Docker启动报错的刨根问底

░░ The job identifier is 6776.

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.326703510Z" level=warning msg="The \"graph\" config file option is deprecated. Please use \"data-root\" instead."

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.326857787Z" level=info msg="Starting up"

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.327599344Z" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.328360387Z" level=info msg="parsed scheme: \"unix\"" module=grpc

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.328381265Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.328406857Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.328419898Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.329444862Z" level=info msg="parsed scheme: \"unix\"" module=grpc

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.329465841Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.329485371Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.329496433Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.330194161Z" level=warning msg="[graphdriver] WARNING: the overlay storage-driver is deprecated, and will be removed in a future release"

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.705974126Z" level=warning msg="Unable to find cpu cgroup in mounts"

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.706001194Z" level=warning msg="Your kernel does not support cgroup blkio weight"

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.706011222Z" level=warning msg="Your kernel does not support cgroup blkio weight_device"

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.706165756Z" level=info msg="Loading containers: start."

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.709388129Z" level=warning msg="Running iptables --wait -t nat -L -n failed with message: `iptables v1.8.7 (nf_tables): Could not fetch rule set generation id: Invali>

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: time="2022-08-03T06:45:06.769479641Z" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby

Aug 03 06:45:06 ubuntu-2 dockerd[8222]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.>

Aug 03 06:45:06 ubuntu-2 dockerd[8222]:  (exit status 4)

Aug 03 06:45:06 ubuntu-2 systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE

上面的红色部分是报错的原因

ubuntu的iptables有两种方式一种是​​nftables​​，另一种是​​iptables​​

用iptables初始化NAT网络，而Debian buster使用 ​​nftables​​ 而不是 ​​iptables​​，导致dockerd不能正常完成NAT初始化，出错退出。

注：ubuntu虽然默认是有安装 ufw，但是如果没有切换​​​​iptables​​

使用 ufw enable

会出现：ERROR: Couldn't stat '/etc/ufw/ufw.conf'

处理方法是调用​​update-alternatives​​强制Debian用iptables而不是nftables。

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy

# for ipv6

sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy