Debian 下docker 开启远程api失败

32421312

                      系统版本：
    Debian 8.3

问题： Debian下增加dcoker的远程api，始终不能打开网络端口。

过程：
修改/etc/default/docker 增加一行
     DOCKER_OPTS="-H 0.0.0.0:2376 -H unix:///var/run/docker.sock"
重启docker：
     service docker restart

查看端口是否打开：
     lsof -i:2376  没有任何返回。

查看日志：

Mar 28 12:44:32 docker1 docker[3491]: time="2016-03-28T12:44:32.665294330-04:00" level=info msg="[graphdriver] using prior storage driver \"aufs\""
Mar 28 12:44:32 docker1 docker[3491]: time="2016-03-28T12:44:32.667332848-04:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Mar 28 12:44:32 docker1 docker[3491]: time="2016-03-28T12:44:32.673179732-04:00" level=info msg="Firewalld running: false"
Mar 28 12:44:34 docker1 docker[3491]: time="2016-03-28T12:44:34.908750963-04:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.035544113-04:00" level=warning msg="Your kernel does not support cgroup memory limit: mountpoint for memory not found"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.035820306-04:00" level=warning msg="Your kernel does not support cgroup cfs period"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.035864016-04:00" level=warning msg="Your kernel does not support cgroup cfs quotas"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.037271326-04:00" level=info msg="Loading containers: start."
Mar 28 12:44:36 docker1 docker[3491]: .
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.039178384-04:00" level=info msg="Loading containers: done."
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.039227903-04:00" level=info msg="Daemon has completed initialization"
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.039262276-04:00" level=info msg="Docker daemon" commit=20f81dd execdriver=native-0.2 graphdriver=aufs version=1.10.3
Mar 28 12:44:36 docker1 docker[3491]: time="2016-03-28T12:44:36.059353006-04:00" level=info msg="API listen on /var/run/docker.sock"
可见没有报任何错误，只是打开了/var/run/docker.sock，没有打开2376端口。
接着排查问题
root@docker1:/var/log# /etc/init.d/docker stop
[ ok ] Stopping docker (via systemctl): docker.service.
root@docker1:/var/log# ps -ef |grep docker
avahi      484     1  0 07:23 ?        00:00:00 avahi-daemon: running
root      3723  2314  0 12:53 pts/1    00:00:00 grep docker
root@docker1:/var/log# bash -x /etc/init.d/docker start
+ set -e
+ export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ BASE=docker
。。。。。。省略一部分
+ . /lib/lsb/init-functions
+++ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
++ for hook in '$(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)'
++ '[' -r /lib/lsb/init-functions.d/20-left-info-blocks ']'
++ . /lib/lsb/init-functions.d/20-left-info-blocks
++ for hook in '$(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)'
++ '[' -r /lib/lsb/init-functions.d/40-systemd ']'
++ . /lib/lsb/init-functions.d/40-systemd
+++ _use_systemctl=0
。。。。。。省略一部分
+++ '[' xstart = xstart -o xstart = xstop -o xstart = xrestart -o xstart = xreload -o xstart = xforce-reload -o xstart = xstatus ']'
+++ systemctl_redirect /etc/init.d/docker start
+++ log_daemon_msg 'Starting docker (via systemctl)' docker.service

+++ '[' -z 'Starting docker (via systemctl)' ']'
+++ log_daemon_msg_pre 'Starting docker (via systemctl)' docker.service
。。。。。。省略一部分

[....] +++ '[' -z docker.service ']'

+++ echo -n 'Starting docker (via systemctl): docker.service'
Starting docker (via systemctl): docker.service+++ log_daemon_msg_post 'Starting docker (via systemctl)' docker.service
。。。。。。省略
看到这儿的时候明白了吧，还没没有执行到下面的start模块呢，服务就被systemctl服务接管了，设置的参数就不会生效了。
看一下docker：
root@docker1:/var/log# ps -ef |grep docker
avahi      484     1  0 07:23 ?        00:00:00 avahi-daemon: running
root      3741     1  0 12:56 ?        00:00:00 /usr/bin/docker daemon -H fd://
root      3816  2314  0 13:03 pts/1    00:00:00 grep docker
确实没有加载DOCKER_OPTS参数：
简单的做一下设置，把40-systemd这个脚本移动一下
root@docker1:/var/log# /etc/init.d/docker stop
root@docker1:/var/log# mv /lib/lsb/init-functions.d/40-systemd /lib/lsb/
启动docker
Starting Docker: dockerroot@docker1:/var/log# /etc/init.d/docker start
查看一下
root@docker1:/var/log# ps -ef |grep docker
avahi      484     1  0 07:23 ?        00:00:00 avahi-daemon: running [docker1.local]
root      3970     1  0 13:06 ?        00:00:00 /usr/bin/docker daemon -p /var/run/docker.pid -H docker1.y7tech.cn:2376 -H unix:///var/run/docker.sock
root      4080  2314  0 13:07 pts/1    00:00:00 grep docker
root@docker1:/var/log# lsof -i:2376
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
docker  3970 root    6u  IPv4  20313      0t0  TCP docker1.y7tech.cn:2376 (LISTEN)

哈哈，看到了吧，端口开启了......接下来远程调用一下
root@docker2:/etc# docker -H  docker1.y7tech.cn:2376  images
REPOSITORY                    TAG                 IMAGE ID            CREATED                  SIZE
192.168.12.138:5000/mongodb   v1.0                a9e3f0081258        Less than a second ago   408.8 MB
debian                        latest              f50f9524513f        3 weeks ago              125.1 MB

再看看本地是否正常
mqfeng@docker1:~$ docker ps
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Oh，Mygod，本地出现问题了。
我们能够看到/var/run/docker.socket 确实存在了。
mqfeng@docker1:~$ docker -H unix:///var/run/docker.sock images
REPOSITORY             TAG    IMAGE ID     CREATED         SIZE
192.168.12.138:5000/mongodb  v1.0  a9e3f0081258  7 hours ago      408.8 MB
debian               latest  f50f9524513f  3 weeks ago      125.1 MB
这样执行命令太笨了......查看一下docker的帮助，看看有没有什么好的方法没有。

daemon字段编辑本地配置文件：
/etc/profile ,添加变量
export DOCKER_HOST=tcp://docker1.y7tech.cn:2376
或者：
export DOCKER_HOST=unix:///var/run/docker.sock
mqfeng@docker1:~$ docker ps -a
CONTAINER ID      IMAGE    COMMAND     CREATED   STATUS    PORTS     NAMES

OK!正常了。