemon_msg_post ‘Starting docker (via systemctl)‘ docker.service
。。。。。。省略
看到这儿的时候明白了吧,还没没有执行到下面的start模块呢,服务就被systemctl服务接管了,设置的参数就不会生效了。
看一下docker:
root@docker1:/var/log# ps -ef |grep docker
avahi 484 1 0 07:23 ? 00:00:00 avahi-daemon: running
root 3741 1 0 12:56 ? 00:00:00 /usr/bin/docker daemon -H fd://
root 3816 2314 0 13:03 pts/1 00:00:00 grep docker
确实没有加载DOCKER_OPTS参数:
简单的做一下设置,把40-systemd这个脚本移动一下
root@docker1:/var/log# /etc/init.d/docker stop
root@docker1:/var/log# mv /lib/lsb/init-functions.d/40-systemd /lib/lsb/
启动docker
Starting Docker: dockerroot@docker1:/var/log# /etc/init.d/docker start
查看一下
root@docker1:/var/log# ps -ef |grep docker
avahi 484 1 0 07:23 ? 00:00:00 avahi-daemon: running [docker1.local]
root 3970 1 0 13:06 ? 00:00:00 /usr/bin/docker daemon -p /var/run/docker.pid -H docker1.y7tech.cn:2376 -H unix:///var/run/docker.sock
root 4080 2314 0 13:07 pts/1 00:00:00 grep docker
root@docker1:/var/log# lsof -i:2376
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker 3970 root 6u IPv4 20313 0t0 TCP docker1.y7tech.cn:2376 (LISTEN)
哈哈,看到了吧,端口开启了......接下来远程调用一下
root@docker2:/etc# docker -H docker1.y7tech.cn:2376 images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.12.138:5000/mongodb v1.0 a9e3f0081258 Less than a second ago 408.8 MB
debian latest f50f9524513f 3 weeks ago 125.1 MB
再看看本地是否正常
mqfeng@docker1:~$ docker ps
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Oh,Mygod,本地出现问题了。
我们能够看到/var/run/docker.socket 确实存在了。
mqfeng@docker1:~$ docker -H unix:///var/run/docker.sock images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.12.138:5000/mongodb v1.0 a9e3f0081258 7 hours ago 408.8 MB
debian latest f50f9524513f 3 weeks ago 125.1 MB
这样执行命令太笨了......查看一下docker的帮助,看看有没有什么好的方法没有。
http://www.simapple.com/274.html
daemon字段
编辑本地配置文件:
/etc/profile ,添加变量
export DOCKER_HOST=tcp://docker1.y7tech.cn:2376
或者:
export DOCKER_HOST=unix:///var/run/docker.sock
mqfeng@docker1:~$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
OK!正常了。