Centos docker服务启动失败 A dependency job for docker.service failed
在Centos上安装docker后需要手动启动docker服务,但是启动时报如下错误
$ systemctl enable docker && systemctl start docker
A dependency job for docker.service failed. See 'journalctl -xe' for details.
执行 journalctl -xe后结果如下
$ journalctl -xe
1月 24 02:25:45 localhost.localdomain yum[18753]: 2:postfix-2.10.1-7.el7.x86_64: 100
1月 24 02:25:45 localhost.localdomain yum[18753]: fontconfig-2.13.0-4.3.el7.x86_64: 100
1月 24 02:26:12 localhost.localdomain polkitd[6691]: Registered Authentication Agent for unix-process:18768:232871247 (system bus na
1月 24 02:26:12 localhost.localdomain systemd[1]: Reloading.
1月 24 02:26:12 localhost.localdomain polkitd[6691]: Unregistered Authentication Agent for unix-process:18768:232871247 (system bus
1月 24 02:26:12 localhost.localdomain polkitd[6691]: Registered Authentication Agent for unix-process:18787:232871256 (system bus na
1月 24 02:26:12 localhost.localdomain systemd[1]: Starting Docker Socket for the API.
-- Subject: Unit docker.socket has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.socket has begun starting up.
1月 24 02:26:12 localhost.localdomain systemd[18793]: Failed to chown socket at step GROUP: No such process
1月 24 02:26:12 localhost.localdomain systemd[1]: docker.socket control process exited, code=exited status=216
1月 24 02:26:12 localhost.localdomain systemd[1]: Failed to listen on Docker Socket for the API.
-- Subject: Unit docker.socket has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.socket has failed.
--
-- The result is failed.
1月 24 02:26:12 localhost.localdomain systemd[1]: Dependency failed for Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is dependency.
1月 24 02:26:12 localhost.localdomain systemd[1]: Job docker.service/start failed with result 'dependency'.
1月 24 02:26:12 localhost.localdomain systemd[1]: Unit docker.socket entered failed state.
1月 24 02:26:12 localhost.localdomain polkitd[6691]: Unregistered Authentication Agent for unix-process:18787:232871256 (system bus
解决方案:添加docker组
$ groupadd docker
groupadd:无法打开 /etc/group
这里涉及到一个知识点就是文件隐藏属性,使用lsattr查看文件隐藏属性
$ lsattr /etc/group
----i--------e-- /etc/group
$ lsattr lsattr /etc/gshadow
----i--------e-- /etc/gshadow
这里的i属性表示文件不能被删除、改名,也不能写入或添加数据,所以需要先去掉i属性
$ chattr -i /etc/gshadow
$ chattr -i /etc/group
然后添加docker组,并启动docker服务,systemctl enable docker是为了设置开机启动docker服务
$ groupadd docker
$ systemctl enable docker && systemctl start docker
做过基线的同学应该知道,为了安全起见,最好还是把i属性加回来
$ chattr +i /etc/gshadow
$ chattr +i /etc/group
参考
