CentOS 8 运行 Docker in Docker 失败,如何解决?

2022-02-24 17:10:58 +08:00
 coolair

最小化安装系统,使用 https://download.docker.com/linux/centos/docker-ce.repo 安装了 docker-ce docker-ce-cli containerd.io ,关闭了 firewalld 、selinux ,重启了 docker:

docker run --privileged -d --name dind-test docker:dind

日志如下:

 Generating RSA private key, 4096 bit long modulus (2 primes)
 ..............................................................................................++++
 ...............................................................................................................................................................................................................................................................................................................++++
 e is 65537 (0x010001)
 Generating RSA private key, 4096 bit long modulus (2 primes)
 .....................................................................................................................................................++++
 ....................................................++++
 e is 65537 (0x010001)
 Signature ok
 subject=CN = docker:dind server
 Getting CA Private Key
 /certs/server/cert.pem: OK
 Generating RSA private key, 4096 bit long modulus (2 primes)
 ..............................................................................................................................................................................................................................................................................................................................................................++++
 ................................++++
 e is 65537 (0x010001)
 Signature ok
 subject=CN = docker:dind client
 Getting CA Private Key
 /certs/client/cert.pem: OK
 time="2022-02-24T07:23:34.760594256Z" level=info msg="Starting up"
 time="2022-02-24T07:23:34.763695780Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
 time="2022-02-24T07:23:34.765710334Z" level=info msg="libcontainerd: started new containerd process" pid=79
 time="2022-02-24T07:23:34.765786276Z" level=info msg="parsed scheme: \"unix\"" module=grpc
 time="2022-02-24T07:23:34.765809168Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
 time="2022-02-24T07:23:34.765974707Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
 time="2022-02-24T07:23:34.766035328Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
 time="2022-02-24T07:23:34.790274621Z" level=info msg="starting containerd" revision=7b11cfaabd73bb80907dd23182b9347b4245eb5d version=v1.4.12
 time="2022-02-24T07:23:34.828556147Z" level=info msg="loading plugin \"io.containerd.content.v1.content\"..." type=io.containerd.content.v1
 time="2022-02-24T07:23:34.828841242Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.aufs\"..." type=io.containerd.snapshotter.v1
 time="2022-02-24T07:23:34.839186454Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.aufs\"..." error="aufs is not supported (modprobe aufs failed: exit status 1 \"ip: can't find device 'aufs'\\nmodprobe: can't change directory to '/lib/modules': No such file or directory\\n\"): skip plugin" type=io.containerd.snapshotter.v1
 time="2022-02-24T07:23:34.839455354Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." type=io.containerd.snapshotter.v1
 time="2022-02-24T07:23:34.840184092Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs (xfs) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
 time="2022-02-24T07:23:34.840249560Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.devmapper\"..." type=io.containerd.snapshotter.v1
 time="2022-02-24T07:23:34.840343274Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
 time="2022-02-24T07:23:34.840391034Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.native\"..." type=io.containerd.snapshotter.v1
 time="2022-02-24T07:23:34.840589611Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.overlayfs\"..." type=io.containerd.snapshotter.v1
 time="2022-02-24T07:23:34.841204096Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.zfs\"..." type=io.containerd.snapshotter.v1
 time="2022-02-24T07:23:34.841575997Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.zfs\"..." error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
 time="2022-02-24T07:23:34.841690890Z" level=info msg="loading plugin \"io.containerd.metadata.v1.bolt\"..." type=io.containerd.metadata.v1
 time="2022-02-24T07:23:34.841778714Z" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
 time="2022-02-24T07:23:34.841815889Z" level=info msg="metadata content store policy set" policy=shared
 time="2022-02-24T07:23:34.890892709Z" level=info msg="loading plugin \"io.containerd.differ.v1.walking\"..." type=io.containerd.differ.v1
 time="2022-02-24T07:23:34.891002672Z" level=info msg="loading plugin \"io.containerd.gc.v1.scheduler\"..." type=io.containerd.gc.v1
 time="2022-02-24T07:23:34.891149173Z" level=info msg="loading plugin \"io.containerd.service.v1.introspection-service\"..." type=io.containerd.service.v1
 time="2022-02-24T07:23:34.891285080Z" level=info msg="loading plugin \"io.containerd.service.v1.containers-service\"..." type=io.containerd.service.v1
 time="2022-02-24T07:23:34.891337250Z" level=info msg="loading plugin \"io.containerd.service.v1.content-service\"..." type=io.containerd.service.v1
 time="2022-02-24T07:23:34.891381619Z" level=info msg="loading plugin \"io.containerd.service.v1.diff-service\"..." type=io.containerd.service.v1
 time="2022-02-24T07:23:34.891426999Z" level=info msg="loading plugin \"io.containerd.service.v1.images-service\"..." type=io.containerd.service.v1
 time="2022-02-24T07:23:34.891476952Z" level=info msg="loading plugin \"io.containerd.service.v1.leases-service\"..." type=io.containerd.service.v1
 time="2022-02-24T07:23:34.891551223Z" level=info msg="loading plugin \"io.containerd.service.v1.namespaces-service\"..." type=io.containerd.service.v1
 time="2022-02-24T07:23:34.891624866Z" level=info msg="loading plugin \"io.containerd.service.v1.snapshots-service\"..." type=io.containerd.service.v1
 time="2022-02-24T07:23:34.891677202Z" level=info msg="loading plugin \"io.containerd.runtime.v1.linux\"..." type=io.containerd.runtime.v1
 time="2022-02-24T07:23:34.892160041Z" level=info msg="loading plugin \"io.containerd.runtime.v2.task\"..." type=io.containerd.runtime.v2
 time="2022-02-24T07:23:34.892678088Z" level=info msg="loading plugin \"io.containerd.monitor.v1.cgroups\"..." type=io.containerd.monitor.v1
 time="2022-02-24T07:23:34.893531281Z" level=info msg="loading plugin \"io.containerd.service.v1.tasks-service\"..." type=io.containerd.service.v1
 time="2022-02-24T07:23:34.893697433Z" level=info msg="loading plugin \"io.containerd.internal.v1.restart\"..." type=io.containerd.internal.v1
 time="2022-02-24T07:23:34.893824075Z" level=info msg="loading plugin \"io.containerd.grpc.v1.containers\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.893955169Z" level=info msg="loading plugin \"io.containerd.grpc.v1.content\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.893986203Z" level=info msg="loading plugin \"io.containerd.grpc.v1.diff\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.894035779Z" level=info msg="loading plugin \"io.containerd.grpc.v1.events\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.894124767Z" level=info msg="loading plugin \"io.containerd.grpc.v1.healthcheck\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.894208021Z" level=info msg="loading plugin \"io.containerd.grpc.v1.images\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.894267863Z" level=info msg="loading plugin \"io.containerd.grpc.v1.leases\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.894323113Z" level=info msg="loading plugin \"io.containerd.grpc.v1.namespaces\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.894377043Z" level=info msg="loading plugin \"io.containerd.internal.v1.opt\"..." type=io.containerd.internal.v1
 time="2022-02-24T07:23:34.894828889Z" level=info msg="loading plugin \"io.containerd.grpc.v1.snapshots\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.894887081Z" level=info msg="loading plugin \"io.containerd.grpc.v1.tasks\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.894949989Z" level=info msg="loading plugin \"io.containerd.grpc.v1.version\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.894996324Z" level=info msg="loading plugin \"io.containerd.grpc.v1.introspection\"..." type=io.containerd.grpc.v1
 time="2022-02-24T07:23:34.895529028Z" level=info msg=serving... address=/var/run/docker/containerd/containerd-debug.sock
 time="2022-02-24T07:23:34.895804150Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock.ttrpc
 time="2022-02-24T07:23:34.896113274Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock
 time="2022-02-24T07:23:34.896170862Z" level=info msg="containerd successfully booted in 0.112697s"
 time="2022-02-24T07:23:34.907970487Z" level=info msg="parsed scheme: \"unix\"" module=grpc
 time="2022-02-24T07:23:34.908043720Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
 time="2022-02-24T07:23:34.908129918Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
 time="2022-02-24T07:23:34.908168076Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
 time="2022-02-24T07:23:34.911090189Z" level=info msg="parsed scheme: \"unix\"" module=grpc
 time="2022-02-24T07:23:34.911135671Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
 time="2022-02-24T07:23:34.911176202Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
 time="2022-02-24T07:23:34.911213930Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
 time="2022-02-24T07:23:35.083473908Z" level=warning msg="Your kernel does not support cgroup blkio weight"
 time="2022-02-24T07:23:35.083515595Z" level=warning msg="Your kernel does not support cgroup blkio weight_device"
 time="2022-02-24T07:23:35.084239564Z" level=info msg="Loading containers: start."
 time="2022-02-24T07:23:35.101032861Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: ip: can't find device 'bridge'\nbridge                204800  1 br_netfilter\nstp                    16384  1 bridge\nllc                    16384  2 bridge,stp\nip: can't find device 'br_netfilter'\nbr_netfilter           24576  0 \nbridge                204800  1 br_netfilter\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n, error: exit status 1"
 time="2022-02-24T07:23:35.103391649Z" level=warning msg="Running iptables --wait -t nat -L -n failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory\niptables v1.8.7 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.`, error: exit status 3"
 time="2022-02-24T07:23:35.151747586Z" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
 time="2022-02-24T07:23:35.152208810Z" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby
 time="2022-02-24T07:23:35.152217865Z" level=info msg="stopping healthcheck following graceful shutdown" module=libcontainerd
 time="2022-02-24T07:23:36.153093848Z" level=warning msg="grpc: addrConn.createTransport failed to connect to {unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}. Err :connection error: desc = \"transport: Error while dialing dial unix:///var/run/docker/containerd/containerd.sock: timeout\". Reconnecting..." module=grpc
 failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: modprobe: can't change directory to '/lib/modules': No such file or directory
 iptables v1.8.7 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
 Perhaps iptables or your kernel needs to be upgraded.
  (exit status 3)

在 CentOS 7 上没有问题,有朋友知道怎么解决吗?

1601 次点击
所在节点    Docker
5 条回复
YaakovZiv
2022-02-24 17:29:41 +08:00
看楼主报错里有“Perhaps iptables or your kernel needs to be upgraded.”
这东西还有内核或者 iptables 版本限制吗,不会是要求必须用 iptables 吧
ch2
2022-02-24 18:11:09 +08:00
docker run --name dind-test -d --privileged --net=host -v /tmp:/tmp -v /lib/modules/:/lib/modules/ docker:dind
你需要把宿主机里的 /tmp 和 /lib/modules 也挂载到 dind 实例中
wd
2022-02-24 18:35:41 +08:00
可以试试看 kanico
julyclyde
2022-02-25 11:13:34 +08:00
那你运行的时候把 net 模式改一下试试?
mengdodo
2022-11-05 14:15:28 +08:00
所以,解决方案是什么

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/836203

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX