操作系统版本：

CentOS Linux release 7.4.1708 (Core)

内核版本：

Linux 554735 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

docker 版本：

Client:
 Version:      17.06.0-ce
 API version:  1.30
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:20:36 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.06.0-ce
 API version:  1.30 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:21:56 2017
 OS/Arch:      linux/amd64
 Experimental: false

今天重启docker服务的时候时候，报出下面的错误信息：

Nov 14 12:05:48 554735 dockerd[14510]: time="2018-11-14T12:05:48.649532416+08:00" level=info msg="libcontainerd: new containerd process, pid: 14524"
Nov 14 12:05:49 554735 consul[1470]: 2018/11/14 12:05:49 [WARN] agent: http request failed 'http://127.0.0.1:9095/metrics': Get http://127.0.0.1:9095/metrics: dNov 14 12:05:49 554735 dockerd[14510]: time="2018-11-14T12:05:49.671699972+08:00" level=info msg="[graphdriver] using prior storage driver: overlay"
Nov 14 12:05:49 554735 dockerd[14510]: time="2018-11-14T12:05:49.797990865+08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Nov 14 12:05:49 554735 dockerd[14510]: time="2018-11-14T12:05:49.798771912+08:00" level=info msg="Loading containers: start."
Nov 14 12:05:49 554735 dockerd[14510]: time="2018-11-14T12:05:49.833032379+08:00" level=warning msg="Failed to read iptables version: fork/exec /usr/sbin/iptables: execNov 14 12:05:49 554735 dockerd[14510]: Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: ipNov 14 12:05:49 554735 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Nov 14 12:05:49 554735 systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is failed.
Nov 14 12:05:49 554735 systemd[1]: Unit docker.service entered failed state.
Nov 14 12:05:49 554735 systemd[1]: docker.service failed.
Nov 14 12:05:49 554735 polkitd[1043]: Unregistered Authentication Agent for unix-process:14504:47075 (system bus name :1.52, object path /org/freedesktop/PolicyKit1/AutNov 14 12:05:50 554735 systemd[1]: docker.service holdoff time over, scheduling restart.
Nov 14 12:05:50 554735 systemd[1]: Starting Docker Application Container Engine...
-- Subject: Unit docker.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has begun starting up.
Nov 14 12:05:50 554735 dockerd[14618]: time="2018-11-14T12:05:50.175112450+08:00" level=info msg="libcontainerd: new containerd process, pid: 14628"

错误信息通过 journalctl -xe | grep docker 获得

google之后，并没有找到很合适的解决方案，在docker issue上发现，竟然有人是通过升级内核解决。。。。。。

后来经过排查发现是iptables没有启用了，docker没有办法做端口转发，导致docker服务起不来。

启用iptables，搞定。

[root@jiankunking~]# systemctl stop firewalld  ##停止防火墙 firewalld
[root@jiankunking~]# systemctl disable firewalld  ##禁用防火墙 firewalld
[root@jiankunking~]# systemctl status firewalld  ##查看防火墙状态
[root@jiankunking~]# yum install -y iptables-services iptables-devel.x86_64 iptables.x86_64 
[root@jiankunking~]# systemctl enable iptables  ##开机自启
[root@jiankunking~]# systemctl start iptables  ##启动iptables
[root@jiankunking~]# systemctl status iptables  ##查看iptables状态

个人微信公众号：

作者：jiankunking 出处：http://blog.csdn.net/jiankunking