CentOS:启动 docker 报错,iptable_nat 模块未找到

发表于 | 分类于 | 浏览

 在CentOS开发机上安装node、git、docker 等环境, 准备搞点事情。启动 docker 服务报错搞了半天~晕。网上说的方案试了一些,基本都行不通。

问题说明

  1. 执行systemctl start docker无法启动Docker服务,报错信息如下:
1
2

Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.

  1. 执行

    status docker.service```进一步查找原因,发现启动失败的原因是
    1
    2
    3
    4

    ```shell

    Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables --wait -t nat -N DOCKER: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)

  2. 分析一下,看样子是没有找到 iptable_nat,在放上看错误信息,还有一些关于 xt_conntrack 内核模块加载失败的错误信息。

  3. 试了挺多网上的方法,比如

1
2
3

modinfo iptable_nat
modprobe iptable_nat
1
2
3

sudo modprobe ip_tables
sudo echo 'ip_tables' >> /etc/modules

等等,网上的大部分方案都试过了,都没效果。。。

最后发现有个黑名单的存在,可能是模块被加入了黑名单,导致无法加载。

解决方案

CentOS 默认会禁用一些内核模块,按照下图进行修改后,重新启动即可。

修改

配置文件, 按如下进行注释
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

```conf

#
# Listing a module here prevents the hotplug scripts from loading it.
# Usually that'd be so that some other driver will bind it instead,
# no matter which driver happens to get probed first.  Sometimes user
# mode tools can also control driver binding.
#
# Syntax: see modprobe.conf(5).
#

# watchdog drivers
blacklist i8xx_tco

# framebuffer drivers
blacklist aty128fb
blacklist atyfb
blacklist radeonfb
blacklist i810fb
blacklist cirrusfb
blacklist intelfb
blacklist kyrofb
blacklist i2c-matroxfb
blacklist hgafb
blacklist nvidiafb
blacklist rivafb
blacklist savagefb
blacklist sstfb
blacklist neofb
blacklist tridentfb
blacklist tdfxfb
blacklist virgefb
blacklist vga16fb
blacklist viafb

# ISDN - see bugs 154799, 159068
blacklist hisax
blacklist hisax_fcpcipnp

# sound drivers
blacklist snd-pcsp

# I/O dynamic configuration support for s390x (bz #563228)
blacklist chsc_sch
#blacklist nf_conntrack
#blacklist nf_conntrack_ipv6
#blacklist xt_conntrack
#blacklist nf_conntrack_ftp
#blacklist xt_state
#blacklist iptable_nat
#blacklist ipt_REDIRECT
#blacklist nf_nat
#blacklist nf_conntrack_ipv4

修改

配置文件, 按如下进行注释
1
2
3
4
5
6
7
8
9
10

```conf

#install nf_nat /bin/true
#install xt_state  /bin/true
#install iptable_nat /bin/true
#install nf_conntrack /bin/true
#install nf_defrag_ipv4   /bin/true
#install nf_conntrack_ipv4 /bin/true
#install nf_conntrack_ipv6  /bin/true

就可以顺利启动 docker 服务啦~

1
2

systemctl start docker

参考文档

  1. Docker安装指南——一些错误