Docker(swarm mode)在一段时间不用后无法启动
2019獨角獸企業重金招聘Python工程師標準>>>
docker1.12版本剛出的時候,自己建了個虛擬機安裝實驗了下內置的swarm模式的新特性,后來這個虛擬機就一直沒用。今天在打開這個虛擬機時,發現docker服務無法啟動了,具體現象如下:
[root@node1 /]# service docker start Redirecting to /bin/systemctl start docker.service Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.查看詳細的信息
[root@node1 /]# systemctl status docker.service -l * docker.service - Docker Application Container EngineLoaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)Active: failed (Result: exit-code) since 六 2017-01-07 20:19:22 CST; 56s agoDocs: https://docs.docker.comProcess: 2707 ExecStart=/usr/bin/dockerd (code=exited, status=1/FAILURE)Main PID: 2707 (code=exited, status=1/FAILURE)1月 07 20:19:21 node1 dockerd[2707]: time="2017-01-07T20:19:21.941128813+08:00" level=warning msg="mountpoint for pids not found" 1月 07 20:19:21 node1 dockerd[2707]: time="2017-01-07T20:19:21.941923814+08:00" level=info msg="Loading containers: start." 1月 07 20:19:21 node1 dockerd[2707]: ...time="2017-01-07T20:19:21.966308550+08:00" level=info msg="Firewalld running: false" 1月 07 20:19:22 node1 dockerd[2707]: time="2017-01-07T20:19:22.458578104+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address" 1月 07 20:19:22 node1 dockerd[2707]: time="2017-01-07T20:19:22.572281786+08:00" level=info msg="Loading containers: done." 1月 07 20:19:22 node1 dockerd[2707]: time="2017-01-07T20:19:22.635556518+08:00" level=fatal msg="Error creating cluster component: error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid" 1月 07 20:19:22 node1 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE 1月 07 20:19:22 node1 systemd[1]: Failed to start Docker Application Container Engine. 1月 07 20:19:22 node1 systemd[1]: Unit docker.service entered failed state. 1月 07 20:19:22 node1 systemd[1]: docker.service failed.其中有一條錯誤信息,大致意思是swarm-mode.crt證書已經過期或無效。
error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid
查詢docker的issue里,是有一條24132號關于這個問題的討論的:
Swarm certificates automatically renew and have 90 day expiry period by default. Still, if you don't start the daemon during that time the certificates will expire and starting daemon will fail with?time="2016-06-29T17:18:06.165656736Z" level=fatal msg="Error creating cluster component: error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid"
I think refusing to start and not ignoring this error is correct. We could provide?--reset-swarm?option to leave swarm so the user doesn't need to remove the state dir manually. Problem is that user must remember to remove this option as otherwise, it would clear the state on every next restart as well.
Maybe a good enough solution would be to add instructions for removing the state directory in the error message.
swarm的證書默認是有90天的有效期,如果在有效期內,可以通過自動續期的機制更新證書,但是如果長時間沒有啟動服務器,超過了有效期,那docker將無法啟動。
針對這個問題,我們可以先將/var/lib/docker/swarm目錄刪除或更名,docker就可以正常啟動了。?
轉載于:https://my.oschina.net/JasonZhang/blog/820786
總結
以上是生活随笔為你收集整理的Docker(swarm mode)在一段时间不用后无法启动的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 消息队列一
- 下一篇: system v和posix的共享内存对