Docker-compose Error : cannot restrict inter-container communication
Docker-compose Error : cannot restrict inter-container communication
我正在尝试使用 docker stack deploy 命令 运行 我的应用程序服务。使用此命令我得到以下错误:
"starting container failed: error creating external connectivity network: cannot restrict inter-container communication: please ensure that br_netfilter kernel module is loaded"
Docker-我的服务的组合文件如下,它只包含一个服务:
version: '3.1'
services:
app_service:
image: app-image:latest
但是如果我尝试 运行 使用简单的 docker run app-image:latest 这项服务,那么它 运行 是正确的。这可能是什么问题?
以下是 docker info 的输出:
Containers: 44
Running: 0
Paused: 0
Stopped: 44
Images: 11
Server Version: 18.06.0-ce
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: ifx6qbtt8ylkxqxgjbk67rc6e
Is Manager: true
ClusterID: p8s73udo6dq4ivm95frfrfb4f
Managers: 1
Nodes: 1
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 10.10.140.7
Manager Addresses:
10.10.140.7:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d64c661f1d51c48782c9cec8fda7604785f93587
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-131-generic
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 8GiB
Name: RNI-PD-CT06
ID: UEG4:OVFJ:G55V:KIR4:QJD2:LQUJ:DVLQ:WKJY:AKQB:MKSO:Z4ZN:UF56
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 38
Goroutines: 161
System Time: 2018-08-20T12:25:06.808731767Z
EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
根据警告消息,bridge-nf-call-iptables 已禁用,下面的 运行 代码可解决该警告:
sudo sysctl net.bridge.bridge-nf-call-iptables=1
sudo sysctl net.bridge.bridge-nf-call-ip6tables=1
此外,确保 br_netfilter 模块已启用,执行下面的 运行 命令并确保 br_netfilter 列在 linux.kernel_modules:
lxc profile show docker
如果未列出,复制 linux.kernel_modules 中列出的所有值并将 ,br_netfilter 添加到复制值的末尾,而不是将所有值放在下面的命令中而不是 <[COPIED_LIST]>:
lxc profile set docker linux.kernel_modules <[COPIED_LIST]>
您需要添加网络以实现docker
之间的互通
You will need to add this tag -> network: dockerNetwork
然后是
services:
app_service:
image: app-image:latest
network: dockerNetwork
app_service2:
image: app-image2:latest
network: dockerNetwork
network: dockerNetwork
我正在尝试使用 docker stack deploy 命令 运行 我的应用程序服务。使用此命令我得到以下错误:
"starting container failed: error creating external connectivity network: cannot restrict inter-container communication: please ensure that br_netfilter kernel module is loaded"
Docker-我的服务的组合文件如下,它只包含一个服务:
version: '3.1'
services:
app_service:
image: app-image:latest
但是如果我尝试 运行 使用简单的 docker run app-image:latest 这项服务,那么它 运行 是正确的。这可能是什么问题?
以下是 docker info 的输出:
Containers: 44
Running: 0
Paused: 0
Stopped: 44
Images: 11
Server Version: 18.06.0-ce
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: ifx6qbtt8ylkxqxgjbk67rc6e
Is Manager: true
ClusterID: p8s73udo6dq4ivm95frfrfb4f
Managers: 1
Nodes: 1
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 10.10.140.7
Manager Addresses:
10.10.140.7:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d64c661f1d51c48782c9cec8fda7604785f93587
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-131-generic
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 8GiB
Name: RNI-PD-CT06
ID: UEG4:OVFJ:G55V:KIR4:QJD2:LQUJ:DVLQ:WKJY:AKQB:MKSO:Z4ZN:UF56
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 38
Goroutines: 161
System Time: 2018-08-20T12:25:06.808731767Z
EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
根据警告消息,bridge-nf-call-iptables 已禁用,下面的 运行 代码可解决该警告:
sudo sysctl net.bridge.bridge-nf-call-iptables=1
sudo sysctl net.bridge.bridge-nf-call-ip6tables=1
此外,确保 br_netfilter 模块已启用,执行下面的 运行 命令并确保 br_netfilter 列在 linux.kernel_modules:
lxc profile show docker
如果未列出,复制 linux.kernel_modules 中列出的所有值并将 ,br_netfilter 添加到复制值的末尾,而不是将所有值放在下面的命令中而不是 <[COPIED_LIST]>:
lxc profile set docker linux.kernel_modules <[COPIED_LIST]>
您需要添加网络以实现docker
之间的互通You will need to add this tag -> network: dockerNetwork
然后是
services:
app_service:
image: app-image:latest
network: dockerNetwork
app_service2:
image: app-image2:latest
network: dockerNetwork
network: dockerNetwork