在 DNS 启动后强制启动 docker.service 和 docker.socket 服务

在 DNS 启动后强制启动 docker.service 和 docker.socket 服务

使用 18.04 LTS。长话短说,我在 Linux 机器上使用 FreeIPA 作为登录服务,这意味着我需要 DNS 解析才能向 IPA 服务器进行身份验证。但是,我的 docker.socket 在 DNS 解析启动之前就启动了,当 docker.socket 尝试从 IPA 解析 docker“组”时,它无法解析,因为它正在查看 FreeIPA 服务器,如果没有 DNS 解析,它就无法解析,这导致 docker.socket 无法正常启动。至少到目前为止,这是我的理论。

我想强制启动我的 docker.socket systemd 服务我的 DNS 解析已启动。

我的 docker.socket 和 docker.service 文件如下。我尝试将After=Requires=和 的各种组合添加sssd.servicedocker.socket文件以及docker.service和其他各种组合systemd-resolved.service以及其他各种网络服务/目标(例如NetworkManager.service,`network-online.target'),但似乎无法让它们中的任何一个正常工作。

有没有一种简单的方法可以解决我所缺少的这个问题?

2 月 6 日 14:11:00 aiml6 systemd[985]:docker.socket:无法解析组docker:连接被拒绝

docker.socket - Docker Socket for the API
   Loaded: loaded (/lib/systemd/system/docker.socket; enabled; vendor preset: enabled)
   Active: failed (Result: timeout) since Wed 2019-02-06 14:12:30 CST; 4min 53s ago
   Listen: /var/run/docker.sock (Stream)

Feb 06 14:09:30 aiml6 systemd[1]: Starting Docker Socket for the API.
Feb 06 14:11:00 aiml6 systemd[1]: docker.socket: Starting timed out. Stopping.
Feb 06 14:11:00 aiml6 systemd[985]: docker.socket: Failed to resolve group docker: Connection refused
Feb 06 14:12:30 aiml6 systemd[1]: docker.socket: Stopping timed out (2). Killing.
Feb 06 14:12:30 aiml6 systemd[1]: docker.socket: Failed with result 'timeout'.
Feb 06 14:12:30 aiml6 systemd[1]: Failed to listen on Docker Socket for the API.

docker.service文件:

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd://
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target

docker.socket

[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

答案1

我也遇到了同样的问题,并且也使用了 FreeIPA。通过添加以下内容可以解决此问题:

After=network-online.target
Wants=network-online.target

/lib/systemd/system/docker.socket文件([Unit]就像在文件中一样docker.service

答案2

我在 Windows Server LDAP 上使用 Ubuntu 20.04.4 LTS 和 SSSD 身份验证,其中定义了我的“docker”组。

虽然这不是 DNS 故障,但我收到了完全相同的错误:

    docker.socket: Failed to resolve group docker: Connection refused

我已经按照这个方法修复了这个问题https://github.com/docker/cli/issues/2710 为单元文件 /lib/systemd/system/docker.socket 定义一个 Override

sudo systemctl 编辑 docker.socket

[Unit]
After=nss-user-lookup.target
DefaultDependencies=no

答案3

以防其他人遇到同样的错误信息。我也收到了错误:docker.socket: Failed to resolve group docker。而我的解决方案发布在这个问题解决了错误:

sudo groupadd docker
sudo usermod -aG docker $USER
sudo systemctl enable docker
sudo systemctl start docker

相关内容