bug描述
在centos 7.2上安装docker 20.10.8之后,当容器以桥接模式启动时,容器内无法和宿主机通信,但对容器所属于的网卡就行抓包就能通,一但断开转包过程就再次不能通信,另外将容器所属网桥设置为混杂模式(详见设置网卡为混杂模式)也可以通信。
日志及网桥异常状态
启动桥接容器后,/var/log/messages日志输出如下
Mar 2 04:54:41 localhost kernel: XFS (dm-2): Mounting V4 Filesystem
Mar 2 04:54:41 localhost kernel: XFS (dm-2): Ending clean mount
Mar 2 04:54:41 localhost kernel: device veth1cdbb12 entered promiscuous mode
Mar 2 04:54:41 localhost kernel: IPv6: ADDRCONF(NETDEV_UP): veth1cdbb12: link is not ready
Mar 2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state
Mar 2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state
Mar 2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered disabled state
Mar 2 04:54:41 localhost NetworkManager[1391]: <warn> (vethdbc0acb): failed to find device 6 'vethdbc0acb' with udev
Mar 2 04:54:41 localhost NetworkManager[1391]: <info> (vethdbc0acb): new Veth device (carrier: OFF, driver: 'veth', ifindex: 6)
Mar 2 04:54:41 localhost NetworkManager[1391]: <warn> (veth1cdbb12): failed to find device 7 'veth1cdbb12' with udev
Mar 2 04:54:41 localhost NetworkManager[1391]: <info> (veth1cdbb12): new Veth device (carrier: OFF, driver: 'veth', ifindex: 7)
Mar 2 04:54:41 localhost NetworkManager[1391]: <info> (docker0): bridge port veth1cdbb12 was attached
Mar 2 04:54:41 localhost NetworkManager[1391]: <info> (veth1cdbb12): enslaved to docker0
Mar 2 04:54:41 localhost containerd: time="2023-03-02T04:54:41.458847623-05:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
Mar 2 04:54:41 localhost containerd: time="2023-03-02T04:54:41.459116859-05:00" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
Mar 2 04:54:41 localhost containerd: time="2023-03-02T04:54:41.459128511-05:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
Mar 2 04:54:41 localhost containerd: time="2023-03-02T04:54:41.459818126-05:00" level=info msg="starting signal loop" namespace=moby path=/run/containerd/io.containerd.runtime.v2.task/moby/28978352c9e92666643d11ef36c7ecc777688ed7f2e712effb8c5d52066a8106 pid=39502 runtime=io.containerd.runc.v2
Mar 2 04:54:41 localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth1cdbb12: link becomes ready
Mar 2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state
Mar 2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state
Mar 2 04:54:41 localhost NetworkManager[1391]: <warn> (vethdbc0acb): failed to disable userspace IPv6LL address handling
Mar 2 04:54:41 localhost NetworkManager[1391]: <info> (veth1cdbb12): link connected
Mar 2 04:54:41 localhost NetworkManager[1391]: <info> (docker0): link connected
Mar 2 04:54:56 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state
同时日志中还有如下错误输出
grep -i error /var/log/messages
Mar 1 13:39:48 localhost kdumpctl: cat: write error: Broken pipe
Mar 2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.870815908-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.aufs\"..." error="aufs is not supported (modprobe aufs failed: exit status 1 \"modprobe: FATAL: Module aufs not found.\\n\"): skip plugin" type=io.containerd.snapshotter.v1
Mar 2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871247821-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." error="path /var/lib/containerd/io.containerd.snapshotter.v1.btrfs (xfs) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Mar 2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871274310-05:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
Mar 2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871558562-05:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.overlayfs" error="/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs does not support d_type. If the backing filesystem is xfs, please reformat with ftype=1 to enable d_type support"
Mar 2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871690896-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.zfs\"..." error="path /var/lib/containerd/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Mar 2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871770722-05:00" level=warning msg="could not use snapshotter overlayfs in metadata plugin" error="/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs does not support d_type. If the backing filesystem is xfs, please reformat with ftype=1 to enable d_type support"
Mar 2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871783462-05:00" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
Mar 2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.876502869-05:00" level=info msg="skip loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." error="no OpenTelemetry endpoint: skip plugin" type=io.containerd.tracing.processor.v1
Mar 2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.876701982-05:00" level=error msg="failed to initialize a tracing processor \"otlp\"" error="no OpenTelemetry endpoint: skip plugin"
Mar 2 04:42:27 localhost dockerd: time="2023-03-02T04:42:27.439907986-05:00" level=error msg="AUFS was not found in /proc/filesystems" storage-driver=aufs
Mar 2 04:46:07 localhost dockerd: time="2023-03-02T04:46:07.473429755-05:00" level=error msg="Not continuing with pull after error: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"
Mar 2 04:46:07 localhost dockerd: time="2023-03-02T04:46:07.473962046-05:00" level=info msg="Ignoring extra error returned from registry: unauthorized: authentication required"
Mar 2 04:48:12 localhost dockerd: time="2023-03-02T04:48:12.027715229-05:00" level=error msg="Handler for POST /v1.41/exec/16143c26b68176b620c7e384c121aade56ea9fd4b173f3ce72b85b9cd3587ee8/resize returned error: cannot resize a stopped container: unknown"
Mar 2 04:52:06 localhost dockerd: time="2023-03-02T04:52:06.729633556-05:00" level=error msg="Handler for POST /v1.41/exec/6b4854288f70e8498c7168125f6019491fc46430425f6fe45264c9fa90cef8c3/resize returned error: cannot resize a stopped container: unknown"
Mar 2 04:56:35 localhost dockerd: time="2023-03-02T04:56:35.534241558-05:00" level=error msg="Handler for POST /v1.41/exec/871f2bd90b1426cd27842bb5b7ceed228de2fb422ac465676f3ec1c4818de758/resize returned error: cannot resize a stopped container: unknown"
Mar 2 04:58:25 localhost dockerd: time="2023-03-02T04:58:25.093055150-05:00" level=error msg="Handler for POST /v1.41/exec/92a4600e4d6a575d33308e008527f84e701a188bdba34c3816985927eefbc8ff/resize returned error: cannot resize a stopped container: unknown"
Mar 2 04:59:36 localhost dockerd: time="2023-03-02T04:59:36.536096175-05:00" level=error msg="Handler for POST /v1.41/exec/e81ea8430445bf5405d53c85c6b25942ed1521ad22c268728cd47465ebff04d8/resize returned error: cannot resize a stopped container: unknown"
Mar 2 05:20:14 localhost containerd: time="2023-03-02T05:20:14.757229300-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:20:14-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=41049 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:20:14-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/502bb8ef956d5cefd0d435ddbaaf1e725804cfc579497c71802d87d045b04a8f/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar 2 05:20:14 localhost containerd: time="2023-03-02T05:20:14.757475658-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar 2 05:20:14 localhost dockerd: time="2023-03-02T05:20:14.762421522-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar 2 05:20:14 localhost dockerd: time="2023-03-02T05:20:14.785373087-05:00" level=error msg="502bb8ef956d5cefd0d435ddbaaf1e725804cfc579497c71802d87d045b04a8f cleanup: failed to delete container from containerd: no such container"
Mar 2 05:20:14 localhost dockerd: time="2023-03-02T05:20:14.785417009-05:00" level=error msg="Handler for POST /v1.41/containers/502bb8ef956d5cefd0d435ddbaaf1e725804cfc579497c71802d87d045b04a8f/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/502bb8ef956d5cefd0d435ddbaaf1e725804cfc579497c71802d87d045b04a8f/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar 2 05:20:55 localhost containerd: time="2023-03-02T05:20:55.496728224-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:20:55-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=41248 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:20:55-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar 2 05:20:55 localhost containerd: time="2023-03-02T05:20:55.497195930-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar 2 05:20:55 localhost dockerd: time="2023-03-02T05:20:55.502064990-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar 2 05:20:55 localhost dockerd: time="2023-03-02T05:20:55.516072218-05:00" level=error msg="49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b cleanup: failed to delete container from containerd: no such container"
Mar 2 05:20:55 localhost dockerd: time="2023-03-02T05:20:55.516103420-05:00" level=error msg="Handler for POST /v1.41/containers/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar 2 05:23:23 localhost containerd: time="2023-03-02T05:23:23.007207667-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:23:23-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=41562 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:23:23-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar 2 05:23:23 localhost containerd: time="2023-03-02T05:23:23.007422945-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar 2 05:23:23 localhost dockerd: time="2023-03-02T05:23:23.012157942-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar 2 05:23:23 localhost dockerd: time="2023-03-02T05:23:23.026402998-05:00" level=error msg="49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b cleanup: failed to delete container from containerd: no such container"
Mar 2 05:23:23 localhost dockerd: time="2023-03-02T05:23:23.026432533-05:00" level=error msg="Handler for POST /v1.41/containers/test/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar 2 05:26:22 localhost containerd: time="2023-03-02T05:26:22.232994047-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:26:22-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=41799 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:26:22-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar 2 05:26:22 localhost containerd: time="2023-03-02T05:26:22.233341092-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar 2 05:26:22 localhost dockerd: time="2023-03-02T05:26:22.238256234-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar 2 05:26:22 localhost dockerd: time="2023-03-02T05:26:22.252904462-05:00" level=error msg="49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b cleanup: failed to delete container from containerd: no such container"
Mar 2 05:26:22 localhost dockerd: time="2023-03-02T05:26:22.252936120-05:00" level=error msg="Handler for POST /v1.41/containers/test/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar 2 05:27:34 localhost containerd: time="2023-03-02T05:27:34.323601724-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:27:34-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=42016 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:27:34-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/488f708db137ec6ed2b95e2f588fa1c49b69c8a9599e8dd2402bf92152d98796/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar 2 05:27:34 localhost containerd: time="2023-03-02T05:27:34.324504278-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar 2 05:27:34 localhost dockerd: time="2023-03-02T05:27:34.328439462-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar 2 05:27:34 localhost dockerd: time="2023-03-02T05:27:34.347478706-05:00" level=error msg="488f708db137ec6ed2b95e2f588fa1c49b69c8a9599e8dd2402bf92152d98796 cleanup: failed to delete container from containerd: no such container"
Mar 2 05:27:34 localhost dockerd: time="2023-03-02T05:27:34.347516336-05:00" level=error msg="Handler for POST /v1.41/containers/488f708db137ec6ed2b95e2f588fa1c49b69c8a9599e8dd2402bf92152d98796/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/488f708db137ec6ed2b95e2f588fa1c49b69c8a9599e8dd2402bf92152d98796/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar 2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.690545380-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.aufs\"..." error="aufs is not supported (modprobe aufs failed: exit status 1 \"modprobe: FATAL: Module aufs not found.\\n\"): skip plugin" type=io.containerd.snapshotter.v1
Mar 2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.693635675-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." error="path /var/lib/containerd/io.containerd.snapshotter.v1.btrfs (xfs) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Mar 2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.695812844-05:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
Mar 2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.698532981-05:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.overlayfs" error="/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs does not support d_type. If the backing filesystem is xfs, please reformat with ftype=1 to enable d_type support"
Mar 2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.699095856-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.zfs\"..." error="path /var/lib/containerd/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Mar 2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.699521063-05:00" level=warning msg="could not use snapshotter overlayfs in metadata plugin" error="/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs does not support d_type. If the backing filesystem is xfs, please reformat with ftype=1 to enable d_type support"
Mar 2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.699751575-05:00" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
Mar 2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.735890472-05:00" level=info msg="skip loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." error="no OpenTelemetry endpoint: skip plugin" type=io.containerd.tracing.processor.v1
Mar 2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.735927789-05:00" level=error msg="failed to initialize a tracing processor \"otlp\"" error="no OpenTelemetry endpoint: skip plugin"
Mar 2 05:39:59 localhost kdumpctl: cat: write error: Broken pipe
查看docker容器所属网桥状态
yum -y install bridge-utils
brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.000000000000 no vethebfbfe2
解决
升级内核,参见Linux升级内核。
重启系统
reboot
8751
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
