Docker 守護程序在啟動時忽略 daemon.json
我的 Docker 守護程序似乎
/etc/docker/daemon.json在啟動時忽略了。與這個問題類似,我在告訴 Docker 守護程序它不應該使用預設
172.17.*範圍時遇到了一些麻煩。該範圍已被我們的 VPN 佔用,並阻止通過該 VPN 連接的人員連接到執行 Docker 的伺服器。非常煩人的事情是,每次我重新啟動伺服器時,Docker 都會再次從 VPN 的範圍內申請一個 IP,而不管我輸入了什麼
/etc/docker/daemon.json。我必須手動發出# systemctl restart docker啟動後直接在
172.17.*網路上的人可以再次訪問伺服器之前。這顯然經常被遺忘,並導致許多問題票。
我的
/etc/docker/daemon.json樣子是這樣的:{ "default-address-pools": [ { "base": "172.20.0.0/16", "size": 24 } ] }並獲得這樣的許可:
-rw-r--r-- 1 root root 123 Dec 8 10:43 daemon.json我什至不知道如何開始診斷這個問題;有任何想法嗎?
為了完整性:
- Ubuntu 18.04.5 LTS
- Docker 版本 19.03.6,建構 369ce74a3c
編輯:輸出
systemctl cat docker:# /lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket Wants=containerd.service [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process [Install] WantedBy=multi-user.target
sudo docker info(之後systemctl restart docker)的輸出:Client: Debug Mode: false Server: Containers: 34 Running: 19 Paused: 0 Stopped: 15 Images: 589 Server Version: 19.03.6 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: runc version: init version: Security Options: apparmor seccomp Profile: default Kernel Version: 4.15.0-140-generic Operating System: Ubuntu 18.04.5 LTS OSType: linux Architecture: x86_64 CPUs: 16 Total Memory: 47.16GiB Name: linuxsrv ID: <redacted> Docker Root Dir: /var/lib/docker Debug Mode: false Username: <redacted> Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: http://172.16.30.33:6000/ Live Restore Enabled: false WARNING: No swap limit support
docker 使用了多個地址池。
default-address-pools適用於所有新使用者創建的橋接網路。更改此設置後,您可能需要刪除並重新創建這些網路。還有
bip, 在daemon.json文件中設置如下行:"bip": "192.168.63.1/24"該
bip設置適用於名為的預設橋接網路bridge,並且需要設置為該橋接網路上網關的 CIDR(因此您不能將其定義為192.168.63.0/24,尾隨.1很重要)。如果您使用的是 swarm 模式,則覆蓋網路有自己的地址池,在覆蓋網路中的節點之間共享。這需要在
docker swarm init使用--default-addr-pool標誌期間進行配置。最後,如果您通過 snap 執行 docker,此文件的位置是
/var/snap/docker/current/etc/docker/daemon.json並且不會出現在更新中保留,因此您需要在更新後再次替換此文件。