所需内核选项

Docker开源团队提供了一个脚本,可以检测Kernel配置是否符合Docker的运行要求,源地址为:https://github.com/moby/moby/blob/master/contrib/check-config.sh

  1. 获取脚本并执行以下命令:
    $ ./check-config.sh
    以下为示例输出:
    1. 示例输出
    其中输出结果主要分为两部分:
    • Generally Necessary:表示必要的配置,图中显示missing的配置,需要去内核配置中打开,重新编译烧录内核以支持Docker。
    • Optional Features:表示可选配置,根据需要打开。
  2. 从示例输出中可以看到,必要的配置中有许多显示missing的地方,可参考该链接拉取内核代码、切换分支并应用默认内核选项,应用默认选项后配置对应内核选项:
    • 启用Controller下的项目以及CONFIG_CGROUP_*CONFIG_CPUSETSCONFIG_MEMCG等选项需要开启General setup > Control Group support下的以下选项:
      2. 配置内核选项
    • 启用CONFIG_VETH需要开启Device Drivers > Network device support下的Virtual ethernet pair device选项:
      3. Virtual ethernet pair device
    • 启用CONFIG_BRIDGE需要开启Networking support > Networking options下的802.1d Ethernet Bridging选项:
      4. 802.1d Ethernet Bridging
    • 启用CONFIG_BRIDGE_NETFILTER需要开启Networking support > Networking options > Network packet filtering framework (Netfilter)下的Bridged IP/ARP packets filtering选项:
      5. Bridged IP/ARP packets filtering
    • 启用CONFIG_NETFILTER_XT_MATCH_ADDRTYPE需要开启Networking support > Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration下的“addrtype" address type match support选项:
      6. “addrtype" address type match support
    • 启用CONFIG_IP_NF_MANGLE需要开启Networking support > Networking options > Network packet filtering framework (Netfilter) > IP: Netfilter Configuration下的Packet mangling选项:
      7. Packet mangling
    • 启用CONFIG_NETFILTER_XT_MATCH_IPVS需要开启以下两个选项:
      • Networking support > Networking options > Network packet filtering framework (Netfilter)下的IP virtual server support选项
        8. IP virtual server support & "ipvs" match support
      • Networking support > Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration下的"ipvs" match support选项:
        9. "ipvs" match support
    • 启用CONFIG_IP6_NF_IPTABLES需要开启Networking support > Networking options > Network packet filtering framework (Netfilter) > IPV6: Netfilter Configuration下的IP6 tables support (required for filtering)选项:
      10. IP6 tables support (required for filtering)
    • 启用CONFIG_NF_TABLES_BRIDGE需要开启Networking support > Networking options > Network packet filtering framework (Netfilter)下的Ethernet Bridge nf_tables support (NEW)选项:
      11. Ethernet Bridge nf_tables support (NEW)
    • 以上选项选中后,还需要开启Networking support > Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration下图中的选项,否则Docker将无法正常启动:
      12. Netfilter nf_tables_support