记一次使用calico网络启动docker容器失败

我在本地centos7.6上搭建了calico v2.6的环境，然后创建了一个名为cal_net1的calico网络。

[root@docker-02 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
b5b2c1c28b26        bridge              bridge              local
26566ae50002        cal_net1            calico              global
83caa9f30619        host                host                local
d1f1262964be        none                null                local
[root@docker-02 ~]# 

当我使用cal_net1网络去启动一个容器的时候，出现问题。

[root@docker-02 ~]# docker container run --net cal_net1 --name bbox1 -itd busybox
9dc1060b70de7594cefb74599387ce15067a13fc9cc666ffbef6d5829243a8fc
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"process_linux.go:432: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: time=\\\\\\\"2020-05-07T23:05:26+08:00\\\\\\\" level=fatal msg=\\\\\\\"failed to add interface tempd909b5884cf to sandbox: error setting interface \\\\\\\\\\\\\\\"tempd909b5884cf\\\\\\\\\\\\\\\" routes to [\\\\\\\\\\\\\\\"169.254.1.1/32\\\\\\\\\\\\\\\" \\\\\\\\\\\\\\\"fe80::f0f9:bcff:feac:71ad/128\\\\\\\\\\\\\\\"]: permission denied\\\\\\\"\\\\n\\\"\"": unknown.

如上所示在启动容器的时候，报错：

docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"process_linux.go:432: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: time=\\\\\\\"2020-05-07T23:05:26+08:00\\\\\\\" level=fatal msg=\\\\\\\"failed to add interface tempd909b5884cf to sandbox: error setting interface \\\\\\\\\\\\\\\"tempd909b5884cf\\\\\\\\\\\\\\\" routes to [\\\\\\\\\\\\\\\"169.254.1.1/32\\\\\\\\\\\\\\\" \\\\\\\\\\\\\\\"fe80::f0f9:bcff:feac:71ad/128\\\\\\\\\\\\\\\"]: permission denied\\\\\\\"\\\\n\\\"\"": unknown.

 

经过查阅需要设置禁用IPV6：

[root@docker-02 ~]# echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
[root@docker-02 ~]# echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

禁用之后再次启动容器，未报错，问题解决

[root@docker-02 ~]# docker run --net cal_net1 -itd --name bbox1 busybox
b30cc17f84d3a402292a0eb4751ebd34bcc63ac641ea82b50e5705084b9a0f96
[root@docker-02 ~]# docker ps
CONTAINER ID        IMAGE                         COMMAND             CREATED             STATUS              PORTS               NAMES
b30cc17f84d3        busybox                       "sh"                12 minutes ago      Up 12 minutes                           bbox1
01494a3b236a        quay.io/calico/node:v2.6.12   "start_runit"       44 minutes ago      Up 29 minutes                           calico-node
[root@docker-02 ~]#