I have a single node docker swarm which has just been created with docker swarm init.
I have a docker-stack.yml which contains the following deployment:
version: '3.3'
services:
website:
image: docker.pkg.github.com/foo/bar/bar:latest
ports:
- "80:80"
- "443:443"
environment:
HOST: bar.com
secrets:
- site.key
- site.cert
networks:
- foo-net
networks:
foo-net:
driver: overlay
external: true
secrets:
site.key:
external: true
site.cert:
external: true
First, I login into the registry and it tells me that the login was successful.
Second, I deploy the stack
$ docker stack deploy --with-registry-auth --compose-file docker-stack.yml foo
Creating service foo_bar
After that, the service is running and everything works as expected.
However, when I try to deploy a stack with the same command a second time (a few seconds later), it fails with the following message.
$ docker stack deploy --with-registry-auth --compose-file docker-stack.yml foo
Updating service foo_website (id: uvtqpdx74784dy9egj5i1c7sb)
image docker.pkg.github.com/foo/bar/bar:latest could not be accessed on a registry to record
its digest. Each node will access docker.pkg.github.com/foo/bar/bar:latest independently,
possibly leading to different nodes running different
versions of the image
Why does this happen?
All networks and secrets are created beforehand and my docker version is:
$ docker version
Client:
Version: 19.03.6
API version: 1.40
Go version: go1.12.17
Git commit: 369ce74a3c
Built: Fri Feb 28 23:45:43 2020
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 19.03.6
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: 369ce74a3c
Built: Wed Feb 19 01:06:16 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.3.3-0ubuntu1~18.04.2
GitCommit:
runc:
Version: spec: 1.0.1-dev
GitCommit:
docker-init:
Version: 0.18.0
GitCommit:
I appreciate any help!
Thanks
Related
I am using Maven to interpolate a docker compose file, in order to map the working directory in either Linux and Windows. Interpolation works as intended on both OSs.
In my local Windows environment, when running "docker compose up" I get both containers with the mapped volume (which already exists on the host machine), without specifying "volumes: " at top-level, only at service-level.
However, if I try to run the same setup in linux-based TeamCity, I get the following message "service "job_controller" refers to undefined volume path/to/target/classes: invalid compose project"
After checking others' answers from here, I've understood that I also have to specify "volumes:" at top-level, which I did at the bottom of the compose file.
Now, I am prompted with "volumes Additional property /opt/buildagent/work/9857567c5e342350/path/to/target/classes is not allowed"
name: Distributed
services:
create_database:
container_name: create_database
command:
- ./script.sh
- deployer
- -f
- ../config/product-mssql-v11.manifest.yaml
- drop-create-database-properties
image: alpine-3-corretto-11-wildfly-11.11.0-SNAPSHOT
networks:
- deploy
volumes:
- C:\\SourceCode\\Path\\to\\target/classes:/opt/product/config
healthcheck:
test: ["CMD", "/opt/product/script.sh", "deployer", "-f", "/opt/product/config/product-mssql-v11.manifest.yaml", "healthy"]
interval: 20s
timeout: 60s
retries: 5
job_controller:
container_name: job_controller
environment:
DEPLOYMENT_MANIFEST: /opt/product/config/main.manifest.yaml
PROPERTIES_FILE_NAME: /opt/product/config/risk-wildfly.properties
JAVA_OPTS: "-Xms1g -Xmx4g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=1g -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true"
ports:
- 8080:8080
image: alpine-3-corretto-11-wildfly-11.11.0-SNAPSHOT
volumes:
- C:\\SourceCode\\Path\\to\\target/classes:/opt/product/config
networks:
- deploy
depends_on:
create_database:
condition: service_completed_successfully
restart: on-failure
healthcheck:
test: ["CMD", "/opt/product/script.sh", "health-check", "--context-path","product"]
interval: 20s
timeout: 60s
retries: 5
networks:
deploy:
name: deploy
external: true
volumes:
C:\\SourceCode\\Path\\to\\target/classes:
external: true
Now, locally, if I try to run "docker compose up" with the "volumes: " specified at the bottom I get as well the same "volumes Additional property C:\SourceCode\Path\to\target/classes is not allowed"
If, instead of
volumes:
C:\\SourceCode\\Path\\to\\target/classes:
external: true
I use
volumes:
I get the "volumes: " must be a mapping.
So neither of this works.
C:\>docker compose version
Docker Compose version v2.10.2
C:\>docker-compose version
docker-compose version 1.29.2, build 5becea4c
docker-py version: 5.0.0
CPython version: 3.9.0
OpenSSL version: OpenSSL 1.1.1g 21 Apr 2020
C:\>docker version
Client:
Cloud integration: v1.0.29
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:09:02 2022
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Desktop 4.12.0 (85629)
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:01:23 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.8
GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
How can I run this successfully in both OSs considering the volume mapping?
If you want to map specific folder from host to docker container you don't need root section
volumes:
at all
It's used to create named volumes somewhere inside docker and reference them by name in volumes section of service definition (and across multiple docker-compose files if external flag is set)
There seems to be a discrepancy in the implementation between docker compose CLI command and docker-compose CLI. Although they follow the same specification for Compose.
Services
As a simple example, I have two compose files
docker-compose.hello-world.yml
version: '3.7'
services:
hello:
image: hello-world:nano-server
container_name: hello_world
docker-compose.base.yml
very simple base file
version: '3.7'
volumes:
dummy-vol:
I can override them using the -f flag as follows:
docker compose -f docker-compose.hello-world.yml -f docker-compose.base.yml config > docker-compose.yml
Discrepancy
If one uses the above command using the docker compose CLI in built in the Docker Engine:
docker compose -f docker-compose.hello-world.yml -f docker-compose.base.yml config
The resultant configuration generated is:
here test-con is just the name of the directory I have the files in
name: test-con
services:
hello:
container_name: hello_world
image: hello-world:nano-server
networks:
default: null
networks:
default:
name: test-con_default
However when using the docker-compose CLI,
docker-compose -f docker-compose.hello-world.yml -f docker-compose.base.yml config
generates the following output:
services:
hello:
container_name: hello_world
image: hello-world:nano-server
version: '3.7'
volumes:
test: {}
As you can see name key value is not generated with docker-compose.
Is there a way to suppress generating the name key-value from docker compose CLI?
System Specs
docker version
Client:
Version: 20.10.12
API version: 1.41
Go version: go1.17.5
Git commit: e91ed5707e
Built: Mon Dec 13 22:31:40 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.17.5
Git commit: 459d0dfbbb
Built: Mon Dec 13 22:30:43 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.6.1
GitCommit: 10f428dac7cec44c864e1b830a4623af27a9fc70.m
runc:
Version: 1.1.0
GitCommit: v1.1.0-0-g067aaf85
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker compose version
Docker Compose version 2.3.3
docker-compose version
docker-compose version 1.29.2, build unknown
docker-py version: 5.0.3
CPython version: 3.10.2
OpenSSL version: OpenSSL 1.1.1m 14 Dec 2021
This discrepancy is resolved when upgraded to v2.4.1 for docker.
Upon conducting the same test:
docker-compose -f docker-compose.hello-world.yml config > std.yml
as well as
docker compose -f docker-compose.hello-world.yml config > cli.yml
and checking to see if there is any difference using diff
diff std.yml cli.yml
now provides the same configuration in both tools
name: test-com
services:
hello:
container_name: hello_world
image: hello-world:nano-server
networks:
default: null
networks:
default:
name: test-com_default
<EDIT: Docker compose now recognizes and applies the the limits set for cpu and memory in the deploy key. so the below issue no longer applies.>
I'm fairly new to docker and I'm trying to run some minecraft containers, however they don't seem to be honoring the cpu limits I'm setting. As you can see in the commented out portions, i'v also tried using v3. No matter what limit I set, the container shows up to 400% cpu usage in docker stats. It is a 4cpu virtual machine hosted with Oracle, running Ubuntu.
Is there any other way to enforce this limit?
---
version: "2.4"
#version: "3.9"
services:
mc-cl:
container_name: mc-crimson
image: itzg/minecraft-server:java11
ports:
- 25566:25565
volumes:
- ./data:/data
environment:
- TYPE=PAPER
- VERSION=1.15.2
- EULA=TRUE
- MEMORY=1536M
- GID=1001
- UID=1001
- USE_AIKAR_FLAGS=true
cpus: 1
mem_limit: 3072M
mem_reservation: 3072M
# deploy:
# resources:
# limits:
# cpus: '1'
# memory: 3072M
# reservations:
# cpus: '0.5'
# memory: 3072M
restart: unless-stopped
If it's helpful, here's my docker version and docker compose version.
Client: Docker Engine - Community
Version: 20.10.12
API version: 1.41
Go version: go1.16.12
Git commit: e91ed57
Built: Mon Dec 13 11:44:28 2021
OS/Arch: linux/arm64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.12
Git commit: 459d0df
Built: Mon Dec 13 11:43:05 2021
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.4.12
GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Docker Compose version v2.2.2
So I've managed to fix my own issue. I had a thought, and so I did this by removing docker compose v2 (yaml v3) with
rm ~/.docker/cli-plugins/docker-compose
and installed docker-compose v1.25.0 from the repository with
apt install docker-compose -y
The limits are now being honored when running the container.
I cannot connect to a service running on docker swarm. The swarm seems ok because I can connect to other containers running on it. I running the service with docker stack deploy -c docker-compose.yaml nifi and the docker compose file is:
version: "3.3"
services:
registry:
image: apache/nifi-registry:0.3.0
ports:
- "18080:18080"
deploy:
replicas: 1
restart_policy:
condition: on-failure
When I run this without the swarm i.e. docker-compose -f docker-compose.yaml up it works fine and I can browse to it. When I run it with docker stack deploy -c docker-compose.yaml nifi I see the same log entries for the service but cannot browse to it.
$ docker version
Client:
Version: 18.03.1-ce
API version: 1.37
Go version: go1.9.5
Git commit: 9ee9f40
Built: Wed Jun 20 21:43:51 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm
Server:
Engine:
Version: 18.03.1-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.5
Git commit: 9ee9f40
Built: Wed Jun 20 21:42:00 2018
OS/Arch: linux/amd64
Experimental: false
Does anyone have suggestions for fixing or troubleshooting this?
In swarm
ports:
- "18080:18080"
will expose port on all swarm nodes and in case of use of the port on some of the nodes by another service you can have problems
you can expose port only on host with container
services:
registry:
ports:
- target: 18080
published: 18080
mode: host
I am using docker stack to deploy some services on a swarm network with two nodes . I created overlay network which I can see through
docker network ls but when I am trying to use that network in docker stack file I am continuously getting error Network undefined .
Here is my docker stack file
version: '3.4'
services:
orderer1st:
image: hyperledger/fabric-orderer:1.2.1
networks:
- fabricoverlay
ports:
- 7050:7050
environment:
- ORDERER_GENERAL_LOGLEVEL=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
command: orderer
volumes:
- ./channel-configuration/orderer.genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./msp:/var/hyperledger/orderer/msp
Am I doing something wrong here? I dont know why docker stack is been unable to pick overlay network
Docker Version:
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:24:56 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:21 2018
OS/Arch: linux/amd64
Experimental: false
You have to add the networks as root objects in the compose file so the service knows how to find it.
networks:
fabricoverlay:
external: true
Note that an easier option might be letting swarm create that network for your stack. Just remove the network references in the compose file, delete the manually created network, and deploy the stack. Docker will create it for you, one network per stack.