Docker 升级1.2

原先一直用docker 1.10，用这个版本的缘由是遇到了这个问题：

ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule exist in that chain?).

 就是由于你用的防火墙是firewall.

而问题的缘由是这个：

firewalld uses iptables and IPtables rules under the hood, but the way it "works" is with different "zones", with different levels of access (as I understand, different sets of iptables rules for each "zone").

（国外牛人说的）

也就是这样。可是因为最近公司数据被黑了，无法只能选择上firewall了。因此我只能讲iptables卸载了。

下面讲两个问题：1.如何升级  2.如何解决docker在iptables上遇到的上面按个bug。

1.docker 版本升级

1.1设定Yum

docker缺省的Yum库使用的是main，基本上是稳定的版本。目前该版本为1.10。而在centos上安装只须要设定为experimental。将其baseurl设定为https://yum.dockerproject.org/repo/experimental/centos/7/便可。之后升到1.99估计也能够用一样的花招抢先试用吧。如下为设定方式：

cat > /etc/yum.repos.d/docker.repo 
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/experimental/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg

1.2确认旧的docker相关的组件并删除

你的机器上必定有用centos简易安装方式yum install docker安装的各类docker组件。安装1.12以前先把它们删掉吧，否则后面有可能仍是会提示你删除的。

[root@host32 ~]# rpm -qa |grep docker
docker-selinux-1.10.3-44.el7.centos.x86_64
docker-common-1.10.3-44.el7.centos.x86_64
docker-forward-journald-1.10.3-44.el7.centos.x86_64
docker-1.10.3-44.el7.centos.x86_64
[root@host32 ~]#
[root@host32 ~]# yum -y remove docker-selinux-1.10.3-44.el7.centos.x86_64
[root@host32 ~]# yum -y remove docker-common-1.10.3-44.el7.centos.x86_64
[root@host32 ~]# yum -y remove docker-forward-journald-1.10.3-44.el7.centos.x86_64
[root@host32 ~]# yum -y remove docker-1.10.3-44.el7.centos.x86_64

1.3安装docker-engine

安装命令：yum -y install docker-engine

这一步可能遇到的问题:

Error: docker-engine-selinux conflicts with 2:container-selinux?

解决方案：（来自stackover）

I had the same problem, and managed to solve it. What I did:

Look for a previous CentOs native docker install remnant and remove it:

[root@here ~]# rpm -aq | grep docker
docker-common-1.10.3-59.el7.centos.x86_64
[root@here ~]# yum remove docker*
That was not enough though

Look for that container-selinux and remove it too:

[root@here ~]# rpm -qa | grep container-selinux
container-selinux-1.10.3-59.el7.centos.x86_64
First make sure it is not used by anything else (I had a doubt, I chose to play safe)

[root@here ~]# rpm -q --whatrequires container-selinux-1.10.3-59.el7.centos.x86_64
no package requires container-selinux-1.10.3-59.el7.centos.x86_64
[root@here ~]# yum remove container-selinux

 

2.如何解决docker在iptables上遇到 iptable chain

2.1  建议直接升级

2.2 docker git官网 issue中提到了解决方案：https://github.com/docker/docker/issues/16137