背景
RaspberryPi4にflask(Python用Webフレームワーク)を構築するためdockerを入れようとしたところハマったのでメモ。
結論
- systemdの設定ファイルを変更する
- iptables-nfsをやめてiptables-legacy(従来のiptables)を使用する
まとめたコマンド↓
$ sudo apt install docker.io
$ sudo sed --in-place=~ 's/fd:\/\//unix:\/\/\/var\/run\/docker.sock/' /lib/systemd/system/docker.service
$ sudo update-alternatives --set iphtables /usr/sbin/iptables-legacy
$ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
過程
aptでインストールするも進捗33%でコケる。
$ sudo apt install docker.io
いろいろ環境をいじって(どのようにかは忘れた)もNG。
$ sudo apt install docker.io
...
Running kernel seems to be up-to-date.
Failed to check for processor microcode upgrades.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
デーモンを手動で起動して怒られたのでログを見る
$ sudo systemctl restart docker
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
$ journalctl -xe
...
-- The job identifier is 1439.
3月 16 14:15:18 raspberrypi systemd[1]: docker.service: Start request repeated too quickly.
3月 16 14:15:18 raspberrypi systemd[1]: docker.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit docker.service has entered the 'failed' state with result 'exit-code'.
3月 16 14:15:18 raspberrypi systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: A start job for unit docker.service has failed
...
よく分かんないのでsystemdの設定ファイルを確認しつつこんな記事を発見。
14行目をコメントアウト、15行目を追加して設定のリロード。(まだデーモンは起動しない)
参考記事1
$ vim /lib/systemd/system/docker.service
...
8 [Service]
9 Type=notify
10 # the default is not to use systemd for cgroups because the delegate issues still
11 # exists and systemd currently does not support the cgroup feature set required
12 # for containers run by docker
13 EnvironmentFile=-/etc/default/docker
14 #ExecStart=/usr/sbin/dockerd -H fd:// $DOCKER_OPTS
15 ExecStart=/usr/sbin/dockerd -H unix:///var/run/docker.sock $DOCKER_OPTS
...
$ sudo systemctl daemon-reload
手動で確認。めっちゃ進んだが、まだエラー。
iptablesでエラーが出てるっぽいので、手動でiptablesのみを起動。
ん?なんか動かん。iptables変わってる?
参考記事2
このお方が絡んでるのであんまり昔のiptablesに変えたくないけど。。。
変えたくない理由
$ sudo /usr/sbin/dockerd -H unix:///var/run/docker.sock
...
INFO[2020-03-16T14:50:38.947663447+09:00] Loading containers: start.
INFO[2020-03-16T14:50:39.335799251+09:00] stopping event stream following graceful shutdown error="<nil>" module=libcontainerd namespace=moby
INFO[2020-03-16T14:50:39.336934234+09:00] stopping healthcheck following graceful shutdown module=libcontainerd
INFO[2020-03-16T14:50:39.337271358+09:00] stopping event stream following graceful shutdown error="context canceled" module=libcontainerd namespace=plugins.moby
INFO[2020-03-16T14:50:39.337955589+09:00] pickfirstBalancer: HandleSubConnStateChange: 0x492c070, TRANSIENT_FAILURE module=grpc
INFO[2020-03-16T14:50:39.338036439+09:00] pickfirstBalancer: HandleSubConnStateChange: 0x492c070, CONNECTING module=grpc
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables: Operation not supported.
(exit status 1)
$ sudo iptables -t nat -N DOCKER
iptables: Operation not supported.
$ sudo iptables --list
iptables: Operation not supported.
$ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
$ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
やっと動いた。
$ sudo systemctl restart docker
$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES