Docker 升級1.2

原先一直用docker 1.10，用這個版本的緣由是遇到了這個問題：

ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule exist in that chain?).

 就是由於你用的防火牆是firewall.

而問題的緣由是這個：

firewalld uses iptables and IPtables rules under the hood, but the way it "works" is with different "zones", with different levels of access (as I understand, different sets of iptables rules for each "zone").

（國外牛人說的）

也就是這樣。可是因爲最近公司數據被黑了，無法只能選擇上firewall了。因此我只能講iptables卸載了。

下面講兩個問題：1.如何升級  2.如何解決docker在iptables上遇到的上面按個bug。

1.docker 版本升級

1.1設定Yum

docker缺省的Yum庫使用的是main，基本上是穩定的版本。目前該版本爲1.10。而在centos上安裝只須要設定爲experimental。將其baseurl設定爲https://yum.dockerproject.org/repo/experimental/centos/7/便可。之後升到1.99估計也能夠用一樣的花招搶先試用吧。如下爲設定方式：

cat > /etc/yum.repos.d/docker.repo 
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/experimental/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg

1.2確認舊的docker相關的組件並刪除

你的機器上必定有用centos簡易安裝方式yum install docker安裝的各類docker組件。安裝1.12以前先把它們刪掉吧，否則後面有可能仍是會提示你刪除的。

[root@host32 ~]# rpm -qa |grep docker
docker-selinux-1.10.3-44.el7.centos.x86_64
docker-common-1.10.3-44.el7.centos.x86_64
docker-forward-journald-1.10.3-44.el7.centos.x86_64
docker-1.10.3-44.el7.centos.x86_64
[root@host32 ~]#
[root@host32 ~]# yum -y remove docker-selinux-1.10.3-44.el7.centos.x86_64
[root@host32 ~]# yum -y remove docker-common-1.10.3-44.el7.centos.x86_64
[root@host32 ~]# yum -y remove docker-forward-journald-1.10.3-44.el7.centos.x86_64
[root@host32 ~]# yum -y remove docker-1.10.3-44.el7.centos.x86_64

1.3安裝docker-engine

安裝命令：yum -y install docker-engine

這一步可能遇到的問題:

Error: docker-engine-selinux conflicts with 2:container-selinux?

解決方案：（來自stackover）

I had the same problem, and managed to solve it. What I did:

Look for a previous CentOs native docker install remnant and remove it:

[root@here ~]# rpm -aq | grep docker
docker-common-1.10.3-59.el7.centos.x86_64
[root@here ~]# yum remove docker*
That was not enough though

Look for that container-selinux and remove it too:

[root@here ~]# rpm -qa | grep container-selinux
container-selinux-1.10.3-59.el7.centos.x86_64
First make sure it is not used by anything else (I had a doubt, I chose to play safe)

[root@here ~]# rpm -q --whatrequires container-selinux-1.10.3-59.el7.centos.x86_64
no package requires container-selinux-1.10.3-59.el7.centos.x86_64
[root@here ~]# yum remove container-selinux

 

2.如何解決docker在iptables上遇到 iptable chain

2.1  建議直接升級

2.2 docker git官網 issue中提到了解決方案：https://github.com/docker/docker/issues/16137