我跟着本指南在新的 Ubuntu 17 服务器上安装 docker。但是,我无法运行 docker。
通过以下方式安装docker sudo apt-get install docker-ce:
...
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
invoke-rc.d: initscript docker, action "start" failed.
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Mon 2017-10-16 08:57:52 UTC; 8ms ago
Docs: https://docs.docker.com
Process: 7325 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
Main PID: 7325 (code=exited, status=1/FAILURE)
CPU: 49ms
检查sudo journalctl -u docker结果
Oct 16 08:57:51 vm1 systemd[1]: docker.service: Failed to reset devices.list: Operation not permitted
Oct 16 08:57:51 vm1 systemd[1]: Starting Docker Application Container Engine...
Oct 16 08:57:51 vm1 dockerd[7325]: time="2017-10-16T08:57:51.743612657Z" level=info msg="libcontainerd: new containerd process, pid: 7335"
Oct 16 08:57:52 vm1 dockerd[7325]: time="2017-10-16T08:57:52.816490740Z" level=warning msg="failed to rename /var/lib/docker/tmp for background deletion: rename /var/lib/docker/tmp /var/lib/docker/tmp-old
Oct 16 08:57:52 vm1 dockerd[7325]: time="2017-10-16T08:57:52.816839404Z" level=error msg="Could not check if docker-default AppArmor profile was loaded: open /sys/kernel/security/apparmor/profiles: permis
Oct 16 08:57:52 vm1 dockerd[7325]: Error starting daemon: couldn't create plugin manager: error setting plugin manager root to private: permission denied
Oct 16 08:57:52 vm1 systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Oct 16 08:57:52 vm1 systemd[1]: Failed to start Docker Application Container Engine.
Oct 16 08:57:52 vm1 systemd[1]: docker.service: Unit entered failed state.
Oct 16 08:57:52 vm1 systemd[1]: docker.service: Failed with result 'exit-code'.
Oct 16 08:57:53 vm1 systemd[1]: docker.service: Service hold-off time over, scheduling restart.
Oct 16 08:57:53 vm1 systemd[1]: Stopped Docker Application Container Engine.
Oct 16 08:57:53 vm1 systemd[1]: docker.service: Failed to reset devices.list: Operation not permitted
Oct 16 08:57:53 vm1 systemd[1]: Starting Docker Application Container Engine...
Oct 16 08:57:53 vm1 dockerd[7369]: time="2017-10-16T08:57:53.224145403Z" level=info msg="libcontainerd: new containerd process, pid: 7390"
Oct 16 08:57:54 vm1 dockerd[7369]: time="2017-10-16T08:57:54.241186206Z" level=error msg="Could not check if docker-default AppArmor profile was loaded: open /sys/kernel/security/apparmor/profiles: permis
Oct 16 08:57:54 vm1 dockerd[7369]: Error starting daemon: couldn't create plugin manager: error setting plugin manager root to private: permission denied
我觉得奇怪的是这一行failed to rename /var/lib/docker/tmp好像 docker 没有权限在其镜像目录中工作/var/lib/docker。
知道哪里出了问题或如何修复吗?谢谢!
编辑
我能够安装旧版本的docker docker-ce_17.03.2~ce-0~ubuntu-xenial_amd64.deb:。
但是现在运行这样的图像sudo docker run hello-world会失败
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
5b0f327be733: Extracting [==================================================>] 974 B/974 B
docker: failed to register layer: ApplyLayer exit status 1 stdout: stderr: permission denied.
答案1
这可能是 AppArmor 配置文件问题。重新检查未过滤的journalctl/dmesg中的 apparmor 消息。
您可以找到更多调试说明这里。