Docker стартует, но нет соединения до перезагрузки docker.socket
Сделал сборку Linux на основе Thinstation с пакетами docker и docker-compose. После загрузки тонкого клиента демон docker стартует, всё в порядке. Скачиваю с хаба nginx:alpine, подымаю контейнер с пробросом 80 порта. Порты все слушаются, всё в порядке. Проблема в том, что не могу извне подключиться, пока не рестарну docker.socket. После рестарта всё подключается. Вопрос: как можно отследить, в чём проблема ПЕРВОНОЧАЛЬНОГО запуска docker после загрузки дистрибутива? Почему подключение подымается только после рестарта docker.socket? Прилагаю журнал загрузки docker с момента включения ОС.
-- Logs begin at Wed 2022-06-08 11:36:29 PDT, end at Wed 2022-06-08 11:38:10 PDT. --
Jun 08 11:36:35 thinstation-linux systemd[1]: Starting Docker Application Container Engine...
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.424634546-07:00" level=info msg="Starting up"
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.426073778-07:00" level=info msg="libcontainerd: started new containerd process" pid=3123
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.426146956-07:00" level=info msg="parsed scheme: \"unix\"" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.426167660-07:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.426210273-07:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>}" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.426245923-07:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36-07:00" level=warning msg="deprecated version : `1`, please switch to version `2`"
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.459295765-07:00" level=info msg="starting containerd" revision=212e8b6fa2f44b9c21b2798135fc6fb7c53efc16 version=v1.6.4
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.477733725-07:00" level=info msg="loading plugin \"io.containerd.content.v1.content\"..." type=io.containerd.content.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.477938323-07:00" level=info msg="loading plugin \"io.containerd.snapshotter.v1.aufs\"..." type=io.containerd.snapshotter.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.480088030-07:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.aufs\"..." error="aufs is not supported (modprobe aufs failed: exit status 1 \"modprobe: FATAL: Module aufs not found in directory /lib/modules/5.10.119TS\\n\"): skip plugin" type=io.containerd.snapshotter.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.480169064-07:00" level=info msg="loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." type=io.containerd.snapshotter.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.480378601-07:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs (rootfs) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.480451755-07:00" level=info msg="loading plugin \"io.containerd.snapshotter.v1.devmapper\"..." type=io.containerd.snapshotter.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.480615623-07:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.480711948-07:00" level=info msg="loading plugin \"io.containerd.snapshotter.v1.native\"..." type=io.containerd.snapshotter.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.480866820-07:00" level=info msg="loading plugin \"io.containerd.snapshotter.v1.overlayfs\"..." type=io.containerd.snapshotter.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.481238817-07:00" level=info msg="loading plugin \"io.containerd.snapshotter.v1.zfs\"..." type=io.containerd.snapshotter.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.481473421-07:00" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.zfs\"..." error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.481605761-07:00" level=info msg="loading plugin \"io.containerd.metadata.v1.bolt\"..." type=io.containerd.metadata.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.481785009-07:00" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.481872515-07:00" level=info msg="metadata content store policy set" policy=shared
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.482211834-07:00" level=info msg="loading plugin \"io.containerd.differ.v1.walking\"..." type=io.containerd.differ.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.482322961-07:00" level=info msg="loading plugin \"io.containerd.event.v1.exchange\"..." type=io.containerd.event.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.482431014-07:00" level=info msg="loading plugin \"io.containerd.gc.v1.scheduler\"..." type=io.containerd.gc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.482561744-07:00" level=info msg="loading plugin \"io.containerd.service.v1.introspection-service\"..." type=io.containerd.service.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.482666025-07:00" level=info msg="loading plugin \"io.containerd.service.v1.containers-service\"..." type=io.containerd.service.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.482768195-07:00" level=info msg="loading plugin \"io.containerd.service.v1.content-service\"..." type=io.containerd.service.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.482873230-07:00" level=info msg="loading plugin \"io.containerd.service.v1.diff-service\"..." type=io.containerd.service.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.482974999-07:00" level=info msg="loading plugin \"io.containerd.service.v1.images-service\"..." type=io.containerd.service.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.483300945-07:00" level=info msg="loading plugin \"io.containerd.service.v1.leases-service\"..." type=io.containerd.service.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.483412793-07:00" level=info msg="loading plugin \"io.containerd.service.v1.namespaces-service\"..." type=io.containerd.service.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.483565088-07:00" level=info msg="loading plugin \"io.containerd.service.v1.snapshots-service\"..." type=io.containerd.service.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.483683446-07:00" level=info msg="loading plugin \"io.containerd.runtime.v1.linux\"..." type=io.containerd.runtime.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.483841268-07:00" level=info msg="loading plugin \"io.containerd.runtime.v2.task\"..." type=io.containerd.runtime.v2
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.483981876-07:00" level=info msg="loading plugin \"io.containerd.monitor.v1.cgroups\"..." type=io.containerd.monitor.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.484305284-07:00" level=info msg="loading plugin \"io.containerd.service.v1.tasks-service\"..." type=io.containerd.service.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.484384922-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.introspection\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.484452084-07:00" level=info msg="loading plugin \"io.containerd.internal.v1.restart\"..." type=io.containerd.internal.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.484604560-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.containers\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.484729124-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.content\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.484798967-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.diff\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.484869907-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.events\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.484945381-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.healthcheck\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485011824-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.images\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485076950-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.leases\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485148324-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.namespaces\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485219134-07:00" level=info msg="loading plugin \"io.containerd.internal.v1.opt\"..." type=io.containerd.internal.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485345909-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.snapshots\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485447136-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.tasks\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485595705-07:00" level=info msg="loading plugin \"io.containerd.grpc.v1.version\"..." type=io.containerd.grpc.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485667229-07:00" level=info msg="loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." type=io.containerd.tracing.processor.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485741706-07:00" level=info msg="skip loading plugin \"io.containerd.tracing.processor.v1.otlp\"..." error="no OpenTelemetry endpoint: skip plugin" type=io.containerd.tracing.processor.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485806107-07:00" level=info msg="loading plugin \"io.containerd.internal.v1.tracing\"..." type=io.containerd.internal.v1
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.485876228-07:00" level=error msg="failed to initialize a tracing processor \"otlp\"" error="no OpenTelemetry endpoint: skip plugin"
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.486215251-07:00" level=info msg=serving... address=/var/run/docker/containerd/containerd-debug.sock
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.486340798-07:00" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock.ttrpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.486477047-07:00" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock
Jun 08 11:36:36 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:36:36.486580162-07:00" level=info msg="containerd successfully booted in 0.035286s"
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.498150579-07:00" level=info msg="parsed scheme: \"unix\"" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.498266101-07:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.498338577-07:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>}" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.498402055-07:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.500773428-07:00" level=info msg="parsed scheme: \"unix\"" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.500808862-07:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.500843595-07:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>}" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.500882067-07:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.507802042-07:00" level=info msg="Loading containers: start."
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.582364532-07:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.635720777-07:00" level=info msg="Loading containers: done."
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.648382407-07:00" level=warning msg="Not using native diff for overlay2, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled" storage-driver=overlay2
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.648686649-07:00" level=info msg="Docker daemon" commit=f756502 graphdriver(s)=overlay2 version=20.10.16
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.649422153-07:00" level=info msg="Daemon has completed initialization"
Jun 08 11:36:36 ts_080027b3b812 systemd[1]: Started Docker Application Container Engine.
Jun 08 11:36:36 ts_080027b3b812 dockerd[2353]: time="2022-06-08T11:36:36.675017119-07:00" level=info msg="API listen on /run/docker.sock"
Jun 08 11:38:10 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:38:10.677902769-07:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
Jun 08 11:38:10 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:38:10.678007800-07:00" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
Jun 08 11:38:10 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:38:10.678026052-07:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
Jun 08 11:38:10 ts_080027b3b812 dockerd[3123]: time="2022-06-08T11:38:10.678582298-07:00" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/d37d6226d65ea72d7cde01c95cfc70b63bd4e77ba4e2f3cab645a1c6d7c07df0 pid=4159 runtime=io.containerd.runc.v2
UPD 1.
Есть предположения, что сетевые сервисы, которые взаимодействуют с docker стартуют после запуска docker, только какие - не вразумлю. Прикладываю инфографику загрузки:
Лог iptables:
Chain INPUT (policy ACCEPT 390 packets, 47729 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 14 packets, 840 bytes)
pkts bytes target prot opt in out source destination
14 840 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
14 840 DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 404 packets, 149K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:80
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
14 840 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
14 840 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
UPD 2.
Пересобрал дистрибутив с возможностью отладки Docker при запуске. Вот результат ДО и ПОСЛЕ перезапуска docker.socket. iptables после перезапуска docker.socket добавляет новые правила. Почему он не делает это при первоначальной загрузке docker?