centos 7.2安装 docker 20.10.8 bug

bug描述

在centos 7.2上安装docker 20.10.8之后，当容器以桥接模式启动时，容器内无法和宿主机通信，但对容器所属于的网卡就行抓包就能通，一但断开转包过程就再次不能通信，另外将容器所属网桥设置为混杂模式（详见设置网卡为混杂模式）也可以通信。

日志及网桥异常状态

启动桥接容器后，/var/log/messages日志输出如下

Mar  2 04:54:41 localhost kernel: XFS (dm-2): Mounting V4 Filesystem
Mar  2 04:54:41 localhost kernel: XFS (dm-2): Ending clean mount
Mar  2 04:54:41 localhost kernel: device veth1cdbb12 entered promiscuous mode
Mar  2 04:54:41 localhost kernel: IPv6: ADDRCONF(NETDEV_UP): veth1cdbb12: link is not ready
Mar  2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state
Mar  2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state
Mar  2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered disabled state
Mar  2 04:54:41 localhost NetworkManager[1391]: <warn>  (vethdbc0acb): failed to find device 6 'vethdbc0acb' with udev
Mar  2 04:54:41 localhost NetworkManager[1391]: <info>  (vethdbc0acb): new Veth device (carrier: OFF,driver: 'veth',ifindex: 6)
Mar  2 04:54:41 localhost NetworkManager[1391]: <warn>  (veth1cdbb12): failed to find device 7 'veth1cdbb12' with udev
Mar  2 04:54:41 localhost NetworkManager[1391]: <info>  (veth1cdbb12): new Veth device (carrier: OFF,ifindex: 7)
Mar  2 04:54:41 localhost NetworkManager[1391]: <info>  (docker0): bridge port veth1cdbb12 was attached
Mar  2 04:54:41 localhost NetworkManager[1391]: <info>  (veth1cdbb12): enslaved to docker0
Mar  2 04:54:41 localhost containerd: time="2023-03-02T04:54:41.458847623-05:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
Mar  2 04:54:41 localhost containerd: time="2023-03-02T04:54:41.459116859-05:00" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
Mar  2 04:54:41 localhost containerd: time="2023-03-02T04:54:41.459128511-05:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
Mar  2 04:54:41 localhost containerd: time="2023-03-02T04:54:41.459818126-05:00" level=info msg="starting signal loop" namespace=moby path=/run/containerd/io.containerd.runtime.v2.task/moby/28978352c9e92666643d11ef36c7ecc777688ed7f2e712effb8c5d52066a8106 pid=39502 runtime=io.containerd.runc.v2
Mar  2 04:54:41 localhost kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth1cdbb12: link becomes ready
Mar  2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state
Mar  2 04:54:41 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state
Mar  2 04:54:41 localhost NetworkManager[1391]: <warn>  (vethdbc0acb): failed to disable userspace IPv6LL address handling
Mar  2 04:54:41 localhost NetworkManager[1391]: <info>  (veth1cdbb12): link connected
Mar  2 04:54:41 localhost NetworkManager[1391]: <info>  (docker0): link connected
Mar  2 04:54:56 localhost kernel: docker0: port 1(veth1cdbb12) entered forwarding state

同时日志中还有如下错误输出

grep -i error /var/log/messages 
Mar  1 13:39:48 localhost kdumpctl: cat: write error: Broken pipe
Mar  2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.870815908-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.aufs\"..." error="aufs is not supported (modprobe aufs failed: exit status 1 \"modprobe: FATAL: Module aufs not found.\\n\"): skip plugin" type=io.containerd.snapshotter.v1
Mar  2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871247821-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." error="path /var/lib/containerd/io.containerd.snapshotter.v1.btrfs (xfs) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Mar  2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871274310-05:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
Mar  2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871558562-05:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.overlayfs" error="/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs does not support d_type. If the backing filesystem is xfs,please reformat with ftype=1 to enable d_type support"
Mar  2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871690896-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.zfs\"..." error="path /var/lib/containerd/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Mar  2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871770722-05:00" level=warning msg="could not use snapshotter overlayfs in metadata plugin" error="/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs does not support d_type. If the backing filesystem is xfs,please reformat with ftype=1 to enable d_type support"
Mar  2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.871783462-05:00" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
Mar  2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.876502869-05:00" level=info msg="skip loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." error="no OpenTelemetry endpoint: skip plugin" type=io.containerd.tracing.processor.v1
Mar  2 04:42:26 localhost containerd: time="2023-03-02T04:42:26.876701982-05:00" level=error msg="failed to initialize a tracing processor \"otlp\"" error="no OpenTelemetry endpoint: skip plugin"
Mar  2 04:42:27 localhost dockerd: time="2023-03-02T04:42:27.439907986-05:00" level=error msg="AUFS was not found in /proc/filesystems" storage-driver=aufs
Mar  2 04:46:07 localhost dockerd: time="2023-03-02T04:46:07.473429755-05:00" level=error msg="Not continuing with pull after error: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"
Mar  2 04:46:07 localhost dockerd: time="2023-03-02T04:46:07.473962046-05:00" level=info msg="Ignoring extra error returned from registry: unauthorized: authentication required"
Mar  2 04:48:12 localhost dockerd: time="2023-03-02T04:48:12.027715229-05:00" level=error msg="Handler for POST /v1.41/exec/16143c26b68176b620c7e384c121aade56ea9fd4b173f3ce72b85b9cd3587ee8/resize returned error: cannot resize a stopped container: unknown"
Mar  2 04:52:06 localhost dockerd: time="2023-03-02T04:52:06.729633556-05:00" level=error msg="Handler for POST /v1.41/exec/6b4854288f70e8498c7168125f6019491fc46430425f6fe45264c9fa90cef8c3/resize returned error: cannot resize a stopped container: unknown"
Mar  2 04:56:35 localhost dockerd: time="2023-03-02T04:56:35.534241558-05:00" level=error msg="Handler for POST /v1.41/exec/871f2bd90b1426cd27842bb5b7ceed228de2fb422ac465676f3ec1c4818de758/resize returned error: cannot resize a stopped container: unknown"
Mar  2 04:58:25 localhost dockerd: time="2023-03-02T04:58:25.093055150-05:00" level=error msg="Handler for POST /v1.41/exec/92a4600e4d6a575d33308e008527f84e701a188bdba34c3816985927eefbc8ff/resize returned error: cannot resize a stopped container: unknown"
Mar  2 04:59:36 localhost dockerd: time="2023-03-02T04:59:36.536096175-05:00" level=error msg="Handler for POST /v1.41/exec/e81ea8430445bf5405d53c85c6b25942ed1521ad22c268728cd47465ebff04d8/resize returned error: cannot resize a stopped container: unknown"
Mar  2 05:20:14 localhost containerd: time="2023-03-02T05:20:14.757229300-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:20:14-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=41049 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:20:14-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/502bb8ef956d5cefd0d435ddbaaf1e725804cfc579497c71802d87d045b04a8f/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar  2 05:20:14 localhost containerd: time="2023-03-02T05:20:14.757475658-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar  2 05:20:14 localhost dockerd: time="2023-03-02T05:20:14.762421522-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar  2 05:20:14 localhost dockerd: time="2023-03-02T05:20:14.785373087-05:00" level=error msg="502bb8ef956d5cefd0d435ddbaaf1e725804cfc579497c71802d87d045b04a8f cleanup: failed to delete container from containerd: no such container"
Mar  2 05:20:14 localhost dockerd: time="2023-03-02T05:20:14.785417009-05:00" level=error msg="Handler for POST /v1.41/containers/502bb8ef956d5cefd0d435ddbaaf1e725804cfc579497c71802d87d045b04a8f/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/502bb8ef956d5cefd0d435ddbaaf1e725804cfc579497c71802d87d045b04a8f/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar  2 05:20:55 localhost containerd: time="2023-03-02T05:20:55.496728224-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:20:55-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=41248 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:20:55-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar  2 05:20:55 localhost containerd: time="2023-03-02T05:20:55.497195930-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar  2 05:20:55 localhost dockerd: time="2023-03-02T05:20:55.502064990-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar  2 05:20:55 localhost dockerd: time="2023-03-02T05:20:55.516072218-05:00" level=error msg="49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b cleanup: failed to delete container from containerd: no such container"
Mar  2 05:20:55 localhost dockerd: time="2023-03-02T05:20:55.516103420-05:00" level=error msg="Handler for POST /v1.41/containers/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar  2 05:23:23 localhost containerd: time="2023-03-02T05:23:23.007207667-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:23:23-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=41562 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:23:23-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar  2 05:23:23 localhost containerd: time="2023-03-02T05:23:23.007422945-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar  2 05:23:23 localhost dockerd: time="2023-03-02T05:23:23.012157942-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar  2 05:23:23 localhost dockerd: time="2023-03-02T05:23:23.026402998-05:00" level=error msg="49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b cleanup: failed to delete container from containerd: no such container"
Mar  2 05:23:23 localhost dockerd: time="2023-03-02T05:23:23.026432533-05:00" level=error msg="Handler for POST /v1.41/containers/test/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar  2 05:26:22 localhost containerd: time="2023-03-02T05:26:22.232994047-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:26:22-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=41799 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:26:22-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar  2 05:26:22 localhost containerd: time="2023-03-02T05:26:22.233341092-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar  2 05:26:22 localhost dockerd: time="2023-03-02T05:26:22.238256234-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar  2 05:26:22 localhost dockerd: time="2023-03-02T05:26:22.252904462-05:00" level=error msg="49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b cleanup: failed to delete container from containerd: no such container"
Mar  2 05:26:22 localhost dockerd: time="2023-03-02T05:26:22.252936120-05:00" level=error msg="Handler for POST /v1.41/containers/test/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/49e8dad3e9cc779d6bf9c7b255252e9eaf485685f4bf43f108896d77f7f1f17b/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar  2 05:27:34 localhost containerd: time="2023-03-02T05:27:34.323601724-05:00" level=warning msg="cleanup warnings time=\"2023-03-02T05:27:34-05:00\" level=info msg=\"starting signal loop\" namespace=moby pid=42016 runtime=io.containerd.runc.v2\ntime=\"2023-03-02T05:27:34-05:00\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/moby/488f708db137ec6ed2b95e2f588fa1c49b69c8a9599e8dd2402bf92152d98796/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n"
Mar  2 05:27:34 localhost containerd: time="2023-03-02T05:27:34.324504278-05:00" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed"
Mar  2 05:27:34 localhost dockerd: time="2023-03-02T05:27:34.328439462-05:00" level=error msg="stream copy error: reading from a closed fifo"
Mar  2 05:27:34 localhost dockerd: time="2023-03-02T05:27:34.347478706-05:00" level=error msg="488f708db137ec6ed2b95e2f588fa1c49b69c8a9599e8dd2402bf92152d98796 cleanup: failed to delete container from containerd: no such container"
Mar  2 05:27:34 localhost dockerd: time="2023-03-02T05:27:34.347516336-05:00" level=error msg="Handler for POST /v1.41/containers/488f708db137ec6ed2b95e2f588fa1c49b69c8a9599e8dd2402bf92152d98796/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting \"/var/lib/docker/containers/488f708db137ec6ed2b95e2f588fa1c49b69c8a9599e8dd2402bf92152d98796/resolv.conf\" to rootfs at \"/etc/resolv.conf\": possibly malicious path detected -- refusing to operate on /etc/resolv.conf: unknown"
Mar  2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.690545380-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.aufs\"..." error="aufs is not supported (modprobe aufs failed: exit status 1 \"modprobe: FATAL: Module aufs not found.\\n\"): skip plugin" type=io.containerd.snapshotter.v1
Mar  2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.693635675-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." error="path /var/lib/containerd/io.containerd.snapshotter.v1.btrfs (xfs) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Mar  2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.695812844-05:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
Mar  2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.698532981-05:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.overlayfs" error="/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs does not support d_type. If the backing filesystem is xfs,please reformat with ftype=1 to enable d_type support"
Mar  2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.699095856-05:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.zfs\"..." error="path /var/lib/containerd/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Mar  2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.699521063-05:00" level=warning msg="could not use snapshotter overlayfs in metadata plugin" error="/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs does not support d_type. If the backing filesystem is xfs,please reformat with ftype=1 to enable d_type support"
Mar  2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.699751575-05:00" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
Mar  2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.735890472-05:00" level=info msg="skip loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." error="no OpenTelemetry endpoint: skip plugin" type=io.containerd.tracing.processor.v1
Mar  2 05:39:34 localhost containerd: time="2023-03-02T05:39:34.735927789-05:00" level=error msg="failed to initialize a tracing processor \"otlp\"" error="no OpenTelemetry endpoint: skip plugin"
Mar  2 05:39:59 localhost kdumpctl: cat: write error: Broken pipe

查看docker容器所属网桥状态

yum -y install bridge-utils

brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.000000000000	no		vethebfbfe2

解决

升级内核，参见Linux升级内核。
重启系统

reboot

原文地址：https://blog.csdn.net/weixin_40548182/article/details/129296489

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。