问题:Docker“错误:在分配给网络的默认设置中找不到可用的,不重叠的IPv4地址池”
我有一个apkmirror-scraper-compose具有以下结构的目录:
.
├── docker-compose.yml
├── privoxy
│ ├── config
│ └── Dockerfile
├── scraper
│ ├── Dockerfile
│ ├── newnym.py
│ └── requirements.txt
└── tor
└── Dockerfile
我正在尝试运行以下命令docker-compose.yml:
version: '3'
services:
privoxy:
build: ./privoxy
ports:
- "8118:8118"
links:
- tor
tor:
build:
context: ./tor
args:
password: ""
ports:
- "9050:9050"
- "9051:9051"
scraper:
build: ./scraper
links:
- tor
- privoxy
其中,Dockerfile用于tor为
FROM alpine:latest
EXPOSE 9050 9051
ARG password
RUN apk --update add tor
RUN echo "ControlPort 9051" >> /etc/tor/torrc
RUN echo "HashedControlPassword $(tor --quiet --hash-password $password)" >> /etc/tor/torrc
CMD ["tor"]
那privoxy是
FROM alpine:latest
EXPOSE 8118
RUN apk --update add privoxy
COPY config /etc/privoxy/config
CMD ["privoxy", "--no-daemon"]
其中config由两个线
listen-address 0.0.0.0:8118
forward-socks5 / tor:9050 .
而Dockerfile对于scraperIS
FROM python:2.7-alpine
ADD . /scraper
WORKDIR /scraper
RUN pip install -r requirements.txt
CMD ["python", "newnym.py"]
其中requirements.txt包含单行requests。最后,该程序newnym.py旨在简单地测试使用Tor更改IP地址是否有效:
from time import sleep, time
import requests as req
import telnetlib
def get_ip():
IPECHO_ENDPOINT = 'http://ipecho.net/plain'
HTTP_PROXY = 'http://privoxy:8118'
return req.get(IPECHO_ENDPOINT, proxies={'http': HTTP_PROXY}).text
def request_ip_change():
tn = telnetlib.Telnet('tor', 9051)
tn.read_until("Escape character is '^]'.", 2)
tn.write('AUTHENTICATE ""\r\n')
tn.read_until("250 OK", 2)
tn.write("signal NEWNYM\r\n")
tn.read_until("250 OK", 2)
tn.write("quit\r\n")
tn.close()
if __name__ == '__main__':
dts = []
try:
while True:
ip = get_ip()
t0 = time()
request_ip_change()
while True:
new_ip = get_ip()
if new_ip == ip:
sleep(1)
else:
break
dt = time() - t0
dts.append(dt)
print("{} -> {} in ~{}s".format(ip, new_ip, int(dt)))
except KeyboardInterrupt:
print("Stopping...")
print("Average: {}".format(sum(dts) / len(dts)))
在docker-compose build成功建立,但如果我尝试docker-compose up,我得到以下错误信息:
Creating network "apkmirrorscrapercompose_default" with the default driver
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
我尝试搜索有关此错误消息的帮助,但找不到任何帮助。是什么导致此错误?
I have a directory apkmirror-scraper-compose with the following structure:
.
├── docker-compose.yml
├── privoxy
│ ├── config
│ └── Dockerfile
├── scraper
│ ├── Dockerfile
│ ├── newnym.py
│ └── requirements.txt
└── tor
└── Dockerfile
I’m trying to run the following docker-compose.yml:
version: '3'
services:
privoxy:
build: ./privoxy
ports:
- "8118:8118"
links:
- tor
tor:
build:
context: ./tor
args:
password: ""
ports:
- "9050:9050"
- "9051:9051"
scraper:
build: ./scraper
links:
- tor
- privoxy
where the Dockerfile for tor is
FROM alpine:latest
EXPOSE 9050 9051
ARG password
RUN apk --update add tor
RUN echo "ControlPort 9051" >> /etc/tor/torrc
RUN echo "HashedControlPassword $(tor --quiet --hash-password $password)" >> /etc/tor/torrc
CMD ["tor"]
that for privoxy is
FROM alpine:latest
EXPOSE 8118
RUN apk --update add privoxy
COPY config /etc/privoxy/config
CMD ["privoxy", "--no-daemon"]
where config consists of the two lines
listen-address 0.0.0.0:8118
forward-socks5 / tor:9050 .
and the Dockerfile for scraper is
FROM python:2.7-alpine
ADD . /scraper
WORKDIR /scraper
RUN pip install -r requirements.txt
CMD ["python", "newnym.py"]
where requirements.txt contains the single line requests. Finally, the program newnym.py is designed to simply test whether changing the IP address using Tor is working:
from time import sleep, time
import requests as req
import telnetlib
def get_ip():
IPECHO_ENDPOINT = 'http://ipecho.net/plain'
HTTP_PROXY = 'http://privoxy:8118'
return req.get(IPECHO_ENDPOINT, proxies={'http': HTTP_PROXY}).text
def request_ip_change():
tn = telnetlib.Telnet('tor', 9051)
tn.read_until("Escape character is '^]'.", 2)
tn.write('AUTHENTICATE ""\r\n')
tn.read_until("250 OK", 2)
tn.write("signal NEWNYM\r\n")
tn.read_until("250 OK", 2)
tn.write("quit\r\n")
tn.close()
if __name__ == '__main__':
dts = []
try:
while True:
ip = get_ip()
t0 = time()
request_ip_change()
while True:
new_ip = get_ip()
if new_ip == ip:
sleep(1)
else:
break
dt = time() - t0
dts.append(dt)
print("{} -> {} in ~{}s".format(ip, new_ip, int(dt)))
except KeyboardInterrupt:
print("Stopping...")
print("Average: {}".format(sum(dts) / len(dts)))
The docker-compose build builds successfully, but if I try docker-compose up, I get the following error message:
Creating network "apkmirrorscrapercompose_default" with the default driver
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
I tried searching for help on this error message, but couldn’t find any. What is causing this error?
回答 0
我已经看到它暗示docker可能处于创建网络的最大状态。该命令docker network prune可用于删除至少一个容器未使用的所有网络。
正如罗伯特(Robert)所评论的那样,我的问题最终得以service openvpn stop解决:openvpn 的问题“解决了”问题。
I’ve seen it suggested docker may be at its maximum of created networks. The command docker network prune can be used to remove all networks not used by at least one container.
My issue ended up being, as Robert commented about: an issue with openvpn service openvpn stop ‘solved’ the problem.
回答 1
我遇到了这个问题,因为我运行了OpenVPN。当我杀死OpenVPN之后,立即docker-compose up启动,错误消失了。
I ran into this problem because I had OpenVPN running. As soon as I killed OpenVPN, docker-compose up fired right up, and the error disappeared.
回答 2
我在运行OpenVPN时也遇到了这个问题,并且我找到了一个解决方案,您不应停止/启动OpenVPN服务器。
想法,您应该指定要使用的确切子网。在docker-compose.yml写:
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.57.0/24
而已。现在,default将使用网络,并且如果您的VPN没有为您分配来自172.16.57.*子网的任何内容,就可以了。
I ran in this problem with OpenVPN working as well and I’ve found a solution where you should NOT stop/start OpenVPN server.
Idea that You should specify what exactly subnet you want to use. In docker-compose.yml write:
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.57.0/24
That’s it. Now, default network will be used and if your VPN did not assign you something from 172.16.57.* subnet, you’re fine.
回答 3
遵循彼得·豪格(Peter Hauge)的评论,在跑步时,docker network ls我看到了以下内容:
NETWORK ID NAME DRIVER SCOPE
dc6a83d13f44 bridge bridge local
ea98225c7754 docker_gwbridge bridge local
107dcd8aa889 host host local
NAME和DRIVER两者的界线host似乎就是他所说的“在您的主机上已经创建的网络”。因此,在https://gist.github.com/bastman/5b57ddb3c11942094f8d0a97d461b430之后,我运行了命令
docker network rm $(docker network ls | grep "bridge" | awk '/ / { print $1 }')
现在docker-compose up可以工作(尽管newnym.py会产生错误)。
Following Peter Hauge‘s comment, upon running docker network ls I saw (among other lines) the following:
NETWORK ID NAME DRIVER SCOPE
dc6a83d13f44 bridge bridge local
ea98225c7754 docker_gwbridge bridge local
107dcd8aa889 host host local
The line with NAME and DRIVER as both host seems to be what he is referring to with “networks already created on your host”. So, following https://gist.github.com/bastman/5b57ddb3c11942094f8d0a97d461b430, I ran the command
docker network rm $(docker network ls | grep "bridge" | awk '/ / { print $1 }')
Now docker-compose up works (although newnym.py produces an error).
回答 4
我也有同样的问题。我跑了docker system prune -a --volumes,docker network prune但是都没有帮助我。
我使用VPN,我关闭了VPN,在docker启动正常并能够创建网络之后,我将其关闭。之后,您可以再次启用VPN。
I have the same problem. I ran docker system prune -a --volumes, docker network prune, but neither helped me.
I use a VPN, I turned off the VPN and, after it docker started normal and was able to create a network. After that, you can enable VPN again.
回答 5
就像其他答案提到的那样,Docker的默认本地bridge网络仅支持30个不同的网络(每个网络都可以通过其名称唯一标识)。如果您不使用它们,那就docker network prune可以了。
但是,您可能有兴趣建立30多个容器,每个容器都有自己的网络。如果您对此感兴趣,则需要定义一个overlay网络。这有点棘手,但这里记录得非常好。
编辑(2020年5月):链接已不可用,在文档中没有确切的替代方法,但我建议从此处开始。
As other answers mentioned, Docker’s default local bridge network only supports 30 different networks (each one of them uniquely identifiable by their name). If you are not using them, then docker network prune will do the trick.
However, you might be interested in establishing more than 30 containers, each with their own network. Were you interested in doing so then you would need to define an overlay network. This is a bit more tricky but extremely well documented here.
EDIT (May 2020): Link has become unavailable, going through the docs there’s not an exact replacement, but I would recommend starting from here.
回答 6
我有同样的错误消息,但是删除未使用的docker网络的解决方案对我没有帮助。我删除了所有非默认的Docker网络(以及所有图像和容器),但并没有帮助-Docker仍然无法创建新网络。
问题的原因是在安装OpenVpn之后剩下的网络接口中。(它以前安装在主机上。)我通过运行ifconfig命令找到了它们:
...
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:75 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:84304 (84.3 KB) TX bytes:0 (0.0 B)
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:200496 errors:0 dropped:0 overruns:0 frame:0
TX packets:148828 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:211583838 (211.5 MB) TX bytes:9568906 (9.5 MB)
...
我发现我可以使用几个命令将其删除:
ip link delete tun0
ip link delete tun1
之后,问题消失了。
I had an identical problem with the same error message but the solution with removal of unused docker networks didn’t help me. I’ve deleted all non-default docker networks (and all images and containers as well) but it didn’t help – docker still was not able to create a new network.
The cause of the problem was in network interfaces that were left after OpenVpn installation. (It was installed on the host previously.) I found them by running ifconfig command:
...
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:75 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:84304 (84.3 KB) TX bytes:0 (0.0 B)
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:200496 errors:0 dropped:0 overruns:0 frame:0
TX packets:148828 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:211583838 (211.5 MB) TX bytes:9568906 (9.5 MB)
...
I’ve found that I can remove them with a couple of commands:
ip link delete tun0
ip link delete tun1
After this the problem has disappeared.
回答 7
- 检查是否还有其他容器在运行,如果是,请执行以下操作:
docker-compose down
如果已连接VPN,请断开连接,然后重试以启动Docker容器:
docker-compose up -d container_name
- Check if any other container is running, If yes, do:
docker-compose down
If VPN is connected, then disconnect it and try again to up docker container:
docker-compose up -d container_name
回答 8
你可以试试
$sudo service network-manager restart
为我工作。
You can try
$sudo service network-manager restart
Worked for me.
回答 9
我遇到了同样的问题,原因是您达到了网络的最大数量:
做一个:docker network ls
选择一个要删除使用:docker network rm networkname_default
I encoutered the same problem, the reason why is that you reached the max of networks:
do an : docker network ls
Choose one to remove using: docker network rm networkname_default
回答 10
这发生在我身上,因为我正在使用OpenVPN。我找到了一种无需停止使用VPN或将网络手动添加到docker-compose文件或运行任何疯狂脚本的方式。
我切换到WireGuard而不是OpenVPN。更具体地说,当我运行nordvpn解决方案时,我安装了WireGuard并使用了其版本的NordLynx。
This happened to me because I was using OpenVPN. I found a way that I don’t need to stop using the VPN or manually add a network to the docker-compose file nor run any crazy script.
I switched to WireGuard instead of OpenVPN. More specifically, as I am running the nordvpn solution, I installed WireGuard and used their version of it, NordLynx.
回答 11
无需杀死VPN。
关于使用新网络的其他评论对我来说非常接近该解决方案,并且已经工作了一段时间,但是由于在另一个问题中进行了一些讨论,我找到了更好的方法
使用以下方法创建网络:
docker network create your-network --subnet 172.24.24.0/24
然后,在docker-compose.yaml的底部,输入以下内容:
networks:
default:
external:
name: your-network
做完了 无需将网络添加到所有容器定义等中,并且您也可以根据需要将网络与其他docker-compose文件一起重新使用。
回答 12
TL; DR
加
version: "3.7"
services:
web:
...
network_mode: "bridge"
network_mode在文档中阅读有关内容。
长版
免责声明:我对Docker网络不是很了解,但这确实帮了我大忙。YMMV。
当我运行docker run my-image网络时,我没有遇到任何问题,但是当我将此命令转换为docker-compose.yml文件时,却遇到了与OP相同的错误。
我在互联网上阅读了Arenim的答案以及其他一些建议重用现有网络的内容。
您可以找到这样的现有网络:
# docker network ls
NETWORK ID NAME DRIVER SCOPE
ca0415dfa442 bridge bridge local
78cbbda034dd host host local
709f13f4ce2d none null local
我想重用默认bridge网络,所以我添加了
services:
web:
...
networks:
default:
external:
name: bridge
到我的根docker-compose.yml(不在我
services的根中,而是在根缩进处)。
我现在收到以下错误:
错误:您的容器网络范围的别名仅支持用户定义网络中的容器
这导致遇到了这个Docker Github问题,明确指出我应该将该network_mode对象添加到我的对象中docker-compose:
version: "3.7"
services:
web:
...
network_mode: "bridge"
我使用的是Docker版本18.09.8,docker-compose版本1.24.1和撰写文件格式3.7。
TL;DR
Add
version: "3.7"
services:
web:
...
network_mode: "bridge"
Read about network_mode in the
documentation.
Long version
Disclaimer: I am not very knowledgeable about Docker networking, but this did the trick for me. YMMV.
When I ran docker run my-image the networking gave me no problems, but when
I converted this command to a docker-compose.yml file, I got the same error
as the OP.
I read Arenim’s answer and
some other stuff on the internet that suggested to re-use an existing network.
You can find existing networks like this:
# docker network ls
NETWORK ID NAME DRIVER SCOPE
ca0415dfa442 bridge bridge local
78cbbda034dd host host local
709f13f4ce2d none null local
I wanted to reuse the default bridge network, so I added
services:
web:
...
networks:
default:
external:
name: bridge
to the the root of my docker-compose.yml (so not inside one of my
services, but at the root indentation).
I now got the following error:
ERROR: for your-container network-scoped alias is supported only for
containers in user defined networks
This led met to this Docker Github
issue, that plainly stated
that I should add the network_mode object to my docker-compose:
version: "3.7"
services:
web:
...
network_mode: "bridge"
I was using Docker version 18.09.8, docker-compose version 1.24.1 and
the compose file format 3.7.
回答 13
如果您需要大量网络,则可以通过default-address-pools守护进程设置控制docker分配给每个网络的IP空间数量,因此可以将其添加到您的/etc/docker/daemon.json:
{
"bip": "10.254.1.1/24",
"default-address-pools":[{"base":"10.254.0.0/16","size":28}],
}
在这里,我10.254.1.1/24为网桥网络保留了(254个IP地址)。
对于我创建的任何其他网络,docker将对10.254.0.0空间进行分区(65k主机),一次分配16台主机(对于16台主机"size":28,请参阅CIDR掩码)。
如果我创建了几个网络然后docker network inspect <name>在它们上运行,它可能会显示以下内容:
...
"Subnet": "10.254.0.32/28",
"Gateway": "10.254.0.33"
...
该10.254.0.32/28方法这个网络可以使用16个IP地址的10.254.0.32– 10.254.0.47。
If you want lots of networks then you can control how much IP space docker hands out to each network via the default-address-pools deamon setting, so you could add this to your /etc/docker/daemon.json:
{
"bip": "10.254.1.1/24",
"default-address-pools":[{"base":"10.254.0.0/16","size":28}],
}
Here I’ve reserved 10.254.1.1/24 (254 IP addresses) for the bridge network.
For any other network I create, docker will partition up the 10.254.0.0 space (65k hosts), giving out 16 hosts at a time ("size":28 refers to the CIDR mask, for 16 hosts).
If I create a few networks and then run docker network inspect <name> on them, it might display something like this:
...
"Subnet": "10.254.0.32/28",
"Gateway": "10.254.0.33"
...
The 10.254.0.32/28 means this network can use 16 ip addresses from 10.254.0.32 – 10.254.0.47.
回答 14
我遇到了同样的问题
使用默认驱动程序创建网络“ schemaregistry1_default”
错误:在分配给网络的默认值中找不到可用的,不重叠的IPv4地址池
在关闭Cisco VPN之前,没有任何帮助。在那个码头工人组成之后
I ran into the same problem
Creating network “schemaregistry1_default” with the default driver
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
and nothing helped until I turned off the Cisco VPN.
after that docker-compose up worked
回答 15
我通过以下步骤解决了这个问题:
关闭您的网络(无线或有线…)。
重新启动系统。
在PC上打开网络之前,执行命令docker-compose up,它将创建新的网络。
那么您可以打开网络并继续…
I fixed this issue by steps :
turn off your network (wireless or wired…).
reboot your system.
before turning on your network on PC, execute command docker-compose up, it’s going to create new network.
then you can turn network on and go on …
