/etc/docker/daemon.json
我的 Docker Daemon 似乎在启动时被忽略。
如同这个问题,我在告诉 Docker 守护程序不应使用默认172.17.*
范围时遇到了一些问题。该范围已被我们的 VPN 占用,并阻止通过该 VPN 连接的人连接到 Docker 运行的服务器。
最烦人的是,每次我重启服务器,Docker 都会再次从 VPN 范围中获取一个 IP,无论我输入什么/etc/docker/daemon.json
。我必须手动发出
# systemctl restart docker
启动后,172.17.*
网络上的人们才能再次访问服务器。
这显然经常被遗忘并导致许多问题票。
我的/etc/docker/daemon.json
样子是这样的:
{
"default-address-pools": [
{
"base": "172.20.0.0/16",
"size": 24
}
]
}
并被授权如下:
-rw-r--r-- 1 root root 123 Dec 8 10:43 daemon.json
我根本不知道如何开始诊断这个问题;有什么想法吗?
为了完整性:
- Ubuntu 18.04.5 LTS
- Docker 版本 19.03.6,内部版本 369ce74a3c
编辑:输出systemctl cat docker
:
# /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
Wants=containerd.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
sudo docker info
(之后)的输出systemctl restart docker
:
Client:
Debug Mode: false
Server:
Containers: 34
Running: 19
Paused: 0
Stopped: 15
Images: 589
Server Version: 19.03.6
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version:
runc version:
init version:
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-140-generic
Operating System: Ubuntu 18.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 47.16GiB
Name: linuxsrv
ID: <redacted>
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: <redacted>
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
http://172.16.30.33:6000/
Live Restore Enabled: false
WARNING: No swap limit support
答案1
docker 使用多个地址池。这default-address-pools
适用于所有新用户创建的桥接网络。更改此设置后,您可能需要删除并重新创建这些网络。
另外bip
,文件中还设置了daemon.json
如下一行:
"bip": "192.168.63.1/24"
该bip
设置适用于名为的默认桥接网络bridge
,并且需要设置为该桥接网络上网关的 CIDR(因此您不能将其定义为192.168.63.0/24
,尾随.1
很重要)。
如果您使用的是 Swarm 模式,覆盖网络将拥有自己的地址池,并在覆盖网络中的节点之间共享。这需要在docker swarm init
使用--default-addr-pool
标志时进行配置。
最后,如果您通过 snap 运行 docker,则此文件的位置/var/snap/docker/current/etc/docker/daemon.json
似乎不会在更新后保留,因此您需要在更新后再次替换此文件。
答案2
虽然我想法我使用 BMitch 的答案解决了这个问题,我错了 - 地址docker0
是仍然172.17.*.*
启动后处于错误的范围。
经过大量的挖掘后,我发现,不知何故,我dockerd
安装了多个版本:
- 如果你按照以下方式安装,你将获得文档
- ...通过 Snap 安装