Nicolas Kovacs
2020-Aug-13 08:27 UTC
[CentOS] Docker swarm service misconfigured in FirewallD / CentOS 7
Hi, I'm currently fiddling with Docker Swarm on three sandbox servers running CentOS 7. Unfortunately I couldn't get even the most basic configuration running. After some experimenting and investigating, it turns out there's a problem with FirewallD. Here's what I did first on every single node. # firewall-cmd --permanent --add-service=docker-swarm # firewall-cmd --reload I launched a simple web service like this: # docker service create --name web -p 80:80 nginx My three nodes appear correctly with 'docker node ls'.>From here, I should be able to open the Nginx default web page in a web browserusing any node's hostname. But nothing happens. No page is loaded. On a whim, I turned off FirewallD, and suddenly everything worked as expected. Now here's the list of ports that have to be open on every single node for Docker Swarm to work: * 2376/tcp * 2377/tcp * 7946/tcp * 7946/udp * 4789/udp And here's what docker-swarm.xml looks like under CentOS 7: # cat /usr/lib/firewalld/services/docker-swarm.xml <?xml version="1.0" encoding="utf-8"?> <service> <short>Docker integrated swarm mode</short> <description>Natively managed cluster of Docker Engines (>=1.12.0), where you deploy services.</description> <port port="2377" protocol="tcp"/> <port port="7946" protocol="tcp"/> <port port="7946" protocol="udp"/> <port port="4789" protocol="udp"/> <protocol value="esp"/> </service> So it looks like TCP port 2376 was forgotten in that service definition. I opened it up manually on every node: # firewall-cmd --permanent --add-port=2376/tcp # firewall-cmd --reload And now Docker Swarm works correctly. Cheers from the sunny South of France, Niki Kovacs -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32 Mob. : 06 51 80 12 12
John Pierce
2020-Aug-13 08:49 UTC
[CentOS] Docker swarm service misconfigured in FirewallD / CentOS 7
Who packaged this docker swarm thing? On Thu, Aug 13, 2020, 1:27 AM Nicolas Kovacs <info at microlinux.fr> wrote:> Hi, > > I'm currently fiddling with Docker Swarm on three sandbox servers running > CentOS 7. > > Unfortunately I couldn't get even the most basic configuration running. > After > some experimenting and investigating, it turns out there's a problem with > FirewallD. > > Here's what I did first on every single node. > > # firewall-cmd --permanent --add-service=docker-swarm > # firewall-cmd --reload > > I launched a simple web service like this: > > # docker service create --name web -p 80:80 nginx > > My three nodes appear correctly with 'docker node ls'. > > From here, I should be able to open the Nginx default web page in a web > browser > using any node's hostname. > > But nothing happens. No page is loaded. > > On a whim, I turned off FirewallD, and suddenly everything worked as > expected. > > Now here's the list of ports that have to be open on every single node for > Docker Swarm to work: > > * 2376/tcp > * 2377/tcp > * 7946/tcp > * 7946/udp > * 4789/udp > > And here's what docker-swarm.xml looks like under CentOS 7: > > # cat /usr/lib/firewalld/services/docker-swarm.xml > <?xml version="1.0" encoding="utf-8"?> > <service> > <short>Docker integrated swarm mode</short> > <description>Natively managed cluster of Docker Engines (>=1.12.0), > where you > deploy services.</description> > <port port="2377" protocol="tcp"/> > <port port="7946" protocol="tcp"/> > <port port="7946" protocol="udp"/> > <port port="4789" protocol="udp"/> > <protocol value="esp"/> > </service> > > So it looks like TCP port 2376 was forgotten in that service definition. > > I opened it up manually on every node: > > # firewall-cmd --permanent --add-port=2376/tcp > # firewall-cmd --reload > > And now Docker Swarm works correctly. > > Cheers from the sunny South of France, > > Niki Kovacs > > > -- > Microlinux - Solutions informatiques durables > 7, place de l'?glise - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : info at microlinux.fr > T?l. : 04 66 63 10 32 > Mob. : 06 51 80 12 12 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >