最近在一台新的虚拟机CentOS7上安装docker后,启动失败,控制台报错:
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
按照提示,输入代码查询详细信息:
systemctl status docker.service
控制台显示:
Jan 21 03:19:26 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
Jan 21 03:19:26 localhost.localdomain dockerd-current[9713]: time="2019-01-21T03:19:26.243566124-05:00" level=warning msg="could not change group /var/run/dock...t found"
Jan 21 03:19:26 localhost.localdomain dockerd-current[9713]: time="2019-01-21T03:19:26.251588454-05:00" level=info msg="libcontainerd: new containerd process, pid: 9719"
Jan 21 03:19:27 localhost.localdomain dockerd-current[9713]: time="2019-01-21T03:19:27.274519154-05:00" level=warning msg="overlay2: the backing xfs filesystem is form...
Jan 21 03:19:27 localhost.localdomain dockerd-current[9713]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Eit...d=false)
Jan 21 03:19:27 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Jan 21 03:19:27 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
Jan 21 03:19:27 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
Jan 21 03:19:27 localhost.localdomain systemd[1]: docker.service failed.
注意到这一行Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Eit...d=false)
,大致意思好像是SELinux不支持这个内核上的OrthALA2图形驱动程序
解决方法:
vi /etc/sysconfig/docker
打开后的文件:
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
把--selinux-enabled
改成false,即--selinux-enabled=false
:
如下:
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
重启docker
systemctl restart docker
启动成功.
以上是本次排查解决问题过程,记录之以备查阅.