Shulou(Shulou.com)05/31 Report--

This article is to share with you about how Docker can't start after it hasn't been used for a while. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

When the docker1.12 version was first released, I built a virtual machine and installed it to experiment with the new features of the built-in swarm mode, but this virtual machine has been useless ever since. When I turned on this virtual machine today, I found that the docker service could not be started. The specific phenomena are as follows:

[root@node1 /] # service docker startRedirecting to / bin/systemctl start docker.serviceJob for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl-xe" for details.

View detailed information

[root@node1 /] # systemctl status docker.service-l * docker.service-Docker Application Container Engine Loaded: loaded (/ usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since six 2017-01-07 20:19:22 CST 56s ago Docs: https://docs.docker.com Process: 2707 ExecStart=/usr/bin/dockerd (code=exited, status=1/FAILURE) Main PID: 2707 (code=exited Status=1/FAILURE) 20:19:21 node1 dockerd [2707]: time= "2017-01-07T20:19:21.941128813+08:00" level=warning msg= "mountpoint for pids not found" January 07 20:19:21 node1 dockerd [2707]: time= "2017-01-07T20:19:21.941923814+08:00" level=info msg= "Loading containers: start." January 07 20:19:21 node1 dockerd [2707]:.. time = "2017-01-07T20:19:21.966308550+08:00" level=info msg= "Firewalld Running: false "January 07 20:19:22 node1 dockerd [2707]: time=" 2017-01-07T20:19:22.458578104+08:00 "level=info msg=" Default bridge (docker0) is assigned with an IP address 172.17.0 Daemon option 16. Daemon option-- bip can be used to set a preferred IP address "January 07 20:19:22 node1 dockerd [2707]: time=" 2017-01-07T20:19:22.572281786+08:00 "level=info msg=" Loading containers: done. "January 07 20:19:22 Node1 dockerd [2707]: time= "2017-01-07T20:19:22.635556518+08:00" level=fatal msg= "Error creating cluster component: error while loading TLS Certificate in / var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid" January 07 20:19:22 node1 systemd [1]: docker.service: main process exited Code=exited, status=1/FAILURE1 07 20:19:22 node1 systemd [1]: Failed to start Docker Application Container Engine.1 07 20:19:22 node1 systemd [1]: Unit docker.service entered failed state.1 07 20:19:22 node1 systemd [1]: docker.service failed.

There is an error message that roughly means that the swarm-mode.crt certificate has expired or is invalid.

Error while loading TLS Certificate in / var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid

In the issue of querying docker, there is a discussion on this issue in item 24132:

Swarm certificates automatically renew and have 90 day expiry period by default. Still, if you don't start the daemon during that time the certificates will expire and starting daemon will fail with time= "2016-06-29T17:18:06.165656736Z" level=fatal msg= "Error creating cluster component: error while loading TLS Certificate in / var/lib/docker/swarm/certificates/swarm-node.crt: x509: certificate has expired or is not yet valid"

I think refusing to start and not ignoring this error is correct. We could provide-- reset-swarm option to leave swarm so the user doesn't need to remove the state dir manually. Problem is that user must remember to remove this option as otherwise, it would clear the state on every next restart as well.

Maybe a good enough solution would be to add instructions for removing the state directory in the error message.

The certificate of swarm has a validity period of 90 days by default. If the certificate is renewed automatically within the validity period, the certificate can be renewed automatically. However, if the server is not started for a long time and the validity period is exceeded, docker will not be able to start.

To solve this problem, we can delete or rename the / var/lib/docker/swarm directory first, and docker can start normally.

Thank you for reading! This is the end of the article on "Docker can't start after a period of time". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.