Ubuntu

Docker 守護程序在啟動時忽略 daemon.json

  • April 20, 2021

我的 Docker 守護程序似乎/etc/docker/daemon.json在啟動時忽略了。

這個問題類似,我在告訴 Docker 守護程序它不應該使用預設172.17.*範圍時遇到了一些麻煩。該範圍已被我們的 VPN 佔用,並阻止通過該 VPN 連接的人員連接到執行 Docker 的伺服器。

非常煩人的事情是,每次我重新啟動伺服器時,Docker 都會再次從 VPN 的範圍內申請一個 IP,而不管我輸入了什麼/etc/docker/daemon.json。我必須手動發出

# systemctl restart docker

啟動後直接在172.17.*網路上的人可以再次訪問伺服器之前。

這顯然經常被遺忘,並導致許多問題票。

我的/etc/docker/daemon.json樣子是這樣的:

{
"default-address-pools": [
  {
     "base": "172.20.0.0/16",
     "size": 24
  }
]
}

並獲得這樣的許可:

-rw-r--r--   1 root root   123 Dec  8 10:43 daemon.json

我什至不知道如何開始診斷這個問題;有任何想法嗎?

為了完整性:

  • Ubuntu 18.04.5 LTS
  • Docker 版本 19.03.6,建構 369ce74a3c

編輯:輸出systemctl cat docker

# /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
Wants=containerd.service

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target

sudo docker info(之後systemctl restart docker)的輸出:

Client:
Debug Mode: false

Server:
Containers: 34
 Running: 19
 Paused: 0
 Stopped: 15
Images: 589
Server Version: 19.03.6
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host ipvlan macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 
runc version: 
init version: 
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-140-generic
Operating System: Ubuntu 18.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 47.16GiB
Name: linuxsrv
ID: <redacted>
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: <redacted>
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Registry Mirrors:
 http://172.16.30.33:6000/
Live Restore Enabled: false

WARNING: No swap limit support

docker 使用了多個地址池。default-address-pools適用於所有新使用者創建的橋接網路。更改此設置後,您可能需要刪除並重新創建這些網路。

還有bip, 在daemon.json文件中設置如下行:

"bip": "192.168.63.1/24"

bip設置適用於名為的預設橋接網路bridge,並且需要設置為該橋接網路上網關的 CIDR(因此您不能將其定義為192.168.63.0/24,尾隨.1很重要)。

如果您使用的是 swarm 模式,則覆蓋網路有自己的地址池,在覆蓋網路中的節點之間共享。這需要在docker swarm init使用--default-addr-pool標誌期間進行配置。

最後,如果您通過 snap 執行 docker,此文件的位置是/var/snap/docker/current/etc/docker/daemon.json並且不會出現在更新中保留,因此您需要在更新後再次替換此文件。

引用自:https://serverfault.com/questions/1058229