Docker 升级1.2

原创
2017/01/20 09:50
阅读数 207

原先一直用docker 1.10,用这个版本的原因是遇到了这个问题:

ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule exist in that chain?).

 就是因为你用的防火墙是firewall.

而问题的原因是这个:

firewalld uses iptables and IPtables rules under the hood, but the way it "works" is with different "zones", with different levels of access (as I understand, different sets of iptables rules for each "zone").

(国外牛人说的)

也就是这样。但是由于最近公司数据被黑了,没法只能选择上firewall了。所以我只能讲iptables卸载了。

下面讲两个问题:1.如何升级  2.如何解决docker在iptables上遇到的上面按个bug。

1.docker 版本升级

1.1设定Yum

docker缺省的Yum库使用的是main,基本上是稳定的版本。目前该版本为1.10。而在centos上安装只需要设定为experimental。将其baseurl设定为https://yum.dockerproject.org/repo/experimental/centos/7/即可。以后升到1.99估计也可以用同样的花招抢先试用吧。以下为设定方式:

cat > /etc/yum.repos.d/docker.repo 
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/experimental/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg

1.2确认旧的docker相关的组件并删除

你的机器上一定有用centos简易安装方式yum install docker安装的各种docker组件。安装1.12之前先把它们删掉吧,不然后面有可能还是会提示你删除的。

[root@host32 ~]# rpm -qa |grep docker
docker-selinux-1.10.3-44.el7.centos.x86_64
docker-common-1.10.3-44.el7.centos.x86_64
docker-forward-journald-1.10.3-44.el7.centos.x86_64
docker-1.10.3-44.el7.centos.x86_64
[root@host32 ~]#
[root@host32 ~]# yum -y remove docker-selinux-1.10.3-44.el7.centos.x86_64
[root@host32 ~]# yum -y remove docker-common-1.10.3-44.el7.centos.x86_64
[root@host32 ~]# yum -y remove docker-forward-journald-1.10.3-44.el7.centos.x86_64
[root@host32 ~]# yum -y remove docker-1.10.3-44.el7.centos.x86_64

1.3安装docker-engine

安装命令:yum -y install docker-engine

这一步可能遇到的问题:

Error: docker-engine-selinux conflicts with 2:container-selinux?

解决方案:(来自stackover)

I had the same problem, and managed to solve it. What I did:

Look for a previous CentOs native docker install remnant and remove it:

[root@here ~]# rpm -aq | grep docker
docker-common-1.10.3-59.el7.centos.x86_64
[root@here ~]# yum remove docker*
That was not enough though

Look for that container-selinux and remove it too:

[root@here ~]# rpm -qa | grep container-selinux
container-selinux-1.10.3-59.el7.centos.x86_64
First make sure it is not used by anything else (I had a doubt, I chose to play safe)

[root@here ~]# rpm -q --whatrequires container-selinux-1.10.3-59.el7.centos.x86_64
no package requires container-selinux-1.10.3-59.el7.centos.x86_64
[root@here ~]# yum remove container-selinux

 

2.如何解决docker在iptables上遇到 iptable chain

2.1  建议直接升级

2.2 docker git官网 issue中提到了解决方案:https://github.com/docker/docker/issues/16137

 

 

 

 

 

展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部