作業系統版本：

CentOS Linux release 7.4.1708 (Core)

核心版本：

Linux 554735 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

docker 版本：

Client:
 Version:      17.06.0-ce
 API version:  1.30
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:20:36 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.06.0-ce
 API version:  1.30 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:21:56 2017
 OS/Arch:      linux/amd64
 Experimental: false
 

今天重啟docker服務的時候時候，報出下面的錯誤資訊：

Nov 14 12:05:48 554735 dockerd[14510]: time="2018-11-14T12:05:48.649532416+08:00" level=info msg="libcontainerd: new containerd process, pid: 14524"
Nov 14 12:05:49 554735 consul[1470]: 2018/11/14 12:05:49 [WARN] agent: http request failed 'http://127.0.0.1:9095/metrics': Get http://127.0.0.1:9095/metrics: dNov 14 12:05:49 554735 dockerd[14510]: time="2018-11-14T12:05:49.671699972+08:00" level=info msg="[graphdriver] using prior storage driver: overlay"
Nov 14 12:05:49 554735 dockerd[14510]: time="2018-11-14T12:05:49.797990865+08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Nov 14 12:05:49 554735 dockerd[14510]: time="2018-11-14T12:05:49.798771912+08:00" level=info msg="Loading containers: start."
Nov 14 12:05:49 554735 dockerd[14510]: time="2018-11-14T12:05:49.833032379+08:00" level=warning msg="Failed to read iptables version: fork/exec /usr/sbin/iptables: execNov 14 12:05:49 554735 dockerd[14510]: Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: ipNov 14 12:05:49 554735 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Nov 14 12:05:49 554735 systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is failed.
Nov 14 12:05:49 554735 systemd[1]: Unit docker.service entered failed state.
Nov 14 12:05:49 554735 systemd[1]: docker.service failed.
Nov 14 12:05:49 554735 polkitd[1043]: Unregistered Authentication Agent for unix-process:14504:47075 (system bus name :1.52, object path /org/freedesktop/PolicyKit1/AutNov 14 12:05:50 554735 systemd[1]: docker.service holdoff time over, scheduling restart.
Nov 14 12:05:50 554735 systemd[1]: Starting Docker Application Container Engine...
-- Subject: Unit docker.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has begun starting up.
Nov 14 12:05:50 554735 dockerd[14618]: time="2018-11-14T12:05:50.175112450+08:00" level=info msg="libcontainerd: new containerd process, pid: 14628"
 

錯誤資訊通過 journalctl -xe | grep docker 獲得

google之後，並沒有找到很合適的解決方案，在docker issue上發現，竟然有人是通過升級核心解決。。。。。。

後來經過排查發現是iptables沒有啟用了，docker沒有辦法做埠轉發，導致docker服務起不來。

啟用iptables，搞定。

[[email protected]~]# systemctl stop firewalld  ##停止防火牆 firewalld
[[email protected]~]# systemctl disable firewalld  ##禁用防火牆 firewalld
[
 
[email protected]~]# systemctl status firewalld  ##檢視防火牆狀態
[[email protected]~]# yum install -y iptables-services iptables-devel.x86_64 iptables.x86_64 
[[email protected]~]# systemctl enable iptables  ##開機自啟
[[email protected]~]# systemctl start iptables  ##啟動iptables
[[email protected]~]# systemctl status iptables  ##檢視iptables狀態

個人微信公眾號：

作者：jiankunking 出處：http://blog.csdn.net/jiankunking