I am trying to deploy a simple docker swarm service using routing mesh from this manual pages and access it.
Initialize docker swarm cluster with single manager node:
PS> docker swarm init --advertise-addr 192.168.1.156
Swarm initialized: current node (jpajl1nkr3xr1f3c3jqi56qia) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-2n1s6wap5dp1pjzzzqroyg22pqkwpnfijilmbdfgwjbkcqwder-5kqt701dv329fduhoaqld9m3y 192.168.1.156:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
Deploy service:
PS> docker service create --name my_web --publish published=80,target=80 --replicas 3 nginx
fqy4vi3hjncougtak9qj9fuz0
overall progress: 3 out of 3 tasks
1/3: running [==================================================>]
2/3: running [==================================================>]
3/3: running [==================================================>]
verify: Service converged
Check service and containers:
PS> docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
fqy4vi3hjnco my_web replicated 3/3 nginx:latest *:80->80/tcp
PS> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d24a85b4d6ba nginx:latest "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp my_web.2.b44g8bjs95ac8v0g90hnv2cjd
b6466f252b46 nginx:latest "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp my_web.3.hpc4zxlr178tklf84t1y5rc64
35e194264098 nginx:latest "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp my_web.1.u1euqrfwq2te75zsbkmfkv0bq
Request:
PS> curl http://localhost
curl : Se ha terminado la conexión: La conexión ha terminado de forma inesperada.
<< (Free Translation) curl: Connection is terminated: The connection has finished unexpectedly. >>
En línea: 1 Carácter: 1
+ curl http://localhost
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Same result with these alternatives:
PS> curl http://localhost:80
PS> curl http://127.0.0.1:80
PS> curl http://192.168.1.156
PS> curl http://192.168.1.156:80
Check listening ports in Windows:
CMD> netstat -a -b | find "80"
TCP 0.0.0.0:80 fs1322:0 LISTENING
TCP 0.0.0.0:7680 fs1322:0 LISTENING
TCP 0.0.0.0:8080 fs1322:0 LISTENING
TCP 169.254.80.254:139 fs1322:0 LISTENING
TCP 172.19.80.1:53 fs1322:0 LISTENING
TCP 172.19.80.1:139 fs1322:0 LISTENING
Check listening ports in one container
# netstat -ltpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.11:34835 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/nginx: master pro
tcp6 0 0 :::80 :::* LISTEN 1/nginx: master pro
The execution of curl localhost in one container succeded:
# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
</head>
</html>
Environment:
OS: Windows 10 Pro (2004)
Docker Desktop for Windows: 2.3.0.3
Docker Engine: 19.03.8
Virtualization: WSL2
Console: Windows PowerShell (not Administrator)
Related
I would like to have a service being deployed as part of a docker stack to listen on ipv4.
Currently the docker stack deployed service (rabbitmq) is listening on ipv6, I would like to have it listen via ipv4.
The section of docker compose .yaml file that I using to deploy the docker stack as the following yaml section.
rabbitmq-3-11-0:
#image: rabbitmq:3.11.0-management
image: "127.0.0.1:5000/bcl-sdv-rabbitmq-3-11-0:v0.1"
ports:
-
"0.0.0.0:5672:5672/tcp"
-
"0.0.0.0:15672:15672/tcp" #15672: HTTP API clients, management UI and rabbitmqadmin (only if the management plugin is enabled)
On deployment of the docker stack, the "rabbitmq-3-11-0" service is deployed successfully.
To test IP connectivity I issue the following commands on the docker node.
ncat -w 2 -v ::1 5672 </dev/null; echo $?
yields
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to ::1:5672.
While the command
ncat -w 2 -v 0.0.0.0 5672 </dev/null; echo $?
yields
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 0.0.0.0:5672.
Ncat: Connection reset by peer.
1
The command
ncat -w 2 -v 127.0.0.1 5672 </dev/null; echo $?
produces
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:5672.
Ncat: Connection reset by peer.
1
The netstat command below
sudo netstat -tulnp|grep 5672
shows that the ports 5672 and 15672 are listening on ipv6.
tcp6 4 0 :::5672 :::* LISTEN 2527/dockerd
tcp6 0 0 :::15672 :::* LISTEN 2527/dockerd
The command to determine the docker version below
docker info|grep Version
Outputs
Server Version: 20.10.20
Cgroup Version: 1
Kernel Version: 3.10.0-1160.76.1.el7.x86_64
The Linux version command below
lsb_release
prints
LSB Version: :core-4.1-amd64:core-4.1-noarch
On MacOS 12, using Docker 20.10, I'm not able to start a container on another IP:
% docker run -p 127.123.2.13:80:80 -d nginx
a9216ae29940f7357b9b4826ecddf041f1805c9ee48ba1336361277fc0dcb524
docker: Error response from daemon: Ports are not available: listen tcp 127.0.17.1:80: bind: can't assign requested address.
Is there any other way?
In order to bind to the ip, other than 0.0.0.0, you need to have an interface in your system with the desired ip. For example, watch docker failing to bind to a non-existent ip of 127.0.0.2:
docker run -p 127.0.0.2:80:80 -d nginx
cc79b1b60c9f5e245b326bbfcc17d4a1f1abe6fad6fd12f9677b66bbee972a12
docker: Error response from daemon: Ports are not available: listen tcp 127.0.0.2:80: bind: can't assign requested address.
Now I create an alias for my existing interface lo0:
sudo ifconfig lo0 alias 127.0.0.2 netmask 0xff000000
and try again:
docker run -p 127.0.0.2:80:80 -d nginx
05223ecb6ae99a25b7423f014b9b95422c621717705ce1c255bea04072c45263
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc79b1b60c9f nginx "/docker-entrypoint.…" 2 minutes ago Created hardcore_haslett
05223ecb6ae9 nginx "/docker-entrypoint.…" 2 minutes ago Up 2 minutes 127.0.0.2:80->80/tcp pensive_bardeen
I've run into an issue that seems similar too this one; https://forums.docker.com/t/cant-access-service-in-swarm/63876. My setup is a little bit different though and I haven't found a solution to my problem yet.
The minimal, reproducible example
Build a swarm cluster between atleast 3 Ubuntu 20.04 docker swarm managers.
Deploy a service docker service create --name test_web --replicas 3 --publish published=8080,target=80 nginxdemos/hello
Check that the containers and services were created properly and observe the failure of connecting to that service:
demi-ubu01:~/stacks$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d4a12a3c5448 nginxdemos/hello:latest "nginx -g 'daemon of…" About a minute ago Up About a minute 80/tcp test_web.2.yul33wdycarig3qoxnehgrjrz
demi-ubu01:~/stacks$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
0yqd7gvggwuh test_web replicated 3/3 nginxdemos/hello:latest *:8080->80/tcp
# External test:
demi-ubu01:~/stacks$ curl -I 10.100.4.5:8080
curl: (7) Failed to connect to 10.100.4.5 port 8080: Connection refused
# Inside container to published service port:
demi-ubu01:~/stacks$ docker exec -it d4a12a3c5448 wget http://test_web:8080
Connecting to test_web:8080 (10.0.4.2:8080)
wget: can't connect to remote host (10.0.4.2): Host is unreachable
# Inside container to apps exposed port:
demi-ubu01:~/stacks$ docker exec -it d4a12a3c5448 wget http://localhost:80
Connecting to localhost:80 (127.0.0.1:80)
index.html 100% |****************************| 7217 0:00:00 ETA
The expected result of the first curl command should be a Status 200 Ok.
The detailed report
My setup is 4 nodes in total. They are identical Ubuntu 20.04 KVM virtual machines all on the same network. There are no firewalls between them. I have 3 Managers and 1 Worker (which i've only added as a step during troubleshooting).
:~/stacks$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
kcm5v64psntjxngnqkfdj1jzh * demi-ubu01 Ready Active Reachable 20.10.1
uo3rljg6ax5qkjm898pyym9t1 demi-ubu02 Ready Active Leader 20.10.1
pysnl8sohdp4fv67gui156z4k demi-ubu03 Ready Active Reachable 20.10.1
rp2otsqpnxkgbmxbpkv21yjs6 demi-ubu04 Ready Active 20.10.1
I can run a container normally and reach it on the local host fine.
demi-ubu01:~/stacks$ docker run -p 8080:80 -d nginxdemos/hello
de4d0a937710acb1d6d8ae3b7eb9175860b6614dfd9ce92bc972efe619ae095f
demi-ubu01:~/stacks$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de4d0a937710 nginxdemos/hello "nginx -g 'daemon of…" 4 seconds ago Up 2 seconds 0.0.0.0:8080->80/tcp pedantic_wiles
demi-ubu01:~/stacks$ curl -I 10.100.4.5:8080
HTTP/1.1 200 OK
Server: nginx/1.13.8
Date: Sat, 19 Dec 2020 17:59:23 GMT
Content-Type: text/html
Connection: keep-alive
Expires: Sat, 19 Dec 2020 17:59:22 GMT
Cache-Control: no-cache
However the same app deployed as a service using the following compose file:
demi-ubu01:~/stacks$ cat test.yml
version: "3.6"
services:
web:
image: nginxdemos/hello:latest
deploy:
replicas: 3
resources:
limits:
cpus: "0.1"
memory: 50M
restart_policy:
condition: on-failure
ports:
- target: 80
published: 8080
protocol: tcp
mode: ingress
networks:
- webnet
networks:
webnet:
driver: overlay
It does not become reachable from any of the hosts at all:
demi-ubu01:~/stacks$ docker stack deploy -c test.yml test
Creating network test_webnet
Creating service test_web
demi-ubu01:~/stacks$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
05030ef897a1 nginxdemos/hello:latest "nginx -g 'daemon of…" 10 seconds ago Up 7 seconds 80/tcp test_web.1.kobrpkp68f2qbs4jhd6o8aebg
# Trying on all of the hosts in the cluster. No firewalls here.
demi-ubu01:~/stacks$ curl -I 10.100.4.5:8080
curl: (7) Failed to connect to 10.100.4.5 port 8080: Connection refused
demi-ubu01:~/stacks$ curl -I 10.100.4.9:8080
curl: (7) Failed to connect to 10.100.4.9 port 8080: Connection refused
demi-ubu01:~/stacks$ curl -I 10.100.4.10:8080
curl: (7) Failed to connect to 10.100.4.10 port 8080: Connection refused
demi-ubu01:~/stacks$ curl -I 10.100.4.11:8080
curl: (7) Failed to connect to 10.100.4.11 port 8080: Connection refused
demi-ubu01:~/stacks$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
elvfm7o4v4zo test_web replicated 3/3 nginxdemos/hello:latest *:8080->80/tcp
I also don't see any port bindings being made on those hosts at all, so it doesn't look like any ports are being published.
INeed2Poo#demi-ubu01:~/stacks$ docker service inspect test_web
[
## https://pastebin.com/WqqyDnVS ##
]
demi-ubu01:~/stacks$ netstat -na | grep LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:49152 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:24007 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
demi-ubu01:~/stacks$ docker network ls
NETWORK ID NAME DRIVER SCOPE
6e5f7e7cebc3 bridge bridge local
7a1155f87a62 docker_gwbridge bridge local
ab32da8ac1ec host host local
46id8wzw4ayf ingress overlay swarm
a24a40ef78f4 none null local
d9l7msysdx8m test_webnet overlay swarm
INeed2Poo#demi-ubu01:~/stacks$ docker network inspect 46id8wzw4ayf
[
https://pastebin.com/JPA0ZBjE
]
I also can't reach the service while exec'ed into a container for that service. Execing into a container, I'm able to hit the LOCAL app port, however I cannot hit the service by name. The container CAN resolve the service name.
## Testing the app's service from the local container fails:
demi-ubu01:~/stacks$ docker exec -it 05030ef897a1 wget http://test_web:8080
Connecting to test_web:8080 (10.0.4.2:8080)
wget: can't connect to remote host (10.0.4.2): Host is unreachable
## Testing the app's local port from the local container is sucessful:
demi-ubu01:~/stacks$ docker exec -it 05030ef897a1 wget http://localhost:80
Connecting to localhost:80 (127.0.0.1:80)
index.html 100% |****************************| 7217 0:00:00 ETA
demi-ubu01:~/stacks$ docker --version
Docker version 20.10.1, build 831ebea
I've changed the default-addr-pool for the swarm cluster from the original 10.0.0.0/8 network:
demi-ubu01:~$ docker info --format '{{json .Swarm.Cluster.DefaultAddrPool}}'
["10.135.0.0/16"]
I've gone and made sure that I'm not using any overlapping networks that might be causing this and have gone so far as to completely redeploy the cluster. I've just about exhausted all of my troubleshooting idea's. Any Idea's?
Edit: Update: I redeployed using Ubuntu 18.04 as my base image, and the same exact setup on that (deployed using ansible) seems to work fine... So this is an issue with the current version of Docker on Ubuntu 20.04.
Let me add my response from the docker forum here as well, as it is high likely the solution:
Is it safe to assume that 10.100.4.5 is one of your nodes ip?
The default address pool is 10.0.0.0/8, see: docker info --format '{{json .Swarm.Cluster.DefaultAddrPool}}'
If this is the case, you might find this blog post helpful - you can safely ignore that it refers to Docker EE, the problem and solution is valid for Docker CE as well. You need to alter default-addr-pool either when initiating the swarm or by modifying each node’s /etc/docker/daemon.json configuration file (and restart the daemon then).
I'm trying to run an application in Docker on an EC2 instance. It is two separate processes. I'm able to access the ports for process 1, but not process 2.
Process 1 listens on the following ports:
2008
8080
Process two listens on the these ports:
2021
8084
The security rules allow for all traffic to all ports from all origins:
Netstat shows both ports on process 2 are listening
netstat -an | grep 2021
tcp6 0 0 :::2021 :::* LISTEN
netstat -an | grep 8084
tcp6 0 0 :::8084 :::* LISTEN
The docker command opens all of the above ports:
docker run -ti --privileged=true -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 8080:8080 -p 2008:2008 -p 8084:8084 -p 2021:2021 myname/image_name /usr/sbin/init
There is no firewall process running.
Yet, a zenmap scan shows only ports 2008 and 8080 of the above four are listening - 2021 and 8084 don't show up.
Any ideas why this would be? I can't think of what else to look for.
I am new to Docker and learning from here: https://www.lynda.com/Docker-tutorials/Run-container-ports-volumes/576584/604557-4.html?org=mastercard.com
I already went through the link and reponse seem confusing : https://github.com/docker/compose/issues/3277
Error:
docker container run -d --name web -p 8080:8080 jboss/wildfly
4f75dcbf8a56262a22239b5ef146a475f7d877a1707392561bb9419542510478
docker: Error response from daemon: driver failed programming external connectivity on endpoint web (645121a4674ed37eaeefb46c2afcff6512477dba4dd98f93d4f8f5e40750f111): Error starting userland proxy: listen tcp 0.0.0.0:8080: bind: address already in use.
$ sudo netstat -nlp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 2527/dockerd
The part 8080/tcp is confusing to me and not sure why it's coming.
docker container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c65137b42e56 jboss/wildfly "/opt/jboss/wildfl..." 10 minutes ago Up 10 minutes 8080/tcp, 0.0.0.0:9090->9090/tcp web
If you are on mac try
docker container run -d --name web -p 127.0.0.1:8080:8080 jboss/wildfly
Good Luck
Daniel Farina