Tag Archives: docker

Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen

Error:
[root@localhost ~]# docker run -d -p 9000:80 centos:httpd /bin/sh -c /usr/local/bin/start.sh
d5b2bd5a7bc4895a973fe61efd051847047d26385f65c278aaa09e4fa31c4d76
docker: Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen (6bda693d1143657e46bee0300276aa05820da2b21a3d89441e820d1a274c48b6): (iptables failed: iptables –wait -t nat -A DOCKER -p tcp -d 0/0 –dport 9000 -j DNAT –to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).
[root@localhost ~]# docker start d5b2bd5a7bc4
Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen (4127da7466709fd45695a1fbe98e13c2ac30c2a554e18fb902ef5a03ba308438): (iptables failed: iptables –wait -t nat -A DOCKER -p tcp -d 0/0 –dport 9000 -j DNAT –to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1))
Error: failed to start containers: d5b2bd5a7bc4

Reason:

The custom chain DOCKER defined at the start of the docker service was cleared for some reason
Restart the docker service and regenerate the custom chain DOCKER

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  —  172.17.0.0/16        0.0.0.0/0
MASQUERADE  tcp  —  172.17.0.2           172.17.0.2           tcp dpt:8080

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  —  0.0.0.0/0            0.0.0.0/0
DNAT       tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080
root@router:playbook#iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  —  172.17.0.0/16        0.0.0.0/0
MASQUERADE  tcp  —  172.17.0.2           172.17.0.2           tcp dpt:8080

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  —  0.0.0.0/0            0.0.0.0/0
DNAT       tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080

Solution:

Restart the docker service and then start the container
systemctl restart docker
docker start foo

Docker Run MYSQL Container Error: [ERROR] –initialize specified but the data directory has files in it. Aborting.

background

Start the MySQL container by running the local MAC docker

docker run -d -p 3306:3306 --name mysql1 -v /Users/polo/data/conf:/etc/mysql/conf.d -v /Users/polo/data/mysql:/var/lib/mysql  -e MYSQL_ROOT_PASSWORD=123456 -d mysql:5.7

phenomenon

Check the container log and find that an error is reported, and the local Navicat cannot be connected

Root cause

Files already exist in the directory mounted through – V, so when – V selects the local directory, remember to select an empty directory/nonexistent directory (it will be created automatically)

Solution

Reference links for problem solving

Replace the -v mounted local directory with an empty directory/nonexistent directory

Start the log of MySQL container normally

No error log

Error message after installing docker in CentOS 7

Start docker

 

$ sudo systemctl start docker

report errors.

View status:

$ systemctl status docker.service -l

If you add – L, some lines of information are very long and will be omitted during printing. If you add this parameter, all lines will be displayed.

 

 

Error message:

Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either boot into a newer kernel or disable selinux in docker (–selinux-enabled=false)

This means that SELinux in the Linux kernel does not support the overlay 2 graph driver. There are two solutions: either start a new kernel or disable SELinux in the docker, — SELinux enabled = false

 

Re edit the docker configuration file:

vi /etc/sysconfig/docker

 

Replace with:

 

Restart docker:

 

 

View status:

$ systemctl status docker.service -l

Done!!

An error is reported when starting sshd in the docker container

create container, set password, install openssh server startup error

use/usr/SBIN/sshd – D in the container to start the error report

[root@9d41c7f36c5e tmp]# /usr/sbin/sshd -d
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: key_load_private: No such file or directory
debug1: key_load_public: No such file or directory
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug1: key_load_private: No such file or directory
debug1: key_load_public: No such file or directory
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
debug1: key_load_private: No such file or directory
debug1: key_load_public: No such file or directory
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.

solution:

# /usr/sbin/sshd-keygen -A
# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

then restart
# /usr/sbin/sshd

 

Remote link

ssh root@ip -p 22

VMware reported an error after installing docker

Problem: after installing docker and opening VMware, an error is reported

Problem tip: VMware Workstation is incompatible with device/credential guard

Scheme:

Close hypervisorlaunchtype

Execution steps:

1. Open PowerShell as administrator

2. Operation command:

bcdedit /set hypervisorlaunchtype off

PS: if you want to restart:

bcdedit /set hypervisorlaunchtype auto

Explain

The Bcdedit/set command sets the startup item option value in the windows boot configuration data file (BCD)

Format Bcdedit/set [{ID}] datatype value

Hypervisordebug [on | off]
controls whether the hypervisor debugger is enabled

Reference

https://docs.microsoft.com/zh-cn/windows-hardware/drivers/devtest/bcdedit–set

The docker container reports an error when using the systemctl command

I have seen many solutions, but they are not friendly to novices and are not particularly clear

Error content:  

        System has not been booted with systemd as init system (PID 1). Can’t operate.
        Failed to connect to bus: Host is down

 

Solution:

      docker run -itd    –privileged –name myCentos centos /usr/sbin/init

      After creation: use the following command to enter the container

      docker exec -it myCentos /bin/bash

      Pay special attention to the bold content and don’t forget

      The reason is that/bin/Bash is executed in the first step by default, and systemctl cannot be used because of a bug in docker  

                      Therefore, we use/usr/SBIN/init and — privileged, so that we can use systemctl, but override the default/bin/bash

        Therefore, if we want to enter the container, we can no longer use docker attach mycentos  

        Instead, you can only use    docker exec -it myCentos /bin/bash   Because exec allows us to execute the overridden default command/bin/bash  

        At the same time -it is also necessary

        Similar to Ubuntu, the init directory may be different

Of course, I don’t know the specific bug. I hope it will be fixed in the future

 

An error is reported when the docker command is executed in Jenkins

Cannot connect to the Docker daemon. Is the docker daemon running on this host?

When Jenkins is configured to automatically build dockerfiles from gitlab and upload them to harbor, the above problems are encountered. When Jenkins executes the docker command, the above errors will be reported. After consulting relevant data, it is found that the solutions are as follows:
I Modify docker service configuration
systemctl stop docker
sudo gpasswd - a Jenkins docker # add Jenkins users to the docker group
VIM/usr/lib/SYSTEMd/system/docker. Service

#ExecStart=/usr/bin/dockerd-current \
#          --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
#          --default-runtime=docker-runc \
#          --exec-opt native.cgroupdriver=systemd \
#          --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
#          $OPTIONS \
#          $DOCKER_STORAGE_OPTIONS \
#          $DOCKER_NETWORK_OPTIONS \
#          $ADD_REGISTRY \
#          $BLOCK_REGISTRY \
#          $INSECURE_REGISTRY\
#         $REGISTRIES
ExecStart=/usr/bin/docker daemon -H unix:// -H tcp://192.168.1.1:2375
#Replace the above commented configuration file with the newly added file below.

systemctl daemon reload
systemctl restart docker
2. Restart the Jenkins service, build the current project, and check whether the relevant docker commands can be executed
systemctl restart Jenkins
If you encounter the problem that the filtering Jenkins process shows that the current service has been closed, but Jenkins still cannot be started, you can execute the java - jar Jenkins. War command to see the detailed error messages. What’s more wonderful is that I have closed the Jenkins process, the filtering service and port have been closed, but the address occupied error will still be reported when starting the Jenkins service, At this point, re execute the systemctl stop Jenkins command, and then start the Jenkins service to see if it can be solved

 

Elimination of installation and startup errors of docker

Docker installation

Errors encountered in docker startup

The docker starts to report an error. Use systemctl or journalctl to view the error as follows:

[root@iZ23lj7d0igZ etc]# systemctl status docker.service
● docker.service - Docker Application Container Engine
 Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
 Active: failed (Result: start-limit) since Thu 2019-01-24 14:12:25 CST; 3s ago
  Docs: https://docs.docker.com
 Process: 19664 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
Main PID: 19664 (code=exited, status=1/FAILURE)

Jan 24 14:12:23 iZ23lj7d0igZ systemd[1]: Failed to start Docker Application Container Engine.
Jan 24 14:12:23 iZ23lj7d0igZ systemd[1]: Unit docker.service entered failed state.
Jan 24 14:12:23 iZ23lj7d0igZ systemd[1]: docker.service failed.
Jan 24 14:12:25 iZ23lj7d0igZ systemd[1]: docker.service holdoff time over, scheduling restart.
Jan 24 14:12:25 iZ23lj7d0igZ systemd[1]: Stopped Docker Application Container Engine.
Jan 24 14:12:25 iZ23lj7d0igZ systemd[1]: start request repeated too quickly for docker.service
Jan 24 14:12:25 iZ23lj7d0igZ systemd[1]: Failed to start Docker Application Container Engine.
Jan 24 14:12:25 iZ23lj7d0igZ systemd[1]: Unit docker.service entered failed state.
Jan 24 14:12:25 iZ23lj7d0igZ systemd[1]: docker.service failed.

In fact, systemctl or journal CTL can’t accurately see the problem. Directly starting docker can get more accurate error information

[root@iZ23lj7d0igZ docker]# dockerd
INFO[2019-01-24T14:22:09.818767600+08:00] parsed scheme: "unix"                         module=grpc
INFO[2019-01-24T14:22:09.819747980+08:00] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2019-01-24T14:22:09.819949065+08:00] parsed scheme: "unix"                         module=grpc
INFO[2019-01-24T14:22:09.820053953+08:00] scheme "unix" not registered, fallback to default scheme  module=grpc
WARN[2019-01-24T14:22:09.820285915+08:00] [graphdriver] WARNING: the devicemapper storage-driver is deprecated, and will be removed in a future release 
INFO[2019-01-24T14:22:09.821538282+08:00] ccResolverWrapper: sending new addresses to cc: [{unix:///run/containerd/containerd.sock 0  <nil>}]  module=grpc
INFO[2019-01-24T14:22:09.821696754+08:00] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2019-01-24T14:22:09.822488994+08:00] pickfirstBalancer: HandleSubConnStateChange: 0xc420164670, CONNECTING  module=grpc
INFO[2019-01-24T14:22:09.823961880+08:00] pickfirstBalancer: HandleSubConnStateChange: 0xc420164670, READY  module=grpc
INFO[2019-01-24T14:22:09.824312951+08:00] ccResolverWrapper: sending new addresses to cc: [{unix:///run/containerd/containerd.sock 0  <nil>}]  module=grpc
INFO[2019-01-24T14:22:09.824456097+08:00] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2019-01-24T14:22:09.824597236+08:00] pickfirstBalancer: HandleSubConnStateChange: 0xc420164a20, CONNECTING  module=grpc
INFO[2019-01-24T14:22:09.825544332+08:00] pickfirstBalancer: HandleSubConnStateChange: 0xc420164a20, READY  module=grpc
WARN[2019-01-24T14:22:09.834966889+08:00] Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man dockerd` to refer to dm.thinpooldev section.  storage-driver=devicemapper
INFO[2019-01-24T14:22:10.345190914+08:00] Creating filesystem xfs on device docker-253:1-3016960-base, mkfs args: [-m crc=0,finobt=0 /dev/mapper/docker-253:1-3016960-base]  storage-driver=devicemapper
INFO[2019-01-24T14:22:10.353324179+08:00] Error while creating filesystem xfs on device docker-253:1-3016960-base: exit status 1  storage-driver=devicemapper
Error starting daemon: error initializing graphdriver: exit status 1


question 1: start request repeated too quickly for docker.service, Failed to start Docker Application Container Engine.

#vim /etc/sysconfig/docker
OPTIONS="--selinux-enabled --log-driver=journald --signature-verification=false"
#vim /etc/docker/daemon.json Be careful not to misspell
{"storage-driver": "devicemapper"}
#Restart the docker service
systemclt restart docker.service

If it still can’t be started, you can change/etc/docker/daemon.json to/etc/docker/daemon.conf and try it


question 2: error while creating filesystem XFS on device

This is due to the system xfsprogs version is too low, you can update it( https://www.cnblogs.com/loopsun/p/9650301.html )

yum install xfsprogs

problem 3: the kernel version is too low

The new version of docker requires that the kernel version of the system is above 3.10. You can use uname – r to view your own system version. If it is below 3.10, please upgrade the kernel

uname -r
3.10.0-123.9.3.el7.x86_64

The above can basically solve the problem of docker startup. It is recommended to install a docker accelerator and install docker compose daoc in a fool’s way loud:http ://get.daocloud.io/

How to Solve Error during connect when installing docker in Windows 10

The detailed error information is as follows:

C:\Users\zig>docker info
error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.39/info: open //./pipe/docker_engine: The system cannot find the file specified. In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.

Modification method:

cd "C:\Program Files\Docker\Docker"
./DockerCli.exe -SwitchDaemon

Reason: Especially on windows machine when you see the above error after a docker update, try the above commands. It appears like the Docker Desktop UI may indicate that you are already using Linux Containers, but the update may have messed up that setting. Running the above commands will set to Linux Containers and there after you can work happily.

Note: The default is Linux Containers, just change it to Windows Containers after using this command.

Install a docker container in centos7 that can log in SSH

Recently, I’ve been working on docker, which really excited me for a few days. Let’s share the installation process

Because docker requires a higher version of Linux kernel, I installed centos7 in VBox. As for how to install CentOS 7, I don’t need to worry about it. Here is the minimal installation

First, configure the network card to ensure that the virtual machine can access the network normally, because the installation of docker requires networking. I am usually used to setting up two network cards when installing virtual machine. One uses NAT to connect and is responsible for surfing the Internet; A host only connection is used to connect the host to the virtual machine. Then enable the two network cards, the simplest way is to enter dhclient mode, the system will automatically assign IP to the network card

First of all, the command to install docker:
is used

#yum-yinstalldocker

After the installation, you can use the following command to view the available images:

#dockerimages
REPOSITORYTAGIMAGEIDCREATEDVIRTUALSIZE

At this time, no image is available and the container cannot be started, so we need to download the image. In this step, we can choose to download images of different systems. Here, we still choose the most familiar CentOS. In this step, docker will download image files online

#dockerpullcentos

Wait until the image download is completed, and then use the docker images command to see several CentOS images:

#dockerimages
REPOSITORYTAGIMAGEIDCREATEDVIRTUALSIZE

 

First, build a docker container that can be accessed through SSH

1. Start a docker container:

#dockerrun-i-tcentos/bin/bash

This creates a new docker container and enters the bash of the container

2. Install sshd:

#yum-yinstallopenssh-server

3. Start sshd. Use absolute path here. To view the path of a command, use where is or which:

#/usr/sbin/sshd-D

The following error occurs when starting sshd under centos.

Could not load host key: /etc/ssh/ssh_host_rsa_key

Could not load host key: /etc/ssh/ssh_host_dsa_key

Simply execute the following commands in sequence.

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key #just enter

ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key #just enter

ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N “”

Press and start the sshd service again, it should be fine. 4.

4. After finishing, edit the sshd_config configuration file, find the paragraph UsePAM yes, change it to UsePAM no

#UsePAMno
UsePAMyes
to
UsePAMno
#UsePAMyes

If you don’t modify this paragraph, you will exit immediately when you log in to the container using SSH

5. Install passwd and change the password of root

#yum-yinstallpasswd
#passwroot
Changingpasswordforuserroot.
Newpassword:

6. After changing the password, execute the exit command to exit. At this time, you will return to the shell of the host machine and execute the following command to submit the container to the image:

#dockercommitcontaineridimagename

Here, containerid is the ID of the container, and imagename is the name of the image at the time of submission. It’s better to use a new name when submitting for the first time, instead of covering the original clean CentOS image

The container ID can be viewed through the docker PS – L command. After starting the container, the default host name is actually the container ID

7. Start a new container through docker run. The parameter – D means running in the background and – P means mapping the docker to the host port

#dockerrun-d-p10022:22imagename/usr/sbin/sshd-D

If there is no problem starting, you can log in to the container:

#sshroot@localhost-p10022

After logging in, we can install all kinds of software and build all kinds of environments