原文地址:https://www.cnblogs.com/hongdada/p/8886893.html
啓動docker:
[root@localhost /]# systemctl start docker Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
查看具體錯誤信息:
[root@localhost /]# systemctl status docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since 五 2018-04-20 06:50:52 CST; 3min 57s ago Docs: http://docs.docker.com Process: 44005 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE) Main PID: 44005 (code=exited, status=1/FAILURE) 4月 20 06:50:50 localhost.localdomain systemd[1]: Starting Docker Application Container Engine... 4月 20 06:50:50 localhost.localdomain dockerd-current[44005]: time="2018-04-20T06:50:50.921964698+08:00" level=warning msg="could not ...ound" 4月 20 06:50:50 localhost.localdomain dockerd-current[44005]: time="2018-04-20T06:50:50.927241794+08:00" level=info msg="libcontainerd...4010" 4月 20 06:50:51 localhost.localdomain dockerd-current[44005]: time="2018-04-20T06:50:51.936045098+08:00" level=warning msg="overlay2: the b... 4月 20 06:50:52 localhost.localdomain dockerd-current[44005]: Error starting daemon: SELinux is not supported with the overlay2 graph ...alse) 4月 20 06:50:52 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE 4月 20 06:50:52 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine. 4月 20 06:50:52 localhost.localdomain systemd[1]: Unit docker.service entered failed state. 4月 20 06:50:52 localhost.localdomain systemd[1]: docker.service failed. Hint: Some lines were ellipsized, use -l to show in full.
可以看出錯誤信息
Error starting daemon: SELinux is not supported with the overlay2 graph ...alse)
此linux的內核中的SELinux不支持 overlay2 graph driver ,解決方法有兩個,要麼啓動一個新內核,要麼就在docker裏禁用selinux,--selinux-enabled=false
[root@localhost /]# vi /etc/sysconfig/docker
修改配置:
# Modify these options if you want to change the way the docker daemon runs OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false' if [ -z "${DOCKER_CERT_PATH}" ]; then DOCKER_CERT_PATH=/etc/docker fi # Do not add registries in this file anymore. Use /etc/containers/registries.conf # from the atomic-registries package. #
在--selinux-enabled後面添加=false即可!
重新啓動docker
[root@localhost /]# service docker start Redirecting to /bin/systemctl start docker.service [root@localhost /]# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 1.13.1 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: false Native Overlay Diff: false Logging Driver: journald Cgroup Driver: systemd Plugins: Volume: local Network: bridge host macvlan null overlay Swarm: inactive Runtimes: docker-runc runc Default Runtime: docker-runc Init Binary: docker-init containerd version: (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1) runc version: N/A (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f) init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574) Security Options: seccomp WARNING: You're not using the default seccomp profile Profile: /etc/docker/seccomp.json Kernel Version: 3.10.0-327.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 Number of Docker Hooks: 3 CPUs: 1 Total Memory: 977.9 MiB Name: localhost.localdomain ID: 2QP3:PYDM:BLLS:P5QS:QGJN:N7GK:DAKV:ZWFG:FW54:FHS4:FCAN:6NR4 Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false Registries: docker.io (secure)
測試運行hello-world
[root@localhost /]# docker run hello-world Unable to find image 'hello-world:latest' locally Trying to pull repository docker.io/library/hello-world ... latest: Pulling from docker.io/library/hello-world /usr/bin/docker-current: Get https://registry-1.docker.io/v2/library/hello-world/manifests/sha256:d5c74e6f8efc7bdf42a5e22bd764400692cf82360d86b8c587a7584b03f51520: Get https://auth.docker.io/token?scope=repository%3Alibrary%2Fhello-world%3Apull&service=registry.docker.io: net/http: request canceled (Client.Timeout exceeded while awaiting headers). See '/usr/bin/docker-current run --help'. [root@localhost /]# docker run hello-world Unable to find image 'hello-world:latest' locally Trying to pull repository docker.io/library/hello-world ... latest: Pulling from docker.io/library/hello-world 9bb5a5d4561a: Pull complete Digest: sha256:f5233545e43561214ca4891fd1157e1c3c563316ed8e237750d59bde73361e77 Status: Downloaded newer image for docker.io/hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/engine/userguide/
啓動重啓命令:
[hongdada@localhost home]$ systemctl stop docker.service ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to manage system services or units. Authenticating as: root Password: ==== AUTHENTICATION COMPLETE === [hongdada@localhost home]$ systemctl restart docker.service ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to manage system services or units. Authenticating as: root Password: ==== AUTHENTICATION COMPLETE === [hongdada@localhost home]$ systemctl status docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: active (running) since 五 2018-04-20 08:11:34 CST; 12s ago Docs: http://docs.docker.com Main PID: 51878 (dockerd-current) CGroup: /system.slice/docker.service ├─51878 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-cu... └─51883 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-con...