Docker(swarm mode)在一段时间不用后无法启动
2017-01-08 09:43
791 查看
docker1.12版本刚出的时候,自己建了个虚拟机安装实验了下内置的swarm模式的新特性,后来这个虚拟机就一直没用。今天在打开这个虚拟机时,发现docker服务无法启动了,具体现象如下:
查看详细的信息
其中有一条错误信息,大致意思是swarm-mode.crt证书已经过期或无效。
error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid
查询docker的issue里,是有一条24132号关于这个问题的讨论的:
Swarm certificates automatically renew and have 90 day expiry period by default. Still, if you don't start the daemon during that time the certificates will expire and starting daemon will fail with
I think refusing to start and not ignoring this error is correct. We could provide
Maybe a good enough solution would be to add instructions for removing the state directory in the error message.
swarm的证书默认是有90天的有效期,如果在有效期内,可以通过自动续期的机制更新证书,但是如果长时间没有启动服务器,超过了有效期,那docker将无法启动。
针对这个问题,我们可以先将/var/lib/docker/swarm目录删除或更名,docker就可以正常启动了。
[root@node1 /]# service docker start Redirecting to /bin/systemctl start docker.service Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
查看详细的信息
[root@node1 /]# systemctl status docker.service -l * docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since 六 2017-01-07 20:19:22 CST; 56s ago Docs: https://docs.docker.com Process: 2707 ExecStart=/usr/bin/dockerd (code=exited, status=1/FAILURE) Main PID: 2707 (code=exited, status=1/FAILURE) 1月 07 20:19:21 node1 dockerd[2707]: time="2017-01-07T20:19:21.941128813+08:00" level=warning msg="mountpoint for pids not found" 1月 07 20:19:21 node1 dockerd[2707]: time="2017-01-07T20:19:21.941923814+08:00" level=info msg="Loading containers: start." 1月 07 20:19:21 node1 dockerd[2707]: ...time="2017-01-07T20:19:21.966308550+08:00" level=info msg="Firewalld running: false" 1月 07 20:19:22 node1 dockerd[2707]: time="2017-01-07T20:19:22.458578104+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address" 1月 07 20:19:22 node1 dockerd[2707]: time="2017-01-07T20:19:22.572281786+08:00" level=info msg="Loading containers: done." 1月 07 20:19:22 node1 dockerd[2707]: time="2017-01-07T20:19:22.635556518+08:00" level=fatal msg="Error creating cluster component: error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid" 1月 07 20:19:22 node1 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE 1月 07 20:19:22 node1 systemd[1]: Failed to start Docker Application Container Engine. 1月 07 20:19:22 node1 systemd[1]: Unit docker.service entered failed state. 1月 07 20:19:22 node1 systemd[1]: docker.service failed.
其中有一条错误信息,大致意思是swarm-mode.crt证书已经过期或无效。
error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid
查询docker的issue里,是有一条24132号关于这个问题的讨论的:
Swarm certificates automatically renew and have 90 day expiry period by default. Still, if you don't start the daemon during that time the certificates will expire and starting daemon will fail with
time="2016-06-29T17:18:06.165656736Z" level=fatal msg="Error creating cluster component: error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid"
I think refusing to start and not ignoring this error is correct. We could provide
--reset-swarmoption to leave swarm so the user doesn't need to remove the state dir manually. Problem is that user must remember to remove this option as otherwise, it would clear the state on every next restart as well.
Maybe a good enough solution would be to add instructions for removing the state directory in the error message.
swarm的证书默认是有90天的有效期,如果在有效期内,可以通过自动续期的机制更新证书,但是如果长时间没有启动服务器,超过了有效期,那docker将无法启动。
针对这个问题,我们可以先将/var/lib/docker/swarm目录删除或更名,docker就可以正常启动了。
相关文章推荐
- docker容器故障致无法启动解决实例 推荐
- Bios里,把SATA Mode Selection改为AHCI无法启动
- docker 容器中 crond服务启动后 无法执行
- Docker 1.12 Swarm Mode集群实战(过渡篇)之Registry和Image
- Docker 1.12 Swarm Mode集群实战(第二章)
- 运行教学平台的主机在不用一段时间后,再次连接服务器,报告无法连接的解决办法
- Docker启动后无法连接
- hadoop启动后,长久不用,无法关闭
- docker学习笔记:修改无法启动的容器中的内容
- win10的docker-toolbox启动时检查更新失败,无法正常使用
- 启动服务器一段时间后MySQL服务进程被关闭,无法重新启动
- ubuntu中docker守护进程无法启动
- Docker 无法启动的问题解决
- docker 无法启动,报错:Unit docker.socket failed to load: No such file or directory
- jvm启动一段时间后无法使用的原因
- Docker无法启动 Could not find a free IP address range for interface 'docker0' 最方便的
- MYSQL服务无法启动:InnoDB: .\ibdata1 can't be opened in read-write mode
- Docker无法启动 Could not find a free IP address range for interface 'docker0' 最方便的解决办法
- [docker]Swarm、SwarmKit、Swarm mode 对比
- docker环境hosts配置错误导致的tomcat无法正常启动