[CentOS] Docker swarm service misconfigured in FirewallD / CentOS 7

Thu Aug 13 08:49:00 UTC 2020
John Pierce <jhn.pierce at gmail.com>

Who packaged this docker swarm thing?


On Thu, Aug 13, 2020, 1:27 AM Nicolas Kovacs <info at microlinux.fr> wrote:

> Hi,
>
> I'm currently fiddling with Docker Swarm on three sandbox servers running
> CentOS 7.
>
> Unfortunately I couldn't get even the most basic configuration running.
> After
> some experimenting and investigating, it turns out there's a problem with
> FirewallD.
>
> Here's what I did first on every single node.
>
> # firewall-cmd --permanent --add-service=docker-swarm
> # firewall-cmd --reload
>
> I launched a simple web service like this:
>
> # docker service create --name web -p 80:80 nginx
>
> My three nodes appear correctly with 'docker node ls'.
>
> From here, I should be able to open the Nginx default web page in a web
> browser
> using any node's hostname.
>
> But nothing happens. No page is loaded.
>
> On a whim, I turned off FirewallD, and suddenly everything worked as
> expected.
>
> Now here's the list of ports that have to be open on every single node for
> Docker Swarm to work:
>
>   * 2376/tcp
>   * 2377/tcp
>   * 7946/tcp
>   * 7946/udp
>   * 4789/udp
>
> And here's what docker-swarm.xml looks like under CentOS 7:
>
> # cat /usr/lib/firewalld/services/docker-swarm.xml
> <?xml version="1.0" encoding="utf-8"?>
> <service>
>   <short>Docker integrated swarm mode</short>
>   <description>Natively managed cluster of Docker Engines (>=1.12.0),
> where you
> deploy services.</description>
>   <port port="2377" protocol="tcp"/>
>   <port port="7946" protocol="tcp"/>
>   <port port="7946" protocol="udp"/>
>   <port port="4789" protocol="udp"/>
>   <protocol value="esp"/>
> </service>
>
> So it looks like TCP port 2376 was forgotten in that service definition.
>
> I opened it up manually on every node:
>
> # firewall-cmd --permanent --add-port=2376/tcp
> # firewall-cmd --reload
>
> And now Docker Swarm works correctly.
>
> Cheers from the sunny South of France,
>
> Niki Kovacs
>
>
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : info at microlinux.fr
> Tél. : 04 66 63 10 32
> Mob. : 06 51 80 12 12
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>