Centos docker服务启动失败 A dependency job for docker.service failed

在Centos上安装docker后需要手动启动docker服务，但是启动时报如下错误

$ systemctl enable docker  && systemctl start docker
A dependency job for docker.service failed. See 'journalctl -xe' for details.

执行 journalctl -xe后结果如下

$ journalctl -xe
1月 24 02:25:45 localhost.localdomain yum[18753]: 2:postfix-2.10.1-7.el7.x86_64: 100
1月 24 02:25:45 localhost.localdomain yum[18753]: fontconfig-2.13.0-4.3.el7.x86_64: 100
1月 24 02:26:12 localhost.localdomain polkitd[6691]: Registered Authentication Agent for unix-process:18768:232871247 (system bus na
1月 24 02:26:12 localhost.localdomain systemd[1]: Reloading.
1月 24 02:26:12 localhost.localdomain polkitd[6691]: Unregistered Authentication Agent for unix-process:18768:232871247 (system bus 
1月 24 02:26:12 localhost.localdomain polkitd[6691]: Registered Authentication Agent for unix-process:18787:232871256 (system bus na
1月 24 02:26:12 localhost.localdomain systemd[1]: Starting Docker Socket for the API.
-- Subject: Unit docker.socket has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit docker.socket has begun starting up.
1月 24 02:26:12 localhost.localdomain systemd[18793]: Failed to chown socket at step GROUP: No such process
1月 24 02:26:12 localhost.localdomain systemd[1]: docker.socket control process exited, code=exited status=216
1月 24 02:26:12 localhost.localdomain systemd[1]: Failed to listen on Docker Socket for the API.
-- Subject: Unit docker.socket has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit docker.socket has failed.
-- 
-- The result is failed.
1月 24 02:26:12 localhost.localdomain systemd[1]: Dependency failed for Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit docker.service has failed.
-- 
-- The result is dependency.
1月 24 02:26:12 localhost.localdomain systemd[1]: Job docker.service/start failed with result 'dependency'.
1月 24 02:26:12 localhost.localdomain systemd[1]: Unit docker.socket entered failed state.
1月 24 02:26:12 localhost.localdomain polkitd[6691]: Unregistered Authentication Agent for unix-process:18787:232871256 (system bus 

解决方案：添加docker组

$ groupadd docker
groupadd：无法打开 /etc/group

这里涉及到一个知识点就是文件隐藏属性，使用lsattr查看文件隐藏属性

$ lsattr /etc/group
----i--------e-- /etc/group
$ lsattr lsattr /etc/gshadow
----i--------e-- /etc/gshadow

这里的i属性表示文件不能被删除、改名，也不能写入或添加数据，所以需要先去掉i属性

$ chattr -i /etc/gshadow
$ chattr -i /etc/group

然后添加docker组，并启动docker服务，systemctl enable docker是为了设置开机启动docker服务

$ groupadd docker
$ systemctl enable docker  && systemctl start docker

做过基线的同学应该知道，为了安全起见，最好还是把i属性加回来

$ chattr +i /etc/gshadow
$ chattr +i /etc/group

参考

• https://www.jianshu.com/p/38831a8a47cb
• https://blog.csdn.net/yabingshi_tech/article/details/52780134