Docker在一段時(shí)間不用后無(wú)法啟動(dòng)怎么回事

這篇文章給大家分享的是有關(guān)Docker在一段時(shí)間不用后無(wú)法啟動(dòng)怎么回事的內(nèi)容。小編覺(jué)得挺實(shí)用的，因此分享給大家做個(gè)參考，一起跟隨小編過(guò)來(lái)看看吧。

docker1.12版本剛出的時(shí)候，自己建了個(gè)虛擬機(jī)安裝實(shí)驗(yàn)了下內(nèi)置的swarm模式的新特性，后來(lái)這個(gè)虛擬機(jī)就一直沒(méi)用。今天在打開(kāi)這個(gè)虛擬機(jī)時(shí)，發(fā)現(xiàn)docker服務(wù)無(wú)法啟動(dòng)了，具體現(xiàn)象如下：

[root@node1 /]# service docker start
Redirecting to /bin/systemctl start  docker.service
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.

查看詳細(xì)的信息

[root@node1 /]# systemctl status docker.service -l
* docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 六 2017-01-07 20:19:22 CST; 56s ago
     Docs: https://docs.docker.com
  Process: 2707 ExecStart=/usr/bin/dockerd (code=exited, status=1/FAILURE)
 Main PID: 2707 (code=exited, status=1/FAILURE)

1月 07 20:19:21 node1 dockerd[2707]: time="2017-01-07T20:19:21.941128813+08:00" level=warning msg="mountpoint for pids not found"
1月 07 20:19:21 node1 dockerd[2707]: time="2017-01-07T20:19:21.941923814+08:00" level=info msg="Loading containers: start."
1月 07 20:19:21 node1 dockerd[2707]: ...time="2017-01-07T20:19:21.966308550+08:00" level=info msg="Firewalld running: false"
1月 07 20:19:22 node1 dockerd[2707]: time="2017-01-07T20:19:22.458578104+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
1月 07 20:19:22 node1 dockerd[2707]: time="2017-01-07T20:19:22.572281786+08:00" level=info msg="Loading containers: done."
1月 07 20:19:22 node1 dockerd[2707]: time="2017-01-07T20:19:22.635556518+08:00" level=fatal msg="Error creating cluster component: error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid"
1月 07 20:19:22 node1 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
1月 07 20:19:22 node1 systemd[1]: Failed to start Docker Application Container Engine.
1月 07 20:19:22 node1 systemd[1]: Unit docker.service entered failed state.
1月 07 20:19:22 node1 systemd[1]: docker.service failed.

其中有一條錯(cuò)誤信息，大致意思是swarm-mode.crt證書(shū)已經(jīng)過(guò)期或無(wú)效。

error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid

查詢docker的issue里，是有一條24132號(hào)關(guān)于這個(gè)問(wèn)題的討論的：

Swarm certificates automatically renew and have 90 day expiry period by default. Still, if you don't start the daemon during that time the certificates will expire and starting daemon will fail with time="2016-06-29T17:18:06.165656736Z" level=fatal msg="Error creating cluster component: error while loading TLS Certificate in /var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid"

I think refusing to start and not ignoring this error is correct. We could provide --reset-swarm option to leave swarm so the user doesn't need to remove the state dir manually. Problem is that user must remember to remove this option as otherwise, it would clear the state on every next restart as well.

Maybe a good enough solution would be to add instructions for removing the state directory in the error message.

swarm的證書(shū)默認(rèn)是有90天的有效期，如果在有效期內(nèi)，可以通過(guò)自動(dòng)續(xù)期的機(jī)制更新證書(shū)，但是如果長(zhǎng)時(shí)間沒(méi)有啟動(dòng)服務(wù)器，超過(guò)了有效期，那docker將無(wú)法啟動(dòng)。

針對(duì)這個(gè)問(wèn)題，我們可以先將/var/lib/docker/swarm目錄刪除或更名，docker就可以正常啟動(dòng)了。 

感謝各位的閱讀！關(guān)于“Docker在一段時(shí)間不用后無(wú)法啟動(dòng)怎么回事”這篇文章就分享到這里了，希望以上內(nèi)容可以對(duì)大家有一定的幫助，讓大家可以學(xué)到更多知識(shí)，如果覺(jué)得文章不錯(cuò)，可以把它分享出去讓更多的人看到吧！