premise:
Since the operating system version used was relatively low, centos7.3, I was going to update the operating system, and then performed the yum update operation. As a result, docker was also updated from a forgotten version to the latest version 24, resulting in the use of containers that were no longer available. , now the little whale overturned. . .
Then reinstall docker and make a backup of /var/lib/docker to prevent the little whale from drowning again.
After reinstallation, I found that docker still couldn't start. Then I restarted the server. After restarting, docker could start, but what about the previous container. . . . Fortunately, I made a backup and restored the previous backup.
o my k, dinosaur carries the dragon, carries the dragon, starts hahaha
Then I found that the mysql container I was using could not be started again. Damn it
[root@localhost lib]# docker start adapapapadafa5c578
Error response from daemon: driver failed programming external connectivity on endpoint mysql (09e4e0982ceef0b2a8ff4fea7e208fb65c211b1a749a04feb1cf901a6a8d5d12): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 13337 -j DNAT --to-destination 172.17.0.5:3306 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1))After checking the information, it turns out that it is a dispute between docker, firewalld and iptables!
原因:
docker服务启动时定义的自定义链DOCKER由于 centos7 firewall 被清掉
firewall的底层是使用iptables进行数据过滤,建立在iptables之上,这可能会与 Docker 产生冲突。
当 firewalld 启动或者重启的时候,将会从 iptables 中移除 DOCKER 的规则,从而影响了 Docker 的正常工作。
当你使用的是 Systemd 的时候, firewalld 会在 Docker 之前启动,但是如果你在 Docker 启动之后再启动 或者重启 firewalld ,你就需要重启 Docker 进程了。
重启docker服务及可重新生成自定义链DOCKER
解决:
systemctl restart docker
docker start 容器名Summarize:
1. Before operating the system, be sure to take a snapshot
2. Before operating dangerous commands, be sure to make a backup
3. After updating the operating system, in order to better use the new system, you can selectively restart the server when the business is not busy to load new services and kernels.
Welcome everyone to follow my official account, learn knowledge about operation and maintenance, security, and development together, work hard together, and make progress together.