Docker после обновления до 21.04 работает в /run/docker.sock

Question 1

После обновления Ubuntu до 21.04 с 20.10 docker, похоже, работает в:

/run/docker.sock

но клиент docker ищет его в:

/var/run/docker.sock

Как я могу это исправить?

Немного подробнее, выполнив команду docker, я получаю:

$ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Но служба docker, похоже, работает с сокетом docker в другом месте (из var):

$ sudo systemctl status docker
● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2021-05-17 10:14:49 CEST; 5s ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 10163 (dockerd)
      Tasks: 18
     Memory: 40.5M
     CGroup: /system.slice/docker.service
             └─10163 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

may 17 10:14:49 xps-laptop dockerd[10163]: time="2021-05-17T10:14:49.599580310+02:00" level=warning msg="Your kernel does not support CPU realtime scheduler"
may 17 10:14:49 xps-laptop dockerd[10163]: time="2021-05-17T10:14:49.599624934+02:00" level=warning msg="Your kernel does not support cgroup blkio weight"
may 17 10:14:49 xps-laptop dockerd[10163]: time="2021-05-17T10:14:49.599642841+02:00" level=warning msg="Your kernel does not support cgroup blkio weight_device"
may 17 10:14:49 xps-laptop dockerd[10163]: time="2021-05-17T10:14:49.599907138+02:00" level=info msg="Loading containers: start."
may 17 10:14:49 xps-laptop dockerd[10163]: time="2021-05-17T10:14:49.740160234+02:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be use>
may 17 10:14:49 xps-laptop dockerd[10163]: time="2021-05-17T10:14:49.838137738+02:00" level=info msg="Loading containers: done."
may 17 10:14:49 xps-laptop dockerd[10163]: time="2021-05-17T10:14:49.854381886+02:00" level=info msg="Docker daemon" commit=20.10.2-0ubuntu2 graphdriver(s)=overlay2 version=20.10.2
may 17 10:14:49 xps-laptop dockerd[10163]: time="2021-05-17T10:14:49.854462072+02:00" level=info msg="Daemon has completed initialization"
may 17 10:14:49 xps-laptop systemd[1]: Started Docker Application Container Engine.
may 17 10:14:49 xps-laptop dockerd[10163]: time="2021-05-17T10:14:49.879020578+02:00" level=info msg="API listen on /run/docker.sock"

Edit (content of /lib/systemd/system/docker. socket):

$ cat /lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

Edit 2 (содержимое /lib/systemd/system/docker.service):

$ cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
Wants=containerd.service

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target

Question 2

Сначала убедитесь, что символическая ссылка в / var / run на месте и указывает на / run (похоже, это нормально в твоем случае).

Затем попробуйте изменить оператор «ExecStart», создав конфигурацию Drop-In:

sudo mkdir -p /etc/systemd/system/docker.service.d
sudo nano /etc/systemd/system/docker.service.d/options.conf

Теперь добавьте следующее в файл /etc/systemd/system/docker.service.d/options.conf :

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H unix:// --containerd=/run/containerd/containerd.sock

Теперь перезагрузите конфигурацию systemd и перезагрузите демон докеров:

sudo systemctl daemon-reload
sudo systemctl restart docker

Если вы также хотите, чтобы демон прослушивал удаленный порт, добавьте -H tcp: //0.0.0.0: 2375 в запись «ExecStart» в /etc/systemd/system/docker.service.d/options.conf :

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H unix:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock

Однако в вашем случае оказывается, что изменение на -H unix: / / сделал свое дело.

score 1 · Accepted Answer · 28 July 2021 в 11:39