New subject: Docker swarm service misconfigured in FirewallD / CentOS 7

13 Aug 2020


      Hi,
I'm currently fiddling with Docker Swarm on three sandbox servers running
CentOS 7.
Unfortunately I couldn't get even the most basic configuration running. After
some experimenting and investigating, it turns out there's a problem with
FirewallD.
Here's what I did first on every single node.
# firewall-cmd --permanent --add-service=docker-swarm
# firewall-cmd --reload
I launched a simple web service like this:
# docker service create --name web -p 80:80 nginx
My three nodes appear correctly with 'docker node ls'.
...
From here, I should be able to open the Nginx default web page in a web browser
using any node's hostname.
But nothing happens. No page is loaded.
On a whim, I turned off FirewallD, and suddenly everything worked as expected.
Now here's the list of ports that have to be open on every single node for
Docker Swarm to work:
* 2376/tcp
  * 2377/tcp
  * 7946/tcp
  * 7946/udp
  * 4789/udp
And here's what docker-swarm.xml looks like under CentOS 7:
# cat /usr/lib/firewalld/services/docker-swarm.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Docker integrated swarm mode</short>
  <description>Natively managed cluster of Docker Engines (>=1.12.0), where you
deploy services.</description>
  <port port="2377" protocol="tcp"/>
  <port port="7946" protocol="tcp"/>
  <port port="7946" protocol="udp"/>
  <port port="4789" protocol="udp"/>
  <protocol value="esp"/>
</service>
So it looks like TCP port 2376 was forgotten in that service definition.
I opened it up manually on every node:
# firewall-cmd --permanent --add-port=2376/tcp
# firewall-cmd --reload
And now Docker Swarm works correctly.
Cheers from the sunny South of France,
Niki Kovacs
-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12